last executing test programs: 4.572707124s ago: executing program 2 (id=2174): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = open(0x0, 0x0, 0x146) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r2, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nullb, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='squashfs\x00', 0x8200, 0x0) 4.040477956s ago: executing program 0 (id=2182): mknod(&(0x7f0000000000)='./bus\x00', 0x1200, 0x0) mknod(&(0x7f0000000140)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x2, 0x0) r1 = open(&(0x7f00000002c0)='./bus\x00', 0x42202, 0x0) splice(r0, 0x0, r1, 0x0, 0xffffffe1, 0x0) r2 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0) writev(r2, &(0x7f0000000280)=[{&(0x7f0000000300)="e7", 0x1}], 0x1) read$FUSE(r1, &(0x7f0000001540)={0x2020}, 0x2020) 3.932681325s ago: executing program 0 (id=2184): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioperm(0x0, 0x0, 0x0) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) shutdown(r3, 0x0) recvmmsg(r3, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 3.296168627s ago: executing program 2 (id=2186): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x3) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "0e079db5611782eee162e3a91db1e5ebba172f"}) 3.296020135s ago: executing program 2 (id=2187): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f0000000100)=ANY=[@ANYBLOB="1f00020000009a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000007c0)={0x44, &(0x7f0000000580)={0x0, 0x0, 0xf, "221f748b7108eac3bfc11f6a220e2e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.103411135s ago: executing program 3 (id=2189): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000002c0)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) close_range(r0, 0xffffffffffffffff, 0x0) 3.058006225s ago: executing program 3 (id=2190): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@newsa={0x13c, 0x10, 0x1, 0x0, 0x0, {{@in6=@empty, @in6=@remote}, {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'xcbc(cast5)\x00'}}}]}, 0x13c}}, 0x0) 2.932806546s ago: executing program 3 (id=2193): socket$nl_generic(0x10, 0x3, 0x10) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) r1 = socket(0x2, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r2, 0xab03) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x6) ioctl$NBD_DISCONNECT(r2, 0xab08) 2.773377789s ago: executing program 0 (id=2196): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000003000)={0x2}, 0x2) ppoll(&(0x7f00000001c0)=[{r0}], 0x1, &(0x7f0000000200), 0x0, 0x0) 2.000699643s ago: executing program 3 (id=2202): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000004c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02002d000b03d25a806f8c6394f90824fc600d0004000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 1.875730665s ago: executing program 3 (id=2203): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xb, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="611274000000000061134c0000000000bf2000000000000015000500511b48013d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586162c17600674290ca9d8d6413b8199e34f67ceaaa78710f9f8aba4765c91382f497585ca39c595b21afa6bce62b5ab0d44e9c32ad6f0349d92962a58d39494a19a9183362382792ac85578d3de07b7e155cf4ee5e3dd51212d2831bd8e2655b2fbd88791e4c66c832a774919b28b8a62711f0f156e636804e1d3f44a5ff3d63a3a51f0c7ec0c8c25e072194ddd83aa155a537e15c0d91f502deef03f83e826718705c9aef9613ac4a325a428d147c1749196e94226671fd9573ab0d079d44b13b56f793e98ab571c58e98e022f18a3be3f318e0690fff93f44f22473dc8004fc758218349bd3f0516a72a7ea913bfa7603063ed3118b2d680cbc"], &(0x7f0000000100)='GPL\x00'}, 0x48) 1.875458175s ago: executing program 0 (id=2204): socket$packet(0x11, 0x2, 0x300) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000000850000000e000000850000000700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$packet(0x11, 0xa, 0x300) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000080), 0x4) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000004e00)=ANY=[], 0x0) 1.875336292s ago: executing program 3 (id=2205): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000280), &(0x7f00000002c0)=r1}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000000000404112155000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00220a000000c1"], 0x0}, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) 1.817893953s ago: executing program 0 (id=2206): sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000040)="fb", 0x1}], 0x1}, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x10f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000580)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB="0000120000000504ff4e4a"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000700)={0x2c, &(0x7f00000001c0)={0x40, 0x2e, 0x90, {0x90, 0x22, "dd605ce92972473d45188781b53a4e02f4ea0d6416845afe392bf22b22bc7f00a7cf6167fd994ee42350eeace41ba722fe2ca73b19cf21e8c9f7b9703974eca5cf51051b08995603698deaf236f92e697f5b555ba315aecd0e43a3764e380f74f39ccfecc6ef6ccb4d2fe22c8c30fb70d618bf09bb0514912bb1196875482ca8c7d9484303f2330326cfa400ffd8"}}, &(0x7f0000000640)={0x0, 0x3, 0x9b, @string={0x9b, 0x3, "7148b9270db90062d6ca2f4cc665ed7c5e056e64329aeae9f0a583230b0f1e3a52ba3c0c881b10a6b47f836d4ac2e7d1cfdce095438729031ddec52b5cce2bc8c3fec0637a2dcbced702c698f5be5719b68aa1fb87e78c2c461808b3389330320fbfca055b3f3e26194421ca59d79227687e0ec6d4daf56fe5ea3340bf8b734b2bd373a255f131a98425c36afd62733c391e4e8756ec715fac"}}, &(0x7f0000000280)={0x0, 0xf, 0x1b, {0x5, 0xf, 0x1b, 0x5, [@ptm_cap={0x3}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xc, 0x81, 0x0, 0x2}, @ptm_cap={0x3}]}}, &(0x7f0000000300)={0x20, 0x29, 0xf, {0xf, 0x29, 0x81, 0x2, 0x7, 0x7f, "02f1903a", "9144899b"}}, &(0x7f0000000480)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xb, 0x0, 0xdf, 0x8, 0x24, 0x3, 0x242}}}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="3f033608260812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) 1.42307338s ago: executing program 1 (id=2207): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000300)={r0, &(0x7f0000000480)="75bdc450d8aa5d40ada6351884125daa17bf915616395c137855134b0e", 0x0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = dup(0xffffffffffffffff) ioctl$KVM_SET_MSRS(r1, 0xc008ae88, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x3, {0x41, 0x20}}, 0x10) 1.252953751s ago: executing program 2 (id=2208): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv6_delrule={0x30, 0x21, 0x1, 0x0, 0x0, {0xa, 0x80}, [@FRA_DST={0x14, 0x1, @empty}]}, 0x30}}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @rand_addr=0x64010100}, {0x0, @random="ca1597489704"}, 0x8, {0x2, 0x0, @empty}}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000200)=""/233, 0xe9}], 0x1, 0xfff, 0x0) 1.163210565s ago: executing program 2 (id=2209): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) syz_open_dev$sg(&(0x7f0000000240), 0x0, 0x2882) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='stack\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$nl_netfilter(0x10, 0x3, 0xc) connect(0xffffffffffffffff, &(0x7f0000000500)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r4, 0x40186f40, 0x20000502) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) read$FUSE(r0, &(0x7f0000003500)={0x2020}, 0xd) 1.162951182s ago: executing program 1 (id=2210): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001e0081064e81f782db44b9040a02080006007c09e8fe04a10a0015c00200142603600e120800080024000000a80009001100014003000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4e", 0x91}], 0x1}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r0 = socket$kcm(0x15, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000080)=@rc={0xa, @none}, 0x80, 0x0}, 0x0) 1.162730302s ago: executing program 1 (id=2211): socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket(0x1e, 0x80005, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399eb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3576], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x18}}, 0x0) getsockname$packet(r1, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r3, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @dev}, 0x10) recvmmsg(r3, &(0x7f00000005c0)=[{{0x0, 0xe8, 0x0, 0x0, 0x0, 0x0, 0xffffffff00003f00}}], 0x4000000000001db, 0x0, 0x0) sendfile(r3, r2, 0x0, 0xffefffff) 290.521942ms ago: executing program 2 (id=2212): gettid() r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d) sendfile(r0, r1, 0x0, 0x8000002b) 221.344118ms ago: executing program 1 (id=2213): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200000a000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b70600007fffffff2d6405000000000065040400010000000404000001007d68b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e6d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e0ebc622003b538dfd8e012e79578e51bc5f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf01860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b803000000661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7b148ba532e6ea09c346dfebd38608b32a0080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e14861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16b089f37b3591a15c0a9be6eb18208404c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b74cd36e748fafa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f0844307df70f532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fda0f0a04935c3c90d3add8eebc8619d73415cda2130f50714600fb6241c6e955031795b2c2f56411e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0001002d8c38a967c1bbe09315c298774009d8c6a16c7da308bcc87dc3addb08141bdee5d2780cfef663ddeedd005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe00000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd805deb28c13c1ed1c0d9cae846bcbfa8cce7b893ebc68578af7dc7d5e87d44ff80800000034c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c568cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e80339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd52364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7dcf050000000000001491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c78974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000400000000000a5accf93bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9c46136a5755c47287eb00000000000000c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f3390343c12aa51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b179509bd9f263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fca4d97a0ae75ccf11e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35e9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff17320adda5867947257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a927de6f4c09f4b742e037381c85d2ec7bb2a8152f0d6a99a0370e0cbd65744eb2efd7b65f04aa7e72588757b9612bb4253a63bb303c0c68a07f115d104f2007237a4f771416741bfd63fdfe3ae6f8bea755d8b7202c2bbae137dc1c3cf40db74a4c1c219d8ddec8f91dae2cdea1353fe062830fa1d233296ec9d8317872257e154665485e7f31cdbfbf435517faf93015b57417d84b8bc8662e097d5ba55d02d48e150695ffae3a676555b10da11751865126d19336116a1e58ab727dda6b343cc97f9479136a66f552abf8fe3d134f6d69df1cffe6740f90735f66ca54fd87800b4bda4db5e68aaccf44d24e09f8a769e3ae7bf246673f15e3d1adae4384bdb7cd30a33e30466b421feb96006c810fd3830a1c75af2580727ffc604d2b04f476acc21419fad9b1baec88974da2db29b80859bde08b85c8086e4b7f1fd568042ad5396d3179c71b1dc43291e450ce9b8d7d80fcb44966d7ad4691a378700000000000000000000000000631ffc86fe0c8124536afbfc6300ee2c00000000000000000000000000000000000000000083a5765d06da91165d24bc316607e2d69344aa1c07ff7cd7bc3d17f122478b6e81077782b9c298edc2546045feff90e7aa7da88d2489fb000a4aa838f911c1a869fa55e979e033b7707df75b93cf5b8d25242741a88f2d54a7107375b25911aa11efa3a4f87fc14f180e353615b3cb9a5cf5ea843014a277c3694a5a83266f73ef039dd739187923715548d58ff43be997e35776e37c2b7772d0873369ba559e4a9ce9a7878a9a46f2a68adae0f3f5c0715b169ff053d8f5ab73d5f738b0edc71a287418ba45a14fd1ab423d9c392d010af2cf1356c6f78d563822afd3e8fb693ef3e1f1c02289e94b15a0a2a58e9c77a6d388004396baf8af32d0bd7fef1597b20e2eec0273012e344628a8ea5bd0a9da43078b95af7186d5bf36a2e31c0ee3e1ec6accd94b7e3b47e52681128c5b6fb2afbffaa52d53080f7ef112fdffffffffffffff0c1f7b4673fc5202bcc1159ba59b9b5c996079b6c2b9cc011470ce48b53c7339135e0a1e7c90b91a84cfaf95af6edc881ca69cb3d869fcd87a294447e3eb627923970281e28528348f9d0157c80ffd70dd45fc9ae550e191e9f88a1f15c2d997c217bb6d5d24e88d07837851b391ffcf3aa2183952ef4d68757c7511179f0984960b907016a4ad6ba19f89794b545f983e94a980f83794c277dd644651d721a0d0546b3e69b8530d9391068d67cfb4fe879c23933ec59d3e728113fdf3a28800512b9cef65523490caa4f5ec30ad6ded9879843ade683b3263197964e752ca77b966ae22e73a0cbbe549306e49d0e11662cf8bcccd8198ef44911ed6b86792086cc6c758d8c4a872041e58685d4134a5ee5063b4bb7e8035442b1cba567cfee96b3b858c9086c907ddddd16414545f1b94b34f081f3e6248699060d62f236b5204993cf42c180f757938a62b5f302cae4a4a7be523be2db61b74bab36d0e63e4469969482ada533c54bdc9c2ad0b7dce02c869e6c853f92d24823036f8b5f4a6f6f89e1a9cd003c714814277f32bd6d535dcc08c992f2938b2e265ff6bfbf38694255c367867d64c50b6f7f2fd131b5b30059ea2ed6bd2b887f808dee79a76d600883085436d79381d7a4a09c4d73f8046c72b206ae3b76429c719f80ab8ff65494f35a75916d81ce89b94ed2e07540d855ebb2e78bfbb354e29d6b905f2573bec68e340472006f3738f004c24edd7c538ad9f25bda4c443bc816a8fb38081adbf5a80f5cd6fde3aadd56a9283dfdcbf7fdd1b44e717c0b405b3261f19b1c38df6331df8e84619ef307875c893a8f0a436ccfb6319000000000000000000000000001f1c8231baae9e6b907826aa7431ee8ee9deb4db6dca3e4fa3df5cd4015a3771c25bff7d305689ff0a71d821fc6ee9d2d0069a6f4cb434e8183796f89825de4d251bbf526adcf572bd39c9817a51b50859c77eebd37709f0d65667a71700006103120886e81241c7186011c6949a9ef5eadb3ca1ba74d055196c80fe796f3550eef858d924ba6a93ea687720ffe78f1e2c98686d85575fbabee88e97d4dea9b7d8416d62f962b9202528fcc38eea7d2b4efca4e14fcbcc15e8"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) epoll_create(0x8) socket$kcm(0x10, 0x2, 0x0) socket$caif_stream(0x25, 0x1, 0x0) socket$isdn_base(0x22, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$ax25(0x3, 0x3, 0x0) socket$igmp6(0xa, 0x3, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, 0x0, 0xc5) socket$inet6(0xa, 0x6, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000000000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES64=r1], 0x40}}, 0x0) 102.320179ms ago: executing program 0 (id=2214): unshare(0x20000400) socket$inet_smc(0x2b, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x13, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238}, 0x80) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x28, 0x2a, 0x9, 0x0, 0x0, {0x4, 0x0, 0x2c00}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}, @nested={0xa, 0x16, 0x0, 0x1, [@generic="92f2703ff0c7"]}]}, 0x28}, 0x1, 0x3000000}, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r5, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r4, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x78, 0x0, 0x300, 0x70bd27, 0x25dfdbfe, {}, [@TIPC_NLA_SOCK={0x64, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}]}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xff}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x20}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4040010}, 0x24040000) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000200)={0x1f, 0x0, @fixed}, 0xe) r7 = socket(0x1d, 0x2, 0x6) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) close(0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r8, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e48906"], 0xfdef) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r7, &(0x7f0000000700)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x74, r5, 0x2b, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x5, 0x69}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x2e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x3f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2a}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x77}]}, 0x74}, 0x1, 0x0, 0x0, 0x8000}, 0xc000) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r11}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8}]}}}]}, 0x3c}}, 0x0) getsockopt$nfc_llcp(r7, 0x6a, 0x1, 0x0, 0x2000003b) 1.825995ms ago: executing program 1 (id=2215): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e90009118db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f0000000200)="c67f0d7df974c298a289e47091f8", 0xe}], 0x2) 0s ago: executing program 1 (id=2216): ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/119, 0x77, 0x0}}, 0x48) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000001880)=[{&(0x7f000001aa80)=""/102399, 0x18fff}], 0x1, 0xfffffffd, 0x5) r2 = socket(0x200000100000011, 0x803, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) bind$packet(r2, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) write$binfmt_aout(r2, &(0x7f0000000500)=ANY=[], 0x120) kernel console output (not intermixed with test programs): 0xa4/0x100 [ 543.623326][T11642] ? __pfx_iov_iter_get_pages2+0x10/0x10 [ 543.625846][T11642] ? wait_for_space+0x224/0x2d0 [ 543.628023][T11642] __do_sys_vmsplice+0x7c6/0x1230 [ 543.630266][T11642] ? __pfx___do_sys_vmsplice+0x10/0x10 [ 543.632678][T11642] ? ksys_write+0x12f/0x260 [ 543.634705][T11642] ? vfs_write+0x14d/0x1140 [ 543.636663][T11642] ? __pfx_ksys_write+0x10/0x10 [ 543.638837][T11642] ? __do_fast_syscall_32+0x73/0x120 [ 543.641182][T11642] __do_fast_syscall_32+0x73/0x120 [ 543.643400][T11642] do_fast_syscall_32+0x32/0x80 [ 543.645565][T11642] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 543.648349][T11642] RIP: 0023:0xf7454579 [ 543.650042][T11642] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 543.659747][T11642] RSP: 002b:00000000f5d6c57c EFLAGS: 00000292 ORIG_RAX: 000000000000013c [ 543.663393][T11642] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020e79000 [ 543.666787][T11642] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 543.670266][T11642] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 543.673726][T11642] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 543.677171][T11642] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 543.680664][T11642] [ 543.925120][T11648] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1783'. [ 544.367486][T11651] bridge0: port 2(bridge_slave_1) entered disabled state [ 544.370719][T11651] bridge0: port 1(bridge_slave_0) entered disabled state [ 544.379261][T11651] bridge0: left promiscuous mode [ 544.381715][T11651] bridge0: left allmulticast mode [ 544.453163][T11651] trusted_key: encrypted_key: insufficient parameters specified [ 544.484192][T11651] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 545.159623][T11662] FAULT_INJECTION: forcing a failure. [ 545.159623][T11662] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 545.165724][T11662] CPU: 3 PID: 11662 Comm: syz.1.1788 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 545.170280][T11662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 545.174814][T11662] Call Trace: [ 545.176270][T11662] [ 545.177582][T11662] dump_stack_lvl+0x16c/0x1f0 [ 545.179674][T11662] should_fail_ex+0x497/0x5b0 [ 545.181785][T11662] _copy_from_user+0x30/0xf0 [ 545.183821][T11662] snd_seq_write+0x3f6/0x6d0 [ 545.185921][T11662] ? __pfx_snd_seq_write+0x10/0x10 [ 545.188204][T11662] ? bpf_lsm_file_permission+0x9/0x10 [ 545.190594][T11662] ? security_file_permission+0x98/0xc0 [ 545.193383][T11662] ? __pfx_snd_seq_write+0x10/0x10 [ 545.195742][T11662] vfs_write+0x29a/0x1140 [ 545.197765][T11662] ? __pfx_vfs_write+0x10/0x10 [ 545.199986][T11662] ? __fget_files+0x256/0x400 [ 545.202136][T11662] ? __fget_light+0x173/0x210 [ 545.204457][T11662] ksys_write+0x1f8/0x260 [ 545.206719][T11662] ? __pfx_ksys_write+0x10/0x10 [ 545.208910][T11662] __do_fast_syscall_32+0x73/0x120 [ 545.211522][T11662] do_fast_syscall_32+0x32/0x80 [ 545.214425][T11662] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 545.218276][T11662] RIP: 0023:0xf73c7579 [ 545.220505][T11662] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 545.228880][T11662] RSP: 002b:00000000f5cdf57c EFLAGS: 00000292 ORIG_RAX: 0000000000000004 [ 545.232223][T11662] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 545.236223][T11662] RDX: 000000000000ffc8 RSI: 0000000000000000 RDI: 0000000000000000 [ 545.240094][T11662] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 545.243893][T11662] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 545.247768][T11662] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 545.251814][T11662] [ 545.966288][T11667] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 546.262701][T11675] netlink: 1524 bytes leftover after parsing attributes in process `syz.3.1792'. [ 546.267773][T11675] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1792'. [ 546.289817][T11675] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 546.294535][T11675] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 546.299843][T11675] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 546.303999][T11675] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 546.338164][T11675] vxlan0: entered promiscuous mode [ 546.392396][T11677] bridge0: port 3(hsr0) entered disabled state [ 546.395607][T11677] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.399337][T11677] bridge0: port 1(bridge_slave_0) entered disabled state [ 546.409980][T11677] bridge0: left promiscuous mode [ 546.413442][T11677] bridge0: left allmulticast mode [ 546.568178][T11677] trusted_key: encrypted_key: insufficient parameters specified [ 546.647598][T11677] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 546.661695][T11677] bridge0: port 3(hsr0) entered blocking state [ 546.664535][T11677] bridge0: port 3(hsr0) entered forwarding state [ 546.667869][T11677] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.671170][T11677] bridge0: port 2(bridge_slave_1) entered forwarding state [ 546.674548][T11677] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.677801][T11677] bridge0: port 1(bridge_slave_0) entered forwarding state [ 546.683664][T11677] bridge0: entered promiscuous mode [ 546.686214][T11677] bridge0: entered allmulticast mode [ 546.760782][T11680] trusted_key: encrypted_key: insufficient parameters specified [ 546.790866][T11680] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 546.994518][T11686] vxfs: WRONG superblock magic 00000000 at 1 [ 547.000009][T11686] vxfs: WRONG superblock magic 00000000 at 8 [ 547.002806][T11686] vxfs: can't find superblock. [ 547.167210][T11693] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1798'. [ 547.746829][ T55] usb 7-1: new high-speed USB device number 67 using dummy_hcd [ 547.936822][ T55] usb 7-1: Using ep0 maxpacket: 8 [ 547.941874][ T55] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 547.945986][ T55] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 547.957010][ T55] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 547.962636][ T55] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 547.986764][ T55] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 547.992302][ T55] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 547.996061][ T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 548.142943][T11706] bridge0: port 3(hsr0) entered disabled state [ 548.146936][T11706] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.151211][T11706] bridge0: port 1(bridge_slave_0) entered disabled state [ 548.156513][T11706] bridge0: left promiscuous mode [ 548.159099][T11706] bridge0: left allmulticast mode [ 548.252835][T11708] trusted_key: encrypted_key: insufficient parameters specified [ 548.273796][T11706] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 548.283194][T11706] bridge0: port 3(hsr0) entered blocking state [ 548.286092][T11706] bridge0: port 3(hsr0) entered forwarding state [ 548.289262][T11706] bridge0: port 2(bridge_slave_1) entered blocking state [ 548.292484][T11706] bridge0: port 2(bridge_slave_1) entered forwarding state [ 548.295984][T11706] bridge0: port 1(bridge_slave_0) entered blocking state [ 548.299334][T11706] bridge0: port 1(bridge_slave_0) entered forwarding state [ 548.304070][T11706] bridge0: entered promiscuous mode [ 548.306426][T11706] bridge0: entered allmulticast mode [ 548.619633][ T5246] usb 7-1: USB disconnect, device number 67 [ 548.670069][T11712] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.673938][T11712] bridge0: port 1(bridge_slave_0) entered disabled state [ 548.680379][T11712] bridge0: left promiscuous mode [ 548.682862][T11712] bridge0: left allmulticast mode [ 548.784594][T11712] trusted_key: encrypted_key: insufficient parameters specified [ 548.807087][T11712] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 549.211424][T11719] trusted_key: encrypted_key: insufficient parameters specified [ 549.277225][T11719] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 549.346133][T11719] bridge0: port 2(bridge_slave_1) entered blocking state [ 549.349297][T11719] bridge0: port 2(bridge_slave_1) entered forwarding state [ 549.352520][T11719] bridge0: port 1(bridge_slave_0) entered blocking state [ 549.355424][T11719] bridge0: port 1(bridge_slave_0) entered forwarding state [ 549.397882][T11719] bridge0: entered promiscuous mode [ 549.401168][T11719] bridge0: entered allmulticast mode [ 549.478099][T11726] netlink: 1524 bytes leftover after parsing attributes in process `syz.2.1808'. [ 549.492308][T11726] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1808'. [ 549.513581][T11726] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 549.517839][T11726] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 549.521516][T11726] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 549.525330][T11726] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 549.546913][T11726] vxlan0: entered promiscuous mode [ 549.594555][T11710] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 549.789452][T11728] netlink: 'syz.3.1809': attribute type 1 has an invalid length. [ 550.001150][T11730] 8021q: adding VLAN 0 to HW filter on device batadv31 [ 550.005318][T11730] bond10: (slave batadv31): Enslaving as a backup interface with an up link [ 550.042901][T11731] bond10 (unregistering): (slave batadv31): Releasing backup interface [ 550.071322][T11731] bond10 (unregistering): Released all slaves [ 550.489302][T11743] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1813'. [ 550.507405][T11744] dccp_close: ABORT with 62 bytes unread [ 550.771961][T11748] trusted_key: encrypted_key: insufficient parameters specified [ 550.822581][T11739] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 550.828231][T11748] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 551.168189][T11757] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1818'. [ 551.416810][ T55] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 551.479181][T11762] netlink: 1524 bytes leftover after parsing attributes in process `syz.3.1820'. [ 551.483582][T11762] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1820'. [ 551.606830][ T55] usb 6-1: Using ep0 maxpacket: 8 [ 551.617336][ T55] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 551.620963][ T55] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 551.625115][ T55] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 551.647198][ T55] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 551.651606][ T55] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 551.667045][ T55] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 551.677105][ T55] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.014435][T11765] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 552.590779][ T5093] usb 6-1: USB disconnect, device number 56 [ 552.751086][T11770] netlink: 'syz.3.1822': attribute type 1 has an invalid length. [ 552.875806][T11771] macvlan0: entered allmulticast mode [ 552.878265][T11771] veth1_vlan: entered allmulticast mode [ 552.880721][T11771] macvlan0: left allmulticast mode [ 552.883076][T11771] veth1_vlan: left allmulticast mode [ 552.897568][T11774] 8021q: adding VLAN 0 to HW filter on device batadv32 [ 552.906549][T11774] bond10: (slave batadv32): Enslaving as a backup interface with an up link [ 553.051289][T11770] bond10 (unregistering): (slave batadv32): Releasing backup interface [ 553.184373][T11770] bond10 (unregistering): Released all slaves [ 553.467694][T11778] vxfs: WRONG superblock magic 00000000 at 1 [ 553.484411][T11778] vxfs: WRONG superblock magic 00000000 at 8 [ 553.487155][T11778] vxfs: can't find superblock. [ 553.674396][T11783] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1827'. [ 554.470674][T11799] bridge0: port 3(hsr0) entered disabled state [ 554.473627][T11799] bridge0: port 2(bridge_slave_1) entered disabled state [ 554.477044][T11799] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.487594][T11799] bridge0: left promiscuous mode [ 554.489843][T11799] bridge0: left allmulticast mode [ 554.531363][T11799] trusted_key: encrypted_key: insufficient parameters specified [ 554.546969][T11799] bridge0: port 3(hsr0) entered blocking state [ 554.549712][T11799] bridge0: port 3(hsr0) entered forwarding state [ 554.552689][T11799] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.555875][T11799] bridge0: port 2(bridge_slave_1) entered forwarding state [ 554.559513][T11799] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.563300][T11799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 554.569149][T11799] bridge0: entered promiscuous mode [ 554.571940][T11799] bridge0: entered allmulticast mode [ 554.746072][T11805] bridge0: port 3(hsr0) entered disabled state [ 554.751428][T11805] bridge0: port 2(bridge_slave_1) entered disabled state [ 554.754758][T11805] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.758323][T11805] bridge0: left promiscuous mode [ 554.760471][T11805] bridge0: left allmulticast mode [ 554.817428][T11805] trusted_key: encrypted_key: insufficient parameters specified [ 554.833047][T11805] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 554.844616][T11805] bridge0: port 3(hsr0) entered blocking state [ 554.847480][T11805] bridge0: port 3(hsr0) entered forwarding state [ 554.850375][T11805] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.853536][T11805] bridge0: port 2(bridge_slave_1) entered forwarding state [ 554.856861][T11805] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.860188][T11805] bridge0: port 1(bridge_slave_0) entered forwarding state [ 554.864181][T11805] bridge0: entered promiscuous mode [ 554.867088][T11805] bridge0: entered allmulticast mode [ 554.946864][ T5246] usb 7-1: new high-speed USB device number 68 using dummy_hcd [ 555.114932][T11813] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1836'. [ 555.127208][ T5246] usb 7-1: Using ep0 maxpacket: 8 [ 555.133787][ T5246] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 555.143675][ T5246] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 555.148232][ T5246] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 555.152411][ T5246] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 555.157278][ T5246] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 555.163428][ T5246] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 555.168466][ T5246] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.768029][ T9] usb 7-1: USB disconnect, device number 68 [ 556.259207][T11825] bridge0: port 3(hsr0) entered disabled state [ 556.262538][T11825] bridge0: port 2(bridge_slave_1) entered disabled state [ 556.266340][T11825] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.277625][T11825] bridge0: left promiscuous mode [ 556.280635][T11825] bridge0: left allmulticast mode [ 556.369379][T11825] trusted_key: encrypted_key: insufficient parameters specified [ 556.411778][T11825] bridge0: port 3(hsr0) entered blocking state [ 556.414699][T11825] bridge0: port 3(hsr0) entered forwarding state [ 556.417934][T11825] bridge0: port 2(bridge_slave_1) entered blocking state [ 556.421043][T11825] bridge0: port 2(bridge_slave_1) entered forwarding state [ 556.424488][T11825] bridge0: port 1(bridge_slave_0) entered blocking state [ 556.427816][T11825] bridge0: port 1(bridge_slave_0) entered forwarding state [ 556.437728][T11825] bridge0: entered promiscuous mode [ 556.439903][T11825] bridge0: entered allmulticast mode [ 556.671623][T11830] 9pnet_fd: Insufficient options for proto=fd [ 556.747130][T11828] trusted_key: encrypted_key: insufficient parameters specified [ 556.817986][T11833] netlink: 'syz.1.1844': attribute type 1 has an invalid length. [ 556.868301][T11828] bridge0: port 2(bridge_slave_1) entered blocking state [ 556.872246][T11828] bridge0: port 2(bridge_slave_1) entered forwarding state [ 556.876873][T11828] bridge0: port 1(bridge_slave_0) entered blocking state [ 556.880436][T11828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 556.892115][T11828] bridge0: entered promiscuous mode [ 556.894857][T11828] bridge0: entered allmulticast mode [ 556.959498][T11833] 8021q: adding VLAN 0 to HW filter on device batadv31 [ 556.986049][T11833] bond4: (slave batadv31): Enslaving as a backup interface with an up link [ 557.004632][T11835] bond4 (unregistering): (slave batadv31): Releasing backup interface [ 557.021798][T11835] bond4 (unregistering): Released all slaves [ 557.076200][T11838] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.079728][T11838] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.090464][T11838] bridge0: left promiscuous mode [ 557.093051][T11838] bridge0: left allmulticast mode [ 557.221628][T11838] trusted_key: encrypted_key: insufficient parameters specified [ 557.237025][T10445] Bluetooth: hci0: command 0x0406 tx timeout [ 557.297105][T11838] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 557.319052][T11838] bridge0: port 2(bridge_slave_1) entered blocking state [ 557.322616][T11838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 557.326082][T11838] bridge0: port 1(bridge_slave_0) entered blocking state [ 557.329676][T11838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 557.335665][T11838] bridge0: entered promiscuous mode [ 557.339041][T11838] bridge0: entered allmulticast mode [ 557.647335][ T5245] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 557.734351][T11855] vxfs: WRONG superblock magic 00000000 at 1 [ 557.737724][T11855] vxfs: WRONG superblock magic 00000000 at 8 [ 557.740657][T11855] vxfs: can't find superblock. [ 557.875264][ T5245] usb 6-1: Using ep0 maxpacket: 8 [ 557.884083][ T5245] usb 6-1: config 32 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 557.890727][ T5245] usb 6-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 557.895582][ T5245] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.107182][ T39] audit: type=1326 audit(2000000394.709:1787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11862 comm="syz.0.1854" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7439579 code=0x0 [ 558.182027][T11867] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1855'. [ 559.296906][ T9] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 559.494607][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 559.499291][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 559.506759][ T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 559.510716][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.514269][ T9] usb 5-1: Product: 抡֨顼쐼⃉ꝫ㧨㙘ܓ슪ꀡ⚃⶟墔蓼༣鴾Ꚑ儧홳ڋ쪗鸎 [ 559.518824][ T9] usb 5-1: Manufacturer: 她蕋멳龜ؔ됛ꦆ뗮齔㗘మᆤ幽埍瀷쬎룱窛퍽黱覝轤㴓犂讯࣍䉙녒ⶇ扚邆镻㢗濇蕃鐍혣☲밉庙랸袰৽夂憬芣稐录빬旟깿ꦇ婞㘳௴ﺋ࣊绾鸓ᬪ哴s [ 559.529025][ T9] usb 5-1: SerialNumber: syz [ 559.970570][T11875] netlink: 'syz.2.1857': attribute type 1 has an invalid length. [ 560.009006][T11875] 8021q: adding VLAN 0 to HW filter on device batadv43 [ 560.015161][T11875] bond8: (slave batadv43): Enslaving as a backup interface with an up link [ 560.027741][T11875] bond8 (unregistering): (slave batadv43): Releasing backup interface [ 560.043742][T11875] bond8 (unregistering): Released all slaves [ 560.300630][ T5245] usb 6-1: string descriptor 0 read error: -71 [ 560.304675][ T5245] hub 6-1:32.0: bad descriptor, ignoring hub [ 560.316925][ T5245] hub 6-1:32.0: probe with driver hub failed with error -5 [ 560.331106][T11881] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1859'. [ 560.522396][T11888] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 560.552791][T11882] FAULT_INJECTION: forcing a failure. [ 560.552791][T11882] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 560.565624][T11882] CPU: 2 PID: 11882 Comm: syz.2.1858 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 560.569841][T11882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 560.574740][T11882] Call Trace: [ 560.576211][T11882] [ 560.577512][T11882] dump_stack_lvl+0x16c/0x1f0 [ 560.579657][T11882] should_fail_ex+0x497/0x5b0 [ 560.581668][T11882] _copy_to_iter+0x411/0xfc0 [ 560.583617][T11882] ? __pfx__copy_to_iter+0x10/0x10 [ 560.585787][T11882] ? __virt_addr_valid+0x5e/0x580 [ 560.587892][T11882] ? __phys_addr_symbol+0x30/0x80 [ 560.590057][T11882] ? __check_object_size+0x48e/0x720 [ 560.592387][T11882] seq_read_iter+0xd06/0x12c0 [ 560.594454][T11882] seq_read+0x390/0x4d0 [ 560.596239][T11882] ? __pfx_seq_read+0x10/0x10 [ 560.598308][T11882] ? copy_compat_iovec_from_user+0x115/0x150 [ 560.601401][T11882] ? __pfx_seq_read+0x10/0x10 [ 560.603249][T11882] vfs_readv+0x6cb/0x8a0 [ 560.604942][T11882] ? __pfx_vfs_readv+0x10/0x10 [ 560.606669][T11882] ? find_held_lock+0x2d/0x110 [ 560.608632][T11882] ? __pfx_lock_release+0x10/0x10 [ 560.610777][T11882] ? do_preadv+0x1b2/0x260 [ 560.612717][T11882] do_preadv+0x1b2/0x260 [ 560.614516][T11882] ? __pfx_do_preadv+0x10/0x10 [ 560.616480][T11882] __do_fast_syscall_32+0x73/0x120 [ 560.618441][T11882] do_fast_syscall_32+0x32/0x80 [ 560.620288][T11882] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 560.622708][T11882] RIP: 0023:0xf7454579 [ 560.624313][T11882] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 560.631672][T11882] RSP: 002b:00000000f5d4b57c EFLAGS: 00000292 ORIG_RAX: 000000000000014d [ 560.635263][T11882] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000140 [ 560.638759][T11882] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 560.642305][T11882] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 560.645760][T11882] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 560.649272][T11882] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 560.652766][T11882] [ 560.961943][T11895] 9pnet_fd: Insufficient options for proto=fd [ 560.965632][T11896] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1864'. [ 561.027425][T11898] netlink: 'syz.2.1866': attribute type 1 has an invalid length. [ 561.134798][T11902] 8021q: adding VLAN 0 to HW filter on device batadv44 [ 561.178319][T11902] bond8: (slave batadv44): Enslaving as a backup interface with an up link [ 561.186247][T11898] bond8 (unregistering): (slave batadv44): Releasing backup interface [ 561.219843][T11898] bond8 (unregistering): Released all slaves [ 561.557865][ T39] audit: type=1326 audit(2000000398.169:1788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11904 comm="syz.2.1868" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7454579 code=0x0 [ 561.952285][ T9] usb 5-1: 0:2 : does not exist [ 561.966320][ T9] usb 5-1: USB disconnect, device number 59 [ 562.017255][ T5245] usb 6-1: USB disconnect, device number 57 [ 562.095057][T11915] bridge0: port 2(bridge_slave_1) entered disabled state [ 562.099143][T11915] bridge0: port 1(bridge_slave_0) entered disabled state [ 562.106328][T11915] bridge0: left promiscuous mode [ 562.110426][T11915] bridge0: left allmulticast mode [ 562.366860][T11915] trusted_key: encrypted_key: insufficient parameters specified [ 562.416963][T11915] bridge0: port 2(bridge_slave_1) entered blocking state [ 562.420238][T11915] bridge0: port 2(bridge_slave_1) entered forwarding state [ 562.424083][T11915] bridge0: port 1(bridge_slave_0) entered blocking state [ 562.427324][T11915] bridge0: port 1(bridge_slave_0) entered forwarding state [ 562.432022][T11915] bridge0: entered promiscuous mode [ 562.434297][T11915] bridge0: entered allmulticast mode [ 562.455606][T11922] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1873'. [ 562.461524][T11922] openvswitch: netlink: Geneve opt len 2 is not a multiple of 4. [ 562.507174][ T9] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 562.569505][T11926] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1875'. [ 562.672800][T11931] netlink: 'syz.3.1876': attribute type 1 has an invalid length. [ 562.707532][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 562.712582][ T9] usb 5-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 562.726930][ T9] usb 5-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 562.757836][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 562.865387][T11931] bond10 (unregistering): Released all slaves [ 563.069535][ T9] usb 5-1: string descriptor 0 read error: -71 [ 563.072555][ T9] hub 5-1:32.0: USB hub found [ 563.083582][ T9] hub 5-1:32.0: config failed, can't read hub descriptor (err -22) [ 563.164972][ T9] usb 5-1: USB disconnect, device number 60 [ 563.316852][ T55] usb 7-1: new high-speed USB device number 69 using dummy_hcd [ 563.515929][ T55] usb 7-1: Using ep0 maxpacket: 8 [ 563.520522][ T55] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 563.523982][ T55] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 563.529305][ T55] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 563.549714][ T55] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 563.553872][ T55] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 563.566798][ T8] usb 6-1: new high-speed USB device number 58 using dummy_hcd [ 563.573598][ T55] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 563.573623][ T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.778804][ T8] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 563.783390][ T8] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 563.790960][ T8] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 563.795047][ T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.800035][ T8] usb 6-1: Product: 抡֨顼쐼⃉ꝫ㧨㙘ܓ슪ꀡ⚃⶟墔蓼༣鴾Ꚑ儧홳ڋ쪗鸎 [ 563.805092][ T8] usb 6-1: Manufacturer: 她蕋멳龜ؔ됛ꦆ뗮齔㗘మᆤ幽埍瀷쬎룱窛퍽黱覝轤㴓犂讯࣍䉙녒ⶇ扚邆镻㢗濇蕃鐍혣☲밉庙랸袰৽夂憬芣稐录빬旟깿ꦇ婞㘳௴ﺋ࣊绾鸓ᬪ哴s [ 563.815541][ T8] usb 6-1: SerialNumber: syz [ 563.885641][ T39] audit: type=1326 audit(2000000400.499:1789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11947 comm="syz.0.1881" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7439579 code=0x0 [ 564.123702][ T55] usb 7-1: usb_control_msg returned -71 [ 564.126220][ T55] usbtmc 7-1:16.0: can't read capabilities [ 564.133049][ T55] usb 7-1: USB disconnect, device number 69 [ 564.939140][ T39] audit: type=1326 audit(2000000401.559:1790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.2.1886" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7454579 code=0x0 [ 565.899018][T11970] FAULT_INJECTION: forcing a failure. [ 565.899018][T11970] name failslab, interval 1, probability 0, space 0, times 0 [ 565.904395][T11970] CPU: 2 PID: 11970 Comm: syz.2.1887 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 565.908631][T11970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 565.913206][T11970] Call Trace: [ 565.914662][T11970] [ 565.915979][T11970] dump_stack_lvl+0x16c/0x1f0 [ 565.918093][T11970] should_fail_ex+0x497/0x5b0 [ 565.920105][T11970] should_failslab+0x9/0x20 [ 565.922060][T11970] __kmalloc_noprof+0xcf/0x420 [ 565.924153][T11970] ? __pfx___debug_object_init+0x10/0x10 [ 565.926559][T11970] bio_kmalloc+0x41/0x70 [ 565.928418][T11970] blk_rq_map_kern+0x40c/0x780 [ 565.930518][T11970] scsi_execute_cmd+0x379/0xff0 [ 565.932668][T11970] ? __orc_find+0x104/0x130 [ 565.934368][T11970] ? stack_access_ok+0xf9/0x270 [ 565.936294][T11970] ? __pfx_scsi_execute_cmd+0x10/0x10 [ 565.938524][T11970] ? __kernel_text_address+0xd/0x40 [ 565.940914][T11970] ? unwind_get_return_address+0x45/0xe0 [ 565.943126][T11970] ? arch_stack_walk+0x118/0x170 [ 565.945088][T11970] sr_do_ioctl+0x21c/0x830 [ 565.946872][T11970] ? __pfx_sr_do_ioctl+0x10/0x10 [ 565.948931][T11970] ? __pfx_mark_lock+0x10/0x10 [ 565.950848][T11970] ? kasan_save_stack+0x42/0x60 [ 565.952807][T11970] ? kasan_save_stack+0x33/0x60 [ 565.954761][T11970] ? kasan_save_track+0x14/0x30 [ 565.956760][T11970] sr_packet+0xee/0x1c0 [ 565.958485][T11970] dvd_do_auth+0x54f/0xe50 [ 565.960260][T11970] ? __pfx_dvd_do_auth+0x10/0x10 [ 565.962253][T11970] ? __pfx_lock_release+0x10/0x10 [ 565.964173][T11970] mmc_ioctl_dvd_auth+0x154/0x230 [ 565.966152][T11970] ? __pfx_mmc_ioctl_dvd_auth+0x10/0x10 [ 565.968324][T11970] cdrom_ioctl+0x2d98/0x3280 [ 565.970140][T11970] ? mark_lock+0xb5/0xc60 [ 565.972037][T11970] ? __pfx_cdrom_ioctl+0x10/0x10 [ 565.974287][T11970] ? __pfx_mark_lock+0x10/0x10 [ 565.976321][T11970] ? trace_rpm_return_int+0x19d/0x220 [ 565.978497][T11970] ? rpm_resume+0x81d/0x1330 [ 565.980503][T11970] ? find_held_lock+0x2d/0x110 [ 565.982620][T11970] ? __pm_runtime_resume+0xc3/0x170 [ 565.984940][T11970] ? __pfx_lock_release+0x10/0x10 [ 565.986871][T11970] ? lockdep_hardirqs_on+0x7c/0x110 [ 565.989064][T11970] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 565.991652][T11970] ? __pm_runtime_resume+0xc3/0x170 [ 565.993967][T11970] sr_block_ioctl+0x1b0/0x250 [ 565.996076][T11970] ? __pfx_sr_block_ioctl+0x10/0x10 [ 565.998165][T11970] blkdev_compat_ptr_ioctl+0x9c/0xe0 [ 566.000466][T11970] ? __pfx_blkdev_compat_ptr_ioctl+0x10/0x10 [ 566.004390][T11970] compat_blkdev_ioctl+0x30a/0x770 [ 566.006756][T11970] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 566.009228][T11970] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 566.011601][T11970] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 566.013974][T11970] __do_compat_sys_ioctl+0x2c3/0x330 [ 566.016272][T11970] __do_fast_syscall_32+0x73/0x120 [ 566.018399][T11970] do_fast_syscall_32+0x32/0x80 [ 566.020373][T11970] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 566.022823][T11970] RIP: 0023:0xf7454579 [ 566.024461][T11970] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 566.032043][T11970] RSP: 002b:00000000f5d6c57c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 566.035549][T11970] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005392 [ 566.038551][T11970] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 566.041535][T11970] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 566.045072][T11970] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 566.049187][T11970] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 566.053015][T11970] [ 566.233515][ T8] usb 6-1: 0:2 : does not exist [ 566.262393][ T8] usb 6-1: USB disconnect, device number 58 [ 566.275496][T11973] macvlan0: entered allmulticast mode [ 566.282488][T11973] veth1_vlan: entered allmulticast mode [ 566.290840][T11973] macvlan0: left allmulticast mode [ 566.293169][T11973] veth1_vlan: left allmulticast mode [ 566.848666][ T9] usb 6-1: new high-speed USB device number 59 using dummy_hcd [ 566.880700][ T39] audit: type=1326 audit(2000000403.499:1791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.0.1891" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7439579 code=0x0 [ 567.057257][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 567.070832][ T9] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 567.074202][ T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 567.079582][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 567.083790][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 567.089073][ T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 567.094857][ T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 567.099842][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.586633][ T9] usb 6-1: usb_control_msg returned -71 [ 567.589657][ T9] usbtmc 6-1:16.0: can't read capabilities [ 567.618133][ T9] usb 6-1: USB disconnect, device number 59 [ 568.148680][T11990] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1892'. [ 568.153303][T11990] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1892'. [ 568.299426][ T1354] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.304231][ T1354] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.779304][ T39] audit: type=1326 audit(2000000405.399:1792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11998 comm="syz.1.1895" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73c7579 code=0x0 [ 569.506601][T12015] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1900'. [ 569.848289][T12026] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1904'. [ 569.852313][T12026] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1904'. [ 569.936865][ T55] usb 6-1: new high-speed USB device number 60 using dummy_hcd [ 570.126976][ T55] usb 6-1: Using ep0 maxpacket: 8 [ 570.131630][ T55] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 570.137426][ T55] usb 6-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 570.141708][ T55] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.648638][T12029] macvlan0: entered allmulticast mode [ 570.650992][T12029] veth1_vlan: entered allmulticast mode [ 570.680648][T12029] macvlan0: left allmulticast mode [ 570.684476][T12029] veth1_vlan: left allmulticast mode [ 571.241416][ T39] audit: type=1326 audit(2000000407.859:1793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12032 comm="syz.0.1907" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7439579 code=0x0 [ 572.105843][T12040] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1908'. [ 572.557265][ T9] usb 7-1: new high-speed USB device number 70 using dummy_hcd [ 572.585048][ T55] usb 6-1: string descriptor 0 read error: -71 [ 572.589768][ T55] hub 6-1:32.0: USB hub found [ 572.597909][ T55] hub 6-1:32.0: config failed, can't read hub descriptor (err -22) [ 572.673199][T12055] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1914'. [ 572.679873][T12055] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1914'. [ 572.683961][T12055] openvswitch: netlink: IP tunnel attribute has 3060 unknown bytes. [ 572.687264][ T55] usb 6-1: USB disconnect, device number 60 [ 572.779294][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 572.831038][ T9] usb 7-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 572.835331][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 572.926092][T12061] trusted_key: encrypted_key: insufficient parameters specified [ 572.958537][T12061] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 572.987479][T12061] bridge0: port 2(bridge_slave_1) entered blocking state [ 572.990493][T12061] bridge0: port 2(bridge_slave_1) entered forwarding state [ 572.993647][T12061] bridge0: port 1(bridge_slave_0) entered blocking state [ 572.996835][T12061] bridge0: port 1(bridge_slave_0) entered forwarding state [ 573.002048][T12061] bridge0: entered promiscuous mode [ 573.004486][T12061] bridge0: entered allmulticast mode [ 573.316108][ T39] audit: type=1326 audit(2000000409.929:1794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12071 comm="syz.3.1919" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73e9579 code=0x0 [ 573.455327][T12076] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1920'. [ 574.134151][T12083] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1922'. [ 574.145446][T12083] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1922'. [ 574.501293][T12090] dccp_close: ABORT with 62 bytes unread [ 574.830139][T12097] macvlan0: entered allmulticast mode [ 574.832731][T12097] veth1_vlan: entered allmulticast mode [ 574.871901][T12097] macvlan0: left allmulticast mode [ 574.885662][T12097] veth1_vlan: left allmulticast mode [ 574.948198][T12099] netlink: 'syz.1.1929': attribute type 1 has an invalid length. [ 575.054471][T12099] 8021q: adding VLAN 0 to HW filter on device batadv32 [ 575.071026][T12099] bond4: (slave batadv32): Enslaving as a backup interface with an up link [ 575.117347][T12099] bond4 (unregistering): (slave batadv32): Releasing backup interface [ 575.135028][T12099] bond4 (unregistering): Released all slaves [ 575.227555][ T9] usb 7-1: string descriptor 0 read error: -71 [ 575.230870][ T9] hub 7-1:32.0: bad descriptor, ignoring hub [ 575.233670][ T9] hub 7-1:32.0: probe with driver hub failed with error -5 [ 575.289521][ T9] usb 7-1: USB disconnect, device number 70 [ 575.438749][ T39] audit: type=1326 audit(2000000412.059:1795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12104 comm="syz.1.1931" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73c7579 code=0x0 [ 575.915453][T12119] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1936'. [ 575.924223][T12119] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1936'. [ 576.686117][T12128] netlink: 'syz.2.1939': attribute type 1 has an invalid length. [ 576.818917][T12130] 8021q: adding VLAN 0 to HW filter on device batadv46 [ 576.845431][T12130] bond8: (slave batadv46): Enslaving as a backup interface with an up link [ 576.886881][ T35] usb 6-1: new high-speed USB device number 61 using dummy_hcd [ 576.962692][T12128] bond8 (unregistering): (slave batadv46): Releasing backup interface [ 576.981147][T12128] bond8 (unregistering): Released all slaves [ 577.122790][ T35] usb 6-1: Using ep0 maxpacket: 8 [ 577.127905][ T35] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 577.131568][ T35] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 577.135720][ T35] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 577.176798][ T35] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 577.180837][ T35] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 577.197031][ T35] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 577.226784][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.491386][T12134] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1941'. [ 577.843126][T12139] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1943'. [ 577.956703][ T35] usb 6-1: USB disconnect, device number 61 [ 578.152674][ T39] audit: type=1326 audit(2000000414.769:1796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12145 comm="syz.0.1945" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7439579 code=0x0 [ 578.184577][ T39] audit: type=1326 audit(2000000414.799:1797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12149 comm="syz.2.1946" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7454579 code=0x0 [ 578.823200][T12157] netlink: 'syz.1.1948': attribute type 1 has an invalid length. [ 579.011591][T12157] 8021q: adding VLAN 0 to HW filter on device batadv33 [ 579.063352][T12157] bond4: (slave batadv33): Enslaving as a backup interface with an up link [ 579.145590][T12157] bond4 (unregistering): (slave batadv33): Releasing backup interface [ 579.185297][T12157] bond4 (unregistering): Released all slaves [ 579.248231][T12161] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.251463][T12161] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.267360][T12164] trusted_key: encrypted_key: insufficient parameters specified [ 579.280340][T12161] bridge0: left promiscuous mode [ 579.282666][T12161] bridge0: left allmulticast mode [ 579.296891][T12163] netlink: 'syz.0.1949': attribute type 1 has an invalid length. [ 579.479872][T12166] 8021q: adding VLAN 0 to HW filter on device batadv8 [ 579.489391][T12166] bond3: (slave batadv8): Enslaving as a backup interface with an up link [ 579.523383][T12168] bond3 (unregistering): (slave batadv8): Releasing backup interface [ 579.538739][T12168] bond3 (unregistering): Released all slaves [ 579.648062][T12161] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.651280][T12161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 579.654664][T12161] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.657870][T12161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 579.677768][T12161] bridge0: entered promiscuous mode [ 579.679963][T12161] bridge0: entered allmulticast mode [ 579.685025][T12173] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1951'. [ 580.140860][T12192] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1957'. [ 580.242582][T12197] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1958'. [ 580.430006][T12204] netlink: 'syz.1.1961': attribute type 1 has an invalid length. [ 580.555845][T12206] 8021q: adding VLAN 0 to HW filter on device batadv34 [ 580.558706][ T826] usb 7-1: new high-speed USB device number 71 using dummy_hcd [ 580.571594][T12206] bond5: (slave batadv34): Enslaving as a backup interface with an up link [ 580.661407][T12204] bond5 (unregistering): (slave batadv34): Releasing backup interface [ 580.674150][T12204] bond5 (unregistering): Released all slaves [ 580.758767][ T826] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 580.763214][ T826] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 580.779465][ T826] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 580.783499][ T826] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.787130][ T826] usb 7-1: Product: 抡֨顼쐼⃉ꝫ㧨㙘ܓ슪ꀡ⚃⶟墔蓼༣鴾Ꚑ儧홳ڋ쪗鸎 [ 580.796774][ T826] usb 7-1: Manufacturer: 她蕋멳龜ؔ됛ꦆ뗮齔㗘మᆤ幽埍瀷쬎룱窛퍽黱覝轤㴓犂讯࣍䉙녒ⶇ扚邆镻㢗濇蕃鐍혣☲밉庙랸袰৽夂憬芣稐录빬旟깿ꦇ婞㘳௴ﺋ࣊绾鸓ᬪ哴s [ 580.816779][ T826] usb 7-1: SerialNumber: syz [ 581.077054][T12208] bridge0: port 3(hsr0) entered disabled state [ 581.079994][T12208] bridge0: port 2(bridge_slave_1) entered disabled state [ 581.083276][T12208] bridge0: port 1(bridge_slave_0) entered disabled state [ 581.087616][T12208] bridge0: left promiscuous mode [ 581.089881][T12208] bridge0: left allmulticast mode [ 581.127785][ T826] usb 7-1: 0:2 : does not exist [ 581.148336][ T826] usb 7-1: USB disconnect, device number 71 [ 581.214983][T12208] trusted_key: encrypted_key: insufficient parameters specified [ 581.247183][T12208] bridge0: port 3(hsr0) entered blocking state [ 581.250336][T12208] bridge0: port 3(hsr0) entered forwarding state [ 581.253466][T12208] bridge0: port 2(bridge_slave_1) entered blocking state [ 581.256667][T12208] bridge0: port 2(bridge_slave_1) entered forwarding state [ 581.260254][T12208] bridge0: port 1(bridge_slave_0) entered blocking state [ 581.263458][T12208] bridge0: port 1(bridge_slave_0) entered forwarding state [ 581.272613][T12208] bridge0: entered promiscuous mode [ 581.277120][T12208] bridge0: entered allmulticast mode [ 581.946905][ T826] usb 6-1: new high-speed USB device number 62 using dummy_hcd [ 582.126895][ T826] usb 6-1: Using ep0 maxpacket: 8 [ 582.131195][ T826] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 582.134662][ T826] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 582.146782][ T826] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 582.151240][ T826] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 582.155368][ T826] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 582.176792][ T826] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 582.180846][ T826] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.534543][T12227] bridge0: port 2(bridge_slave_1) entered disabled state [ 582.537866][T12227] bridge0: port 1(bridge_slave_0) entered disabled state [ 582.541869][T12227] bridge0: left promiscuous mode [ 582.544486][T12227] bridge0: left allmulticast mode [ 582.616821][ T39] audit: type=1326 audit(2000000419.229:1798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12228 comm="syz.0.1970" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7439579 code=0x0 [ 582.723635][T12227] trusted_key: encrypted_key: insufficient parameters specified [ 582.791735][T12227] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.794925][T12227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 582.798597][T12227] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.801866][T12227] bridge0: port 1(bridge_slave_0) entered forwarding state [ 582.806959][T12227] bridge0: entered promiscuous mode [ 582.809318][T12227] bridge0: entered allmulticast mode [ 582.852169][ T826] usb 6-1: USB disconnect, device number 62 [ 583.117273][T12235] bridge0: port 2(bridge_slave_1) entered disabled state [ 583.121156][T12235] bridge0: port 1(bridge_slave_0) entered disabled state [ 583.124838][T12235] bridge0: left promiscuous mode [ 583.127787][T12235] bridge0: left allmulticast mode [ 583.268060][T12235] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 583.286429][T12235] bridge0: port 2(bridge_slave_1) entered blocking state [ 583.290111][T12235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 583.293811][T12235] bridge0: port 1(bridge_slave_0) entered blocking state [ 583.297305][T12235] bridge0: port 1(bridge_slave_0) entered forwarding state [ 583.302644][T12235] bridge0: entered promiscuous mode [ 583.305412][T12235] bridge0: entered allmulticast mode [ 583.594951][T12238] nvme_fabrics: missing parameter 'transport=%s' [ 583.617286][T12238] nvme_fabrics: missing parameter 'nqn=%s' [ 583.914238][T12254] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1975'. [ 584.006828][ T55] usb 6-1: new high-speed USB device number 63 using dummy_hcd [ 584.186818][ T55] usb 6-1: Using ep0 maxpacket: 8 [ 584.198652][ T55] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 584.203462][ T55] usb 6-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 584.208431][ T55] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.750634][T12256] bridge0: port 2(bridge_slave_1) entered disabled state [ 584.754151][T12256] bridge0: port 1(bridge_slave_0) entered disabled state [ 584.787083][T12256] bridge0: left promiscuous mode [ 584.790584][T12256] bridge0: left allmulticast mode [ 584.973943][T12256] trusted_key: encrypted_key: insufficient parameters specified [ 584.996931][T12256] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.000586][T12256] bridge0: port 2(bridge_slave_1) entered forwarding state [ 585.004149][T12256] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.007285][T12256] bridge0: port 1(bridge_slave_0) entered forwarding state [ 585.013336][T12256] bridge0: entered promiscuous mode [ 585.016183][T12256] bridge0: entered allmulticast mode [ 585.309433][T12260] sctp: [Deprecated]: syz.2.1977 (pid 12260) Use of int in maxseg socket option. [ 585.309433][T12260] Use struct sctp_assoc_value instead [ 585.452404][ T39] audit: type=1326 audit(2000000422.069:1799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12261 comm="syz.2.1978" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7454579 code=0x0 [ 586.158155][T12267] netlink: 'syz.0.1979': attribute type 1 has an invalid length. [ 586.262964][T12267] 8021q: adding VLAN 0 to HW filter on device batadv11 [ 586.270240][T12267] bond3: (slave batadv11): Enslaving as a backup interface with an up link [ 586.286157][T12270] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.289408][T12270] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.294406][T12270] bridge0: left promiscuous mode [ 586.296783][T12270] bridge0: left allmulticast mode [ 586.330765][T12267] bond3 (unregistering): (slave batadv11): Releasing backup interface [ 586.349687][T12267] bond3 (unregistering): Released all slaves [ 586.406053][T12270] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 586.424134][T12270] bridge0: port 2(bridge_slave_1) entered blocking state [ 586.427869][T12270] bridge0: port 2(bridge_slave_1) entered forwarding state [ 586.431854][T12270] bridge0: port 1(bridge_slave_0) entered blocking state [ 586.435290][T12270] bridge0: port 1(bridge_slave_0) entered forwarding state [ 586.442635][T12270] bridge0: entered promiscuous mode [ 586.445488][T12270] bridge0: entered allmulticast mode [ 586.663058][ T55] usb 6-1: string descriptor 0 read error: -71 [ 586.665842][ T55] hub 6-1:32.0: USB hub found [ 586.669018][T12276] FAULT_INJECTION: forcing a failure. [ 586.669018][T12276] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 586.674481][T12276] CPU: 3 PID: 12276 Comm: syz.3.1983 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 586.678908][T12276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 586.683686][T12276] Call Trace: [ 586.685111][T12276] [ 586.686459][T12276] dump_stack_lvl+0x16c/0x1f0 [ 586.688451][T12276] should_fail_ex+0x497/0x5b0 [ 586.690431][T12276] _copy_from_user+0x30/0xf0 [ 586.692407][T12276] sctp_setsockopt+0x422/0xb880 [ 586.694497][T12276] ? aa_sk_perm+0x2f5/0xb40 [ 586.708343][T12276] ? __pfx_sctp_setsockopt+0x10/0x10 [ 586.710349][T12276] ? __pfx_aa_sk_perm+0x10/0x10 [ 586.712276][T12276] ? sock_common_setsockopt+0x2e/0xf0 [ 586.714740][T12276] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 586.717657][T12276] do_sock_setsockopt+0x222/0x480 [ 586.720178][T12276] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 586.722681][T12276] ? __fget_light+0x173/0x210 [ 586.724781][T12276] __sys_setsockopt+0x1a4/0x270 [ 586.726970][T12276] ? __pfx___sys_setsockopt+0x10/0x10 [ 586.729319][T12276] ? fput+0x32/0x390 [ 586.731315][T12276] ? ksys_write+0x1ab/0x260 [ 586.733619][T12276] ? __pfx_ksys_write+0x10/0x10 [ 586.736127][T12276] __ia32_sys_setsockopt+0xbc/0x160 [ 586.738380][T12276] ? lockdep_hardirqs_on+0x7c/0x110 [ 586.740764][T12276] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 586.743808][T12276] __do_fast_syscall_32+0x73/0x120 [ 586.746003][T12276] do_fast_syscall_32+0x32/0x80 [ 586.747968][T12276] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 586.750913][T12276] RIP: 0023:0xf73e9579 [ 586.752624][T12276] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 586.760940][T12276] RSP: 002b:00000000f5d0157c EFLAGS: 00000292 ORIG_RAX: 000000000000016e [ 586.764442][T12276] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084 [ 586.767763][T12276] RDX: 000000000000000d RSI: 0000000020000080 RDI: 0000000000000004 [ 586.771092][T12276] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 586.774408][T12276] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 586.780294][T12276] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 586.784126][T12276] [ 586.794210][T12274] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 586.797358][ T55] hub 6-1:32.0: config failed, can't read hub descriptor (err -22) [ 586.887719][ T55] usb 6-1: USB disconnect, device number 63 [ 586.905064][T12284] macvlan0: entered allmulticast mode [ 586.907899][T12284] veth1_vlan: entered allmulticast mode [ 586.920211][T12284] macvlan0: left allmulticast mode [ 586.975841][T12284] veth1_vlan: left allmulticast mode [ 587.029627][T12287] bridge0: port 2(bridge_slave_1) entered disabled state [ 587.032861][T12287] bridge0: port 1(bridge_slave_0) entered disabled state [ 587.037069][T12287] bridge0: left promiscuous mode [ 587.040236][T12287] bridge0: left allmulticast mode [ 587.056940][ T5258] usb 7-1: new high-speed USB device number 72 using dummy_hcd [ 587.146163][T12290] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1987'. [ 587.236843][ T5258] usb 7-1: Using ep0 maxpacket: 8 [ 587.249382][ T5258] usb 7-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 587.253605][ T5258] usb 7-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 587.257668][T12287] trusted_key: encrypted_key: insufficient parameters specified [ 587.262888][ T5258] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.294985][T12287] bridge0: port 2(bridge_slave_1) entered blocking state [ 587.298392][T12287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 587.301866][T12287] bridge0: port 1(bridge_slave_0) entered blocking state [ 587.305376][T12287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 587.309956][T12287] bridge0: entered promiscuous mode [ 587.312995][T12287] bridge0: entered allmulticast mode [ 589.142089][T12299] FAULT_INJECTION: forcing a failure. [ 589.142089][T12299] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 589.148048][T12299] CPU: 1 PID: 12299 Comm: syz.1.1989 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 589.153935][T12299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 589.158892][T12299] Call Trace: [ 589.160327][T12299] [ 589.161588][T12299] dump_stack_lvl+0x16c/0x1f0 [ 589.163775][T12299] should_fail_ex+0x497/0x5b0 [ 589.167368][T12299] _copy_from_user+0x30/0xf0 [ 589.169422][T12299] move_addr_to_kernel+0x68/0x160 [ 589.171640][T12299] __get_compat_msghdr+0x3f1/0x4d0 [ 589.173859][T12299] get_compat_msghdr+0xd3/0x170 [ 589.175999][T12299] ? __pfx_get_compat_msghdr+0x10/0x10 [ 589.178379][T12299] ? __pfx___lock_acquire+0x10/0x10 [ 589.180697][T12299] ___sys_sendmsg+0x1b0/0x1e0 [ 589.182829][T12299] ? __pfx____sys_sendmsg+0x10/0x10 [ 589.185050][T12299] ? ksys_write+0x21c/0x260 [ 589.187016][T12299] ? __fget_light+0x173/0x210 [ 589.189073][T12299] __sys_sendmsg+0x117/0x1f0 [ 589.191086][T12299] ? __pfx___sys_sendmsg+0x10/0x10 [ 589.193281][T12299] __do_fast_syscall_32+0x73/0x120 [ 589.195484][T12299] do_fast_syscall_32+0x32/0x80 [ 589.197596][T12299] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 589.200169][T12299] RIP: 0023:0xf73c7579 [ 589.201701][T12299] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 589.208777][T12299] RSP: 002b:00000000f5cdf57c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 589.212015][T12299] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200011c0 [ 589.215442][T12299] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 589.218973][T12299] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 589.222734][T12299] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 589.226276][T12299] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 589.230168][T12299] [ 589.307962][T12301] bridge0: port 3(hsr0) entered disabled state [ 589.312254][T12301] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.317995][T12301] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.322723][T12301] bridge0: left promiscuous mode [ 589.329881][T12301] bridge0: left allmulticast mode [ 589.471495][T12301] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 589.502884][T12301] bridge0: port 3(hsr0) entered blocking state [ 589.506012][T12301] bridge0: port 3(hsr0) entered forwarding state [ 589.509331][T12301] bridge0: port 2(bridge_slave_1) entered blocking state [ 589.512629][T12301] bridge0: port 2(bridge_slave_1) entered forwarding state [ 589.516224][T12301] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.519455][T12301] bridge0: port 1(bridge_slave_0) entered forwarding state [ 589.524601][T12301] bridge0: entered promiscuous mode [ 589.527836][T12301] bridge0: entered allmulticast mode [ 589.551337][T12305] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.554439][T12305] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.560497][T12305] bridge0: left promiscuous mode [ 589.562578][T12305] bridge0: left allmulticast mode [ 589.705070][ T5258] usb 7-1: string descriptor 0 read error: -71 [ 589.708243][ T5258] hub 7-1:32.0: USB hub found [ 589.711353][ T5258] hub 7-1:32.0: config failed, can't read hub descriptor (err -22) [ 589.757730][T12305] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 589.767298][ T5258] usb 7-1: USB disconnect, device number 72 [ 589.780708][T12305] bridge0: port 2(bridge_slave_1) entered blocking state [ 589.783637][T12305] bridge0: port 2(bridge_slave_1) entered forwarding state [ 589.787324][T12305] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.790423][T12305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 589.794478][T12305] bridge0: entered promiscuous mode [ 589.796672][T12305] bridge0: entered allmulticast mode [ 589.803522][T12310] input: syz0 as /devices/virtual/input/input16 [ 590.065265][ T5207] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 590.083147][T10353] syz_tun (unregistering): left promiscuous mode [ 590.083876][ T5207] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 590.100482][ T5207] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 590.115916][ T5207] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 590.119665][T12319] netlink: 'syz.0.1995': attribute type 1 has an invalid length. [ 590.125760][ T5207] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 590.130247][ T5207] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 590.136883][ T55] usb 6-1: new high-speed USB device number 64 using dummy_hcd [ 590.222207][T12321] 8021q: adding VLAN 0 to HW filter on device batadv13 [ 590.229870][T12321] bond3: (slave batadv13): Enslaving as a backup interface with an up link [ 590.328830][ T55] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 590.336780][ T55] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 590.343700][ T55] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 590.352349][ T55] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 590.356005][ T55] usb 6-1: Product: 抡֨顼쐼⃉ꝫ㧨㙘ܓ슪ꀡ⚃⶟墔蓼༣鴾Ꚑ儧홳ڋ쪗鸎 [ 590.361018][ T55] usb 6-1: Manufacturer: 她蕋멳龜ؔ됛ꦆ뗮齔㗘మᆤ幽埍瀷쬎룱窛퍽黱覝轤㴓犂讯࣍䉙녒ⶇ扚邆镻㢗濇蕃鐍혣☲밉庙랸袰৽夂憬芣稐录빬旟깿ꦇ婞㘳௴ﺋ࣊绾鸓ᬪ哴s [ 590.372092][ T55] usb 6-1: SerialNumber: syz [ 590.465903][T12317] chnl_net:caif_netlink_parms(): no params data found [ 590.763691][T12317] bridge0: port 1(bridge_slave_0) entered blocking state [ 590.767170][T12317] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.770517][T12317] bridge_slave_0: entered allmulticast mode [ 590.775457][T12317] bridge_slave_0: entered promiscuous mode [ 590.784510][T12317] bridge0: port 2(bridge_slave_1) entered blocking state [ 590.790832][T12317] bridge0: port 2(bridge_slave_1) entered disabled state [ 590.794644][T12317] bridge_slave_1: entered allmulticast mode [ 590.799923][T12317] bridge_slave_1: entered promiscuous mode [ 590.821483][ T55] usb 6-1: 0:2 : does not exist [ 590.843008][ T55] usb 6-1: USB disconnect, device number 64 [ 590.912758][T12317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 590.948181][T12317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 591.078074][T12317] team0: Port device team_slave_0 added [ 591.083847][T12317] team0: Port device team_slave_1 added [ 591.160716][T12317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 591.163999][T12317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 591.186838][T12317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 591.206989][T12317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 591.209858][T12317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 591.236823][T12317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 591.411403][T12317] hsr_slave_0: entered promiscuous mode [ 591.487456][T12317] hsr_slave_1: entered promiscuous mode [ 591.498009][T12317] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 591.501357][T12317] Cannot create hsr debugfs directory [ 592.028924][T12332] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 592.113460][T12317] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 592.119838][T12317] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.206980][ T5207] Bluetooth: hci0: command tx timeout [ 592.281249][T12317] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 592.286682][T12317] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.378210][T12341] bridge0: port 2(bridge_slave_1) entered disabled state [ 592.382004][T12341] bridge0: port 1(bridge_slave_0) entered disabled state [ 592.385959][T12341] bridge0: left promiscuous mode [ 592.395099][T12341] bridge0: left allmulticast mode [ 592.438857][T12317] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 592.442919][T12317] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.476034][T12341] trusted_key: encrypted_key: insufficient parameters specified [ 592.497053][T12341] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 592.511586][T12341] bridge0: port 2(bridge_slave_1) entered blocking state [ 592.515784][T12341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 592.519940][T12341] bridge0: port 1(bridge_slave_0) entered blocking state [ 592.524068][T12341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 592.530090][T12341] bridge0: entered promiscuous mode [ 592.535132][T12341] bridge0: entered allmulticast mode [ 592.618587][T12317] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 592.623443][T12317] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.877031][T12317] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 592.895057][T12317] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 592.906191][T12317] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 592.913433][T12317] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 593.001491][T12317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 593.024690][T12317] 8021q: adding VLAN 0 to HW filter on device team0 [ 593.036157][ T5246] bridge0: port 1(bridge_slave_0) entered blocking state [ 593.039264][ T5246] bridge0: port 1(bridge_slave_0) entered forwarding state [ 593.068129][ T5246] bridge0: port 2(bridge_slave_1) entered blocking state [ 593.071409][ T5246] bridge0: port 2(bridge_slave_1) entered forwarding state [ 593.113509][T12317] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 593.120404][T12317] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 593.353182][T12317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 593.418045][T12317] veth0_vlan: entered promiscuous mode [ 593.427517][T12317] veth1_vlan: entered promiscuous mode [ 593.453540][T12317] veth0_macvtap: entered promiscuous mode [ 593.478168][T12317] veth1_macvtap: entered promiscuous mode [ 593.501697][T12317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 593.505887][T12317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.510429][T12317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 593.514438][T12317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.519682][T12317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 593.525066][T12317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.529763][T12317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 593.534710][T12317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.542539][T12317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 593.554124][T12317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 593.561075][T12317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.565736][T12317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 593.570722][T12317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.575439][T12317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 593.581309][T12317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.586091][T12317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 593.591322][T12317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.596550][T12317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 593.602229][T12317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.608746][T12317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 593.619826][T12317] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.623313][T12317] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.628382][T12317] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.632154][T12317] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.666954][ T826] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 593.700140][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 593.703514][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 593.731931][ T104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 593.735611][ T104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 593.857316][ T826] usb 5-1: Using ep0 maxpacket: 8 [ 593.861442][ T826] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 593.866470][ T826] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 593.871939][ T826] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 593.878942][ T826] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 593.883703][ T826] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 593.897837][ T826] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 593.903463][ T826] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.276884][ T5207] Bluetooth: hci0: command tx timeout [ 594.557449][ T35] usb 5-1: USB disconnect, device number 61 [ 595.827026][ T35] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 595.851357][T12375] bridge0: port 3(hsr0) entered disabled state [ 595.854377][T12375] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.857650][T12375] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.861560][T12375] bridge0: left promiscuous mode [ 595.863506][T12375] bridge0: left allmulticast mode [ 595.937586][T12375] trusted_key: encrypted_key: insufficient parameters specified [ 595.950253][T12375] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 595.963977][T12375] bridge0: port 3(hsr0) entered blocking state [ 595.966371][T12375] bridge0: port 3(hsr0) entered forwarding state [ 595.969118][T12375] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.971537][T12375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 595.974703][T12375] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.977312][T12375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 595.983759][T12375] bridge0: entered promiscuous mode [ 595.986089][T12375] bridge0: entered allmulticast mode [ 596.009058][ T35] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 596.013970][ T35] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 596.033125][ T35] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 596.047499][ T35] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.051424][ T35] usb 5-1: Product: 抡֨顼쐼⃉ꝫ㧨㙘ܓ슪ꀡ⚃⶟墔蓼༣鴾Ꚑ儧홳ڋ쪗鸎 [ 596.066801][ T35] usb 5-1: Manufacturer: 她蕋멳龜ؔ됛ꦆ뗮齔㗘మᆤ幽埍瀷쬎룱窛퍽黱覝轤㴓犂讯࣍䉙녒ⶇ扚邆镻㢗濇蕃鐍혣☲밉庙랸袰৽夂憬芣稐录빬旟깿ꦇ婞㘳௴ﺋ࣊绾鸓ᬪ哴s [ 596.086824][ T35] usb 5-1: SerialNumber: syz [ 596.281122][T12379] netlink: 'syz.1.2009': attribute type 1 has an invalid length. [ 596.358213][ T5207] Bluetooth: hci0: command tx timeout [ 596.464352][T12383] 8021q: adding VLAN 0 to HW filter on device batadv35 [ 596.477805][T12383] bond5: (slave batadv35): Enslaving as a backup interface with an up link [ 596.493189][ T35] usb 5-1: 0:2 : does not exist [ 596.507252][ T35] usb 5-1: USB disconnect, device number 62 [ 597.142437][T12387] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2011'. [ 598.167064][ T35] usb 7-1: new full-speed USB device number 73 using dummy_hcd [ 598.307641][T12403] QAT: failed to copy from user cfg_data. [ 598.315416][T12405] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [ 598.348707][ T35] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 598.353405][ T35] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 255, setting to 64 [ 598.367004][ T35] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 598.372854][ T35] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 598.386779][ T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.397811][ T35] usb 7-1: config 0 descriptor?? [ 598.406408][T12399] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 598.436822][ T5207] Bluetooth: hci0: command tx timeout [ 598.547652][ T39] audit: type=1326 audit(2000000435.169:1800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12410 comm="syz.0.2018" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7439579 code=0x0 [ 598.671528][T12409] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 598.866648][ T35] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 598.869977][ T35] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 598.873372][ T35] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 598.876636][ T35] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 598.880601][ T35] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 598.886858][ T35] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 598.889788][ T35] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 598.892984][ T35] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 598.896205][ T35] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving [ 598.920902][ T35] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 599.607026][ T35] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 599.791224][ T35] usb 5-1: Using ep0 maxpacket: 16 [ 599.801704][ T35] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 599.824963][ T35] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 599.829301][ T35] usb 5-1: Product: syz [ 599.831835][ T35] usb 5-1: Manufacturer: syz [ 599.833979][ T35] usb 5-1: SerialNumber: syz [ 599.838210][ T35] usb 5-1: config 0 descriptor?? [ 600.119176][T12423] random: crng reseeded on system resumption [ 600.138195][T12423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 600.141446][T12423] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 600.206137][ T8] usb 5-1: USB disconnect, device number 63 [ 600.694122][T12432] netlink: 'syz.3.2025': attribute type 1 has an invalid length. [ 600.697610][T12436] 9pnet_fd: Insufficient options for proto=fd [ 600.777202][T12432] 8021q: adding VLAN 0 to HW filter on device batadv36 [ 600.783620][T12432] bond10: (slave batadv36): Enslaving as a backup interface with an up link [ 600.790190][T12438] netlink: 'syz.1.2026': attribute type 1 has an invalid length. [ 600.898541][T12441] 8021q: adding VLAN 0 to HW filter on device batadv36 [ 600.907906][T12441] bond6: (slave batadv36): Enslaving as a backup interface with an up link [ 600.929772][T11239] usb 7-1: USB disconnect, device number 73 [ 601.070735][ T39] audit: type=1326 audit(2000000437.689:1801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12443 comm="syz.2.2029" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73f2579 code=0x0 [ 601.421758][T12444] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 602.062129][T12452] macvlan0: entered allmulticast mode [ 602.070005][T12452] veth1_vlan: entered allmulticast mode [ 602.080822][T12452] macvlan0: left allmulticast mode [ 602.083174][T12452] veth1_vlan: left allmulticast mode [ 602.206898][T12462] bridge0: port 2(bridge_slave_1) entered disabled state [ 602.210171][T12462] bridge0: port 1(bridge_slave_0) entered disabled state [ 602.213504][T12462] bridge0: left promiscuous mode [ 602.215669][T12462] bridge0: left allmulticast mode [ 602.254062][T12466] 9pnet_fd: Insufficient options for proto=fd [ 602.435273][T12462] trusted_key: encrypted_key: insufficient parameters specified [ 602.537670][T12462] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 602.710446][T12462] bridge0: port 2(bridge_slave_1) entered blocking state [ 602.714443][T12462] bridge0: port 2(bridge_slave_1) entered forwarding state [ 602.718542][T12462] bridge0: port 1(bridge_slave_0) entered blocking state [ 602.722617][T12462] bridge0: port 1(bridge_slave_0) entered forwarding state [ 602.732977][T12462] bridge0: entered promiscuous mode [ 602.736540][T12462] bridge0: entered allmulticast mode [ 602.741703][T12470] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 603.352253][T12475] netlink: 'syz.3.2039': attribute type 1 has an invalid length. [ 603.588737][T12477] 8021q: adding VLAN 0 to HW filter on device batadv37 [ 603.634296][T12477] bond11: (slave batadv37): Enslaving as a backup interface with an up link [ 603.695474][T12475] bond11 (unregistering): (slave batadv37): Releasing backup interface [ 603.744899][T12475] bond11 (unregistering): Released all slaves [ 603.827393][T12482] netlink: 'syz.1.2040': attribute type 1 has an invalid length. [ 604.079364][T12487] 8021q: adding VLAN 0 to HW filter on device batadv37 [ 604.085792][T12487] bond7: (slave batadv37): Enslaving as a backup interface with an up link [ 604.197303][T12492] netlink: 'syz.0.2043': attribute type 1 has an invalid length. [ 604.407401][T12492] 8021q: adding VLAN 0 to HW filter on device batadv14 [ 604.418440][T12492] bond4: (slave batadv14): Enslaving as a backup interface with an up link [ 605.342459][ T39] audit: type=1326 audit(2000000441.959:1802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12499 comm="syz.2.2046" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73f2579 code=0x0 [ 606.526828][ T826] usb 7-1: new high-speed USB device number 74 using dummy_hcd [ 606.698810][ T39] audit: type=1326 audit(2000000443.319:1803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12518 comm="syz.3.2052" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73e9579 code=0x0 [ 606.710322][ T826] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 606.717741][ T826] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 606.725038][ T826] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 606.730429][ T826] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.734724][ T826] usb 7-1: Product: 抡֨顼쐼⃉ꝫ㧨㙘ܓ슪ꀡ⚃⶟墔蓼༣鴾Ꚑ儧홳ڋ쪗鸎 [ 606.742576][ T826] usb 7-1: Manufacturer: 她蕋멳龜ؔ됛ꦆ뗮齔㗘మᆤ幽埍瀷쬎룱窛퍽黱覝轤㴓犂讯࣍䉙녒ⶇ扚邆镻㢗濇蕃鐍혣☲밉庙랸袰৽夂憬芣稐录빬旟깿ꦇ婞㘳௴ﺋ࣊绾鸓ᬪ哴s [ 606.758522][ T826] usb 7-1: SerialNumber: syz [ 606.877307][ T5258] usb 6-1: new high-speed USB device number 65 using dummy_hcd [ 607.018044][ T826] usb 7-1: 0:2 : does not exist [ 607.037912][ T826] usb 7-1: USB disconnect, device number 74 [ 607.067956][ T5258] usb 6-1: Using ep0 maxpacket: 8 [ 607.073734][ T5258] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 607.078320][ T5258] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 607.082912][ T5258] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 607.089413][ T5258] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 607.094484][ T5258] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 607.101096][ T5258] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 607.105371][ T5258] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.384577][ T5258] usb 6-1: GET_CAPABILITIES returned 0 [ 607.401024][ T5258] usbtmc 6-1:16.0: can't read capabilities [ 607.588927][ T39] audit: type=1326 audit(2000000444.209:1804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12528 comm="syz.3.2055" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73e9579 code=0x0 [ 607.777532][T12534] netlink: 'syz.2.2056': attribute type 1 has an invalid length. [ 608.024492][T12536] bond0: (slave bond_slave_1): Releasing backup interface [ 608.149788][ T9] usb 6-1: USB disconnect, device number 65 [ 609.246863][ T5245] usb 6-1: new high-speed USB device number 66 using dummy_hcd [ 609.436923][ T5245] usb 6-1: Using ep0 maxpacket: 8 [ 609.441464][ T5245] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 609.446227][ T5245] usb 6-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 609.467374][ T5245] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.862835][ C1] vkms_vblank_simulate: vblank timer overrun [ 609.970207][T12552] bridge0: port 2(bridge_slave_1) entered disabled state [ 609.973937][T12552] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.063249][T12552] trusted_key: encrypted_key: insufficient parameters specified [ 610.094690][T12552] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 610.115741][T12552] bridge0: port 2(bridge_slave_1) entered blocking state [ 610.119093][T12552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 610.122414][T12552] bridge0: port 1(bridge_slave_0) entered blocking state [ 610.127762][T12552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 610.138422][T12552] bridge0: entered promiscuous mode [ 610.141010][T12552] bridge0: entered allmulticast mode [ 610.599624][ C1] vkms_vblank_simulate: vblank timer overrun [ 611.336787][ T5207] Bluetooth: hci4: command 0x0406 tx timeout [ 611.706893][ T35] usb 7-1: new high-speed USB device number 75 using dummy_hcd [ 611.888531][ T35] usb 7-1: Using ep0 maxpacket: 8 [ 611.899637][ T35] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 611.903501][ T35] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 611.914702][ T35] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 611.914737][ T5245] usb 6-1: string descriptor 0 read error: -71 [ 611.927902][ T35] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 611.932824][ T35] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 611.937952][ T5245] hub 6-1:32.0: USB hub found [ 611.978074][ T5245] hub 6-1:32.0: config failed, can't read hub descriptor (err -22) [ 611.988087][ T35] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 611.996946][ T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 612.052812][ T5245] usb 6-1: USB disconnect, device number 66 [ 612.109329][T12572] netlink: 'syz.1.2068': attribute type 1 has an invalid length. [ 612.305168][ T35] usb 7-1: GET_CAPABILITIES returned 0 [ 612.307713][ T35] usbtmc 7-1:16.0: can't read capabilities [ 612.318989][T12574] 8021q: adding VLAN 0 to HW filter on device batadv38 [ 612.352495][T12574] bond8: (slave batadv38): Enslaving as a backup interface with an up link [ 612.392503][T12572] bond8 (unregistering): (slave batadv38): Releasing backup interface [ 612.422831][T12572] bond8 (unregistering): Released all slaves [ 612.514042][T12579] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.517269][T12579] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.521070][T12579] bridge0: left promiscuous mode [ 612.523939][T12579] bridge0: left allmulticast mode [ 612.636205][T12579] trusted_key: encrypted_key: insufficient parameters specified [ 612.666414][T12579] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 612.688103][T12579] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.691367][T12579] bridge0: port 2(bridge_slave_1) entered forwarding state [ 612.694900][T12579] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.698359][T12579] bridge0: port 1(bridge_slave_0) entered forwarding state [ 612.702930][T12579] bridge0: entered promiscuous mode [ 612.705364][T12579] bridge0: entered allmulticast mode [ 612.809493][ T5245] usb 7-1: USB disconnect, device number 75 [ 612.920846][T12582] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2071'. [ 613.174940][T12587] FAULT_INJECTION: forcing a failure. [ 613.174940][T12587] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 613.200759][T12587] CPU: 0 PID: 12587 Comm: syz.3.2073 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 613.205351][T12587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 613.210415][T12587] Call Trace: [ 613.212144][T12587] [ 613.213705][T12587] dump_stack_lvl+0x16c/0x1f0 [ 613.216117][T12587] should_fail_ex+0x497/0x5b0 [ 613.218739][T12587] _copy_from_user+0x30/0xf0 [ 613.220951][T12587] cmsghdr_from_user_compat_to_kern+0x356/0x7c0 [ 613.223952][T12587] ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10 [ 613.226929][T12587] ? __import_iovec+0x1fd/0x6e0 [ 613.229376][T12587] ____sys_sendmsg+0x443/0xb50 [ 613.231913][T12587] ? __pfx_____sys_sendmsg+0x10/0x10 [ 613.234712][T12587] ? get_compat_msghdr+0x11b/0x170 [ 613.237292][T12587] ? __pfx___lock_acquire+0x10/0x10 [ 613.239975][T12587] ___sys_sendmsg+0x135/0x1e0 [ 613.242429][T12587] ? __pfx____sys_sendmsg+0x10/0x10 [ 613.245223][T12587] ? __pfx_lock_release+0x10/0x10 [ 613.247962][T12587] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 613.250989][T12587] ? __fget_light+0x173/0x210 [ 613.253265][T12587] __sys_sendmmsg+0x2a5/0x450 [ 613.255521][T12587] ? __pfx___sys_sendmmsg+0x10/0x10 [ 613.258486][T12587] ? vfs_write+0x14d/0x1140 [ 613.261261][T12587] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 613.264657][T12587] ? fput+0x32/0x390 [ 613.266585][T12587] ? ksys_write+0x1ab/0x260 [ 613.268891][T12587] ? __pfx_ksys_write+0x10/0x10 [ 613.271467][T12587] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 613.274023][T12587] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 613.277004][T12587] __do_fast_syscall_32+0x73/0x120 [ 613.280053][T12587] do_fast_syscall_32+0x32/0x80 [ 613.282574][T12587] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 613.285544][T12587] RIP: 0023:0xf73e9579 [ 613.287267][T12587] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 613.296596][T12587] RSP: 002b:00000000f5d0157c EFLAGS: 00000292 ORIG_RAX: 0000000000000159 [ 613.300280][T12587] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 613.303713][T12587] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000000 [ 613.307163][T12587] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 613.310605][T12587] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 613.314136][T12587] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 613.317557][T12587] [ 613.753507][T12601] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.756862][T12601] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.771455][T12601] bridge0: left promiscuous mode [ 613.774731][T12601] bridge0: left allmulticast mode [ 613.866359][T12603] trusted_key: encrypted_key: insufficient parameters specified [ 613.903469][T12601] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 613.935912][T12601] bridge0: port 2(bridge_slave_1) entered blocking state [ 613.939142][T12601] bridge0: port 2(bridge_slave_1) entered forwarding state [ 613.942644][T12601] bridge0: port 1(bridge_slave_0) entered blocking state [ 613.945334][T12601] bridge0: port 1(bridge_slave_0) entered forwarding state [ 613.947114][ T35] usb 7-1: new high-speed USB device number 76 using dummy_hcd [ 613.949682][T12601] bridge0: entered promiscuous mode [ 613.954328][T12601] bridge0: entered allmulticast mode [ 614.121469][T12607] FAULT_INJECTION: forcing a failure. [ 614.121469][T12607] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 614.127694][T12607] CPU: 2 PID: 12607 Comm: syz.0.2080 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 614.131987][T12607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 614.136907][T12607] Call Trace: [ 614.138316][T12607] [ 614.139614][T12607] dump_stack_lvl+0x16c/0x1f0 [ 614.141609][T12607] should_fail_ex+0x497/0x5b0 [ 614.143626][T12607] _copy_from_user+0x30/0xf0 [ 614.145729][T12607] compat_wext_handle_ioctl+0xc2/0x310 [ 614.148439][T12607] ? __pfx_compat_wext_handle_ioctl+0x10/0x10 [ 614.151577][T12607] compat_sock_ioctl+0x33d/0x7f0 [ 614.153913][T12607] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 614.157018][T12607] ? __fget_files+0x256/0x400 [ 614.159055][T12607] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 614.161636][T12607] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 614.164186][T12607] __do_compat_sys_ioctl+0x2c3/0x330 [ 614.166472][T12607] __do_fast_syscall_32+0x73/0x120 [ 614.168699][T12607] do_fast_syscall_32+0x32/0x80 [ 614.170829][T12607] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 614.173557][T12607] RIP: 0023:0xf7439579 [ 614.175363][T12607] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 614.183569][T12607] RSP: 002b:00000000f5d5157c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 614.186978][ T35] usb 7-1: Using ep0 maxpacket: 8 [ 614.187140][T12607] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008b22 [ 614.192598][T12607] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 614.194568][ T35] usb 7-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 614.196023][T12607] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 614.204175][T12607] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 614.206778][ T35] usb 7-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 614.207600][T12607] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 614.214052][T12607] [ 614.216820][ T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.452300][ T78] bridge_slave_1: left allmulticast mode [ 614.457462][ T78] bridge_slave_1: left promiscuous mode [ 614.462640][ T78] bridge0: port 2(bridge_slave_1) entered disabled state [ 614.479576][ T78] bridge_slave_0: left allmulticast mode [ 614.482547][ T78] bridge_slave_0: left promiscuous mode [ 614.485491][ T78] bridge0: port 1(bridge_slave_0) entered disabled state [ 615.051128][ T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 615.074462][ T78] bond0 (unregistering): Released all slaves [ 615.121107][ T78] bond1 (unregistering): (slave batadv2): Releasing backup interface [ 615.137212][ T78] bond1 (unregistering): Released all slaves [ 615.160634][ T78] bond2 (unregistering): Released all slaves [ 615.171524][ T78] bond3 (unregistering): Released all slaves [ 615.197817][ T78] bond4 (unregistering): (slave batadv34): Releasing backup interface [ 615.214476][ T78] bond4 (unregistering): Released all slaves [ 615.247655][ T78] bond5 (unregistering): (slave batadv36): Releasing backup interface [ 615.260040][ T78] bond5 (unregistering): Released all slaves [ 615.280521][ T78] bond6 (unregistering): Released all slaves [ 615.306008][ T78] bond7 (unregistering): Released all slaves [ 615.850023][ T78] batadv_slave_1: left promiscuous mode [ 615.868528][ T78] hsr_slave_0: left promiscuous mode [ 615.878753][ T78] hsr_slave_1: left promiscuous mode [ 615.882561][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 615.885861][ T78] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 615.898041][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 615.907868][ T78] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 615.975811][ T78] veth1_macvtap: left promiscuous mode [ 615.978490][ T78] veth0_macvtap: left promiscuous mode [ 615.981055][ T78] veth1_vlan: left promiscuous mode [ 615.984017][ T78] veth0_vlan: left promiscuous mode [ 616.278259][ T5247] usb 6-1: new high-speed USB device number 67 using dummy_hcd [ 616.458863][ T5247] usb 6-1: Using ep0 maxpacket: 8 [ 616.464883][ T5247] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 616.470456][ T5247] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 616.474799][ T5247] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 616.479467][ T5247] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 616.484082][ T5247] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 616.489854][ T5247] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 616.498683][ T5247] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.621202][ T35] usb 7-1: string descriptor 0 read error: -71 [ 616.624381][ T35] hub 7-1:32.0: USB hub found [ 616.642985][ T35] hub 7-1:32.0: config failed, can't read hub descriptor (err -22) [ 616.765845][ T35] usb 7-1: USB disconnect, device number 76 [ 616.822265][ T5247] usb 6-1: GET_CAPABILITIES returned 0 [ 616.824945][ T5247] usbtmc 6-1:16.0: can't read capabilities [ 618.318113][ T78] team0 (unregistering): Port device team_slave_1 removed [ 618.433629][ T78] team0 (unregistering): Port device team_slave_0 removed [ 619.215884][T12632] macvlan0: entered allmulticast mode [ 619.219335][T12632] veth1_vlan: entered allmulticast mode [ 619.224561][T12632] macvlan0: left allmulticast mode [ 619.227594][T12632] veth1_vlan: left allmulticast mode [ 619.419936][ T5247] usb 6-1: USB disconnect, device number 67 [ 619.817386][T12648] netlink: 'syz.3.2093': attribute type 1 has an invalid length. [ 620.092354][T12650] 8021q: adding VLAN 0 to HW filter on device batadv38 [ 620.138450][T12650] bond11: (slave batadv38): Enslaving as a backup interface with an up link [ 620.182454][T12648] bond11 (unregistering): (slave batadv38): Releasing backup interface [ 620.234996][T12648] bond11 (unregistering): Released all slaves [ 620.877762][T12661] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2097'. [ 621.307026][ T5246] usb 7-1: new high-speed USB device number 77 using dummy_hcd [ 621.497949][ T5246] usb 7-1: Using ep0 maxpacket: 8 [ 621.509465][ T5246] usb 7-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 621.515268][ T5246] usb 7-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 621.537067][ T5246] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.991613][T12668] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 622.823613][T12679] FAULT_INJECTION: forcing a failure. [ 622.823613][T12679] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 622.832026][T12679] CPU: 0 PID: 12679 Comm: syz.3.2103 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 622.836575][T12679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 622.841690][T12679] Call Trace: [ 622.843235][T12679] [ 622.844580][T12679] dump_stack_lvl+0x16c/0x1f0 [ 622.846695][T12679] should_fail_ex+0x497/0x5b0 [ 622.848837][T12679] _copy_from_user+0x30/0xf0 [ 622.850978][T12679] get_old_timespec32+0x153/0x1f0 [ 622.853179][T12679] ? __pfx_get_old_timespec32+0x10/0x10 [ 622.855573][T12679] __sys_recvmmsg+0xdd/0x280 [ 622.857727][T12679] ? __pfx___sys_recvmmsg+0x10/0x10 [ 622.860054][T12679] ? __pfx_ksys_write+0x10/0x10 [ 622.862236][T12679] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 622.865118][T12679] ? lockdep_hardirqs_on+0x7c/0x110 [ 622.867445][T12679] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 622.870346][T12679] __do_fast_syscall_32+0x73/0x120 [ 622.872633][T12679] do_fast_syscall_32+0x32/0x80 [ 622.874717][T12679] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 622.877170][T12679] RIP: 0023:0xf73e9579 [ 622.878786][T12679] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 622.887574][T12679] RSP: 002b:00000000f5d0157c EFLAGS: 00000292 ORIG_RAX: 0000000000000151 [ 622.891267][T12679] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200037c0 [ 622.894780][T12679] RDX: 00000000000003b4 RSI: 0000000000000000 RDI: 0000000020003700 [ 622.898352][T12679] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 622.901942][T12679] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 622.905508][T12679] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 622.909444][T12679] [ 623.116855][ T5249] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 623.276070][ T39] audit: type=1326 audit(2000000459.889:1805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12682 comm="syz.3.2105" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73e9579 code=0x0 [ 623.317367][ T5249] usb 5-1: Using ep0 maxpacket: 8 [ 623.328968][ T5249] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 623.332052][ T5249] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 623.338049][ T5249] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 623.346153][ T5249] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 623.351901][ T5249] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 623.358550][ T5249] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 623.362452][ T5249] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.036927][ T5246] usb 7-1: string descriptor 0 read error: -71 [ 624.040853][ T5246] hub 7-1:32.0: USB hub found [ 624.062807][ T5246] hub 7-1:32.0: config failed, can't read hub descriptor (err -22) [ 624.083790][ T35] usb 5-1: USB disconnect, device number 64 [ 624.127452][ T5246] usb 7-1: USB disconnect, device number 77 [ 624.155247][T12688] FAULT_INJECTION: forcing a failure. [ 624.155247][T12688] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 624.162801][T12688] CPU: 1 PID: 12688 Comm: syz.2.2106 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 624.168558][T12688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 624.173779][T12688] Call Trace: [ 624.175402][T12688] [ 624.176808][T12688] dump_stack_lvl+0x16c/0x1f0 [ 624.178812][T12688] should_fail_ex+0x497/0x5b0 [ 624.180834][T12688] _copy_from_user+0x30/0xf0 [ 624.183213][T12688] get_user_ifreq+0x190/0x250 [ 624.185522][T12688] sock_ioctl+0x592/0x6c0 [ 624.187511][T12688] ? __pfx_sock_ioctl+0x10/0x10 [ 624.189780][T12688] ? vfs_fileattr_set+0xb30/0xc00 [ 624.192272][T12688] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 624.195372][T12688] ? __pfx_unix_ioctl+0x10/0x10 [ 624.197803][T12688] compat_sock_ioctl+0x61f/0x7f0 [ 624.200271][T12688] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 624.202829][T12688] ? __fget_files+0x256/0x400 [ 624.205028][T12688] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 624.207875][T12688] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 624.211354][T12688] __do_compat_sys_ioctl+0x2c3/0x330 [ 624.214313][T12688] __do_fast_syscall_32+0x73/0x120 [ 624.216886][T12688] do_fast_syscall_32+0x32/0x80 [ 624.218860][T12688] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 624.221764][T12688] RIP: 0023:0xf73f2579 [ 624.223513][T12688] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 624.231660][T12688] RSP: 002b:00000000f5d0a57c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 624.235569][T12688] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000000089f0 [ 624.239075][T12688] RDX: 0000000020000900 RSI: 0000000000000000 RDI: 0000000000000000 [ 624.242666][T12688] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 624.246163][T12688] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 624.249621][T12688] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 624.253674][T12688] [ 624.255558][ C1] vkms_vblank_simulate: vblank timer overrun [ 624.260428][T12692] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2107'. [ 624.560783][T12695] macvlan0: entered allmulticast mode [ 624.563747][T12695] veth1_vlan: entered allmulticast mode [ 625.021528][T12701] FAULT_INJECTION: forcing a failure. [ 625.021528][T12701] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 625.032106][T12701] CPU: 2 PID: 12701 Comm: syz.3.2111 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 625.037051][T12701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 625.042066][T12701] Call Trace: [ 625.043551][T12701] [ 625.044854][T12701] dump_stack_lvl+0x16c/0x1f0 [ 625.046918][T12701] should_fail_ex+0x497/0x5b0 [ 625.049187][T12701] _copy_from_user+0x30/0xf0 [ 625.051790][T12701] compat_wext_handle_ioctl+0xc2/0x310 [ 625.054295][T12701] ? __pfx_compat_wext_handle_ioctl+0x10/0x10 [ 625.057698][T12701] compat_sock_ioctl+0x33d/0x7f0 [ 625.060643][T12701] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 625.063062][T12701] ? __fget_files+0x256/0x400 [ 625.065203][T12701] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 625.068042][T12701] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 625.070891][T12701] __do_compat_sys_ioctl+0x2c3/0x330 [ 625.074306][T12701] __do_fast_syscall_32+0x73/0x120 [ 625.076916][T12701] do_fast_syscall_32+0x32/0x80 [ 625.079290][T12701] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 625.081812][T12701] RIP: 0023:0xf73e9579 [ 625.083482][T12701] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 625.091776][T12701] RSP: 002b:00000000f5d0157c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 625.096245][T12701] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008b22 [ 625.099629][T12701] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 625.103962][T12701] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 625.107967][T12701] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 625.112345][T12701] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 625.117025][T12701] [ 625.155347][ T39] audit: type=1326 audit(2000000461.769:1806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12699 comm="syz.0.2110" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7439579 code=0x0 [ 625.194438][T12693] macvlan0: left allmulticast mode [ 625.204192][T12693] veth1_vlan: left allmulticast mode [ 625.498552][T12718] bridge0: port 3(hsr0) entered disabled state [ 625.501678][T12718] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.505071][T12718] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.528452][T12718] bridge0: left promiscuous mode [ 625.530678][T12718] bridge0: left allmulticast mode [ 625.589718][T12718] trusted_key: encrypted_key: insufficient parameters specified [ 625.613378][T12718] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 625.633238][T12718] bridge0: port 3(hsr0) entered blocking state [ 625.637490][T12718] bridge0: port 3(hsr0) entered forwarding state [ 625.640287][T12718] bridge0: port 2(bridge_slave_1) entered blocking state [ 625.642767][T12718] bridge0: port 2(bridge_slave_1) entered forwarding state [ 625.646069][T12718] bridge0: port 1(bridge_slave_0) entered blocking state [ 625.651267][T12718] bridge0: port 1(bridge_slave_0) entered forwarding state [ 625.658260][T12718] bridge0: entered promiscuous mode [ 625.660540][T12718] bridge0: entered allmulticast mode [ 626.071098][T12728] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2120'. [ 626.337273][ T5247] usb 6-1: new high-speed USB device number 68 using dummy_hcd [ 626.526887][ T5247] usb 6-1: Using ep0 maxpacket: 8 [ 626.538342][ T5247] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 626.543376][ T5247] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 626.549711][ T5247] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 626.556474][ T5247] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 626.562638][ T5247] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 626.570706][ T5247] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 626.575684][ T5247] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.928125][ T39] audit: type=1326 audit(2000000463.539:1807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12732 comm="syz.0.2121" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7439579 code=0x0 [ 627.354837][ T5258] usb 6-1: USB disconnect, device number 68 [ 627.683161][T12738] FAULT_INJECTION: forcing a failure. [ 627.683161][T12738] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 627.689679][T12738] CPU: 1 PID: 12738 Comm: syz.2.2122 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 627.694138][T12738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 627.698656][T12738] Call Trace: [ 627.700041][T12738] [ 627.701294][T12738] dump_stack_lvl+0x16c/0x1f0 [ 627.703339][T12738] should_fail_ex+0x497/0x5b0 [ 627.705361][T12738] _copy_to_user+0x30/0xc0 [ 627.707272][T12738] simple_read_from_buffer+0xd0/0x160 [ 627.709523][T12738] proc_fail_nth_read+0x1b0/0x290 [ 627.711742][T12738] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 627.714056][T12738] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 627.716349][T12738] vfs_read+0x1d4/0xbd0 [ 627.718111][T12738] ? __fdget_pos+0xeb/0x180 [ 627.720028][T12738] ? __pfx_vfs_read+0x10/0x10 [ 627.722006][T12738] ? __pfx___mutex_lock+0x10/0x10 [ 627.724297][T12738] ? __fget_files+0x256/0x400 [ 627.726367][T12738] ksys_read+0x12f/0x260 [ 627.728403][T12738] ? __pfx_ksys_read+0x10/0x10 [ 627.730736][T12738] __do_fast_syscall_32+0x73/0x120 [ 627.733690][T12738] do_fast_syscall_32+0x32/0x80 [ 627.735845][T12738] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 627.738513][T12738] RIP: 0023:0xf73f2579 [ 627.740177][T12738] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 627.748130][T12738] RSP: 002b:00000000f5d0a5b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 627.751881][T12738] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5d0a630 [ 627.755634][T12738] RDX: 000000000000000f RSI: 00000000f73dcff4 RDI: 0000000000000000 [ 627.758481][T12738] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 627.761320][T12738] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 627.764187][T12738] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 627.767146][T12738] [ 627.998664][T12750] bridge0: port 2(bridge_slave_1) entered disabled state [ 628.001848][T12750] bridge0: port 1(bridge_slave_0) entered disabled state [ 628.017046][T12750] bridge0: left promiscuous mode [ 628.019231][T12750] bridge0: left allmulticast mode [ 628.059287][ T39] audit: type=1326 audit(2000000464.679:1808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12746 comm="syz.0.2126" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7439579 code=0x0 [ 628.066856][T12750] trusted_key: encrypted_key: insufficient parameters specified [ 628.084409][T12750] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 628.097572][T12754] bridge0: port 3(hsr0) entered disabled state [ 628.100771][T12754] bridge0: port 2(bridge_slave_1) entered disabled state [ 628.104759][T12754] bridge0: port 1(bridge_slave_0) entered disabled state [ 628.108928][T12754] bridge0: left promiscuous mode [ 628.111303][T12754] bridge0: left allmulticast mode [ 628.123234][T12750] bridge0: port 2(bridge_slave_1) entered blocking state [ 628.126630][T12750] bridge0: port 2(bridge_slave_1) entered forwarding state [ 628.130730][T12750] bridge0: port 1(bridge_slave_0) entered blocking state [ 628.134438][T12750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 628.139273][T12750] bridge0: entered promiscuous mode [ 628.142170][T12750] bridge0: entered allmulticast mode [ 628.236293][T12754] trusted_key: encrypted_key: insufficient parameters specified [ 628.310090][T12754] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 628.338632][T12759] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2129'. [ 628.339250][T12754] bridge0: port 3(hsr0) entered blocking state [ 628.347950][T12754] bridge0: port 3(hsr0) entered forwarding state [ 628.350712][T12754] bridge0: port 2(bridge_slave_1) entered blocking state [ 628.354129][T12754] bridge0: port 2(bridge_slave_1) entered forwarding state [ 628.358107][T12754] bridge0: port 1(bridge_slave_0) entered blocking state [ 628.361271][T12754] bridge0: port 1(bridge_slave_0) entered forwarding state [ 628.367141][T12754] bridge0: entered promiscuous mode [ 628.369667][T12754] bridge0: entered allmulticast mode [ 628.574202][T12766] macvlan0: entered allmulticast mode [ 628.577970][T12766] veth1_vlan: entered allmulticast mode [ 628.809596][ T39] audit: type=1326 audit(2000000465.429:1809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12772 comm="syz.3.2132" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73e9579 code=0x0 [ 628.980727][T12778] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2135'. [ 629.011651][T12783] netlink: 'syz.0.2134': attribute type 1 has an invalid length. [ 629.135964][T12783] 8021q: adding VLAN 0 to HW filter on device batadv15 [ 629.159295][T12783] bond5: (slave batadv15): Enslaving as a backup interface with an up link [ 629.253164][T12785] bond5 (unregistering): (slave batadv15): Releasing backup interface [ 629.304405][T12785] bond5 (unregistering): Released all slaves [ 629.483378][T12764] macvlan0: left allmulticast mode [ 629.485876][T12764] veth1_vlan: left allmulticast mode [ 629.720125][ T1354] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.723028][ T1354] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.833829][T12798] netlink: 'syz.1.2139': attribute type 1 has an invalid length. [ 630.968441][T12800] 8021q: adding VLAN 0 to HW filter on device batadv39 [ 630.992665][T12800] bond8: (slave batadv39): Enslaving as a backup interface with an up link [ 631.203116][T12798] bond8 (unregistering): (slave batadv39): Releasing backup interface [ 631.271928][T12798] bond8 (unregistering): Released all slaves [ 631.301237][ T39] audit: type=1804 audit(2000000467.919:1810): pid=12805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2141" name="/newroot/29/bus/cgroup.controllers" dev="overlay" ino=175 res=1 errno=0 [ 631.628827][ T39] audit: type=1326 audit(2000000468.249:1811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12807 comm="syz.2.2142" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73f2579 code=0x0 [ 632.268737][T12812] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 632.707131][ T5249] usb 7-1: new high-speed USB device number 78 using dummy_hcd [ 632.877411][ T5249] usb 7-1: device descriptor read/64, error -71 [ 633.022932][T12821] ieee802154 phy0 wpan0: encryption failed: -22 [ 633.166948][ T5249] usb 7-1: new high-speed USB device number 79 using dummy_hcd [ 633.351016][ T5249] usb 7-1: device descriptor read/64, error -71 [ 633.472959][ T5249] usb usb7-port1: attempt power cycle [ 633.504029][T12823] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 633.886392][ T5249] usb 7-1: new high-speed USB device number 80 using dummy_hcd [ 633.917682][ T5249] usb 7-1: device descriptor read/8, error -71 [ 634.186900][ T5249] usb 7-1: new high-speed USB device number 81 using dummy_hcd [ 634.238454][ T5249] usb 7-1: device descriptor read/8, error -71 [ 634.309713][T12829] bridge0: port 2(bridge_slave_1) entered disabled state [ 634.312905][T12829] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.342577][T12829] bridge0: left promiscuous mode [ 634.348072][T12829] bridge0: left allmulticast mode [ 634.367370][ T5249] usb usb7-port1: unable to enumerate USB device [ 634.501496][T12829] trusted_key: encrypted_key: insufficient parameters specified [ 634.622505][T12829] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.625686][T12829] bridge0: port 2(bridge_slave_1) entered forwarding state [ 634.629096][T12829] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.632284][T12829] bridge0: port 1(bridge_slave_0) entered forwarding state [ 634.646111][T12829] bridge0: entered promiscuous mode [ 634.648165][T12829] bridge0: entered allmulticast mode [ 635.113000][T12837] netlink: 'syz.3.2151': attribute type 1 has an invalid length. [ 635.287147][ T39] audit: type=1326 audit(2000000471.909:1812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12841 comm="syz.0.2152" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7439579 code=0x0 [ 635.336351][T12840] 8021q: adding VLAN 0 to HW filter on device batadv39 [ 635.425513][T12840] bond11: (slave batadv39): Enslaving as a backup interface with an up link [ 635.552054][T12837] bond11 (unregistering): (slave batadv39): Releasing backup interface [ 635.616535][T12837] bond11 (unregistering): Released all slaves [ 635.916939][ T5245] usb 7-1: new high-speed USB device number 82 using dummy_hcd [ 635.939529][T12853] netlink: 'syz.1.2154': attribute type 4 has an invalid length. [ 636.117290][ T5245] usb 7-1: Using ep0 maxpacket: 8 [ 636.123770][ T5245] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 636.130816][ T5245] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 636.139180][ T5245] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 636.143588][ T5245] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 636.148723][ T5245] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 636.154597][ T5245] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 636.160803][ T5245] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.212522][ T39] audit: type=1326 audit(2000000472.829:1813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12855 comm="syz.0.2155" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7439579 code=0x0 [ 636.246915][T12348] usb 6-1: new high-speed USB device number 69 using dummy_hcd [ 636.449413][T12348] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 636.454378][T12348] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 636.462857][T12348] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 636.467220][T12348] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.474552][T12853] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 636.701013][ T35] usb 6-1: USB disconnect, device number 69 [ 636.887036][T12348] usb 7-1: USB disconnect, device number 82 [ 637.000123][ T5207] Bluetooth: hci4: unexpected event for opcode 0x1005 [ 637.382483][T12864] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 637.616877][ T39] audit: type=1326 audit(2000000474.229:1814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12869 comm="syz.2.2159" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73f2579 code=0x7ffc0000 [ 637.630491][ T39] audit: type=1326 audit(2000000474.229:1815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12869 comm="syz.2.2159" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73f2579 code=0x7ffc0000 [ 637.666371][ T39] audit: type=1326 audit(2000000474.229:1816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12869 comm="syz.2.2159" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf73f2579 code=0x7ffc0000 [ 637.728803][T12875] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2161'. [ 637.732582][ T39] audit: type=1326 audit(2000000474.229:1817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12869 comm="syz.2.2159" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73f2579 code=0x7ffc0000 [ 637.801199][ T39] audit: type=1326 audit(2000000474.229:1818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12869 comm="syz.2.2159" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf73f2579 code=0x7ffc0000 [ 637.817562][ T39] audit: type=1326 audit(2000000474.229:1819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12869 comm="syz.2.2159" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73f2579 code=0x7ffc0000 [ 637.865576][ T39] audit: type=1326 audit(2000000474.229:1820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12869 comm="syz.2.2159" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73f2579 code=0x7ffc0000 [ 637.907124][ T5258] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 637.911339][ T39] audit: type=1326 audit(2000000474.229:1821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12869 comm="syz.2.2159" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf73f2579 code=0x7ffc0000 [ 638.129020][ T5258] usb 6-1: config 0 has no interfaces? [ 638.133656][ T5258] usb 6-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 638.178843][ T5258] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 638.183200][ T5258] usb 6-1: Product: syz [ 638.185702][ T5258] usb 6-1: Manufacturer: syz [ 638.188710][ T5258] usb 6-1: SerialNumber: syz [ 638.192828][ T5258] usb 6-1: config 0 descriptor?? [ 638.366380][ C0] vkms_vblank_simulate: vblank timer overrun [ 638.442747][ T5258] usb 6-1: USB disconnect, device number 70 [ 638.842340][ C0] vkms_vblank_simulate: vblank timer overrun [ 639.658452][T12902] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2172'. [ 639.979214][T12922] Bluetooth: MGMT ver 1.22 [ 640.139776][T12924] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 641.302674][T12957] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2190'. [ 641.307624][T11239] usb 7-1: new high-speed USB device number 83 using dummy_hcd [ 641.606424][T11239] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 641.611290][T11239] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.616079][T11239] usb 7-1: config 0 descriptor?? [ 641.639400][T11239] cp210x 7-1:0.0: cp210x converter detected [ 641.709011][T12961] nbd3: detected capacity change from 0 to 12 [ 641.711692][T12971] block nbd3: NBD_DISCONNECT [ 641.714104][T12971] block nbd3: Send disconnect failed -89 [ 642.058997][T11239] cp210x 7-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 642.228499][T12966] block nbd3: Disconnected due to user request. [ 642.231676][T12966] block nbd3: shutting down sockets [ 642.287580][T11239] usb 7-1: cp210x converter now attached to ttyUSB0 [ 642.334909][T12985] netlink: 'syz.3.2202': attribute type 4 has an invalid length. [ 642.340435][T12985] netlink: 116376 bytes leftover after parsing attributes in process `syz.3.2202'. [ 642.344737][T12985] netlink: 18430 bytes leftover after parsing attributes in process `syz.3.2202'. [ 642.472986][ T5246] usb 7-1: USB disconnect, device number 83 [ 642.480607][ T5246] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 642.549105][ T5246] cp210x 7-1:0.0: device disconnected [ 642.777160][ T5258] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 642.967082][ T5258] usb 5-1: Using ep0 maxpacket: 8 [ 642.977656][ T5258] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 642.982407][ T5258] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 642.986949][ T5258] usb 5-1: New USB device found, idVendor=056a, idProduct=010f, bcdDevice= 0.00 [ 642.990911][ T5258] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.996196][ T5258] usb 5-1: config 0 descriptor?? [ 643.282970][T13007] ubi1: attaching mtd0 [ 643.418924][ T5258] wacom 0003:056A:010F.000E: item fetching failed at offset 2/5 [ 643.423020][ T5258] wacom 0003:056A:010F.000E: parse failed [ 643.425609][ T5258] wacom 0003:056A:010F.000E: probe with driver wacom failed with error -22 [ 643.616696][ T5258] usb 5-1: USB disconnect, device number 65 [ 644.217689][T13015] team0: entered promiscuous mode [ 644.219829][T13015] team_slave_1: entered promiscuous mode [ 644.223772][T13015] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 644.228692][T13015] Cannot create hsr debugfs directory [ 644.337051][ C1] [ 644.337931][ C1] ============================================ [ 644.340056][ C1] WARNING: possible recursive locking detected [ 644.342164][ C1] 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 Not tainted [ 644.344812][ C1] -------------------------------------------- [ 644.348918][ C1] swapper/1/0 is trying to acquire lock: [ 644.351092][ C1] ffff888057c0ee00 (&hsr->seqnr_lock){+.-.}-{2:2}, at: hsr_dev_xmit+0x174/0x220 [ 644.354629][ C1] [ 644.354629][ C1] but task is already holding lock: [ 644.357707][ C1] ffff8880282bce00 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x1dc/0xa60 [ 644.362428][ C1] SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 644.362428][ C1] other info that might help us debug this: [ 644.366603][ C1] Possible unsafe locking scenario: [ 644.366603][ C1] [ 644.370532][ C1] CPU0 [ 644.372333][ C1] ---- [ 644.374096][ C1] lock(&hsr->seqnr_lock); [ 644.375997][ C1] lock(&hsr->seqnr_lock); [ 644.377759][ C1] [ 644.377759][ C1] *** DEADLOCK *** [ 644.377759][ C1] [ 644.380513][ C1] May be due to missing lock nesting notation [ 644.380513][ C1] [ 644.382994][ C1] 7 locks held by swapper/1/0: [ 644.385453][ C1] #0: ffffc90000598cb0 ((&hsr->announce_timer)){+.-.}-{0:0}, at: call_timer_fn+0x11a/0x610 [ 644.389690][ C1] #1: ffffffff8dbb4ea0 (rcu_read_lock){....}-{1:2}, at: hsr_announce+0x90/0x380 [ 644.393675][ C1] #2: ffff8880282bce00 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x1dc/0xa60 [ 644.398221][ C1] #3: ffffffff8dbb4ea0 (rcu_read_lock){....}-{1:2}, at: hsr_forward_skb+0xb2/0x2190 [ 644.401974][ C1] #4: ffffffff8dbb4e40 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x244/0x4130 [ 644.405950][ C1] #5: ffffffff8dbb4ea0 (rcu_read_lock){....}-{1:2}, at: br_dev_xmit+0x1a2/0x1890 [ 644.409703][ C1] #6: ffffffff8dbb4e40 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x244/0x4130 [ 644.413603][ C1] [ 644.413603][ C1] stack backtrace: [ 644.415989][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 644.420118][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 644.424434][ C1] Call Trace: [ 644.425750][ C1] [ 644.426911][ C1] dump_stack_lvl+0x116/0x1f0 [ 644.428774][ C1] __lock_acquire+0x20e6/0x3b30 [ 644.430756][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 644.432866][ C1] lock_acquire+0x1b1/0x560 [ 644.434681][ C1] ? hsr_dev_xmit+0x174/0x220 [ 644.436455][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 644.438610][ C1] ? __pfx_skb_network_protocol+0x10/0x10 [ 644.441596][ C1] ? lock_acquire+0x1b1/0x560 [ 644.444127][ C1] _raw_spin_lock_bh+0x33/0x40 [ 644.446724][ C1] ? hsr_dev_xmit+0x174/0x220 [ 644.449041][ C1] hsr_dev_xmit+0x174/0x220 [ 644.451159][ C1] dev_hard_start_xmit+0x143/0x790 [ 644.453485][ C1] __dev_queue_xmit+0x7ba/0x4130 [ 644.456128][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 644.458629][ C1] ? find_held_lock+0x2d/0x110 [ 644.460926][ C1] ? nf_hook+0x4a3/0x7d0 [ 644.462825][ C1] ? __pfx_lock_release+0x10/0x10 [ 644.465562][ C1] ? br_nf_post_routing+0x59f/0x11b0 [ 644.468420][ C1] ? nf_hook+0x4a3/0x7d0 [ 644.483685][ C1] ? nf_hook_slow+0x132/0x200 [ 644.485806][ C1] br_dev_queue_push_xmit+0x272/0x870 [ 644.488233][ C1] ? __pfx_nf_hook+0x10/0x10 [ 644.490377][ C1] ? __pfx_br_forward_finish+0x10/0x10 [ 644.492627][ C1] ? __pfx_br_dev_queue_push_xmit+0x10/0x10 [ 644.495284][ C1] ? __pfx_br_forward_finish+0x10/0x10 [ 644.498016][ C1] ? rcu_is_watching+0x12/0xc0 [ 644.501399][ C1] br_forward_finish+0xf5/0x130 [ 644.503554][ C1] __br_forward+0x1e5/0x5b0 [ 644.505511][ C1] deliver_clone+0x5b/0xa0 [ 644.518828][ C1] maybe_deliver+0x31a/0x3e0 [ 644.520885][ C1] br_flood+0x17e/0x5c0 [ 644.522767][ C1] br_dev_xmit+0xf7d/0x1890 [ 644.524747][ C1] ? __pfx_br_dev_xmit+0x10/0x10 [ 644.526889][ C1] ? kasan_save_stack+0x42/0x60 [ 644.529087][ C1] ? try_to_merge_with_ksm_page+0x350/0x410 [ 644.531727][ C1] ? kasan_save_track+0x14/0x30 [ 644.533893][ C1] ? __pfx_skb_network_protocol+0x10/0x10 [ 644.552477][ C1] ? lock_acquire+0x1b1/0x560 [ 644.554495][ C1] ? validate_xmit_xfrm+0x492/0x12c0 [ 644.556796][ C1] ? __pfx_passthru_features_check+0x10/0x10 [ 644.572026][ C1] ? netif_skb_features+0x3ac/0xcc0 [ 644.574352][ C1] dev_hard_start_xmit+0x143/0x790 [ 644.576464][ C1] __dev_queue_xmit+0x7ba/0x4130 [ 644.578435][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 644.580527][ C1] ? trace_kmem_cache_alloc+0x2d/0xe0 [ 644.598704][ C1] ? __copy_skb_header+0x2e8/0x5b0 [ 644.600702][ C1] ? __skb_clone+0x570/0x760 [ 644.602479][ C1] ? skb_clone+0x1e8/0x3f0 [ 644.604179][ C1] ? hsr_create_tagged_frame+0x702/0xc30 [ 644.606320][ C1] ? hsr_addr_subst_dest+0xdb/0x730 [ 644.608673][ C1] ? hsr_drop_frame+0x1f5/0xb20 [ 644.610836][ C1] hsr_forward_skb+0xc30/0x2190 [ 644.612873][ C1] ? __pfx_hsr_drop_frame+0x10/0x10 [ 644.615131][ C1] ? __pfx_hsr_forward_skb+0x10/0x10 [ 644.617407][ C1] ? __skb_pad+0x252/0x600 [ 644.619320][ C1] send_hsr_supervision_frame+0x500/0xa60 [ 644.621770][ C1] hsr_announce+0x116/0x380 [ 644.623845][ C1] ? __pfx_hsr_announce+0x10/0x10 [ 644.626113][ C1] call_timer_fn+0x1a0/0x610 [ 644.628175][ C1] ? __pfx_hsr_announce+0x10/0x10 [ 644.630457][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 644.632739][ C1] ? __pfx_lock_release+0x10/0x10 [ 644.634979][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 644.637279][ C1] ? __pfx_hsr_announce+0x10/0x10 [ 644.639494][ C1] ? __pfx_hsr_announce+0x10/0x10 [ 644.641702][ C1] __run_timers+0x74b/0xaf0 [ 644.643578][ C1] ? __pfx___run_timers+0x10/0x10 [ 644.645515][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 644.648413][ C1] run_timer_base+0x111/0x190 [ 644.650477][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 644.652839][ C1] run_timer_softirq+0x1a/0x40 [ 644.655562][ C1] handle_softirqs+0x216/0x8f0 [ 644.658029][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 644.660413][ C1] irq_exit_rcu+0xbb/0x120 [ 644.662392][ C1] sysvec_apic_timer_interrupt+0x95/0xb0 [ 644.664845][ C1] [ 644.666138][ C1] [ 644.667769][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 644.670574][ C1] RIP: 0010:default_idle+0xf/0x20 [ 644.672648][ C1] Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d b3 59 4a 00 fb f4 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [ 644.679670][ C1] RSP: 0018:ffffc90000477e08 EFLAGS: 00000246 [ 644.682747][ C1] RAX: 00000000012cb0c5 RBX: 0000000000000001 RCX: ffffffff8adc1c39 [ 644.686218][ C1] RDX: 0000000000000000 RSI: ffffffff8b2cb9e0 RDI: ffffffff8b8fb620 [ 644.689143][ C1] RBP: ffffed1002c63910 R08: 0000000000000001 R09: ffffed1005826fdd [ 644.692547][ C1] R10: ffff88802c137eeb R11: 0000000000000000 R12: 0000000000000001 [ 644.696347][ C1] R13: ffff88801631c880 R14: ffffffff8fe29550 R15: 0000000000000000 [ 644.699951][ C1] ? ct_kernel_exit+0x139/0x190 [ 644.702356][ C1] default_idle_call+0x6d/0xb0 [ 644.704377][ C1] do_idle+0x32c/0x3f0 [ 644.706365][ C1] ? __pfx_do_idle+0x10/0x10 [ 644.708758][ C1] ? do_idle+0x2ba/0x3f0 [ 644.711389][ C1] cpu_startup_entry+0x4f/0x60 [ 644.714334][ C1] start_secondary+0x220/0x2b0 [ 644.717643][ C1] ? __pfx_start_secondary+0x10/0x10 [ 644.720862][ C1] common_startup_64+0x13e/0x148 [ 644.723941][ C1] [ 644.994376][T12991] syz_tun (unregistering): left promiscuous mode [ 645.158514][ T45] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 645.163100][ T45] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.358255][ T45] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 645.362783][ T45] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.481946][ T45] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 645.493023][ T45] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.587619][ T45] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 645.591866][ T45] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.669000][ T45] bridge_slave_1: left allmulticast mode [ 645.672197][ T45] bridge_slave_1: left promiscuous mode [ 645.675042][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 645.680997][ T45] bridge_slave_0: left allmulticast mode [ 645.683466][ T45] bridge_slave_0: left promiscuous mode [ 645.685419][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 645.855299][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 645.861078][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 645.866131][ T45] bond0 (unregistering): Released all slaves [ 645.872588][ T45] bond1 (unregistering): Released all slaves [ 645.878965][ T45] bond2 (unregistering): Released all slaves [ 645.890150][ T45] bond3 (unregistering): (slave batadv18): Releasing backup interface [ 645.897685][ T45] bond3 (unregistering): Released all slaves [ 645.909011][ T45] bond4 (unregistering): (slave batadv20): Releasing backup interface [ 645.917567][ T45] bond4 (unregistering): Released all slaves [ 645.927315][ T45] bond5 (unregistering): (slave batadv21): Releasing backup interface [ 645.932239][ T45] bond5 (unregistering): Released all slaves [ 645.941553][ T45] bond6 (unregistering): (slave batadv22): Releasing backup interface [ 645.946411][ T45] bond6 (unregistering): Released all slaves [ 645.975498][ T45] bond7 (unregistering): (slave batadv23): Releasing backup interface [ 645.983751][ T45] bond7 (unregistering): Released all slaves [ 646.006543][ T45] bond8 (unregistering): (slave batadv24): Releasing backup interface [ 646.011687][ T45] bond8 (unregistering): Released all slaves [ 646.020055][ T45] bond9 (unregistering): (slave batadv28): Releasing backup interface [ 646.028558][ T45] bond9 (unregistering): Released all slaves [ 646.042091][ T45] bond10 (unregistering): (slave batadv36): Releasing backup interface [ 646.047387][ T45] bond10 (unregistering): Released all slaves [ 646.480446][ T45] batadv_slave_1: left promiscuous mode [ 646.489508][ T45] hsr_slave_0: left promiscuous mode [ 646.492434][ T45] hsr_slave_1: left promiscuous mode [ 646.495592][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 646.498733][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 646.502210][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 646.504998][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 646.511167][ T45] veth1_macvtap: left promiscuous mode [ 646.513718][ T45] veth0_macvtap: left promiscuous mode [ 646.516205][ T45] veth1_vlan: left promiscuous mode [ 646.519658][ T45] veth0_vlan: left promiscuous mode [ 647.280797][ T45] team0 (unregistering): Port device team_slave_1 removed [ 647.341211][ T45] team0 (unregistering): Port device team_slave_0 removed [ 649.722994][ T45] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.802989][ T45] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.874694][ T45] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.934572][ T45] netdevsim netdevsim1 @ (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.024246][ T45] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.073159][ T45] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.136318][ T45] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.217318][ T45] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.305712][ T45] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.390503][ T45] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.493529][ T45] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.594051][ T45] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.676371][ T45] hsr0: left allmulticast mode [ 650.678903][ T45] hsr_slave_0: left allmulticast mode [ 650.681886][ T45] bridge0: port 3(hsr0) entered disabled state [ 650.697994][ T45] bridge_slave_1: left allmulticast mode [ 650.700546][ T45] bridge_slave_1: left promiscuous mode [ 650.703348][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.731121][ T45] bridge_slave_0: left allmulticast mode [ 650.734464][ T45] bridge_slave_0: left promiscuous mode [ 650.737266][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 650.744598][ T45] bridge_slave_1: left allmulticast mode [ 650.748374][ T45] bridge_slave_1: left promiscuous mode [ 650.751510][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.756649][ T45] bridge_slave_0: left allmulticast mode [ 650.759320][ T45] bridge_slave_0: left promiscuous mode [ 650.762500][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 650.768589][ T45] bridge_slave_1: left allmulticast mode [ 650.771089][ T45] bridge_slave_1: left promiscuous mode [ 650.773769][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.781143][ T45] bridge_slave_0: left allmulticast mode [ 650.783853][ T45] bridge_slave_0: left promiscuous mode [ 650.786426][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.384400][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 651.402453][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 651.413515][ T45] bond0 (unregistering): (slave team_slave_0): Releasing backup interface [ 651.420160][ T45] bond0 (unregistering): Released all slaves [ 651.426073][ T45] bond1 (unregistering): Released all slaves [ 651.433573][ T45] bond2 (unregistering): Released all slaves [ 651.440892][ T45] bond3 (unregistering): Released all slaves [ 651.446299][ T45] bond4 (unregistering): Released all slaves [ 651.453515][ T45] bond5 (unregistering): (slave batadv35): Releasing backup interface [ 651.458958][ T45] bond5 (unregistering): Released all slaves [ 651.466500][ T45] bond6 (unregistering): (slave batadv36): Releasing backup interface [ 651.478870][ T45] bond6 (unregistering): Released all slaves [ 651.489951][ T45] bond7 (unregistering): (slave batadv37): Releasing backup interface [ 651.507189][ T45] bond7 (unregistering): Released all slaves [ 651.523141][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 651.538770][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 651.548667][ T45] bond0 (unregistering): Released all slaves [ 651.557289][ T45] bond1 (unregistering): Released all slaves [ 651.578012][ T45] bond2 (unregistering): Released all slaves [ 651.587315][ T45] bond3 (unregistering): (slave batadv13): Releasing backup interface [ 651.594260][ T45] bond3 (unregistering): Released all slaves [ 651.606527][ T45] bond4 (unregistering): (slave batadv14): Releasing backup interface [ 651.615025][ T45] bond4 (unregistering): Released all slaves [ 651.652009][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 651.658877][ T45] bond0 (unregistering): Released all slaves [ 652.526239][ T45] team0: left promiscuous mode [ 652.528992][ T45] team_slave_1: left promiscuous mode [ 652.567929][ T45] hsr_slave_0: left promiscuous mode [ 652.571112][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 652.574349][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 652.578319][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 652.581784][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 652.592827][ T45] hsr_slave_0: left promiscuous mode [ 652.606215][ T45] hsr_slave_1: left promiscuous mode [ 652.609841][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 652.613017][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 652.616668][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 652.620368][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 652.625429][ T45] hsr_slave_0: left promiscuous mode [ 652.629463][ T45] hsr_slave_1: left promiscuous mode [ 652.632375][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 652.635478][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 652.667455][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 652.670547][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 652.680458][ T45] veth1_macvtap: left promiscuous mode [ 652.683010][ T45] veth0_macvtap: left promiscuous mode [ 652.685427][ T45] veth1_vlan: left promiscuous mode [ 652.688177][ T45] veth0_vlan: left promiscuous mode [ 652.691782][ T45] veth1_macvtap: left promiscuous mode [ 652.694286][ T45] veth0_macvtap: left promiscuous mode [ 652.697807][ T45] veth1_vlan: left promiscuous mode [ 652.700707][ T45] veth0_vlan: left promiscuous mode [ 652.707224][ T45] veth1_macvtap: left promiscuous mode [ 652.709576][ T45] veth0_macvtap: left promiscuous mode [ 652.712001][ T45] veth1_vlan: left promiscuous mode [ 652.714334][ T45] veth0_vlan: left promiscuous mode [ 653.799539][ T45] smc: removing net device batadv_slave_1 with user defined pnetid SYZ2 [ 653.873332][ T45] team0 (unregistering): Port device team_slave_1 removed VM DIAGNOSIS: 14:50:05 Registers: info registers vcpu 0 CPU#0 RAX=0000000001497bc4 RBX=0000000000000000 RCX=ffffffff8adc1c39 RDX=ffffed1005806fde RSI=ffffffff8b8fb5a0 RDI=ffffffff8167257c RBP=fffffbfff1b12af8 RSP=ffffffff8d807e20 R8 =0000000000000000 R9 =ffffed1005806fdd R10=ffff88802c037eeb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8d8957c0 R14=ffffffff8fe29550 R15=0000000000000000 RIP=ffffffff8adc302f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f738d92c CR3=00000000515de000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84f944d5 RDI=ffffffff94d59e00 RBP=ffffffff94d59dc0 RSP=ffffc90000597b90 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000038 R14=ffffffff84f94470 R15=0000000000000000 RIP=ffffffff84f944ff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000021000000 CR3=00000000515de000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=1ffff9200077ee3f RCX=ffffffff8fe2c818 RDX=dffffc0000000000 RSI=ffffffff8b8fb5a0 RDI=ffffffff8d494b50 RBP=0000000000000002 RSP=ffffc90003bf71e8 R8 =0000000000000000 R9 =fffffbfff1fc52aa R10=ffffffff8fe29557 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=ffffffff8dbb4ea0 R15=0000000000000000 RIP=ffffffff816cbef0 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f1e817c4d00 ffffffff 00c00000 GS =0000 ffff88802c200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000056223edc4000 CR3=000000002783a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=ee1d43f9ee1d43f9 ee1d43f9ee1d43f9 ee1d43f9ee1d43f9 ee1d43f9ee1d43f9 ee1d43f9ee1d43f9 ee1d43f9ee1d43f9 ee1d43f9ee1d43f9 ee1d43f9ee1d43f9 ZMM22=dd0bacdedd0bacde dd0bacdedd0bacde dd0bacdedd0bacde dd0bacdedd0bacde dd0bacdedd0bacde dd0bacdedd0bacde dd0bacdedd0bacde dd0bacdedd0bacde ZMM23=d9148f3ed9148f3e d9148f3ed9148f3e d9148f3ed9148f3e d9148f3ed9148f3e d9148f3ed9148f3e d9148f3ed9148f3e d9148f3ed9148f3e d9148f3ed9148f3e ZMM24=11c3939111c39391 11c3939111c39391 11c3939111c39391 11c3939111c39391 11c3939111c39391 11c3939111c39391 11c3939111c39391 11c3939111c39391 ZMM25=e659492ce659492c e659492ce659492c e659492ce659492c e659492ce659492c e659492ce659492c e659492ce659492c e659492ce659492c e659492ce659492c ZMM26=ef2105a5ef2105a5 ef2105a5ef2105a5 ef2105a5ef2105a5 ef2105a5ef2105a5 ef2105a5ef2105a5 ef2105a5ef2105a5 ef2105a5ef2105a5 ef2105a5ef2105a5 ZMM27=c0f1dcadc0f1dcad c0f1dcadc0f1dcad c0f1dcadc0f1dcad c0f1dcadc0f1dcad c0f1dcadc0f1dcad c0f1dcadc0f1dcad c0f1dcadc0f1dcad c0f1dcadc0f1dcad ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=2e1200002e120000 2e1200002e120000 2e1200002e120000 2e1200002e120000 2e1200002e120000 2e1200002e120000 2e1200002e120000 2e1200002e120000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff81c8d661 RDX=ffff88801a522440 RSI=0000000000000001 RDI=0000000000000004 RBP=ffff8880284e02f0 RSP=ffffc90000e373b0 R8 =0000000000000004 R9 =0000000000000001 R10=0000000000000001 R11=0000000000000000 R12=ffffea0000ac1488 R13=ffffea0000ac8488 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff818e8e9c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73ed0e8 CR3=000000000d97a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000