last executing test programs: 7.010223323s ago: executing program 1 (id=2172): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) bind$can_j1939(r0, &(0x7f0000000240), 0x18) 6.96061745s ago: executing program 1 (id=2173): ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x500, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$vsock(0xffffff9c, &(0x7f00000001c0), 0xc0101, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)={{0x12, 0x1, 0x0, 0x4b, 0xec, 0x2, 0x20, 0x6a2, 0x3, 0xb48c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x9, 0x0, 0x0, 0xc9, 0xc8, 0xb7}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x400, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000c40)="c10e020022003505d25a806f8c6394f90435fc60040011000a740100053582c137153e37024801", 0x27}], 0x1}, 0x0) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90224fc60100005000a000200053582c137153e37000c0980fc0b1000", 0x2c}], 0x1}, 0x0) 4.648758986s ago: executing program 1 (id=2191): ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0), 0x0) openat$vimc1(0xffffff9c, 0x0, 0x2, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) connect$nfc_llcp(r0, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, "8c4f71a14c58b7e91b7594e94c2a226d8ac0ee26db5d7c27907d61d68dfbb45079055ad86fa0ff1418a5d146bdf66d0d640ce9de2c134b62cb718f8462bc9c"}, 0x60) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="160000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB="00c6548bdc901c8ca300f9fbea8ee576860000000000000000000032cb5a5bf359f4bcfe091010b30c810d0a496abf88c7bec701af", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') preadv(r3, &(0x7f0000000640)=[{&(0x7f0000000140)=""/134, 0x86}], 0x1, 0x0, 0x0) ioctl$CDROMSETSPINDOWN(r3, 0x531e, &(0x7f0000000040)=0x6) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r2, 0x89f7, &(0x7f0000000580)={'sit0\x00', &(0x7f0000000400)={@loopback, 0x0, 0x0, 0x70, 0x0, [{}, {@initdev}, {@initdev}, {@local}, {}, {@remote}, {@broadcast}]}}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0) fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f0000000240)='pids.current\x00', &(0x7f0000000300)="7c88e13d3185527f5d135d2975ef0eda0ac39777fac95c99615f744efffafbca35ea03b26cb1ccc6a03464088e5c006ff35637b27a6cbf73c50d6bae41d3a89aec10eb89f970b19722a3d6e7ffbbc92c83400dddcd65a16429ea78", 0x5b) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9004}, 0x4) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=@newtaction={0x84, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0x0, 0x0, 0x0, 0x0, {0x8, 0x0, 0x0, 0x0, 0x0, 0x80000001}, {0x0, 0x0, 0x0, 0x0, 0x67c1, 0xce}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0) r8 = ioctl$LOOP_CTL_GET_FREE(r6, 0x4c82) ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, r8) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000001ac0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 4.210073254s ago: executing program 1 (id=2196): r0 = openat$ttyS3(0xffffff9c, &(0x7f0000000000), 0x4000, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x0) setresgid(0xee01, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000002540)='./file1\x00', &(0x7f0000002580)='sysv\x00', 0x0, &(0x7f0000000340)='+\x7f\xff\xd9\x00\x99\xa9\v\xfe\xcc,\x18D[1U\xed~\xc7hs\x96\x83;26|R\x87c\xc8}\xd3\xc7~\xf8\x9e\xf4') r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') read$FUSE(r1, &(0x7f0000000440)={0x2020, 0x0, 0x0}, 0x2020) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000000), 0x0}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000)) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000025c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010028bd7000fddbdf251200e8d7bd1c3c9ca26fd5ec5663d70000080003007cf43f66c74448ce7e744e85ed365b0ea776efb3f95b22c8bc91bceb1014d960de9ef8f33eb6d04cea475dfab3d72eb69f738b7b6ef087095f4ab7fc343e1c0078f329606f4199220000000074", @ANYRES32=r7, @ANYBLOB="0a000600ffffffffffff00000500190002000000"], 0x30}, 0x1, 0x0, 0x0, 0x810}, 0x20000800) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f00000000c0)='\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000380)='sched_switch\x00', r3, 0x0, 0x3}, 0x18) socket$netlink(0x10, 0x3, 0x0) r8 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r8, &(0x7f0000000700)=[{&(0x7f0000000580)=""/52, 0x34}], 0x1) ioctl$IMADDTIMER(r8, 0x80044940, &(0x7f0000000040)) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x541c, &(0x7f0000000080)={0xd, 0x9}) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0) write$cgroup_int(r9, &(0x7f0000000100), 0x12) ioctl$SIOCSIFHWADDR(r9, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) ioctl$PIO_FONTRESET(r9, 0x4b6d, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000002480)={0x15, 0xb, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYRES32=r2], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, &(0x7f00000002c0)=0x4, 0xa, 0x0) 3.308262048s ago: executing program 1 (id=2199): ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x500, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$vsock(0xffffff9c, &(0x7f00000001c0), 0xc0101, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)={{0x12, 0x1, 0x0, 0x4b, 0xec, 0x2, 0x20, 0x6a2, 0x3, 0xb48c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x9, 0x0, 0x0, 0xc9, 0xc8, 0xb7}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x400, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000c40)="c10e020022003505d25a806f8c6394f90435fc60040011000a740100053582c137153e37024801", 0x27}], 0x1}, 0x0) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90224fc60100005000a000200053582c137153e37000c0980fc0b1000", 0x2c}], 0x1}, 0x0) 2.821956844s ago: executing program 0 (id=2209): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x8) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000d40)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be420467333d9ce17dddc425dad69c4c9395a5c170170a4fa63091786e2a563e3d5982a73c15edf854046e1a33b2728e74c856a58ba74c80f4f4166ac51d720f507c2c205ef5a04370c77928dfde47e15d533060084d4fc271eab837367369218b1bfc59752696396f49c2f58268", 0x184}, {&(0x7f0000001040)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5a064f2ab6fc0904c07f02cbfadfb96866d962e6e21d3a0a0276a36e01b6edafd6c84619ace6ead5d2bde7afec966f9c023ffe15c3c1caec8ff3ef304ed0ffedd061941d9d022b25a4b9632856295fee3a314f6c196d953bcaf1aff06d181d51662fdaa52e46d7905c0b4c632602c810f1e6a6c98f0eaed1d795bc3495ea0b47ca0c44465d4b8b46dac524f2e179f22b486aaef3b7e436e9dc1ecdf10a3a2d59c839a8185d2fa5d802e15426193f256bb89fa695b0c2c5110a54f63b1a930f3bd7311", 0x16b}], 0x2}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000f00)="63c3b174ab06077f6ee67ac1310d86586b13d2c9e203a9da866b81e20e9fe5c432193989489c1459ce9cd14fa3b43a0b9b60", 0x32}], 0x1}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000640)="755ca9bd3fd87456466cd4ab09930a7972d7df968a6a6114f3db5548c265a1c0eadf9dc81f4de7a659bf2fd963b62ab6a3291b994ce3e68d29974cbd144ef4803bb11e49afd9e9f6c69e23d94b880d424a56af70b7b3f69ca07b85cd6fa37d39078bf235b355d36147cab8073e1818c615ae34fb38d8c92049fbd2d371eb493d8162d8836b8f9295d17e445e49134b4f94932984566c6d1d7b479a1d292cd39caf50ba08e39a6ac5b4d565b0f4eea211688dfcffad93d9c534ad1c8b2517dcf778797a45b32b88b7880c5122eff57a20ac7211b96753987c85f18d86103e0eb0d2266bd6e51695e6ad", 0xe9}, {&(0x7f0000000a40)="a874f71022111112ec5e2602f419e493ea5b4acf974d9283ee3375a461bb9065c90429ee1e99af0ae05a2cdf6095f3c3bcaf502fe5bc586d74a09a829064afeb21d6a37184cba31f9a404f96368db3439c616b32ca53867d1287a26ea498e4f743acd6252d1590999bc24f950e04e6a96c8637d150e4dca23239ce0412d084932196a057d6486b668c61dd5a01bb22529c0ae2eb008dea68a0770dc99559a527dd152975cbe3751d76d934cafa51e2d9c8cdea4d85e9d6f230d18ad14fdbd9b91a23af1d5d1342d6498847edc850375bd4d65a16c15a271706a98919a7", 0xdd}, {&(0x7f00000003c0)="1ab19edbe25b681773e891fc5c1afd98d5418010c767b52201c900942aa7e965955c", 0x22}, {&(0x7f00000008c0)="6d39fe15634188cee258d64a40c9632217ebadbbccd45f2017d5a1df94c14e8c48abc873f82d01bc4ad0fe0c50d62220aaffcb020d4485ede811aa3444881a134b4ed499eb426b7570697a811ee2ac64300a09a042cf8f", 0x57}], 0x4, &(0x7f0000001200)=ANY=[@ANYBLOB="800000000000000007000000070b450a010101ac1e000183073cac1e0101071b7dac1414bb64010101ac1414aaac1414bb00000000ac1414bb860916ba75d2956527442c2833ac1414bb00000003e000000100000004e0000002ffffff5dac1414bb0000cf107f000001000001ff8310bbded4a7067d627ba07946ab21900000100000000000000001000000000100000d0000000000000001000000000000000d"], 0xb0}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000001340)="565f22c57f868101817bab3ced7dd60d3ac9d1fbd7502a803953de3ac6782cfd4833d91253647e92361374f950b8e516af86e93064698099f5215219dd729140f4bd761d6830a236e974f7830cd904bed6f0", 0x52}], 0x1}}], 0x4, 0x4004880) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 2.752408134s ago: executing program 0 (id=2210): sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000180)={'team0\x00', 0x44}) (fail_nth: 2) 2.586795829s ago: executing program 0 (id=2211): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x8) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000d40)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be420467333d9ce17dddc425dad69c4c9395a5c170170a4fa63091786e2a563e3d5982a73c15edf854046e1a33b2728e74c856a58ba74c80f4f4166ac51d720f507c2c205ef5a04370c77928dfde47e15d533060084d4fc271eab837367369218b1bfc59752696396f49c2f58268", 0x184}, {&(0x7f0000001040)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5a064f2ab6fc0904c07f02cbfadfb96866d962e6e21d3a0a0276a36e01b6edafd6c84619ace6ead5d2bde7afec966f9c023ffe15c3c1caec8ff3ef304ed0ffedd061941d9d022b25a4b9632856295fee3a314f6c196d953bcaf1aff06d181d51662fdaa52e46d7905c0b4c632602c810f1e6a6c98f0eaed1d795bc3495ea0b47ca0c44465d4b8b46dac524f2e179f22b486aaef3b7e436e9dc1ecdf10a3a2d59c839a8185d2fa5d802e15426193f256bb89fa695b0c2c5110a54f63b1a930f3bd7311", 0x16b}], 0x2}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000f00)="63c3b174ab06077f6ee67ac1310d86586b13d2c9e203a9da866b81e20e9fe5c432193989489c1459ce9cd14fa3b43a0b9b6004118a35444790d70af5c873561ac1ad55af7f9f8551103f694e2a22346ca675898ce02a665ecc07e153e3949b954c1d74b105c14411925a8ae24778d40004000043b682d653bcf35d53fd33489a3a405042c0de04c24504000031e1d76db8609d0bf66d8d723a6c28a50d42ab169de383345fbee97bea33e8bfb5d705852d360ab703fc952fd91d2b4066fdc167ae016c1ea8", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000640)="755ca9bd3fd87456466cd4ab09930a7972d7df968a6a6114f3db5548c265a1c0eadf9dc81f4de7a659bf2fd963b62ab6a3291b994ce3e68d29974cbd144ef4803bb11e49afd9e9f6c69e23d94b880d424a56af70b7b3f69ca07b85cd6fa37d39078bf235b355d36147cab8073e1818c615ae34fb38d8c92049fbd2d371eb493d8162d8836b8f9295d17e445e49134b4f94932984566c6d1d7b479a1d292cd39caf50ba08e39a6ac5b4d565b0f4eea211688dfcffad93d9c534ad1c8b2517dcf778797a45b32b88b7880c5122eff57a20ac7211b96753987c85f18d86103e0eb0d2266bd6e51695e6ad", 0xe9}, {&(0x7f0000000a40)="a874f71022111112ec5e2602f419e493ea5b4acf974d9283ee3375a461bb9065c90429ee1e99af0ae05a2cdf6095f3c3bcaf502fe5bc586d74a09a829064afeb21d6a37184cba31f9a404f96368db3439c616b32ca53867d1287a26ea498e4f743acd6252d1590999bc24f950e04e6a96c8637d150e4dca23239ce0412d084932196a057d6486b668c61dd5a01bb22529c0ae2eb008dea68a0770dc99559a527dd152975cbe3751d76d934cafa51e2d9c8cdea4d85e9d6f230d18ad14fdbd9b91a23af1d5d1342d6498847edc850375bd4d65a16c15a271706a98919a7", 0xdd}, {&(0x7f00000003c0)="1ab19edbe25b681773e891fc5c1afd98d5418010c767b52201c900942aa7e965955c", 0x22}, {&(0x7f00000008c0)="6d39fe15634188cee258d64a40c9632217", 0x11}], 0x4, &(0x7f0000001200)=ANY=[@ANYBLOB="800000000000000007000000070b450a010101ac1e000183073cac1e0101071b7dac1414bb64010101ac1414aaac1414bb00000000ac1414bb860916ba75d2956527442c2833ac1414bb00000003e0000001"], 0xb0}}], 0x3, 0x4004880) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 2.585072764s ago: executing program 0 (id=2214): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = socket(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000300)={@mcast1, @private0, @dev={0xfe, 0x80, '\x00', 0xc}, 0x4, 0x0, 0xfffc, 0x0, 0x0, 0x8301c6}) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/rt_acct\x00') r4 = socket(0x18, 0x0, 0x0) connect$pppoe(r4, &(0x7f0000000100)={0x18, 0x0, {0x2, @local, 'vxcan1\x00'}}, 0x1e) sendfile(r4, r3, 0x0, 0x8) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x20002) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040)) 2.520003123s ago: executing program 3 (id=2217): sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000eb0104615534e70566"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000180)={'team0\x00', 0x44}) 2.426952994s ago: executing program 3 (id=2218): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x3, &(0x7f00000005c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0xe0001}) ioctl$KVM_RUN(r2, 0xae80, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) 2.19051031s ago: executing program 3 (id=2219): openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) r1 = openat$ptp1(0xffffff9c, &(0x7f0000000040), 0x40000, 0x0) ioctl$PTP_ENABLE_PPS(r1, 0x40043d04, 0x1) socket$inet6_udplite(0xa, 0x2, 0x88) pread64(r1, &(0x7f0000000080)=""/65, 0x41, 0x0) socket$rds(0x15, 0x5, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000100), r2) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS(r3, 0x4068aea3, &(0x7f0000000140)) r4 = syz_clone3(&(0x7f0000000340)={0x80, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240), {0x3b}, &(0x7f0000000280)=""/13, 0xd, &(0x7f00000002c0)=""/9, &(0x7f0000000300)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff], 0x6}, 0x58) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x0, &(0x7f00000003c0)) sendmsg$autorun(r2, &(0x7f00000004c0)=@policy29={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, 0x0, 0x800, 0x70bd26, 0x25dfdbfb, {0x14}, [@IFLA_BRIDGE_MRP_IN_ROLE_IN_ID={0x6, 0x2, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8c}, 0x8081) r5 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$inet_int(r5, 0x0, 0x21, &(0x7f0000000500)=0x6, 0x4) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000540)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x557c}}, './file0\x00'}) syz_emit_vhci(&(0x7f0000000680)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0xa}, @l2cap_cid_le_signaling={{0x6}, @l2cap_conn_param_update_rsp={{0x13, 0x9d, 0x2}}}}, 0xf) syz_open_dev$sg(&(0x7f00000006c0), 0x3, 0x200) 2.110231518s ago: executing program 3 (id=2220): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x20000000009) ioctl$TCGETS2(r1, 0x400455c8, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f5c64000000000c0002800600190006"], 0x3c}}, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f770005000000000000000000", @ANYRES32=0x0, @ANYBLOB="ff00000000000000280012800a00010076786c616e"], 0x3}}, 0x0) write$binfmt_misc(r3, &(0x7f0000000000), 0xfffffecc) splice(r2, 0x0, r4, 0x0, 0x4ffe2, 0x0) 1.590129384s ago: executing program 2 (id=2223): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x8) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000d40)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be420467333d9ce17dddc425dad69c4c9395a5c170170a4fa63091786e2a563e3d5982a73c15edf854046e1a33b2728e74c856a58ba74c80f4f4166ac51d720f507c2c205ef5a04370c77928dfde47e15d533060084d4fc271eab837367369218b1bfc59752696396f49c2f58268", 0x184}, {&(0x7f0000001040)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5a064f2ab6fc0904c07f02cbfadfb96866d962e6e21d3a0a0276a36e01b6edafd6c84619ace6ead5d2bde7afec966f9c023ffe15c3c1caec8ff3ef304ed0ffedd061941d9d022b25a4b9632856295fee3a314f6c196d953bcaf1aff06d181d51662fdaa52e46d7905c0b4c632602c810f1e6a6c98f0eaed1d795bc3495ea0b47ca0c44465d4b8b46dac524f2e179f22b486aaef3b7e436e9dc1ecdf10a3a2d59c839a8185d2fa5d802e15426193f256bb89fa695b0c2c5110a54f63b1a930f3bd7311", 0x16b}], 0x2}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000f00)}], 0x1}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000640)="755ca9bd3fd87456466cd4ab09930a7972d7df968a6a6114f3db5548c265a1c0eadf9dc81f4de7a659bf2fd963b62ab6a3291b994ce3e68d29974cbd144ef4803bb11e49afd9e9f6c69e23d94b880d424a56af70b7b3f69ca07b85cd6fa37d39078bf235b355d36147cab8073e1818c615ae34fb38d8c92049fbd2d371eb493d8162d8836b8f9295d17e445e49134b4f94932984566c6d1d7b479a1d292cd39caf50ba08e39a6ac5b4d565b0f4eea211688dfcffad93d9c534ad1c8b2517dcf778797a45b32b88b7880c5122eff57a20ac7211b96753987c85f18d86103e0eb0d2266bd6e51695e6", 0xe8}, {&(0x7f0000000a40)="a874f71022111112ec5e2602f419e493ea5b4acf974d9283ee3375a461bb9065c90429ee1e99af0ae05a2cdf6095f3c3bcaf502fe5bc586d74a09a829064afeb21d6a37184cba31f9a404f96368db3439c616b32ca53867d1287a26ea498e4f743acd6252d1590999bc24f950e04e6a96c8637d150e4dca23239ce0412d084932196a057d6486b668c61dd5a01bb22529c0ae2eb008dea68a0770dc99559a527dd152975cbe3751d76d934cafa51e2d9c8cdea4d85e9d6f230d18ad14fdbd9b91a23af1d5d1342d649", 0xc9}, {&(0x7f00000003c0)="1ab19edbe25b681773e891fc5c1afd98d5418010c767b52201c900", 0x1b}], 0x3, &(0x7f0000001200)=ANY=[@ANYBLOB="800000000000000007000000070b450a010101ac1e000183073cac1e0101071b7dac1414bb64010101ac1414aaac1414bb00000000ac1414bb860916ba75d2956527442c2833ac1414bb00000003e000000100000004e0000002ffffff5dac1414bb0000cf107f000001000001ff8310bbded4a7067d627ba07946ab21900000100000000000000001000000000100000d0000000000000001000000000000000d00"], 0xb0}}], 0x3, 0x4004880) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 1.53054028s ago: executing program 2 (id=2224): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x8) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000d40)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be420467333d9ce17dddc425dad69c4c9395a5c170170a4fa63091786e2a563e3d5982a73c15edf854046e1a33b2728e74c856a58ba74c80f4f4166ac51d720f507c2c205ef5a04370c77928dfde47e15d533060084d4fc271eab837367369218b1bfc59752696396f49c2f58268", 0x184}, {&(0x7f0000001040)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5a064f2ab6fc0904c07f02cbfadfb96866d962e6e21d3a0a0276a36e01b6edafd6c84619ace6ead5d2bde7afec966f9c023ffe15c3c1caec8ff3ef304ed0ffedd061941d9d022b25a4b9632856295fee3a314f6c196d953bcaf1aff06d181d51662fdaa52e46d7905c0b4c632602c810f1e6a6c98f0eaed1d795bc3495ea0b47ca0c44465d4b8b46dac524f2e179f22b486aaef3b7e436e9dc1ecdf10a3a2d59c839a8185d2fa5d802e15426193f256bb89fa695b0c2c5110a54f63b1a930f3bd7311", 0x16b}], 0x2}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000f00)="63c3b174ab06077f6ee67ac1310d86586b13d2c9e203a9da866b81e20e9fe5c432193989489c1459ce9cd14fa3b43a0b9b6004118a35444790d70af5c873561ac1ad55af7f9f8551103f694e2a22346ca675898ce02a665ecc07e153e3949b954c1d74b105c14411925a8ae24778d40004000043b682d653bcf35d53fd33489a3a405042c0de04c24504000031e1d76db8609d0bf66d8d723a6c28a50d42ab169de383345fbee97bea33e8bfb5d705852d360ab703fc952fd91d2b4066fdc167ae016c1ea8", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000640)="755ca9bd3fd87456466cd4ab09930a7972d7df968a6a6114f3db5548c265a1c0eadf9dc81f4de7a659bf2fd963b62ab6a3291b994ce3e68d29974cbd144ef4803bb11e49afd9e9f6c69e23d94b880d424a56af70b7b3f69ca07b85cd6fa37d39078bf235b355d36147cab8073e1818c615ae34fb38d8c92049fbd2d371eb493d8162d8836b8f9295d17e445e49134b4f94932984566c6d1d7b479a1d292cd39caf50ba08e39a6ac5b4d565b0f4eea211688dfcffad93d9c534ad1c8b2517dcf778797a45b32b88b7880c5122eff57a20ac7211b96753987c85f18d86103e0eb0d2266bd6e51695e6ad", 0xe9}, {&(0x7f0000000a40)="a874f71022111112ec5e2602f419e493ea5b4acf974d9283ee3375a461bb9065c90429ee1e99af0ae05a2cdf6095f3c3bcaf502fe5bc586d74a09a829064afeb21d6a37184cba31f9a404f96368db3439c616b32ca53867d1287a26ea498e4f743acd6252d1590999bc24f950e04e6a96c8637d150e4dca23239ce0412d084932196a057d6486b668c61dd5a01bb22529c0ae2eb008dea68a0770dc99559a527dd152975cbe3751d76d934cafa51e2d9c8cdea4d85e9d6f230d18ad14fdbd9b91a23af1d5d1342d6498847edc850375bd4d65a16c15a271706a98919a7", 0xdd}, {&(0x7f00000003c0)="1ab19edbe25b681773e891fc5c1afd98d5418010c767b52201c900942aa7e965955c", 0x22}, {&(0x7f00000008c0)="6d39fe15634188cee258d64a40c9632217", 0x11}], 0x4, &(0x7f0000001200)=ANY=[@ANYBLOB="800000000000000007000000070b450a010101ac1e000183073cac1e0101071b7dac1414bb64010101ac1414aaac1414bb00000000ac1414bb860916ba75d2956527442c2833ac1414bb00000003e0000001"], 0xb0}}], 0x3, 0x4004880) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 1.459894249s ago: executing program 2 (id=2225): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x8) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000d40)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be420467333d9ce17dddc425dad69c4c9395a5c170170a4fa63091786e2a563e3d5982a73c15edf854046e1a33b2728e74c856a58ba74c80f4f4166ac51d720f507c2c205ef5a04370c77928dfde47e15d533060084d4fc271eab837367369218b1bfc59752696396f49c2f58268", 0x184}, {&(0x7f0000001040)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96", 0xa3}], 0x2}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000f00)="63c3b174ab06077f6ee67ac1310d86586b13d2c9e203a9da866b81e20e9fe5c432193989489c1459ce9cd14fa3b43a0b9b6004118a35444790d70af5c873561ac1ad55af7f9f8551103f694e2a22346ca675898ce02a665ecc07e153e3949b954c1d74b105c14411925a8ae24778d40004000043b682d653bcf35d53fd33489a3a405042c0de04c24504000031e1d76db8609d0bf66d8d723a6c28a50d42ab169de383345fbee97bea33e8bfb5d705852d360ab703fc952fd91d2b4066fdc167ae016c1ea8", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000640)="755ca9bd3fd87456466cd4ab09930a7972d7df968a6a6114f3db5548c265a1c0eadf9dc81f4de7a659bf2fd963b62ab6a3291b994ce3e68d29974cbd144ef4803bb11e49afd9e9f6c69e23d94b880d424a56af70b7b3f69ca07b85cd6fa37d39078bf235b355d36147cab8073e1818c615ae34fb38d8c92049fbd2d371eb493d8162d8836b8f9295d17e445e49134b4f94932984566c6d1d7b479a1d292cd39caf50ba08e39a6ac5b4d565b0f4eea2", 0xaf}, {&(0x7f0000000a40)="a874f71022111112ec5e2602f419e493ea5b4acf974d9283ee3375a461bb9065c90429ee1e99af0ae05a2cdf6095f3c3bcaf502fe5bc586d74a09a829064afeb21d6a37184cba31f9a404f96368db3439c616b32ca53867d1287a26ea498e4f743acd6252d1590999bc24f950e04e6a96c8637d150e4dca23239ce0412d084932196a057d6486b668c61dd5a01bb22529c0ae2eb008dea68a0770dc99559a527dd152975cbe3751d76d934cafa51e2d9c8cdea4d85e9d6f230d18ad14fdbd9b91a23af1d5d1342d6498847edc850375bd4d65a16c15a271706a98919a7", 0xdd}, {&(0x7f00000003c0)="1ab19edbe25b681773e891fc5c1afd98d5418010c767b52201c900942aa7e965955c", 0x22}, {&(0x7f00000008c0)="6d39fe15634188cee258d64a40c9632217ebadbbccd45f2017d5a1df94c14e8c48abc873f8", 0x25}], 0x4, &(0x7f0000001200)=ANY=[@ANYBLOB="800000000000000007000000070b450a010101ac1e000183073cac1e0101071b7dac1414bb64010101ac1414aaac1414bb00000000ac1414bb860916ba75d2956527442c2833ac1414bb00000003e000000100000004e0000002ffffff5dac1414bb0000cf107f000001000001ff8310bbded4a7067d627ba07946ab21900000100000000000000001000000000100000d0000000000000001000000000000000d"], 0xb0}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000001340)='V_\"', 0x3}], 0x1}}], 0x4, 0x4004880) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 1.431646462s ago: executing program 2 (id=2226): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1) sendmsg$NLBL_MGMT_C_REMOVEDEF(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x1}, 0x14}}, 0x0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r3, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV4MASK={0x8}]}, 0x2c}}, 0x0) 1.410213928s ago: executing program 2 (id=2227): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x8) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000d40)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be420467333d9ce17dddc425dad69c4c9395a5c170170a4fa63091786e2a563e3d5982a73c15edf854046e1a33b2728e74c856a58ba74c80f4f4166ac51d720f507c2c205ef5a04370c77928dfde47e15d533060084d4fc271eab837367369218b1bfc59752696396f49c2f58268", 0x184}, {&(0x7f0000001040)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96", 0xa3}], 0x2}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000f00)="63c3b174ab06077f6ee67ac1310d86586b13d2c9e203a9da866b81e20e9fe5c432193989489c1459ce9cd14fa3b43a0b9b6004118a35444790d70af5c873561ac1ad55af7f9f8551103f694e2a22346ca675898ce02a665ecc07e153e3949b954c1d74b105c14411925a8ae24778d40004000043b682d653bcf35d53fd33489a3a405042c0de04c24504000031e1d76db8609d0bf66d8d723a6c28a50d42ab169de383345fbee97bea33e8bfb5d705852d360ab703fc952fd91d2b4066fdc167ae016c1ea8", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000640)="755ca9bd3fd87456466cd4ab09930a7972d7df968a6a6114f3db5548c265a1c0eadf9dc81f4de7a659bf2fd963b62ab6a3291b994ce3e68d29974cbd144ef4803bb11e49afd9e9f6c69e23d94b880d424a56af70b7b3f69ca07b85cd6fa37d39078bf235b355d36147cab8073e1818c615ae34fb38d8c92049fbd2d371eb493d8162d8836b8f9295d17e445e49134b4f94932984566c6d1d7b479a1d292cd39caf50ba08e39a6ac5b4d565b0f4eea211688dfcffad93d9c534ad1c8b2517dcf778797a45b32b88b7880c5122eff57a20ac7211b96753987c85f18d86103e0eb0d2266bd6e51695e6ad", 0xe9}, {&(0x7f0000000a40)="a874f71022111112ec5e2602f419e493ea5b4acf974d9283ee3375a461bb9065c90429ee1e99af0ae05a2cdf6095f3c3bcaf502fe5bc586d74a09a829064afeb21d6a37184cba31f9a404f96368db3439c616b32ca53867d1287a26ea498e4f743acd6252d1590999bc24f950e04e6a96c8637d150e4dca23239ce0412d084932196a057d6486b668c61dd5a01bb22529c0ae2eb008dea68a0770dc99559a527dd152975cbe3751d76d934cafa51e2d9c8cdea4d85e9d6f230d18ad14fdbd9b91a23af1d5d1342d6498847edc850375bd4d65a16c15a271706a98919a7", 0xdd}, {&(0x7f00000003c0)="1ab19edbe25b681773e891fc5c1afd98d5418010c767b52201c900942aa7e965955c", 0x22}, {&(0x7f00000008c0)="6d39fe15634188cee258d64a40c9632217ebadbbccd45f2017d5a1df94c14e8c48abc873f8", 0x25}], 0x4, &(0x7f0000001200)=ANY=[@ANYBLOB="800000000000000007000000070b450a010101ac1e000183073cac1e0101071b7dac1414bb64010101ac1414aaac1414bb00000000ac1414bb860916ba75d2956527442c2833ac1414bb00000003e000000100000004e0000002ffffff5dac1414bb0000cf107f000001000001ff8310bbded4a7067d627ba07946ab21900000100000000000000001000000000100000d0000000000000001000000"], 0xb0}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000001340)='V_\"', 0x3}], 0x1}}], 0x4, 0x4004880) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 1.310324573s ago: executing program 2 (id=2228): ioprio_set$pid(0x0, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_emit_vhci(&(0x7f00000006c0)=@HCI_VENDOR_PKT, 0x2) r2 = syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, 0x0) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000100)="5713f51c169ef7360ced1ca7d70607f44c85ca0986e68b826318e9ae050ecacb513cea010ae0c47894d6f572cff71815c2f03d6b091a5d98ccbcff5c7cac10a256ae59b3f924a4b946501b9e472c7f966d10", 0x52}, {0x0}], 0x2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, 0xd}, 0x1c) write$binfmt_script(r3, &(0x7f0000000200), 0xfffffd9d) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r4, &(0x7f0000000440)={0x0, 0x48000000, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="ad43000000f45400000006"], 0x14}}, 0x0) mknod$loop(0x0, 0x80, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[], 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = landlock_create_ruleset(&(0x7f0000000240)={0x4, 0x2, 0x4}, 0x18, 0x0) r7 = syz_open_dev$hiddev(&(0x7f0000000140), 0x9, 0x800) r8 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80000) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020206791f28dd6993c96bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c0002800500010004000000060018000010"], 0x4c}}, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="57928ffda36c325750151cd29305ec19386a0f89b0a237644ac66328581100a8955044da19267632dbf440959b9431622f8fe60b9c1a98ea3245d53b4ff5285e0505a97933b42326206307951ccf67e6b0ee3f29af7ed083f67ee4689abcc54ee4b5ac1793557aef8ce98bfd3cdec750ac3458da5600d9769a01f2126d9cd8c8c6f1d15b65021c0f2f4f3038e737223880a4cd2136d0dee243f5d0c8b7a8e86a14db0c4e009a9a30b03a709c1375f0a6672c4534830e9b15", 0xb8}], 0x1, &(0x7f00000001c0)=ANY=[@ANYBLOB="2400000001c7db29b1000000", @ANYRES32=r6, @ANYRES32, @ANYRES32=r7, @ANYRES32=r8, @ANYRES32=r9, @ANYRES32=r10], 0x24, 0x80}, 0xa001) 1.027177411s ago: executing program 0 (id=2229): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1) sendmsg$NLBL_MGMT_C_REMOVEDEF(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x1}, 0x14}}, 0x0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r3, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV4MASK={0x8}]}, 0x2c}}, 0x0) (fail_nth: 2) 965.595404ms ago: executing program 0 (id=2230): bpf$ENABLE_STATS(0x20, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r1, 0x8040942d, &(0x7f00000000c0)) accept4(r1, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad00"/14, 0xe) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r2) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@ldst={0x5}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000a40)={@in={{0x2, 0x4e21, @local}}, 0x0, 0x0, 0x3, 0x0, "34dbd84f05363827e94f6ae0c9302fa7c6a231639120f6c0172f31cd2feb187a5d8402c807000000b5eb62001f58d77d360ae1114806d379e567caa04adc96306c5300"}, 0xd8) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r4, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03859bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b037511bf746bec66ba", 0x2acf, 0x11, 0x0, 0x27) recvmsg(r4, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0x46, 0x407006}, 0x104) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000600)={r5}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000240)={&(0x7f0000000080)=[0x0], 0x0, 0x0, 0x0, 0x1}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04000418", @ANYRESDEC=0x0], 0x7) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 660.174111ms ago: executing program 1 (id=2231): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = openat$bsg(0xffffff9c, &(0x7f0000000000), 0x200040, 0x0) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$GTP_CMD_ECHOREQ(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r1, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@GTPA_FLOW={0x6}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8}, @GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_TID={0xc}, @GTPA_I_TEI={0x8, 0x8, 0x4}, @GTPA_FAMILY={0x5, 0xd, 0x28}, @GTPA_O_TEI={0x8, 0x9, 0x4}, @GTPA_LINK={0x8}]}, 0x68}, 0x1, 0x0, 0x0, 0x81}, 0x880) bpf$BPF_GET_PROG_INFO(0x2, 0x0, 0x0) r2 = io_uring_setup(0x253d, &(0x7f0000000280)={0x0, 0x547a, 0x40, 0x0, 0x3ca, 0x0, r0}) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) connect(r3, &(0x7f0000000300)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x8}, 0x80) close_range(r2, 0xffffffffffffffff, 0x0) 334.845µs ago: executing program 3 (id=2232): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x8) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000d40)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be420467333d9ce17dddc425dad69c4c9395a5c170170a4fa63091786e2a563e3d5982a73c15edf854046e1a33b2728e74c856a58ba74c80f4f4166ac51d720f507c2c205ef5a04370c77928dfde47e15d533060084d4fc271eab837367369218b1bfc59752696396f49c2f58268", 0x184}, {&(0x7f0000001040)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5a064f2ab6fc0904c07f02cbfadfb96866d962e6e21d3a0a0276a36e01b6edafd6c84619ace6ead5d2bde7afec966f9c023ffe15c3c1caec8ff3ef304ed0ffedd061941d9d022b25a4b9632856295fee3a314f6c196d953bcaf1aff06d181d51662fdaa52e46d7905c0b4c632602c810f1e6a6c98f0eaed1d795bc3495ea0b47ca0c44465d4b8b46dac524f2e179f22b486aaef3b7e436e9dc1ecdf10a3a2d59c839a8185d2fa5d802e15426193f256bb89fa695b0c2c5110a54f63b1a930f3bd7311", 0x16b}], 0x2}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000f00)}], 0x1}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000640)="755ca9bd3fd87456466cd4ab09930a7972d7df968a6a6114f3db5548c265a1c0eadf9dc81f4de7a659bf2fd963b62ab6a3291b994ce3e68d29974cbd144ef4803bb11e49afd9e9f6c69e23d94b880d424a56af70b7b3f69ca07b85cd6fa37d39078bf235b355d36147cab8073e1818c615ae34fb38d8c92049fbd2d371eb493d8162d8836b8f9295d17e445e49134b4f94932984566c6d1d7b479a1d292cd39caf50ba08e39a6ac5b4d565b0f4eea211688dfcffad93d9c534ad1c8b2517dcf778797a45b32b88b7880c5122eff57a20ac7211b96753987c85f18d86103e0eb0d2266bd6e51695e6", 0xe8}, {&(0x7f0000000a40)="a874f71022111112ec5e2602f419e493ea5b4acf974d9283ee3375a461bb9065c90429ee1e99af0ae05a2cdf6095f3c3bcaf502fe5bc586d74a09a829064afeb21d6a37184cba31f9a404f96368db3439c616b32ca53867d1287a26ea498e4f743acd6252d1590999bc24f950e04e6a96c8637d150e4dca23239ce0412d084932196a057d6486b668c61dd5a01bb22529c0ae2eb008dea68a0770dc99559a527dd152975cbe3751d76d934cafa51e2d9c8cdea4d85e9d6f230d18ad14fdbd9b91a23af1d5d1342d649", 0xc9}, {&(0x7f00000003c0)="1ab19edbe25b681773e891fc5c1afd98d5418010c767b52201c900", 0x1b}], 0x3, &(0x7f0000001200)=ANY=[@ANYBLOB="800000000000000007000000070b450a010101ac1e000183073cac1e0101071b7dac1414bb64010101ac1414aaac1414bb00000000ac1414bb860916ba75d2956527442c2833ac1414bb00000003e000000100000004e0000002ffffff5dac1414bb0000cf107f000001000001ff8310bbded4a7067d627ba07946ab21900000100000000000000001000000000100000d0000000000000001000000000000000d00"], 0xb0}}], 0x3, 0x4004880) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 0s ago: executing program 3 (id=2233): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x8) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000d40)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be420467333d9ce17dddc425dad69c4c9395a5c170170a4fa63091786e2a563e3d5982a73c15edf854046e1a33b2728e74c856a58ba74c80f4f4166ac51d720f507c2c205ef5a04370c77928dfde47e15d533060084d4fc271eab837367369218b1bfc59752696396f49c2f58268", 0x184}, {&(0x7f0000001040)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5a064f2ab6fc0904c07f02cbfadfb96866d962e6e21d3a0a0276a36e01b6edafd6c84619ace6ead5d2bde7afec966f9c023ffe15c3c1caec8ff3ef304ed0ffedd061941d9d022b25a4b9632856295fee3a314f6c196d953bcaf1aff06d181d51662fdaa52e46d7905c0b4c632602c810f1e6a6c98f0eaed1d795bc3495ea0b47ca0c44465d4b8b46dac524f2e179f22b486aaef3b7e436e9dc1ecdf10a3a2d59c839a8185d2fa5d802e15426193f256bb89fa695b0c2c5110a54f63b1a930f3bd7311", 0x16b}], 0x2}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000f00)="63c3b174ab06077f6ee67ac1310d86586b13d2c9e203a9da866b81e20e9fe5c432193989489c1459ce9cd14fa3b43a0b9b6004118a35444790d70af5c873561ac1ad55af7f9f8551103f69", 0x4b}], 0x1}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000640)="755ca9bd3fd87456466cd4ab09930a7972d7df968a6a6114f3db5548c265a1c0eadf9dc81f4de7a659bf2fd963b62ab6a3291b994ce3e68d29974cbd144ef4803bb11e49afd9e9f6c69e23d94b880d424a56af70b7b3f69ca07b85cd6fa37d39078bf235b355d36147cab8073e1818c615ae34fb38d8c92049fbd2d371eb493d8162d8836b8f9295d17e445e49134b4f94932984566c6d1d7b479a1d292cd39caf50ba08e39a6ac5b4d565b0f4eea211688dfcffad93d9c534ad1c8b2517dcf778797a45b32b88b7880c5122eff57a20ac7211b96753987c85f18d86103e0eb0d2266bd6e51695e6ad", 0xe9}, {&(0x7f0000000a40)="a874f71022111112ec5e2602f419e493ea5b4acf974d9283ee3375a461bb9065c90429ee1e99af0ae05a2cdf6095f3c3bcaf502fe5bc586d74a09a829064afeb21d6a37184cba31f9a404f96368db3439c616b32ca53867d1287a26ea498e4f743acd6252d1590999bc24f950e04e6a96c8637d150e4dca23239ce0412d084932196a057d6486b668c61dd5a01bb22529c0ae2eb008dea68a0770dc99559a527dd152975cbe3751d76d934cafa51e2d9c8cdea4d85e9d6f230d18ad14fdbd9b91a23af1d5d1342d6498847edc850375bd4d65a16c15a271706a98919a7", 0xdd}, {&(0x7f00000003c0)="1ab19edbe25b681773e891fc5c1afd98d5418010c767b52201c900942aa7e965955c", 0x22}, {&(0x7f00000008c0)="6d39fe15634188cee258d64a40c9632217ebadbbccd45f2017d5a1df94c14e8c48abc873f82d01bc4ad0fe0c50d62220aaffcb020d4485ede811aa3444881a134b4ed499eb426b7570697a811ee2ac64300a09a042cf8f", 0x57}], 0x4, &(0x7f0000001200)=ANY=[@ANYBLOB="800000000000000007000000070b450a010101ac1e000183073cac1e0101071b7dac1414bb64010101ac1414aaac1414bb00000000ac1414bb860916ba75d2956527442c2833ac1414bb00000003e000000100000004e0000002ffffff5dac1414bb0000cf107f000001000001ff8310bbded4a7067d627ba07946ab21900000100000000000000001000000000100000d0000000000000001000000000000000d"], 0xb0}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000001340)="565f22c57f868101817bab3ced7dd60d3ac9d1fbd7502a803953de3ac6782cfd4833d91253647e92361374f950b8e516af86e93064698099f5215219dd729140f4bd761d6830a236e974f7830cd904bed6f0", 0x52}], 0x1}}], 0x4, 0x4004880) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) kernel console output (not intermixed with test programs): __do_fast_syscall_32+0x73/0x120 [ 467.666277][T11032] do_fast_syscall_32+0x32/0x80 [ 467.667547][T11032] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 467.669203][T11032] RIP: 0023:0xf7fb1579 [ 467.670276][T11032] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 467.675468][T11032] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 467.677653][T11032] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 467.679718][T11032] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 467.682037][T11032] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 467.684738][T11032] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 467.686814][T11032] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 467.688916][T11032] [ 467.870466][T11044] 9pnet_virtio: no channels available for device syz [ 468.764880][T11058] 9pnet_virtio: no channels available for device syz [ 468.905378][T11067] FAULT_INJECTION: forcing a failure. [ 468.905378][T11067] name failslab, interval 1, probability 0, space 0, times 0 [ 468.913147][T11067] CPU: 2 UID: 0 PID: 11067 Comm: syz.1.1805 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 468.916909][T11067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 468.920617][T11067] Call Trace: [ 468.921798][T11067] [ 468.922837][T11067] dump_stack_lvl+0x16c/0x1f0 [ 468.924467][T11067] should_fail_ex+0x497/0x5b0 [ 468.926107][T11067] ? fs_reclaim_acquire+0xae/0x160 [ 468.927852][T11067] should_failslab+0xc2/0x120 [ 468.929492][T11067] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 468.931364][T11067] ? io_submit_one+0x123/0x1da0 [ 468.933046][T11067] io_submit_one+0x123/0x1da0 [ 468.934674][T11067] ? __pfx_io_submit_one+0x10/0x10 [ 468.936509][T11067] ? __might_fault+0x13b/0x190 [ 468.938208][T11067] ? lock_acquire+0x2f/0xb0 [ 468.939814][T11067] ? __might_fault+0xe3/0x190 [ 468.941462][T11067] ? __ia32_compat_sys_io_submit+0x1af/0x390 [ 468.943516][T11067] __ia32_compat_sys_io_submit+0x1af/0x390 [ 468.945540][T11067] ? __pfx___ia32_compat_sys_io_submit+0x10/0x10 [ 468.947738][T11067] __do_fast_syscall_32+0x73/0x120 [ 468.949530][T11067] do_fast_syscall_32+0x32/0x80 [ 468.951239][T11067] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 468.953449][T11067] RIP: 0023:0xf742e579 [ 468.954846][T11067] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 468.961437][T11067] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 00000000000000f8 [ 468.964277][T11067] RAX: ffffffffffffffda RBX: 00000000f7f8e000 RCX: 0000000000000001 [ 468.966949][T11067] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 468.969607][T11067] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 468.972301][T11067] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 468.974959][T11067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 468.977700][T11067] [ 469.667004][T11077] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12) [ 469.669365][T11077] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 469.672556][T11077] vhci_hcd vhci_hcd.0: Device attached [ 469.682947][T11081] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1810'. [ 469.708242][T11078] vhci_hcd: connection closed [ 469.710314][ T73] vhci_hcd: stop threads [ 469.713521][ T73] vhci_hcd: release socket [ 469.715134][ T73] vhci_hcd: disconnect device [ 469.724024][T11083] FAULT_INJECTION: forcing a failure. [ 469.724024][T11083] name failslab, interval 1, probability 0, space 0, times 0 [ 469.727470][T11083] CPU: 0 UID: 0 PID: 11083 Comm: syz.2.1811 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 469.731096][T11083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 469.734702][T11083] Call Trace: [ 469.735947][T11083] [ 469.737016][T11083] dump_stack_lvl+0x16c/0x1f0 [ 469.738659][T11083] should_fail_ex+0x497/0x5b0 [ 469.740318][T11083] ? fs_reclaim_acquire+0xae/0x160 [ 469.742072][T11083] should_failslab+0xc2/0x120 [ 469.743723][T11083] __kmalloc_noprof+0xcb/0x410 [ 469.745465][T11083] ? rcu_is_watching+0x12/0xc0 [ 469.747212][T11083] tomoyo_encode2+0x100/0x3e0 [ 469.748964][T11083] tomoyo_realpath_from_path+0x1a7/0x710 [ 469.751009][T11083] ? tomoyo_path_number_perm+0x232/0x5b0 [ 469.753049][T11083] tomoyo_path_number_perm+0x245/0x5b0 [ 469.755035][T11083] ? tomoyo_path_number_perm+0x232/0x5b0 [ 469.757077][T11083] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 469.759222][T11083] ? trace_lock_acquire+0x14a/0x1d0 [ 469.760875][T11083] ? lock_acquire+0x2f/0xb0 [ 469.762294][T11083] ? __fget_files+0x40/0x3f0 [ 469.763677][T11083] ? __fget_files+0x244/0x3f0 [ 469.764914][T11083] security_file_ioctl_compat+0x9b/0x240 [ 469.766388][T11083] __do_compat_sys_ioctl+0x52/0x2b0 [ 469.768123][T11083] __do_fast_syscall_32+0x73/0x120 [ 469.769899][T11083] do_fast_syscall_32+0x32/0x80 [ 469.771590][T11083] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 469.773602][T11083] RIP: 0023:0xf7fb1579 [ 469.774680][T11083] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 469.780262][T11083] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 469.782425][T11083] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000ae60 [ 469.784578][T11083] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 469.786717][T11083] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 469.789435][T11083] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 469.791837][T11083] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 469.793970][T11083] [ 469.794881][ C0] vkms_vblank_simulate: vblank timer overrun [ 469.797063][T11083] ERROR: Out of memory at tomoyo_realpath_from_path. [ 469.987947][ T5355] Bluetooth: hci1: command tx timeout [ 470.220290][T11093] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 470.220718][T11094] xt_socket: unknown flags 0x46 [ 470.231831][T11094] input: syz1 as /devices/virtual/input/input17 [ 470.545697][T11101] x_tables: duplicate underflow at hook 1 [ 470.727961][ T828] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 470.880932][ T828] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 470.886713][ T828] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 470.899050][ T828] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 470.904728][ T828] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 470.907636][ T828] usb 6-1: SerialNumber: syz [ 470.912769][ T828] usb 6-1: bad CDC descriptors [ 471.122351][ T828] usb 6-1: USB disconnect, device number 22 [ 471.713137][T11113] netlink: 'syz.2.1820': attribute type 10 has an invalid length. [ 471.718776][T11113] macvlan0: entered promiscuous mode [ 471.721222][T11113] macvlan0: entered allmulticast mode [ 471.727366][T11113] veth1_vlan: entered allmulticast mode [ 471.732489][T11113] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 472.031222][T11126] netlink: 'syz.1.1825': attribute type 1 has an invalid length. [ 472.036653][T11126] sp0: Synchronizing with TNC [ 472.052376][T11125] netlink: 134744 bytes leftover after parsing attributes in process `syz.3.1824'. [ 472.157597][T11130] ALSA: seq fatal error: cannot create timer (-22) [ 472.878325][T11143] FAULT_INJECTION: forcing a failure. [ 472.878325][T11143] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 472.881945][T11143] CPU: 0 UID: 0 PID: 11143 Comm: syz.1.1830 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 472.884761][T11143] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 472.887559][T11143] Call Trace: [ 472.888449][T11143] [ 472.889234][T11143] dump_stack_lvl+0x16c/0x1f0 [ 472.890586][T11143] should_fail_ex+0x497/0x5b0 [ 472.891837][T11143] _copy_to_iter+0x48b/0x13e0 [ 472.893077][T11143] ? __pfx__copy_to_iter+0x10/0x10 [ 472.894418][T11143] ? __virt_addr_valid+0x1a4/0x590 [ 472.895782][T11143] ? __virt_addr_valid+0x5e/0x590 [ 472.897098][T11143] ? __phys_addr_symbol+0x30/0x80 [ 472.898364][T11143] ? __check_object_size+0x488/0x710 [ 472.899766][T11143] seq_read_iter+0xd00/0x12b0 [ 472.901486][T11143] seq_read+0x39f/0x4e0 [ 472.902906][T11143] ? __pfx_seq_read+0x10/0x10 [ 472.904519][T11143] ? copy_compat_iovec_from_user+0x138/0x180 [ 472.906562][T11143] ? import_ubuf+0x1a4/0x200 [ 472.908161][T11143] ? __pfx_seq_read+0x10/0x10 [ 472.909756][T11143] proc_reg_read+0x23d/0x330 [ 472.911343][T11143] ? __pfx_proc_reg_read+0x10/0x10 [ 472.913073][T11143] vfs_readv+0x6bf/0x890 [ 472.914507][T11143] ? __pfx_vfs_readv+0x10/0x10 [ 472.916138][T11143] ? find_held_lock+0x2d/0x110 [ 472.917729][T11143] ? __pfx_lock_release+0x10/0x10 [ 472.919398][T11143] ? trace_lock_acquire+0x14a/0x1d0 [ 472.921097][T11143] ? __fget_files+0x244/0x3f0 [ 472.922700][T11143] ? do_preadv+0x1b4/0x270 [ 472.924222][T11143] do_preadv+0x1b4/0x270 [ 472.925634][T11143] ? __pfx_do_preadv+0x10/0x10 [ 472.927250][T11143] __do_fast_syscall_32+0x73/0x120 [ 472.928985][T11143] do_fast_syscall_32+0x32/0x80 [ 472.930584][T11143] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 472.932668][T11143] RIP: 0023:0xf742e579 [ 472.934060][T11143] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 472.940370][T11143] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 000000000000014d [ 472.943136][T11143] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000840 [ 472.945776][T11143] RDX: 0000000000000001 RSI: 0000000000000180 RDI: 0000000000000000 [ 472.948509][T11143] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 472.951185][T11143] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 472.953867][T11143] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 472.956475][T11143] [ 473.089030][T11146] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 473.366362][T11154] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 473.756697][T11159] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 474.298414][T11173] netlink: 'syz.0.1840': attribute type 10 has an invalid length. [ 474.313688][T11173] team0: Port device netdevsim0 added [ 474.321920][T11173] netlink: 'syz.0.1840': attribute type 10 has an invalid length. [ 474.332966][T11173] team0: Port device netdevsim0 removed [ 474.336363][T11173] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 474.670602][T11169] fuse: Unknown parameter 'ûd¡' [ 474.912992][T11192] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 474.915490][T11192] overlayfs: failed to set xattr on upper [ 474.917180][T11192] overlayfs: ...falling back to redirect_dir=nofollow. [ 474.919695][T11192] overlayfs: ...falling back to index=off. [ 474.921813][T11192] overlayfs: ...falling back to uuid=null. [ 475.022292][T11165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 475.435924][T11205] FAULT_INJECTION: forcing a failure. [ 475.435924][T11205] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 475.440797][T11205] CPU: 0 UID: 0 PID: 11205 Comm: syz.0.1850 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 475.444600][T11205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 475.448469][T11205] Call Trace: [ 475.449696][T11205] [ 475.450685][T11205] dump_stack_lvl+0x16c/0x1f0 [ 475.452159][T11205] should_fail_ex+0x497/0x5b0 [ 475.453622][T11205] strncpy_from_user+0x3b/0x2a0 [ 475.455147][T11205] getname_flags.part.0+0x8f/0x550 [ 475.456741][T11205] ? __pfx_ksys_write+0x10/0x10 [ 475.458247][T11205] getname_flags+0x93/0xf0 [ 475.459636][T11205] __ia32_sys_symlinkat+0x79/0xc0 [ 475.461182][T11205] __do_fast_syscall_32+0x73/0x120 [ 475.462762][T11205] do_fast_syscall_32+0x32/0x80 [ 475.464279][T11205] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 475.466233][T11205] RIP: 0023:0xf747e579 [ 475.467501][T11205] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 475.473315][T11205] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000130 [ 475.475859][T11205] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000ffffff9c [ 475.478264][T11205] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 475.480681][T11205] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 475.483085][T11205] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 475.485496][T11205] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 475.487918][T11205] [ 476.412278][T11218] fuse: Bad value for 'fd' [ 477.336685][T11230] vivid-000: ================= START STATUS ================= [ 477.343479][T11230] vivid-000: Test Pattern: 75% Colorbar [ 477.345118][T11230] vivid-000: Fill Percentage of Frame: 100 [ 477.346670][T11230] vivid-000: Horizontal Movement: No Movement [ 477.350832][T11230] vivid-000: Vertical Movement: No Movement [ 477.352517][T11230] vivid-000: OSD Text Mode: All [ 477.353812][T11230] vivid-000: Show Border: false [ 477.355320][T11230] vivid-000: Show Square: false [ 477.356759][T11230] vivid-000: Sensor Flipped Horizontally: false [ 477.358832][T11230] vivid-000: Sensor Flipped Vertically: false [ 477.360503][T11230] vivid-000: Insert SAV Code in Image: false [ 477.362097][T11230] vivid-000: Insert EAV Code in Image: false [ 477.365346][T11230] vivid-000: Insert Video Guard Band: false [ 477.366937][T11230] vivid-000: Reduced Framerate: false [ 477.371116][T11230] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 477.373185][T11230] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 477.375269][T11230] vivid-000: Enable Capture Cropping: true grabbed [ 477.377082][T11230] vivid-000: Enable Capture Composing: true grabbed [ 477.380065][T11230] vivid-000: Enable Capture Scaler: true grabbed [ 477.381790][T11230] vivid-000: Timestamp Source: End of Frame [ 477.383383][T11230] vivid-000: Colorspace: sRGB [ 477.384631][T11230] vivid-000: Transfer Function: Default [ 477.386109][T11230] vivid-000: Y'CbCr Encoding: Default [ 477.387635][T11230] vivid-000: HSV Encoding: Hue 0-179 [ 477.392083][T11230] vivid-000: Quantization: Default [ 477.393512][T11230] vivid-000: Apply Alpha To Red Only: false [ 477.395104][T11230] vivid-000: Standard Aspect Ratio: 4x3 [ 477.396757][T11230] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 477.399786][T11230] vivid-000: DV Timings: 640x480p59 inactive [ 477.401431][T11230] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 477.403398][T11230] vivid-000: Maximum EDID Blocks: 2 [ 477.404787][T11230] vivid-000: Limited RGB Range (16-235): false [ 477.406415][T11230] vivid-000: Rx RGB Quantization Range: Automatic [ 477.410743][T11230] vivid-000: Power Present: 0x00000001 [ 477.412356][T11230] tpg source WxH: 320x180 (Y'CbCr) [ 477.413712][T11230] tpg field: 1 [ 477.414623][T11230] tpg crop: 320x180@0x0 [ 477.415754][T11230] tpg compose: 320x180@0x0 [ 477.416944][T11230] tpg colorspace: 8 [ 477.419761][T11230] tpg transfer function: 0/2 [ 477.421090][T11230] tpg Y'CbCr encoding: 0/1 [ 477.422281][T11230] tpg quantization: 0/2 [ 477.423388][T11230] tpg RGB range: 0/2 [ 477.424426][T11230] vivid-000: ================== END STATUS ================== [ 477.489344][ T5408] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 477.638201][ T5408] usb 7-1: Using ep0 maxpacket: 32 [ 477.651141][ T5408] usb 7-1: config 0 has an invalid interface number: 9 but max is 0 [ 477.653709][ T5408] usb 7-1: config 0 has no interface number 0 [ 477.662816][ T5408] usb 7-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 477.665299][ T5408] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.687360][ T5408] usb 7-1: Product: syz [ 477.688882][ T5408] usb 7-1: Manufacturer: syz [ 477.693994][ T5408] usb 7-1: SerialNumber: syz [ 477.705844][ T5408] usb 7-1: config 0 descriptor?? [ 477.713627][ T5408] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 478.945178][ T5408] gspca_topro: reg_w err -71 [ 478.968423][T11258] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1864'. [ 478.977865][ T5408] gspca_topro: Sensor soi763a [ 478.981903][ T5408] usb 7-1: USB disconnect, device number 29 [ 479.192362][T11266] FAULT_INJECTION: forcing a failure. [ 479.192362][T11266] name failslab, interval 1, probability 0, space 0, times 0 [ 479.195886][T11266] CPU: 0 UID: 0 PID: 11266 Comm: syz.3.1866 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 479.198676][T11266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 479.201458][T11266] Call Trace: [ 479.202342][T11266] [ 479.203134][T11266] dump_stack_lvl+0x16c/0x1f0 [ 479.204394][T11266] should_fail_ex+0x497/0x5b0 [ 479.205648][T11266] ? fs_reclaim_acquire+0xae/0x160 [ 479.206988][T11266] should_failslab+0xc2/0x120 [ 479.208246][T11266] __kmalloc_noprof+0xcb/0x410 [ 479.209512][T11266] ? __pfx_d_absolute_path+0x10/0x10 [ 479.210906][T11266] tomoyo_encode2+0x100/0x3e0 [ 479.212152][T11266] tomoyo_realpath_from_path+0x1a7/0x710 [ 479.213621][T11266] tomoyo_path_number_perm+0x245/0x5b0 [ 479.215056][T11266] ? tomoyo_path_number_perm+0x232/0x5b0 [ 479.216529][T11266] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 479.218102][T11266] ? trace_lock_acquire+0x14a/0x1d0 [ 479.219637][T11266] ? lock_acquire+0x2f/0xb0 [ 479.220836][T11266] ? __fget_files+0x40/0x3f0 [ 479.222049][T11266] ? __fget_files+0x244/0x3f0 [ 479.223290][T11266] security_file_ioctl_compat+0x9b/0x240 [ 479.224767][T11266] __do_compat_sys_ioctl+0x52/0x2b0 [ 479.226131][T11266] __do_fast_syscall_32+0x73/0x120 [ 479.227483][T11266] do_fast_syscall_32+0x32/0x80 [ 479.228759][T11266] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 479.230412][T11266] RIP: 0023:0xf742e579 [ 479.231494][T11266] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 479.236490][T11266] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 479.238679][T11266] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c06864ce [ 479.240741][T11266] RDX: 0000000020002240 RSI: 0000000000000000 RDI: 0000000000000000 [ 479.242792][T11266] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 479.244852][T11266] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 479.246911][T11266] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 479.248987][T11266] [ 479.250160][T11266] ERROR: Out of memory at tomoyo_realpath_from_path. [ 479.258621][T11267] fuse: Unknown parameter 'mñÙEM"Ø…äò¾î0x0000000000000009' [ 479.568093][T11271] FAULT_INJECTION: forcing a failure. [ 479.568093][T11271] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 479.572304][T11271] CPU: 2 UID: 0 PID: 11271 Comm: syz.2.1868 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 479.575912][T11271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 479.579513][T11271] Call Trace: [ 479.580681][T11271] [ 479.581725][T11271] dump_stack_lvl+0x16c/0x1f0 [ 479.583388][T11271] should_fail_ex+0x497/0x5b0 [ 479.585041][T11271] strncpy_from_user+0x3b/0x2a0 [ 479.586697][T11271] bpf_raw_tp_link_attach+0x115/0x540 [ 479.588592][T11271] ? __pfx_lock_release+0x10/0x10 [ 479.590358][T11271] ? trace_lock_acquire+0x14a/0x1d0 [ 479.592183][T11271] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 479.594250][T11271] ? lock_acquire+0x2f/0xb0 [ 479.595864][T11271] ? __fget_files+0x40/0x3f0 [ 479.597498][T11271] ? fput+0x30/0x390 [ 479.598884][T11271] ? __bpf_prog_get+0xa0/0x290 [ 479.600578][T11271] __sys_bpf+0x3a7/0x5780 [ 479.602102][T11271] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 479.604149][T11271] ? lockdep_hardirqs_on+0x7c/0x110 [ 479.605965][T11271] ? __pfx___sys_bpf+0x10/0x10 [ 479.607658][T11271] ? find_held_lock+0x2d/0x110 [ 479.609337][T11271] ? bpf_trace_run2+0x266/0x590 [ 479.611039][T11271] ? __pfx_lock_release+0x10/0x10 [ 479.612814][T11271] ? bpf_send_signal_common+0x2b5/0x3a0 [ 479.614747][T11271] ? fput+0x30/0x390 [ 479.616154][T11271] ? ksys_write+0x1ad/0x260 [ 479.617760][T11271] __ia32_sys_bpf+0x76/0xe0 [ 479.619363][T11271] __do_fast_syscall_32+0x73/0x120 [ 479.621164][T11271] do_fast_syscall_32+0x32/0x80 [ 479.622920][T11271] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 479.625147][T11271] RIP: 0023:0xf7fb1579 [ 479.626603][T11271] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 479.633245][T11271] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 479.636155][T11271] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 00000000200002c0 [ 479.638883][T11271] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 479.641636][T11271] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 479.644253][T11271] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 479.646982][T11271] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 479.649720][T11271] [ 480.217170][T11280] FAULT_INJECTION: forcing a failure. [ 480.217170][T11280] name failslab, interval 1, probability 0, space 0, times 0 [ 480.220789][T11280] CPU: 0 UID: 0 PID: 11280 Comm: syz.1.1871 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 480.223622][T11280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 480.226439][T11280] Call Trace: [ 480.227337][T11280] [ 480.228220][T11280] dump_stack_lvl+0x16c/0x1f0 [ 480.229513][T11280] should_fail_ex+0x497/0x5b0 [ 480.230773][T11280] should_failslab+0xc2/0x120 [ 480.232037][T11280] __kmalloc_noprof+0xcb/0x410 [ 480.233333][T11280] io_cqring_event_overflow+0xcb/0x6f0 [ 480.234782][T11280] __io_submit_flush_completions+0x1069/0x20e0 [ 480.236451][T11280] ? io_queue_sqe_fallback+0x121/0xaa0 [ 480.237934][T11280] io_submit_sqes+0xa73/0x2530 [ 480.239226][T11280] __do_sys_io_uring_enter+0xc0f/0x1170 [ 480.240714][T11280] ? __fget_files+0x244/0x3f0 [ 480.241964][T11280] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 480.243562][T11280] ? fput+0x30/0x390 [ 480.244609][T11280] ? ksys_write+0x1ad/0x260 [ 480.245812][T11280] ? __pfx_ksys_write+0x10/0x10 [ 480.247117][T11280] __do_fast_syscall_32+0x73/0x120 [ 480.248534][T11280] do_fast_syscall_32+0x32/0x80 [ 480.249832][T11280] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 480.251519][T11280] RIP: 0023:0xf742e579 [ 480.252598][T11280] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 480.257662][T11280] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa [ 480.259890][T11280] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000002d3e [ 480.261958][T11280] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 480.264037][T11280] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 480.266115][T11280] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 480.268217][T11280] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 480.270329][T11280] [ 480.478528][T11291] netlink: 134744 bytes leftover after parsing attributes in process `syz.0.1876'. [ 482.059045][T11322] netlink: 134744 bytes leftover after parsing attributes in process `syz.1.1888'. [ 482.231411][T11334] xt_hashlimit: max too large, truncated to 1048576 [ 482.233449][T11334] xt_hashlimit: overflow, try lower: 0/0 [ 482.329750][T11338] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1894'. [ 482.354675][T11342] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 482.510642][ T5408] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 482.512113][T11348] netlink: 134744 bytes leftover after parsing attributes in process `syz.2.1900'. [ 482.568962][T11352] 9pnet: Unknown protocol version 9 [ 482.603007][T11354] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 482.760860][ T5408] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 482.763776][ T5408] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 482.766301][ T5408] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 482.768939][ T5408] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.772982][T11335] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 482.776270][ T5408] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 482.810153][T11361] tmpfs: Bad value for 'nr_blocks' [ 482.878837][T11363] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1906'. [ 482.881753][T11363] openvswitch: netlink: Tunnel attr 0 has unexpected len 13 expected 8 [ 482.960824][T11366] binder: 11365:11366 ioctl c0306201 20000140 returned -14 [ 483.006824][T11335] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1892'. [ 483.039047][T11369] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 483.231194][T11376] 9pnet: Unknown protocol version 9 [ 483.342570][T11380] FAULT_INJECTION: forcing a failure. [ 483.342570][T11380] name failslab, interval 1, probability 0, space 0, times 0 [ 483.348345][T11380] CPU: 1 UID: 0 PID: 11380 Comm: syz.3.1913 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 483.352104][T11380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 483.355847][T11380] Call Trace: [ 483.357073][T11380] [ 483.358148][T11380] dump_stack_lvl+0x16c/0x1f0 [ 483.359859][T11380] should_fail_ex+0x497/0x5b0 [ 483.361572][T11380] ? fs_reclaim_acquire+0xae/0x160 [ 483.363443][T11380] should_failslab+0xc2/0x120 [ 483.365116][T11380] __kmalloc_cache_node_noprof+0x6e/0x360 [ 483.367140][T11380] ? __pfx_mark_lock+0x10/0x10 [ 483.368895][T11380] ? __get_vm_area_node+0xe1/0x2d0 [ 483.370756][T11380] __get_vm_area_node+0xe1/0x2d0 [ 483.372575][T11380] __vmalloc_node_range_noprof+0x26a/0x15a0 [ 483.374665][T11380] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 483.376610][T11380] ? hlock_class+0x4e/0x130 [ 483.378252][T11380] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 483.380232][T11380] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 483.382421][T11380] ? __pfx___lock_acquire+0x10/0x10 [ 483.384210][T11380] ? __pfx_aa_get_newest_label+0x10/0x10 [ 483.386132][T11380] ? __pfx___lock_acquire+0x10/0x10 [ 483.388076][T11380] ? __pfx_mark_lock+0x10/0x10 [ 483.389743][T11380] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 483.391654][T11380] __vmalloc_noprof+0x6d/0x90 [ 483.393267][T11380] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 483.395141][T11380] bpf_prog_alloc_no_stats+0x54/0x5e0 [ 483.397012][T11380] ? security_capable+0x7e/0x260 [ 483.398725][T11380] bpf_prog_alloc+0x3b/0x230 [ 483.400296][T11380] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 483.402398][T11380] bpf_prog_load+0x1b4e/0x2670 [ 483.404113][T11380] ? __pfx_bpf_prog_load+0x10/0x10 [ 483.405978][T11380] ? find_held_lock+0x2d/0x110 [ 483.407802][T11380] __sys_bpf+0x4c8c/0x5780 [ 483.409383][T11380] ? ksys_write+0x21e/0x260 [ 483.411016][T11380] ? __pfx___sys_bpf+0x10/0x10 [ 483.412732][T11380] ? vfs_write+0x14d/0x1140 [ 483.414352][T11380] ? __mutex_unlock_slowpath+0x164/0x650 [ 483.416334][T11380] ? fput+0x30/0x390 [ 483.417702][T11380] ? ksys_write+0x1ad/0x260 [ 483.419300][T11380] ? __pfx_ksys_write+0x10/0x10 [ 483.421027][T11380] __ia32_sys_bpf+0x76/0xe0 [ 483.422678][T11380] __do_fast_syscall_32+0x73/0x120 [ 483.424515][T11380] do_fast_syscall_32+0x32/0x80 [ 483.426200][T11380] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 483.428391][T11380] RIP: 0023:0xf742e579 [ 483.429813][T11380] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 483.436524][T11380] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 483.439293][T11380] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000140 [ 483.441367][T11380] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 483.444073][T11380] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 483.446910][T11380] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 483.449710][T11380] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 483.452516][T11380] [ 483.471880][T11380] syz.3.1913: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 483.478475][T11380] CPU: 1 UID: 0 PID: 11380 Comm: syz.3.1913 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 483.482314][T11380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 483.486095][T11380] Call Trace: [ 483.487304][T11380] [ 483.488399][T11380] dump_stack_lvl+0x16c/0x1f0 [ 483.490088][T11380] warn_alloc+0x24d/0x3a0 [ 483.491643][T11380] ? __pfx_warn_alloc+0x10/0x10 [ 483.493384][T11380] ? rcu_is_watching+0x12/0xc0 [ 483.495116][T11380] ? trace_kmalloc+0x2d/0xe0 [ 483.496841][T11380] ? __kasan_kmalloc+0x8a/0xb0 [ 483.498615][T11380] ? __get_vm_area_node+0x1bc/0x2d0 [ 483.500528][T11380] __vmalloc_node_range_noprof+0xd27/0x15a0 [ 483.502648][T11380] ? hlock_class+0x4e/0x130 [ 483.504286][T11380] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 483.506224][T11380] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 483.508459][T11380] ? __pfx___lock_acquire+0x10/0x10 [ 483.510411][T11380] ? __pfx_aa_get_newest_label+0x10/0x10 [ 483.512689][T11380] ? __pfx___lock_acquire+0x10/0x10 [ 483.514982][T11380] ? __pfx_mark_lock+0x10/0x10 [ 483.516948][T11380] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 483.519007][T11380] __vmalloc_noprof+0x6d/0x90 [ 483.520800][T11380] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 483.522875][T11380] bpf_prog_alloc_no_stats+0x54/0x5e0 [ 483.524911][T11380] ? security_capable+0x7e/0x260 [ 483.526778][T11380] bpf_prog_alloc+0x3b/0x230 [ 483.528540][T11380] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 483.530593][T11380] bpf_prog_load+0x1b4e/0x2670 [ 483.532313][T11380] ? __pfx_bpf_prog_load+0x10/0x10 [ 483.534115][T11380] ? find_held_lock+0x2d/0x110 [ 483.535902][T11380] __sys_bpf+0x4c8c/0x5780 [ 483.537795][T11380] ? ksys_write+0x21e/0x260 [ 483.539615][T11380] ? __pfx___sys_bpf+0x10/0x10 [ 483.541446][T11380] ? vfs_write+0x14d/0x1140 [ 483.543114][T11380] ? __mutex_unlock_slowpath+0x164/0x650 [ 483.545261][T11380] ? fput+0x30/0x390 [ 483.546702][T11380] ? ksys_write+0x1ad/0x260 [ 483.548364][T11380] ? __pfx_ksys_write+0x10/0x10 [ 483.550159][T11380] __ia32_sys_bpf+0x76/0xe0 [ 483.551909][T11380] __do_fast_syscall_32+0x73/0x120 [ 483.553808][T11380] do_fast_syscall_32+0x32/0x80 [ 483.555689][T11380] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 483.558114][T11380] RIP: 0023:0xf742e579 [ 483.559679][T11380] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 483.566607][T11380] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 483.569624][T11380] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000140 [ 483.572572][T11380] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 483.575091][T11380] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 483.577890][T11380] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 483.580906][T11380] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 483.583820][T11380] [ 483.585744][T11380] Mem-Info: [ 483.587152][T11380] active_anon:20859 inactive_anon:18 isolated_anon:0 [ 483.587152][T11380] active_file:23007 inactive_file:32779 isolated_file:0 [ 483.587152][T11380] unevictable:768 dirty:418 writeback:0 [ 483.587152][T11380] slab_reclaimable:4453 slab_unreclaimable:54471 [ 483.587152][T11380] mapped:18108 shmem:14910 pagetables:690 [ 483.587152][T11380] sec_pagetables:328 bounce:0 [ 483.587152][T11380] kernel_misc_reclaimable:0 [ 483.587152][T11380] free:56208 free_pcp:2234 free_cma:0 [ 483.604705][T11380] Node 0 active_anon:100kB inactive_anon:96kB active_file:0kB inactive_file:12kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:3588kB dirty:8kB writeback:0kB shmem:1544kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9944kB pagetables:1392kB sec_pagetables:1212kB all_unreclaimable? no [ 483.616670][T11380] Node 1 active_anon:77552kB inactive_anon:8kB active_file:92028kB inactive_file:131104kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:68844kB dirty:1664kB writeback:0kB shmem:58104kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1904kB pagetables:1368kB sec_pagetables:100kB all_unreclaimable? no [ 483.628963][T11380] Node 0 DMA free:932kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:8kB free_cma:0kB [ 483.639959][T11380] lowmem_reserve[]: 0 273 0 0 0 [ 483.644277][T11380] Node 0 DMA32 free:21452kB boost:0kB min:13904kB low:17380kB high:20856kB reserved_highatomic:4096KB active_anon:32kB inactive_anon:372kB active_file:0kB inactive_file:8kB unevictable:1536kB writepending:4kB present:1032196kB managed:306280kB mlocked:0kB bounce:0kB free_pcp:2048kB local_pcp:932kB free_cma:0kB [ 483.657547][T11380] lowmem_reserve[]: 0 0 0 0 0 [ 483.660868][T11380] Node 1 DMA32 free:219116kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:71952kB inactive_anon:8kB active_file:92028kB inactive_file:131104kB unevictable:1536kB writepending:1664kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:1836kB local_pcp:1016kB free_cma:0kB [ 483.675101][T11380] lowmem_reserve[]: 0 0 0 0 0 [ 483.677610][T11380] Node 0 DMA: 47*4kB (U) 65*8kB (U) 10*16kB (U) 2*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 932kB [ 483.685810][T11380] Node 0 DMA32: 532*4kB (UMH) 134*8kB (UMEH) 43*16kB (UMEH) 121*32kB (UMEH) 38*64kB (UMEH) 28*128kB (UMEH) 10*256kB (UME) 3*512kB (UME) 2*1024kB (ME) 1*2048kB (M) 0*4096kB = 21968kB [ 483.696974][T11380] Node 1 DMA32: 406*4kB (UME) 843*8kB (UME) 84*16kB (UME) 185*32kB (UME) 216*64kB (UME) 254*128kB (UME) 104*256kB (UME) 66*512kB (UME) 43*1024kB (UME) 14*2048kB (M) 6*4096kB (UM) = 219664kB [ 483.704798][T11380] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 483.712874][T11380] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 483.717657][T11380] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 483.728120][T11380] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 483.731468][T11380] 70951 total pagecache pages [ 483.733171][T11380] 253 pages in swap cache [ 483.734739][T11380] Free swap = 114432kB [ 483.736216][T11380] Total swap = 124996kB [ 483.737680][T11380] 524155 pages RAM [ 483.739207][T11380] 0 pages HighMem/MovableOnly [ 483.740563][T11380] 206682 pages reserved [ 483.741699][T11380] 0 pages cma reserved [ 484.137939][ T828] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 484.310292][ T828] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 484.313230][ T828] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 484.315821][ T828] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 484.327631][ T828] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.338431][T11388] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 484.380071][ T828] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 484.384815][ T5408] usb 6-1: USB disconnect, device number 23 [ 484.581745][T11388] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1916'. [ 484.583808][T11392] FAULT_INJECTION: forcing a failure. [ 484.583808][T11392] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 484.589871][T11392] CPU: 0 UID: 0 PID: 11392 Comm: syz.0.1917 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 484.593751][T11392] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 484.597666][T11392] Call Trace: [ 484.598846][T11392] [ 484.599962][T11392] dump_stack_lvl+0x16c/0x1f0 [ 484.601692][T11392] should_fail_ex+0x497/0x5b0 [ 484.603412][T11392] _copy_from_iter+0x29b/0x13e0 [ 484.605211][T11392] ? __pfx__copy_from_iter+0x10/0x10 [ 484.607148][T11392] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 484.609360][T11392] ? tun_build_skb.constprop.0+0x1b8/0x1120 [ 484.611542][T11392] ? __pfx_lock_release+0x10/0x10 [ 484.613413][T11392] ? trace_lock_acquire+0x14a/0x1d0 [ 484.615361][T11392] copy_page_from_iter+0xa5/0x120 [ 484.617232][T11392] tun_build_skb.constprop.0+0x294/0x1120 [ 484.619338][T11392] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 484.621542][T11392] ? __pfx___lock_acquire+0x10/0x10 [ 484.623472][T11392] ? __pfx___lock_acquire+0x10/0x10 [ 484.625396][T11392] ? __pfx___lock_acquire+0x10/0x10 [ 484.627255][T11392] ? __lock_acquire+0xbdd/0x3ce0 [ 484.629093][T11392] tun_get_user+0x872/0x3d70 [ 484.630826][T11392] ? find_held_lock+0x2d/0x110 [ 484.632612][T11392] ? __pfx_tun_get_user+0x10/0x10 [ 484.634471][T11392] ? find_held_lock+0x2d/0x110 [ 484.636264][T11392] ? __pfx_lock_release+0x10/0x10 [ 484.638147][T11392] tun_chr_write_iter+0xdc/0x210 [ 484.639984][T11392] vfs_write+0x6b5/0x1140 [ 484.641583][T11392] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 484.643630][T11392] ? trace_lock_acquire+0x14a/0x1d0 [ 484.645564][T11392] ? __pfx_vfs_write+0x10/0x10 [ 484.647355][T11392] ? __fget_files+0x40/0x3f0 [ 484.649074][T11392] ksys_write+0x12f/0x260 [ 484.650672][T11392] ? __pfx_ksys_write+0x10/0x10 [ 484.652487][T11392] __do_fast_syscall_32+0x73/0x120 [ 484.654386][T11392] do_fast_syscall_32+0x32/0x80 [ 484.656208][T11392] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 484.658529][T11392] RIP: 0023:0xf747e579 [ 484.660050][T11392] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 484.667051][T11392] RSP: 002b:00000000f5766530 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 484.670121][T11392] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000140 [ 484.673006][T11392] RDX: 000000000000007a RSI: 00000000f746bff4 RDI: 0000000000000000 [ 484.675889][T11392] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 484.678764][T11392] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 484.681636][T11392] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 484.684526][T11392] [ 484.685798][ C0] vkms_vblank_simulate: vblank timer overrun [ 485.235885][T11406] FAULT_INJECTION: forcing a failure. [ 485.235885][T11406] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 485.242702][T11406] CPU: 0 UID: 0 PID: 11406 Comm: syz.0.1922 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 485.246803][T11406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 485.250725][T11406] Call Trace: [ 485.251985][T11406] [ 485.253099][T11406] dump_stack_lvl+0x16c/0x1f0 [ 485.254880][T11406] should_fail_ex+0x497/0x5b0 [ 485.256681][T11406] _copy_from_user+0x30/0xf0 [ 485.258504][T11406] memdup_user+0x71/0xd0 [ 485.260102][T11406] strndup_user+0x78/0xe0 [ 485.261730][T11406] __ia32_sys_mount+0x138/0x310 [ 485.263562][T11406] ? __pfx___ia32_sys_mount+0x10/0x10 [ 485.265566][T11406] __do_fast_syscall_32+0x73/0x120 [ 485.267498][T11406] do_fast_syscall_32+0x32/0x80 [ 485.269351][T11406] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 485.271720][T11406] RIP: 0023:0xf747e579 [ 485.273254][T11406] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 485.280358][T11406] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 485.283442][T11406] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 485.286330][T11406] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000020000400 [ 485.289282][T11406] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 485.292187][T11406] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 485.295103][T11406] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 485.298095][T11406] [ 485.299540][ C0] vkms_vblank_simulate: vblank timer overrun [ 485.785166][ T56] usb 7-1: USB disconnect, device number 30 [ 486.098108][ T5408] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 486.272864][ T5408] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 486.276488][ T5408] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 486.279541][ T5408] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 486.282398][ T5408] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 486.288409][T11417] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 486.295577][ T5408] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 486.554957][T11417] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1925'. [ 486.657997][T11428] mmap: syz.2.1930 (11428) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 486.952598][ T5408] usb 6-1: USB disconnect, device number 24 [ 487.089314][T11440] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 489.247323][T11478] ipt_REJECT: TCP_RESET invalid for non-tcp [ 489.827873][ T828] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 489.983396][ T828] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 489.986515][ T828] usb 5-1: config 1 has an invalid descriptor of length 110, skipping remainder of the config [ 489.990721][ T828] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 489.993830][ T828] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 101, changing to 10 [ 489.997762][ T828] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 10100, setting to 1024 [ 490.005108][ T828] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 490.009236][ T828] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 490.012291][ T828] usb 5-1: Product: syz [ 490.014071][ T828] usb 5-1: Manufacturer: syz [ 490.026415][T11490] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 490.031400][ T828] cdc_wdm 5-1:1.0: skipping garbage [ 490.033298][ T828] cdc_wdm 5-1:1.0: skipping garbage [ 490.038989][ T828] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 490.041207][ T828] cdc_wdm 5-1:1.0: Unknown control protocol [ 490.247174][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 490.249046][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 490.251177][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 490.252909][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 490.254645][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 490.256377][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 490.258164][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 490.259882][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 490.261620][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 490.263345][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 490.265079][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 490.266782][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 490.268508][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 490.270217][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 490.271981][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 490.273694][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 490.275559][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 490.277277][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 490.279064][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 490.280819][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 492.044854][T11519] netlink: 134744 bytes leftover after parsing attributes in process `syz.3.1961'. [ 492.140931][T11533] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1965'. [ 492.579528][ T828] usb 5-1: USB disconnect, device number 33 [ 492.774663][T11539] overlayfs: conflicting lowerdir path [ 495.709229][T11555] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1973'. [ 495.875657][T11561] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1976'. [ 495.899687][T11561] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 496.398532][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.400935][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.413634][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.416202][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.427879][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.430445][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.432711][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.445426][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.452009][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.454185][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.466989][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.470078][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.472397][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.474671][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.476797][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.479314][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.481232][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.483631][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.485994][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.488522][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.491090][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.493693][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.496057][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.499808][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.502166][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.504474][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.506572][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.511057][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.516641][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.520939][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.523499][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.528044][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.530668][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.533330][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.535825][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.538084][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.540602][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.543090][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.545579][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.548106][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.550214][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.552157][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.554123][ T5392] hid-generic 0001:0000:0000.0035: unknown main item tag 0x0 [ 496.563621][ T5392] hid-generic 0001:0000:0000.0035: hidraw1: HID v7.f7 Device [syz1] on syz1 [ 496.571991][T11575] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1980'. [ 496.575024][T11575] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1980'. [ 497.817909][ T56] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 497.987965][ T56] usb 7-1: Using ep0 maxpacket: 8 [ 497.990751][ T56] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 497.992996][ T56] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 497.995497][ T56] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 498.002307][ T56] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 498.005127][ T56] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 498.008812][ T56] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 498.011131][ T56] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 498.233176][ T56] usb 7-1: GET_CAPABILITIES returned 0 [ 498.235099][ T56] usbtmc 7-1:16.0: can't read capabilities [ 498.442237][ T56] usb 7-1: USB disconnect, device number 31 [ 499.248101][T11599] netlink: 134744 bytes leftover after parsing attributes in process `syz.2.1988'. [ 499.326829][T11602] usb 2-1: USB disconnect, device number 3 [ 499.465520][T11603] hub 2-0:1.0: USB hub found [ 499.467245][T11603] hub 2-0:1.0: 6 ports detected [ 499.648602][ T8316] usb 2-1: new high-speed USB device number 4 using ehci-pci [ 499.795598][T11610] FAULT_INJECTION: forcing a failure. [ 499.795598][T11610] name failslab, interval 1, probability 0, space 0, times 0 [ 499.801954][T11610] CPU: 0 UID: 0 PID: 11610 Comm: syz.2.1992 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 499.805850][T11610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 499.809783][T11610] Call Trace: [ 499.811017][T11610] [ 499.812128][T11610] dump_stack_lvl+0x16c/0x1f0 [ 499.813960][T11610] should_fail_ex+0x497/0x5b0 [ 499.815695][T11610] ? fs_reclaim_acquire+0xae/0x160 [ 499.817513][T11610] should_failslab+0xc2/0x120 [ 499.819206][T11610] kmem_cache_alloc_node_noprof+0x71/0x310 [ 499.821280][T11610] ? __alloc_skb+0x2b3/0x380 [ 499.822949][T11610] __alloc_skb+0x2b3/0x380 [ 499.824557][T11610] ? __pfx___alloc_skb+0x10/0x10 [ 499.826317][T11610] netlink_dump+0x6af/0xcc0 [ 499.828009][T11610] ? __pfx_netlink_dump+0x10/0x10 [ 499.830093][T11610] ? kfree_skbmem+0x1a4/0x1f0 [ 499.831885][T11610] ? kfree_skbmem+0x1a4/0x1f0 [ 499.833672][T11610] netlink_recvmsg+0xa0d/0xf30 [ 499.835506][T11610] ? __pfx_netlink_recvmsg+0x10/0x10 [ 499.837419][T11610] ? aa_sk_perm+0x2f5/0xb20 [ 499.839177][T11610] ? __pfx_aa_sk_perm+0x10/0x10 [ 499.841020][T11610] ? aa_file_perm+0x4d5/0xfe0 [ 499.842403][ T8316] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 499.842787][T11610] sock_recvmsg+0x1f6/0x250 [ 499.847527][T11610] sock_read_iter+0x2bb/0x3b0 [ 499.849267][T11610] ? __pfx_sock_read_iter+0x10/0x10 [ 499.849350][ T8316] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 499.851062][T11610] ? bpf_lsm_file_permission+0x9/0x10 [ 499.851088][T11610] ? security_file_permission+0x71/0x210 [ 499.855059][ T8316] usb 2-1: Product: QEMU USB Tablet [ 499.855792][T11610] vfs_read+0xa3b/0xbd0 [ 499.861106][T11610] ? __pfx_vfs_read+0x10/0x10 [ 499.862141][ T8316] usb 2-1: Manufacturer: QEMU [ 499.862821][T11610] ? __fget_files+0x40/0x3f0 [ 499.865714][T11610] ksys_read+0x1fa/0x260 [ 499.866380][ T8316] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 499.867255][T11610] ? __pfx_ksys_read+0x10/0x10 [ 499.870662][T11610] __do_fast_syscall_32+0x73/0x120 [ 499.872531][T11610] do_fast_syscall_32+0x32/0x80 [ 499.874242][T11610] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 499.876445][T11610] RIP: 0023:0xf7fb1579 [ 499.877921][T11610] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 499.885020][T11610] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 499.888019][T11610] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 499.890802][T11610] RDX: 0000000000000051 RSI: 0000000000000000 RDI: 0000000000000000 [ 499.893752][T11610] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 499.896688][T11610] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 499.899493][T11610] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 499.902298][T11610] [ 499.922336][ T8316] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0036/input/input18 [ 499.997404][ T8316] hid-generic 0003:0627:0001.0036: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 500.789760][ T1374] ieee802154 phy0 wpan0: encryption failed: -22 [ 500.791473][ T1374] ieee802154 phy1 wpan1: encryption failed: -22 [ 500.998238][ T9] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 501.164261][ T9] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 501.169098][ T9] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 501.172740][ T9] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 501.175884][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.184806][T11620] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 501.192649][ T9] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 501.462107][T11620] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1996'. [ 502.216298][ T39] audit: type=1804 audit(1728437965.533:767): pid=11628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1999" name="/newroot/439/bus/file0" dev="overlay" ino=2398 res=1 errno=0 [ 502.477252][ T5361] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 502.482883][ T5361] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 502.486773][ T5361] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 502.498756][ T5361] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 502.501812][ T5361] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 502.504457][ T5361] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 502.622808][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.714933][T11636] chnl_net:caif_netlink_parms(): no params data found [ 502.781226][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.894864][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.028983][T11636] bridge0: port 1(bridge_slave_0) entered blocking state [ 503.030972][T11636] bridge0: port 1(bridge_slave_0) entered disabled state [ 503.032945][T11636] bridge_slave_0: entered allmulticast mode [ 503.035701][T11636] bridge_slave_0: entered promiscuous mode [ 503.039967][T11636] bridge0: port 2(bridge_slave_1) entered blocking state [ 503.041974][T11636] bridge0: port 2(bridge_slave_1) entered disabled state [ 503.043951][T11636] bridge_slave_1: entered allmulticast mode [ 503.046261][T11636] bridge_slave_1: entered promiscuous mode [ 503.073749][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.098546][T11636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 503.103703][T11636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 503.122001][ T8] usb 7-1: USB disconnect, device number 32 [ 503.176082][T11636] team0: Port device team_slave_0 added [ 503.183950][T11636] team0: Port device team_slave_1 added [ 503.224107][T11655] overlay: filesystem on ./bus not supported as upperdir [ 503.226243][T11636] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 503.226258][T11636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 503.237919][T11636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 503.243082][T11636] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 503.245528][T11636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 503.255425][T11636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 503.360166][T11636] hsr_slave_0: entered promiscuous mode [ 503.363035][T11636] hsr_slave_1: entered promiscuous mode [ 503.366384][T11636] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 503.370449][T11636] Cannot create hsr debugfs directory [ 503.654212][T11671] netlink: 134744 bytes leftover after parsing attributes in process `syz.0.2013'. [ 503.736390][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 503.744738][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 503.751123][ T11] bond0 (unregistering): Released all slaves [ 503.761409][ T11] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 503.767543][ T11] bond1 (unregistering): Released all slaves [ 503.775872][ T11] bond2 (unregistering): Released all slaves [ 503.784257][ T11] bond3 (unregistering): Released all slaves [ 503.793394][ T11] bond4 (unregistering): Released all slaves [ 504.147727][T11697] 9pnet_fd: Insufficient options for proto=fd [ 504.207586][T11700] FAULT_INJECTION: forcing a failure. [ 504.207586][T11700] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 504.213921][T11700] CPU: 0 UID: 0 PID: 11700 Comm: syz.0.2022 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 504.216464][T11700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 504.219010][T11700] Call Trace: [ 504.219818][T11700] [ 504.220525][T11700] dump_stack_lvl+0x16c/0x1f0 [ 504.221641][T11700] should_fail_ex+0x497/0x5b0 [ 504.222762][T11700] _copy_from_user+0x30/0xf0 [ 504.223868][T11700] sctp_setsockopt+0x422/0xb880 [ 504.225022][T11700] ? __pfx_sctp_setsockopt+0x10/0x10 [ 504.226423][T11700] ? __pfx_aa_sk_perm+0x10/0x10 [ 504.227795][T11700] ? sock_common_setsockopt+0x2e/0xf0 [ 504.229414][T11700] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 504.231219][T11700] do_sock_setsockopt+0x222/0x480 [ 504.232731][T11700] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 504.234451][T11700] ? fdget+0x176/0x210 [ 504.235714][T11700] __sys_setsockopt+0x1a4/0x270 [ 504.237197][T11700] ? __pfx___sys_setsockopt+0x10/0x10 [ 504.238820][T11700] ? fput+0x30/0x390 [ 504.240024][T11700] ? ksys_write+0x1ad/0x260 [ 504.241401][T11700] ? __pfx_ksys_write+0x10/0x10 [ 504.242874][T11700] __ia32_sys_setsockopt+0xbc/0x160 [ 504.244450][T11700] ? lockdep_hardirqs_on+0x7c/0x110 [ 504.245817][T11700] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 504.247374][T11700] __do_fast_syscall_32+0x73/0x120 [ 504.248570][T11700] do_fast_syscall_32+0x32/0x80 [ 504.250022][T11700] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 504.251934][T11700] RIP: 0023:0xf747e579 [ 504.253166][T11700] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 504.258954][T11700] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 504.261452][T11700] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084 [ 504.263837][T11700] RDX: 0000000000000009 RSI: 0000000020000a00 RDI: 000000000000009c [ 504.266207][T11700] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 504.268596][T11700] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 504.270962][T11700] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 504.273340][T11700] [ 504.450810][ T11] hsr_slave_0: left promiscuous mode [ 504.456263][ T11] hsr_slave_1: left promiscuous mode [ 504.461978][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 504.468409][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 504.473613][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 504.476282][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 504.507355][ T11] veth1_macvtap: left promiscuous mode [ 504.509587][ T11] veth0_macvtap: left promiscuous mode [ 504.511612][ T11] veth1_vlan: left promiscuous mode [ 504.513594][ T11] veth0_vlan: left promiscuous mode [ 504.551283][ T5355] Bluetooth: hci1: command tx timeout [ 504.814579][T11724] syz.2.2026[11724] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 505.655048][ T11] team0 (unregistering): Port device team_slave_1 removed [ 505.777287][ T11] team0 (unregistering): Port device team_slave_0 removed [ 505.822668][T11734] netlink: 134744 bytes leftover after parsing attributes in process `syz.0.2030'. [ 506.614155][T11729] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2028'. [ 506.617529][T11729] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2028'. [ 506.638001][ T5355] Bluetooth: hci1: command tx timeout [ 506.680227][T11736] netlink: 134744 bytes leftover after parsing attributes in process `syz.2.2031'. [ 506.854464][T11751] FAULT_INJECTION: forcing a failure. [ 506.854464][T11751] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 506.860223][T11751] CPU: 0 UID: 0 PID: 11751 Comm: syz.2.2034 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 506.863676][T11751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 506.867107][T11751] Call Trace: [ 506.868219][T11751] [ 506.869211][T11751] dump_stack_lvl+0x16c/0x1f0 [ 506.870727][T11751] should_fail_ex+0x497/0x5b0 [ 506.872246][T11751] _copy_from_user+0x30/0xf0 [ 506.873742][T11751] csum_and_copy_from_iter_full+0x6da/0x1eb0 [ 506.875739][T11751] ? __pfx_csum_and_copy_from_iter_full+0x10/0x10 [ 506.877805][T11751] ? policy_nodemask+0xea/0x4e0 [ 506.879386][T11751] ? alloc_pages_mpol_noprof+0x315/0x610 [ 506.881229][T11751] ip_generic_getfrag+0x175/0x260 [ 506.882912][T11751] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 506.884780][T11751] raw6_getfrag+0x1ed/0x270 [ 506.886298][T11751] ? sk_page_frag_refill+0x6c/0x300 [ 506.888033][T11751] __ip6_append_data.isra.0+0x1b45/0x4540 [ 506.889914][T11751] ? __pfx_raw6_getfrag+0x10/0x10 [ 506.891603][T11751] ? __pfx___ip6_append_data.isra.0+0x10/0x10 [ 506.893588][T11751] ip6_append_data+0x1e6/0x500 [ 506.895205][T11751] ? __pfx_raw6_getfrag+0x10/0x10 [ 506.896864][T11751] rawv6_sendmsg+0x1578/0x43e0 [ 506.898469][T11751] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 506.900156][T11751] ? mark_lock+0xb5/0xc60 [ 506.901554][T11751] ? __pfx_mark_lock+0x10/0x10 [ 506.903169][T11751] ? __lock_acquire+0xbdd/0x3ce0 [ 506.904838][T11751] ? __pfx___lock_acquire+0x10/0x10 [ 506.906580][T11751] ? __pfx___might_resched+0x10/0x10 [ 506.908393][T11751] ? __pfx_aa_sk_perm+0x10/0x10 [ 506.909976][T11751] ? aa_file_perm+0x4c6/0xfe0 [ 506.911394][T11751] ? __pfx_lock_release+0x10/0x10 [ 506.912732][T11751] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 506.914083][T11751] ? inet_sendmsg+0x119/0x140 [ 506.915352][T11751] inet_sendmsg+0x119/0x140 [ 506.916566][T11751] sock_write_iter+0x4ac/0x5b0 [ 506.917846][T11751] ? __pfx_sock_write_iter+0x10/0x10 [ 506.919263][T11751] ? copy_compat_iovec_from_user+0x138/0x180 [ 506.921044][T11751] do_iter_readv_writev+0x532/0x7f0 [ 506.922432][T11751] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 506.924333][T11751] ? bpf_lsm_file_permission+0x9/0x10 [ 506.926153][T11751] ? security_file_permission+0x71/0x210 [ 506.928088][T11751] vfs_writev+0x363/0xdd0 [ 506.929614][T11751] ? find_held_lock+0x2d/0x110 [ 506.931043][T11751] ? __pfx_vfs_writev+0x10/0x10 [ 506.932363][T11751] ? find_held_lock+0x2d/0x110 [ 506.933631][T11751] ? __pfx_lock_release+0x10/0x10 [ 506.934980][T11751] ? trace_lock_acquire+0x14a/0x1d0 [ 506.936368][T11751] ? __fget_files+0x244/0x3f0 [ 506.937664][T11751] ? do_writev+0x289/0x370 [ 506.939400][T11751] do_writev+0x289/0x370 [ 506.940891][T11751] ? __pfx_do_writev+0x10/0x10 [ 506.942563][T11751] __do_fast_syscall_32+0x73/0x120 [ 506.944367][T11751] do_fast_syscall_32+0x32/0x80 [ 506.946092][T11751] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 506.948265][T11751] RIP: 0023:0xf7fb1579 [ 506.949666][T11751] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 506.956171][T11751] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000092 [ 506.959018][T11751] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000340 [ 506.961736][T11751] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000 [ 506.964482][T11751] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 506.967201][T11751] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 506.969918][T11751] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 506.972640][T11751] [ 506.987405][T11636] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 507.007199][T11636] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 507.019179][T11636] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 507.023750][T11636] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 507.086272][T11636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 507.105972][T11636] 8021q: adding VLAN 0 to HW filter on device team0 [ 507.112165][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state [ 507.114063][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 507.122082][ T1102] bridge0: port 2(bridge_slave_1) entered blocking state [ 507.124631][ T1102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 507.285509][T11636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 507.321490][T11636] veth0_vlan: entered promiscuous mode [ 507.332038][T11636] veth1_vlan: entered promiscuous mode [ 507.352105][T11636] veth0_macvtap: entered promiscuous mode [ 507.362450][T11636] veth1_macvtap: entered promiscuous mode [ 507.372728][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 507.376494][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 507.385163][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 507.389264][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 507.392628][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 507.396223][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 507.404707][T11636] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 507.411612][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 507.415592][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 507.424799][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 507.432959][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 507.436382][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 507.443192][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 507.447629][T11636] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 507.454571][T11636] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.457638][T11636] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.462359][T11636] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.465385][T11636] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.517894][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 507.520661][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 507.551245][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 507.554112][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 507.927784][T11782] netlink: 134744 bytes leftover after parsing attributes in process `syz.3.2040'. [ 508.070779][T11791] FAULT_INJECTION: forcing a failure. [ 508.070779][T11791] name failslab, interval 1, probability 0, space 0, times 0 [ 508.075123][T11791] CPU: 2 UID: 0 PID: 11791 Comm: syz.3.2043 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 508.078818][T11791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 508.082692][T11791] Call Trace: [ 508.083882][T11791] [ 508.084939][T11791] dump_stack_lvl+0x16c/0x1f0 [ 508.086592][T11791] should_fail_ex+0x497/0x5b0 [ 508.088293][T11791] ? fs_reclaim_acquire+0xae/0x160 [ 508.090117][T11791] should_failslab+0xc2/0x120 [ 508.091755][T11791] kmem_cache_alloc_node_noprof+0x71/0x310 [ 508.093800][T11791] ? __alloc_skb+0x2b3/0x380 [ 508.095483][T11791] __alloc_skb+0x2b3/0x380 [ 508.097069][T11791] ? __pfx___alloc_skb+0x10/0x10 [ 508.098823][T11791] ? lock_acquire+0x2f/0xb0 [ 508.100460][T11791] netlink_alloc_large_skb+0x69/0x130 [ 508.102340][T11791] netlink_sendmsg+0x689/0xd70 [ 508.104038][T11791] ? __pfx_netlink_sendmsg+0x10/0x10 [ 508.105894][T11791] ? lock_acquire+0x2f/0xb0 [ 508.107526][T11791] ____sys_sendmsg+0x9ae/0xb40 [ 508.109209][T11791] ? __pfx_____sys_sendmsg+0x10/0x10 [ 508.111074][T11791] ? get_compat_msghdr+0x11b/0x170 [ 508.112877][T11791] ? __pfx___lock_acquire+0x10/0x10 [ 508.114703][T11791] ___sys_sendmsg+0x135/0x1e0 [ 508.116406][T11791] ? __pfx____sys_sendmsg+0x10/0x10 [ 508.118241][T11791] ? lock_acquire+0x2f/0xb0 [ 508.119858][T11791] ? __fget_files+0x40/0x3f0 [ 508.121504][T11791] ? fdget+0x176/0x210 [ 508.122956][T11791] __sys_sendmsg+0x117/0x1f0 [ 508.124598][T11791] ? __pfx___sys_sendmsg+0x10/0x10 [ 508.126397][T11791] ? __fget_files+0x244/0x3f0 [ 508.128085][T11791] __do_fast_syscall_32+0x73/0x120 [ 508.129899][T11791] do_fast_syscall_32+0x32/0x80 [ 508.131634][T11791] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 508.133848][T11791] RIP: 0023:0xf742e579 [ 508.135315][T11791] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 508.141852][T11791] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 508.144759][T11791] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 508.147527][T11791] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 508.150317][T11791] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 508.152884][T11791] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 508.155669][T11791] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 508.158442][T11791] [ 508.189925][T11784] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 508.254566][T11795] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2045'. [ 508.448230][ T5392] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 508.597940][ T5392] usb 6-1: Using ep0 maxpacket: 8 [ 508.601583][ T5392] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 508.604777][ T5392] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 508.607285][ T5392] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 508.613172][ T5392] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 508.617226][ T5392] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 508.622381][ T5392] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 508.626059][ T5392] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 508.633503][ T5392] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 508.636480][ T5392] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 508.639456][ T5392] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 508.643451][ T5392] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 508.647621][ T5392] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 508.651605][ T5392] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 508.655662][ T5392] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 508.663796][ T5392] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 508.666736][ T5392] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 508.670015][ T5392] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 508.673244][ T5392] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 508.687975][ T5392] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 508.692044][ T5392] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 508.695894][ T5392] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 508.707921][ T5355] Bluetooth: hci1: command tx timeout [ 508.716230][ T5392] usb 6-1: string descriptor 0 read error: -22 [ 508.718710][ T5392] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 508.721798][ T5392] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.749229][ T5392] adutux 6-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 508.920351][T11806] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2049'. [ 508.983245][ T9] usb 6-1: USB disconnect, device number 25 [ 509.845185][T11834] Illegal XDP return value 4294967274 on prog (id 244) dev N/A, expect packet loss! [ 509.888447][T11837] FAULT_INJECTION: forcing a failure. [ 509.888447][T11837] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 509.892928][T11837] CPU: 3 UID: 0 PID: 11837 Comm: syz.2.2063 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 509.896487][T11837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 509.899859][T11837] Call Trace: [ 509.901017][T11837] [ 509.902019][T11837] dump_stack_lvl+0x16c/0x1f0 [ 509.903663][T11837] should_fail_ex+0x497/0x5b0 [ 509.905287][T11837] _copy_from_user+0x30/0xf0 [ 509.906872][T11837] __do_sys_memfd_create+0x1e2/0x900 [ 509.908692][T11837] __do_fast_syscall_32+0x73/0x120 [ 509.909062][T11839] FAULT_INJECTION: forcing a failure. [ 509.909062][T11839] name failslab, interval 1, probability 0, space 0, times 0 [ 509.910426][T11837] do_fast_syscall_32+0x32/0x80 [ 509.916370][T11837] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 509.918436][T11837] RIP: 0023:0xf7fb1579 [ 509.919859][T11837] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 509.926264][T11837] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000164 [ 509.929086][T11837] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000000010 [ 509.931740][T11837] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 509.934172][T11837] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 509.936325][T11837] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 509.938407][T11837] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 509.940499][T11837] [ 509.941384][ C3] vkms_vblank_simulate: vblank timer overrun [ 509.941419][T11839] CPU: 2 UID: 0 PID: 11839 Comm: syz.0.2064 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 509.946660][T11839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 509.950303][T11839] Call Trace: [ 509.951477][T11839] [ 509.952523][T11839] dump_stack_lvl+0x16c/0x1f0 [ 509.954183][T11839] should_fail_ex+0x497/0x5b0 [ 509.955854][T11839] ? fs_reclaim_acquire+0xae/0x160 [ 509.957638][T11839] should_failslab+0xc2/0x120 [ 509.959294][T11839] kmem_cache_alloc_node_noprof+0x71/0x310 [ 509.961120][T11839] ? __alloc_skb+0x2b3/0x380 [ 509.962592][T11839] __alloc_skb+0x2b3/0x380 [ 509.964172][T11839] ? __pfx___alloc_skb+0x10/0x10 [ 509.965917][T11839] netlink_alloc_large_skb+0x69/0x130 [ 509.967818][T11839] netlink_sendmsg+0x689/0xd70 [ 509.969504][T11839] ? __pfx_netlink_sendmsg+0x10/0x10 [ 509.971361][T11839] ? lock_acquire+0x2f/0xb0 [ 509.972975][T11839] ____sys_sendmsg+0x9ae/0xb40 [ 509.974662][T11839] ? __pfx_____sys_sendmsg+0x10/0x10 [ 509.976547][T11839] ? get_compat_msghdr+0x11b/0x170 [ 509.978332][T11839] ? __pfx___lock_acquire+0x10/0x10 [ 509.980172][T11839] ___sys_sendmsg+0x135/0x1e0 [ 509.981826][T11839] ? __pfx____sys_sendmsg+0x10/0x10 [ 509.983658][T11839] ? lock_acquire+0x2f/0xb0 [ 509.985262][T11839] ? __fget_files+0x40/0x3f0 [ 509.986766][T11839] ? fdget+0x176/0x210 [ 509.988360][T11839] __sys_sendmsg+0x117/0x1f0 [ 509.990069][T11839] ? __pfx___sys_sendmsg+0x10/0x10 [ 509.991931][T11839] ? __fget_files+0x244/0x3f0 [ 509.993605][T11839] __do_fast_syscall_32+0x73/0x120 [ 509.995423][T11839] do_fast_syscall_32+0x32/0x80 [ 509.997140][T11839] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 509.999346][T11839] RIP: 0023:0xf747e579 [ 510.000766][T11839] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 510.007356][T11839] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 510.010222][T11839] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000400 [ 510.012967][T11839] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 510.015730][T11839] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 510.018563][T11839] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 510.021335][T11839] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 510.024091][T11839] [ 510.095604][T11843] overlayfs: missing 'lowerdir' [ 510.229556][T11849] overlayfs: missing 'lowerdir' [ 510.788080][ T5355] Bluetooth: hci1: command tx timeout [ 510.983260][T11869] overlayfs: missing 'lowerdir' [ 511.426049][T11877] netlink: 134744 bytes leftover after parsing attributes in process `syz.1.2080'. [ 511.467917][T11879] Bluetooth: Short BCSP packet [ 511.570028][T11887] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 511.573040][T11887] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 512.768027][ T8] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 512.918014][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 512.938026][ T8] usb 5-1: config 0 has an invalid interface number: 9 but max is 0 [ 512.940750][ T8] usb 5-1: config 0 has no interface number 0 [ 512.955140][ T8] usb 5-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 512.958393][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.963679][ T8] usb 5-1: Product: syz [ 512.966067][ T8] usb 5-1: Manufacturer: syz [ 512.967618][ T8] usb 5-1: SerialNumber: syz [ 512.974017][ T8] usb 5-1: config 0 descriptor?? [ 512.994312][ T8] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 512.999150][T11911] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 513.001489][T11911] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 513.508108][ T5361] Bluetooth: hci3: command 0x1003 tx timeout [ 513.512403][ T5355] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 513.572130][T11916] FAULT_INJECTION: forcing a failure. [ 513.572130][T11916] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 513.576646][T11916] CPU: 1 UID: 0 PID: 11916 Comm: syz.2.2096 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 513.580161][T11916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 513.583737][T11916] Call Trace: [ 513.585025][T11916] [ 513.586159][T11916] dump_stack_lvl+0x16c/0x1f0 [ 513.587931][T11916] should_fail_ex+0x497/0x5b0 [ 513.589634][T11916] _copy_to_user+0x30/0xc0 [ 513.591209][T11916] simple_read_from_buffer+0xd0/0x160 [ 513.593064][T11916] proc_fail_nth_read+0x198/0x270 [ 513.594781][T11916] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 513.596725][T11916] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 513.598522][T11916] vfs_read+0x1ce/0xbd0 [ 513.600045][T11916] ? __fget_files+0x23a/0x3f0 [ 513.601871][T11916] ? fdget_pos+0x24c/0x360 [ 513.603625][T11916] ? __pfx_lock_release+0x10/0x10 [ 513.605500][T11916] ? trace_lock_acquire+0x14a/0x1d0 [ 513.607322][T11916] ? __pfx_vfs_read+0x10/0x10 [ 513.608922][T11916] ? __pfx___mutex_lock+0x10/0x10 [ 513.610674][T11916] ? __fget_files+0x244/0x3f0 [ 513.612324][T11916] ksys_read+0x12f/0x260 [ 513.613998][T11916] ? __pfx_ksys_read+0x10/0x10 [ 513.615664][T11916] __do_fast_syscall_32+0x73/0x120 [ 513.617768][T11916] do_fast_syscall_32+0x32/0x80 [ 513.619497][T11916] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 513.621765][T11916] RIP: 0023:0xf7fb1579 [ 513.623242][T11916] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 513.630290][T11916] RSP: 002b:00000000f57365a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 513.633128][T11916] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5736620 [ 513.635867][T11916] RDX: 000000000000000f RSI: 00000000f743bff4 RDI: 0000000000000000 [ 513.638772][T11916] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 513.641916][T11916] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 513.644919][T11916] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 513.647636][T11916] [ 514.227996][ T8] gspca_topro: reg_w err -71 [ 514.257905][ T8] gspca_topro: Sensor soi763a [ 514.270369][ T8] usb 5-1: USB disconnect, device number 34 [ 514.821265][T11934] FAULT_INJECTION: forcing a failure. [ 514.821265][T11934] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 514.824933][T11934] CPU: 2 UID: 0 PID: 11934 Comm: syz.3.2104 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 514.827725][T11934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 514.830491][T11934] Call Trace: [ 514.831386][T11934] [ 514.832168][T11934] dump_stack_lvl+0x16c/0x1f0 [ 514.833418][T11934] should_fail_ex+0x497/0x5b0 [ 514.834665][T11934] strncpy_from_user+0x3b/0x2a0 [ 514.835869][T11934] getname_flags.part.0+0x8f/0x550 [ 514.837166][T11934] getname+0x8d/0xe0 [ 514.838170][T11934] do_sys_openat2+0x104/0x1e0 [ 514.839399][T11934] ? __pfx_do_sys_openat2+0x10/0x10 [ 514.840754][T11934] ? __fget_files+0x244/0x3f0 [ 514.841893][T11934] __ia32_compat_sys_openat+0x16e/0x210 [ 514.843277][T11934] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 514.844740][T11934] ? ksys_write+0x1ad/0x260 [ 514.845923][T11934] __do_fast_syscall_32+0x73/0x120 [ 514.847283][T11934] do_fast_syscall_32+0x32/0x80 [ 514.848577][T11934] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 514.850249][T11934] RIP: 0023:0xf742e579 [ 514.851371][T11934] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 514.856078][T11934] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 514.858152][T11934] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 514.860053][T11934] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 514.862009][T11934] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 514.863983][T11934] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 514.866054][T11934] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 514.868137][T11934] [ 514.927111][T11940] FAULT_INJECTION: forcing a failure. [ 514.927111][T11940] name failslab, interval 1, probability 0, space 0, times 0 [ 514.932075][T11940] CPU: 0 UID: 0 PID: 11940 Comm: syz.3.2106 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 514.935096][T11940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 514.937877][T11940] Call Trace: [ 514.938762][T11940] [ 514.939551][T11940] dump_stack_lvl+0x16c/0x1f0 [ 514.940800][T11940] should_fail_ex+0x497/0x5b0 [ 514.942044][T11940] ? fs_reclaim_acquire+0xae/0x160 [ 514.943397][T11940] should_failslab+0xc2/0x120 [ 514.944646][T11940] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 514.946068][T11940] ? fcntl_setlk+0xad/0xe20 [ 514.947287][T11940] fcntl_setlk+0xad/0xe20 [ 514.948476][T11940] ? __pfx_fcntl_setlk+0x10/0x10 [ 514.949782][T11940] ? __pfx_lock_release+0x10/0x10 [ 514.951119][T11940] ? trace_lock_acquire+0x14a/0x1d0 [ 514.952483][T11940] ? lock_acquire+0x2f/0xb0 [ 514.953687][T11940] ? __might_fault+0xe3/0x190 [ 514.954937][T11940] ? __might_fault+0xe3/0x190 [ 514.956184][T11940] do_compat_fcntl64+0x205/0x6b0 [ 514.957487][T11940] ? __fget_files+0x244/0x3f0 [ 514.958733][T11940] ? __pfx_do_compat_fcntl64+0x10/0x10 [ 514.960181][T11940] ? ksys_write+0x1ad/0x260 [ 514.961379][T11940] __do_fast_syscall_32+0x73/0x120 [ 514.962723][T11940] do_fast_syscall_32+0x32/0x80 [ 514.964011][T11940] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 514.965699][T11940] RIP: 0023:0xf742e579 [ 514.966774][T11940] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 514.971745][T11940] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000037 [ 514.973907][T11940] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000025 [ 514.975977][T11940] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 514.978027][T11940] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 514.980087][T11940] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 514.982135][T11940] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 514.984199][T11940] [ 515.138521][ T8] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 515.177183][T11952] FAULT_INJECTION: forcing a failure. [ 515.177183][T11952] name failslab, interval 1, probability 0, space 0, times 0 [ 515.180762][T11952] CPU: 1 UID: 0 PID: 11952 Comm: syz.0.2111 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 515.183586][T11952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 515.186432][T11952] Call Trace: [ 515.187408][T11952] [ 515.188377][T11952] dump_stack_lvl+0x16c/0x1f0 [ 515.189704][T11952] should_fail_ex+0x497/0x5b0 [ 515.190957][T11952] ? fs_reclaim_acquire+0xae/0x160 [ 515.192571][T11952] should_failslab+0xc2/0x120 [ 515.194205][T11952] __kmalloc_noprof+0xcb/0x410 [ 515.195882][T11952] ? rcu_is_watching+0x12/0xc0 [ 515.197516][T11952] tomoyo_encode2+0x100/0x3e0 [ 515.199168][T11952] tomoyo_realpath_from_path+0x1a7/0x710 [ 515.200920][T11952] ? tomoyo_path_number_perm+0x232/0x5b0 [ 515.202849][T11952] tomoyo_path_number_perm+0x245/0x5b0 [ 515.204643][T11952] ? tomoyo_path_number_perm+0x232/0x5b0 [ 515.206589][T11952] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 515.208419][T11952] ? trace_lock_acquire+0x14a/0x1d0 [ 515.209810][T11952] ? lock_acquire+0x2f/0xb0 [ 515.211056][T11952] ? __fget_files+0x40/0x3f0 [ 515.212293][T11952] ? __fget_files+0x244/0x3f0 [ 515.213544][T11952] security_file_ioctl_compat+0x9b/0x240 [ 515.215094][T11952] __do_compat_sys_ioctl+0x52/0x2b0 [ 515.216817][T11952] __do_fast_syscall_32+0x73/0x120 [ 515.218453][T11952] do_fast_syscall_32+0x32/0x80 [ 515.219795][T11952] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 515.221506][T11952] RIP: 0023:0xf747e579 [ 515.222612][T11952] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 515.228455][T11952] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 515.231274][T11952] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 515.233854][T11952] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 515.236543][T11952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 515.239156][T11952] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 515.241768][T11952] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 515.244474][T11952] [ 515.247661][T11952] ERROR: Out of memory at tomoyo_realpath_from_path. [ 515.317856][ T8] usb 7-1: Using ep0 maxpacket: 8 [ 515.321930][ T8] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 515.325315][ T8] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 515.328974][ T8] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 515.332808][ T8] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 515.337370][ T8] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 515.340930][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.543430][T11964] FAULT_INJECTION: forcing a failure. [ 515.543430][T11964] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 515.547745][T11964] CPU: 3 UID: 0 PID: 11964 Comm: syz.3.2115 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 515.551416][T11964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 515.555166][T11964] Call Trace: [ 515.556355][T11964] [ 515.557405][T11964] dump_stack_lvl+0x16c/0x1f0 [ 515.558164][ T8] usb 7-1: usb_control_msg returned -32 [ 515.559044][T11964] should_fail_ex+0x497/0x5b0 [ 515.561085][ T8] usbtmc 7-1:16.0: can't read capabilities [ 515.562683][T11964] strncpy_from_user+0x3b/0x2a0 [ 515.566533][T11964] getname_flags.part.0+0x8f/0x550 [ 515.568478][T11964] getname+0x8d/0xe0 [ 515.569808][T11964] do_sys_openat2+0x104/0x1e0 [ 515.571415][T11964] ? __pfx_do_sys_openat2+0x10/0x10 [ 515.573119][T11964] ? __fget_files+0x244/0x3f0 [ 515.574779][T11964] __ia32_compat_sys_openat+0x16e/0x210 [ 515.576719][T11964] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 515.578835][T11964] ? ksys_write+0x1ad/0x260 [ 515.580452][T11964] __do_fast_syscall_32+0x73/0x120 [ 515.582243][T11964] do_fast_syscall_32+0x32/0x80 [ 515.583949][T11964] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 515.586153][T11964] RIP: 0023:0xf742e579 [ 515.587573][T11964] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 515.594096][T11964] RSP: 002b:00000000f56f556c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 515.596966][T11964] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020001380 [ 515.599717][T11964] RDX: 000000000000275a RSI: 0000000000000000 RDI: 0000000000000000 [ 515.602463][T11964] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 515.605223][T11964] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 515.607957][T11964] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 515.610456][T11964] [ 515.727951][ T9] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 515.877940][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 515.885278][ T9] usb 5-1: config 0 has an invalid interface number: 9 but max is 0 [ 515.887438][ T9] usb 5-1: config 0 has no interface number 0 [ 515.895854][ T9] usb 5-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 515.898836][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.901198][ T9] usb 5-1: Product: syz [ 515.902700][ T9] usb 5-1: Manufacturer: syz [ 515.904359][ T9] usb 5-1: SerialNumber: syz [ 515.907685][ T9] usb 5-1: config 0 descriptor?? [ 515.921635][T11969] netlink: 'syz.2.2102': attribute type 10 has an invalid length. [ 515.921677][ T9] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 517.143274][ T9] gspca_topro: reg_w err -71 [ 517.168556][ T9] gspca_topro: Sensor soi763a [ 517.173961][ T9] usb 5-1: USB disconnect, device number 35 [ 517.781903][T12009] fuse: Bad value for 'fd' [ 517.787669][T12006] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 517.859238][ T9] usb 7-1: USB disconnect, device number 33 [ 518.064435][ T39] audit: type=1326 audit(1728437981.383:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12020 comm="syz.3.2137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 518.087935][ T39] audit: type=1326 audit(1728437981.383:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12020 comm="syz.3.2137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 518.095188][ T39] audit: type=1326 audit(1728437981.393:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12020 comm="syz.3.2137" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 518.129656][ T39] audit: type=1326 audit(1728437981.393:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12020 comm="syz.3.2137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 518.146861][ T39] audit: type=1326 audit(1728437981.393:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12020 comm="syz.3.2137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 518.155826][ T39] audit: type=1326 audit(1728437981.393:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12020 comm="syz.3.2137" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 518.167433][ T39] audit: type=1326 audit(1728437981.393:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12020 comm="syz.3.2137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 518.174949][ T39] audit: type=1326 audit(1728437981.393:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12020 comm="syz.3.2137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 518.194400][ T39] audit: type=1326 audit(1728437981.393:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12020 comm="syz.3.2137" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 518.202221][ T39] audit: type=1326 audit(1728437981.393:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12020 comm="syz.3.2137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 518.205301][T12024] input: syz0 as /devices/virtual/input/input19 [ 518.214577][T12024] input: failed to attach handler leds to device input19, error: -6 [ 518.477958][ T25] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 518.640673][ T25] usb 5-1: Using ep0 maxpacket: 32 [ 518.643304][ T25] usb 5-1: config 0 has an invalid interface number: 9 but max is 0 [ 518.645428][ T25] usb 5-1: config 0 has no interface number 0 [ 518.648756][ T25] usb 5-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 518.651197][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.653365][ T25] usb 5-1: Product: syz [ 518.654591][ T25] usb 5-1: Manufacturer: syz [ 518.655969][ T25] usb 5-1: SerialNumber: syz [ 518.661072][ T25] usb 5-1: config 0 descriptor?? [ 518.664106][ T25] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 518.976421][T12037] FAULT_INJECTION: forcing a failure. [ 518.976421][T12037] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 518.980582][T12037] CPU: 2 UID: 0 PID: 12037 Comm: syz.3.2141 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 518.983376][T12037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 518.986181][T12037] Call Trace: [ 518.987084][T12037] [ 518.987870][T12037] dump_stack_lvl+0x16c/0x1f0 [ 518.989128][T12037] should_fail_ex+0x497/0x5b0 [ 518.990384][T12037] _copy_from_iter+0x29b/0x13e0 [ 518.991685][T12037] ? __pfx__copy_from_iter+0x10/0x10 [ 518.993076][T12037] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 518.994665][T12037] ? tun_build_skb.constprop.0+0x1b8/0x1120 [ 518.996234][T12037] ? __pfx_lock_release+0x10/0x10 [ 518.997575][T12037] ? trace_lock_acquire+0x14a/0x1d0 [ 518.998966][T12037] copy_page_from_iter+0xa5/0x120 [ 519.000299][T12037] tun_build_skb.constprop.0+0x294/0x1120 [ 519.001795][T12037] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 519.003409][T12037] ? __pfx___lock_acquire+0x10/0x10 [ 519.004777][T12037] ? __pfx___lock_acquire+0x10/0x10 [ 519.006145][T12037] ? __pfx___lock_acquire+0x10/0x10 [ 519.007527][T12037] ? __lock_acquire+0xbdd/0x3ce0 [ 519.008878][T12037] tun_get_user+0x872/0x3d70 [ 519.010386][T12037] ? find_held_lock+0x2d/0x110 [ 519.011671][T12037] ? __pfx_tun_get_user+0x10/0x10 [ 519.013030][T12037] ? find_held_lock+0x2d/0x110 [ 519.014295][T12037] ? __pfx_lock_release+0x10/0x10 [ 519.015656][T12037] tun_chr_write_iter+0xdc/0x210 [ 519.016976][T12037] vfs_write+0x6b5/0x1140 [ 519.018122][T12037] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 519.019586][T12037] ? trace_lock_acquire+0x14a/0x1d0 [ 519.020959][T12037] ? __pfx_vfs_write+0x10/0x10 [ 519.022225][T12037] ? __fget_files+0x40/0x3f0 [ 519.023460][T12037] ksys_write+0x12f/0x260 [ 519.024612][T12037] ? __pfx_ksys_write+0x10/0x10 [ 519.025907][T12037] __do_fast_syscall_32+0x73/0x120 [ 519.027267][T12037] do_fast_syscall_32+0x32/0x80 [ 519.028595][T12037] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 519.030623][T12037] RIP: 0023:0xf742e579 [ 519.031713][T12037] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 519.036739][T12037] RSP: 002b:00000000f5716530 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 519.039151][T12037] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000080 [ 519.041844][T12037] RDX: 000000000000007e RSI: 00000000f741bff4 RDI: 0000000000000000 [ 519.044187][T12037] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 519.046250][T12037] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 519.048319][T12037] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 519.050384][T12037] [ 519.851935][T12057] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 519.888707][ T25] gspca_topro: reg_w err -71 [ 519.917880][ T25] gspca_topro: Sensor soi763a [ 519.920465][ T25] usb 5-1: USB disconnect, device number 36 [ 520.121141][T12076] FAULT_INJECTION: forcing a failure. [ 520.121141][T12076] name failslab, interval 1, probability 0, space 0, times 0 [ 520.125667][T12076] CPU: 3 UID: 0 PID: 12076 Comm: syz.1.2155 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 520.129338][T12076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 520.133168][T12076] Call Trace: [ 520.134395][T12076] [ 520.135499][T12076] dump_stack_lvl+0x16c/0x1f0 [ 520.137216][T12076] should_fail_ex+0x497/0x5b0 [ 520.138647][T12076] ? fs_reclaim_acquire+0xae/0x160 [ 520.140010][T12076] should_failslab+0xc2/0x120 [ 520.141244][T12076] __kmalloc_noprof+0xcb/0x410 [ 520.142499][T12076] ? __pfx_d_absolute_path+0x10/0x10 [ 520.143893][T12076] tomoyo_encode2+0x100/0x3e0 [ 520.145135][T12076] tomoyo_realpath_from_path+0x1a7/0x710 [ 520.146611][T12076] tomoyo_path_number_perm+0x245/0x5b0 [ 520.148179][T12076] ? tomoyo_path_number_perm+0x232/0x5b0 [ 520.150206][T12076] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 520.152401][T12076] ? trace_lock_acquire+0x14a/0x1d0 [ 520.154299][T12076] ? lock_acquire+0x2f/0xb0 [ 520.155972][T12076] ? __fget_files+0x40/0x3f0 [ 520.157668][T12076] ? __fget_files+0x244/0x3f0 [ 520.159337][T12076] security_file_ioctl_compat+0x9b/0x240 [ 520.161385][T12076] __do_compat_sys_ioctl+0x52/0x2b0 [ 520.163298][T12076] __do_fast_syscall_32+0x73/0x120 [ 520.165167][T12076] do_fast_syscall_32+0x32/0x80 [ 520.166958][T12076] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 520.168872][T12076] RIP: 0023:0xf7faf579 [ 520.169947][T12076] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 520.175715][T12076] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 520.178608][T12076] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005457 [ 520.181199][T12076] RDX: 0000000020000280 RSI: 0000000000000000 RDI: 0000000000000000 [ 520.184060][T12076] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 520.186898][T12076] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 520.189679][T12076] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 520.192545][T12076] [ 520.196165][T12076] ERROR: Out of memory at tomoyo_realpath_from_path. [ 520.199810][ T6499] udevd[6499]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 520.368381][T12091] FAULT_INJECTION: forcing a failure. [ 520.368381][T12091] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 520.373129][T12091] CPU: 3 UID: 0 PID: 12091 Comm: syz.1.2162 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 520.376448][T12091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 520.379638][T12091] Call Trace: [ 520.380614][T12091] [ 520.381692][T12091] dump_stack_lvl+0x16c/0x1f0 [ 520.383440][T12091] should_fail_ex+0x497/0x5b0 [ 520.385174][T12091] strncpy_from_user+0x3b/0x2a0 [ 520.386967][T12091] getname_flags.part.0+0x8f/0x550 [ 520.388826][T12091] getname+0x8d/0xe0 [ 520.390255][T12091] __ia32_sys_mq_unlink+0xbf/0x480 [ 520.392219][T12091] __do_fast_syscall_32+0x73/0x120 [ 520.394150][T12091] do_fast_syscall_32+0x32/0x80 [ 520.395972][T12091] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 520.398275][T12091] RIP: 0023:0xf7faf579 [ 520.399750][T12091] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 520.406625][T12091] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000116 [ 520.409122][T12091] RAX: ffffffffffffffda RBX: 0000000020000340 RCX: 0000000000000000 [ 520.411225][T12091] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 520.413821][T12091] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 520.416119][T12091] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 520.417515][T12094] overlay: filesystem on ./bus not supported as upperdir [ 520.418065][T12091] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 520.418081][T12091] [ 520.475186][T12100] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2166'. [ 520.742898][T12116] FAULT_INJECTION: forcing a failure. [ 520.742898][T12116] name failslab, interval 1, probability 0, space 0, times 0 [ 520.747537][T12116] CPU: 3 UID: 0 PID: 12116 Comm: syz.2.2170 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 520.751714][T12116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 520.755737][T12116] Call Trace: [ 520.756981][T12116] [ 520.758082][T12116] dump_stack_lvl+0x16c/0x1f0 [ 520.759847][T12116] should_fail_ex+0x497/0x5b0 [ 520.761601][T12116] ? fs_reclaim_acquire+0xae/0x160 [ 520.763512][T12116] should_failslab+0xc2/0x120 [ 520.765275][T12116] __kmalloc_noprof+0xcb/0x410 [ 520.767064][T12116] ? rcu_is_watching+0x12/0xc0 [ 520.769236][T12116] tomoyo_encode2+0x100/0x3e0 [ 520.771446][T12116] tomoyo_realpath_from_path+0x1a7/0x710 [ 520.773655][T12116] ? tomoyo_path_number_perm+0x232/0x5b0 [ 520.775748][T12116] tomoyo_path_number_perm+0x245/0x5b0 [ 520.777763][T12116] ? tomoyo_path_number_perm+0x232/0x5b0 [ 520.779851][T12116] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 520.782094][T12116] ? trace_lock_acquire+0x14a/0x1d0 [ 520.784035][T12116] ? lock_acquire+0x2f/0xb0 [ 520.785728][T12116] ? __fget_files+0x40/0x3f0 [ 520.787458][T12116] ? __fget_files+0x244/0x3f0 [ 520.789205][T12116] security_file_ioctl_compat+0x9b/0x240 [ 520.791305][T12116] __do_compat_sys_ioctl+0x52/0x2b0 [ 520.793249][T12116] __do_fast_syscall_32+0x73/0x120 [ 520.795173][T12116] do_fast_syscall_32+0x32/0x80 [ 520.796990][T12116] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 520.799633][T12116] RIP: 0023:0xf7fb1579 [ 520.801149][T12116] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 520.808087][T12116] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 520.811170][T12116] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 000000000000ae80 [ 520.814069][T12116] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 520.816989][T12116] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 520.819900][T12116] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 520.822790][T12116] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 520.825602][T12116] [ 520.827316][T12116] ERROR: Out of memory at tomoyo_realpath_from_path. [ 520.998141][ T5392] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 521.049416][T12132] bridge0: port 2(bridge_slave_1) entered disabled state [ 521.052112][T12132] bridge0: port 1(bridge_slave_0) entered disabled state [ 521.158048][ T5392] usb 6-1: Using ep0 maxpacket: 32 [ 521.162376][ T5392] usb 6-1: config 0 has an invalid interface number: 9 but max is 0 [ 521.165194][ T5392] usb 6-1: config 0 has no interface number 0 [ 521.169660][ T5392] usb 6-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 521.173070][ T5392] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.175930][ T5392] usb 6-1: Product: syz [ 521.177430][ T5392] usb 6-1: Manufacturer: syz [ 521.179301][ T5392] usb 6-1: SerialNumber: syz [ 521.183145][ T5392] usb 6-1: config 0 descriptor?? [ 521.189113][ T5392] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 521.668518][T12134] overlayfs: missing 'workdir' [ 522.280311][T12143] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2177'. [ 522.283339][T12143] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2177'. [ 522.377757][T12147] FAULT_INJECTION: forcing a failure. [ 522.377757][T12147] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 522.381742][T12147] CPU: 3 UID: 0 PID: 12147 Comm: syz.2.2181 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 522.384622][T12147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 522.387442][T12147] Call Trace: [ 522.388341][T12147] [ 522.389234][T12147] dump_stack_lvl+0x16c/0x1f0 [ 522.390995][T12147] should_fail_ex+0x497/0x5b0 [ 522.392773][T12147] _copy_to_user+0x30/0xc0 [ 522.394427][T12147] simple_read_from_buffer+0xd0/0x160 [ 522.396403][T12147] proc_fail_nth_read+0x198/0x270 [ 522.398263][T12147] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 522.400467][T12147] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 522.401933][T12147] vfs_read+0x1ce/0xbd0 [ 522.403178][T12147] ? __fget_files+0x23a/0x3f0 [ 522.404529][T12147] ? fdget_pos+0x24c/0x360 [ 522.406186][T12147] ? __pfx_lock_release+0x10/0x10 [ 522.407551][ T5392] gspca_topro: reg_w err -71 [ 522.408059][T12147] ? trace_lock_acquire+0x14a/0x1d0 [ 522.408087][T12147] ? __pfx_vfs_read+0x10/0x10 [ 522.408104][T12147] ? __pfx___mutex_lock+0x10/0x10 [ 522.408136][T12147] ? __fget_files+0x244/0x3f0 [ 522.416319][T12147] ksys_read+0x12f/0x260 [ 522.417699][T12147] ? __pfx_ksys_read+0x10/0x10 [ 522.419300][T12147] __do_fast_syscall_32+0x73/0x120 [ 522.420657][T12147] do_fast_syscall_32+0x32/0x80 [ 522.421960][T12147] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 522.423956][T12147] RIP: 0023:0xf7fb1579 [ 522.425419][T12147] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 522.432043][T12147] RSP: 002b:00000000f57365a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 522.434954][T12147] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5736620 [ 522.437774][T12147] RDX: 000000000000000f RSI: 00000000f743bff4 RDI: 0000000000000000 [ 522.437917][ T5392] gspca_topro: Sensor soi763a [ 522.440362][T12147] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 522.443992][T12147] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 522.444279][ T5392] usb 6-1: USB disconnect, device number 26 [ 522.446746][T12147] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 522.451378][T12147] [ 522.744916][T12157] overlayfs: missing 'workdir' [ 522.782998][T12159] netlink: set zone limit has 8 unknown bytes [ 522.792013][T12159] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 523.330022][T12178] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2190'. [ 523.422165][T12182] overlayfs: missing 'workdir' [ 523.577718][T12185] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2196'. [ 523.749954][T12191] overlayfs: failed to resolve './file0': -2 [ 524.769841][T12211] input: syz1 as /devices/virtual/input/input20 [ 524.775062][T12211] FAULT_INJECTION: forcing a failure. [ 524.775062][T12211] name failslab, interval 1, probability 0, space 0, times 0 [ 524.778570][T12211] CPU: 0 UID: 0 PID: 12211 Comm: syz.2.2205 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 524.781336][T12211] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 524.784099][T12211] Call Trace: [ 524.784975][T12211] [ 524.785754][T12211] dump_stack_lvl+0x16c/0x1f0 [ 524.786995][T12211] should_fail_ex+0x497/0x5b0 [ 524.788237][T12211] ? fs_reclaim_acquire+0xae/0x160 [ 524.789573][T12211] should_failslab+0xc2/0x120 [ 524.790816][T12211] __kmalloc_noprof+0xcb/0x410 [ 524.792176][T12211] ? __pfx_d_absolute_path+0x10/0x10 [ 524.793556][T12211] tomoyo_encode2+0x100/0x3e0 [ 524.794809][T12211] tomoyo_realpath_from_path+0x1a7/0x710 [ 524.796315][T12211] tomoyo_path_number_perm+0x245/0x5b0 [ 524.797735][T12211] ? tomoyo_path_number_perm+0x232/0x5b0 [ 524.799206][T12211] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 524.800774][T12211] ? trace_lock_acquire+0x14a/0x1d0 [ 524.802126][T12211] ? lock_acquire+0x2f/0xb0 [ 524.803326][T12211] ? __fget_files+0x40/0x3f0 [ 524.804538][T12211] ? __fget_files+0x244/0x3f0 [ 524.805770][T12211] security_file_ioctl_compat+0x9b/0x240 [ 524.807249][T12211] __do_compat_sys_ioctl+0x52/0x2b0 [ 524.808609][T12211] __do_fast_syscall_32+0x73/0x120 [ 524.810077][T12211] do_fast_syscall_32+0x32/0x80 [ 524.811362][T12211] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 524.812998][T12211] RIP: 0023:0xf7fb1579 [ 524.814056][T12211] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 524.819022][T12211] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 524.821908][T12211] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040045565 [ 524.824761][T12211] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 524.827604][T12211] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 524.830333][T12211] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 524.833038][T12211] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 524.835491][T12211] [ 524.839872][T12211] ERROR: Out of memory at tomoyo_realpath_from_path. [ 524.897980][ T9] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 525.024272][T12224] FAULT_INJECTION: forcing a failure. [ 525.024272][T12224] name failslab, interval 1, probability 0, space 0, times 0 [ 525.028800][T12224] CPU: 0 UID: 0 PID: 12224 Comm: syz.0.2210 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 525.032714][T12224] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 525.036596][T12224] Call Trace: [ 525.037891][T12224] [ 525.038971][T12224] dump_stack_lvl+0x16c/0x1f0 [ 525.040722][T12224] should_fail_ex+0x497/0x5b0 [ 525.042477][T12224] ? fs_reclaim_acquire+0xae/0x160 [ 525.044379][T12224] should_failslab+0xc2/0x120 [ 525.046112][T12224] __kmalloc_noprof+0xcb/0x410 [ 525.047899][T12224] ? rcu_is_watching+0x12/0xc0 [ 525.049667][T12224] tomoyo_encode2+0x100/0x3e0 [ 525.051430][T12224] tomoyo_realpath_from_path+0x1a7/0x710 [ 525.053501][T12224] ? tomoyo_path_number_perm+0x232/0x5b0 [ 525.055596][T12224] tomoyo_path_number_perm+0x245/0x5b0 [ 525.057600][T12224] ? tomoyo_path_number_perm+0x232/0x5b0 [ 525.059660][T12224] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 525.061897][T12224] ? trace_lock_acquire+0x14a/0x1d0 [ 525.063822][T12224] ? lock_acquire+0x2f/0xb0 [ 525.065510][T12224] ? __fget_files+0x40/0x3f0 [ 525.067235][T12224] ? __fget_files+0x244/0x3f0 [ 525.068961][T12224] security_file_ioctl_compat+0x9b/0x240 [ 525.071033][T12224] __do_compat_sys_ioctl+0x52/0x2b0 [ 525.072960][T12224] __do_fast_syscall_32+0x73/0x120 [ 525.074858][T12224] do_fast_syscall_32+0x32/0x80 [ 525.076669][T12224] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 525.078964][T12224] RIP: 0023:0xf747e579 [ 525.080474][T12224] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 525.087284][T12224] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 525.089429][T12224] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000008922 [ 525.091432][T12224] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 525.093473][T12224] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 525.095530][T12224] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 525.097566][T12224] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 525.099612][T12224] [ 525.100915][T12224] ERROR: Out of memory at tomoyo_realpath_from_path. [ 525.102254][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 525.106185][ T9] usb 6-1: config 0 has an invalid interface number: 9 but max is 0 [ 525.108329][ T9] usb 6-1: config 0 has no interface number 0 [ 525.111437][ T9] usb 6-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 525.113870][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.116138][ T9] usb 6-1: Product: syz [ 525.117548][ T9] usb 6-1: Manufacturer: syz [ 525.119234][ T9] usb 6-1: SerialNumber: syz [ 525.125086][ T9] usb 6-1: config 0 descriptor?? [ 525.129771][ T9] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 525.437973][ T8] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 525.607987][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 525.613456][ T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 525.617182][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 525.622627][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 525.625998][ T8] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 525.630826][ T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 525.638966][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.641108][ T73] Bluetooth: hci3: Frame reassembly failed (-84) [ 525.687942][T12249] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2220'. [ 525.691018][T12249] netlink: 'syz.3.2220': attribute type 25 has an invalid length. [ 525.698398][T12249] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 525.700932][T12249] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 525.703196][T12249] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 525.705485][T12249] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 525.863006][ T8] usb 5-1: GET_CAPABILITIES returned 0 [ 525.864590][ T8] usbtmc 5-1:16.0: can't read capabilities [ 526.070948][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.075061][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.077421][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.079783][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.082085][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.084424][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.086757][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.089106][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.091439][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.093764][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.096116][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.098452][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.100799][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.103135][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.105515][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.107853][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 526.114641][ T8] usb 5-1: USB disconnect, device number 37 [ 526.379496][ T9] gspca_topro: reg_w err -71 [ 526.407967][ T9] gspca_topro: Sensor soi763a [ 526.414913][ T9] usb 6-1: USB disconnect, device number 27 [ 526.660648][T12271] FAULT_INJECTION: forcing a failure. [ 526.660648][T12271] name failslab, interval 1, probability 0, space 0, times 0 [ 526.664163][T12271] CPU: 0 UID: 0 PID: 12271 Comm: syz.0.2229 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 526.666992][T12271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 526.669782][T12271] Call Trace: [ 526.670663][T12271] [ 526.671455][T12271] dump_stack_lvl+0x16c/0x1f0 [ 526.672887][T12271] should_fail_ex+0x497/0x5b0 [ 526.674152][T12271] ? fs_reclaim_acquire+0xae/0x160 [ 526.675558][T12271] should_failslab+0xc2/0x120 [ 526.676819][T12271] kmem_cache_alloc_node_noprof+0x71/0x310 [ 526.678357][T12271] ? __alloc_skb+0x2b3/0x380 [ 526.679630][T12271] __alloc_skb+0x2b3/0x380 [ 526.680806][T12271] ? __pfx___alloc_skb+0x10/0x10 [ 526.682100][T12271] ? lock_acquire+0x2f/0xb0 [ 526.683339][T12271] netlink_alloc_large_skb+0x69/0x130 [ 526.684765][T12271] netlink_sendmsg+0x689/0xd70 [ 526.686036][T12271] ? __pfx_netlink_sendmsg+0x10/0x10 [ 526.687479][T12271] ? lock_acquire+0x2f/0xb0 [ 526.688702][T12271] ____sys_sendmsg+0x9ae/0xb40 [ 526.689991][T12271] ? __pfx_____sys_sendmsg+0x10/0x10 [ 526.691405][T12271] ? get_compat_msghdr+0x11b/0x170 [ 526.692755][T12271] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 526.694298][T12271] ? __pfx___lock_acquire+0x10/0x10 [ 526.695705][T12271] ___sys_sendmsg+0x135/0x1e0 [ 526.696957][T12271] ? __pfx____sys_sendmsg+0x10/0x10 [ 526.698343][T12271] ? lock_acquire+0x2f/0xb0 [ 526.699570][T12271] ? __fget_files+0x40/0x3f0 [ 526.700809][T12271] ? fdget+0x176/0x210 [ 526.701892][T12271] __sys_sendmsg+0x117/0x1f0 [ 526.703148][T12271] ? __pfx___sys_sendmsg+0x10/0x10 [ 526.704512][T12271] ? __fget_files+0x244/0x3f0 [ 526.705777][T12271] __do_fast_syscall_32+0x73/0x120 [ 526.707158][T12271] do_fast_syscall_32+0x32/0x80 [ 526.708454][T12271] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 526.710124][T12271] RIP: 0023:0xf747e579 [ 526.711226][T12271] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 526.716282][T12271] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 526.718457][T12271] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000300 [ 526.720546][T12271] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 526.722612][T12271] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 526.724764][T12271] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 526.726888][T12271] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 526.728947][T12271] [ 526.758041][ T25] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 526.922778][ T25] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 526.926702][ T25] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 526.930398][ T25] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 526.933621][ T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.939102][T12269] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 526.943856][ T25] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 526.947914][ T4779] Bluetooth: hci1: command 0x0405 tx timeout [ 527.167721][T12269] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2228'. [ 527.611588][ T9] usb 7-1: USB disconnect, device number 34 [ 527.667903][ T5361] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 527.667956][ T5355] Bluetooth: hci3: command 0xfc11 tx timeout [ 527.770236][T12278] [ 527.771172][T12278] ====================================================== [ 527.773624][T12278] WARNING: possible circular locking dependency detected [ 527.776132][T12278] 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 Not tainted [ 527.779483][T12278] ------------------------------------------------------ [ 527.782688][T12278] syz.1.2231/12278 is trying to acquire lock: [ 527.784860][T12278] ffff88800028e258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x6d/0x3b0 [ 527.788829][T12278] [ 527.788829][T12278] but task is already holding lock: [ 527.791355][T12278] ffff888029eb2128 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x235/0x700 [ 527.794456][T12278] [ 527.794456][T12278] which lock already depends on the new lock. [ 527.794456][T12278] [ 527.798020][T12278] [ 527.798020][T12278] the existing dependency chain (in reverse order) is: [ 527.801090][T12278] [ 527.801090][T12278] -> #3 (&d->lock){+.+.}-{3:3}: [ 527.803456][T12278] __mutex_lock+0x175/0x9c0 [ 527.805222][T12278] __rfcomm_dlc_close+0x235/0x700 [ 527.807153][T12278] rfcomm_dlc_close+0x1eb/0x240 [ 527.809003][T12278] __rfcomm_sock_close+0xa7/0x230 [ 527.810963][T12278] rfcomm_sock_shutdown+0xd5/0x230 [ 527.812928][T12278] rfcomm_sock_release+0x5d/0x140 [ 527.814874][T12278] __sock_release+0xb0/0x270 [ 527.816369][T12278] sock_close+0x1c/0x30 [ 527.818039][T12278] __fput+0x3f6/0xb60 [ 527.819669][T12278] task_work_run+0x14e/0x250 [ 527.821492][T12278] get_signal+0x1d3/0x26d0 [ 527.823262][T12278] arch_do_signal_or_restart+0x90/0x7e0 [ 527.824966][T12278] syscall_exit_to_user_mode+0x150/0x2a0 [ 527.826556][T12278] __do_fast_syscall_32+0x80/0x120 [ 527.827975][T12278] do_fast_syscall_32+0x32/0x80 [ 527.829348][T12278] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 527.831089][T12278] [ 527.831089][T12278] -> #2 (rfcomm_mutex){+.+.}-{3:3}: [ 527.832961][T12278] __mutex_lock+0x175/0x9c0 [ 527.834242][T12278] rfcomm_dlc_exists+0x5f/0x1a0 [ 527.835717][T12278] rfcomm_dev_ioctl+0xabc/0x1e70 [ 527.837607][T12278] rfcomm_sock_compat_ioctl+0xba/0xe0 [ 527.839701][T12278] compat_sock_ioctl+0x17b/0x7e0 [ 527.841627][T12278] __do_compat_sys_ioctl+0x259/0x2b0 [ 527.843707][T12278] __do_fast_syscall_32+0x73/0x120 [ 527.845173][T12278] do_fast_syscall_32+0x32/0x80 [ 527.846553][T12278] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 527.848273][T12278] [ 527.848273][T12278] -> #1 (rfcomm_ioctl_mutex){+.+.}-{3:3}: [ 527.850240][T12278] __mutex_lock+0x175/0x9c0 [ 527.851525][T12278] rfcomm_dev_ioctl+0x9db/0x1e70 [ 527.852894][T12278] rfcomm_sock_compat_ioctl+0xba/0xe0 [ 527.854386][T12278] compat_sock_ioctl+0x17b/0x7e0 [ 527.855825][T12278] __do_compat_sys_ioctl+0x259/0x2b0 [ 527.857892][T12278] __do_fast_syscall_32+0x73/0x120 [ 527.859873][T12278] do_fast_syscall_32+0x32/0x80 [ 527.861745][T12278] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 527.864114][T12278] [ 527.864114][T12278] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}: [ 527.866491][T12278] __lock_acquire+0x250b/0x3ce0 [ 527.867860][T12278] lock_acquire.part.0+0x11b/0x380 [ 527.869290][T12278] lock_sock_nested+0x3a/0xf0 [ 527.870613][T12278] rfcomm_sk_state_change+0x6d/0x3b0 [ 527.872108][T12278] __rfcomm_dlc_close+0x28c/0x700 [ 527.873514][T12278] rfcomm_dlc_close+0x1eb/0x240 [ 527.874911][T12278] __rfcomm_sock_close+0xa7/0x230 [ 527.876339][T12278] rfcomm_sock_shutdown+0xd5/0x230 [ 527.877759][T12278] rfcomm_sock_release+0x5d/0x140 [ 527.879179][T12278] __sock_release+0xb0/0x270 [ 527.880488][T12278] sock_close+0x1c/0x30 [ 527.881694][T12278] __fput+0x3f6/0xb60 [ 527.882852][T12278] task_work_run+0x14e/0x250 [ 527.884174][T12278] get_signal+0x1d3/0x26d0 [ 527.885457][T12278] arch_do_signal_or_restart+0x90/0x7e0 [ 527.887555][T12278] syscall_exit_to_user_mode+0x150/0x2a0 [ 527.889783][T12278] __do_fast_syscall_32+0x80/0x120 [ 527.891822][T12278] do_fast_syscall_32+0x32/0x80 [ 527.893695][T12278] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 527.895478][T12278] [ 527.895478][T12278] other info that might help us debug this: [ 527.895478][T12278] [ 527.898103][T12278] Chain exists of: [ 527.898103][T12278] sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_mutex --> &d->lock [ 527.898103][T12278] [ 527.901657][T12278] Possible unsafe locking scenario: [ 527.901657][T12278] [ 527.903570][T12278] CPU0 CPU1 [ 527.904950][T12278] ---- ---- [ 527.906556][T12278] lock(&d->lock); [ 527.907968][T12278] lock(rfcomm_mutex); [ 527.910371][T12278] lock(&d->lock); [ 527.912662][T12278] lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM); [ 527.914514][T12278] [ 527.914514][T12278] *** DEADLOCK *** [ 527.914514][T12278] [ 527.916950][T12278] 3 locks held by syz.1.2231/12278: [ 527.918306][T12278] #0: ffff88802af42608 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x270 [ 527.921001][T12278] #1: ffffffff8fd521e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x33/0x240 [ 527.923410][T12278] #2: ffff888029eb2128 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x235/0x700 [ 527.925828][T12278] [ 527.925828][T12278] stack backtrace: [ 527.927473][T12278] CPU: 2 UID: 0 PID: 12278 Comm: syz.1.2231 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 527.930267][T12278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 527.933034][T12278] Call Trace: [ 527.933902][T12278] [ 527.934683][T12278] dump_stack_lvl+0x116/0x1f0 [ 527.935931][T12278] print_circular_bug+0x419/0x5d0 [ 527.937211][T12278] check_noncircular+0x31a/0x400 [ 527.938471][T12278] ? __pfx_check_noncircular+0x10/0x10 [ 527.939844][T12278] ? lockdep_lock+0xc6/0x200 [ 527.941051][T12278] ? __pfx_lockdep_lock+0x10/0x10 [ 527.942363][T12278] __lock_acquire+0x250b/0x3ce0 [ 527.943900][T12278] ? __pfx___lock_acquire+0x10/0x10 [ 527.945484][T12278] ? __mutex_trylock_common+0xea/0x250 [ 527.946948][T12278] ? __pfx___mutex_trylock_common+0x10/0x10 [ 527.948442][T12278] ? __rfcomm_dlc_close+0x235/0x700 [ 527.949771][T12278] lock_acquire.part.0+0x11b/0x380 [ 527.951081][T12278] ? rfcomm_sk_state_change+0x6d/0x3b0 [ 527.952467][T12278] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 527.953918][T12278] ? rcu_is_watching+0x12/0xc0 [ 527.955164][T12278] ? trace_lock_acquire+0x14a/0x1d0 [ 527.956516][T12278] ? rfcomm_sk_state_change+0x6d/0x3b0 [ 527.957892][T12278] ? lock_acquire+0x2f/0xb0 [ 527.959064][T12278] ? rfcomm_sk_state_change+0x6d/0x3b0 [ 527.960462][T12278] lock_sock_nested+0x3a/0xf0 [ 527.961678][T12278] ? rfcomm_sk_state_change+0x6d/0x3b0 [ 527.963106][T12278] rfcomm_sk_state_change+0x6d/0x3b0 [ 527.964483][T12278] __rfcomm_dlc_close+0x28c/0x700 [ 527.965816][T12278] rfcomm_dlc_close+0x1eb/0x240 [ 527.967078][T12278] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 527.968592][T12278] __rfcomm_sock_close+0xa7/0x230 [ 527.969882][T12278] rfcomm_sock_shutdown+0xd5/0x230 [ 527.971220][T12278] rfcomm_sock_release+0x5d/0x140 [ 527.972523][T12278] __sock_release+0xb0/0x270 [ 527.973716][T12278] ? __pfx_sock_close+0x10/0x10 [ 527.974995][T12278] sock_close+0x1c/0x30 [ 527.976201][T12278] __fput+0x3f6/0xb60 [ 527.977286][T12278] ? _raw_spin_unlock_irq+0x23/0x50 [ 527.978615][T12278] task_work_run+0x14e/0x250 [ 527.979830][T12278] ? __pfx_task_work_run+0x10/0x10 [ 527.981153][T12278] get_signal+0x1d3/0x26d0 [ 527.982318][T12278] ? kick_process+0xf6/0x1b0 [ 527.983522][T12278] ? task_work_add+0x1d6/0x370 [ 527.984773][T12278] ? __pfx_task_work_add+0x10/0x10 [ 527.986119][T12278] ? __pfx_get_signal+0x10/0x10 [ 527.987395][T12278] arch_do_signal_or_restart+0x90/0x7e0 [ 527.988961][T12278] ? __pfx___sys_connect+0x10/0x10 [ 527.990252][T12278] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 527.991816][T12278] ? rcu_is_watching+0x12/0xc0 [ 527.993023][T12278] syscall_exit_to_user_mode+0x150/0x2a0 [ 527.994438][T12278] __do_fast_syscall_32+0x80/0x120 [ 527.995787][T12278] do_fast_syscall_32+0x32/0x80 [ 527.997071][T12278] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 527.998740][T12278] RIP: 0023:0xf7faf579 [ 527.999796][T12278] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 528.004613][T12278] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 000000000000016a [ 528.007103][T12278] RAX: fffffffffffffffc RBX: 0000000000000006 RCX: 0000000020000300 [ 528.009937][T12278] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 528.012750][T12278] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 528.015004][T12278] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 528.017026][T12278] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 528.019439][T12278] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 528.188658][T12268] bond0: (slave syz_tun): Releasing backup interface [ 528.263253][ T1102] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.503625][ T1102] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.672607][ T1102] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.861241][ T1102] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.958250][ T1102] bridge_slave_1: left allmulticast mode [ 528.960291][ T1102] bridge_slave_1: left promiscuous mode [ 528.962345][ T1102] bridge0: port 2(bridge_slave_1) entered disabled state [ 528.965701][ T1102] bridge_slave_0: left allmulticast mode [ 528.967732][ T1102] bridge_slave_0: left promiscuous mode [ 528.970010][ T1102] bridge0: port 1(bridge_slave_0) entered disabled state [ 529.023636][ T1102] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 529.192057][ T1102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 529.196588][ T1102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 529.200808][ T1102] bond0 (unregistering): (slave macvlan0): Releasing backup interface [ 529.203367][ T1102] veth1_vlan: left allmulticast mode [ 529.205411][ T1102] bond0 (unregistering): Released all slaves [ 529.208609][ T1102] bond1 (unregistering): Released all slaves [ 529.211870][ T1102] bond2 (unregistering): Released all slaves [ 529.215015][ T1102] bond3 (unregistering): Released all slaves [ 529.218189][ T1102] bond4 (unregistering): Released all slaves [ 529.221236][ T1102] bond5 (unregistering): Released all slaves [ 529.224701][ T1102] bond6 (unregistering): Released all slaves [ 529.228283][ T1102] bond7 (unregistering): Released all slaves [ 529.231728][ T1102] bond8 (unregistering): Released all slaves [ 529.235276][ T1102] bond9 (unregistering): Released all slaves [ 529.338878][ T1102] tipc: Left network mode [ 529.545046][ T1102] hsr_slave_0: left promiscuous mode [ 529.548092][ T1102] hsr_slave_1: left promiscuous mode [ 529.550570][ T1102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 529.553492][ T1102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 529.556951][ T1102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 529.560757][ T1102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 529.565348][ T1102] veth1_macvtap: left promiscuous mode [ 529.567452][ T1102] veth0_macvtap: left promiscuous mode [ 529.570816][ T1102] veth1_vlan: left promiscuous mode [ 529.572799][ T1102] veth0_vlan: left promiscuous mode [ 529.793625][ T1102] team0 (unregistering): Port device team_slave_1 removed [ 529.853934][ T1102] team0 (unregistering): Port device team_slave_0 removed [ 530.397547][ T1102] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 530.401790][ T1102] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.473215][ T1102] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 530.477856][ T1102] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.561253][ T1102] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 530.564899][ T1102] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.610356][ T1102] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 530.613065][ T1102] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.698217][ T1102] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.702000][ T1102] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 530.762054][ T1102] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.765785][ T1102] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 530.845167][ T1102] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.849246][ T1102] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 530.910317][ T1102] bond0: (slave netdevsim0): Releasing backup interface [ 530.914067][ T1102] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.917600][ T1102] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 531.025785][ T1102] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.113714][ T1102] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.181154][ T1102] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.251408][ T1102] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.354932][ T1102] bridge_slave_1: left allmulticast mode [ 531.357061][ T1102] bridge_slave_1: left promiscuous mode [ 531.359380][ T1102] bridge0: port 2(bridge_slave_1) entered disabled state [ 531.362101][ T1102] bridge_slave_0: left allmulticast mode [ 531.364190][ T1102] bridge_slave_0: left promiscuous mode [ 531.366298][ T1102] bridge0: port 1(bridge_slave_0) entered disabled state [ 531.370126][ T1102] bridge_slave_1: left allmulticast mode [ 531.372125][ T1102] bridge_slave_1: left promiscuous mode [ 531.374131][ T1102] bridge0: port 2(bridge_slave_1) entered disabled state [ 531.378077][ T1102] bridge_slave_0: left allmulticast mode [ 531.380147][ T1102] bridge_slave_0: left promiscuous mode [ 531.382237][ T1102] bridge0: port 1(bridge_slave_0) entered disabled state [ 531.386252][ T1102] bridge_slave_1: left allmulticast mode [ 531.388673][ T1102] bridge_slave_1: left promiscuous mode [ 531.390768][ T1102] bridge0: port 2(bridge_slave_1) entered disabled state [ 531.393872][ T1102] bridge_slave_0: left allmulticast mode [ 531.395842][ T1102] bridge_slave_0: left promiscuous mode [ 531.397722][ T1102] bridge0: port 1(bridge_slave_0) entered disabled state [ 531.763180][ T1102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 531.767721][ T1102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 531.772559][ T1102] bond0 (unregistering): (slave team0): Releasing backup interface [ 531.777686][ T1102] bond0 (unregistering): Released all slaves [ 531.782868][ T1102] bond1 (unregistering): Released all slaves [ 531.788078][ T1102] bond2 (unregistering): Released all slaves [ 531.795864][ T1102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 531.800428][ T1102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 531.804440][ T1102] bond0 (unregistering): Released all slaves [ 531.809524][ T1102] bond1 (unregistering): Released all slaves [ 531.814481][ T1102] bond2 (unregistering): Released all slaves [ 531.819445][ T1102] bond3 (unregistering): Released all slaves [ 531.824374][ T1102] bond4 (unregistering): Released all slaves [ 531.833124][ T1102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 531.837588][ T1102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 531.842679][ T1102] bond0 (unregistering): Released all slaves [ 531.907063][ T1102] tipc: Left network mode [ 532.348413][ T1102] hsr_slave_0: left promiscuous mode [ 532.350912][ T1102] hsr_slave_1: left promiscuous mode [ 532.353301][ T1102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 532.356037][ T1102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 532.362900][ T1102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 532.365639][ T1102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 532.370046][ T1102] hsr_slave_0: left promiscuous mode [ 532.372392][ T1102] hsr_slave_1: left promiscuous mode [ 532.374722][ T1102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 532.377439][ T1102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 532.381153][ T1102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 532.384067][ T1102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 532.389555][ T1102] hsr_slave_0: left promiscuous mode [ 532.391930][ T1102] hsr_slave_1: left promiscuous mode [ 532.394288][ T1102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 532.397010][ T1102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 532.400222][ T1102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 532.402931][ T1102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 532.409936][ T1102] veth1_macvtap: left promiscuous mode [ 532.411833][ T1102] veth0_macvtap: left promiscuous mode [ 532.413787][ T1102] veth1_vlan: left promiscuous mode [ 532.415676][ T1102] veth0_vlan: left promiscuous mode [ 532.418495][ T1102] veth1_vlan: left promiscuous mode [ 532.420427][ T1102] veth0_vlan: left promiscuous mode [ 532.423051][ T1102] veth1_macvtap: left promiscuous mode [ 532.425008][ T1102] veth0_macvtap: left promiscuous mode [ 532.427050][ T1102] veth1_vlan: left promiscuous mode [ 532.428985][ T1102] veth0_vlan: left promiscuous mode [ 532.735607][ T1102] team0 (unregistering): Port device team_slave_1 removed [ 532.774731][ T1102] team0 (unregistering): Port device team_slave_0 removed [ 533.188280][ T1102] team0 (unregistering): Port device team_slave_1 removed [ 533.242962][ T1102] team0 (unregistering): Port device team_slave_0 removed [ 533.556212][ T1102] team0 (unregistering): Port device team_slave_1 removed [ 533.616545][ T1102] team0 (unregistering): Port device team_slave_0 removed [ 536.476681][ T1102] IPVS: stop unused estimator thread 0... [ 536.479528][ T1102] IPVS: stop unused estimator thread 0... VM DIAGNOSIS: 01:39:51 Registers: info registers vcpu 0 CPU#0 RAX=1ffffffff1b83895 RBX=ffff888062d109c0 RCX=ffffffff816ab0e3 RDX=dffffc0000000000 RSI=0000000000000004 RDI=ffff888062d109c0 RBP=ffff888062d109c8 RSP=ffffc90007307af0 R8 =0000000000000000 R9 =ffffed100c5a2138 R10=ffff888062d109c3 R11=ffffffff8b4f6c60 R12=ffff888062d109d0 R13=ffff888062d109c0 R14=0000000000000000 R15=ffff88805994c880 RIP=ffffffff816ab1ea RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f5715da4 CR3=000000006b660000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000001366fa4 RBX=0000000000000001 RCX=ffffffff8b131a39 RDX=ffffed10056a7026 RSI=ffffffff8bb12360 RDI=ffffffff816417fc RBP=ffffed10036e9910 RSP=ffffc90000477dd8 R8 =0000000000000000 R9 =ffffed10056a7025 R10=ffff88802b53812b R11=0000000000000001 R12=0000000000000001 R13=ffff88801b74c880 R14=ffffffff901cd248 R15=0000000000000000 RIP=ffffffff8b201530 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7455008 CR3=000000006b52e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000097 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff850373c5 RDI=ffffffff9a63a220 RBP=ffffffff9a63a1e0 RSP=ffffc900036871a8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000020 R14=ffffffff85037360 R15=0000000000000000 RIP=ffffffff850373ef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020004000 CR3=000000006b660000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=61902af39372c62d a20a339734edea3c 8f112ebb587f2d13 45f5b2f79c7e0e17 8eb3e32d6b168766 cf660d2851b221a9 8dcd72b1e2f01db8 63b28a27a205eba9 ZMM17=01010a450b070000 0007000000000000 008001a408488003 48800234a0030808 0034980322080017 b803172263c9404a d658e2ce88416315 fe396d2208238003 ZMM18=eeafc34af051f050 afbd07cc035a24ca 78fbb03317b33738 b8f0602c84ff4586 ceb6a97a7339831b 7e19fa44b0b2bee1 c82019aa9d39d4e8 4f86cc63311d495f ZMM19=a32554a9c7ecbc59 30a07ad62bb0e0f1 b322f94f83b4f4ea ab954897d8de18c6 5af6fafc6078ba41 124867b988651f7f 928a2609019a084b 8003080800188002 ZMM20=836086d7836086d7 836086d7836086d7 836086d7836086d7 836086d7836086d7 836086d7836086d7 836086d7836086d7 836086d7836086d7 836086d7836086d7 ZMM21=0aa36ecb0aa36ecb 0aa36ecb0aa36ecb 0aa36ecb0aa36ecb 0aa36ecb0aa36ecb 0aa36ecb0aa36ecb 0aa36ecb0aa36ecb 0aa36ecb0aa36ecb 0aa36ecb0aa36ecb ZMM22=e8f8fdb3e8f8fdb3 e8f8fdb3e8f8fdb3 e8f8fdb3e8f8fdb3 e8f8fdb3e8f8fdb3 e8f8fdb3e8f8fdb3 e8f8fdb3e8f8fdb3 e8f8fdb3e8f8fdb3 e8f8fdb3e8f8fdb3 ZMM23=a5820825a5820825 a5820825a5820825 a5820825a5820825 a5820825a5820825 a5820825a5820825 a5820825a5820825 a5820825a5820825 a5820825a5820825 ZMM24=44d582c244d582c2 44d582c244d582c2 44d582c244d582c2 44d582c244d582c2 44d582c244d582c2 44d582c244d582c2 44d582c244d582c2 44d582c244d582c2 ZMM25=53088e4453088e44 53088e4453088e44 53088e4453088e44 53088e4453088e44 53088e4453088e44 53088e4453088e44 53088e4453088e44 53088e4453088e44 ZMM26=0370050f0370050f 0370050f0370050f 0370050f0370050f 0370050f0370050f 0370050f0370050f 0370050f0370050f 0370050f0370050f 0370050f0370050f ZMM27=5d1aadac5d1aadac 5d1aadac5d1aadac 5d1aadac5d1aadac 5d1aadac5d1aadac 5d1aadac5d1aadac 5d1aadac5d1aadac 5d1aadac5d1aadac 5d1aadac5d1aadac ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=8411000084110000 8411000084110000 8411000084110000 8411000084110000 8411000084110000 8411000084110000 8411000084110000 8411000084110000 info registers vcpu 3 CPU#3 RAX=00000000003fae94 RBX=0000000000000003 RCX=ffffffff8b131a39 RDX=ffffed10056e7026 RSI=ffffffff8bb12360 RDI=ffffffff816417fc RBP=ffffed10036ec488 RSP=ffffc90000497e08 R8 =0000000000000000 R9 =ffffed10056e7025 R10=ffff88802b73812b R11=0000000000000000 R12=0000000000000003 R13=ffff88801b762440 R14=ffffffff901cd248 R15=0000000000000000 RIP=ffffffff8b132e1f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c29f1f1 CR3=0000000012aae000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000