last executing test programs: 2.790156172s ago: executing program 0 (id=519): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params]}, 0x1c}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x60, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0x8, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xfc}}, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)}}], 0x1, 0x24040890) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCSFLAGS1(r6, 0x40047459, &(0x7f00000000c0)=0x41) pwritev(r6, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd02000040", 0x42}], 0x1, 0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x34, 0x2, 0x3, 0x301, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x3f}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x7}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x1d}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 2.78959889s ago: executing program 0 (id=520): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x50, r2, 0x1, 0x470bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_SSID={0x4}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x5}, @key_params=[@NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x50}}, 0x880) (fail_nth: 4) 2.671122038s ago: executing program 0 (id=521): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = gettid() timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000000)=0x0) (async) r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) readv(r3, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1) (async) timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) r4 = dup2(r0, r0) bind$vsock_stream(r4, &(0x7f00000001c0)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) (async) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) (async) r6 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r6, 0x65, 0x2, &(0x7f0000000000)=0x929, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) bind$can_raw(r6, &(0x7f0000000040)={0x1d, r7}, 0x10) (async) close_range(r5, 0xffffffffffffffff, 0x0) (async) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b0000000", @ANYRES16=r8, @ANYBLOB="080026bd7000fedbdf25020000004400058008000700", @ANYRES32=0x0, @ANYBLOB="080006001000000014000400fc000000000000000000000000000001060005004e20000014000400000000000000000000000000000000010800020005000000080004000300000005000500020000000800040000f8ffff05000500870000000c000680060005004e200000080004000e0000001c0001800800030064010102060005004e2300000600010002000000"], 0xb0}, 0x1, 0x0, 0x0, 0x4000}, 0x20040080) r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000001d00), 0xffffffffffffffff) (async) r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) syz_open_procfs(0x0, &(0x7f0000000080)='net/mcfilter6\x00') bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x3f}, {{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0x7, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) r11 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000020001c9a2b317cedb1fe77d512ad0000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000500000000000000000000850000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r12}, 0x10) (async) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_pgetevents(r13, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180), 0x8}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b405000000000000611eb0000000000063010800000000009500090000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x52) (async) sendmsg$TIPC_CMD_SET_NODE_ADDR(r0, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000001d40)={0x24, r9, 0x401, 0x70bd2b, 0x25dfdbfc, {{}, {}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x2c004}, 0xc4) 2.670842585s ago: executing program 0 (id=522): r0 = socket$kcm(0x10, 0x400000002, 0x0) close(r0) sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r3, 0x800448d4, &(0x7f0000000000)={0x3, 0x2, "eb00", 0x9}) r4 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r5 = add_key$keyring(&(0x7f0000000400), &(0x7f0000000440)={'syz', 0x1}, 0x0, 0x0, r4) keyctl$update(0x2, r5, 0x0, 0x0) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r6, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1ff, 0x0, 0x2, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x4, 0x0, 0x0, 0x40], [0x0, 0x0, 0x3, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x809, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6], [0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb9d6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x20000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1009, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) ioctl$UI_DEV_CREATE(r6, 0x5501) r7 = gettid() timer_create(0x0, &(0x7f0000001640)={0x0, 0x21, 0x800000000004, @tid=r7}, 0x0) readv(r6, &(0x7f00000018c0)=[{0x0}, {&(0x7f0000001700)=""/221, 0xdd}], 0x2) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="5a0235d7", @ANYRES16=r2, @ANYBLOB="000329bd7000fcdbdf257000000008000300", @ANYRES32=r8, @ANYBLOB="0a00060008021100000000000a000600ffffffffffff00000a00060008021100000000000a0006000802110000010000"], 0x4c}, 0x1, 0x0, 0x0, 0xc851}, 0x20000020) 2.451211887s ago: executing program 2 (id=525): openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) r1 = socket$inet6(0xa, 0x1, 0x100) syz_usb_connect$cdc_ncm(0x1, 0xbe, &(0x7f00000003c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xac, 0x2, 0x1, 0xfc, 0x40, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, "9494"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x80, 0x9, 0x1}, {0x6, 0x24, 0x1a, 0x4, 0x2}, [@mdlm={0x15, 0x24, 0x12, 0x4}, @mdlm={0x15, 0x24, 0x12, 0x81}, @mdlm={0x15, 0x24, 0x12, 0x3}, @network_terminal={0x7, 0x24, 0xa, 0xe5, 0xb, 0x4, 0x8}, @mbim_extended={0x8, 0x24, 0x1c, 0x0, 0xb, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0xe, 0x3, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x36, 0xe1, 0xe7}}, {{0x9, 0x5, 0x3, 0x2, 0x18, 0xc, 0x2, 0xd}}}}}}}]}}, &(0x7f0000000700)={0x0, 0x0, 0x1c, &(0x7f00000004c0)={0x5, 0xf, 0x1c, 0x2, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "bf00e3a3826ae5ee3accf03448c1c7be"}]}, 0x2, [{0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x860}}, {0xef, &(0x7f0000000600)=@string={0xef, 0x3, "edeee91c985a1d18ad80fdae39ff316675b0dbeff431e032e22e441194c3b3988fd02ba1c39993b9f2e7d4089e7bf17ba3349dee4490e3bbc8ec407e0aecc9120d7531024e3b749f36040f75b0d9ec0fd750ad6c8fd19a19d4c5362e8fb854a1cc70b41eedaea292bb491874230fa184e129911be6d8cb7e4f4ecbe795f12181ae2c35c8479a70f014f526f66c743b9c59dba9f9bae17fd31533b13152fa3852c480eac0739d336a23f8301609040a7ff0070fdd4a7b0e0ab04191d0c4b30ab8bdccc92cc9d5fe626da0ce487baf7b09e486713781d25ab2e859af6a8926e0838b8f6018dc506aca3641a01b88"}}]}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f0000000100)=0xc) syz_usb_connect$printer(0x4, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x16, 0x20, 0x3a, [{{0x9, 0x4, 0x0, 0xf, 0x2, 0x7, 0x1, 0x2, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0xf, 0x80, 0x3}}}}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x201, 0xd, 0x80, 0xff, 0x48, 0x67}, 0xf, &(0x7f0000000180)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x7, 0xa3, 0x7}]}, 0x4, [{0x0, 0x0}, {0x41, &(0x7f0000000200)=@string={0x41, 0x3, "c1065a0436944ba8fcb919e48a0b7d533eba87ec1c06930046c27aefd74fe18d6c21210cbbeb9b7533f31dbb90a4ebd6871766ad7f2407a5959ccf5d43d939"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x1007}}, {0x1a, &(0x7f0000000300)=@string={0x1a, 0x3, "57fe8559f4de7a0dd821cab7ff09c4f386802a78bf604176"}}]}) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000280)={{0x2, 0x0, r2, 0x0, 0x0, 0x1a9, 0x3201}, 0x2, 0x10, 0x0, 0x0, 0x0, 0x0, 0x9}) 2.081741226s ago: executing program 3 (id=529): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params]}, 0x1c}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x60, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0x8, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xfc}}, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)}}], 0x1, 0x24040890) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCSFLAGS1(r6, 0x40047459, &(0x7f00000000c0)=0x41) pwritev(r6, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd02000040", 0x42}], 0x1, 0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x34, 0x2, 0x3, 0x301, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x3f}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x7}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x1d}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 2.079989425s ago: executing program 3 (id=530): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000080)={[{0x2b, 'cpu'}]}, 0x5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) bpf$MAP_CREATE(0x0, 0x0, 0x50) socketpair$unix(0x1, 0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='cpu.weight\x00', 0x2, 0x0) write$cgroup_int(r3, &(0x7f0000001140)=0x80000002, 0x12) 2.018913799s ago: executing program 3 (id=531): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x12, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[], 0xf4}}, 0x880) sendmsg$NLBL_MGMT_C_VERSION(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYBLOB="f8ba25bd7000fbdbdf2508000000080004000000000014000500000000000000000000000000000000010800040003000000"], 0x38}, 0x1, 0x0, 0x0, 0x8}, 0x60008800) r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000040)={'veth0_to_batadv\x00', {0x2, 0x4e20, @empty}}) recvmmsg(r0, &(0x7f0000000540)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x40, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd74) syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x707d, 0x0, 0x4, 0x288}, 0x0, &(0x7f0000000280)=0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[], 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00') socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1e, 0x1, 0x0) connect$tipc(r7, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000300)=ANY=[@ANYRES16=r3, @ANYBLOB, @ANYRESDEC=r6, @ANYBLOB, @ANYRES64=0x0], 0x20) write$binfmt_misc(r7, &(0x7f0000000080), 0x2000011a) accept4$inet(r7, 0x0, &(0x7f0000000180), 0x800) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0), 0x4c40, 0x0) 1.772555745s ago: executing program 0 (id=532): openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x400ad80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c) 1.201755822s ago: executing program 2 (id=536): r0 = socket$inet6(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001100a7cc5a8100ae541d002007000000", @ANYRES32=r2, @ANYBLOB="00000a00100000801c001a80080002802d03fa"], 0x44}, 0x1, 0x10000000}, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 1.201388474s ago: executing program 2 (id=537): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x1, @thr={0x0, 0x0}}, 0x0) r0 = syz_clone(0x2d042680, 0x0, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) timer_create(0x6, &(0x7f0000000000)={0x0, 0x19, 0x4, @tid=r0}, &(0x7f0000000040)=0x0) timer_delete(r1) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r2, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980282100f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4000980"], 0x21c}, 0x1, 0x0, 0x0, 0x24040010}, 0x0) fcntl$lock(r3, 0x24, &(0x7f0000000080)={0x2, 0x1, 0x80000000, 0x2, r0}) 991.707927ms ago: executing program 2 (id=538): socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x101, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x7ffffffffffffd9, 0x80) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) poll(0x0, 0x0, 0xffffffff) write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000d000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000040)=ANY=[], 0x1000f) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r3, 0x0, 0xe, 0x0, &(0x7f0000000000)="77844923fbde9d724bbda199f4d6", 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 991.1534ms ago: executing program 3 (id=539): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params]}, 0x1c}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x60, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0x8, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xfc}}, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)}}], 0x1, 0x24040890) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCSFLAGS1(r6, 0x40047459, &(0x7f00000000c0)=0x41) pwritev(r6, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd02000040", 0x42}], 0x1, 0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x34, 0x2, 0x3, 0x301, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x3f}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x7}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x1d}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 921.751741ms ago: executing program 3 (id=540): r0 = socket$kcm(0x10, 0x400000002, 0x0) close(r0) sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r3, 0x800448d4, &(0x7f0000000000)={0x3, 0x2, "eb00", 0x9}) r4 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r5 = add_key$keyring(&(0x7f0000000400), &(0x7f0000000440)={'syz', 0x1}, 0x0, 0x0, r4) keyctl$update(0x2, r5, 0x0, 0x0) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r6, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1ff, 0x0, 0x2, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x4, 0x0, 0x0, 0x40], [0x0, 0x0, 0x3, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x809, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6], [0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb9d6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x20000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1009, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) ioctl$UI_DEV_CREATE(r6, 0x5501) r7 = gettid() timer_create(0x0, &(0x7f0000001640)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) readv(r6, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="5a0235d7", @ANYRES16=r2, @ANYBLOB="000329bd7000fcdbdf257000000008000300", @ANYRES32=r8, @ANYBLOB="0a00060008021100000000000a000600ffffffffffff00000a00060008021100000000000a0006000802110000010000"], 0x4c}, 0x1, 0x0, 0x0, 0xc851}, 0x20000020) 921.342098ms ago: executing program 3 (id=541): socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newtaction={0x128, 0x30, 0x1, 0x0, 0x0, {}, [{0x114, 0x1, [@m_ct={0x44, 0x1f, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0xcc, 0x101, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x87, 0x6, "6b4ed6957f2d66fba364aecd1a8694ecb583b1a8997ffb2a551f23225118087b4f303b849ff6e9a3db7e912a1a5790df88efc888cc9dd3fbf59299fa4ac985b5e7c1cccc37232443b72b64e0fd1ed52a17c71bcba85a074ba4d8343fb402e5e6a2b343e85a9c83b1e133058bfaac2c520784515acf141ead51735e882d269a5a5ebf4a"}, {0xc}, {0xc}}}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) read$char_usb(r1, &(0x7f00000022c0)=""/171, 0xab) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f0000000080)={0x3, 0xc}, 0x2) bind$bt_l2cap(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x7ffffffffffffd9, 0x80) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000000c0)={0x0, @broadcast, @initdev}, &(0x7f0000000100)=0xc) getsockopt$bt_hci(r1, 0x0, 0x2, &(0x7f0000000340)=""/111, &(0x7f0000000180)=0x6f) poll(0x0, 0x0, 0xffffffff) write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0) gettid() bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000d000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000040)=ANY=[], 0x1000f) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r5, 0x0, 0xe, 0x0, &(0x7f0000000000)="77844923fbde9d724bbda199f4d6", 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 478.635248ms ago: executing program 1 (id=543): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c) listen(r1, 0x6) syz_emit_ethernet(0x5e, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x28, 0x6, 0x0, @local, @local, {[], {{0x80, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@sack={0x1d, 0x12, [0x0, 0x0, 0x0, 0x5]}]}}}}}}}}, 0x0) (fail_nth: 4) 478.24885ms ago: executing program 0 (id=544): openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) r1 = socket$inet6(0xa, 0x1, 0x100) syz_usb_connect$cdc_ncm(0x1, 0xbe, &(0x7f00000003c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xac, 0x2, 0x1, 0xfc, 0x40, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, "9494"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x80, 0x9, 0x1}, {0x6, 0x24, 0x1a, 0x4, 0x2}, [@mdlm={0x15, 0x24, 0x12, 0x4}, @mdlm={0x15, 0x24, 0x12, 0x81}, @mdlm={0x15, 0x24, 0x12, 0x3}, @network_terminal={0x7, 0x24, 0xa, 0xe5, 0xb, 0x4, 0x8}, @mbim_extended={0x8, 0x24, 0x1c, 0x0, 0xb, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0xe, 0x3, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x36, 0xe1, 0xe7}}, {{0x9, 0x5, 0x3, 0x2, 0x18, 0xc, 0x2, 0xd}}}}}}}]}}, &(0x7f0000000700)={0x0, 0x0, 0x1c, &(0x7f00000004c0)={0x5, 0xf, 0x1c, 0x2, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "bf00e3a3826ae5ee3accf03448c1c7be"}]}, 0x2, [{0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x860}}, {0xef, &(0x7f0000000600)=@string={0xef, 0x3, "edeee91c985a1d18ad80fdae39ff316675b0dbeff431e032e22e441194c3b3988fd02ba1c39993b9f2e7d4089e7bf17ba3349dee4490e3bbc8ec407e0aecc9120d7531024e3b749f36040f75b0d9ec0fd750ad6c8fd19a19d4c5362e8fb854a1cc70b41eedaea292bb491874230fa184e129911be6d8cb7e4f4ecbe795f12181ae2c35c8479a70f014f526f66c743b9c59dba9f9bae17fd31533b13152fa3852c480eac0739d336a23f8301609040a7ff0070fdd4a7b0e0ab04191d0c4b30ab8bdccc92cc9d5fe626da0ce487baf7b09e486713781d25ab2e859af6a8926e0838b8f6018dc506aca3641a01b88"}}]}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f0000000100)=0xc) syz_usb_connect$printer(0x4, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x16, 0x20, 0x3a, [{{0x9, 0x4, 0x0, 0xf, 0x2, 0x7, 0x1, 0x2, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0xf, 0x80, 0x3}}}}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x201, 0xd, 0x80, 0xff, 0x48, 0x67}, 0xf, &(0x7f0000000180)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x7, 0xa3, 0x7}]}, 0x4, [{0x0, 0x0}, {0x41, &(0x7f0000000200)=@string={0x41, 0x3, "c1065a0436944ba8fcb919e48a0b7d533eba87ec1c06930046c27aefd74fe18d6c21210cbbeb9b7533f31dbb90a4ebd6871766ad7f2407a5959ccf5d43d939"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x1007}}, {0x1a, &(0x7f0000000300)=@string={0x1a, 0x3, "57fe8559f4de7a0dd821cab7ff09c4f386802a78bf604176"}}]}) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000280)={{0x2, 0x0, r2, 0x0, 0x0, 0x1a9, 0x3201}, 0x2, 0x10, 0x0, 0x0, 0x0, 0x0, 0x9}) 391.607721ms ago: executing program 1 (id=545): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c) listen(r1, 0x6) r2 = syz_io_uring_complete(0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0xfffffffd, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x8}, 0x1c) syz_emit_ethernet(0x5e, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x28, 0x6, 0x0, @local, @local, {[], {{0x80, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@sack={0x1d, 0x12, [0x0, 0x0, 0x0, 0x5]}]}}}}}}}}, 0x0) 391.391293ms ago: executing program 1 (id=546): r0 = socket$inet6(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001100a7cc5a8100ae541d002007000000", @ANYRES32=r2, @ANYBLOB="00000a00100000801c001a80080002802d03fa"], 0x44}, 0x1, 0x10000000}, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 388.842458ms ago: executing program 1 (id=547): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) keyctl$clear(0x11, 0xfffffffffffffffd) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) mount$9p_virtio(0x0, 0x0, 0x0, 0x8008, 0x0) (async) mount$9p_virtio(0x0, 0x0, 0x0, 0x8008, 0x0) getpid() (async) r4 = getpid() r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) (async) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x1c, r7, 0x1, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) (async) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) (async) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) (async) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58) r9 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x4a65, 0x0, 0x3}, &(0x7f0000000340)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r8, 0x0, 0x0, 0x0, 0x80800}) (async) syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r8, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r9, 0x3516, 0xc2de, 0x8, 0x0, 0x0) (async) io_uring_enter(r9, 0x3516, 0xc2de, 0x8, 0x0, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x28, r2, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x4, 0x42}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x44000}, 0x20040010) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000400)) r12 = syz_io_uring_setup(0x1066, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000040), &(0x7f0000000280)) io_uring_enter(r12, 0x47f5, 0x0, 0x0, 0x0, 0x0) (async) io_uring_enter(r12, 0x47f5, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r12, 0x9, 0x0, 0x0) 116.701687ms ago: executing program 1 (id=548): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params]}, 0x1c}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x60, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0x8, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xfc}}, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)=[{0x0}], 0x1}}], 0x1, 0x24040890) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCSFLAGS1(r6, 0x40047459, &(0x7f00000000c0)=0x41) pwritev(r6, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd02000040", 0x42}], 0x1, 0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x34, 0x2, 0x3, 0x301, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x3f}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x7}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x1d}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 116.294567ms ago: executing program 1 (id=549): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x12, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB="f40700c1000000fd9fff15d7d500"/23, @ANYRES16], 0xf4}}, 0x880) sendmsg$NLBL_MGMT_C_VERSION(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYBLOB="f8ba25bd7000fbdbdf2508000000080004000000000014000500000000000000000000000000000000010800040003000000"], 0x38}, 0x1, 0x0, 0x0, 0x8}, 0x60008800) r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000040)={'veth0_to_batadv\x00', {0x2, 0x4e20, @empty}}) recvmmsg(r0, &(0x7f0000000540)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x40, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd74) syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x707d, 0x0, 0x4, 0x288}, 0x0, &(0x7f0000000280)=0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[], 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00') socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1e, 0x1, 0x0) connect$tipc(r7, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000300)=ANY=[@ANYRES16=r3, @ANYBLOB, @ANYRESDEC=r6, @ANYBLOB, @ANYRES64=0x0], 0x20) write$binfmt_misc(r7, &(0x7f0000000080), 0x2000011a) accept4$inet(r7, 0x0, &(0x7f0000000180), 0x800) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0), 0x4c40, 0x0) 62.757594ms ago: executing program 2 (id=550): r0 = socket$kcm(0x10, 0x400000002, 0x0) close(r0) sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r3, 0x800448d4, &(0x7f0000000000)={0x3, 0x2, "eb00", 0x9}) r4 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r5 = add_key$keyring(&(0x7f0000000400), &(0x7f0000000440)={'syz', 0x1}, 0x0, 0x0, r4) keyctl$update(0x2, r5, 0x0, 0x0) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r6, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1ff, 0x0, 0x2, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x4, 0x0, 0x0, 0x40], [0x0, 0x0, 0x3, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x809, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6], [0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb9d6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x20000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1009, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) ioctl$UI_DEV_CREATE(r6, 0x5501) r7 = gettid() timer_create(0x0, &(0x7f0000001640)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) readv(r6, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="5a0235d7", @ANYRES16=r2, @ANYBLOB="000329bd7000fcdbdf257000000008000300", @ANYRES32=r8, @ANYBLOB="0a00060008021100000000000a000600ffffffffffff00000a00060008021100000000000a0006000802110000010000"], 0x4c}, 0x1, 0x0, 0x0, 0xc851}, 0x20000020) 0s ago: executing program 2 (id=551): r0 = syz_open_procfs(0x0, &(0x7f0000001380)) getdents(r0, &(0x7f0000002000)=""/4096, 0x1000) read$FUSE(r0, &(0x7f000000acc0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r2 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f000000cf80)={0x6, 0x1b, &(0x7f0000001800)=ANY=[@ANYBLOB="18010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000090000008500000006004000186500000f000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800006d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000820000002d9280000000000018120000", @ANYRES32=r0, @ANYRES16=r1, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\b\x00\x00\x00'], &(0x7f000000cdc0)='syzkaller\x00', 0x4, 0xc4, &(0x7f0000001700)=""/196, 0x41100, 0x12, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f000000cec0)={0x3, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f000000cf00)=[r0, r0, 0xffffffffffffffff, r0, r0, r0, r0, r0, r0], &(0x7f000000cf40)=[{0x0, 0x4, 0x0, 0x4}, {0x3, 0x2, 0x5, 0x1}], 0x10, 0x5b83, @void, @value}, 0x94) socket$inet(0x2, 0x4000000000000001, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000c000) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x4, 0x9, 0x41495043, 0x9, 0x5, [{0x1, 0xb}, {0x3, 0x9}, {0x3, 0x3ff}, {0x8, 0x7a25}, {}, {0xffff, 0xffff8000}, {0x7, 0x4}, {0x4, 0x10000}], 0xa, 0x7f, 0x4, 0x0, 0x1}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) openat$tun(0xffffff9c, 0x0, 0x2401, 0x0) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x4, 0x6, @broadcast}, 0x14) r4 = openat(r2, &(0x7f0000000000)='./file1\x00', 0x52dc2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r5, 0x0, 0x2b, &(0x7f0000000340)={0x400, {{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x25}}}, {{0x2, 0x0, @broadcast}}}, 0x108) getsockopt$inet_buf(r5, 0x0, 0x30, &(0x7f0000000340)=""/223, &(0x7f0000000180)=0xdf) socket$nl_generic(0x10, 0x3, 0x10) ftruncate(r4, 0x8800000) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(streebog256-generic,pcbc(fcrypt-generic))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000300)="09000000f5e57aa04e", 0x9) kernel console output (not intermixed with test programs): sses unique to avoid problems! [ 48.591726][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.596063][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.599534][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.601647][ T5957] veth0_vlan: entered promiscuous mode [ 48.606224][ T5961] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.608656][ T5961] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.611046][ T5961] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.613429][ T5961] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.617426][ T5950] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.620528][ T5950] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.623581][ T5950] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.626825][ T5950] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.649028][ T5957] veth1_vlan: entered promiscuous mode [ 48.649082][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.653110][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.693396][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.697627][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.703842][ T5957] veth0_macvtap: entered promiscuous mode [ 48.713616][ T5949] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.714587][ T5957] veth1_macvtap: entered promiscuous mode [ 48.721882][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.724049][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.739640][ T96] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.741871][ T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.749463][ T5957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.752327][ T5957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.756618][ T5957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.759419][ T5957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.762086][ T5957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.765451][ T5957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.768954][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.783099][ T5957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.785719][ T6011] input: syz0 as /devices/virtual/input/input5 [ 48.787371][ T5957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.791970][ T5957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.796360][ T5957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.800048][ T5957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.803950][ T5957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.809325][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.814186][ T96] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.814750][ T5957] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.817115][ T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.818689][ T5957] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.823131][ T5957] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.826174][ T5957] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.876876][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.878861][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.900907][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.903394][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.925807][ T6020] Zero length message leads to an empty skb [ 49.214685][ T10] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 49.363248][ T6031] syz.3.5 uses obsolete (PF_INET,SOCK_PACKET) [ 49.374860][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 49.379799][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 49.382778][ T10] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 49.387854][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.394067][ T10] usb 7-1: config 0 descriptor?? [ 49.602482][ T10] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 49.808548][ T5990] usb 7-1: USB disconnect, device number 2 [ 50.069298][ T6041] 9pnet_virtio: no channels available for device syz [ 50.104758][ T5962] Bluetooth: hci0: command tx timeout [ 50.104779][ T5956] Bluetooth: hci1: command tx timeout [ 50.106299][ T5965] Bluetooth: hci3: command tx timeout [ 50.107777][ T5956] Bluetooth: hci2: command tx timeout [ 51.174630][ T6062] QAT: failed to copy from user cfg_data. [ 51.285168][ T6058] process 'syz.2.12' launched './file1' with NULL argv: empty string added [ 51.286150][ T6061] QAT: failed to copy from user cfg_data. [ 51.323010][ T6064] input: syz0 as /devices/virtual/input/input6 [ 52.194891][ T5965] Bluetooth: hci2: command tx timeout [ 52.195025][ T5953] Bluetooth: hci1: command tx timeout [ 52.195050][ T5956] Bluetooth: hci0: command tx timeout [ 52.197631][ T5962] Bluetooth: hci3: command tx timeout [ 52.963245][ T6092] 9pnet_virtio: no channels available for device syz [ 53.644910][ T6114] QAT: failed to copy from user cfg_data. [ 54.265970][ T5962] Bluetooth: hci1: command tx timeout [ 54.265991][ T5953] Bluetooth: hci0: command tx timeout [ 54.268127][ T5962] Bluetooth: hci2: command tx timeout [ 54.269691][ T5953] Bluetooth: hci3: command tx timeout [ 54.509226][ T6128] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 55.512945][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 55.564970][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.567826][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.570468][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.615303][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 55.618557][ T40] audit: type=1326 audit(1744273691.851:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.1.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 55.628206][ T40] audit: type=1326 audit(1744273691.851:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.1.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 55.634699][ T40] audit: type=1326 audit(1744273691.861:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.1.36" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 55.640532][ T40] audit: type=1326 audit(1744273691.861:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.1.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 55.647619][ T40] audit: type=1326 audit(1744273691.861:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.1.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 55.653925][ T40] audit: type=1326 audit(1744273691.871:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.1.36" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 55.661114][ T40] audit: type=1326 audit(1744273691.871:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.1.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 55.667119][ T40] audit: type=1326 audit(1744273691.871:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.1.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 55.672900][ T40] audit: type=1326 audit(1744273691.871:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.1.36" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 55.678946][ T40] audit: type=1326 audit(1744273691.871:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.1.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 55.715340][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.717767][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 55.717945][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 55.722890][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.725479][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.826119][ T6151] input: syz0 as /devices/virtual/input/input7 [ 58.320649][ T6211] QAT: failed to copy from user cfg_data. [ 59.438298][ T6247] 9pnet_virtio: no channels available for device syz [ 60.546530][ T6275] QAT: failed to copy from user cfg_data. [ 61.321172][ T6299] QAT: failed to copy from user cfg_data. [ 62.590969][ T6320] QAT: failed to copy from user cfg_data. [ 63.880724][ T6350] QAT: failed to copy from user cfg_data. [ 63.996880][ T6344] QAT: failed to copy from user cfg_data. [ 64.455586][ T6357] QAT: failed to copy from user cfg_data. [ 64.850154][ T6369] QAT: failed to copy from user cfg_data. [ 65.250492][ T6379] QAT: failed to copy from user cfg_data. [ 65.662561][ T6390] input: syz0 as /devices/virtual/input/input8 [ 65.713939][ T6392] input: syz0 as /devices/virtual/input/input9 [ 67.314679][ T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 67.466108][ T24] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 67.468517][ T24] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 67.471252][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 67.473761][ T24] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 67.477040][ T24] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 67.481216][ T24] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 67.483661][ T24] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 67.486068][ T24] usb 5-1: Product: syz [ 67.487336][ T24] usb 5-1: Manufacturer: syz [ 67.493093][ T24] cdc_wdm 5-1:1.0: skipping garbage [ 67.494997][ T24] cdc_wdm 5-1:1.0: skipping garbage [ 67.497596][ T24] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 67.499261][ T24] cdc_wdm 5-1:1.0: Unknown control protocol [ 67.698947][ T6428] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.701588][ T6428] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.708157][ T24] usb 5-1: USB disconnect, device number 2 [ 68.324618][ T6470] input: syz0 as /devices/virtual/input/input10 [ 69.014698][ T24] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 69.146310][ T24] usb 7-1: device descriptor read/64, error -71 [ 69.394674][ T24] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 69.524710][ T24] usb 7-1: device descriptor read/64, error -71 [ 69.635850][ T24] usb usb7-port1: attempt power cycle [ 69.974675][ T24] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 69.995686][ T24] usb 7-1: device descriptor read/8, error -71 [ 70.234675][ T24] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 70.255343][ T24] usb 7-1: device descriptor read/8, error -71 [ 70.364679][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 70.365278][ T24] usb usb7-port1: unable to enumerate USB device [ 70.526318][ T10] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 70.529608][ T10] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 70.533401][ T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 70.536889][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 70.540969][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 70.546732][ T10] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 70.550142][ T10] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 70.553180][ T10] usb 5-1: Product: syz [ 70.554735][ T10] usb 5-1: Manufacturer: syz [ 70.575251][ T10] cdc_wdm 5-1:1.0: skipping garbage [ 70.577292][ T10] cdc_wdm 5-1:1.0: skipping garbage [ 70.581138][ T10] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 70.583432][ T10] cdc_wdm 5-1:1.0: Unknown control protocol [ 70.747673][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.749698][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.779693][ T6486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 70.784095][ T6486] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 70.815800][ T10] usb 5-1: USB disconnect, device number 3 [ 71.282904][ T6502] input: syz0 as /devices/virtual/input/input11 [ 72.550776][ T6525] QAT: failed to copy from user cfg_data. [ 72.842776][ T6521] QAT: failed to copy from user cfg_data. [ 73.434681][ T6040] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 73.470610][ T6549] QAT: failed to copy from user cfg_data. [ 73.586282][ T6040] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 73.589618][ T6040] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 73.593194][ T6040] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 73.596421][ T6040] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 73.599391][ T6040] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 73.603606][ T6040] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 73.606197][ T6040] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 73.608395][ T6040] usb 7-1: Product: syz [ 73.609553][ T6040] usb 7-1: Manufacturer: syz [ 73.615981][ T6040] cdc_wdm 7-1:1.0: skipping garbage [ 73.617464][ T6040] cdc_wdm 7-1:1.0: skipping garbage [ 73.620226][ T6040] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 73.622153][ T6040] cdc_wdm 7-1:1.0: Unknown control protocol [ 73.819334][ T6539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 73.822736][ T6539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 73.828195][ T10] usb 7-1: USB disconnect, device number 7 [ 76.203805][ T6580] QAT: failed to copy from user cfg_data. [ 76.637134][ T6596] input: syz0 as /devices/virtual/input/input12 [ 77.114622][ T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 77.265793][ T10] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 77.270823][ T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 77.273432][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.276133][ T10] usb 5-1: Product: syz [ 77.277482][ T10] usb 5-1: Manufacturer: syz [ 77.278779][ T10] usb 5-1: SerialNumber: syz [ 77.486477][ T10] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 77.624716][ T9] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 77.687378][ T10] usb 5-1: USB disconnect, device number 4 [ 77.824976][ T9] usb 7-1: device descriptor read/64, error -71 [ 77.888964][ T40] kauditd_printk_skb: 210 callbacks suppressed [ 77.888975][ T40] audit: type=1326 audit(1744273714.121:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6600 comm="syz.0.169" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f04579 code=0x0 [ 77.940388][ T6615] usblp0: removed [ 78.064617][ T9] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 78.204626][ T9] usb 7-1: device descriptor read/64, error -71 [ 78.325204][ T9] usb usb7-port1: attempt power cycle [ 78.664684][ T9] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 78.684995][ T9] usb 7-1: device descriptor read/8, error -71 [ 78.925671][ T9] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 78.945214][ T9] usb 7-1: device descriptor read/8, error -71 [ 79.054850][ T9] usb usb7-port1: unable to enumerate USB device [ 79.692583][ T6628] QAT: failed to copy from user cfg_data. [ 80.327443][ T6635] netlink: 32 bytes leftover after parsing attributes in process `syz.3.180'. [ 80.973087][ T6654] netlink: 8 bytes leftover after parsing attributes in process `syz.0.186'. [ 80.984680][ T6040] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 80.988717][ T29] cfg80211: failed to load regulatory.db [ 81.146059][ T6040] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 81.148482][ T6040] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 81.151343][ T6040] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 81.153817][ T6040] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 81.156927][ T6040] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 81.161254][ T6040] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 81.163816][ T6040] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 81.166139][ T6040] usb 6-1: Product: syz [ 81.167358][ T6040] usb 6-1: Manufacturer: syz [ 81.171238][ T6040] cdc_wdm 6-1:1.0: skipping garbage [ 81.172782][ T6040] cdc_wdm 6-1:1.0: skipping garbage [ 81.175199][ T6040] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 81.176905][ T6040] cdc_wdm 6-1:1.0: Unknown control protocol [ 81.321486][ T6661] QAT: failed to copy from user cfg_data. [ 81.380430][ T6652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 81.386506][ T6652] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 81.402532][ T9] usb 6-1: USB disconnect, device number 2 [ 81.542759][ T6673] pim6reg: entered allmulticast mode [ 81.545684][ T6673] pim6reg: left allmulticast mode [ 82.345684][ T6686] 9pnet_virtio: no channels available for device syz [ 82.807008][ T6701] QAT: failed to copy from user cfg_data. [ 83.485503][ T65] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 83.637131][ T65] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 83.639615][ T65] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 83.642463][ T65] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 83.645529][ T65] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 83.648856][ T65] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 83.653203][ T65] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 83.655911][ T65] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 83.658119][ T65] usb 6-1: Product: syz [ 83.659409][ T65] usb 6-1: Manufacturer: syz [ 83.663538][ T65] cdc_wdm 6-1:1.0: skipping garbage [ 83.665383][ T65] cdc_wdm 6-1:1.0: skipping garbage [ 83.667984][ T65] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 83.669889][ T65] cdc_wdm 6-1:1.0: Unknown control protocol [ 83.865344][ T6707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.868250][ T6707] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.871643][ T65] usb 6-1: USB disconnect, device number 3 [ 84.935241][ T6741] 9pnet_virtio: no channels available for device syz [ 84.999979][ T6735] QAT: failed to copy from user cfg_data. [ 85.974629][ T65] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 86.126398][ T65] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 86.128788][ T65] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 86.131822][ T65] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 86.134274][ T65] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 86.137317][ T65] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 86.141429][ T65] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 86.143901][ T65] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 86.146217][ T65] usb 7-1: Product: syz [ 86.147383][ T65] usb 7-1: Manufacturer: syz [ 86.151411][ T65] cdc_wdm 7-1:1.0: skipping garbage [ 86.152878][ T65] cdc_wdm 7-1:1.0: skipping garbage [ 86.155411][ T65] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 86.157008][ T65] cdc_wdm 7-1:1.0: Unknown control protocol [ 86.351907][ T6755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 86.358768][ T6755] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.362011][ T24] usb 7-1: USB disconnect, device number 12 [ 86.732250][ T6773] 9pnet_virtio: no channels available for device syz [ 86.874657][ T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 87.024607][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 87.027368][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 87.030148][ T10] usb 5-1: config 0 has no interfaces? [ 87.031683][ T10] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 87.034125][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.037964][ T10] usb 5-1: config 0 descriptor?? [ 87.077296][ T6775] 9pnet_virtio: no channels available for device syz [ 88.530398][ T6824] input: syz0 as /devices/virtual/input/input14 [ 88.905153][ T6842] QAT: failed to copy from user cfg_data. [ 89.638302][ T24] usb 5-1: USB disconnect, device number 5 [ 90.054996][ T6866] input: syz0 as /devices/virtual/input/input15 [ 90.159530][ T6860] 9pnet_virtio: no channels available for device syz [ 90.801025][ T6878] QAT: failed to copy from user cfg_data. [ 91.043305][ T6883] input: syz0 as /devices/virtual/input/input16 [ 91.256482][ T6888] QAT: failed to copy from user cfg_data. [ 91.972065][ T5965] Bluetooth: hci3: link tx timeout [ 91.973668][ T5965] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 91.977129][ T5953] Bluetooth: hci3: link tx timeout [ 91.978555][ T5953] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 91.980503][ T5953] Bluetooth: hci3: link tx timeout [ 91.981895][ T5953] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 92.238711][ T6912] QAT: failed to copy from user cfg_data. [ 92.636769][ T6921] QAT: failed to copy from user cfg_data. [ 93.000809][ T6927] pim6reg: entered allmulticast mode [ 93.002266][ T6928] FAULT_INJECTION: forcing a failure. [ 93.002266][ T6928] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 93.007429][ T6928] CPU: 2 UID: 0 PID: 6928 Comm: syz.1.272 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 93.007443][ T6928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.007449][ T6928] Call Trace: [ 93.007453][ T6928] [ 93.007457][ T6928] dump_stack_lvl+0x16c/0x1f0 [ 93.007476][ T6928] should_fail_ex+0x512/0x640 [ 93.007490][ T6928] should_fail_alloc_page+0xe7/0x130 [ 93.007502][ T6928] prepare_alloc_pages+0x3c2/0x610 [ 93.007514][ T6928] ? stack_depot_save_flags+0x28/0xa50 [ 93.007527][ T6928] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 93.007542][ T6928] ? kasan_save_stack+0x42/0x60 [ 93.007556][ T6928] ? kasan_save_stack+0x33/0x60 [ 93.007568][ T6928] ? kasan_save_track+0x14/0x30 [ 93.007581][ T6928] ? __kasan_slab_alloc+0x89/0x90 [ 93.007604][ T6928] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 93.007619][ T6928] ? ptlock_alloc+0x1f/0x70 [ 93.007631][ T6928] ? pte_alloc_one+0x6d/0x380 [ 93.007643][ T6928] ? __pte_alloc+0x6d/0x3c0 [ 93.007652][ T6928] ? do_pte_missing+0x2925/0x3fb0 [ 93.007664][ T6928] ? __handle_mm_fault+0x103d/0x2a40 [ 93.007676][ T6928] ? handle_mm_fault+0x3fe/0xad0 [ 93.007688][ T6928] ? __get_user_pages+0x771/0x36f0 [ 93.007699][ T6928] ? __gup_longterm_locked+0x20d/0x1850 [ 93.007710][ T6928] ? gup_fast_fallback+0x183d/0x2650 [ 93.007722][ T6928] ? pin_user_pages_fast+0xa7/0xf0 [ 93.007733][ T6928] ? iov_iter_extract_pages+0x3a2/0x2000 [ 93.007745][ T6928] ? extract_iter_to_sg+0xf6e/0x2090 [ 93.007753][ T6928] ? hash_sendmsg+0x43e/0xfb0 [ 93.007769][ T6928] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 93.007783][ T6928] ? __do_fast_syscall_32+0x73/0x120 [ 93.007797][ T6928] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 93.007810][ T6928] ? look_up_lock_class+0x6b/0x150 [ 93.007826][ T6928] ? __lock_acquire+0x5ca/0x1ba0 [ 93.007836][ T6928] ? __lock_acquire+0xaa4/0x1ba0 [ 93.007844][ T6928] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 93.007856][ T6928] ? policy_nodemask+0xea/0x4e0 [ 93.007866][ T6928] alloc_pages_mpol+0x1fb/0x550 [ 93.007875][ T6928] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 93.007883][ T6928] ? page_table_check_set+0x96f/0xb50 [ 93.007902][ T6928] alloc_pages_noprof+0x131/0x390 [ 93.007911][ T6928] pte_alloc_one+0x19/0x380 [ 93.007923][ T6928] __pte_alloc+0x6d/0x3c0 [ 93.007933][ T6928] ? __pfx___pte_alloc+0x10/0x10 [ 93.007944][ T6928] ? __lock_acquire+0xaa4/0x1ba0 [ 93.007953][ T6928] do_pte_missing+0x2925/0x3fb0 [ 93.007971][ T6928] __handle_mm_fault+0x103d/0x2a40 [ 93.007991][ T6928] ? const_folio_flags+0x5b/0x100 [ 93.008001][ T6928] ? __pfx___handle_mm_fault+0x10/0x10 [ 93.008014][ T6928] ? __pfx_folio_mark_accessed+0x10/0x10 [ 93.008024][ T6928] ? vm_normal_page+0x13b/0x2b0 [ 93.008033][ T6928] ? find_held_lock+0x2b/0x80 [ 93.008045][ T6928] ? find_held_lock+0x2b/0x80 [ 93.008065][ T6928] handle_mm_fault+0x3fe/0xad0 [ 93.008081][ T6928] __get_user_pages+0x771/0x36f0 [ 93.008098][ T6928] ? __pfx___get_user_pages+0x10/0x10 [ 93.008110][ T6928] ? __pfx_down_read_killable+0x10/0x10 [ 93.008120][ T6928] ? __lock_acquire+0x5ca/0x1ba0 [ 93.008130][ T6928] __gup_longterm_locked+0x20d/0x1850 [ 93.008147][ T6928] ? __pfx___gup_longterm_locked+0x10/0x10 [ 93.008161][ T6928] ? find_held_lock+0x2b/0x80 [ 93.008173][ T6928] ? sanity_check_pinned_pages+0x23/0x11e0 [ 93.008187][ T6928] gup_fast_fallback+0x183d/0x2650 [ 93.008208][ T6928] ? __pfx_gup_fast_fallback+0x10/0x10 [ 93.008227][ T6928] pin_user_pages_fast+0xa7/0xf0 [ 93.008239][ T6928] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 93.008255][ T6928] iov_iter_extract_pages+0x3a2/0x2000 [ 93.008270][ T6928] ? __pfx___schedule+0x10/0x10 [ 93.008283][ T6928] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 93.008299][ T6928] ? __local_bh_enable_ip+0xa4/0x120 [ 93.008312][ T6928] ? lockdep_hardirqs_on+0x7c/0x110 [ 93.008324][ T6928] ? kernel_fpu_end+0x59/0x70 [ 93.008336][ T6928] ? __local_bh_enable_ip+0xa4/0x120 [ 93.008349][ T6928] ? kernel_fpu_end+0x5e/0x70 [ 93.008361][ T6928] ? poly1305_simd_blocks+0xf1/0x4c0 [ 93.008373][ T6928] extract_iter_to_sg+0xf6e/0x2090 [ 93.008388][ T6928] ? __pfx_extract_iter_to_sg+0x10/0x10 [ 93.008397][ T6928] ? gup_put_folio+0x71/0x230 [ 93.008408][ T6928] ? __pfx_unpin_user_page+0x10/0x10 [ 93.008422][ T6928] ? crypto_poly1305_init+0x12/0x80 [ 93.008435][ T6928] hash_sendmsg+0x43e/0xfb0 [ 93.008455][ T6928] ____sys_sendmsg+0xa95/0xc70 [ 93.008473][ T6928] ? __pfx_____sys_sendmsg+0x10/0x10 [ 93.008488][ T6928] ? get_compat_msghdr+0x11a/0x170 [ 93.008506][ T6928] ___sys_sendmsg+0x134/0x1d0 [ 93.008519][ T6928] ? __pfx____sys_sendmsg+0x10/0x10 [ 93.008549][ T6928] __sys_sendmsg+0x16d/0x220 [ 93.008561][ T6928] ? __pfx___sys_sendmsg+0x10/0x10 [ 93.008580][ T6928] ? rcu_is_watching+0x12/0xc0 [ 93.008594][ T6928] __do_fast_syscall_32+0x73/0x120 [ 93.008609][ T6928] do_fast_syscall_32+0x32/0x80 [ 93.008623][ T6928] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 93.008634][ T6928] RIP: 0023:0xf7ff5579 [ 93.008642][ T6928] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 93.008651][ T6928] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 93.008660][ T6928] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080008dc0 [ 93.008666][ T6928] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 93.008671][ T6928] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 93.008676][ T6928] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 93.008681][ T6928] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 93.008693][ T6928] [ 93.011613][ T6927] pim6reg: left allmulticast mode [ 93.321216][ T6936] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 93.323569][ T6936] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 93.327561][ T6936] vhci_hcd vhci_hcd.0: Device attached [ 93.525609][ T6944] netlink: 'syz.2.274': attribute type 10 has an invalid length. [ 93.535848][ T6944] team0: Device ipvlan1 failed to register rx_handler [ 93.572478][ T6937] vhci_hcd: connection closed [ 93.575636][ T12] vhci_hcd: stop threads [ 93.581708][ T12] vhci_hcd: release socket [ 93.583354][ T12] vhci_hcd: disconnect device [ 93.658538][ T6948] input: syz0 as /devices/virtual/input/input17 [ 93.708552][ T9] vhci_hcd: vhci_device speed not set [ 93.939039][ T6963] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 93.940872][ T6963] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 93.943267][ T6963] vhci_hcd vhci_hcd.0: Device attached [ 94.005815][ T6967] netlink: 'syz.0.280': attribute type 10 has an invalid length. [ 94.017013][ T6967] team0: Device ipvlan1 failed to register rx_handler [ 94.025228][ T5953] Bluetooth: hci3: command 0x0406 tx timeout [ 94.033585][ T6964] vhci_hcd: connection closed [ 94.034815][ T102] vhci_hcd: stop threads [ 94.037459][ T102] vhci_hcd: release socket [ 94.038830][ T102] vhci_hcd: disconnect device [ 94.335214][ T6973] Bluetooth: MGMT ver 1.23 [ 94.343811][ T6973] hfsplus: Unknown parameter 'barrier' [ 94.346527][ T6973] MTD: Attempt to mount non-MTD device "/dev/sr0" [ 94.475648][ T6973] /dev/sr0: Can't open blockdev [ 95.375425][ T7011] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input18 [ 95.824617][ T1020] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 95.994606][ T1020] usb 6-1: Using ep0 maxpacket: 8 [ 95.997312][ T1020] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 95.999552][ T1020] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 96.002239][ T1020] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 96.005280][ T1020] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 96.007986][ T1020] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 96.011404][ T1020] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 96.013842][ T1020] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.224063][ T1020] usb 6-1: GET_CAPABILITIES returned 0 [ 96.227419][ T1020] usbtmc 6-1:16.0: can't read capabilities [ 96.740546][ T7052] usbtmc 6-1:16.0: usb_control_msg returned -71 [ 96.742570][ T5830] usb 6-1: USB disconnect, device number 4 [ 98.024734][ T836] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 98.186115][ T836] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 98.188838][ T836] usb 6-1: config 0 has no interfaces? [ 98.190322][ T836] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 98.192783][ T836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.196687][ T836] usb 6-1: config 0 descriptor?? [ 98.242510][ T7088] usb usb9: check_ctrlrecip: process 7088 (syz.2.323) requesting ep 01 but needs 81 [ 98.244956][ T7088] usb usb9: usbfs: process 7088 (syz.2.323) did not claim interface 0 before use [ 98.249070][ T7088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.323'. [ 98.306348][ T7093] netlink: 'syz.2.324': attribute type 1 has an invalid length. [ 98.339920][ T7099] FAULT_INJECTION: forcing a failure. [ 98.339920][ T7099] name failslab, interval 1, probability 0, space 0, times 0 [ 98.344926][ T7099] CPU: 3 UID: 0 PID: 7099 Comm: syz.2.326 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 98.344945][ T7099] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 98.344955][ T7099] Call Trace: [ 98.344961][ T7099] [ 98.344967][ T7099] dump_stack_lvl+0x16c/0x1f0 [ 98.344994][ T7099] should_fail_ex+0x512/0x640 [ 98.345017][ T7099] should_failslab+0xc2/0x120 [ 98.345033][ T7099] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 98.345059][ T7099] ? fib6_add_1+0xce9/0x17d0 [ 98.345082][ T7099] fib6_add_1+0xce9/0x17d0 [ 98.345110][ T7099] fib6_add+0x1e6/0x4b60 [ 98.345133][ T7099] ? __lock_acquire+0xaa4/0x1ba0 [ 98.345152][ T7099] ? __ipv6_addr_type+0x225/0x300 [ 98.345172][ T7099] ? __pfx_fib6_add+0x10/0x10 [ 98.345198][ T7099] ? do_raw_spin_lock+0x12c/0x2b0 [ 98.345216][ T7099] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 98.345238][ T7099] ? ip6_route_add+0x8d/0x1c0 [ 98.345259][ T7099] ip6_route_add+0x8d/0x1c0 [ 98.345285][ T7099] ipv6_route_ioctl+0x426/0x5d0 [ 98.345307][ T7099] ? __pfx_ipv6_route_ioctl+0x10/0x10 [ 98.345337][ T7099] ? __might_fault+0xe3/0x190 [ 98.345361][ T7099] ? __might_fault+0xe3/0x190 [ 98.345383][ T7099] ? __might_fault+0x13b/0x190 [ 98.345414][ T7099] inet6_compat_ioctl+0x2db/0x360 [ 98.345432][ T7099] ? do_vfs_ioctl+0x512/0x1990 [ 98.345451][ T7099] ? __pfx_inet6_compat_ioctl+0x10/0x10 [ 98.345469][ T7099] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 98.345496][ T7099] ? __pfx_inet6_compat_ioctl+0x10/0x10 [ 98.345517][ T7099] compat_sock_ioctl+0x173/0x7c0 [ 98.345536][ T7099] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 98.345551][ T7099] ? hook_file_ioctl_common+0x145/0x410 [ 98.345574][ T7099] ? __fget_files+0x20e/0x3c0 [ 98.345602][ T7099] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 98.345619][ T7099] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 98.345641][ T7099] __do_fast_syscall_32+0x73/0x120 [ 98.345666][ T7099] do_fast_syscall_32+0x32/0x80 [ 98.345689][ T7099] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 98.345709][ T7099] RIP: 0023:0xf7f86579 [ 98.345722][ T7099] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 98.345736][ T7099] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 98.345751][ T7099] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000890b [ 98.345760][ T7099] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 98.345769][ T7099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 98.345776][ T7099] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 98.345785][ T7099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 98.345807][ T7099] [ 98.408605][ T836] usb 6-1: USB disconnect, device number 5 [ 98.466818][ T7110] input: syz0 as /devices/virtual/input/input21 [ 98.590151][ T7117] FAULT_INJECTION: forcing a failure. [ 98.590151][ T7117] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 98.593380][ T7117] CPU: 2 UID: 0 PID: 7117 Comm: syz.0.333 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 98.593393][ T7117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 98.593399][ T7117] Call Trace: [ 98.593402][ T7117] [ 98.593406][ T7117] dump_stack_lvl+0x16c/0x1f0 [ 98.593424][ T7117] should_fail_ex+0x512/0x640 [ 98.593438][ T7117] _copy_from_iter+0x2a4/0x15b0 [ 98.593452][ T7117] ? __alloc_skb+0x200/0x380 [ 98.593465][ T7117] ? __pfx__copy_from_iter+0x10/0x10 [ 98.593478][ T7117] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 98.593496][ T7117] netlink_sendmsg+0x829/0xdd0 [ 98.593512][ T7117] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.593527][ T7117] ? __import_iovec+0x1c8/0x660 [ 98.593542][ T7117] ____sys_sendmsg+0xa95/0xc70 [ 98.593558][ T7117] ? __pfx_____sys_sendmsg+0x10/0x10 [ 98.593573][ T7117] ? get_compat_msghdr+0x11a/0x170 [ 98.593590][ T7117] ___sys_sendmsg+0x134/0x1d0 [ 98.593603][ T7117] ? __pfx____sys_sendmsg+0x10/0x10 [ 98.593630][ T7117] __sys_sendmsg+0x16d/0x220 [ 98.593643][ T7117] ? __pfx___sys_sendmsg+0x10/0x10 [ 98.593659][ T7117] ? rcu_is_watching+0x12/0xc0 [ 98.593672][ T7117] ? rcu_is_watching+0x12/0xc0 [ 98.593685][ T7117] __do_fast_syscall_32+0x73/0x120 [ 98.593701][ T7117] do_fast_syscall_32+0x32/0x80 [ 98.593715][ T7117] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 98.593727][ T7117] RIP: 0023:0xf7f04579 [ 98.593735][ T7117] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 98.593744][ T7117] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 98.593753][ T7117] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080003180 [ 98.593758][ T7117] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 98.593763][ T7117] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 98.593769][ T7117] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 98.593774][ T7117] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 98.593785][ T7117] [ 98.646311][ C2] vkms_vblank_simulate: vblank timer overrun [ 99.208677][ T7123] netlink: 116 bytes leftover after parsing attributes in process `syz.0.335'. [ 99.287469][ T7133] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 99.356965][ T7141] FAULT_INJECTION: forcing a failure. [ 99.356965][ T7141] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.361347][ T7141] CPU: 0 UID: 0 PID: 7141 Comm: syz.0.341 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 99.361360][ T7141] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.361366][ T7141] Call Trace: [ 99.361370][ T7141] [ 99.361374][ T7141] dump_stack_lvl+0x16c/0x1f0 [ 99.361391][ T7141] should_fail_ex+0x512/0x640 [ 99.361405][ T7141] _copy_from_iter+0x2a4/0x15b0 [ 99.361419][ T7141] ? __alloc_skb+0x200/0x380 [ 99.361432][ T7141] ? __pfx__copy_from_iter+0x10/0x10 [ 99.361445][ T7141] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 99.361463][ T7141] netlink_sendmsg+0x829/0xdd0 [ 99.361479][ T7141] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.361494][ T7141] ? __import_iovec+0x1c8/0x660 [ 99.361509][ T7141] ____sys_sendmsg+0xa95/0xc70 [ 99.361525][ T7141] ? __pfx_____sys_sendmsg+0x10/0x10 [ 99.361540][ T7141] ? get_compat_msghdr+0x11a/0x170 [ 99.361558][ T7141] ___sys_sendmsg+0x134/0x1d0 [ 99.361571][ T7141] ? __pfx____sys_sendmsg+0x10/0x10 [ 99.361599][ T7141] __sys_sendmsg+0x16d/0x220 [ 99.361612][ T7141] ? __pfx___sys_sendmsg+0x10/0x10 [ 99.361630][ T7141] ? rcu_is_watching+0x12/0xc0 [ 99.361644][ T7141] __do_fast_syscall_32+0x73/0x120 [ 99.361660][ T7141] do_fast_syscall_32+0x32/0x80 [ 99.361674][ T7141] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 99.361686][ T7141] RIP: 0023:0xf7f04579 [ 99.361694][ T7141] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 99.361703][ T7141] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 99.361712][ T7141] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800037c0 [ 99.361718][ T7141] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 99.361723][ T7141] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 99.361728][ T7141] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 99.361733][ T7141] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 99.361745][ T7141] [ 99.480114][ T7145] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 99.626496][ T7155] xt_hashlimit: overflow, try lower: 17592186044416/6 [ 99.646528][ T7156] tmpfs: Bad value for 'mpol' [ 100.104936][ T7159] netlink: 'syz.0.345': attribute type 1 has an invalid length. [ 100.104966][ T7159] netlink: 220 bytes leftover after parsing attributes in process `syz.0.345'. [ 100.289995][ T7167] random: crng reseeded on system resumption [ 100.401602][ T7171] netlink: 12 bytes leftover after parsing attributes in process `syz.1.350'. [ 100.403856][ T7170] input: syz0 as /devices/virtual/input/input22 [ 100.482733][ T7176] macvtap1: entered promiscuous mode [ 100.484234][ T7176] macvtap1: entered allmulticast mode [ 100.637616][ T7180] loop6: detected capacity change from 0 to 63 [ 100.868107][ T7199] FAULT_INJECTION: forcing a failure. [ 100.868107][ T7199] name failslab, interval 1, probability 0, space 0, times 0 [ 100.871450][ T7199] CPU: 1 UID: 0 PID: 7199 Comm: syz.1.361 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 100.871463][ T7199] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.871469][ T7199] Call Trace: [ 100.871473][ T7199] [ 100.871477][ T7199] dump_stack_lvl+0x16c/0x1f0 [ 100.871494][ T7199] should_fail_ex+0x512/0x640 [ 100.871508][ T7199] should_failslab+0xc2/0x120 [ 100.871518][ T7199] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 100.871534][ T7199] ? skb_clone+0x190/0x3f0 [ 100.871549][ T7199] skb_clone+0x190/0x3f0 [ 100.871562][ T7199] netlink_deliver_tap+0xabd/0xd30 [ 100.871579][ T7199] netlink_unicast+0x5df/0x7f0 [ 100.871595][ T7199] ? __pfx_netlink_unicast+0x10/0x10 [ 100.871612][ T7199] netlink_sendmsg+0x8d1/0xdd0 [ 100.871628][ T7199] ? __pfx_netlink_sendmsg+0x10/0x10 [ 100.871643][ T7199] ? __import_iovec+0x1c8/0x660 [ 100.871659][ T7199] ____sys_sendmsg+0xa95/0xc70 [ 100.871676][ T7199] ? __pfx_____sys_sendmsg+0x10/0x10 [ 100.871691][ T7199] ? get_compat_msghdr+0x11a/0x170 [ 100.871709][ T7199] ___sys_sendmsg+0x134/0x1d0 [ 100.871722][ T7199] ? __pfx____sys_sendmsg+0x10/0x10 [ 100.871751][ T7199] __sys_sendmsg+0x16d/0x220 [ 100.871763][ T7199] ? __pfx___sys_sendmsg+0x10/0x10 [ 100.871780][ T7199] ? rcu_is_watching+0x12/0xc0 [ 100.871793][ T7199] ? rcu_is_watching+0x12/0xc0 [ 100.871806][ T7199] __do_fast_syscall_32+0x73/0x120 [ 100.871822][ T7199] do_fast_syscall_32+0x32/0x80 [ 100.871836][ T7199] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 100.871849][ T7199] RIP: 0023:0xf7ff5579 [ 100.871857][ T7199] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 100.871866][ T7199] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 100.871875][ T7199] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000100 [ 100.871881][ T7199] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 100.871886][ T7199] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 100.871891][ T7199] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 100.871896][ T7199] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 100.871908][ T7199] [ 101.133809][ T7215] netlink: 36 bytes leftover after parsing attributes in process `syz.1.365'. [ 101.138742][ T7215] netlink: 'syz.1.365': attribute type 10 has an invalid length. [ 101.141346][ T7215] syz_tun: entered promiscuous mode [ 101.147392][ T7215] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 101.260757][ T7221] FAULT_INJECTION: forcing a failure. [ 101.260757][ T7221] name failslab, interval 1, probability 0, space 0, times 0 [ 101.260794][ T7221] CPU: 0 UID: 0 PID: 7221 Comm: syz.2.368 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 101.260806][ T7221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 101.260812][ T7221] Call Trace: [ 101.260816][ T7221] [ 101.260820][ T7221] dump_stack_lvl+0x16c/0x1f0 [ 101.260837][ T7221] should_fail_ex+0x512/0x640 [ 101.260849][ T7221] ? __kmalloc_noprof+0xbf/0x510 [ 101.260865][ T7221] ? drm_atomic_state_init+0x17b/0x320 [ 101.260876][ T7221] should_failslab+0xc2/0x120 [ 101.260885][ T7221] __kmalloc_noprof+0xd2/0x510 [ 101.260912][ T7221] drm_atomic_state_init+0x17b/0x320 [ 101.260922][ T7221] ? __kasan_kmalloc+0xaa/0xb0 [ 101.260948][ T7221] drm_atomic_state_alloc+0xd3/0x120 [ 101.260959][ T7221] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 101.260970][ T7221] ? __pfx___might_resched+0x10/0x10 [ 101.260985][ T7221] ? rcu_is_watching+0x12/0xc0 [ 101.260998][ T7221] ? trace_contention_end+0xdd/0x130 [ 101.261008][ T7221] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 101.261018][ T7221] ? __mutex_lock+0x1ca/0xb90 [ 101.261041][ T7221] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 101.261060][ T7221] drm_client_modeset_commit_locked+0x14d/0x580 [ 101.261072][ T7221] drm_fb_helper_pan_display+0x32d/0xa40 [ 101.261092][ T7221] fb_pan_display+0x479/0x7d0 [ 101.261107][ T7221] ? __pfx_drm_fb_helper_pan_display+0x10/0x10 [ 101.261123][ T7221] bit_update_start+0x49/0x1f0 [ 101.261134][ T7221] fbcon_switch+0xbf5/0x14c0 [ 101.261148][ T7221] ? __pfx_fbcon_switch+0x10/0x10 [ 101.261164][ T7221] ? __pfx_bit_cursor+0x10/0x10 [ 101.261173][ T7221] ? fbcon_cursor+0x409/0x5f0 [ 101.261186][ T7221] csi_J+0x863/0xad0 [ 101.261203][ T7221] do_con_write+0x3b96/0x7c90 [ 101.261222][ T7221] ? __pfx_do_con_write+0x10/0x10 [ 101.261232][ T7221] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 101.261253][ T7221] con_write+0x23/0xb0 [ 101.261262][ T7221] n_tty_write+0x40f/0x1160 [ 101.261280][ T7221] ? __pfx_n_tty_write+0x10/0x10 [ 101.261290][ T7221] ? rcu_is_watching+0x12/0xc0 [ 101.261302][ T7221] ? __pfx_woken_wake_function+0x10/0x10 [ 101.261315][ T7221] ? kfree+0x252/0x4d0 [ 101.261326][ T7221] ? file_tty_write.constprop.0+0x6ed/0x9b0 [ 101.261343][ T7221] ? __pfx_n_tty_write+0x10/0x10 [ 101.261355][ T7221] file_tty_write.constprop.0+0x4ff/0x9b0 [ 101.261375][ T7221] vfs_write+0x5ba/0x1180 [ 101.261390][ T7221] ? __pfx_tty_write+0x10/0x10 [ 101.261406][ T7221] ? __pfx_vfs_write+0x10/0x10 [ 101.261418][ T7221] ? find_held_lock+0x2b/0x80 [ 101.261441][ T7221] ksys_write+0x12a/0x240 [ 101.261454][ T7221] ? __pfx_ksys_write+0x10/0x10 [ 101.261466][ T7221] ? rcu_is_watching+0x12/0xc0 [ 101.261479][ T7221] ? rcu_is_watching+0x12/0xc0 [ 101.261493][ T7221] __do_fast_syscall_32+0x73/0x120 [ 101.261508][ T7221] do_fast_syscall_32+0x32/0x80 [ 101.261532][ T7221] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 101.261554][ T7221] RIP: 0023:0xf7f86579 [ 101.261563][ T7221] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 101.261572][ T7221] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 101.261581][ T7221] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001040 [ 101.261586][ T7221] RDX: 0000000000001006 RSI: 0000000000000000 RDI: 0000000000000000 [ 101.261592][ T7221] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 101.261597][ T7221] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 101.261602][ T7221] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 101.261615][ T7221] [ 101.364605][ T836] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 101.671288][ T836] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 101.674991][ T836] usb 5-1: config 0 has no interface number 0 [ 101.677031][ T836] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 101.683954][ T836] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 101.690706][ T836] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 101.696759][ T836] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64 [ 101.703348][ T836] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 101.712706][ T836] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 101.718537][ T836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.727683][ T836] usb 5-1: config 0 descriptor?? [ 101.732500][ T7214] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 101.743917][ T836] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 101.798603][ T7228] FAULT_INJECTION: forcing a failure. [ 101.798603][ T7228] name failslab, interval 1, probability 0, space 0, times 0 [ 101.803897][ T7228] CPU: 0 UID: 0 PID: 7228 Comm: syz.2.371 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 101.803929][ T7228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 101.803938][ T7228] Call Trace: [ 101.803944][ T7228] [ 101.803951][ T7228] dump_stack_lvl+0x16c/0x1f0 [ 101.803977][ T7228] should_fail_ex+0x512/0x640 [ 101.803996][ T7228] ? fs_reclaim_acquire+0xae/0x150 [ 101.804017][ T7228] ? tomoyo_encode2+0x100/0x3e0 [ 101.804037][ T7228] should_failslab+0xc2/0x120 [ 101.804053][ T7228] __kmalloc_noprof+0xd2/0x510 [ 101.804076][ T7228] ? d_absolute_path+0x136/0x1a0 [ 101.804098][ T7228] tomoyo_encode2+0x100/0x3e0 [ 101.804122][ T7228] tomoyo_encode+0x29/0x50 [ 101.804143][ T7228] tomoyo_realpath_from_path+0x18f/0x6e0 [ 101.804172][ T7228] tomoyo_path_perm+0x274/0x460 [ 101.804196][ T7228] ? tomoyo_path_perm+0x260/0x460 [ 101.804216][ T7228] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 101.804235][ T7228] ? __lock_acquire+0xaa4/0x1ba0 [ 101.804276][ T7228] ? __pfx___mutex_trylock_common+0x10/0x10 [ 101.804294][ T7228] ? __pfx___might_resched+0x10/0x10 [ 101.804320][ T7228] security_inode_getattr+0x116/0x290 [ 101.804340][ T7228] vfs_getattr+0x25/0x60 [ 101.804357][ T7228] loop_query_min_dio_size.isra.0+0x120/0x260 [ 101.804377][ T7228] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 101.804412][ T7228] ? filemap_write_and_wait_range+0x7d/0x130 [ 101.804436][ T7228] loop_configure+0x8f5/0x1860 [ 101.804463][ T7228] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 101.804490][ T7228] ? __lock_acquire+0xaa4/0x1ba0 [ 101.804507][ T7228] ? __pfx_loop_configure+0x10/0x10 [ 101.804560][ T7228] lo_ioctl+0xdeb/0x26d0 [ 101.804579][ T7228] ? __pfx_stack_trace_save+0x10/0x10 [ 101.804601][ T7228] ? stack_depot_save_flags+0x28/0xa50 [ 101.804625][ T7228] ? __lock_acquire+0xaa4/0x1ba0 [ 101.804641][ T7228] ? __kasan_slab_free+0x51/0x70 [ 101.804663][ T7228] ? kfree+0x2b6/0x4d0 [ 101.804681][ T7228] ? tomoyo_path_number_perm+0x470/0x580 [ 101.804704][ T7228] ? __pfx_lo_ioctl+0x10/0x10 [ 101.804723][ T7228] ? find_held_lock+0x2b/0x80 [ 101.804743][ T7228] ? psi_task_switch+0x201/0x8e0 [ 101.804769][ T7228] ? lock_acquire+0x179/0x350 [ 101.804783][ T7228] ? find_held_lock+0x2b/0x80 [ 101.804803][ T7228] ? finish_task_switch.isra.0+0x21c/0xc10 [ 101.804825][ T7228] ? rcu_is_watching+0x12/0xc0 [ 101.804844][ T7228] ? finish_task_switch.isra.0+0x221/0xc10 [ 101.804866][ T7228] ? finish_task_switch.isra.0+0x2fa/0xc10 [ 101.804887][ T7228] ? rcu_is_watching+0x12/0xc0 [ 101.804906][ T7228] ? trace_sched_exit_tp+0xde/0x130 [ 101.804929][ T7228] ? __schedule+0x1186/0x5de0 [ 101.804958][ T7228] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 101.805009][ T7228] lo_compat_ioctl+0xb9/0x170 [ 101.805028][ T7228] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 101.805045][ T7228] compat_blkdev_ioctl+0x2eb/0x7a0 [ 101.805073][ T7228] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 101.805103][ T7228] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 101.805128][ T7228] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 101.805151][ T7228] __do_fast_syscall_32+0x73/0x120 [ 101.805175][ T7228] do_fast_syscall_32+0x32/0x80 [ 101.805202][ T7228] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 101.805222][ T7228] RIP: 0023:0xf7f86579 [ 101.805234][ T7228] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 101.805249][ T7228] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 101.805264][ T7228] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000004c0a [ 101.805273][ T7228] RDX: 0000000080001ac0 RSI: 0000000000000000 RDI: 0000000000000000 [ 101.805282][ T7228] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 101.805291][ T7228] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 101.805300][ T7228] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 101.805322][ T7228] [ 101.928933][ T7228] ERROR: Out of memory at tomoyo_realpath_from_path. [ 101.957242][ T7228] loop6: detected capacity change from 0 to 63 [ 101.969981][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 101.972862][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.975475][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 101.977782][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.980290][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 101.982688][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.985667][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 101.988748][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.991297][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 101.993622][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.996211][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 102.321488][ T7239] netlink: 8 bytes leftover after parsing attributes in process `syz.0.364'. [ 102.337707][ T7239] xt_connbytes: Forcing CT accounting to be enabled [ 102.339679][ T7239] Cannot find del_set index 0 as target [ 102.812200][ T7244] program syz.3.375 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 102.814417][ T7244] ata1.00: invalid service action 20 [ 102.888817][ T7247] tmpfs: Bad value for 'mpol' [ 102.921085][ T7249] ======================================================= [ 102.921085][ T7249] WARNING: The mand mount option has been deprecated and [ 102.921085][ T7249] and is ignored by this kernel. Remove the mand [ 102.921085][ T7249] option from the mount to silence this warning. [ 102.921085][ T7249] ======================================================= [ 103.008515][ T7251] netlink: 4 bytes leftover after parsing attributes in process `syz.3.377'. [ 104.061179][ T7279] block device autoloading is deprecated and will be removed. [ 104.189260][ T29] usb 5-1: USB disconnect, device number 6 [ 104.219059][ T29] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 104.260308][ T7278] QAT: failed to copy from user cfg_data. [ 104.298162][ T7282] FAULT_INJECTION: forcing a failure. [ 104.298162][ T7282] name failslab, interval 1, probability 0, space 0, times 0 [ 104.302752][ T7282] CPU: 2 UID: 0 PID: 7282 Comm: syz.0.386 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 104.302770][ T7282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 104.302779][ T7282] Call Trace: [ 104.302784][ T7282] [ 104.302790][ T7282] dump_stack_lvl+0x16c/0x1f0 [ 104.302814][ T7282] should_fail_ex+0x512/0x640 [ 104.302834][ T7282] should_failslab+0xc2/0x120 [ 104.302848][ T7282] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 104.302868][ T7282] ? fib_validate_source+0x12f/0x730 [ 104.302888][ T7282] ? dst_alloc+0x99/0x1a0 [ 104.302907][ T7282] dst_alloc+0x99/0x1a0 [ 104.302925][ T7282] rt_dst_alloc+0x35/0x3a0 [ 104.302947][ T7282] ip_route_input_rcu.part.0+0x5e8/0xdf0 [ 104.302966][ T7282] ? __pfx_ip_route_input_rcu.part.0+0x10/0x10 [ 104.302982][ T7282] ? __pfx_ipt_do_table+0x10/0x10 [ 104.303006][ T7282] ip_route_input_noref+0x1c1/0x2e0 [ 104.303022][ T7282] ? __pfx_ip_route_input_noref+0x10/0x10 [ 104.303042][ T7282] ? nf_hook_slow_list+0x30e/0x460 [ 104.303063][ T7282] ip_rcv_finish_core+0x46f/0x2290 [ 104.303085][ T7282] ip_list_rcv_finish+0x1b8/0x720 [ 104.303105][ T7282] ? __pfx_ip_list_rcv_finish+0x10/0x10 [ 104.303120][ T7282] ? __pfx_ip_rcv_finish+0x10/0x10 [ 104.303136][ T7282] ? ip_rcv_core+0x934/0xe80 [ 104.303155][ T7282] ip_list_rcv+0x335/0x450 [ 104.303172][ T7282] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 104.303189][ T7282] ? __pfx_ip_list_rcv+0x10/0x10 [ 104.303207][ T7282] ? __pfx_ip_list_rcv+0x10/0x10 [ 104.303224][ T7282] __netif_receive_skb_list_core+0x752/0x950 [ 104.303251][ T7282] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 104.303268][ T7282] ? lock_acquire+0x179/0x350 [ 104.303284][ T7282] ? __might_fault+0xe3/0x190 [ 104.303327][ T7282] netif_receive_skb_list_internal+0x752/0xdb0 [ 104.303348][ T7282] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 104.303373][ T7282] ? __pfx_eth_type_trans+0x10/0x10 [ 104.303396][ T7282] napi_complete_done+0x23f/0x970 [ 104.303413][ T7282] ? __pfx_napi_complete_done+0x10/0x10 [ 104.303427][ T7282] ? napi_gro_frags+0x902/0x11a0 [ 104.303448][ T7282] ? tun_get_user+0x2a35/0x3b10 [ 104.303465][ T7282] tun_get_user+0x2a4f/0x3b10 [ 104.303493][ T7282] ? __pfx_tun_get_user+0x10/0x10 [ 104.303511][ T7282] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 104.303535][ T7282] ? find_held_lock+0x2b/0x80 [ 104.303553][ T7282] ? tun_get+0x191/0x370 [ 104.303575][ T7282] tun_chr_write_iter+0xdc/0x210 [ 104.303596][ T7282] vfs_write+0x5ba/0x1180 [ 104.303616][ T7282] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 104.303637][ T7282] ? __pfx_vfs_write+0x10/0x10 [ 104.303652][ T7282] ? find_held_lock+0x2b/0x80 [ 104.303682][ T7282] ksys_write+0x12a/0x240 [ 104.303700][ T7282] ? __pfx_ksys_write+0x10/0x10 [ 104.303720][ T7282] ? rcu_is_watching+0x12/0xc0 [ 104.303740][ T7282] __do_fast_syscall_32+0x73/0x120 [ 104.303761][ T7282] do_fast_syscall_32+0x32/0x80 [ 104.303780][ T7282] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 104.303796][ T7282] RIP: 0023:0xf7f04579 [ 104.303808][ T7282] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 104.303820][ T7282] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 104.303834][ T7282] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000380 [ 104.303843][ T7282] RDX: 000000000000008f RSI: 0000000000000000 RDI: 0000000000000000 [ 104.303850][ T7282] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 104.303858][ T7282] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 104.303865][ T7282] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 104.303885][ T7282] [ 104.410130][ C2] vkms_vblank_simulate: vblank timer overrun [ 104.532042][ T7289] FAULT_INJECTION: forcing a failure. [ 104.532042][ T7289] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 104.536295][ T7289] CPU: 3 UID: 0 PID: 7289 Comm: syz.0.389 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 104.536317][ T7289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 104.536326][ T7289] Call Trace: [ 104.536331][ T7289] [ 104.536337][ T7289] dump_stack_lvl+0x16c/0x1f0 [ 104.536362][ T7289] should_fail_ex+0x512/0x640 [ 104.536384][ T7289] should_fail_alloc_page+0xe7/0x130 [ 104.536396][ T7289] prepare_alloc_pages+0x3c2/0x610 [ 104.536419][ T7289] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 104.536441][ T7289] ? stack_trace_save+0x8e/0xc0 [ 104.536464][ T7289] ? __gre_xmit+0x8bb/0xc00 [ 104.536487][ T7289] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 104.536506][ T7289] ? __pfx_skb_network_protocol+0x10/0x10 [ 104.536523][ T7289] ? __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 104.536541][ T7289] ? __do_fast_syscall_32+0x73/0x120 [ 104.536560][ T7289] ? do_fast_syscall_32+0x32/0x80 [ 104.536583][ T7289] ? ipgre_xmit+0x648/0xb10 [ 104.536606][ T7289] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 104.536620][ T7289] ? policy_nodemask+0xea/0x4e0 [ 104.536634][ T7289] alloc_pages_mpol+0x1fb/0x550 [ 104.536649][ T7289] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 104.536669][ T7289] folio_alloc_mpol_noprof+0x36/0x2f0 [ 104.536687][ T7289] vma_alloc_folio_noprof+0xed/0x1e0 [ 104.536703][ T7289] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 104.536718][ T7289] ? find_held_lock+0x2b/0x80 [ 104.536734][ T7289] ? do_wp_page+0x1079/0x59f0 [ 104.536753][ T7289] do_wp_page+0x12fc/0x59f0 [ 104.536777][ T7289] ? __pfx_do_wp_page+0x10/0x10 [ 104.536795][ T7289] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 104.536811][ T7289] ? ___pte_offset_map+0x1bc/0x540 [ 104.536832][ T7289] __handle_mm_fault+0x1ada/0x2a40 [ 104.536853][ T7289] ? __pfx___handle_mm_fault+0x10/0x10 [ 104.536885][ T7289] ? find_vma+0xbf/0x140 [ 104.536906][ T7289] ? __pfx_find_vma+0x10/0x10 [ 104.536925][ T7289] handle_mm_fault+0x3fe/0xad0 [ 104.536949][ T7289] do_user_addr_fault+0x7a6/0x1370 [ 104.536967][ T7289] ? rcu_is_watching+0x12/0xc0 [ 104.536986][ T7289] exc_page_fault+0x5c/0xc0 [ 104.537006][ T7289] asm_exc_page_fault+0x26/0x30 [ 104.537019][ T7289] RIP: 0010:__put_user_nocheck_4+0x3/0x10 [ 104.537040][ T7289] Code: d9 0f 01 cb 89 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 104.537053][ T7289] RSP: 0018:ffffc90003837ce0 EFLAGS: 00050293 [ 104.537065][ T7289] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000080001ddc [ 104.537074][ T7289] RDX: 0000000080001dc0 RSI: ffffffff893d6e1d RDI: 0000000000000005 [ 104.537081][ T7289] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 104.537087][ T7289] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000080040000 [ 104.537095][ T7289] R13: 0000000080001dc0 R14: 0000000000000212 R15: 0000000000000213 [ 104.537111][ T7289] ? __sys_sendmmsg+0x30d/0x420 [ 104.537133][ T7289] __sys_sendmmsg+0x31c/0x420 [ 104.537154][ T7289] ? __pfx___sys_sendmmsg+0x10/0x10 [ 104.537181][ T7289] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 104.537205][ T7289] ? fput+0x70/0xf0 [ 104.537219][ T7289] ? ksys_write+0x1b9/0x240 [ 104.537237][ T7289] ? __pfx_ksys_write+0x10/0x10 [ 104.537260][ T7289] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 104.537279][ T7289] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 104.537300][ T7289] __do_fast_syscall_32+0x73/0x120 [ 104.537319][ T7289] do_fast_syscall_32+0x32/0x80 [ 104.537338][ T7289] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 104.537355][ T7289] RIP: 0023:0xf7f04579 [ 104.537366][ T7289] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 104.537378][ T7289] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 104.537391][ T7289] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001dc0 [ 104.537399][ T7289] RDX: 0000000000000213 RSI: 0000000000000000 RDI: 0000000000000000 [ 104.537407][ T7289] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 104.537415][ T7289] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 104.537423][ T7289] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 104.537438][ T7289] [ 104.848791][ T7299] FAULT_INJECTION: forcing a failure. [ 104.848791][ T7299] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 104.852639][ T7299] CPU: 2 UID: 0 PID: 7299 Comm: syz.2.393 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 104.852659][ T7299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 104.852669][ T7299] Call Trace: [ 104.852676][ T7299] [ 104.852682][ T7299] dump_stack_lvl+0x16c/0x1f0 [ 104.852709][ T7299] should_fail_ex+0x512/0x640 [ 104.852731][ T7299] _copy_from_iter+0x2a4/0x15b0 [ 104.852754][ T7299] ? __alloc_skb+0x200/0x380 [ 104.852776][ T7299] ? __pfx__copy_from_iter+0x10/0x10 [ 104.852799][ T7299] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 104.852828][ T7299] netlink_sendmsg+0x829/0xdd0 [ 104.852856][ T7299] ? __pfx_netlink_sendmsg+0x10/0x10 [ 104.852880][ T7299] ? __import_iovec+0x1c8/0x660 [ 104.852913][ T7299] ____sys_sendmsg+0xa95/0xc70 [ 104.852940][ T7299] ? __pfx_____sys_sendmsg+0x10/0x10 [ 104.852964][ T7299] ? get_compat_msghdr+0x11a/0x170 [ 104.852994][ T7299] ___sys_sendmsg+0x134/0x1d0 [ 104.853016][ T7299] ? __pfx____sys_sendmsg+0x10/0x10 [ 104.853067][ T7299] __sys_sendmsg+0x16d/0x220 [ 104.853087][ T7299] ? __pfx___sys_sendmsg+0x10/0x10 [ 104.853118][ T7299] ? rcu_is_watching+0x12/0xc0 [ 104.853140][ T7299] __do_fast_syscall_32+0x73/0x120 [ 104.853164][ T7299] do_fast_syscall_32+0x32/0x80 [ 104.853188][ T7299] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 104.853207][ T7299] RIP: 0023:0xf7f86579 [ 104.853220][ T7299] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 104.853233][ T7299] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 104.853248][ T7299] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001080 [ 104.853258][ T7299] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 104.853267][ T7299] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 104.853276][ T7299] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 104.853284][ T7299] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 104.853306][ T7299] [ 104.914279][ C2] vkms_vblank_simulate: vblank timer overrun [ 105.040501][ T29] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 105.207526][ T29] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 105.209972][ T29] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 105.212753][ T29] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 105.215315][ T29] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 105.218332][ T29] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 105.222492][ T29] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 105.225100][ T29] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 105.227338][ T29] usb 5-1: Product: syz [ 105.228738][ T29] usb 5-1: Manufacturer: syz [ 105.232859][ T29] cdc_wdm 5-1:1.0: skipping garbage [ 105.234353][ T29] cdc_wdm 5-1:1.0: skipping garbage [ 105.236674][ T29] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 105.238367][ T29] cdc_wdm 5-1:1.0: Unknown control protocol [ 105.344623][ T6018] usb 7-1: new low-speed USB device number 13 using dummy_hcd [ 105.434748][ T7291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 105.437708][ T7291] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 105.441298][ T24] usb 5-1: USB disconnect, device number 7 [ 105.506213][ T6018] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 105.508489][ T6018] usb 7-1: config 0 has no interface number 0 [ 105.510194][ T6018] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 105.513210][ T6018] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 105.516834][ T6018] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 105.519441][ T6018] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.522721][ T6018] usb 7-1: config 0 descriptor?? [ 105.525318][ T7309] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 105.529218][ T6018] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 105.787978][ T6018] usb 7-1: USB disconnect, device number 13 [ 105.789698][ C2] iowarrior 7-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 105.831821][ T7322] Device name cannot be null; rc = [-22] [ 105.856335][ T7322] loop0: detected capacity change from 0 to 7 [ 105.859628][ T7322] Dev loop0: unable to read RDB block 7 [ 105.861253][ T7322] loop0: unable to read partition table [ 105.862890][ T7322] loop0: partition table beyond EOD, truncated [ 105.865904][ T7322] loop_reread_partitions: partition scan of loop0 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨â·û [ 105.865904][ T7322] ) failed (rc=-5) [ 105.966147][ T5365] Dev loop0: unable to read RDB block 7 [ 105.967710][ T5365] loop0: unable to read partition table [ 105.969404][ T5365] loop0: partition table beyond EOD, truncated [ 106.376460][ T7322] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 106.400426][ T7331] FAULT_INJECTION: forcing a failure. [ 106.400426][ T7331] name failslab, interval 1, probability 0, space 0, times 0 [ 106.403930][ T7331] CPU: 2 UID: 0 PID: 7331 Comm: syz.1.402 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 106.403947][ T7331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 106.403956][ T7331] Call Trace: [ 106.403960][ T7331] [ 106.403966][ T7331] dump_stack_lvl+0x16c/0x1f0 [ 106.403989][ T7331] should_fail_ex+0x512/0x640 [ 106.404007][ T7331] should_failslab+0xc2/0x120 [ 106.404020][ T7331] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 106.404040][ T7331] ? skb_clone+0x190/0x3f0 [ 106.404060][ T7331] skb_clone+0x190/0x3f0 [ 106.404076][ T7331] netlink_deliver_tap+0xabd/0xd30 [ 106.404099][ T7331] netlink_unicast+0x5df/0x7f0 [ 106.404123][ T7331] ? __pfx_netlink_unicast+0x10/0x10 [ 106.404150][ T7331] netlink_sendmsg+0x8d1/0xdd0 [ 106.404171][ T7331] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.404189][ T7331] ? __import_iovec+0x1c8/0x660 [ 106.404210][ T7331] ____sys_sendmsg+0xa95/0xc70 [ 106.404232][ T7331] ? __pfx_____sys_sendmsg+0x10/0x10 [ 106.404266][ T7331] ? get_compat_msghdr+0x11a/0x170 [ 106.404290][ T7331] ___sys_sendmsg+0x134/0x1d0 [ 106.404309][ T7331] ? __pfx____sys_sendmsg+0x10/0x10 [ 106.404348][ T7331] __sys_sendmsg+0x16d/0x220 [ 106.404364][ T7331] ? __pfx___sys_sendmsg+0x10/0x10 [ 106.404390][ T7331] ? rcu_is_watching+0x12/0xc0 [ 106.404408][ T7331] __do_fast_syscall_32+0x73/0x120 [ 106.404427][ T7331] do_fast_syscall_32+0x32/0x80 [ 106.404444][ T7331] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 106.404458][ T7331] RIP: 0023:0xf7ff5579 [ 106.404470][ T7331] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 106.404481][ T7331] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 106.404494][ T7331] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 106.404502][ T7331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 106.404509][ T7331] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 106.404515][ T7331] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 106.404522][ T7331] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 106.404551][ T7331] [ 106.496774][ T7333] netlink: 8 bytes leftover after parsing attributes in process `syz.1.403'. [ 106.712911][ T29] IPVS: starting estimator thread 0... [ 106.717244][ T7338] ALSA: mixer_oss: invalid OSS volume '' [ 106.804659][ T7346] IPVS: using max 45 ests per chain, 108000 per kthread [ 106.831156][ T7349] FAULT_INJECTION: forcing a failure. [ 106.831156][ T7349] name failslab, interval 1, probability 0, space 0, times 0 [ 106.834850][ T7349] CPU: 1 UID: 0 PID: 7349 Comm: syz.1.407 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 106.834863][ T7349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 106.834869][ T7349] Call Trace: [ 106.834873][ T7349] [ 106.834877][ T7349] dump_stack_lvl+0x16c/0x1f0 [ 106.834895][ T7349] should_fail_ex+0x512/0x640 [ 106.834907][ T7349] ? __kmalloc_noprof+0xbf/0x510 [ 106.834925][ T7349] ? drm_atomic_state_init+0xe4/0x320 [ 106.834936][ T7349] should_failslab+0xc2/0x120 [ 106.834945][ T7349] __kmalloc_noprof+0xd2/0x510 [ 106.834962][ T7349] drm_atomic_state_init+0xe4/0x320 [ 106.834972][ T7349] ? __kasan_kmalloc+0xaa/0xb0 [ 106.834987][ T7349] drm_atomic_state_alloc+0xd3/0x120 [ 106.834998][ T7349] drm_mode_atomic_ioctl+0x393/0x25f0 [ 106.835016][ T7349] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 106.835027][ T7349] ? __lock_acquire+0xaa4/0x1ba0 [ 106.835044][ T7349] ? drm_is_current_master+0x2c/0x40 [ 106.835056][ T7349] ? do_raw_spin_unlock+0x172/0x230 [ 106.835069][ T7349] drm_ioctl_kernel+0x1f1/0x3e0 [ 106.835082][ T7349] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 106.835094][ T7349] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 106.835112][ T7349] drm_ioctl+0x5c9/0xc30 [ 106.835127][ T7349] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 106.835139][ T7349] ? __pfx_drm_ioctl+0x10/0x10 [ 106.835166][ T7349] drm_compat_ioctl+0x327/0x460 [ 106.835177][ T7349] ? __pfx_drm_compat_ioctl+0x10/0x10 [ 106.835187][ T7349] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 106.835200][ T7349] __do_fast_syscall_32+0x73/0x120 [ 106.835216][ T7349] do_fast_syscall_32+0x32/0x80 [ 106.835230][ T7349] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 106.835242][ T7349] RIP: 0023:0xf7ff5579 [ 106.835250][ T7349] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 106.835259][ T7349] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 106.835288][ T7349] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000c03864bc [ 106.835297][ T7349] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 106.835303][ T7349] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 106.835308][ T7349] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 106.835313][ T7349] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 106.835325][ T7349] [ 106.917116][ C1] vkms_vblank_simulate: vblank timer overrun [ 107.144644][ T6018] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 107.295949][ T6018] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 107.298410][ T6018] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 107.301259][ T6018] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 107.303783][ T6018] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 107.307009][ T6018] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 107.311376][ T6018] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 107.313927][ T6018] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 107.316397][ T6018] usb 5-1: Product: syz [ 107.317788][ T6018] usb 5-1: Manufacturer: syz [ 107.321502][ T6018] cdc_wdm 5-1:1.0: skipping garbage [ 107.322982][ T6018] cdc_wdm 5-1:1.0: skipping garbage [ 107.325424][ T6018] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 107.327431][ T6018] cdc_wdm 5-1:1.0: Unknown control protocol [ 107.523740][ T7353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 107.526523][ T7353] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 107.529732][ T6040] usb 5-1: USB disconnect, device number 8 [ 108.016910][ T7382] FAULT_INJECTION: forcing a failure. [ 108.016910][ T7382] name failslab, interval 1, probability 0, space 0, times 0 [ 108.020518][ T7382] CPU: 3 UID: 0 PID: 7382 Comm: syz.3.418 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 108.020532][ T7382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 108.020538][ T7382] Call Trace: [ 108.020542][ T7382] [ 108.020546][ T7382] dump_stack_lvl+0x16c/0x1f0 [ 108.020564][ T7382] should_fail_ex+0x512/0x640 [ 108.020576][ T7382] ? fs_reclaim_acquire+0xae/0x150 [ 108.020589][ T7382] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 108.020603][ T7382] should_failslab+0xc2/0x120 [ 108.020612][ T7382] __kmalloc_noprof+0xd2/0x510 [ 108.020630][ T7382] tomoyo_realpath_from_path+0xc2/0x6e0 [ 108.020645][ T7382] ? tomoyo_profile+0x47/0x60 [ 108.020661][ T7382] tomoyo_path_number_perm+0x245/0x580 [ 108.020671][ T7382] ? tomoyo_path_number_perm+0x237/0x580 [ 108.020684][ T7382] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 108.020696][ T7382] ? find_held_lock+0x2b/0x80 [ 108.020720][ T7382] ? find_held_lock+0x2b/0x80 [ 108.020731][ T7382] ? hook_file_ioctl_common+0x145/0x410 [ 108.020745][ T7382] ? __fget_files+0x20e/0x3c0 [ 108.020761][ T7382] security_file_ioctl_compat+0x9b/0x240 [ 108.020775][ T7382] __do_compat_sys_ioctl+0x4e/0x2c0 [ 108.020788][ T7382] __do_fast_syscall_32+0x73/0x120 [ 108.020803][ T7382] do_fast_syscall_32+0x32/0x80 [ 108.020817][ T7382] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 108.020830][ T7382] RIP: 0023:0xf7f11579 [ 108.020842][ T7382] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 108.020851][ T7382] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 108.020860][ T7382] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b72 [ 108.020866][ T7382] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 108.020872][ T7382] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 108.020877][ T7382] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 108.020882][ T7382] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 108.020894][ T7382] [ 108.020897][ T7382] ERROR: Out of memory at tomoyo_realpath_from_path. [ 108.908838][ T7414] FAULT_INJECTION: forcing a failure. [ 108.908838][ T7414] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 108.914771][ T24] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 108.917571][ T7414] CPU: 2 UID: 0 PID: 7414 Comm: syz.1.429 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 108.917591][ T7414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 108.917600][ T7414] Call Trace: [ 108.917620][ T7414] [ 108.917626][ T7414] dump_stack_lvl+0x16c/0x1f0 [ 108.917651][ T7414] should_fail_ex+0x512/0x640 [ 108.917672][ T7414] _copy_from_iter+0x2a4/0x15b0 [ 108.917689][ T7414] ? __alloc_skb+0x200/0x380 [ 108.917708][ T7414] ? __pfx__copy_from_iter+0x10/0x10 [ 108.917728][ T7414] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 108.917756][ T7414] netlink_sendmsg+0x829/0xdd0 [ 108.917774][ T7414] ? __pfx_netlink_sendmsg+0x10/0x10 [ 108.917788][ T7414] ? __import_iovec+0x1c8/0x660 [ 108.917804][ T7414] ____sys_sendmsg+0xa95/0xc70 [ 108.917820][ T7414] ? __pfx_____sys_sendmsg+0x10/0x10 [ 108.917835][ T7414] ? get_compat_msghdr+0x11a/0x170 [ 108.917853][ T7414] ___sys_sendmsg+0x134/0x1d0 [ 108.917866][ T7414] ? __pfx____sys_sendmsg+0x10/0x10 [ 108.917899][ T7414] __sys_sendmsg+0x16d/0x220 [ 108.917912][ T7414] ? __pfx___sys_sendmsg+0x10/0x10 [ 108.917930][ T7414] ? rcu_is_watching+0x12/0xc0 [ 108.917951][ T7414] __do_fast_syscall_32+0x73/0x120 [ 108.917968][ T7414] do_fast_syscall_32+0x32/0x80 [ 108.917982][ T7414] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 108.917995][ T7414] RIP: 0023:0xf7ff5579 [ 108.918003][ T7414] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 108.918012][ T7414] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 108.918023][ T7414] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800006c0 [ 108.918033][ T7414] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 108.918041][ T7414] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 108.918049][ T7414] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 108.918055][ T7414] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 108.918071][ T7414] [ 109.094141][ T24] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 109.097786][ T24] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 109.101269][ T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 109.104442][ T24] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 109.108517][ T24] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 109.113780][ T24] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 109.117096][ T24] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 109.119735][ T24] usb 7-1: Product: syz [ 109.121198][ T24] usb 7-1: Manufacturer: syz [ 109.138117][ T24] cdc_wdm 7-1:1.0: skipping garbage [ 109.140031][ T24] cdc_wdm 7-1:1.0: skipping garbage [ 109.143546][ T24] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 109.144087][ T7426] capability: warning: `syz.0.435' uses 32-bit capabilities (legacy support in use) [ 109.148923][ T24] cdc_wdm 7-1:1.0: Unknown control protocol [ 109.210928][ T7430] xt_ipcomp: unknown flags 12 [ 109.344113][ T7408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 109.346722][ T7408] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 109.350931][ T7437] FAULT_INJECTION: forcing a failure. [ 109.350931][ T7437] name failslab, interval 1, probability 0, space 0, times 0 [ 109.351496][ T5990] usb 7-1: USB disconnect, device number 14 [ 109.354398][ T7437] CPU: 0 UID: 0 PID: 7437 Comm: syz.1.438 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 109.354412][ T7437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 109.354418][ T7437] Call Trace: [ 109.354421][ T7437] [ 109.354425][ T7437] dump_stack_lvl+0x16c/0x1f0 [ 109.354442][ T7437] should_fail_ex+0x512/0x640 [ 109.354454][ T7437] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 109.354471][ T7437] should_failslab+0xc2/0x120 [ 109.354481][ T7437] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 109.354495][ T7437] ? stack_trace_save+0x8e/0xc0 [ 109.354507][ T7437] ? __alloc_skb+0x2b2/0x380 [ 109.354522][ T7437] __alloc_skb+0x2b2/0x380 [ 109.354545][ T7437] ? __pfx___alloc_skb+0x10/0x10 [ 109.354555][ T7437] ? save_trace+0x4e/0x380 [ 109.354569][ T7437] ? add_lock_to_list+0x9d/0x130 [ 109.354586][ T7437] alloc_skb_with_frags+0xe0/0x860 [ 109.354603][ T7437] sock_alloc_send_pskb+0x7fb/0x990 [ 109.354615][ T7437] ? do_raw_spin_lock+0x12c/0x2b0 [ 109.354629][ T7437] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 109.354641][ T7437] ? find_held_lock+0x2b/0x80 [ 109.354653][ T7437] ? llc_ui_sendmsg+0x37b/0x1540 [ 109.354666][ T7437] ? rcu_is_watching+0x12/0xc0 [ 109.354678][ T7437] ? __local_bh_enable_ip+0xa4/0x120 [ 109.354692][ T7437] llc_ui_sendmsg+0x39b/0x1540 [ 109.354709][ T7437] ? __pfx_llc_ui_sendmsg+0x10/0x10 [ 109.354721][ T7437] ? __pfx_aa_sk_perm+0x10/0x10 [ 109.354733][ T7437] ? __import_iovec+0x1c8/0x660 [ 109.354749][ T7437] ____sys_sendmsg+0xa95/0xc70 [ 109.354766][ T7437] ? __pfx_____sys_sendmsg+0x10/0x10 [ 109.354781][ T7437] ? get_compat_msghdr+0x11a/0x170 [ 109.354795][ T7437] ? __pfx__kstrtoull+0x10/0x10 [ 109.354812][ T7437] ___sys_sendmsg+0x134/0x1d0 [ 109.354825][ T7437] ? __pfx____sys_sendmsg+0x10/0x10 [ 109.354844][ T7437] ? find_held_lock+0x2b/0x80 [ 109.354864][ T7437] __sys_sendmmsg+0x2f9/0x420 [ 109.354878][ T7437] ? __pfx___sys_sendmmsg+0x10/0x10 [ 109.354895][ T7437] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 109.354915][ T7437] ? fput+0x70/0xf0 [ 109.354924][ T7437] ? ksys_write+0x1b9/0x240 [ 109.354937][ T7437] ? __pfx_ksys_write+0x10/0x10 [ 109.354952][ T7437] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 109.354965][ T7437] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 109.354979][ T7437] __do_fast_syscall_32+0x73/0x120 [ 109.354994][ T7437] do_fast_syscall_32+0x32/0x80 [ 109.355008][ T7437] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 109.355020][ T7437] RIP: 0023:0xf7ff5579 [ 109.355028][ T7437] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 109.355037][ T7437] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 109.355046][ T7437] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000c40 [ 109.355052][ T7437] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 109.355057][ T7437] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 109.355062][ T7437] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 109.355067][ T7437] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 109.355079][ T7437] [ 109.392795][ T7439] UHID_CREATE from different security context by process 423 (syz.1.439), this is not allowed. [ 109.448215][ T7442] ebtables: wrong size: *len 264, entries_size 144, replsz 144 [ 109.452458][ T9] hid (null): unknown global tag 0xd [ 109.453947][ T9] hid (null): unknown global tag 0xe [ 109.461394][ T9] hid (null): report_id 0 is invalid [ 109.462854][ T9] hid (null): report_id 52304 is invalid [ 109.464446][ T9] hid (null): report_id 1387920681 is invalid [ 109.466367][ T9] hid (null): unknown global tag 0xe [ 109.467822][ T9] hid (null): unknown global tag 0xd [ 109.469262][ T9] hid (null): invalid report_size -1887810091 [ 109.470893][ T9] hid (null): global environment stack underflow [ 109.472668][ T9] hid (null): unknown global tag 0xc [ 109.474137][ T9] hid (null): unknown global tag 0xc [ 109.476085][ T9] hid (null): invalid report_count 40881 [ 109.477861][ T9] hid (null): report_id 0 is invalid [ 109.479300][ T9] hid (null): unknown global tag 0xd [ 109.480736][ T9] hid (null): invalid report_size -1506165907 [ 109.482364][ T9] hid (null): report_id 0 is invalid [ 109.483832][ T9] hid (null): unknown global tag 0xc [ 109.485609][ T9] hid (null): unknown global tag 0xe [ 109.487032][ T9] hid (null): report_id 3194748728 is invalid [ 109.488645][ T9] hid (null): unknown global tag 0xe [ 109.490117][ T9] hid (null): unknown global tag 0xd [ 109.491605][ T9] hid (null): invalid report_count 41695 [ 109.493153][ T9] hid (null): invalid report_count 1565389719 [ 109.495065][ T9] hid (null): global environment stack overflow [ 109.496871][ T9] hid (null): invalid report_size 697642177 [ 109.498514][ T9] hid (null): invalid report_size 9747 [ 109.500040][ T9] hid (null): unknown global tag 0xd [ 109.501932][ T9] hid (null): unknown global tag 0xc [ 109.504117][ T9] hid (null): report_id 6688 is invalid [ 109.506345][ T9] hid (null): unknown global tag 0xd [ 109.508281][ T9] hid (null): unknown global tag 0xd [ 109.509832][ T9] hid (null): report_id 65373 is invalid [ 109.511356][ T9] hid (null): unknown global tag 0x4a [ 109.512889][ T9] hid (null): unknown global tag 0x5f [ 109.514409][ T9] hid (null): unknown global tag 0xb8 [ 109.516350][ T9] hid (null): unknown global tag 0xd [ 109.517868][ T9] hid (null): report_id 3562054314 is invalid [ 109.519608][ T9] hid (null): global environment stack overflow [ 109.521343][ T9] hid (null): report_id 47366 is invalid [ 109.522892][ T9] hid (null): unknown global tag 0xc [ 109.524395][ T9] hid (null): unknown global tag 0xe [ 109.526274][ T9] hid (null): unknown global tag 0x78 [ 109.527796][ T9] hid (null): report_id 0 is invalid [ 109.529269][ T9] hid (null): unknown global tag 0xe [ 109.533171][ T9] hid-generic 0101:0081:0009.0002: unknown main item tag 0x7 [ 109.535650][ T9] hid-generic 0101:0081:0009.0002: unknown global tag 0xd [ 109.537673][ T9] hid-generic 0101:0081:0009.0002: item 0 0 1 13 parsing failed [ 109.540354][ T9] hid-generic 0101:0081:0009.0002: probe with driver hid-generic failed with error -22 [ 109.948476][ T7471] FAULT_INJECTION: forcing a failure. [ 109.948476][ T7471] name failslab, interval 1, probability 0, space 0, times 0 [ 109.951920][ T7471] CPU: 0 UID: 0 PID: 7471 Comm: syz.1.450 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 109.951933][ T7471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 109.951939][ T7471] Call Trace: [ 109.951943][ T7471] [ 109.951946][ T7471] dump_stack_lvl+0x16c/0x1f0 [ 109.951963][ T7471] should_fail_ex+0x512/0x640 [ 109.951975][ T7471] ? fs_reclaim_acquire+0xae/0x150 [ 109.951988][ T7471] ? tomoyo_encode2+0x100/0x3e0 [ 109.952001][ T7471] should_failslab+0xc2/0x120 [ 109.952011][ T7471] __kmalloc_noprof+0xd2/0x510 [ 109.952026][ T7471] ? d_absolute_path+0x136/0x1a0 [ 109.952039][ T7471] tomoyo_encode2+0x100/0x3e0 [ 109.952053][ T7471] tomoyo_encode+0x29/0x50 [ 109.952066][ T7471] tomoyo_realpath_from_path+0x18f/0x6e0 [ 109.952083][ T7471] tomoyo_path_number_perm+0x245/0x580 [ 109.952093][ T7471] ? tomoyo_path_number_perm+0x237/0x580 [ 109.952106][ T7471] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 109.952118][ T7471] ? find_held_lock+0x2b/0x80 [ 109.952142][ T7471] ? find_held_lock+0x2b/0x80 [ 109.952153][ T7471] ? hook_file_ioctl_common+0x145/0x410 [ 109.952166][ T7471] ? __fget_files+0x20e/0x3c0 [ 109.952188][ T7471] security_file_ioctl_compat+0x9b/0x240 [ 109.952201][ T7471] __do_compat_sys_ioctl+0x4e/0x2c0 [ 109.952214][ T7471] __do_fast_syscall_32+0x73/0x120 [ 109.952230][ T7471] do_fast_syscall_32+0x32/0x80 [ 109.952244][ T7471] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 109.952257][ T7471] RIP: 0023:0xf7ff5579 [ 109.952264][ T7471] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 109.952273][ T7471] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 109.952283][ T7471] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000541c [ 109.952288][ T7471] RDX: 0000000080000940 RSI: 0000000000000000 RDI: 0000000000000000 [ 109.952294][ T7471] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 109.952299][ T7471] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 109.952304][ T7471] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 109.952315][ T7471] [ 109.952324][ T7471] ERROR: Out of memory at tomoyo_realpath_from_path. [ 110.114148][ T7487] trusted_key: encrypted_key: insufficient parameters specified [ 110.119808][ T7486] FAULT_INJECTION: forcing a failure. [ 110.119808][ T7486] name failslab, interval 1, probability 0, space 0, times 0 [ 110.123332][ T7486] CPU: 0 UID: 0 PID: 7486 Comm: syz.1.456 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 110.123345][ T7486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 110.123352][ T7486] Call Trace: [ 110.123356][ T7486] [ 110.123359][ T7486] dump_stack_lvl+0x16c/0x1f0 [ 110.123376][ T7486] should_fail_ex+0x512/0x640 [ 110.123388][ T7486] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 110.123405][ T7486] should_failslab+0xc2/0x120 [ 110.123414][ T7486] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 110.123429][ T7486] ? d_instantiate+0x77/0x90 [ 110.123438][ T7486] ? alloc_empty_file+0x55/0x1e0 [ 110.123450][ T7486] alloc_empty_file+0x55/0x1e0 [ 110.123460][ T7486] alloc_file_pseudo+0x13a/0x230 [ 110.123471][ T7486] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 110.123485][ T7486] sock_alloc_file+0x50/0x210 [ 110.123512][ T7486] do_accept+0x240/0x530 [ 110.123522][ T7486] ? do_raw_spin_lock+0x12c/0x2b0 [ 110.123535][ T7486] ? __pfx_do_accept+0x10/0x10 [ 110.123554][ T7486] __sys_accept4+0x100/0x1b0 [ 110.123564][ T7486] ? __pfx___sys_accept4+0x10/0x10 [ 110.123574][ T7486] ? __pfx_ksys_write+0x10/0x10 [ 110.123591][ T7486] __ia32_sys_accept4+0x94/0x100 [ 110.123601][ T7486] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 110.123616][ T7486] __do_fast_syscall_32+0x73/0x120 [ 110.123631][ T7486] do_fast_syscall_32+0x32/0x80 [ 110.123646][ T7486] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 110.123658][ T7486] RIP: 0023:0xf7ff5579 [ 110.123666][ T7486] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 110.123676][ T7486] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 000000000000016c [ 110.123685][ T7486] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 110.123691][ T7486] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000000000000000 [ 110.123696][ T7486] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 110.123701][ T7486] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 110.123707][ T7486] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 110.123719][ T7486] [ 110.184621][ T5990] usb 7-1: new low-speed USB device number 15 using dummy_hcd [ 110.314618][ T5990] usb 7-1: device descriptor read/64, error -71 [ 110.444320][ T7499] trusted_key: encrypted_key: insufficient parameters specified [ 110.453309][ T7499] x_tables: duplicate underflow at hook 3 [ 110.455904][ T7499] netlink: 12 bytes leftover after parsing attributes in process `syz.0.460'. [ 110.554687][ T5990] usb 7-1: new low-speed USB device number 16 using dummy_hcd [ 110.661344][ T6005] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 110.684609][ T5990] usb 7-1: device descriptor read/64, error -71 [ 110.795730][ T5990] usb usb7-port1: attempt power cycle [ 110.817359][ T6005] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 110.820043][ T6005] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 110.822973][ T6005] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 110.825741][ T6005] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 110.829107][ T6005] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 110.835113][ T6005] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 110.837672][ T6005] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 110.839951][ T6005] usb 6-1: Product: syz [ 110.841113][ T6005] usb 6-1: Manufacturer: syz [ 110.846010][ T6005] cdc_wdm 6-1:1.0: skipping garbage [ 110.847508][ T6005] cdc_wdm 6-1:1.0: skipping garbage [ 110.850988][ T6005] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 110.852668][ T6005] cdc_wdm 6-1:1.0: Unknown control protocol [ 111.048379][ T7493] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.051179][ T7493] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.054592][ T1020] usb 6-1: USB disconnect, device number 6 [ 111.154707][ T5990] usb 7-1: new low-speed USB device number 17 using dummy_hcd [ 111.175030][ T5990] usb 7-1: device descriptor read/8, error -71 [ 111.424872][ T5990] usb 7-1: new low-speed USB device number 18 using dummy_hcd [ 111.445506][ T5990] usb 7-1: device descriptor read/8, error -71 [ 111.554738][ T5990] usb usb7-port1: unable to enumerate USB device [ 111.572826][ T7511] FAULT_INJECTION: forcing a failure. [ 111.572826][ T7511] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.576520][ T7511] CPU: 3 UID: 0 PID: 7511 Comm: syz.3.463 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 111.576534][ T7511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 111.576541][ T7511] Call Trace: [ 111.576544][ T7511] [ 111.576548][ T7511] dump_stack_lvl+0x16c/0x1f0 [ 111.576565][ T7511] should_fail_ex+0x512/0x640 [ 111.576578][ T7511] _copy_from_iter+0x2a4/0x15b0 [ 111.576592][ T7511] ? __alloc_skb+0x200/0x380 [ 111.576605][ T7511] ? __pfx__copy_from_iter+0x10/0x10 [ 111.576618][ T7511] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 111.576636][ T7511] netlink_sendmsg+0x829/0xdd0 [ 111.576652][ T7511] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.576667][ T7511] ? __import_iovec+0x1c8/0x660 [ 111.576682][ T7511] ____sys_sendmsg+0xa95/0xc70 [ 111.576699][ T7511] ? __pfx_____sys_sendmsg+0x10/0x10 [ 111.576714][ T7511] ? get_compat_msghdr+0x11a/0x170 [ 111.576731][ T7511] ___sys_sendmsg+0x134/0x1d0 [ 111.576744][ T7511] ? __pfx____sys_sendmsg+0x10/0x10 [ 111.576771][ T7511] __sys_sendmsg+0x16d/0x220 [ 111.576784][ T7511] ? __pfx___sys_sendmsg+0x10/0x10 [ 111.576802][ T7511] ? rcu_is_watching+0x12/0xc0 [ 111.576816][ T7511] __do_fast_syscall_32+0x73/0x120 [ 111.576831][ T7511] do_fast_syscall_32+0x32/0x80 [ 111.576846][ T7511] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 111.576858][ T7511] RIP: 0023:0xf7f11579 [ 111.576866][ T7511] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 111.576875][ T7511] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 111.576884][ T7511] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 111.576890][ T7511] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 111.576895][ T7511] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 111.576901][ T7511] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 111.576906][ T7511] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 111.576918][ T7511] [ 111.581602][ T7513] netlink: 16 bytes leftover after parsing attributes in process `syz.1.464'. [ 111.671630][ T7519] netlink: 'syz.1.466': attribute type 3 has an invalid length. [ 111.673723][ T7519] netlink: 8 bytes leftover after parsing attributes in process `syz.1.466'. [ 111.700957][ T7522] netlink: 96 bytes leftover after parsing attributes in process `syz.1.467'. [ 111.750252][ T7528] FAULT_INJECTION: forcing a failure. [ 111.750252][ T7528] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.753808][ T7528] CPU: 2 UID: 0 PID: 7528 Comm: syz.1.470 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 111.753821][ T7528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 111.753828][ T7528] Call Trace: [ 111.753831][ T7528] [ 111.753835][ T7528] dump_stack_lvl+0x16c/0x1f0 [ 111.753858][ T7528] should_fail_ex+0x512/0x640 [ 111.753872][ T7528] _copy_from_iter+0x2a4/0x15b0 [ 111.753886][ T7528] ? __alloc_skb+0x200/0x380 [ 111.753899][ T7528] ? __pfx__copy_from_iter+0x10/0x10 [ 111.753912][ T7528] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 111.753931][ T7528] netlink_sendmsg+0x829/0xdd0 [ 111.753947][ T7528] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.753962][ T7528] ? __import_iovec+0x1c8/0x660 [ 111.753978][ T7528] ____sys_sendmsg+0xa95/0xc70 [ 111.753994][ T7528] ? __pfx_____sys_sendmsg+0x10/0x10 [ 111.754009][ T7528] ? get_compat_msghdr+0x11a/0x170 [ 111.754027][ T7528] ___sys_sendmsg+0x134/0x1d0 [ 111.754040][ T7528] ? __pfx____sys_sendmsg+0x10/0x10 [ 111.754068][ T7528] __sys_sendmsg+0x16d/0x220 [ 111.754081][ T7528] ? __pfx___sys_sendmsg+0x10/0x10 [ 111.754099][ T7528] ? rcu_is_watching+0x12/0xc0 [ 111.754114][ T7528] __do_fast_syscall_32+0x73/0x120 [ 111.754129][ T7528] do_fast_syscall_32+0x32/0x80 [ 111.754144][ T7528] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 111.754156][ T7528] RIP: 0023:0xf7ff5579 [ 111.754164][ T7528] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 111.754173][ T7528] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 111.754182][ T7528] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800027c0 [ 111.754188][ T7528] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 111.754194][ T7528] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 111.754199][ T7528] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 111.754204][ T7528] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 111.754216][ T7528] [ 111.838549][ T7529] input: syz0 as /devices/virtual/input/input23 [ 112.120414][ T7536] FAULT_INJECTION: forcing a failure. [ 112.120414][ T7536] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 112.124258][ T7536] CPU: 0 UID: 0 PID: 7536 Comm: syz.0.472 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 112.124272][ T7536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 112.124278][ T7536] Call Trace: [ 112.124282][ T7536] [ 112.124286][ T7536] dump_stack_lvl+0x16c/0x1f0 [ 112.124304][ T7536] should_fail_ex+0x512/0x640 [ 112.124318][ T7536] _copy_from_iter+0x2a4/0x15b0 [ 112.124332][ T7536] ? __alloc_skb+0x200/0x380 [ 112.124345][ T7536] ? __pfx__copy_from_iter+0x10/0x10 [ 112.124358][ T7536] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 112.124376][ T7536] netlink_sendmsg+0x829/0xdd0 [ 112.124392][ T7536] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.124407][ T7536] ? __import_iovec+0x1c8/0x660 [ 112.124422][ T7536] ____sys_sendmsg+0xa95/0xc70 [ 112.124439][ T7536] ? __pfx_____sys_sendmsg+0x10/0x10 [ 112.124454][ T7536] ? get_compat_msghdr+0x11a/0x170 [ 112.124471][ T7536] ___sys_sendmsg+0x134/0x1d0 [ 112.124484][ T7536] ? __pfx____sys_sendmsg+0x10/0x10 [ 112.124538][ T7536] __sys_sendmsg+0x16d/0x220 [ 112.124553][ T7536] ? __pfx___sys_sendmsg+0x10/0x10 [ 112.124570][ T7536] ? rcu_is_watching+0x12/0xc0 [ 112.124583][ T7536] ? rcu_is_watching+0x12/0xc0 [ 112.124597][ T7536] __do_fast_syscall_32+0x73/0x120 [ 112.124613][ T7536] do_fast_syscall_32+0x32/0x80 [ 112.124627][ T7536] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 112.124639][ T7536] RIP: 0023:0xf7f04579 [ 112.124647][ T7536] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 112.124657][ T7536] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 112.124667][ T7536] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 112.124673][ T7536] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 112.124678][ T7536] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 112.124683][ T7536] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 112.124688][ T7536] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 112.124700][ T7536] [ 112.454615][ T6018] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 112.605762][ T6018] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 112.608337][ T6018] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 112.611054][ T6018] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 112.613469][ T6018] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 112.616497][ T6018] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 112.620890][ T6018] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 112.623350][ T6018] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 112.625599][ T6018] usb 5-1: Product: syz [ 112.626794][ T6018] usb 5-1: Manufacturer: syz [ 112.630521][ T6018] cdc_wdm 5-1:1.0: skipping garbage [ 112.632010][ T6018] cdc_wdm 5-1:1.0: skipping garbage [ 112.634207][ T6018] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 112.635988][ T6018] cdc_wdm 5-1:1.0: Unknown control protocol [ 112.767711][ T1225] Bluetooth: hci4: Frame reassembly failed (-90) [ 112.769981][ T7546] Bluetooth: hci4: Frame reassembly failed (-84) [ 112.772054][ T7546] Bluetooth: hci4: Frame reassembly failed (-84) [ 112.831318][ T7538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.834260][ T7538] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 112.838044][ T9] usb 5-1: USB disconnect, device number 9 [ 112.885137][ T7546] block nbd0: server does not support multiple connections per device. [ 112.889296][ T7546] block nbd0: shutting down sockets [ 112.919528][ T7549] xt_hashlimit: overflow, rate too high: 0 [ 112.998724][ T7552] xt_TPROXY: Can be used only with -p tcp or -p udp [ 114.054813][ T7577] FAULT_INJECTION: forcing a failure. [ 114.054813][ T7577] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.058354][ T7577] CPU: 0 UID: 0 PID: 7577 Comm: syz.2.485 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 114.058367][ T7577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.058374][ T7577] Call Trace: [ 114.058378][ T7577] [ 114.058381][ T7577] dump_stack_lvl+0x16c/0x1f0 [ 114.058399][ T7577] should_fail_ex+0x512/0x640 [ 114.058413][ T7577] _copy_from_iter+0x2a4/0x15b0 [ 114.058427][ T7577] ? __alloc_skb+0x200/0x380 [ 114.058440][ T7577] ? __pfx__copy_from_iter+0x10/0x10 [ 114.058453][ T7577] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 114.058471][ T7577] netlink_sendmsg+0x829/0xdd0 [ 114.058487][ T7577] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.058502][ T7577] ? __import_iovec+0x1c8/0x660 [ 114.058517][ T7577] ____sys_sendmsg+0xa95/0xc70 [ 114.058534][ T7577] ? __pfx_____sys_sendmsg+0x10/0x10 [ 114.058549][ T7577] ? get_compat_msghdr+0x11a/0x170 [ 114.058567][ T7577] ___sys_sendmsg+0x134/0x1d0 [ 114.058580][ T7577] ? __pfx____sys_sendmsg+0x10/0x10 [ 114.058607][ T7577] __sys_sendmsg+0x16d/0x220 [ 114.058620][ T7577] ? __pfx___sys_sendmsg+0x10/0x10 [ 114.058636][ T7577] ? rcu_is_watching+0x12/0xc0 [ 114.058649][ T7577] ? rcu_is_watching+0x12/0xc0 [ 114.058663][ T7577] __do_fast_syscall_32+0x73/0x120 [ 114.058678][ T7577] do_fast_syscall_32+0x32/0x80 [ 114.058692][ T7577] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 114.058705][ T7577] RIP: 0023:0xf7f86579 [ 114.058713][ T7577] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 114.058722][ T7577] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 114.058732][ T7577] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180 [ 114.058738][ T7577] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 114.058743][ T7577] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 114.058748][ T7577] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 114.058754][ T7577] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 114.058765][ T7577] [ 114.141313][ T7579] (unnamed net_device) (uninitialized): option arp_validate: invalid value (524288) [ 114.468091][ T6018] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 114.625825][ T6018] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 114.628136][ T6018] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 114.630872][ T6018] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 114.632745][ T7595] FAULT_INJECTION: forcing a failure. [ 114.632745][ T7595] name failslab, interval 1, probability 0, space 0, times 0 [ 114.633334][ T6018] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 114.633348][ T6018] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 114.638296][ T7595] CPU: 3 UID: 0 PID: 7595 Comm: syz.3.493 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 114.638319][ T7595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.638329][ T7595] Call Trace: [ 114.638335][ T7595] [ 114.638342][ T7595] dump_stack_lvl+0x16c/0x1f0 [ 114.638368][ T7595] should_fail_ex+0x512/0x640 [ 114.638390][ T7595] ? io_cqring_event_overflow+0xcb/0x6f0 [ 114.638408][ T7595] should_failslab+0xc2/0x120 [ 114.638424][ T7595] __kmalloc_noprof+0xd2/0x510 [ 114.638453][ T7595] io_cqring_event_overflow+0xcb/0x6f0 [ 114.638477][ T7595] io_req_cqe_overflow+0x101/0x1e0 [ 114.638498][ T7595] __io_submit_flush_completions+0x94a/0x1750 [ 114.638529][ T7595] io_submit_sqes+0x9e2/0x25d0 [ 114.638559][ T7595] __do_sys_io_uring_enter+0xd6a/0x1630 [ 114.638580][ T7595] ? __fget_files+0x20e/0x3c0 [ 114.638602][ T7595] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 114.638622][ T7595] ? fput+0x70/0xf0 [ 114.638638][ T7595] ? ksys_write+0x1b9/0x240 [ 114.638659][ T7595] ? __pfx_ksys_write+0x10/0x10 [ 114.638683][ T7595] ? rcu_is_watching+0x12/0xc0 [ 114.638706][ T7595] __do_fast_syscall_32+0x73/0x120 [ 114.638732][ T7595] do_fast_syscall_32+0x32/0x80 [ 114.638755][ T7595] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 114.638774][ T7595] RIP: 0023:0xf7f11579 [ 114.638787][ T7595] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 114.638802][ T7595] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa [ 114.638817][ T7595] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 0000000000002d3e [ 114.638828][ T7595] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 114.638837][ T7595] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 114.638845][ T7595] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 114.638853][ T7595] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 114.638874][ T7595] [ 114.668044][ T7597] netlink: 216 bytes leftover after parsing attributes in process `syz.3.494'. [ 114.669997][ T6018] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 114.670398][ T7597] netlink: 216 bytes leftover after parsing attributes in process `syz.3.494'. [ 114.671463][ T6018] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 114.671475][ T6018] usb 7-1: Product: syz [ 114.711836][ T6018] usb 7-1: Manufacturer: syz [ 114.718312][ T6018] cdc_wdm 7-1:1.0: skipping garbage [ 114.719784][ T6018] cdc_wdm 7-1:1.0: skipping garbage [ 114.722049][ T6018] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 114.723714][ T6018] cdc_wdm 7-1:1.0: Unknown control protocol [ 114.779278][ T7599] fuse: Unknown parameter '' [ 114.824832][ T5953] Bluetooth: hci4: command 0x1003 tx timeout [ 114.824982][ T5965] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 114.919772][ T7585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.923101][ T7585] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.928610][ T5990] usb 7-1: USB disconnect, device number 19 [ 115.131722][ T7607] netlink: 216 bytes leftover after parsing attributes in process `syz.1.496'. [ 115.134252][ T7607] netlink: 216 bytes leftover after parsing attributes in process `syz.1.496'. [ 115.190971][ T7611] fuse: Unknown parameter 'use' [ 115.215698][ T7611] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 115.326891][ T6018] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 115.332864][ T7617] netlink: 116 bytes leftover after parsing attributes in process `syz.3.499'. [ 116.323861][ T7634] input: syz0 as /devices/virtual/input/input24 [ 116.330802][ T7641] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 116.401803][ T7646] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.404452][ T7646] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.406842][ T7646] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.478916][ T7654] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.481053][ T7654] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.483030][ T7654] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.744700][ T5990] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 116.896826][ T5990] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 116.899145][ T5990] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 116.902005][ T5990] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 116.904359][ T5990] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 116.907583][ T5990] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 116.911737][ T5990] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 116.914187][ T5990] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 116.916457][ T5990] usb 5-1: Product: syz [ 116.917584][ T5990] usb 5-1: Manufacturer: syz [ 116.926634][ T5990] cdc_wdm 5-1:1.0: skipping garbage [ 116.928875][ T5990] cdc_wdm 5-1:1.0: skipping garbage [ 116.932272][ T5990] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 116.934370][ T5990] cdc_wdm 5-1:1.0: Unknown control protocol [ 117.129741][ T7657] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.132390][ T7657] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.140150][ T6005] usb 5-1: USB disconnect, device number 10 [ 117.825965][ T7673] block nbd0: server does not support multiple connections per device. [ 117.828926][ T7673] block nbd0: shutting down sockets [ 117.884889][ T7677] FAULT_INJECTION: forcing a failure. [ 117.884889][ T7677] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 117.888723][ T7677] CPU: 3 UID: 0 PID: 7677 Comm: syz.0.520 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 117.888746][ T7677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 117.888753][ T7677] Call Trace: [ 117.888757][ T7677] [ 117.888762][ T7677] dump_stack_lvl+0x16c/0x1f0 [ 117.888780][ T7677] should_fail_ex+0x512/0x640 [ 117.888794][ T7677] _copy_from_iter+0x2a4/0x15b0 [ 117.888808][ T7677] ? __alloc_skb+0x200/0x380 [ 117.888826][ T7677] ? __pfx__copy_from_iter+0x10/0x10 [ 117.888840][ T7677] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 117.888858][ T7677] netlink_sendmsg+0x829/0xdd0 [ 117.888875][ T7677] ? __pfx_netlink_sendmsg+0x10/0x10 [ 117.888890][ T7677] ? __import_iovec+0x1c8/0x660 [ 117.888905][ T7677] ____sys_sendmsg+0xa95/0xc70 [ 117.888923][ T7677] ? __pfx_____sys_sendmsg+0x10/0x10 [ 117.888937][ T7677] ? get_compat_msghdr+0x11a/0x170 [ 117.888955][ T7677] ___sys_sendmsg+0x134/0x1d0 [ 117.888969][ T7677] ? __pfx____sys_sendmsg+0x10/0x10 [ 117.888998][ T7677] __sys_sendmsg+0x16d/0x220 [ 117.889011][ T7677] ? __pfx___sys_sendmsg+0x10/0x10 [ 117.889029][ T7677] ? rcu_is_watching+0x12/0xc0 [ 117.889044][ T7677] __do_fast_syscall_32+0x73/0x120 [ 117.889059][ T7677] do_fast_syscall_32+0x32/0x80 [ 117.889075][ T7677] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.889087][ T7677] RIP: 0023:0xf7f04579 [ 117.889095][ T7677] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 117.889105][ T7677] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 117.889115][ T7677] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000480 [ 117.889121][ T7677] RDX: 0000000000000880 RSI: 0000000000000000 RDI: 0000000000000000 [ 117.889127][ T7677] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 117.889132][ T7677] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 117.889137][ T7677] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 117.889149][ T7677] [ 118.002576][ T7684] input: syz0 as /devices/virtual/input/input25 [ 118.474645][ T6005] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 118.646099][ T6005] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 118.648409][ T6005] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 118.651107][ T6005] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 118.653522][ T6005] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 118.658071][ T6005] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 118.664168][ T6005] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 118.667461][ T6005] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 118.670241][ T6005] usb 7-1: Product: syz [ 118.671693][ T6005] usb 7-1: Manufacturer: syz [ 118.677352][ T6005] cdc_wdm 7-1:1.0: skipping garbage [ 118.679225][ T6005] cdc_wdm 7-1:1.0: skipping garbage [ 118.682162][ T6005] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 118.684248][ T6005] cdc_wdm 7-1:1.0: Unknown control protocol [ 118.879398][ T7692] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.882516][ T7692] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.888819][ T6005] usb 7-1: USB disconnect, device number 20 [ 119.156346][ T7720] FAULT_INJECTION: forcing a failure. [ 119.156346][ T7720] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 119.159936][ T7720] CPU: 0 UID: 0 PID: 7720 Comm: syz.1.534 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 119.159949][ T7720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 119.159956][ T7720] Call Trace: [ 119.159960][ T7720] [ 119.159963][ T7720] dump_stack_lvl+0x16c/0x1f0 [ 119.159981][ T7720] should_fail_ex+0x512/0x640 [ 119.159995][ T7720] _copy_to_user+0x32/0xd0 [ 119.160009][ T7720] simple_read_from_buffer+0xcb/0x170 [ 119.160025][ T7720] proc_fail_nth_read+0x197/0x270 [ 119.160039][ T7720] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 119.160053][ T7720] ? rw_verify_area+0xcf/0x680 [ 119.160065][ T7720] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 119.160079][ T7720] vfs_read+0x1de/0xc70 [ 119.160093][ T7720] ? __pfx___mutex_lock+0x10/0x10 [ 119.160112][ T7720] ? __pfx_vfs_read+0x10/0x10 [ 119.160129][ T7720] ? __fget_files+0x20e/0x3c0 [ 119.160147][ T7720] ksys_read+0x12a/0x240 [ 119.160159][ T7720] ? __pfx_ksys_read+0x10/0x10 [ 119.160179][ T7720] ? rcu_is_watching+0x12/0xc0 [ 119.160199][ T7720] __do_fast_syscall_32+0x73/0x120 [ 119.160222][ T7720] do_fast_syscall_32+0x32/0x80 [ 119.160244][ T7720] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 119.160262][ T7720] RIP: 0023:0xf7ff5579 [ 119.160275][ T7720] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 119.160290][ T7720] RSP: 002b:00000000f5116590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 119.160306][ T7720] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5116620 [ 119.160316][ T7720] RDX: 000000000000000f RSI: 00000000f747dff4 RDI: 0000000000000000 [ 119.160326][ T7720] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 119.160335][ T7720] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 119.160344][ T7720] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 119.160367][ T7720] [ 119.218746][ C0] vkms_vblank_simulate: vblank timer overrun [ 119.718819][ T7735] input: syz0 as /devices/virtual/input/input26 [ 120.207484][ T7744] FAULT_INJECTION: forcing a failure. [ 120.207484][ T7744] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 120.211805][ T7744] CPU: 0 UID: 0 PID: 7744 Comm: syz.1.543 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 120.211819][ T7744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 120.211825][ T7744] Call Trace: [ 120.211829][ T7744] [ 120.211834][ T7744] dump_stack_lvl+0x16c/0x1f0 [ 120.211851][ T7744] should_fail_ex+0x512/0x640 [ 120.211865][ T7744] _copy_to_user+0x32/0xd0 [ 120.211879][ T7744] simple_read_from_buffer+0xcb/0x170 [ 120.211894][ T7744] proc_fail_nth_read+0x197/0x270 [ 120.211909][ T7744] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 120.211924][ T7744] ? rw_verify_area+0xcf/0x680 [ 120.211935][ T7744] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 120.211949][ T7744] vfs_read+0x1de/0xc70 [ 120.211963][ T7744] ? __pfx___mutex_lock+0x10/0x10 [ 120.211982][ T7744] ? __pfx_vfs_read+0x10/0x10 [ 120.211999][ T7744] ? __fget_files+0x20e/0x3c0 [ 120.212017][ T7744] ksys_read+0x12a/0x240 [ 120.212030][ T7744] ? __pfx_ksys_read+0x10/0x10 [ 120.212044][ T7744] ? rcu_is_watching+0x12/0xc0 [ 120.212060][ T7744] __do_fast_syscall_32+0x73/0x120 [ 120.212081][ T7744] do_fast_syscall_32+0x32/0x80 [ 120.212099][ T7744] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 120.212112][ T7744] RIP: 0023:0xf7ff5579 [ 120.212120][ T7744] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 120.212130][ T7744] RSP: 002b:00000000f5116590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 120.212140][ T7744] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5116620 [ 120.212146][ T7744] RDX: 000000000000000f RSI: 00000000f747dff4 RDI: 0000000000000000 [ 120.212151][ T7744] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 120.212156][ T7744] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 120.212162][ T7744] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 120.212174][ T7744] [ 120.464605][ T6018] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 120.610027][ T7763] input: syz0 as /devices/virtual/input/input27 [ 120.626947][ T6018] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 120.630638][ T6018] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 120.634179][ T6018] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 120.638148][ T6018] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 120.641939][ T6018] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 120.645954][ T6018] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 120.648480][ T6018] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 120.650579][ T6018] usb 5-1: Product: syz [ 120.651688][ T6018] usb 5-1: Manufacturer: syz [ 120.658965][ T6018] cdc_wdm 5-1:1.0: skipping garbage [ 120.660956][ T6018] cdc_wdm 5-1:1.0: skipping garbage [ 120.663035][ T6018] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 120.664936][ T6018] cdc_wdm 5-1:1.0: Unknown control protocol [ 120.710761][ T7767] [ 120.711492][ T7767] ====================================================== [ 120.713623][ T7767] WARNING: possible circular locking dependency detected [ 120.715685][ T7767] 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 Not tainted [ 120.718191][ T7767] ------------------------------------------------------ [ 120.720995][ T7767] syz.2.551/7767 is trying to acquire lock: [ 120.722646][ T7767] ffff88804429cfd8 (sk_lock-AF_INET){+.+.}-{0:0}, at: sockopt_lock_sock+0x54/0x70 [ 120.725419][ T7767] [ 120.725419][ T7767] but task is already holding lock: [ 120.727732][ T7767] ffffffff9012d9e8 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_setsockopt+0xf6/0x3240 [ 120.730229][ T7767] [ 120.730229][ T7767] which lock already depends on the new lock. [ 120.730229][ T7767] [ 120.733368][ T7767] [ 120.733368][ T7767] the existing dependency chain (in reverse order) is: [ 120.736158][ T7767] [ 120.736158][ T7767] -> #2 (rtnl_mutex){+.+.}-{4:4}: [ 120.738167][ T7767] __mutex_lock+0x199/0xb90 [ 120.739555][ T7767] start_sync_thread+0x120/0x28b0 [ 120.741029][ T7767] do_ip_vs_set_ctl+0x451/0x11d0 [ 120.742495][ T7767] nf_setsockopt+0x8a/0xf0 [ 120.743857][ T7767] ip_setsockopt+0xcb/0xf0 [ 120.745496][ T7767] tcp_setsockopt+0xa4/0x100 [ 120.746954][ T7767] smc_setsockopt+0x1b3/0xa00 [ 120.748367][ T7767] do_sock_setsockopt+0x221/0x470 [ 120.750053][ T7767] __sys_setsockopt+0x1a0/0x230 [ 120.751514][ T7767] __ia32_sys_setsockopt+0xbc/0x160 [ 120.753031][ T7767] __do_fast_syscall_32+0x73/0x120 [ 120.754512][ T7767] do_fast_syscall_32+0x32/0x80 [ 120.755957][ T7767] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 120.757775][ T7767] [ 120.757775][ T7767] -> #1 (&smc->clcsock_release_lock){+.+.}-{4:4}: [ 120.760023][ T7767] __mutex_lock+0x199/0xb90 [ 120.761366][ T7767] smc_switch_to_fallback+0x2d/0x9f0 [ 120.762946][ T7767] smc_sendmsg+0x13d/0x520 [ 120.764254][ T7767] __sys_sendto+0x495/0x510 [ 120.765629][ T7767] __ia32_sys_sendto+0xdd/0x1b0 [ 120.767088][ T7767] __do_fast_syscall_32+0x73/0x120 [ 120.768595][ T7767] do_fast_syscall_32+0x32/0x80 [ 120.770188][ T7767] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 120.772110][ T7767] [ 120.772110][ T7767] -> #0 (sk_lock-AF_INET){+.+.}-{0:0}: [ 120.774308][ T7767] __lock_acquire+0x1173/0x1ba0 [ 120.776064][ T7767] lock_acquire+0x179/0x350 [ 120.777479][ T7767] lock_sock_nested+0x41/0xf0 [ 120.778876][ T7767] sockopt_lock_sock+0x54/0x70 [ 120.780351][ T7767] do_ip_setsockopt+0xfe/0x3240 [ 120.781961][ T7767] ip_setsockopt+0x59/0xf0 [ 120.783458][ T7767] udp_setsockopt+0x7d/0xd0 [ 120.784866][ T7767] do_sock_setsockopt+0x221/0x470 [ 120.786365][ T7767] __sys_setsockopt+0x1a0/0x230 [ 120.787811][ T7767] __ia32_sys_setsockopt+0xbc/0x160 [ 120.789370][ T7767] __do_fast_syscall_32+0x73/0x120 [ 120.790925][ T7767] do_fast_syscall_32+0x32/0x80 [ 120.792369][ T7767] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 120.794162][ T7767] [ 120.794162][ T7767] other info that might help us debug this: [ 120.794162][ T7767] [ 120.796864][ T7767] Chain exists of: [ 120.796864][ T7767] sk_lock-AF_INET --> &smc->clcsock_release_lock --> rtnl_mutex [ 120.796864][ T7767] [ 120.800393][ T7767] Possible unsafe locking scenario: [ 120.800393][ T7767] [ 120.802345][ T7767] CPU0 CPU1 [ 120.803763][ T7767] ---- ---- [ 120.805196][ T7767] lock(rtnl_mutex); [ 120.806281][ T7767] lock(&smc->clcsock_release_lock); [ 120.808301][ T7767] lock(rtnl_mutex); [ 120.810016][ T7767] lock(sk_lock-AF_INET); [ 120.811220][ T7767] [ 120.811220][ T7767] *** DEADLOCK *** [ 120.811220][ T7767] [ 120.813440][ T7767] 1 lock held by syz.2.551/7767: [ 120.814846][ T7767] #0: ffffffff9012d9e8 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_setsockopt+0xf6/0x3240 [ 120.817278][ T7767] [ 120.817278][ T7767] stack backtrace: [ 120.818953][ T7767] CPU: 3 UID: 0 PID: 7767 Comm: syz.2.551 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 120.818968][ T7767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 120.818975][ T7767] Call Trace: [ 120.818980][ T7767] [ 120.818985][ T7767] dump_stack_lvl+0x116/0x1f0 [ 120.819000][ T7767] print_circular_bug+0x275/0x350 [ 120.819021][ T7767] check_noncircular+0x14c/0x170 [ 120.819038][ T7767] __lock_acquire+0x1173/0x1ba0 [ 120.819049][ T7767] ? do_ip_setsockopt+0xf6/0x3240 [ 120.819059][ T7767] lock_acquire+0x179/0x350 [ 120.819067][ T7767] ? sockopt_lock_sock+0x54/0x70 [ 120.819081][ T7767] lock_sock_nested+0x41/0xf0 [ 120.819092][ T7767] ? sockopt_lock_sock+0x54/0x70 [ 120.819105][ T7767] sockopt_lock_sock+0x54/0x70 [ 120.819117][ T7767] do_ip_setsockopt+0xfe/0x3240 [ 120.819127][ T7767] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 120.819155][ T7767] ? aa_sk_perm+0x2f4/0xb10 [ 120.819172][ T7767] ip_setsockopt+0x59/0xf0 [ 120.819183][ T7767] udp_setsockopt+0x7d/0xd0 [ 120.819198][ T7767] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 120.819216][ T7767] do_sock_setsockopt+0x221/0x470 [ 120.819238][ T7767] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 120.819259][ T7767] __sys_setsockopt+0x1a0/0x230 [ 120.819272][ T7767] __ia32_sys_setsockopt+0xbc/0x160 [ 120.819284][ T7767] ? lockdep_hardirqs_on+0x7c/0x110 [ 120.819297][ T7767] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 120.819311][ T7767] __do_fast_syscall_32+0x73/0x120 [ 120.819326][ T7767] do_fast_syscall_32+0x32/0x80 [ 120.819340][ T7767] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 120.819352][ T7767] RIP: 0023:0xf7f86579 [ 120.819360][ T7767] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 120.819370][ T7767] RSP: 002b:00000000f508555c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 120.819379][ T7767] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000000 [ 120.819385][ T7767] RDX: 000000000000002b RSI: 0000000080000340 RDI: 0000000000000108 [ 120.819391][ T7767] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 120.819397][ T7767] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 120.819402][ T7767] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 120.819411][ T7767] [ 120.896652][ T7747] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.899529][ T7747] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.904831][ T5990] usb 5-1: USB disconnect, device number 11 VM DIAGNOSIS: 08:29:17 Registers: info registers vcpu 0 CPU#0 RAX=00000002000008fd RBX=ffff88802170a440 RCX=0000000000000830 RDX=0000000000000002 RSI=00000000000000fd RDI=0000000000000002 RBP=0000000000000008 RSP=ffffc90000007d78 R8 =0000000000000000 R9 =fffffbfff210ce62 R10=ffffffff90867317 R11=ffff88802b33a808 R12=0000000000000003 R13=1ffff92000000fb0 R14=0000000000000001 R15=ffffc90000007da0 RIP=ffffffff81688cd8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977b9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f50e2da4 CR3=000000004e582000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff8880411d1cc8 RCX=ffffffff822b1708 RDX=ffff88802170a440 RSI=0000000000000000 RDI=0000000000000000 RBP=0000000000000000 RSP=ffffc90002f57758 R8 =0000000000000006 R9 =0000000000000001 R10=0000000000000000 R11=1ffffffff1c79881 R12=ffff8880411d1c80 R13=0000000000000001 R14=0000000000000000 R15=0000000000000128 RIP=ffffffff81bb37c8 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978b9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000008001b000 CR3=000000004e582000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000000b9f8c RBX=0000000000000002 RCX=ffffffff8b6ff439 RDX=ffffed10056865be RSI=ffffffff8bf45140 RDI=ffffffff8191a7f1 RBP=ffffed1003b59910 RSP=ffffc9000047fdf8 R8 =0000000000000000 R9 =ffffed10056865bd R10=ffff88802b432deb R11=0000000000000001 R12=0000000000000002 R13=ffff88801dacc880 R14=ffffffff90867310 R15=0000000000000000 RIP=ffffffff8b6fdccf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979b9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080001640 CR3=000000004e4e4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=fcca373afcca373a fcca373afcca373a fcca373afcca373a fcca373afcca373a fcca373afcca373a fcca373afcca373a fcca373afcca373a fcca373afcca373a ZMM22=8ba7bf408ba7bf40 8ba7bf408ba7bf40 8ba7bf408ba7bf40 8ba7bf408ba7bf40 8ba7bf408ba7bf40 8ba7bf408ba7bf40 8ba7bf408ba7bf40 8ba7bf408ba7bf40 ZMM23=6437576f6437576f 6437576f6437576f 6437576f6437576f 6437576f6437576f 6437576f6437576f 6437576f6437576f 6437576f6437576f 6437576f6437576f ZMM24=78770b0d78770b0d 78770b0d78770b0d 78770b0d78770b0d 78770b0d78770b0d 78770b0d78770b0d 78770b0d78770b0d 78770b0d78770b0d 78770b0d78770b0d ZMM25=e26cea30e26cea30 e26cea30e26cea30 e26cea30e26cea30 e26cea30e26cea30 e26cea30e26cea30 e26cea30e26cea30 e26cea30e26cea30 e26cea30e26cea30 ZMM26=86857df586857df5 86857df586857df5 86857df586857df5 86857df586857df5 86857df586857df5 86857df586857df5 86857df586857df5 86857df586857df5 ZMM27=6e6073f76e6073f7 6e6073f76e6073f7 6e6073f76e6073f7 6e6073f76e6073f7 6e6073f76e6073f7 6e6073f76e6073f7 6e6073f76e6073f7 6e6073f76e6073f7 ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=f8040000f8040000 f8040000f8040000 f8040000f8040000 f8040000f8040000 f8040000f8040000 f8040000f8040000 f8040000f8040000 f8040000f8040000 info registers vcpu 3 CPU#3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff854bd0c0 RDI=ffffffff9ae12bc0 RBP=ffffffff9ae12b80 RSP=ffffc90033627470 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000020 R14=fffffbfff35c25ca R15=dffffc0000000000 RIP=ffffffff854bd0e7 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097ab9000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000004e582000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000