last executing test programs: 3.621314652s ago: executing program 0 (id=2702): syz_open_dev$mouse(&(0x7f0000000000), 0x7fffffff, 0x20c980) r0 = socket$inet(0x2, 0x3, 0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) recvmmsg(r1, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/189, 0xbd}, {&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x3}}], 0x7, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000000300)=""/102387, 0x18ff3) bpf$PROG_LOAD(0x5, &(0x7f0000019540)={0x1a, 0x13, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x104) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000019440)=ANY=[@ANYBLOB="85001bd20000080000007600000000000000270000000016000095000000000000e8aacc661625934de91d1b26d27744d3c637190bf464311c41405828742024e48ccfaeeb"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x47}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, 0x0, 0x0) close(r2) connect$phonet_pipe(0xffffffffffffffff, &(0x7f0000000200), 0x10) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, 0x0) ioctl$TCFLSH(r4, 0x8924, 0x0) splice(0xffffffffffffffff, &(0x7f0000000280), 0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000002900)=[{{&(0x7f0000001480)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000019300)=ANY=[@ANYBLOB="0c00000000000000070000001000000000000000070000000703000015c78ebc07e45503036dc468edd60b7d2fce34bcef1b6eab0cdabd1e8314d9945235986bcaa5ce8c3f517117431b089fddc8e98b91931e3258e4084dddd528596a0d000000000000cb6dce482b353878fe5c41cf627720898334998646b8884551ffcfe726d45e36b55154b3ab16ac71d3c4bcd2099f8a45138208c8f89b8d82f73cdbca2faf3f6341e1558bc58e9add95c2139b5220be7d72fd6d7daba129e6b662ea9207d30e5343bed602d70c119f5542b2d373ce95c405721612db6ca4a537bdd559a796d25c454a198afd4bdde560ec69cc4bdf7c030171b6aa889bb9b77772cfbe915431f0246226ce4db6ccf9a7ad57fdcb57a4578c2476c1680c2308c0c6cf7bb50895893d3108a7b11a5ab1ee9b1c022977359722323596e0a826"], 0x1c}}], 0x1, 0x0) 3.503161641s ago: executing program 0 (id=2703): r0 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000080)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) rename(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000280)='./file0\x00') (fail_nth: 5) 3.441224563s ago: executing program 0 (id=2704): r0 = openat$sr(0xffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0x1b}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3}, {}, {}, {}, {}, {0x0, 0x0, 0xd}, {}, {}, 0xddf8ffdb, 0x0, 0x0, 0x200000}) ioctl$CDROMREADTOCHDR(r0, 0x5305, &(0x7f0000007800)) 3.213149133s ago: executing program 0 (id=2706): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) bind$packet(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20000840) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mkdir(&(0x7f00000008c0)='./bus\x00', 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) mknodat(r3, &(0x7f00000000c0)='./file1\x00', 0x1000, 0x0) chdir(&(0x7f0000000140)='./bus\x00') ppoll(&(0x7f00000000c0)=[{r2, 0xa67d}], 0x1, 0x0, 0x0, 0x0) 2.532450437s ago: executing program 2 (id=2713): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) mount(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ppoll(&(0x7f0000000080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000100)=0xcf5) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r3 = syz_open_pts(r2, 0x0) ioctl$TIOCSTI(r3, 0x5412, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000000)={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x6, @random="c8ed6cecf1bd"}, 0x2, {0x2, 0x0, @loopback}, 'veth0_to_bond\x00'}) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) mkdir(&(0x7f0000000040)='./bus\x00', 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000140a05000000000000000000000000020c000640000000000000000414dec0001100010000000000000000000000000a"], 0x48}, 0x1, 0x0, 0x0, 0x24000094}, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000003c0)=0x5) ioctl$TIOCVHANGUP(r5, 0x5437, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000340)={[{@lowerdir={'lowerdir', 0x3d, './file1'}, 0x3a}], [], 0x3a}) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) 1.923449714s ago: executing program 1 (id=2718): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)=0xe) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000001c0)) (fail_nth: 2) 1.82244189s ago: executing program 1 (id=2719): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)=0xe) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000001c0)) 1.807077027s ago: executing program 1 (id=2720): syz_open_dev$mouse(&(0x7f0000000000), 0x7fffffff, 0x20c980) r0 = socket$inet(0x2, 0x3, 0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) recvmmsg(r1, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/189, 0xbd}, {&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x3}}], 0x7, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000000300)=""/102387, 0x18ff3) bpf$PROG_LOAD(0x5, &(0x7f0000019540)={0x1a, 0x13, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x104) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000019440)=ANY=[@ANYBLOB="85001bd20000080000007600000000000000270000000016000095000000000000e8aacc661625934de91d1b26d27744d3c637190bf464311c41405828742024e48ccfaeeb"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x47}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) close(r2) connect$phonet_pipe(0xffffffffffffffff, 0x0, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, 0x0) ioctl$TCFLSH(r4, 0x8924, 0x0) splice(0xffffffffffffffff, &(0x7f0000000280), 0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000002900)=[{{&(0x7f0000001480)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000019300)=ANY=[@ANYBLOB="0c00000000000000070000001000000000000000070000000703000015c78ebc07e45503036dc468edd60b7d2fce34bcef1b6eab0cdabd1e8314d9945235986bcaa5ce8c3f517117431b089fddc8e98b91931e3258e4084dddd528596a0d000000000000cb6dce482b353878fe5c41cf627720898334998646b8884551ffcfe726d45e36b55154b3ab16ac71d3c4bcd2099f8a45138208c8f89b8d82f73cdbca2faf3f6341e1558bc58e9add95c2139b5220be7d72fd6d7daba129e6b662ea9207d30e5343bed602d70c119f5542b2d373ce95c405721612db6ca4a537bdd559a796d25c454a198afd4bdde560ec69cc4bdf7c030171b6aa889bb9b77772cfbe915431f0246226ce4db6ccf9a7ad57fdcb57a4578c2476c1680c2308c0c6cf7bb50895893d3108a7b11a5ab1ee9b1c022977359722323596e0a826"], 0x1c}}], 0x1, 0x0) 1.663286579s ago: executing program 1 (id=2721): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) signalfd(r0, &(0x7f0000000000)={[0x81]}, 0x8) pselect6(0x40, &(0x7f0000000040)={0xc}, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 1.663066626s ago: executing program 1 (id=2722): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}, 0x1, 0x900}, 0x0) 1.618452285s ago: executing program 1 (id=2723): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) bind$packet(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0000000004000000050000000000000078790fd6aecda12721250f1e95f04c5843487945615b5a2e165b7c5ae62d2a0bc5901109a2b94d77e67e2c2f5d82e8612c320840b93a2cf5e56950b2485e2132f632ab713f8c5f497ddf8645ff030000000000001b627618aff9f536bfbe9b11e9af64856a1d026d2d5f80da673f1ea5a41ef2ef6b6f6a85c483ce28dba77001955b8ae71f7a94c59da698fcb943a084795d433c222139c9724c198567082071f3b1941e29076eb51237cb1b39feff24cf665a991278bfebf2a42ebba2e444d5ec8d4b80a42523430f6d6e4ec2009a6d05e34735d387bcd0b9c44add6ee276ae801684a1f8dfefe744979995b9c2a47630f2c3ffe772768a00000000893abfbea0a641bcc886826791c6acf0a7172819f829e0d1a7e624dd9637164f17a37edacd24a44abc69388161737e7f844e86d6d9f61990247a4fcac662637323618cbc096a8548f73c68e3f406acf3bc1a40f16b96a63fcdad8180b7caf661bc771e0f15dc3d44f223ebf6a1c2c2d933599fbef4694f99cfaaf4ef354c4925c26f355c4a644419832f59e760bf", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRESHEX, @ANYRES16=r0], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYRES64=0x0, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r5}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0500000004000000040000000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000a82000000000000000000000000000000000040000000008f32520401"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x14, &(0x7f00000004c0)=ANY=[@ANYRES64=r3, @ANYBLOB="b9a1478e461e19bd4548d0db5aa388b59d9b0b800df50653335f0e91c05f6e16269e4ca04ae51ae39e1092949fa7408e021ed4adb21453255b86763350bfb45c30459ba5e8b390689af066", @ANYRES16=r2, @ANYRES16=r3, @ANYRES8=r2, @ANYRES64=r5], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x5c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r6}, 0x10) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_emit_ethernet(0x6a, &(0x7f0000000680)=ANY=[@ANYBLOB="0180c200000000000000000008004500005c00f1ffffff72907800000000e000000100004e2200489078031e310000000000d663cd75673f3c2fdc000000000000000100000000000000056980b2e865284992526b3f12744020cdf770280290c865754e85f2769a66bd"], 0x0) r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r9 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r9, 0x4601, 0x0) r10 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r10, 0x5b03, 0x0) ioctl$EVIOCGMASK(r8, 0x5b03, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r7, 0x0, 0x0) syz_usb_connect$uac1(0x0, 0xaf, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000bc0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000280)={0x50, 0x0, r11, {0x7, 0x28, 0x5, 0x10, 0x3, 0x4, 0xfffffff6, 0x5}}, 0x50) syz_usb_disconnect(r0) 873.274937ms ago: executing program 3 (id=2725): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000006640)={0x64, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="ab"}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x0, 0x0, 0x0, 0x0, {0x2}, 0x2600}}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x10, 0x1, 0x1, 0x0, {0xffffffffffffffff, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x800, 0x1, 0x1}}]}, 0x64}}, 0x0) 873.062484ms ago: executing program 3 (id=2726): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000018c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000010a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000808000a40000000000900020073797a31000000000900010073797a30000000000800054000000021440800000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000180803802c010080080003400000000220010a"], 0x8c8}, 0x1, 0x0, 0x0, 0x20040055}, 0x0) 872.660925ms ago: executing program 3 (id=2727): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) (async) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl2\x00', &(0x7f0000000180)={'gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @private, @remote}}}}) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) (async) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) (async) r1 = inotify_init1(0x0) (async) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x7, 0x1, 0x401, 0x0, 0x0, {0x7, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x40004) (async) fcntl$setown(r1, 0x8, 0xffffffffffffffff) (async) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) r4 = syz_open_procfs(r3, &(0x7f0000000600)='fd/4\x00') ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0xc0406619, &(0x7f0000000240)=0x2) unshare(0x2c020400) (async) msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x2000, 0x0) (async) msgrcv(0x0, &(0x7f0000000080)={0x0, ""/6}, 0xa, 0x0, 0x3000) 617.870285ms ago: executing program 2 (id=2728): syz_emit_ethernet(0x0, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [{0x0, 0x2, "122b472e41e24b11f34b608816e5"}]}}}}}}, 0x0) (fail_nth: 5) 563.1283ms ago: executing program 2 (id=2729): syz_open_dev$mouse(&(0x7f0000000000), 0x7fffffff, 0x20c980) r0 = socket$inet(0x2, 0x3, 0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) recvmmsg(r1, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/189, 0xbd}, {&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x3}}], 0x7, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000000300)=""/102387, 0x18ff3) bpf$PROG_LOAD(0x5, &(0x7f0000019540)={0x1a, 0x13, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x104) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000019440)=ANY=[@ANYBLOB="85001bd20000080000007600000000000000270000000016000095000000000000e8aacc661625934de91d1b26d27744d3c637190bf464311c41405828742024e48ccfaeeb"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x47}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) close(r2) connect$phonet_pipe(0xffffffffffffffff, 0x0, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, 0x0) ioctl$TCFLSH(r4, 0x8924, 0x0) splice(0xffffffffffffffff, &(0x7f0000000280), 0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000002900)=[{{&(0x7f0000001480)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000019300)=ANY=[@ANYBLOB="0c00000000000000070000001000000000000000070000000703000015c78ebc07e45503036dc468edd60b7d2fce34bcef1b6eab0cdabd1e8314d9945235986bcaa5ce8c3f517117431b089fddc8e98b91931e3258e4084dddd528596a0d000000000000cb6dce482b353878fe5c41cf627720898334998646b8884551ffcfe726d45e36b55154b3ab16ac71d3c4bcd2099f8a45138208c8f89b8d82f73cdbca2faf3f6341e1558bc58e9add95c2139b5220be7d72fd6d7daba129e6b662ea9207d30e5343bed602d70c119f5542b2d373ce95c405721612db6ca4a537bdd559a796d25c454a198afd4bdde560ec69cc4bdf7c030171b6aa889bb9b77772cfbe915431f0246226ce4db6ccf9a7ad57fdcb57a4578c2476c1680c2308c0c6cf7bb50895893d3108a7b11a5ab1ee9b1c022977359722323596e0a826"], 0x1c}}], 0x1, 0x0) 462.496226ms ago: executing program 2 (id=2730): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200030086dd60cb763e00103a"], 0x0) 462.293035ms ago: executing program 2 (id=2731): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xa, &(0x7f0000000180)=0x4, 0x4) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c2a"}}}}}, 0x0) 399.360166ms ago: executing program 2 (id=2732): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x0, 0xfffffffffffffffe}}]}}}]}, 0x40}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800ef0ad89350b1359334c0b6ad000000b5945318d6a7dc6330f6049656eb2d295ecdd9892a847b1dacbd9fd232be9d4c970586688dffe451b44752c2534f0ff70692c5270249ba21c7a3f6d37cdd33abea7813c4660fa45e1c1c8347686d9011335be5139cb698197e32dd4741c8a0120572c585e02e837a42b5a097b4ca9797bdb25dee76429a9802199ba5"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r2, &(0x7f0000000300)="2e000300010000", 0x7) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), 0xffffffffffffffff) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRESHEX=r1, @ANYRES32=r7, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x300}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r8, &(0x7f0000032680)=""/102392, 0x18ff8) syz_io_uring_setup(0x55b1, &(0x7f0000000040)={0x0, 0x0, 0x100, 0x2, 0x1, 0x0, r6}, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) 399.014086ms ago: executing program 3 (id=2733): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x88, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xb0}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 172.482959ms ago: executing program 0 (id=2734): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x0, 0x3}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x0, 0x3}, 0x10) openat$ubi_ctrl(0xffffff9c, &(0x7f0000000000), 0x4100, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x0, 0x3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_GET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="000000007f043503da3d166b6402ec8e8f40584e837065438ec95e7e586909d5fa63c17769cd0f21a00a25f27296dde9abbb73238bfa39d6ae8eefa8cbeea4f5ae0006cc123f5f7ba8df89992e923f352ab8621f9d39d600a3fcd55c22494c8ee4457369c2230ddb44ea54306729f06e557f29edc2126a66f62b9a1809da2b0daf5a0113000000ecc946633ecfd1827d6315cb2f51f982423c309dcdd4684fc1de70b096e9f4660b4190b2cba9ab14bce47ce59e016d1b2ad38c864773b4af5797e1b4dccb66fb68f7da69535cbee7d62da168334496d48d3fb70066c33b81ed3a0e5e2414696b720f683b4a50ab772a6e0a930d7c2f132b1cb5", @ANYRES16=r5, @ANYBLOB="0107000000000000000010000000"], 0x14}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0x3}}, {}, [], {{}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 172.280622ms ago: executing program 3 (id=2735): socket$inet6_tcp(0xa, 0x1, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/cpuinfo\x00', 0x0, 0x0) syz_open_dev$video(&(0x7f0000000000), 0x75, 0x0) unshare(0x680) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) pselect6(0x40, &(0x7f0000000000)={0xfc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) 21.097507ms ago: executing program 0 (id=2736): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) mount(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ppoll(&(0x7f0000000080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000100)=0xcf5) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r3 = syz_open_pts(r2, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000280)=0x3) ioctl$sock_inet_SIOCDARP(r0, 0x8953, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) mkdir(&(0x7f0000000040)='./bus\x00', 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000140a05000000000000000000000000020c000640000000000000000414dec0001100010000000000000000000000000a"], 0x48}, 0x1, 0x0, 0x0, 0x24000094}, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000003c0)=0x5) ioctl$TIOCVHANGUP(r5, 0x5437, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000340)={[{@lowerdir={'lowerdir', 0x3d, './file1'}, 0x3a}], [], 0x3a}) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) 0s ago: executing program 3 (id=2737): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r2}, 0x10) quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000800, 0x0, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) r4 = syz_open_dev$vcsa(&(0x7f0000000080), 0x7, 0x40) setsockopt$RDS_GET_MR_FOR_DEST(r4, 0x114, 0x7, &(0x7f00000001c0)={@hci={0x1f, 0x0, 0xd193f07db4dfad8f}, {&(0x7f0000000100)=""/113, 0x71}, &(0x7f0000000180), 0x15}, 0xa0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r3, &(0x7f00000000c0)="1c", 0x10002, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r4, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 593.978328][T26286] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 593.980440][T26286] [ 594.076969][ T5388] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 594.152946][T26298] tipc: Failed to remove unknown binding: 66,1,1/0:2029463869/2029463871 [ 594.155265][T26298] tipc: Failed to remove unknown binding: 66,1,1/0:2029463869/2029463871 [ 594.205085][T26300] lo speed is unknown, defaulting to 1000 [ 594.228275][ T5388] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 594.231440][ T5388] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 594.236289][ T5388] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 594.241880][ T5388] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.251467][T26278] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 594.259688][ T5388] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 594.485652][T26278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 594.491475][T26278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 594.562900][ T5601] usb 6-1: USB disconnect, device number 25 [ 594.659293][T26371] netlink: 'syz.2.2186': attribute type 2 has an invalid length. [ 594.661858][T26371] netlink: 'syz.2.2186': attribute type 11 has an invalid length. [ 594.663953][T26371] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2186'. [ 594.976942][ T5387] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 595.136921][ T5387] usb 7-1: Using ep0 maxpacket: 8 [ 595.149369][ T5387] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 595.151666][ T5387] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 595.154595][ T5387] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 595.158031][ T5387] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 595.161394][ T5387] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 595.165316][ T5387] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 595.186880][ T5387] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.201125][ T39] audit: type=1326 audit(1728291827.110:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.1.2191" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7ffc0000 [ 595.211389][T26392] tipc: Failed to remove unknown binding: 66,1,1/0:3912371154/3912371156 [ 595.214172][T26392] tipc: Failed to remove unknown binding: 66,1,1/0:3912371154/3912371156 [ 595.219501][ T39] audit: type=1326 audit(1728291827.110:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.1.2191" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7fe5579 code=0x7ffc0000 [ 595.227065][ T39] audit: type=1326 audit(1728291827.110:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.1.2191" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7ffc0000 [ 595.234264][ T39] audit: type=1326 audit(1728291827.110:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.1.2191" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7ffc0000 [ 595.241623][ T39] audit: type=1326 audit(1728291827.110:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.1.2191" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fe5579 code=0x7ffc0000 [ 595.247658][ T39] audit: type=1326 audit(1728291827.110:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.1.2191" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7ffc0000 [ 595.256331][ T39] audit: type=1326 audit(1728291827.110:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.1.2191" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7ffc0000 [ 595.263789][ T39] audit: type=1326 audit(1728291827.110:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.1.2191" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fe5579 code=0x7ffc0000 [ 595.272670][ T39] audit: type=1326 audit(1728291827.110:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.1.2191" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7ffc0000 [ 595.280242][ T39] audit: type=1326 audit(1728291827.110:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.1.2191" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7ffc0000 [ 595.395763][ T5387] usb 7-1: GET_CAPABILITIES returned 0 [ 595.397621][ T5387] usbtmc 7-1:16.0: can't read capabilities [ 595.746973][T26431] overlayfs: unescaped trailing colons in lowerdir mount option. [ 597.088688][T26423] mkiss: ax0: crc mode is auto. [ 597.142311][T26428] mkiss: ax0: crc mode is auto. [ 599.306914][T26504] Bluetooth: MGMT ver 1.23 [ 599.308888][T26504] CUSE: info not properly terminated [ 599.803736][T26501] syz.0.2205 (26501): drop_caches: 1 [ 600.082830][T26517] tipc: Failed to remove unknown binding: 66,1,1/0:2322254025/2322254027 [ 600.085803][T26517] tipc: Failed to remove unknown binding: 66,1,1/0:2322254025/2322254027 [ 600.247998][ T5346] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 600.698082][T26375] usbtmc 7-1:16.0: usb_control_msg returned -110 [ 600.700485][T26429] usbtmc 7-1:16.0: usb_control_msg returned -32 [ 600.715975][ T63] usb 7-1: USB disconnect, device number 24 [ 600.922023][T26550] input: syz1 as /devices/virtual/input/input16 [ 601.357006][ T5360] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 601.357135][ T5346] Bluetooth: hci0: command 0x0405 tx timeout [ 601.572907][T26577] syz.1.2216 (26577): drop_caches: 1 [ 601.688327][T26577] CUSE: info not properly terminated [ 602.064955][T26598] lo speed is unknown, defaulting to 1000 [ 602.169298][T26612] netlink: 'syz.0.2221': attribute type 1 has an invalid length. [ 602.218354][T26627] FAULT_INJECTION: forcing a failure. [ 602.218354][T26627] name failslab, interval 1, probability 0, space 0, times 0 [ 602.221932][T26627] CPU: 0 UID: 0 PID: 26627 Comm: syz.0.2222 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 602.224849][T26627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 602.227907][T26627] Call Trace: [ 602.228846][T26627] [ 602.229639][T26627] dump_stack_lvl+0x16c/0x1f0 [ 602.230893][T26627] should_fail_ex+0x497/0x5b0 [ 602.232144][T26627] ? fs_reclaim_acquire+0xae/0x160 [ 602.233510][T26627] should_failslab+0xc2/0x120 [ 602.234762][T26627] __kmalloc_cache_noprof+0x6b/0x310 [ 602.236135][T26627] ? __vb2_init_fileio+0x253/0x1110 [ 602.237492][T26627] __vb2_init_fileio+0x253/0x1110 [ 602.238812][T26627] ? __pfx___mutex_lock+0x10/0x10 [ 602.240176][T26627] vb2_core_poll+0x5e8/0x700 [ 602.241456][T26627] vb2_poll+0x35/0x160 [ 602.242652][T26627] vb2_fop_poll+0x10f/0x2c0 [ 602.243882][T26627] ? __pfx_vb2_fop_poll+0x10/0x10 [ 602.245195][T26627] v4l2_poll+0x160/0x320 [ 602.246312][T26627] do_select+0xc9a/0x17b0 [ 602.247442][T26627] ? page_ext_put+0x48/0xd0 [ 602.248646][T26627] ? __pfx_v4l2_poll+0x10/0x10 [ 602.249919][T26627] ? __pfx_do_select+0x10/0x10 [ 602.251218][T26627] ? mark_lock+0xb5/0xc60 [ 602.252516][T26627] ? hlock_class+0x4e/0x130 [ 602.254284][T26627] ? __pfx_pollwake+0x10/0x10 [ 602.256018][T26627] ? __pfx_pollwake+0x10/0x10 [ 602.257395][T26627] ? compat_core_sys_select+0x1de/0x880 [ 602.258848][T26627] ? __pfx_lock_release+0x10/0x10 [ 602.260280][T26627] ? trace_lock_acquire+0x14a/0x1d0 [ 602.261981][T26627] ? compat_core_sys_select+0x687/0x880 [ 602.263799][T26627] compat_core_sys_select+0x687/0x880 [ 602.265295][T26627] ? __pfx_compat_core_sys_select+0x10/0x10 [ 602.266812][T26627] ? get_pid_task+0xfc/0x250 [ 602.267980][T26627] ? set_compat_user_sigmask+0x20f/0x2a0 [ 602.269444][T26627] ? __pfx_set_compat_user_sigmask+0x10/0x10 [ 602.271015][T26627] do_compat_pselect+0x202/0x240 [ 602.272274][T26627] ? __pfx_do_compat_pselect+0x10/0x10 [ 602.273627][T26627] __ia32_compat_sys_pselect6_time32+0x17c/0x240 [ 602.275221][T26627] ? __pfx___ia32_compat_sys_pselect6_time32+0x10/0x10 [ 602.276935][T26627] __do_fast_syscall_32+0x73/0x120 [ 602.278315][T26627] do_fast_syscall_32+0x32/0x80 [ 602.279661][T26627] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 602.281418][T26627] RIP: 0023:0xf7f56579 [ 602.282584][T26627] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 602.287632][T26627] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000134 [ 602.289802][T26627] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 0000000020000000 [ 602.291865][T26627] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 602.293977][T26627] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 602.296145][T26627] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 602.298198][T26627] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 602.300224][T26627] [ 602.345371][T26630] FAULT_INJECTION: forcing a failure. [ 602.345371][T26630] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 602.350581][T26630] CPU: 2 UID: 0 PID: 26630 Comm: syz.0.2225 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 602.353479][T26630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 602.356194][T26630] Call Trace: [ 602.357034][T26630] [ 602.357893][T26630] dump_stack_lvl+0x16c/0x1f0 [ 602.359191][T26630] should_fail_ex+0x497/0x5b0 [ 602.360781][T26630] _copy_to_user+0x30/0xc0 [ 602.362362][T26630] bpf_verifier_vlog+0x25d/0x6a0 [ 602.364099][T26630] bpf_verifier_log_write+0x171/0x190 [ 602.365522][T26630] ? __pfx_bpf_verifier_log_write+0x10/0x10 [ 602.367116][T26630] ? tnum_strn+0x107/0x1a0 [ 602.368311][T26630] ? __pfx_tnum_strn+0x10/0x10 [ 602.369598][T26630] ? bpf_verifier_vlog+0x26a/0x6a0 [ 602.370952][T26630] print_reg_state+0x498/0xff0 [ 602.372198][T26630] ? __pfx_print_reg_state+0x10/0x10 [ 602.373580][T26630] ? __pfx_bpf_verifier_log_write+0x10/0x10 [ 602.375179][T26630] ? print_liveness+0x6f/0xe0 [ 602.376409][T26630] print_verifier_state+0x1ea/0x1110 [ 602.377793][T26630] ? __pfx_verbose+0x10/0x10 [ 602.379096][T26630] ? __pfx_print_verifier_state+0x10/0x10 [ 602.380568][T26630] ? is_reg64.constprop.0+0x120/0x380 [ 602.382005][T26630] ? print_verifier_state+0x853/0x1110 [ 602.383450][T26630] do_check_common+0x9c7c/0xd610 [ 602.384774][T26630] ? bpf_sk_base_func_proto+0xfa/0x180 [ 602.386244][T26630] ? tc_cls_act_func_proto+0x75/0x500 [ 602.387689][T26630] ? __pfx_mark_fastcall_pattern_for_call+0x10/0x10 [ 602.389430][T26630] ? __pfx_do_check_common+0x10/0x10 [ 602.390848][T26630] ? __pfx_verbose+0x10/0x10 [ 602.392080][T26630] ? __pfx_disasm_kfunc_name+0x10/0x10 [ 602.393519][T26630] ? check_cfg+0x400/0x840 [ 602.394722][T26630] bpf_check+0x7737/0xc7c0 [ 602.395918][T26630] ? __pfx_bpf_check+0x10/0x10 [ 602.397192][T26630] ? find_held_lock+0x2d/0x110 [ 602.398473][T26630] ? ktime_get_with_offset+0x13a/0x240 [ 602.399923][T26630] ? trace_lock_acquire+0x14a/0x1d0 [ 602.401294][T26630] ? ktime_get_with_offset+0x13a/0x240 [ 602.402774][T26630] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 602.404251][T26630] ? lockdep_hardirqs_on+0x7c/0x110 [ 602.405583][T26630] ? bpf_obj_name_cpy+0x156/0x1b0 [ 602.406906][T26630] bpf_prog_load+0xe3f/0x2670 [ 602.408163][T26630] ? __pfx_bpf_prog_load+0x10/0x10 [ 602.409531][T26630] ? find_held_lock+0x2d/0x110 [ 602.410833][T26630] __sys_bpf+0x4c8c/0x5780 [ 602.412070][T26630] ? ksys_write+0x21e/0x260 [ 602.413280][T26630] ? __pfx___sys_bpf+0x10/0x10 [ 602.414681][T26630] ? vfs_write+0x14d/0x1140 [ 602.415897][T26630] ? __mutex_unlock_slowpath+0x164/0x650 [ 602.417372][T26630] ? fput+0x30/0x390 [ 602.418425][T26630] ? ksys_write+0x1ad/0x260 [ 602.419630][T26630] ? __pfx_ksys_write+0x10/0x10 [ 602.420937][T26630] __ia32_sys_bpf+0x76/0xe0 [ 602.422172][T26630] __do_fast_syscall_32+0x73/0x120 [ 602.423530][T26630] do_fast_syscall_32+0x32/0x80 [ 602.424844][T26630] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 602.426628][T26630] RIP: 0023:0xf7f56579 [ 602.427937][T26630] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 602.434208][T26630] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 602.437122][T26630] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000440 [ 602.439457][T26630] RDX: 0000000000000070 RSI: 0000000000000000 RDI: 0000000000000000 [ 602.441553][T26630] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 602.443650][T26630] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 602.445740][T26630] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 602.447873][T26630] [ 602.497787][T26635] Bluetooth: MGMT ver 1.23 [ 603.247993][T26656] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2240'. [ 603.303325][T26658] netlink: 'syz.2.2233': attribute type 1 has an invalid length. [ 603.737002][ T5360] Bluetooth: hci0: command 0x0405 tx timeout [ 603.737019][ T5346] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 604.113015][T26696] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2247'. [ 604.295586][T26699] mkiss: ax0: crc mode is auto. [ 604.303814][T26700] overlayfs: unescaped trailing colons in lowerdir mount option. [ 604.471107][T26699] mkiss: ax0: crc mode is auto. [ 604.489207][T26699] overlayfs: unescaped trailing colons in lowerdir mount option. [ 604.533060][T26713] FAULT_INJECTION: forcing a failure. [ 604.533060][T26713] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 604.544571][T26713] CPU: 2 UID: 0 PID: 26713 Comm: syz.3.2248 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 604.548196][T26713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 604.551786][T26713] Call Trace: [ 604.552932][T26713] [ 604.553968][T26713] dump_stack_lvl+0x16c/0x1f0 [ 604.555584][T26713] should_fail_ex+0x497/0x5b0 [ 604.557209][T26713] strncpy_from_user+0x3b/0x2a0 [ 604.558971][T26713] getname_flags.part.0+0x8f/0x550 [ 604.560874][T26713] getname_flags+0x93/0xf0 [ 604.562574][T26713] __ia32_sys_rename+0x57/0xa0 [ 604.564294][T26713] __do_fast_syscall_32+0x73/0x120 [ 604.566052][T26713] do_fast_syscall_32+0x32/0x80 [ 604.567720][T26713] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 604.569877][T26713] RIP: 0023:0xf7fb6579 [ 604.571294][T26713] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 604.577919][T26713] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000026 [ 604.580718][T26713] RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 0000000020000280 [ 604.583385][T26713] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 604.586080][T26713] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 604.588833][T26713] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 604.591495][T26713] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 604.594165][T26713] [ 604.820021][T26715] tipc: Failed to remove unknown binding: 66,1,1/0:1734941867/1734941869 [ 604.825025][T26715] tipc: Failed to remove unknown binding: 66,1,1/0:1734941867/1734941869 [ 606.419545][T26750] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2259'. [ 607.769678][ T5346] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 607.987105][T26778] tipc: Failed to remove unknown binding: 66,1,1/0:4258150658/4258150660 [ 607.990020][T26778] tipc: Failed to remove unknown binding: 66,1,1/0:4258150658/4258150660 [ 608.276962][T26784] IPVS: persistence engine module ip_vs_pe_sjp not found [ 608.331660][T26788] mkiss: ax0: crc mode is auto. [ 608.395857][T26795] tipc: Failed to remove unknown binding: 66,1,1/0:2095191991/2095191993 [ 608.399362][T26795] tipc: Failed to remove unknown binding: 66,1,1/0:2095191991/2095191993 [ 608.486921][T26802] overlayfs: unescaped trailing colons in lowerdir mount option. [ 608.518423][T26799] mkiss: ax0: crc mode is auto. [ 608.675832][T26806] team0: Port device team_slave_0 removed [ 608.681236][T26806] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 609.961471][T26819] random: crng reseeded on system resumption [ 610.479545][T26827] mkiss: ax0: crc mode is auto. [ 610.603917][T26834] mkiss: ax0: crc mode is auto. [ 610.625900][T26827] overlayfs: unescaped trailing colons in lowerdir mount option. [ 610.987784][T26849] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2279'. [ 611.184029][T26860] ptrace attach of "/syz-executor exec"[26861] was attempted by "/syz-executor exec"[26860] [ 612.548528][T26880] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2289'. [ 612.548677][T26881] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2288'. [ 613.696997][ T5387] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 613.879808][ T5387] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 613.883602][ T5387] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 613.887158][ T5387] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 613.890341][ T5387] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.906198][T26905] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 613.917410][ T5387] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 614.114990][T26905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 614.130047][T26905] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 614.193076][ T1997] usb 6-1: USB disconnect, device number 26 [ 614.390094][T26903] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2293'. [ 614.392911][T26903] netlink: 'syz.0.2293': attribute type 1 has an invalid length. [ 614.394923][T26903] netlink: 'syz.0.2293': attribute type 2 has an invalid length. [ 614.664596][T26957] mkiss: ax0: crc mode is auto. [ 614.784479][T26971] mkiss: ax0: crc mode is auto. [ 614.809831][T26957] overlayfs: unescaped trailing colons in lowerdir mount option. [ 616.966272][T27005] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2308'. [ 616.970058][T27005] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 617.069095][T27009] trusted_key: encrypted_key: hex blob is missing [ 617.081073][T27009] fuse: Bad value for 'group_id' [ 617.083298][T27009] fuse: Bad value for 'group_id' [ 617.278418][T27007] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 617.588448][T27041] FAULT_INJECTION: forcing a failure. [ 617.588448][T27041] name failslab, interval 1, probability 0, space 0, times 0 [ 617.627059][T27041] CPU: 2 UID: 0 PID: 27041 Comm: syz.2.2315 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 617.630609][T27041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 617.634131][T27041] Call Trace: [ 617.635245][T27041] [ 617.636259][T27041] dump_stack_lvl+0x16c/0x1f0 [ 617.637869][T27041] should_fail_ex+0x497/0x5b0 [ 617.639455][T27041] ? fs_reclaim_acquire+0xae/0x160 [ 617.641174][T27041] should_failslab+0xc2/0x120 [ 617.642788][T27041] __kmalloc_cache_noprof+0x6b/0x310 [ 617.644557][T27041] ? copy_mount_options+0x55/0x190 [ 617.646291][T27041] copy_mount_options+0x55/0x190 [ 617.647894][T27041] __ia32_sys_mount+0x1ad/0x310 [ 617.649500][T27041] ? __pfx___ia32_sys_mount+0x10/0x10 [ 617.651305][T27041] __do_fast_syscall_32+0x73/0x120 [ 617.653020][T27041] do_fast_syscall_32+0x32/0x80 [ 617.654678][T27041] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 617.656794][T27041] RIP: 0023:0xf7f56579 [ 617.658194][T27041] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 617.664621][T27041] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 617.667527][T27041] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000080 [ 617.670223][T27041] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 00000000200004c0 [ 617.672896][T27041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 617.675586][T27041] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 617.678312][T27041] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 617.680962][T27041] [ 617.759288][T27042] IPVS: persistence engine module ip_vs_pe_sjp not found [ 618.813903][T27081] FAULT_INJECTION: forcing a failure. [ 618.813903][T27081] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 618.817719][T27081] CPU: 0 UID: 0 PID: 27081 Comm: syz.2.2322 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 618.820623][T27081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 618.823551][T27081] Call Trace: [ 618.824491][T27081] [ 618.825283][T27081] dump_stack_lvl+0x16c/0x1f0 [ 618.826538][T27081] should_fail_ex+0x497/0x5b0 [ 618.827800][T27081] _copy_from_iter+0x29b/0x13e0 [ 618.829062][T27081] ? __pfx__copy_from_iter+0x10/0x10 [ 618.830428][T27081] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 618.831980][T27081] ? tun_build_skb.constprop.0+0x1b8/0x1120 [ 618.833503][T27081] ? __pfx_lock_release+0x10/0x10 [ 618.834818][T27081] ? trace_lock_acquire+0x14a/0x1d0 [ 618.836192][T27081] copy_page_from_iter+0xa5/0x120 [ 618.837485][T27081] tun_build_skb.constprop.0+0x294/0x1120 [ 618.838963][T27081] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 618.840548][T27081] ? __pfx___lock_acquire+0x10/0x10 [ 618.841913][T27081] ? __pfx___lock_acquire+0x10/0x10 [ 618.843260][T27081] ? __pfx___lock_acquire+0x10/0x10 [ 618.844618][T27081] ? __lock_acquire+0xbdd/0x3ce0 [ 618.845930][T27081] tun_get_user+0x872/0x3d70 [ 618.847135][T27081] ? find_held_lock+0x2d/0x110 [ 618.848373][T27081] ? __pfx_tun_get_user+0x10/0x10 [ 618.849689][T27081] ? find_held_lock+0x2d/0x110 [ 618.850944][T27081] ? __pfx_lock_release+0x10/0x10 [ 618.852270][T27081] tun_chr_write_iter+0xdc/0x210 [ 618.853559][T27081] vfs_write+0x6b5/0x1140 [ 618.854680][T27081] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 618.856202][T27081] ? trace_lock_acquire+0x14a/0x1d0 [ 618.857545][T27081] ? __pfx_vfs_write+0x10/0x10 [ 618.858805][T27081] ? __fget_files+0x40/0x3f0 [ 618.860013][T27081] ksys_write+0x12f/0x260 [ 618.861379][T27081] ? __pfx_ksys_write+0x10/0x10 [ 618.863005][T27081] __do_fast_syscall_32+0x73/0x120 [ 618.864694][T27081] do_fast_syscall_32+0x32/0x80 [ 618.866296][T27081] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 618.868350][T27081] RIP: 0023:0xf7f56579 [ 618.869721][T27081] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 618.875974][T27081] RSP: 002b:00000000f56d6530 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 618.878803][T27081] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020002e40 [ 618.881425][T27081] RDX: 000000000000005e RSI: 00000000f73dbff4 RDI: 0000000000000000 [ 618.884040][T27081] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 618.886385][T27081] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 618.888417][T27081] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 618.890458][T27081] [ 619.136983][ T5447] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 619.234950][T27098] lo speed is unknown, defaulting to 1000 [ 619.298516][T27096] mkiss: ax0: crc mode is auto. [ 619.307117][ T5447] usb 6-1: Using ep0 maxpacket: 8 [ 619.315109][ T5447] usb 6-1: New USB device found, idVendor=0471, idProduct=0311, bcdDevice=81.d5 [ 619.318457][ T5447] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 619.321402][ T5447] usb 6-1: Product: syz [ 619.322850][ T5447] usb 6-1: Manufacturer: syz [ 619.324463][ T5447] usb 6-1: SerialNumber: syz [ 619.347115][ T5447] usb 6-1: config 0 descriptor?? [ 619.358378][ T5447] pwc: Philips PCVC740K (ToUCam Pro)/PCVC840 (ToUCam II) USB webcam detected. [ 619.413958][T27096] mkiss: ax0: crc mode is auto. [ 619.416478][T27106] overlayfs: unescaped trailing colons in lowerdir mount option. [ 619.966191][ T5447] pwc: Failed to set LED on/off time (-71) [ 619.980880][ T5447] pwc: send_video_command error -71 [ 619.987267][ T5447] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 619.989332][ T5447] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71 [ 620.003500][ T5447] usb 6-1: USB disconnect, device number 27 [ 620.253724][T27157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2328'. [ 620.278359][T27157] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2328'. [ 620.582885][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.585488][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.591533][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.594045][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.596483][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.599220][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.601686][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.604160][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.606586][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.609233][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.611658][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.614386][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.616952][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.619413][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.621858][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.624254][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.626725][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.629319][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.631841][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.634267][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.636742][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.639249][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.641716][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.644150][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.646674][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.649426][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.651816][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.654245][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.656661][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.659440][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.662010][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.664464][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.667075][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.669631][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.672114][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.674528][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.677000][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.679502][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.682286][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.684782][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.687446][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.690021][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.692448][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.694903][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.697481][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.699897][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.702408][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.704875][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.707378][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.709804][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.712205][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.714613][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.717106][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.719569][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.722019][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.724414][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.726925][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.729446][ T5388] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 620.733288][ T5388] hid-generic 0000:0000:0000.000A: hidraw1: HID v0.08 Device [syz0] on syz0 [ 621.765877][T27193] tipc: Failed to remove unknown binding: 66,1,1/0:2222859045/2222859047 [ 621.768232][T27193] tipc: Failed to remove unknown binding: 66,1,1/0:2222859045/2222859047 [ 621.863125][T27195] tipc: Failed to remove unknown binding: 66,1,1/0:3032931118/3032931120 [ 621.865448][T27195] tipc: Failed to remove unknown binding: 66,1,1/0:3032931118/3032931120 [ 622.707634][T27209] IPVS: persistence engine module ip_vs_pe_sjp not found [ 623.658059][ T1375] ieee802154 phy0 wpan0: encryption failed: -22 [ 623.659775][ T1375] ieee802154 phy1 wpan1: encryption failed: -22 [ 623.750925][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.753907][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.755874][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.760534][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.762563][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.764502][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.766432][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.771312][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.774309][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.777914][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.780926][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.784035][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.788802][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.791658][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.795147][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.799725][T27230] tipc: Failed to remove unknown binding: 66,1,1/0:1413949239/1413949241 [ 623.802895][T27230] tipc: Failed to remove unknown binding: 66,1,1/0:1413949239/1413949241 [ 623.806171][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.809080][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.814507][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.825495][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.835508][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.846432][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.851357][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.856888][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.862749][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.866996][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.871611][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.874337][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.877026][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.879644][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.882347][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.885261][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.888052][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.891752][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.894076][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.896146][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.911036][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.918176][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.926282][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.929396][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.934224][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.937169][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.953354][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.956354][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.961192][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.967502][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.972465][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.977665][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.980713][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.983584][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.986356][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.989765][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.992976][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 623.998112][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 624.001085][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 624.006610][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 624.012721][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 624.021161][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 624.028517][ T5388] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 624.067232][ T5388] hid-generic 0000:0000:0000.000B: hidraw1: HID v0.08 Device [syz0] on syz0 [ 624.137458][ T5360] Bluetooth: hci2: command 0x0405 tx timeout [ 625.021775][T27285] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2353'. [ 625.025156][T27285] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 626.652526][T27285] netlink: 160 bytes leftover after parsing attributes in process `syz.2.2353'. [ 626.820661][T27302] lo speed is unknown, defaulting to 1000 [ 627.469067][T27339] tipc: Failed to remove unknown binding: 66,1,1/0:4188068733/4188068735 [ 627.472531][T27339] tipc: Failed to remove unknown binding: 66,1,1/0:4188068733/4188068735 [ 627.563267][T27358] FAULT_INJECTION: forcing a failure. [ 627.563267][T27358] name failslab, interval 1, probability 0, space 0, times 0 [ 627.567898][T27358] CPU: 1 UID: 0 PID: 27358 Comm: syz.1.2367 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 627.571736][T27358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 627.575572][T27358] Call Trace: [ 627.576791][T27358] [ 627.577865][T27358] dump_stack_lvl+0x16c/0x1f0 [ 627.579601][T27358] should_fail_ex+0x497/0x5b0 [ 627.581343][T27358] ? fs_reclaim_acquire+0xae/0x160 [ 627.583225][T27358] should_failslab+0xc2/0x120 [ 627.584950][T27358] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 627.586897][T27358] ? getname_flags.part.0+0x4c/0x550 [ 627.588821][T27358] getname_flags.part.0+0x4c/0x550 [ 627.590700][T27358] getname_flags+0x93/0xf0 [ 627.592334][T27358] __ia32_sys_rename+0x64/0xa0 [ 627.594085][T27358] __do_fast_syscall_32+0x73/0x120 [ 627.595945][T27358] do_fast_syscall_32+0x32/0x80 [ 627.597722][T27358] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 627.600004][T27358] RIP: 0023:0xf7fe5579 [ 627.601496][T27358] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 627.608426][T27358] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000026 [ 627.611441][T27358] RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 0000000020000280 [ 627.614309][T27358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 627.617133][T27358] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 627.619976][T27358] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 627.622825][T27358] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 627.625668][T27358] [ 627.936929][ T1997] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 628.086934][ T1997] usb 6-1: Using ep0 maxpacket: 32 [ 628.090695][ T1997] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 628.093671][ T1997] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 628.097641][ T1997] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 628.102585][ T1997] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 59391, setting to 1024 [ 628.106663][ T1997] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 628.111673][ T1997] usb 6-1: config 0 interface 0 has no altsetting 0 [ 628.116734][ T1997] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 628.120094][ T1997] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 628.123193][ T1997] usb 6-1: Product: syz [ 628.124929][ T1997] usb 6-1: Manufacturer: syz [ 628.126708][ T1997] usb 6-1: SerialNumber: syz [ 628.145500][ T1997] usb 6-1: config 0 descriptor?? [ 628.158722][T27366] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 628.172559][ T1997] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 628.195947][ T1997] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 628.563726][ T5388] usb 6-1: USB disconnect, device number 28 [ 628.568333][ T5388] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 628.718189][ T5346] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 630.376964][ T5388] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 630.395272][T27446] overlayfs: failed to resolve './file0': -2 [ 630.536883][ T5388] usb 7-1: Using ep0 maxpacket: 8 [ 630.540487][ T5388] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 630.543429][ T5388] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 630.546742][ T5388] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 630.550268][ T5388] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 630.553723][ T5388] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 630.559312][ T5388] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 630.568234][ T5388] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.684929][ T5346] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 630.778767][ T5388] usb 7-1: GET_CAPABILITIES returned 0 [ 630.780236][ T5388] usbtmc 7-1:16.0: can't read capabilities [ 631.035729][T27496] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2402'. [ 631.039446][ T5447] usb 7-1: USB disconnect, device number 25 [ 631.086052][T27497] bridge_slave_1: left allmulticast mode [ 631.088327][T27497] bridge_slave_1: left promiscuous mode [ 631.089796][T27497] bridge0: port 2(bridge_slave_1) entered disabled state [ 631.093249][T27497] bridge6: port 1(bridge_slave_1) entered blocking state [ 631.095144][T27497] bridge6: port 1(bridge_slave_1) entered disabled state [ 631.097412][T27497] bridge_slave_1: entered allmulticast mode [ 631.099616][T27497] bridge_slave_1: entered promiscuous mode [ 631.101614][T27497] bridge6: port 1(bridge_slave_1) entered blocking state [ 631.103461][T27497] bridge6: port 1(bridge_slave_1) entered forwarding state [ 631.355063][ T5346] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 631.446424][T27518] random: crng reseeded on system resumption [ 632.490787][ T5346] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 632.671012][T27560] ubi0: attaching mtd0 [ 632.675043][T27560] ubi0: scanning is finished [ 632.681225][T27560] ubi0: empty MTD device detected [ 632.909959][T27560] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 632.912042][T27560] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 632.917205][T27560] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 632.919125][T27560] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 632.921169][T27560] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 632.923163][T27560] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 632.925386][T27560] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 361246946 [ 632.928023][T27560] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 632.932006][T27565] ubi0: background thread "ubi_bgt0d" started, PID 27565 [ 633.476660][T27575] FAULT_INJECTION: forcing a failure. [ 633.476660][T27575] name failslab, interval 1, probability 0, space 0, times 0 [ 633.482242][T27575] CPU: 3 UID: 0 PID: 27575 Comm: syz.2.2421 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 633.486104][T27575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 633.490175][T27575] Call Trace: [ 633.491410][T27575] [ 633.492498][T27575] dump_stack_lvl+0x16c/0x1f0 [ 633.494230][T27575] should_fail_ex+0x497/0x5b0 [ 633.495946][T27575] ? fs_reclaim_acquire+0xae/0x160 [ 633.497837][T27575] should_failslab+0xc2/0x120 [ 633.499572][T27575] __kmalloc_noprof+0xcb/0x410 [ 633.501335][T27575] vb2_core_allocated_buffers_storage+0xc4/0x220 [ 633.503658][T27575] vb2_core_reqbufs+0x381/0xfb0 [ 633.505439][T27575] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 633.507430][T27575] __vb2_init_fileio+0x3f3/0x1110 [ 633.509268][T27575] ? __pfx___mutex_lock+0x10/0x10 [ 633.511114][T27575] ? lock_acquire+0x2f/0xb0 [ 633.512795][T27575] vb2_core_poll+0x5e8/0x700 [ 633.514499][T27575] vb2_poll+0x35/0x160 [ 633.516015][T27575] vb2_fop_poll+0x10f/0x2c0 [ 633.517678][T27575] ? __pfx_vb2_fop_poll+0x10/0x10 [ 633.519449][T27575] v4l2_poll+0x160/0x320 [ 633.520832][T27575] do_select+0xc9a/0x17b0 [ 633.522347][T27575] ? page_ext_put+0x48/0xd0 [ 633.523996][T27575] ? __pfx_v4l2_poll+0x10/0x10 [ 633.525740][T27575] ? __pfx_do_select+0x10/0x10 [ 633.527464][T27575] ? mark_lock+0xb5/0xc60 [ 633.529041][T27575] ? mark_lock+0xb5/0xc60 [ 633.530664][T27575] ? hlock_class+0x4e/0x130 [ 633.532324][T27575] ? __pfx_pollwake+0x10/0x10 [ 633.534029][T27575] ? __pfx_pollwake+0x10/0x10 [ 633.535652][T27575] ? compat_core_sys_select+0x1de/0x880 [ 633.537601][T27575] ? __pfx_lock_release+0x10/0x10 [ 633.539426][T27575] ? trace_lock_acquire+0x14a/0x1d0 [ 633.541342][T27575] ? compat_core_sys_select+0x687/0x880 [ 633.543354][T27575] compat_core_sys_select+0x687/0x880 [ 633.544917][T27575] ? __pfx_compat_core_sys_select+0x10/0x10 [ 633.546540][T27575] ? get_pid_task+0xfc/0x250 [ 633.547920][T27575] ? set_compat_user_sigmask+0x20f/0x2a0 [ 633.549446][T27575] ? __pfx_set_compat_user_sigmask+0x10/0x10 [ 633.551074][T27575] ? do_user_addr_fault+0xdc7/0x13f0 [ 633.552525][T27575] ? reacquire_held_locks+0x20b/0x4c0 [ 633.553985][T27575] do_compat_pselect+0x202/0x240 [ 633.555315][T27575] ? __pfx_do_compat_pselect+0x10/0x10 [ 633.556843][T27575] ? do_user_addr_fault+0xe50/0x13f0 [ 633.558258][T27575] ? __pfx_lock_release+0x10/0x10 [ 633.559607][T27575] __ia32_compat_sys_pselect6_time32+0x17c/0x240 [ 633.561397][T27575] ? __pfx___ia32_compat_sys_pselect6_time32+0x10/0x10 [ 633.563250][T27575] __do_fast_syscall_32+0x73/0x120 [ 633.564591][T27575] do_fast_syscall_32+0x32/0x80 [ 633.566044][T27575] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 633.568246][T27575] RIP: 0023:0xf7f56579 [ 633.569679][T27575] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 633.576007][T27575] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000134 [ 633.578185][T27575] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 0000000020000000 [ 633.580232][T27575] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 633.582875][T27575] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 633.585069][T27575] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 633.587617][T27575] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 633.589752][T27575] [ 633.592072][T27561] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 633.599256][T27561] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 633.609491][T27561] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 633.614996][T27561] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 633.625768][T27561] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 633.636011][T27561] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 633.638828][T27561] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 633.645891][T27561] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 633.656251][ T5346] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 633.732327][T27587] FAULT_INJECTION: forcing a failure. [ 633.732327][T27587] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 633.735768][T27587] CPU: 3 UID: 0 PID: 27587 Comm: syz.1.2424 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 633.739306][T27587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 633.742111][T27587] Call Trace: [ 633.743017][T27587] [ 633.743826][T27587] dump_stack_lvl+0x16c/0x1f0 [ 633.745074][T27587] should_fail_ex+0x497/0x5b0 [ 633.746368][T27587] ? fs_reclaim_acquire+0xae/0x160 [ 633.747974][T27587] should_fail_alloc_page+0xe7/0x130 [ 633.749378][T27587] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 633.751078][T27587] ? __lock_acquire+0x163e/0x3ce0 [ 633.752459][T27587] __alloc_pages_noprof+0x190/0x25c0 [ 633.754254][T27587] ? __pfx___lock_acquire+0x10/0x10 [ 633.756160][T27587] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 633.758244][T27587] ? find_held_lock+0x2d/0x110 [ 633.759982][T27587] ? __pfx_lock_release+0x10/0x10 [ 633.761854][T27587] ? trace_lock_acquire+0x14a/0x1d0 [ 633.763725][T27587] ? ktime_get+0xd9/0x1a0 [ 633.765311][T27587] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 633.767390][T27587] ? lockdep_hardirqs_on+0x7c/0x110 [ 633.769260][T27587] ___kmalloc_large_node+0x84/0x1b0 [ 633.771170][T27587] __kmalloc_large_noprof+0x1c/0x70 [ 633.773059][T27587] bpf_check+0x120/0xc7c0 [ 633.774353][T27587] ? __pfx_bpf_check+0x10/0x10 [ 633.775611][T27587] ? find_held_lock+0x2d/0x110 [ 633.776914][T27587] ? ktime_get_with_offset+0x13a/0x240 [ 633.778347][T27587] ? trace_lock_acquire+0x14a/0x1d0 [ 633.779714][T27587] ? ktime_get_with_offset+0x13a/0x240 [ 633.781138][T27587] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 633.782646][T27587] ? lockdep_hardirqs_on+0x7c/0x110 [ 633.784005][T27587] ? read_tsc+0x9/0x20 [ 633.785094][T27587] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 633.786760][T27587] ? bpf_obj_name_cpy+0x156/0x1b0 [ 633.788609][T27587] bpf_prog_load+0xe3f/0x2670 [ 633.790303][T27587] ? __pfx_bpf_prog_load+0x10/0x10 [ 633.792168][T27587] ? find_held_lock+0x2d/0x110 [ 633.793866][T27587] __sys_bpf+0x4c8c/0x5780 [ 633.795469][T27587] ? ksys_write+0x21e/0x260 [ 633.797078][T27587] ? __pfx___sys_bpf+0x10/0x10 [ 633.798806][T27587] ? vfs_write+0x14d/0x1140 [ 633.800429][T27587] ? __mutex_unlock_slowpath+0x164/0x650 [ 633.802335][T27587] ? fput+0x30/0x390 [ 633.803651][T27587] ? ksys_write+0x1ad/0x260 [ 633.805133][T27587] ? __pfx_ksys_write+0x10/0x10 [ 633.806780][T27587] __ia32_sys_bpf+0x76/0xe0 [ 633.808442][T27587] __do_fast_syscall_32+0x73/0x120 [ 633.810363][T27587] do_fast_syscall_32+0x32/0x80 [ 633.811992][T27587] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 633.813776][T27587] RIP: 0023:0xf7fe5579 [ 633.814863][T27587] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 633.819938][T27587] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 633.822119][T27587] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000840 [ 633.824179][T27587] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 633.826260][T27587] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 633.828319][T27587] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 633.830390][T27587] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 633.832465][T27587] [ 633.945360][T27592] tipc: Failed to remove unknown binding: 66,1,1/0:266112769/266112771 [ 633.948421][T27592] tipc: Failed to remove unknown binding: 66,1,1/0:266112769/266112771 [ 634.202882][T27606] mkiss: ax0: crc mode is auto. [ 634.322543][T27613] mkiss: ax0: crc mode is auto. [ 634.408037][T27606] overlayfs: unescaped trailing colons in lowerdir mount option. [ 634.712634][T27618] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2430'. [ 634.755747][T27618] team0: Port device bridge8 added [ 634.760524][T27618] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2430'. [ 634.866041][ T5346] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 634.936933][ T5346] Bluetooth: hci5: command 0x0c1a tx timeout [ 635.520367][T27644] tipc: Failed to remove unknown binding: 66,1,1/0:2415937513/2415937515 [ 635.542256][T27644] tipc: Failed to remove unknown binding: 66,1,1/0:2415937513/2415937515 [ 635.657047][ T5360] Bluetooth: hci1: command 0x0c1a tx timeout [ 635.659261][ T5360] Bluetooth: hci0: command 0x0405 tx timeout [ 635.661464][ T5346] Bluetooth: hci2: command 0x0405 tx timeout [ 635.668817][ T5346] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 636.103202][T27680] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2444'. [ 636.105735][T27680] netlink: 'syz.1.2444': attribute type 1 has an invalid length. [ 636.110575][T27680] netlink: 'syz.1.2444': attribute type 2 has an invalid length. [ 636.180356][T27683] FAULT_INJECTION: forcing a failure. [ 636.180356][T27683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 636.185051][T27683] CPU: 1 UID: 0 PID: 27683 Comm: syz.1.2445 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 636.188755][T27683] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 636.192189][T27683] Call Trace: [ 636.193222][T27683] [ 636.194301][T27683] dump_stack_lvl+0x16c/0x1f0 [ 636.196039][T27683] should_fail_ex+0x497/0x5b0 [ 636.197452][T27683] _copy_from_iter+0x29b/0x13e0 [ 636.198745][T27683] ? __pfx__copy_from_iter+0x10/0x10 [ 636.200116][T27683] ? __virt_addr_valid+0x1a4/0x590 [ 636.201473][T27683] ? __virt_addr_valid+0x5e/0x590 [ 636.203071][T27683] ? __phys_addr_symbol+0x30/0x80 [ 636.204860][T27683] ? __check_object_size+0x488/0x710 [ 636.206763][T27683] netlink_sendmsg+0x813/0xd70 [ 636.208520][T27683] ? __pfx_netlink_sendmsg+0x10/0x10 [ 636.210446][T27683] ? lock_acquire+0x2f/0xb0 [ 636.212057][T27683] ____sys_sendmsg+0x9ae/0xb40 [ 636.213806][T27683] ? __pfx_____sys_sendmsg+0x10/0x10 [ 636.215699][T27683] ? get_compat_msghdr+0x11b/0x170 [ 636.217583][T27683] ? __pfx___lock_acquire+0x10/0x10 [ 636.219482][T27683] ___sys_sendmsg+0x135/0x1e0 [ 636.221205][T27683] ? __pfx____sys_sendmsg+0x10/0x10 [ 636.223109][T27683] ? lock_acquire+0x2f/0xb0 [ 636.224744][T27683] ? __fget_files+0x40/0x3f0 [ 636.226366][T27683] ? fdget+0x176/0x210 [ 636.227678][T27683] __sys_sendmsg+0x117/0x1f0 [ 636.228891][T27683] ? __pfx___sys_sendmsg+0x10/0x10 [ 636.230247][T27683] ? __fget_files+0x244/0x3f0 [ 636.231482][T27683] __do_fast_syscall_32+0x73/0x120 [ 636.233069][T27683] do_fast_syscall_32+0x32/0x80 [ 636.234993][T27683] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 636.236739][T27683] RIP: 0023:0xf7fe5579 [ 636.238056][T27683] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 636.243370][T27683] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 636.246390][T27683] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 636.249211][T27683] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 636.252027][T27683] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 636.254830][T27683] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 636.257603][T27683] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 636.260400][T27683] [ 636.566982][ T5388] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 636.739154][ T5388] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 636.742196][ T5388] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 636.745064][ T5388] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 636.747562][ T5388] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.761966][T27686] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 636.783000][ T5388] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 637.128517][T27686] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 637.132836][T27686] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 637.134199][T27698] tipc: Failed to remove unknown binding: 66,1,1/0:3998700794/3998700796 [ 637.146357][T27698] tipc: Failed to remove unknown binding: 66,1,1/0:3998700794/3998700796 [ 637.204334][ T5388] usb 6-1: USB disconnect, device number 29 [ 637.406898][T27743] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 637.581617][T27749] FAULT_INJECTION: forcing a failure. [ 637.581617][T27749] name failslab, interval 1, probability 0, space 0, times 0 [ 637.581852][T27749] CPU: 0 UID: 0 PID: 27749 Comm: syz.2.2455 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 637.581876][T27749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 637.581887][T27749] Call Trace: [ 637.581894][T27749] [ 637.581902][T27749] dump_stack_lvl+0x16c/0x1f0 [ 637.581931][T27749] should_fail_ex+0x497/0x5b0 [ 637.581976][T27749] ? fs_reclaim_acquire+0xae/0x160 [ 637.582000][T27749] should_failslab+0xc2/0x120 [ 637.582027][T27749] kmem_cache_alloc_node_noprof+0x71/0x310 [ 637.582052][T27749] ? __alloc_skb+0x2b3/0x380 [ 637.582081][T27749] __alloc_skb+0x2b3/0x380 [ 637.582104][T27749] ? __pfx___alloc_skb+0x10/0x10 [ 637.582126][T27749] ? __pfx_lock_release+0x10/0x10 [ 637.582151][T27749] ? trace_lock_acquire+0x14a/0x1d0 [ 637.582179][T27749] alloc_uevent_skb+0x7d/0x210 [ 637.582201][T27749] kobject_uevent_env+0xb04/0x1670 [ 637.582223][T27749] ? bus_to_subsys+0x12d/0x160 [ 637.582248][T27749] device_del+0x623/0x9f0 [ 637.582277][T27749] ? __pfx_device_del+0x10/0x10 [ 637.582310][T27749] device_unregister+0x1d/0xc0 [ 637.582335][T27749] device_destroy+0x9a/0xe0 [ 637.582359][T27749] ? __pfx_device_destroy+0x10/0x10 [ 637.582391][T27749] vcs_remove_sysfs+0x21/0x50 [ 637.582412][T27749] vc_deallocate+0x1a4/0x470 [ 637.582435][T27749] ? __pfx_vc_deallocate+0x10/0x10 [ 637.582459][T27749] ? lock_acquire+0x2f/0xb0 [ 637.582482][T27749] ? vt_disallocate_all+0x9d/0x4d0 [ 637.582505][T27749] vt_disallocate_all+0x292/0x4d0 [ 637.582526][T27749] ? __pfx_vt_disallocate_all+0x10/0x10 [ 637.582544][T27749] ? kasan_save_stack+0x42/0x60 [ 637.582601][T27749] ? apparmor_capable+0x114/0x1d0 [ 637.582626][T27749] ? bpf_lsm_capable+0x9/0x10 [ 637.582653][T27749] ? security_capable+0x7e/0x260 [ 637.582677][T27749] vt_ioctl+0x136d/0x2fd0 [ 637.582699][T27749] ? __pfx_vt_ioctl+0x10/0x10 [ 637.582719][T27749] ? aa_get_newest_label+0x376/0x680 [ 637.582741][T27749] ? __pfx_aa_get_newest_label+0x10/0x10 [ 637.582763][T27749] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 637.582793][T27749] ? apparmor_capable+0x114/0x1d0 [ 637.582815][T27749] ? bpf_lsm_capable+0x9/0x10 [ 637.582838][T27749] ? security_capable+0x7e/0x260 [ 637.582862][T27749] vt_compat_ioctl+0x239/0x4e0 [ 637.582883][T27749] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 637.582910][T27749] ? __fget_files+0x244/0x3f0 [ 637.582929][T27749] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 637.582950][T27749] tty_compat_ioctl+0x2ee/0x4d0 [ 637.582974][T27749] ? __pfx_tty_compat_ioctl+0x10/0x10 [ 637.582998][T27749] __do_compat_sys_ioctl+0x259/0x2b0 [ 637.583026][T27749] __do_fast_syscall_32+0x73/0x120 [ 637.583053][T27749] do_fast_syscall_32+0x32/0x80 [ 637.583075][T27749] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 637.583101][T27749] RIP: 0023:0xf7f56579 [ 637.583117][T27749] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 637.583135][T27749] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 637.583154][T27749] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005608 [ 637.583167][T27749] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 637.583178][T27749] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 637.583189][T27749] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 637.583200][T27749] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 637.583224][T27749] [ 637.746989][ T5346] Bluetooth: hci2: command 0x0405 tx timeout [ 637.747002][T27668] Bluetooth: hci1: command 0x0c1a tx timeout [ 637.786129][T27768] tipc: Failed to remove unknown binding: 66,1,1/0:1116206481/1116206483 [ 637.789700][T27768] tipc: Failed to remove unknown binding: 66,1,1/0:1116206481/1116206483 [ 639.157495][T27814] tipc: Failed to remove unknown binding: 66,1,1/0:3187963739/3187963741 [ 639.159725][T27814] tipc: Failed to remove unknown binding: 66,1,1/0:3187963739/3187963741 [ 639.541744][T27827] FAULT_INJECTION: forcing a failure. [ 639.541744][T27827] name failslab, interval 1, probability 0, space 0, times 0 [ 639.546007][T27827] CPU: 0 UID: 0 PID: 27827 Comm: syz.0.2471 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 639.549580][T27827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 639.553117][T27827] Call Trace: [ 639.554230][T27827] [ 639.555219][T27827] dump_stack_lvl+0x16c/0x1f0 [ 639.556893][T27827] should_fail_ex+0x497/0x5b0 [ 639.558680][T27827] ? fs_reclaim_acquire+0xae/0x160 [ 639.560407][T27827] should_failslab+0xc2/0x120 [ 639.562001][T27827] __kmalloc_noprof+0xcb/0x410 [ 639.563450][T27827] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 639.565261][T27827] tomoyo_realpath_from_path+0xbf/0x710 [ 639.567120][T27827] ? tomoyo_path_number_perm+0x232/0x5b0 [ 639.569089][T27827] tomoyo_path_number_perm+0x245/0x5b0 [ 639.570927][T27827] ? tomoyo_path_number_perm+0x232/0x5b0 [ 639.572825][T27827] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 639.574955][T27827] ? trace_lock_acquire+0x14a/0x1d0 [ 639.576750][T27827] ? lock_acquire+0x2f/0xb0 [ 639.578329][T27827] ? __fget_files+0x40/0x3f0 [ 639.579867][T27827] ? __fget_files+0x244/0x3f0 [ 639.581401][T27827] security_file_ioctl_compat+0x9b/0x240 [ 639.583316][T27827] __do_compat_sys_ioctl+0x52/0x2b0 [ 639.584986][T27827] __do_fast_syscall_32+0x73/0x120 [ 639.586599][T27827] do_fast_syscall_32+0x32/0x80 [ 639.588316][T27827] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 639.590148][T27827] RIP: 0023:0xf7f56579 [ 639.591411][T27827] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 639.597393][T27827] RSP: 002b:00000000f56b556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 639.599833][T27827] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000005412 [ 639.602283][T27827] RDX: 0000000020000280 RSI: 0000000000000000 RDI: 0000000000000000 [ 639.604858][T27827] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 639.607521][T27827] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 639.610167][T27827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 639.612774][T27827] [ 639.613894][ C0] vkms_vblank_simulate: vblank timer overrun [ 639.616313][T27827] ERROR: Out of memory at tomoyo_realpath_from_path. [ 639.816949][T27668] Bluetooth: hci1: command 0x0c1a tx timeout [ 639.826912][T27668] Bluetooth: hci2: command 0x0405 tx timeout [ 640.307363][ T9] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 640.432610][T27849] program syz.0.2475 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 640.457043][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 640.464962][ T9] usb 7-1: config 0 has no interfaces? [ 640.468843][ T9] usb 7-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 640.472130][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 640.475024][ T9] usb 7-1: Product: syz [ 640.476520][ T9] usb 7-1: Manufacturer: syz [ 640.481759][ T9] usb 7-1: SerialNumber: syz [ 640.485532][ T9] usb 7-1: config 0 descriptor?? [ 640.713073][T27842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 640.718241][T27842] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 640.725742][T27842] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2474'. [ 640.731318][T27842] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2474'. [ 640.810385][ T5447] usb 7-1: USB disconnect, device number 26 [ 640.841977][T27870] tipc: Failed to remove unknown binding: 66,1,1/0:1570532165/1570532167 [ 640.844205][T27870] tipc: Failed to remove unknown binding: 66,1,1/0:1570532165/1570532167 [ 641.424030][T27668] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 641.881511][T27911] FAULT_INJECTION: forcing a failure. [ 641.881511][T27911] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 641.887406][T27911] CPU: 0 UID: 0 PID: 27911 Comm: syz.3.2487 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 641.890417][T27911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 641.893175][T27911] Call Trace: [ 641.894068][T27911] [ 641.894847][T27911] dump_stack_lvl+0x16c/0x1f0 [ 641.896098][T27911] should_fail_ex+0x497/0x5b0 [ 641.896910][ T5412] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 641.897593][T27911] _copy_from_user+0x30/0xf0 [ 641.900784][T27911] copy_mount_options+0x76/0x190 [ 641.902116][T27911] __ia32_sys_mount+0x1ad/0x310 [ 641.903398][T27911] ? __pfx___ia32_sys_mount+0x10/0x10 [ 641.904802][T27911] __do_fast_syscall_32+0x73/0x120 [ 641.906153][T27911] do_fast_syscall_32+0x32/0x80 [ 641.907458][T27911] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 641.909096][T27911] RIP: 0023:0xf7fb6579 [ 641.910171][T27911] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 641.915163][T27911] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 641.917352][T27911] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000080 [ 641.919405][T27911] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 00000000200004c0 [ 641.921474][T27911] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 641.923521][T27911] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 641.925579][T27911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 641.927666][T27911] [ 641.928570][ C0] vkms_vblank_simulate: vblank timer overrun [ 641.932775][ T9] kernel write not supported for file /sg0 (pid: 9 comm: kworker/0:1) [ 642.013993][T27921] tipc: Failed to remove unknown binding: 66,1,1/0:742131305/742131307 [ 642.016896][T27921] tipc: Failed to remove unknown binding: 66,1,1/0:742131305/742131307 [ 642.046891][ T5412] usb 7-1: Using ep0 maxpacket: 8 [ 642.050384][ T5412] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 642.053122][ T5412] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 642.056420][ T5412] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 642.065135][ T5412] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 642.068910][ T5412] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 642.073781][ T5412] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 642.077230][ T5412] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.147760][T27929] xt_hashlimit: max too large, truncated to 1048576 [ 642.150115][T27929] xt_hashlimit: overflow, try lower: 0/0 [ 642.261828][T27931] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2492'. [ 642.293996][ T5412] usb 7-1: GET_CAPABILITIES returned 0 [ 642.295904][ T5412] usbtmc 7-1:16.0: can't read capabilities [ 642.525121][ T9] usb 7-1: USB disconnect, device number 27 [ 643.158537][T27964] tipc: Failed to remove unknown binding: 66,1,1/0:131510195/131510197 [ 643.161099][T27964] tipc: Failed to remove unknown binding: 66,1,1/0:131510195/131510197 [ 644.682780][T28004] netlink: 'syz.2.2510': attribute type 3 has an invalid length. [ 644.685835][T28004] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.2510'. [ 644.782330][T28003] lo speed is unknown, defaulting to 1000 [ 645.077897][T28032] dummy0: entered promiscuous mode [ 645.128295][T28032] dummy0: left promiscuous mode [ 645.158700][T28036] netlink: 'syz.2.2512': attribute type 3 has an invalid length. [ 645.161362][T28036] netlink: 666 bytes leftover after parsing attributes in process `syz.2.2512'. [ 645.450665][T28052] x_tables: duplicate underflow at hook 2 [ 645.506662][T28061] 8021q: adding VLAN 0 to HW filter on device bond1 [ 645.561908][T28096] netlink: 'syz.0.2517': attribute type 11 has an invalid length. [ 647.018338][T27668] Bluetooth: hci1: unexpected event 0x0f length: 70 > 4 [ 647.018365][T27668] Bluetooth: hci1: unexpected event for opcode 0x080b [ 647.055201][T28119] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2524'. [ 647.359339][ T39] kauditd_printk_skb: 28 callbacks suppressed [ 647.359350][ T39] audit: type=1326 audit(1728291879.270:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28144 comm="syz.0.2529" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x0 [ 647.632394][T28160] tipc: Failed to remove unknown binding: 66,1,1/0:4013733525/4013733527 [ 647.635725][T28160] tipc: Failed to remove unknown binding: 66,1,1/0:4013733525/4013733527 [ 647.779823][T28162] tipc: Failed to remove unknown binding: 66,1,1/0:2157251070/2157251072 [ 647.782786][T28162] tipc: Failed to remove unknown binding: 66,1,1/0:2157251070/2157251072 [ 649.205279][T28181] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0 [ 649.256144][T28185] tmpfs: Unknown parameter 'srquota' [ 649.290223][T28145] lo speed is unknown, defaulting to 1000 [ 649.352059][T28150] lo speed is unknown, defaulting to 1000 [ 649.844307][T28266] No control pipe specified [ 650.080784][ T39] audit: type=1326 audit(1728291881.990:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28184 comm="syz.2.2533" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7fc00000 [ 650.178340][T28282] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2542'. [ 650.182025][T28282] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2542'. [ 650.532221][T28292] tipc: Failed to remove unknown binding: 66,1,1/0:1531813298/1531813300 [ 650.535028][T28292] tipc: Failed to remove unknown binding: 66,1,1/0:1531813298/1531813300 [ 650.767004][T28301] mkiss: ax0: crc mode is auto. [ 650.809603][ T39] audit: type=1326 audit(1728291882.720:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28272 comm="syz.0.2540" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7fc00000 [ 650.894739][T28309] mkiss: ax0: crc mode is auto. [ 650.907068][T28301] overlayfs: unescaped trailing colons in lowerdir mount option. [ 650.983134][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 651.159925][T28319] kvm: requested 6704 ns i8254 timer period limited to 200000 ns [ 651.185824][T28319] kvm: requested 39390 ns i8254 timer period limited to 200000 ns [ 651.202661][T28319] kvm: requested 95542 ns i8254 timer period limited to 200000 ns [ 651.217595][T28319] kvm: requested 82971 ns i8254 timer period limited to 200000 ns [ 651.223758][T28319] kvm: requested 96381 ns i8254 timer period limited to 200000 ns [ 651.228770][T28319] kvm: requested 90514 ns i8254 timer period limited to 200000 ns [ 651.234986][T28319] kvm: requested 92190 ns i8254 timer period limited to 200000 ns [ 651.388966][T28327] FAULT_INJECTION: forcing a failure. [ 651.388966][T28327] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 651.393368][T28327] CPU: 3 UID: 0 PID: 28327 Comm: syz.0.2549 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 651.396860][T28327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 651.400517][T28327] Call Trace: [ 651.401684][T28327] [ 651.402705][T28327] dump_stack_lvl+0x16c/0x1f0 [ 651.404355][T28327] should_fail_ex+0x497/0x5b0 [ 651.405998][T28327] _copy_to_user+0x30/0xc0 [ 651.407607][T28327] bpf_verifier_vlog+0x25d/0x6a0 [ 651.409033][T28327] bpf_verifier_log_write+0x171/0x190 [ 651.410435][T28327] ? __pfx_bpf_verifier_log_write+0x10/0x10 [ 651.411862][T28327] ? print_liveness+0x6f/0xe0 [ 651.413007][T28327] print_verifier_state+0x1da/0x1110 [ 651.414405][T28327] ? __pfx_verbose+0x10/0x10 [ 651.415572][T28327] ? __pfx_print_verifier_state+0x10/0x10 [ 651.416971][T28327] ? is_reg64.constprop.0+0x120/0x380 [ 651.418334][T28327] ? print_verifier_state+0x853/0x1110 [ 651.419684][T28327] do_check_common+0x9c7c/0xd610 [ 651.420912][T28327] ? bpf_sk_base_func_proto+0xfa/0x180 [ 651.422269][T28327] ? tc_cls_act_func_proto+0x75/0x500 [ 651.423626][T28327] ? __pfx_mark_fastcall_pattern_for_call+0x10/0x10 [ 651.425226][T28327] ? __pfx_do_check_common+0x10/0x10 [ 651.426541][T28327] ? __pfx_verbose+0x10/0x10 [ 651.427696][T28327] ? __pfx_disasm_kfunc_name+0x10/0x10 [ 651.429051][T28327] ? check_cfg+0x400/0x840 [ 651.430182][T28327] bpf_check+0x7737/0xc7c0 [ 651.431292][T28327] ? __pfx_bpf_check+0x10/0x10 [ 651.432488][T28327] ? find_held_lock+0x2d/0x110 [ 651.433708][T28327] ? ktime_get_with_offset+0x13a/0x240 [ 651.435051][T28327] ? trace_lock_acquire+0x14a/0x1d0 [ 651.436372][T28327] ? ktime_get_with_offset+0x13a/0x240 [ 651.437724][T28327] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 651.439122][T28327] ? lockdep_hardirqs_on+0x7c/0x110 [ 651.440433][T28327] ? bpf_obj_name_cpy+0x156/0x1b0 [ 651.441703][T28327] bpf_prog_load+0xe3f/0x2670 [ 651.442884][T28327] ? __pfx_bpf_prog_load+0x10/0x10 [ 651.444262][T28327] ? find_held_lock+0x2d/0x110 [ 651.445434][T28327] __sys_bpf+0x4c8c/0x5780 [ 651.446555][T28327] ? ksys_write+0x21e/0x260 [ 651.447702][T28327] ? __pfx___sys_bpf+0x10/0x10 [ 651.448897][T28327] ? vfs_write+0x14d/0x1140 [ 651.450123][T28327] ? __mutex_unlock_slowpath+0x164/0x650 [ 651.452022][T28327] ? fput+0x30/0x390 [ 651.453391][T28327] ? ksys_write+0x1ad/0x260 [ 651.454991][T28327] ? __pfx_ksys_write+0x10/0x10 [ 651.456644][T28327] __ia32_sys_bpf+0x76/0xe0 [ 651.458271][T28327] __do_fast_syscall_32+0x73/0x120 [ 651.460097][T28327] do_fast_syscall_32+0x32/0x80 [ 651.461786][T28327] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 651.463973][T28327] RIP: 0023:0xf7f56579 [ 651.465437][T28327] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 651.472002][T28327] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 651.474906][T28327] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000440 [ 651.477684][T28327] RDX: 0000000000000070 RSI: 0000000000000000 RDI: 0000000000000000 [ 651.480402][T28327] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 651.483146][T28327] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 651.485907][T28327] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 651.488643][T28327] [ 651.639294][ T5388] IPVS: starting estimator thread 0... [ 651.643440][T28335] tipc: Started in network mode [ 651.644712][T28335] tipc: Node identity ac1414aa, cluster identity 4711 [ 651.647047][T28335] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 651.649062][T28335] tipc: Enabled bearer , priority 10 [ 651.757105][T28338] IPVS: using max 35 ests per chain, 84000 per kthread [ 651.786964][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 651.936868][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 652.086899][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 652.226892][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 652.376891][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 652.516906][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 652.552528][T28347] tipc: Failed to remove unknown binding: 66,1,1/0:494530278/494530280 [ 652.555194][T28347] tipc: Failed to remove unknown binding: 66,1,1/0:494530278/494530280 [ 652.656979][ T5388] tipc: Node number set to 2886997162 [ 652.692151][T28352] tipc: Failed to remove unknown binding: 66,1,1/0:833302249/833302251 [ 652.694381][T28352] tipc: Failed to remove unknown binding: 66,1,1/0:833302249/833302251 [ 652.706887][ T5346] Bluetooth: hci2: command 0x0405 tx timeout [ 652.796878][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 652.857960][T28360] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2558'. [ 652.861102][T28360] openvswitch: netlink: Key type 133 is out of range max 32 [ 653.430994][T28384] FAULT_INJECTION: forcing a failure. [ 653.430994][T28384] name failslab, interval 1, probability 0, space 0, times 0 [ 653.435150][T28384] CPU: 3 UID: 0 PID: 28384 Comm: syz.2.2565 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 653.438744][T28384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 653.442205][T28384] Call Trace: [ 653.443349][T28384] [ 653.444343][T28384] dump_stack_lvl+0x16c/0x1f0 [ 653.445985][T28384] should_fail_ex+0x497/0x5b0 [ 653.447589][T28384] should_failslab+0xc2/0x120 [ 653.449185][T28384] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 653.451018][T28384] ? skb_clone+0x190/0x3f0 [ 653.452543][T28384] skb_clone+0x190/0x3f0 [ 653.453987][T28384] netlink_deliver_tap+0xb26/0xcf0 [ 653.455703][T28384] netlink_unicast+0x6b4/0x7f0 [ 653.457312][T28384] ? __pfx_netlink_unicast+0x10/0x10 [ 653.459177][T28384] netlink_ack+0x6a5/0xb20 [ 653.460753][T28384] netlink_rcv_skb+0x327/0x410 [ 653.462325][T28384] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 653.464113][T28384] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 653.465910][T28384] ? __pfx_aa_get_newest_label+0x10/0x10 [ 653.467804][T28384] ? bpf_lsm_capable+0x9/0x10 [ 653.469441][T28384] ? security_capable+0x7e/0x260 [ 653.471104][T28384] ? ns_capable+0xd7/0x110 [ 653.472612][T28384] nfnetlink_rcv+0x1b4/0x430 [ 653.474188][T28384] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 653.475929][T28384] ? netlink_deliver_tap+0x1ae/0xcf0 [ 653.477735][T28384] netlink_unicast+0x53c/0x7f0 [ 653.479286][T28384] ? __pfx_netlink_unicast+0x10/0x10 [ 653.480971][T28384] ? __phys_addr_symbol+0x30/0x80 [ 653.482711][T28384] ? __check_object_size+0x488/0x710 [ 653.484492][T28384] netlink_sendmsg+0x8b8/0xd70 [ 653.486133][T28384] ? __pfx_netlink_sendmsg+0x10/0x10 [ 653.487929][T28384] ? lock_acquire+0x2f/0xb0 [ 653.489486][T28384] ____sys_sendmsg+0x9ae/0xb40 [ 653.491111][T28384] ? __pfx_____sys_sendmsg+0x10/0x10 [ 653.492891][T28384] ? get_compat_msghdr+0x11b/0x170 [ 653.494640][T28384] ? __pfx___lock_acquire+0x10/0x10 [ 653.496394][T28384] ___sys_sendmsg+0x135/0x1e0 [ 653.497919][T28384] ? __pfx____sys_sendmsg+0x10/0x10 [ 653.499617][T28384] ? lock_acquire+0x2f/0xb0 [ 653.501104][T28384] ? __fget_files+0x40/0x3f0 [ 653.502686][T28384] ? fdget+0x176/0x210 [ 653.504092][T28384] __sys_sendmsg+0x117/0x1f0 [ 653.505663][T28384] ? __pfx___sys_sendmsg+0x10/0x10 [ 653.507385][T28384] ? __fget_files+0x244/0x3f0 [ 653.508994][T28384] __do_fast_syscall_32+0x73/0x120 [ 653.510749][T28384] do_fast_syscall_32+0x32/0x80 [ 653.512415][T28384] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 653.514548][T28384] RIP: 0023:0xf7f56579 [ 653.515913][T28384] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 653.522222][T28384] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 653.524965][T28384] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 653.527597][T28384] RDX: 0000000004044848 RSI: 0000000000000000 RDI: 0000000000000000 [ 653.530247][T28384] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 653.532879][T28384] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 653.535485][T28384] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 653.538039][T28384] [ 653.539423][ T63] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 653.652294][T28386] tipc: Failed to remove unknown binding: 66,1,1/2886997162:2250978632/2250978634 [ 653.667131][T28386] tipc: Failed to remove unknown binding: 66,1,1/2886997162:2250978632/2250978634 [ 653.686920][ T63] usb 6-1: Using ep0 maxpacket: 8 [ 653.691036][ T63] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 653.693861][ T63] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 653.699270][ T63] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 653.702883][ T63] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 653.709467][ T63] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 653.713860][ T63] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 653.729659][ T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 653.940711][ T63] usb 6-1: GET_CAPABILITIES returned 0 [ 653.942685][ T63] usbtmc 6-1:16.0: can't read capabilities [ 654.194730][ T9] usb 6-1: USB disconnect, device number 30 [ 655.167105][ T5388] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 655.336932][ T5388] usb 6-1: Using ep0 maxpacket: 32 [ 655.340470][ T5388] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 655.343437][ T5388] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 655.350327][ T5388] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 655.354134][ T5388] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 59391, setting to 1024 [ 655.359653][ T5388] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 655.364202][ T5388] usb 6-1: config 0 interface 0 has no altsetting 0 [ 655.368452][ T5388] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 655.371471][ T5388] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 655.374380][ T5388] usb 6-1: Product: syz [ 655.376014][ T5388] usb 6-1: Manufacturer: syz [ 655.377793][ T5388] usb 6-1: SerialNumber: syz [ 655.380971][ T5388] usb 6-1: config 0 descriptor?? [ 655.383436][T28422] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 655.397386][ T5388] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 655.402831][ T5388] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 655.782015][ T5601] usb 6-1: USB disconnect, device number 31 [ 655.793947][ T5601] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 656.333843][T28466] FAULT_INJECTION: forcing a failure. [ 656.333843][T28466] name failslab, interval 1, probability 0, space 0, times 0 [ 656.338238][T28466] CPU: 0 UID: 0 PID: 28466 Comm: syz.1.2579 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 656.341847][T28466] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 656.345463][T28466] Call Trace: [ 656.346627][T28466] [ 656.347667][T28466] dump_stack_lvl+0x16c/0x1f0 [ 656.349325][T28466] should_fail_ex+0x497/0x5b0 [ 656.350968][T28466] ? fs_reclaim_acquire+0xae/0x160 [ 656.352756][T28466] should_failslab+0xc2/0x120 [ 656.354451][T28466] __kmalloc_noprof+0xcb/0x410 [ 656.356120][T28466] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 656.358276][T28466] tomoyo_realpath_from_path+0xbf/0x710 [ 656.360395][T28466] ? tomoyo_path_number_perm+0x232/0x5b0 [ 656.362332][T28466] tomoyo_path_number_perm+0x245/0x5b0 [ 656.364177][T28466] ? tomoyo_path_number_perm+0x232/0x5b0 [ 656.366109][T28466] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 656.368224][T28466] ? trace_lock_acquire+0x14a/0x1d0 [ 656.370037][T28466] ? lock_acquire+0x2f/0xb0 [ 656.371657][T28466] ? __fget_files+0x40/0x3f0 [ 656.373246][T28466] ? __fget_files+0x244/0x3f0 [ 656.374885][T28466] security_file_ioctl_compat+0x9b/0x240 [ 656.376836][T28466] __do_compat_sys_ioctl+0x52/0x2b0 [ 656.378677][T28466] __do_fast_syscall_32+0x73/0x120 [ 656.380434][T28466] do_fast_syscall_32+0x32/0x80 [ 656.382154][T28466] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 656.384320][T28466] RIP: 0023:0xf7fe5579 [ 656.385760][T28466] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 656.392296][T28466] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 656.395150][T28466] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000005412 [ 656.397411][T28469] lo speed is unknown, defaulting to 1000 [ 656.397821][T28466] RDX: 00000000200001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 656.402561][T28466] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 656.405286][T28466] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 656.406880][ T5387] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 656.408044][T28466] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 656.408073][T28466] [ 656.409887][T28466] ERROR: Out of memory at tomoyo_realpath_from_path. [ 656.568265][ T5387] usb 7-1: Using ep0 maxpacket: 8 [ 656.571587][ T5387] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 656.574297][ T5387] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 656.577610][ T5387] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 656.580953][ T5387] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 656.584364][ T5387] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 656.588739][ T5387] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 656.591799][ T5387] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 656.696989][ C1] net_ratelimit: 4 callbacks suppressed [ 656.697008][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 656.803687][ T5387] usb 7-1: GET_CAPABILITIES returned 0 [ 656.805781][ T5387] usbtmc 7-1:16.0: can't read capabilities [ 657.019813][ T5601] usb 7-1: USB disconnect, device number 28 [ 657.737044][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 658.786888][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 659.380028][T28574] mkiss: ax0: crc mode is auto. [ 659.512270][T28574] mkiss: ax0: crc mode is auto. [ 659.524419][T28594] overlayfs: unescaped trailing colons in lowerdir mount option. [ 659.756912][ T5412] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 659.817003][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 659.906986][ T5412] usb 7-1: Using ep0 maxpacket: 8 [ 659.911402][ T5412] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 659.914365][ T5412] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 659.918099][ T5412] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 659.921477][ T5412] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 659.926180][ T5412] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 659.935400][ T5412] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 659.948914][ T5412] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.167252][ T5412] usb 7-1: GET_CAPABILITIES returned 0 [ 660.169107][ T5412] usbtmc 7-1:16.0: can't read capabilities [ 660.385173][ T9] usb 7-1: USB disconnect, device number 29 [ 660.856936][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 661.559798][T28627] random: crng reseeded on system resumption [ 661.591957][T28628] block device autoloading is deprecated and will be removed. [ 661.896946][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 662.170242][T28650] tipc: Failed to remove unknown binding: 66,1,1/0:4243472287/4243472289 [ 662.173061][T28650] tipc: Failed to remove unknown binding: 66,1,1/0:4243472287/4243472289 [ 662.276962][ T5387] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 662.468347][ T5387] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 662.471054][ T5387] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 662.473435][ T5387] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 662.475820][ T5387] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 662.480856][T28642] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 662.487034][ T5387] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 662.702550][T28642] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 662.708067][T28642] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 662.764754][ T9] usb 7-1: USB disconnect, device number 30 [ 662.936978][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 663.363864][T28699] FAULT_INJECTION: forcing a failure. [ 663.363864][T28699] name failslab, interval 1, probability 0, space 0, times 0 [ 663.372225][T28699] CPU: 1 UID: 0 PID: 28699 Comm: syz.2.2606 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 663.375244][T28699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 663.378021][T28699] Call Trace: [ 663.378916][T28699] [ 663.379689][T28699] dump_stack_lvl+0x16c/0x1f0 [ 663.380943][T28699] should_fail_ex+0x497/0x5b0 [ 663.382211][T28699] should_failslab+0xc2/0x120 [ 663.383536][T28699] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 663.384955][T28699] ? skb_clone+0x190/0x3f0 [ 663.386149][T28699] skb_clone+0x190/0x3f0 [ 663.387291][T28699] netlink_deliver_tap+0xb26/0xcf0 [ 663.388646][T28699] netlink_unicast+0x5e1/0x7f0 [ 663.389925][T28699] ? __pfx_netlink_unicast+0x10/0x10 [ 663.391323][T28699] ? __phys_addr_symbol+0x30/0x80 [ 663.392659][T28699] ? __check_object_size+0x488/0x710 [ 663.394075][T28699] netlink_sendmsg+0x8b8/0xd70 [ 663.395357][T28699] ? __pfx_netlink_sendmsg+0x10/0x10 [ 663.396768][T28699] ? lock_acquire+0x2f/0xb0 [ 663.398008][T28699] ____sys_sendmsg+0x9ae/0xb40 [ 663.399285][T28699] ? __pfx_____sys_sendmsg+0x10/0x10 [ 663.400685][T28699] ? get_compat_msghdr+0x11b/0x170 [ 663.402074][T28699] ? __pfx___lock_acquire+0x10/0x10 [ 663.403456][T28699] ___sys_sendmsg+0x135/0x1e0 [ 663.404708][T28699] ? __pfx____sys_sendmsg+0x10/0x10 [ 663.406085][T28699] ? lock_acquire+0x2f/0xb0 [ 663.407285][T28699] ? __fget_files+0x40/0x3f0 [ 663.408501][T28699] ? fdget+0x176/0x210 [ 663.409591][T28699] __sys_sendmsg+0x117/0x1f0 [ 663.410807][T28699] ? __pfx___sys_sendmsg+0x10/0x10 [ 663.412146][T28699] ? __fget_files+0x244/0x3f0 [ 663.413379][T28699] __do_fast_syscall_32+0x73/0x120 [ 663.414720][T28699] do_fast_syscall_32+0x32/0x80 [ 663.415998][T28699] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 663.417642][T28699] RIP: 0023:0xf7f56579 [ 663.418717][T28699] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 663.423658][T28699] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 663.425808][T28699] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 663.427848][T28699] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 663.429904][T28699] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 663.431924][T28699] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 663.433984][T28699] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 663.436049][T28699] [ 663.977115][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 664.045634][T28717] input: syz0 as /devices/virtual/input/input17 [ 664.159163][T28723] tipc: Failed to remove unknown binding: 66,1,1/2886997162:3602068937/3602068939 [ 664.162375][T28723] tipc: Failed to remove unknown binding: 66,1,1/2886997162:3602068937/3602068939 [ 665.017083][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 665.186113][T28773] tipc: Failed to remove unknown binding: 66,1,1/2886997162:2115032789/2115032791 [ 665.189022][T28773] tipc: Failed to remove unknown binding: 66,1,1/2886997162:2115032789/2115032791 [ 665.448045][T28789] FAULT_INJECTION: forcing a failure. [ 665.448045][T28789] name failslab, interval 1, probability 0, space 0, times 0 [ 665.452433][T28789] CPU: 2 UID: 0 PID: 28789 Comm: syz.3.2626 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 665.455971][T28789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 665.459601][T28789] Call Trace: [ 665.460746][T28789] [ 665.461821][T28789] dump_stack_lvl+0x16c/0x1f0 [ 665.463491][T28789] should_fail_ex+0x497/0x5b0 [ 665.465102][T28789] ? fs_reclaim_acquire+0xae/0x160 [ 665.466863][T28789] should_failslab+0xc2/0x120 [ 665.468465][T28789] __kmalloc_noprof+0xcb/0x410 [ 665.470120][T28789] ? rcu_is_watching+0x12/0xc0 [ 665.471759][T28789] tomoyo_encode2+0x100/0x3e0 [ 665.473389][T28789] tomoyo_realpath_from_path+0x1a7/0x710 [ 665.475289][T28789] ? tomoyo_path_number_perm+0x232/0x5b0 [ 665.477206][T28789] tomoyo_path_number_perm+0x245/0x5b0 [ 665.479089][T28789] ? tomoyo_path_number_perm+0x232/0x5b0 [ 665.481021][T28789] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 665.483082][T28789] ? trace_lock_acquire+0x14a/0x1d0 [ 665.484837][T28789] ? lock_acquire+0x2f/0xb0 [ 665.486386][T28789] ? __fget_files+0x40/0x3f0 [ 665.487976][T28789] ? __fget_files+0x244/0x3f0 [ 665.489594][T28789] security_file_ioctl_compat+0x9b/0x240 [ 665.491506][T28789] __do_compat_sys_ioctl+0x52/0x2b0 [ 665.493297][T28789] __do_fast_syscall_32+0x73/0x120 [ 665.495046][T28789] do_fast_syscall_32+0x32/0x80 [ 665.496702][T28789] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 665.498846][T28789] RIP: 0023:0xf7fb6579 [ 665.500266][T28789] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 665.506754][T28789] RSP: 002b:00000000f571556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 665.509570][T28789] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000005412 [ 665.512225][T28789] RDX: 0000000020000280 RSI: 0000000000000000 RDI: 0000000000000000 [ 665.514892][T28789] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 665.517551][T28789] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 665.520206][T28789] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 665.522890][T28789] [ 665.524024][ C2] vkms_vblank_simulate: vblank timer overrun [ 665.527646][T28789] ERROR: Out of memory at tomoyo_realpath_from_path. [ 666.054250][T28803] FAULT_INJECTION: forcing a failure. [ 666.054250][T28803] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 666.056963][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 666.059188][T28803] CPU: 2 UID: 0 PID: 28803 Comm: syz.1.2630 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 666.062898][T28803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 666.065763][T28803] Call Trace: [ 666.066653][T28803] [ 666.067459][T28803] dump_stack_lvl+0x16c/0x1f0 [ 666.068812][T28803] should_fail_ex+0x497/0x5b0 [ 666.070150][T28803] _copy_from_iter+0x48b/0x13e0 [ 666.071479][T28803] ? __pfx__copy_from_iter+0x10/0x10 [ 666.072851][T28803] ? __virt_addr_valid+0x1a4/0x590 [ 666.074258][T28803] ? __virt_addr_valid+0x5e/0x590 [ 666.075569][T28803] ? __phys_addr_symbol+0x30/0x80 [ 666.076895][T28803] ? __check_object_size+0x488/0x710 [ 666.078356][T28803] proc_sys_call_handler+0x418/0x6f0 [ 666.079749][T28803] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 666.081299][T28803] ? __pfx___lock_acquire+0x10/0x10 [ 666.082702][T28803] ? __pfx_aa_file_perm+0x10/0x10 [ 666.084072][T28803] ? rcu_is_watching+0x12/0xc0 [ 666.085362][T28803] ? trace_kmalloc+0x2d/0xe0 [ 666.086855][T28803] ? __kmalloc_noprof+0x207/0x410 [ 666.088658][T28803] do_iter_readv_writev+0x532/0x7f0 [ 666.090063][T28803] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 666.091555][T28803] ? rcu_is_watching+0x12/0xc0 [ 666.092820][T28803] vfs_writev+0x363/0xdd0 [ 666.094024][T28803] ? ksys_write+0x12f/0x260 [ 666.095236][T28803] ? __pfx_vfs_writev+0x10/0x10 [ 666.096714][T28803] ? find_held_lock+0x2d/0x110 [ 666.097999][T28803] ? __pfx_lock_release+0x10/0x10 [ 666.099311][T28803] ? trace_lock_acquire+0x14a/0x1d0 [ 666.100681][T28803] ? __fget_files+0x244/0x3f0 [ 666.101945][T28803] ? do_pwritev+0x1b4/0x270 [ 666.103150][T28803] do_pwritev+0x1b4/0x270 [ 666.104379][T28803] ? __pfx_do_pwritev+0x10/0x10 [ 666.105690][T28803] ? ksys_write+0x1ad/0x260 [ 666.106933][T28803] ? __pfx_ksys_write+0x10/0x10 [ 666.108227][T28803] __ia32_compat_sys_pwritev2+0x121/0x1b0 [ 666.109722][T28803] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 666.111472][T28803] __do_fast_syscall_32+0x73/0x120 [ 666.112813][T28803] do_fast_syscall_32+0x32/0x80 [ 666.114111][T28803] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 666.115826][T28803] RIP: 0023:0xf7fe5579 [ 666.117131][T28803] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 666.123102][T28803] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 000000000000017b [ 666.126039][T28803] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0 [ 666.128529][T28803] RDX: 000000000000000b RSI: 0000000000000000 RDI: 0000000000000000 [ 666.130606][T28803] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 666.132664][T28803] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 666.134721][T28803] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 666.136853][T28803] [ 666.137761][ C2] vkms_vblank_simulate: vblank timer overrun [ 666.292220][T28808] tipc: Failed to remove unknown binding: 66,1,1/0:4194715471/4194715473 [ 666.294494][T28808] tipc: Failed to remove unknown binding: 66,1,1/0:4194715471/4194715473 [ 667.097036][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 667.257104][T28836] tipc: Failed to remove unknown binding: 66,1,1/0:1665014487/1665014489 [ 667.259776][T28836] tipc: Failed to remove unknown binding: 66,1,1/0:1665014487/1665014489 [ 667.837801][T28846] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2644'. [ 667.842114][T28846] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 668.136943][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 668.371307][T28859] netlink: 'syz.2.2647': attribute type 10 has an invalid length. [ 668.377242][T28859] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 668.391504][ T5601] kernel write not supported for file /sg0 (pid: 5601 comm: kworker/2:3) [ 668.445348][T28863] lo speed is unknown, defaulting to 1000 [ 668.888271][T28891] tipc: Failed to remove unknown binding: 66,1,1/2886997162:2807624258/2807624260 [ 668.891649][T28891] tipc: Failed to remove unknown binding: 66,1,1/2886997162:2807624258/2807624260 [ 669.000976][T28894] FAULT_INJECTION: forcing a failure. [ 669.000976][T28894] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 669.005783][T28894] CPU: 3 UID: 0 PID: 28894 Comm: syz.2.2651 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 669.009652][T28894] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 669.013520][T28894] Call Trace: [ 669.014744][T28894] [ 669.015827][T28894] dump_stack_lvl+0x16c/0x1f0 [ 669.017557][T28894] should_fail_ex+0x497/0x5b0 [ 669.019286][T28894] _copy_to_user+0x30/0xc0 [ 669.020936][T28894] simple_read_from_buffer+0xd0/0x160 [ 669.022930][T28894] proc_fail_nth_read+0x198/0x270 [ 669.024775][T28894] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 669.026792][T28894] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 669.028787][T28894] vfs_read+0x1ce/0xbd0 [ 669.030331][T28894] ? __fget_files+0x23a/0x3f0 [ 669.032058][T28894] ? fdget_pos+0x24c/0x360 [ 669.033705][T28894] ? __pfx_lock_release+0x10/0x10 [ 669.035559][T28894] ? trace_lock_acquire+0x14a/0x1d0 [ 669.037444][T28894] ? __pfx_vfs_read+0x10/0x10 [ 669.039168][T28894] ? __pfx___mutex_lock+0x10/0x10 [ 669.040984][T28894] ? __fget_files+0x244/0x3f0 [ 669.042731][T28894] ksys_read+0x12f/0x260 [ 669.044293][T28894] ? __pfx_ksys_read+0x10/0x10 [ 669.046064][T28894] __do_fast_syscall_32+0x73/0x120 [ 669.047940][T28894] do_fast_syscall_32+0x32/0x80 [ 669.049732][T28894] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 669.052024][T28894] RIP: 0023:0xf7f56579 [ 669.053532][T28894] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 669.060475][T28894] RSP: 002b:00000000f56d65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 669.063561][T28894] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f56d6620 [ 669.066436][T28894] RDX: 000000000000000f RSI: 00000000f73dbff4 RDI: 0000000000000000 [ 669.069285][T28894] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 669.072139][T28894] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 669.074999][T28894] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 669.077870][T28894] [ 669.187018][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 669.263347][T28903] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2653'. [ 669.304835][T28904] dummy0: entered promiscuous mode [ 669.311594][T28904] dummy0: left promiscuous mode [ 669.376347][T28912] lo speed is unknown, defaulting to 1000 [ 669.583881][T28948] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2661'. [ 669.635116][T28946] tipc: Failed to remove unknown binding: 66,1,1/2886997162:464154673/464154675 [ 669.639162][T28946] tipc: Failed to remove unknown binding: 66,1,1/2886997162:464154673/464154675 [ 669.762446][T28963] netlink: 'syz.2.2664': attribute type 3 has an invalid length. [ 669.764621][T28963] netlink: 666 bytes leftover after parsing attributes in process `syz.2.2664'. [ 669.868417][T28971] mkiss: ax0: crc mode is auto. [ 670.000636][T28980] mkiss: ax0: crc mode is auto. [ 670.017220][T28971] overlayfs: unescaped trailing colons in lowerdir mount option. [ 670.226980][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 670.913601][T28992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2666'. [ 671.256931][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 671.742399][T29001] netlink: 'syz.2.2668': attribute type 10 has an invalid length. [ 671.784348][T29001] team0: Port device wlan1 added [ 672.259937][ T39] audit: type=1326 audit(1728291904.170:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29020 comm="syz.1.2672" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fdf0000 [ 672.297004][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 672.932906][T29025] bridge_slave_1: left allmulticast mode [ 672.934438][T29025] bridge_slave_1: left promiscuous mode [ 672.935981][T29025] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.958675][T29025] bridge_slave_0: left allmulticast mode [ 672.960590][T29025] bridge_slave_0: left promiscuous mode [ 672.962626][T29025] bridge0: port 1(bridge_slave_0) entered disabled state [ 673.347006][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 673.549888][T29035] mkiss: ax0: crc mode is auto. [ 673.606441][T29035] overlayfs: unescaped trailing colons in lowerdir mount option. [ 673.675114][T29033] mkiss: ax0: crc mode is auto. [ 674.386995][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 674.997263][T29082] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2682'. [ 675.000591][T29082] netdevsim netdevsim2 netdevsim0: Unsupported IPsec algorithm [ 675.205195][T29091] kAFS: unable to lookup cell '.,' [ 675.328682][T29096] FAULT_INJECTION: forcing a failure. [ 675.328682][T29096] name failslab, interval 1, probability 0, space 0, times 0 [ 675.332864][T29096] CPU: 2 UID: 0 PID: 29096 Comm: syz.3.2685 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 675.336470][T29096] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 675.339693][T29096] Call Trace: [ 675.340593][T29096] [ 675.341412][T29096] dump_stack_lvl+0x16c/0x1f0 [ 675.342803][T29096] should_fail_ex+0x497/0x5b0 [ 675.344539][T29096] ? fs_reclaim_acquire+0xae/0x160 [ 675.346425][T29096] should_failslab+0xc2/0x120 [ 675.347969][T29096] kmem_cache_alloc_node_noprof+0x71/0x310 [ 675.350002][T29096] ? __alloc_skb+0x2b3/0x380 [ 675.351878][T29096] __alloc_skb+0x2b3/0x380 [ 675.353641][T29096] ? __pfx___alloc_skb+0x10/0x10 [ 675.355478][T29096] ? __lock_acquire+0xbdd/0x3ce0 [ 675.357453][T29096] ? aa_label_sk_perm+0x19d/0x5a0 [ 675.359438][T29096] alloc_skb_with_frags+0xe4/0x850 [ 675.361377][T29096] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 675.363434][T29096] sock_alloc_send_pskb+0x7f1/0x980 [ 675.365494][T29096] ? __pfx___lock_acquire+0x10/0x10 [ 675.367527][T29096] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 675.369664][T29096] ? __pfx_lock_release+0x10/0x10 [ 675.371539][T29096] ? trace_lock_acquire+0x14a/0x1d0 [ 675.373455][T29096] ? __pfx___might_resched+0x10/0x10 [ 675.375428][T29096] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 675.377713][T29096] hci_sock_sendmsg+0x1c8/0x25e0 [ 675.379619][T29096] ? aa_file_perm+0x4d5/0xfe0 [ 675.381090][T29096] ? __pfx_aa_sk_perm+0x10/0x10 [ 675.382404][T29096] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 675.383812][T29096] sock_write_iter+0x4fe/0x5b0 [ 675.385089][T29096] ? __pfx_sock_write_iter+0x10/0x10 [ 675.386517][T29096] ? bpf_lsm_file_permission+0x9/0x10 [ 675.387971][T29096] ? security_file_permission+0x71/0x210 [ 675.389541][T29096] vfs_write+0x6b5/0x1140 [ 675.390717][T29096] ? __pfx_sock_write_iter+0x10/0x10 [ 675.392113][T29096] ? trace_lock_acquire+0x14a/0x1d0 [ 675.393541][T29096] ? __pfx_vfs_write+0x10/0x10 [ 675.394799][T29096] ? __fget_files+0x40/0x3f0 [ 675.396013][T29096] ksys_write+0x1fa/0x260 [ 675.397150][T29096] ? __pfx_ksys_write+0x10/0x10 [ 675.398462][T29096] __do_fast_syscall_32+0x73/0x120 [ 675.399857][T29096] do_fast_syscall_32+0x32/0x80 [ 675.401225][T29096] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 675.402918][T29096] RIP: 0023:0xf7fb6579 [ 675.403994][T29096] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 675.409012][T29096] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 675.411234][T29096] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000000 [ 675.413283][T29096] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000000 [ 675.415326][T29096] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 675.417384][T29096] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 675.419441][T29096] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 675.421465][T29096] [ 675.426991][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 675.607339][T29114] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 675.610220][T29114] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 675.613547][T29114] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 675.706981][ T9] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 675.870699][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 675.919127][ T9] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 675.927515][ T9] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 675.944696][ T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 675.947974][ T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 675.950930][ T9] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 675.959726][ T9] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 675.963531][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 676.204521][ T9] usb 7-1: GET_CAPABILITIES returned 0 [ 676.206489][ T9] usbtmc 7-1:16.0: can't read capabilities [ 676.309989][T29131] mkiss: ax0: crc mode is auto. [ 676.386614][T29139] FAULT_INJECTION: forcing a failure. [ 676.386614][T29139] name failslab, interval 1, probability 0, space 0, times 0 [ 676.390335][T29139] CPU: 2 UID: 0 PID: 29139 Comm: syz.0.2694 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 676.393083][T29139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 676.395846][T29139] Call Trace: [ 676.396733][T29139] [ 676.397534][T29139] dump_stack_lvl+0x16c/0x1f0 [ 676.398767][T29139] should_fail_ex+0x497/0x5b0 [ 676.400001][T29139] ? fs_reclaim_acquire+0xae/0x160 [ 676.401351][T29139] should_failslab+0xc2/0x120 [ 676.402561][T29139] __kmalloc_noprof+0xcb/0x410 [ 676.403811][T29139] ? bitmap_find_next_zero_area_off+0xb0/0xd0 [ 676.405400][T29139] __vb2_queue_alloc+0x238/0x1230 [ 676.406722][T29139] ? vid_cap_queue_setup+0x461/0xe70 [ 676.408111][T29139] vb2_core_reqbufs+0xa73/0xfb0 [ 676.409397][T29139] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 676.410828][T29139] __vb2_init_fileio+0x3f3/0x1110 [ 676.412147][T29139] ? __pfx___mutex_lock+0x10/0x10 [ 676.413475][T29139] vb2_core_poll+0x5e8/0x700 [ 676.414704][T29139] vb2_poll+0x35/0x160 [ 676.415771][T29139] vb2_fop_poll+0x10f/0x2c0 [ 676.416977][T29139] ? __pfx_vb2_fop_poll+0x10/0x10 [ 676.418292][T29139] v4l2_poll+0x160/0x320 [ 676.419397][T29139] do_select+0xc9a/0x17b0 [ 676.420522][T29139] ? page_ext_put+0x48/0xd0 [ 676.421725][T29139] ? __pfx_v4l2_poll+0x10/0x10 [ 676.422967][T29139] ? __pfx_do_select+0x10/0x10 [ 676.424212][T29139] ? mark_lock+0xb5/0xc60 [ 676.425353][T29139] ? mark_lock+0xb5/0xc60 [ 676.426486][T29139] ? hlock_class+0x4e/0x130 [ 676.427671][T29139] ? __pfx_pollwake+0x10/0x10 [ 676.428889][T29139] ? __pfx_pollwake+0x10/0x10 [ 676.430131][T29139] ? compat_core_sys_select+0x1de/0x880 [ 676.431550][T29139] ? __pfx_lock_release+0x10/0x10 [ 676.432858][T29139] ? trace_lock_acquire+0x14a/0x1d0 [ 676.434210][T29139] ? compat_core_sys_select+0x687/0x880 [ 676.435631][T29139] compat_core_sys_select+0x687/0x880 [ 676.437014][T29139] ? __pfx_compat_core_sys_select+0x10/0x10 [ 676.438544][T29139] ? get_pid_task+0xfc/0x250 [ 676.439758][T29139] ? set_compat_user_sigmask+0x20f/0x2a0 [ 676.441220][T29139] ? __pfx_set_compat_user_sigmask+0x10/0x10 [ 676.442771][T29139] do_compat_pselect+0x202/0x240 [ 676.444052][T29139] ? __pfx_do_compat_pselect+0x10/0x10 [ 676.445475][T29139] __ia32_compat_sys_pselect6_time32+0x17c/0x240 [ 676.447106][T29139] ? __pfx___ia32_compat_sys_pselect6_time32+0x10/0x10 [ 676.449047][T29139] __do_fast_syscall_32+0x73/0x120 [ 676.450402][T29139] do_fast_syscall_32+0x32/0x80 [ 676.451681][T29139] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 676.453339][T29139] RIP: 0023:0xf7f56579 [ 676.454410][T29139] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 676.459362][T29139] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000134 [ 676.461534][T29139] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 0000000020000000 [ 676.463581][T29139] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 676.465632][T29139] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 676.467681][T29139] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 676.469122][T29141] overlayfs: unescaped trailing colons in lowerdir mount option. [ 676.469727][T29139] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 676.473857][T29139] [ 676.476357][ T5411] usb 7-1: USB disconnect, device number 31 [ 676.476928][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 676.486585][T29140] mkiss: ax0: crc mode is auto. [ 676.573199][T29156] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2696'. [ 676.997282][T29161] Invalid logical block size (1) [ 677.496965][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 677.687165][ T5411] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 677.736892][ T5346] Bluetooth: hci2: command 0x0405 tx timeout [ 677.839148][ T5411] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 677.843170][ T5411] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 677.846043][ T5411] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 677.851056][ T5411] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 677.860431][ T5411] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 677.862862][ T5411] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 677.864958][ T5411] usb 6-1: Manufacturer: syz [ 677.868867][ T5411] usb 6-1: config 0 descriptor?? [ 677.912624][T29192] FAULT_INJECTION: forcing a failure. [ 677.912624][T29192] name failslab, interval 1, probability 0, space 0, times 0 [ 677.916186][T29192] CPU: 2 UID: 0 PID: 29192 Comm: syz.0.2703 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 677.918987][T29192] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 677.921824][T29192] Call Trace: [ 677.922703][T29192] [ 677.923486][T29192] dump_stack_lvl+0x16c/0x1f0 [ 677.924736][T29192] should_fail_ex+0x497/0x5b0 [ 677.925990][T29192] ? fs_reclaim_acquire+0xae/0x160 [ 677.927338][T29192] should_failslab+0xc2/0x120 [ 677.928579][T29192] __kmalloc_noprof+0xcb/0x410 [ 677.929855][T29192] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 677.931364][T29192] tomoyo_realpath_from_path+0xbf/0x710 [ 677.932832][T29192] ? tomoyo_path2_perm+0x295/0x760 [ 677.934203][T29192] tomoyo_path2_perm+0x2a3/0x760 [ 677.935512][T29192] ? tomoyo_path2_perm+0x295/0x760 [ 677.936861][T29192] ? __pfx_tomoyo_path2_perm+0x10/0x10 [ 677.938459][T29192] ? hlock_class+0x4e/0x130 [ 677.939664][T29192] ? current_check_refer_path+0x2be/0x710 [ 677.941181][T29192] ? __pfx_current_check_refer_path+0x10/0x10 [ 677.942779][T29192] tomoyo_path_rename+0x102/0x1b0 [ 677.944022][T29192] ? __pfx_tomoyo_path_rename+0x10/0x10 [ 677.945511][T29192] ? __d_lookup+0x266/0x4a0 [ 677.946720][T29192] ? d_lookup+0xe9/0x180 [ 677.947852][T29192] security_path_rename+0x18e/0x3c0 [ 677.949240][T29192] do_renameat2+0x7a0/0xdd0 [ 677.950454][T29192] ? __pfx_do_renameat2+0x10/0x10 [ 677.951786][T29192] ? trace_lock_acquire+0x14a/0x1d0 [ 677.953176][T29192] ? lock_acquire+0x2f/0xb0 [ 677.954390][T29192] ? __might_fault+0xe3/0x190 [ 677.955638][T29192] ? __might_fault+0xe3/0x190 [ 677.956885][T29192] ? getname_flags.part.0+0x1c5/0x550 [ 677.958321][T29192] __ia32_sys_rename+0x7c/0xa0 [ 677.959593][T29192] __do_fast_syscall_32+0x73/0x120 [ 677.960969][T29192] do_fast_syscall_32+0x32/0x80 [ 677.962274][T29192] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 677.963943][T29192] RIP: 0023:0xf7f56579 [ 677.965029][T29192] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 677.970052][T29192] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000026 [ 677.972245][T29192] RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 0000000020000280 [ 677.974326][T29192] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 677.976400][T29192] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 677.978472][T29192] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 677.980537][T29192] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 677.982647][T29192] [ 677.987087][T29192] ERROR: Out of memory at tomoyo_realpath_from_path. [ 678.275618][ T5411] appleir 0003:05AC:8243.000C: unknown main item tag 0x0 [ 678.278330][ T5411] appleir 0003:05AC:8243.000C: No inputs registered, leaving [ 678.297534][ T5411] appleir 0003:05AC:8243.000C: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 678.546912][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 678.814949][T29178] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2699'. [ 678.829778][ T5411] usb 6-1: USB disconnect, device number 32 [ 679.238624][T29245] mkiss: ax0: crc mode is auto. [ 679.351862][T29257] mkiss: ax0: crc mode is auto. [ 679.388365][T29245] overlayfs: unescaped trailing colons in lowerdir mount option. [ 679.498742][T29269] FAULT_INJECTION: forcing a failure. [ 679.498742][T29269] name failslab, interval 1, probability 0, space 0, times 0 [ 679.502164][T29269] CPU: 0 UID: 0 PID: 29269 Comm: syz.1.2718 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 679.504904][T29269] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 679.507702][T29269] Call Trace: [ 679.508579][T29269] [ 679.509367][T29269] dump_stack_lvl+0x16c/0x1f0 [ 679.510621][T29269] should_fail_ex+0x497/0x5b0 [ 679.511856][T29269] ? fs_reclaim_acquire+0xae/0x160 [ 679.513195][T29269] should_failslab+0xc2/0x120 [ 679.514437][T29269] __kmalloc_noprof+0xcb/0x410 [ 679.515704][T29269] ? __pfx_d_absolute_path+0x10/0x10 [ 679.517107][T29269] tomoyo_encode2+0x100/0x3e0 [ 679.518599][T29269] tomoyo_realpath_from_path+0x1a7/0x710 [ 679.520074][T29269] tomoyo_path_number_perm+0x245/0x5b0 [ 679.521518][T29269] ? tomoyo_path_number_perm+0x232/0x5b0 [ 679.522988][T29269] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 679.524554][T29269] ? irqentry_exit+0x3b/0x90 [ 679.525785][T29269] ? trace_lock_acquire+0x14a/0x1d0 [ 679.527150][T29269] ? lock_acquire+0x2f/0xb0 [ 679.528348][T29269] ? __fget_files+0x40/0x3f0 [ 679.529571][T29269] ? __fget_files+0x244/0x3f0 [ 679.530807][T29269] security_file_ioctl_compat+0x9b/0x240 [ 679.532276][T29269] __do_compat_sys_ioctl+0x52/0x2b0 [ 679.533646][T29269] __do_fast_syscall_32+0x73/0x120 [ 679.534986][T29269] do_fast_syscall_32+0x32/0x80 [ 679.536267][T29269] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 679.537943][T29269] RIP: 0023:0xf7fe5579 [ 679.539023][T29269] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 679.544036][T29269] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 679.546223][T29269] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000005412 [ 679.548285][T29269] RDX: 00000000200001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 679.550353][T29269] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 679.552416][T29269] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 679.554474][T29269] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 679.556537][T29269] [ 679.557444][ C0] vkms_vblank_simulate: vblank timer overrun [ 679.559362][T29269] ERROR: Out of memory at tomoyo_realpath_from_path. [ 679.577007][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 679.692114][T29276] tipc: Failed to remove unknown binding: 66,1,1/0:1053141033/1053141035 [ 679.694385][T29276] tipc: Failed to remove unknown binding: 66,1,1/0:1053141033/1053141035 [ 680.056906][ T63] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 680.227028][ T63] usb 6-1: Using ep0 maxpacket: 8 [ 680.231129][ T63] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 680.233265][ T63] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 680.235760][ T63] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 680.238327][ T63] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 680.240913][ T63] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 680.244263][ T63] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 680.246638][ T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 680.467809][ T63] usb 6-1: GET_CAPABILITIES returned 0 [ 680.469245][ T63] usbtmc 6-1:16.0: can't read capabilities [ 680.626909][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 680.819238][T29312] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 680.880126][T29315] tipc: Failed to remove unknown binding: 66,1,1/2886997162:803295290/803295292 [ 680.882476][T29315] tipc: Failed to remove unknown binding: 66,1,1/2886997162:803295290/803295292 [ 680.890228][T29285] usbtmc 6-1:16.0: usb_control_msg returned -71 [ 680.890443][ T63] usb 6-1: USB disconnect, device number 33 [ 680.893733][T29309] usbtmc 6-1:16.0: usb_control_msg returned -19 [ 681.302490][T29345] FAULT_INJECTION: forcing a failure. [ 681.302490][T29345] name failslab, interval 1, probability 0, space 0, times 0 [ 681.305914][T29345] CPU: 2 UID: 0 PID: 29345 Comm: syz.3.2735 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 681.309263][T29345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 681.312415][T29345] Call Trace: [ 681.313560][T29345] [ 681.314539][T29345] dump_stack_lvl+0x16c/0x1f0 [ 681.316090][T29345] should_fail_ex+0x497/0x5b0 [ 681.317424][T29345] ? fs_reclaim_acquire+0xae/0x160 [ 681.318970][T29345] should_failslab+0xc2/0x120 [ 681.320501][T29345] __kmalloc_cache_noprof+0x6b/0x310 [ 681.322321][T29345] ? vb2_vmalloc_alloc+0xe2/0x3d0 [ 681.323980][T29345] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 681.325884][T29345] vb2_vmalloc_alloc+0xe2/0x3d0 [ 681.327462][T29345] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 681.329352][T29345] __vb2_queue_alloc+0x896/0x1230 [ 681.331069][T29345] vb2_core_reqbufs+0xa73/0xfb0 [ 681.332561][T29345] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 681.334292][T29345] __vb2_init_fileio+0x3f3/0x1110 [ 681.336059][T29345] ? __pfx___mutex_lock+0x10/0x10 [ 681.337690][T29345] ? lock_acquire+0x2f/0xb0 [ 681.339092][T29345] vb2_core_poll+0x5e8/0x700 [ 681.340577][T29345] vb2_poll+0x35/0x160 [ 681.341932][T29345] vb2_fop_poll+0x10f/0x2c0 [ 681.343254][T29345] ? __pfx_vb2_fop_poll+0x10/0x10 [ 681.344783][T29345] v4l2_poll+0x160/0x320 [ 681.345900][T29345] do_select+0xc9a/0x17b0 [ 681.347275][T29345] ? page_ext_put+0x48/0xd0 [ 681.348605][T29345] ? __pfx_v4l2_poll+0x10/0x10 [ 681.350163][T29345] ? __pfx_do_select+0x10/0x10 [ 681.351557][T29345] ? mark_lock+0xb5/0xc60 [ 681.352933][T29345] ? mark_lock+0xb5/0xc60 [ 681.354188][T29345] ? hlock_class+0x4e/0x130 [ 681.355545][T29345] ? __pfx_pollwake+0x10/0x10 [ 681.357101][T29345] ? __pfx_pollwake+0x10/0x10 [ 681.358730][T29345] ? compat_core_sys_select+0x1de/0x880 [ 681.360501][T29345] ? __pfx_lock_release+0x10/0x10 [ 681.362087][T29345] ? trace_lock_acquire+0x14a/0x1d0 [ 681.363856][T29345] ? compat_core_sys_select+0x687/0x880 [ 681.365723][T29345] compat_core_sys_select+0x687/0x880 [ 681.367380][T29345] ? __pfx_compat_core_sys_select+0x10/0x10 [ 681.369210][T29345] ? get_pid_task+0xfc/0x250 [ 681.370808][T29345] ? set_compat_user_sigmask+0x20f/0x2a0 [ 681.372436][T29345] ? __pfx_set_compat_user_sigmask+0x10/0x10 [ 681.374387][T29345] ? do_user_addr_fault+0xdc7/0x13f0 [ 681.375745][T29345] ? reacquire_held_locks+0x20b/0x4c0 [ 681.377302][T29345] do_compat_pselect+0x202/0x240 [ 681.378909][T29345] ? __pfx_do_compat_pselect+0x10/0x10 [ 681.380787][T29345] ? do_user_addr_fault+0xe50/0x13f0 [ 681.382546][T29345] ? __pfx_lock_release+0x10/0x10 [ 681.384233][T29345] __ia32_compat_sys_pselect6_time32+0x17c/0x240 [ 681.386323][T29345] ? __pfx___ia32_compat_sys_pselect6_time32+0x10/0x10 [ 681.388548][T29345] __do_fast_syscall_32+0x73/0x120 [ 681.390236][T29345] do_fast_syscall_32+0x32/0x80 [ 681.391872][T29345] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 681.394027][T29345] RIP: 0023:0xf7fb6579 [ 681.395423][T29345] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 681.401778][T29345] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000134 [ 681.404538][T29345] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 0000000020000000 [ 681.407196][T29345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 681.409825][T29345] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 681.412439][T29345] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 681.415044][T29345] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 681.417594][T29345] [ 681.656934][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 681.762446][T29350] overlayfs: unescaped trailing colons in lowerdir mount option. [ 682.706897][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 683.736914][ C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 683.771668][ C3] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 684.321506][ C3] ------------[ cut here ]------------ [ 684.324045][ C3] WARNING: CPU: 3 PID: 29349 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 684.327729][ C3] Modules linked in: [ 684.329265][ C3] CPU: 3 UID: 0 PID: 29349 Comm: syz.3.2737 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 684.334802][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 684.338510][ C3] RIP: 0010:__mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 684.340832][ C3] Code: 02 48 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 86 0d 00 00 c6 43 7f 00 e9 22 f0 ff ff 48 8b ac 24 a0 00 00 00 e8 da 16 99 f6 90 <0f> 0b 90 e9 49 f3 ff ff e8 cc 16 99 f6 90 0f 0b 90 e9 df f0 ff ff [ 684.347265][ C3] RSP: 0018:ffffc900005f0408 EFLAGS: 00010246 [ 684.348962][ C3] RAX: 0000000000000000 RBX: 00000000000081e5 RCX: ffffffff8af39382 [ 684.351391][ C3] RDX: ffff88802515a440 RSI: ffffffff8af3a0e6 RDI: 0000000000000004 [ 684.353815][ C3] RBP: ffffc900005f0528 R08: 0000000000000004 R09: 00000000000081e5 [ 684.356227][ C3] R10: 00000000000055f0 R11: 0000000000000000 R12: ffff8880245e3f68 [ 684.359079][ C3] R13: 0000000000000000 R14: ffff8880245e3e80 R15: dffffc0000000000 [ 684.361900][ C3] FS: 0000000000000000(0000) GS:ffff88802b700000(0063) knlGS:00000000f5736b40 [ 684.365072][ C3] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 684.367532][ C3] CR2: 0000000020010000 CR3: 0000000029d7c000 CR4: 0000000000352ef0 [ 684.370252][ C3] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 684.372910][ C3] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 684.375774][ C3] Call Trace: [ 684.376997][ C3] [ 684.378045][ C3] ? __warn+0xea/0x3d0 [ 684.379512][ C3] ? __mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 684.381669][ C3] ? report_bug+0x3c0/0x580 [ 684.383243][ C3] ? handle_bug+0x54/0xa0 [ 684.384788][ C3] ? exc_invalid_op+0x17/0x50 [ 684.386484][ C3] ? asm_exc_invalid_op+0x1a/0x20 [ 684.388243][ C3] ? __mptcp_move_skbs_from_subflow+0x8c2/0x24d0 [ 684.390363][ C3] ? __mptcp_move_skbs_from_subflow+0x1626/0x24d0 [ 684.392514][ C3] ? __mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 684.394720][ C3] ? __mptcp_move_skbs_from_subflow+0x1626/0x24d0 [ 684.396921][ C3] mptcp_data_ready+0x30e/0x8e0 [ 684.398657][ C3] ? __pfx_mptcp_data_ready+0x10/0x10 [ 684.400563][ C3] subflow_data_ready+0x51d/0x7d0 [ 684.402396][ C3] ? __pfx_subflow_data_ready+0x10/0x10 [ 684.404389][ C3] ? __pfx_tcp_grow_window+0x10/0x10 [ 684.406283][ C3] tcp_data_ready+0x146/0x5b0 [ 684.407997][ C3] ? tcp_event_data_recv+0xb6e/0x1410 [ 684.409865][ C3] ? __pfx_tcp_data_ready+0x10/0x10 [ 684.411652][ C3] tcp_data_queue+0x1a6f/0x5280 [ 684.413344][ C3] ? tcp_urg+0x110/0xb80 [ 684.414784][ C3] ? __pfx_tcp_data_queue+0x10/0x10 [ 684.416696][ C3] ? tcp_send_dupack+0x7b0/0x810 [ 684.418606][ C3] ? ktime_get+0xfb/0x1a0 [ 684.420176][ C3] tcp_rcv_established+0x8b1/0x21c0 [ 684.422063][ C3] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 684.424093][ C3] ? __pfx_tcp_rcv_established+0x10/0x10 [ 684.426137][ C3] ? do_raw_spin_lock+0x12d/0x2c0 [ 684.427981][ C3] ? __pfx_ipv4_dst_check+0x10/0x10 [ 684.429817][ C3] tcp_v4_do_rcv+0x5ca/0xa90 [ 684.431017][ C3] tcp_v4_rcv+0x33bc/0x43b0 [ 684.432203][ C3] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 684.433472][ C3] ? __pfx_raw_local_deliver+0x10/0x10 [ 684.434878][ C3] ? rcu_is_watching+0x12/0xc0 [ 684.436110][ C3] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 684.437516][ C3] ip_protocol_deliver_rcu+0xba/0x4c0 [ 684.438898][ C3] ip_local_deliver_finish+0x316/0x570 [ 684.440287][ C3] ip_local_deliver+0x18e/0x1f0 [ 684.441566][ C3] ? __pfx_ip_local_deliver+0x10/0x10 [ 684.442958][ C3] ip_rcv+0x2c3/0x5d0 [ 684.444009][ C3] ? __pfx_ip_rcv+0x10/0x10 [ 684.445205][ C3] __netif_receive_skb_one_core+0x199/0x1e0 [ 684.446729][ C3] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 684.449000][ C3] ? trace_lock_acquire+0x14a/0x1d0 [ 684.450842][ C3] ? process_backlog+0x3f1/0x15f0 [ 684.452637][ C3] ? process_backlog+0x3f1/0x15f0 [ 684.454460][ C3] __netif_receive_skb+0x1d/0x160 [ 684.456302][ C3] process_backlog+0x443/0x15f0 [ 684.458109][ C3] __napi_poll.constprop.0+0xb7/0x550 [ 684.459802][ C3] net_rx_action+0xa92/0x1010 [ 684.461333][ C3] ? __pfx_net_rx_action+0x10/0x10 [ 684.462929][ C3] ? __pfx_mark_lock+0x10/0x10 [ 684.464452][ C3] ? kvm_sched_clock_read+0x11/0x20 [ 684.466327][ C3] ? sched_clock+0x38/0x60 [ 684.467918][ C3] ? sched_clock_cpu+0x6d/0x4d0 [ 684.469609][ C3] ? mark_held_locks+0x9f/0xe0 [ 684.471227][ C3] handle_softirqs+0x213/0x8f0 [ 684.472819][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 684.474595][ C3] ? __dev_queue_xmit+0x872/0x4350 [ 684.476421][ C3] do_softirq+0xb2/0xf0 [ 684.477904][ C3] [ 684.478955][ C3] [ 684.480024][ C3] __local_bh_enable_ip+0x100/0x120 [ 684.481930][ C3] ? __dev_queue_xmit+0x872/0x4350 [ 684.483799][ C3] __dev_queue_xmit+0x887/0x4350 [ 684.485606][ C3] ? hlock_class+0x4e/0x130 [ 684.487288][ C3] ? __lock_acquire+0x163e/0x3ce0 [ 684.489115][ C3] ? __pfx___dev_queue_xmit+0x10/0x10 [ 684.491067][ C3] ? hlock_class+0x4e/0x130 [ 684.492765][ C3] ? mark_lock+0xb5/0xc60 [ 684.494372][ C3] ? __pfx___lock_acquire+0x10/0x10 [ 684.496293][ C3] ? __pfx_mark_lock+0x10/0x10 [ 684.497906][ C3] ? find_held_lock+0x2d/0x110 [ 684.499150][ C3] ? __ip_finish_output+0x49e/0x950 [ 684.500484][ C3] ? __pfx_lock_release+0x10/0x10 [ 684.501801][ C3] ? mark_held_locks+0x9f/0xe0 [ 684.503025][ C3] ip_finish_output2+0x16d5/0x2530 [ 684.504352][ C3] ? __pfx_ip_finish_output2+0x10/0x10 [ 684.505773][ C3] ? ip_skb_dst_mtu+0x3fc/0xc70 [ 684.507087][ C3] ? __pfx_ip_skb_dst_mtu+0x10/0x10 [ 684.508425][ C3] __ip_finish_output+0x49e/0x950 [ 684.509727][ C3] ip_finish_output+0x31/0x310 [ 684.510962][ C3] ip_output+0x13b/0x2a0 [ 684.512053][ C3] ? __pfx_ip_output+0x10/0x10 [ 684.513304][ C3] ip_local_out+0x33e/0x4a0 [ 684.514475][ C3] __ip_queue_xmit+0x747/0x1940 [ 684.515868][ C3] ? __pfx_ip_queue_xmit+0x10/0x10 [ 684.517255][ C3] __tcp_transmit_skb+0x2a3a/0x3da0 [ 684.518598][ C3] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 684.520030][ C3] ? kasan_quarantine_put+0x10a/0x240 [ 684.521550][ C3] tcp_write_xmit+0x7d13/0x8b80 [ 684.522876][ C3] __tcp_push_pending_frames+0xaf/0x390 [ 684.524322][ C3] tcp_rcv_established+0x93a/0x21c0 [ 684.525701][ C3] ? __pfx_tcp_rcv_established+0x10/0x10 [ 684.527212][ C3] ? __pfx_lock_release+0x10/0x10 [ 684.528505][ C3] tcp_v4_do_rcv+0x5ca/0xa90 [ 684.529686][ C3] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 684.530987][ C3] __release_sock+0x31b/0x400 [ 684.532213][ C3] ? release_sock+0x21/0x220 [ 684.533393][ C3] release_sock+0x5a/0x220 [ 684.534512][ C3] __mptcp_push_pending+0x400/0x560 [ 684.535802][ C3] ? __pfx___mptcp_push_pending+0x10/0x10 [ 684.537334][ C3] ? __virt_addr_valid+0x5e/0x590 [ 684.538664][ C3] ? const_folio_flags.constprop.0+0x56/0x150 [ 684.540255][ C3] ? __phys_addr_symbol+0x30/0x80 [ 684.541596][ C3] ? __check_object_size+0x488/0x710 [ 684.542980][ C3] mptcp_sendmsg+0x1960/0x1f20 [ 684.544258][ C3] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 684.545646][ C3] ? __pfx_aa_sk_perm+0x10/0x10 [ 684.546979][ C3] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 684.548260][ C3] inet_sendmsg+0x119/0x140 [ 684.549413][ C3] __sys_sendto+0x426/0x4d0 [ 684.550579][ C3] ? __pfx___sys_sendto+0x10/0x10 [ 684.551847][ C3] ? find_held_lock+0x2d/0x110 [ 684.553071][ C3] ? __do_compat_sys_sigreturn+0x196/0x1f0 [ 684.554535][ C3] __ia32_sys_sendto+0xdd/0x1b0 [ 684.555754][ C3] ? syscall_trace_enter+0x1ce/0x240 [ 684.557123][ C3] __do_fast_syscall_32+0x73/0x120 [ 684.558408][ C3] do_fast_syscall_32+0x32/0x80 [ 684.559628][ C3] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 684.561238][ C3] RIP: 0023:0xf7fb6579 [ 684.562468][ C3] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 684.567297][ C3] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 684.569399][ C3] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000200000c0 [ 684.571380][ C3] RDX: 0000000000010002 RSI: 0000000000000000 RDI: 0000000000000000 [ 684.573378][ C3] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 684.575495][ C3] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 684.577527][ C3] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 684.579485][ C3] [ 684.580273][ C3] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 684.582108][ C3] CPU: 3 UID: 0 PID: 29349 Comm: syz.3.2737 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0 [ 684.584736][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 684.587467][ C3] Call Trace: [ 684.588312][ C3] [ 684.589064][ C3] dump_stack_lvl+0x3d/0x1f0 [ 684.590237][ C3] panic+0x71d/0x800 [ 684.591229][ C3] ? __pfx_panic+0x10/0x10 [ 684.592358][ C3] ? show_trace_log_lvl+0x29d/0x3d0 [ 684.593669][ C3] ? check_panic_on_warn+0x1f/0xb0 [ 684.594944][ C3] ? __mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 684.596532][ C3] check_panic_on_warn+0xab/0xb0 [ 684.597772][ C3] __warn+0xf6/0x3d0 [ 684.598766][ C3] ? __mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 684.600358][ C3] report_bug+0x3c0/0x580 [ 684.601457][ C3] handle_bug+0x54/0xa0 [ 684.602520][ C3] exc_invalid_op+0x17/0x50 [ 684.603669][ C3] asm_exc_invalid_op+0x1a/0x20 [ 684.604891][ C3] RIP: 0010:__mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 684.606636][ C3] Code: 02 48 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 86 0d 00 00 c6 43 7f 00 e9 22 f0 ff ff 48 8b ac 24 a0 00 00 00 e8 da 16 99 f6 90 <0f> 0b 90 e9 49 f3 ff ff e8 cc 16 99 f6 90 0f 0b 90 e9 df f0 ff ff [ 684.611480][ C3] RSP: 0018:ffffc900005f0408 EFLAGS: 00010246 [ 684.612994][ C3] RAX: 0000000000000000 RBX: 00000000000081e5 RCX: ffffffff8af39382 [ 684.614954][ C3] RDX: ffff88802515a440 RSI: ffffffff8af3a0e6 RDI: 0000000000000004 [ 684.616919][ C3] RBP: ffffc900005f0528 R08: 0000000000000004 R09: 00000000000081e5 [ 684.619109][ C3] R10: 00000000000055f0 R11: 0000000000000000 R12: ffff8880245e3f68 [ 684.621202][ C3] R13: 0000000000000000 R14: ffff8880245e3e80 R15: dffffc0000000000 [ 684.623226][ C3] ? __mptcp_move_skbs_from_subflow+0x8c2/0x24d0 [ 684.624877][ C3] ? __mptcp_move_skbs_from_subflow+0x1626/0x24d0 [ 684.626563][ C3] ? __mptcp_move_skbs_from_subflow+0x1626/0x24d0 [ 684.628198][ C3] mptcp_data_ready+0x30e/0x8e0 [ 684.629438][ C3] ? __pfx_mptcp_data_ready+0x10/0x10 [ 684.630785][ C3] subflow_data_ready+0x51d/0x7d0 [ 684.632044][ C3] ? __pfx_subflow_data_ready+0x10/0x10 [ 684.633442][ C3] ? __pfx_tcp_grow_window+0x10/0x10 [ 684.634758][ C3] tcp_data_ready+0x146/0x5b0 [ 684.635933][ C3] ? tcp_event_data_recv+0xb6e/0x1410 [ 684.637281][ C3] ? __pfx_tcp_data_ready+0x10/0x10 [ 684.638588][ C3] tcp_data_queue+0x1a6f/0x5280 [ 684.639811][ C3] ? tcp_urg+0x110/0xb80 [ 684.640897][ C3] ? __pfx_tcp_data_queue+0x10/0x10 [ 684.642212][ C3] ? tcp_send_dupack+0x7b0/0x810 [ 684.643448][ C3] ? ktime_get+0xfb/0x1a0 [ 684.644529][ C3] tcp_rcv_established+0x8b1/0x21c0 [ 684.645874][ C3] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 684.647288][ C3] ? __pfx_tcp_rcv_established+0x10/0x10 [ 684.648682][ C3] ? do_raw_spin_lock+0x12d/0x2c0 [ 684.649955][ C3] ? __pfx_ipv4_dst_check+0x10/0x10 [ 684.651267][ C3] tcp_v4_do_rcv+0x5ca/0xa90 [ 684.652432][ C3] tcp_v4_rcv+0x33bc/0x43b0 [ 684.653604][ C3] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 684.654833][ C3] ? __pfx_raw_local_deliver+0x10/0x10 [ 684.656203][ C3] ? rcu_is_watching+0x12/0xc0 [ 684.657457][ C3] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 684.658709][ C3] ip_protocol_deliver_rcu+0xba/0x4c0 [ 684.660079][ C3] ip_local_deliver_finish+0x316/0x570 [ 684.661508][ C3] ip_local_deliver+0x18e/0x1f0 [ 684.662766][ C3] ? __pfx_ip_local_deliver+0x10/0x10 [ 684.664145][ C3] ip_rcv+0x2c3/0x5d0 [ 684.665215][ C3] ? __pfx_ip_rcv+0x10/0x10 [ 684.666406][ C3] __netif_receive_skb_one_core+0x199/0x1e0 [ 684.667975][ C3] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 684.669681][ C3] ? trace_lock_acquire+0x14a/0x1d0 [ 684.671059][ C3] ? process_backlog+0x3f1/0x15f0 [ 684.672408][ C3] ? process_backlog+0x3f1/0x15f0 [ 684.673754][ C3] __netif_receive_skb+0x1d/0x160 [ 684.675101][ C3] process_backlog+0x443/0x15f0 [ 684.676415][ C3] __napi_poll.constprop.0+0xb7/0x550 [ 684.677833][ C3] net_rx_action+0xa92/0x1010 [ 684.679254][ C3] ? __pfx_net_rx_action+0x10/0x10 [ 684.680746][ C3] ? __pfx_mark_lock+0x10/0x10 [ 684.681998][ C3] ? kvm_sched_clock_read+0x11/0x20 [ 684.683402][ C3] ? sched_clock+0x38/0x60 [ 684.684553][ C3] ? sched_clock_cpu+0x6d/0x4d0 [ 684.685893][ C3] ? mark_held_locks+0x9f/0xe0 [ 684.687125][ C3] handle_softirqs+0x213/0x8f0 [ 684.688360][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 684.689826][ C3] ? __dev_queue_xmit+0x872/0x4350 [ 684.691143][ C3] do_softirq+0xb2/0xf0 [ 684.692267][ C3] [ 684.693114][ C3] [ 684.693880][ C3] __local_bh_enable_ip+0x100/0x120 [ 684.695210][ C3] ? __dev_queue_xmit+0x872/0x4350 [ 684.696517][ C3] __dev_queue_xmit+0x887/0x4350 [ 684.697803][ C3] ? hlock_class+0x4e/0x130 [ 684.698971][ C3] ? __lock_acquire+0x163e/0x3ce0 [ 684.700262][ C3] ? __pfx___dev_queue_xmit+0x10/0x10 [ 684.701667][ C3] ? hlock_class+0x4e/0x130 [ 684.702852][ C3] ? mark_lock+0xb5/0xc60 [ 684.703981][ C3] ? __pfx___lock_acquire+0x10/0x10 [ 684.705321][ C3] ? __pfx_mark_lock+0x10/0x10 [ 684.706557][ C3] ? find_held_lock+0x2d/0x110 [ 684.707786][ C3] ? __ip_finish_output+0x49e/0x950 [ 684.709170][ C3] ? __pfx_lock_release+0x10/0x10 [ 684.710487][ C3] ? mark_held_locks+0x9f/0xe0 [ 684.711722][ C3] ip_finish_output2+0x16d5/0x2530 [ 684.713056][ C3] ? __pfx_ip_finish_output2+0x10/0x10 [ 684.714444][ C3] ? ip_skb_dst_mtu+0x3fc/0xc70 [ 684.715665][ C3] ? __pfx_ip_skb_dst_mtu+0x10/0x10 [ 684.716970][ C3] __ip_finish_output+0x49e/0x950 [ 684.718233][ C3] ip_finish_output+0x31/0x310 [ 684.719429][ C3] ip_output+0x13b/0x2a0 [ 684.720660][ C3] ? __pfx_ip_output+0x10/0x10 [ 684.721894][ C3] ip_local_out+0x33e/0x4a0 [ 684.723074][ C3] __ip_queue_xmit+0x747/0x1940 [ 684.724316][ C3] ? __pfx_ip_queue_xmit+0x10/0x10 [ 684.725595][ C3] __tcp_transmit_skb+0x2a3a/0x3da0 [ 684.726905][ C3] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 684.728268][ C3] ? kasan_quarantine_put+0x10a/0x240 [ 684.729652][ C3] tcp_write_xmit+0x7d13/0x8b80 [ 684.730896][ C3] __tcp_push_pending_frames+0xaf/0x390 [ 684.732336][ C3] tcp_rcv_established+0x93a/0x21c0 [ 684.733664][ C3] ? __pfx_tcp_rcv_established+0x10/0x10 [ 684.735067][ C3] ? __pfx_lock_release+0x10/0x10 [ 684.736340][ C3] tcp_v4_do_rcv+0x5ca/0xa90 [ 684.737525][ C3] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 684.738903][ C3] __release_sock+0x31b/0x400 [ 684.740184][ C3] ? release_sock+0x21/0x220 [ 684.741451][ C3] release_sock+0x5a/0x220 [ 684.742644][ C3] __mptcp_push_pending+0x400/0x560 [ 684.744003][ C3] ? __pfx___mptcp_push_pending+0x10/0x10 [ 684.745474][ C3] ? __virt_addr_valid+0x5e/0x590 [ 684.746768][ C3] ? const_folio_flags.constprop.0+0x56/0x150 [ 684.748283][ C3] ? __phys_addr_symbol+0x30/0x80 [ 684.749607][ C3] ? __check_object_size+0x488/0x710 [ 684.750912][ C3] mptcp_sendmsg+0x1960/0x1f20 [ 684.752117][ C3] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 684.753465][ C3] ? __pfx_aa_sk_perm+0x10/0x10 [ 684.754758][ C3] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 684.756155][ C3] inet_sendmsg+0x119/0x140 [ 684.757410][ C3] __sys_sendto+0x426/0x4d0 [ 684.758595][ C3] ? __pfx___sys_sendto+0x10/0x10 [ 684.759864][ C3] ? find_held_lock+0x2d/0x110 [ 684.761162][ C3] ? __do_compat_sys_sigreturn+0x196/0x1f0 [ 684.762830][ C3] __ia32_sys_sendto+0xdd/0x1b0 [ 684.764339][ C3] ? syscall_trace_enter+0x1ce/0x240 [ 684.766069][ C3] __do_fast_syscall_32+0x73/0x120 [ 684.767465][ C3] do_fast_syscall_32+0x32/0x80 [ 684.768680][ C3] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 684.770267][ C3] RIP: 0023:0xf7fb6579 [ 684.771291][ C3] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 684.776555][ C3] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 684.778684][ C3] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000200000c0 [ 684.780803][ C3] RDX: 0000000000010002 RSI: 0000000000000000 RDI: 0000000000000000 [ 684.782874][ C3] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 684.785059][ C3] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 684.787044][ C3] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 684.788991][ C3] [ 684.790467][ C3] Kernel Offset: disabled [ 684.791773][ C3] Rebooting in 86400 seconds.. VM DIAGNOSIS: 09:05:16 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff8203f6da RDX=ffff888000d08000 RSI=0000000000000000 RDI=0000000000000005 RBP=ffffc9000428fbf0 RSP=ffffc9000428fbd0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=ffffc9000428fc60 R13=ffffc9000428fe78 R14=ffffc9000428fe48 R15=ffffc9000428fc60 RIP=ffffffff818cb882 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f3786f0e280 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f742eafc CR3=0000000022936000 CR4=00352ef0 DR0=0000000000000000 DR1=00000000872c9164 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fec1ff00 Opmask01=000000000000007f Opmask02=00000000fffeff7f Opmask03=2040000404420020 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 003d45444f4d5645 44003d524f4e494d ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe898dda00 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 00ff000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffffffffffffff ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 41c7a03f84774957 7373255d9959221b ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737142 7373737373737373 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 722f766564752f62 696c2f7273752f00 534b4e494c564544 00454d414e564544 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d003d454d 414e564544003d58 45444e494649003d 4550595456454400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d0018454d 414e564544001858 45444e4946490018 4550595456454400 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 0000562b88926060 0000000000000051 00000000312e7465 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000562eea2b05dc 0000000000000021 0000000000000030 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000562b8893a580 00007f3786bf1f30 0000000000000531 0000003177617264 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 77777f7f7f757f7f 7f7b7f7f7f7d777e 7f7d7f7b7f6f7777 7f7f7f7f7f777f79 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a263b383a3a263a 383a3a26493b3a3a 26483b3a3a264b3b 3a0a00307f617930 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 303030304d00312d 302e303030303030 303030302d300034 383735333d4d4149 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30302c3030002c2d 302e302c302c002c 302c302c2d300031 3030300031303030 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffffffff819862d2 RBX=ffffc9002389f000 RCX=ffffffff819862e9 RDX=ffff888024e6c880 RSI=0000000000000000 RDI=0000000000000005 RBP=1ffff92001ecafc9 RSP=ffffc9000f657e40 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000000000000 R13=0000000000000001 R14=ffffc9002389f028 R15=ffffc9000f657e68 RIP=ffffffff819864d7 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f3786f0e280 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020043000 CR3=000000005fa7a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fee0ff00 Opmask01=000000000000007f Opmask02=00000000fffeff7f Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 003d45444f4d5645 44003d524f4e494d ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe898dd850 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6464646464646464 6464646464646464 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffff0000ffffff00 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 41494b585e444445 49074c440a48495e ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 175349432a5e444f 5c4f5f0504040519 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 722f766564752f62 696c2f7273752f00 534b4e494c564544 00454d414e564544 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d003d454d 414e564544003d58 45444e494649003d 4550595456454400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d0018454d 414e564544001858 45444e4946490018 4550595456454400 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000041 00003000312e7465 676461672d776172 2f73726576697264 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000562b88929280 0000562b88926d60 0000000000000021 0000000000302e36 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 32b4d34cf7043a24 0000562eea2affdc 00000000000000a1 0000003177617264 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a263b383a3a263a 383a3a26493b3a3a 26483b3a3a264b3b 3a0a00307f617930 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000231 0000000000000030 326b2c3065043024 0000562e692a5100 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000231 0000000000000030 00002c2b65043010 0000562e692a5100 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=1ffffffff27b529b RBX=ffffffff93da94c0 RCX=ffffffff81694e8e RDX=1ffffffff2d0c64b RSI=0000000000000008 RDI=ffffffff93da94d8 RBP=dffffc0000000000 RSP=ffffc9000115f4f0 R8 =0000000000000000 R9 =fffffbfff2d31588 R10=ffffffff9698ac47 R11=0000000000000000 R12=00000000000640d7 R13=ffff88801f7f2f70 R14=318191fbfc0126c6 R15=ffff88801f7f2440 RIP=ffffffff816a087c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=fffffffffffffffd CR3=0000000057ca4000 CR4=00352ef0 DR0=0000000000000000 DR1=00000000872c9164 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 847ba1c6cea953ff 27b0c0f68b1d0948 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f07830a1eca7b10e 776bf8f01e680ad9 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 59617dc748a5c610 98add668a5399db5 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 95bb4bea28b53b9f fec6b5187e61f450 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000005440 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9e3bf8c700000914 9c00000052000001 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000009e6b2822 2b8638900005967f ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9e47789860000001 3800000000000001 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b00000136000000 9e716b870c000001 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 237c3a1dd4b40a5e d6e8f7e5c708d3f5 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d8638d77ca66d0d5 f9d74f4c875a033e ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85036a05 RDI=ffffffff9a63a220 RBP=ffffffff9a63a1e0 RSP=ffffc900005efd68 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000037 R14=ffffffff850369a0 R15=0000000000000000 RIP=ffffffff85036a2f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020010000 CR3=0000000029d7c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000