last executing test programs: 5.911719189s ago: executing program 1 (id=1315): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @empty}, 0x10) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4c, @local}, 0x10) 5.911064031s ago: executing program 1 (id=1316): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) syz_emit_vhci(0x0, 0x1a) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$packet(0x11, 0x2, 0x300) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04030b00c900ffffffffffffad61a63c5e65f77d03b875bd35000336c4d935a6bd3082df09552cc48c3182b82bf4eb7b3a3a27c7e08e4396a1a8fda17677d24f812884e68d1b617d55d8f6bb90052ff70a1d3dcfe91011389877b8385db8ebf4a9ce16e68d0bcad9ec53efa534ef64c819debf0b89cf61aef4249cadd0bf311cb9abbecea31958e1e833d885072bc2d92cc0fceb45867b6b7d52dc2b6bfba874215d2d43fc99195cb2dab14ca3e8415f4a13130505b827c8f37b21203ac48ad5b02b50211f23fca1e25e46cb7a8bb54bfbd72ae21b63db380b5142410a2796f360ab7373"], 0xe) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="ff0480f8e2ec0400e50cf7e22f948a7a1a637159cb5916e5a644eb700e832ea6f355b669f0aaa961c8c7903dd65a88ac60cde6ad82f39fefbbad2cb4f2ffd4f257a824313171927719ed384abc5c3970df69cf336670127073f1932a4dd8dd3a468b2801595863ae3b9ff6085da1c8922b51e49eaa1c6574ab39c878ccd4f28423fc9fd7a09c966fdbb9a1f61c699f4639e7808acf39c33f6130a823bd7238d6d4ad8adcd3bd9c9dd27601ac96d58a72df"], 0x6) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r1 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$RTC_UIE_ON(r2, 0x7003) ioctl$RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x14, 0x0, 0x4f6}) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10) socket$nl_rdma(0x10, 0x3, 0x14) connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = fcntl$dupfd(r3, 0x0, r4) r6 = syz_io_uring_setup(0x24f9, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r6, 0x6ed3, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000640)=0x4e8) write$P9_RVERSION(r5, &(0x7f0000000280)=ANY=[@ANYBLOB="13"], 0x13) 5.048828241s ago: executing program 1 (id=1327): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x19, 0x4, 0x8, 0x101}, 0x48) bpf$BPF_GET_MAP_INFO(0x10, &(0x7f0000000140)={r0, 0x5, 0x0}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000040)='./file0\x00', 0x0, 0x10}, 0x14) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r0}, &(0x7f0000000000), &(0x7f00000000c0)=r2}, 0x1c) ioctl$TIOCSLCKTRMIOS(r1, 0x5457, 0x0) 5.030665126s ago: executing program 0 (id=1328): bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000100)=@o_path={&(0x7f0000000000)='./file0\x00'}, 0x14) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00'}) socket$kcm(0x2, 0xa, 0x2) write$tun(r0, &(0x7f0000000140)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x0, 0x0, 0x0, 0x2, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @loopback}}}}, 0xfdef) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x50, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACSEC_SCI={0xc}, @IFLA_MACSEC_INC_SCI={0x5}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x50}}, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180100000000000000000000bb810000850000006d00000085000000d000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r5 = socket$inet_sctp(0x2, 0x5, 0x84) sendmmsg$inet_sctp(r5, &(0x7f0000006c40)=[{&(0x7f0000004200)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000006480)=[{&(0x7f0000004240)="91", 0x1}], 0x1}], 0x1, 0x0) r6 = openat$sr(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SG_SET_TIMEOUT(r6, 0x2201, &(0x7f00000019c0)) futimesat(r6, &(0x7f0000000940)='./file0\x00', &(0x7f0000000980)={{0x0, 0xea60}, {0x0, 0xea60}}) sendmmsg$inet_sctp(r5, &(0x7f0000004800)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000004dc0)=ANY=[@ANYBLOB="2c0000008400000001000000000000000400"/40, @ANYRES32=0x0, @ANYBLOB="14"], 0x40}], 0x1, 0x0) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r6, 0x3) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000240), r6) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$MPTCP_PM_CMD_REMOVE(r7, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, r8, 0x2, 0x70bd29, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x7f}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4044000}, 0x20000040) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r4}, 0x10) ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(0xffffffffffffffff, 0xf505, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) 4.966261519s ago: executing program 1 (id=1329): setgroups(0x700, 0x0) 4.910026196s ago: executing program 1 (id=1330): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r0, &(0x7f0000008e80)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c, 0x0}}], 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000cc0)={&(0x7f0000000c00), 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x20, 0x17, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x20}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fsopen(&(0x7f0000000080)='binder\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r2, 0x0, &(0x7f00000002c0)='mand\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) fsmount(r2, 0x0, 0x0) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount(0x0, &(0x7f0000000100)='.\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) mkdir(&(0x7f0000002880)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='sysfs\x00', 0x0, 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r4) close(r4) chdir(&(0x7f0000000000)='./file0\x00') ioctl$VHOST_GET_FEATURES(r3, 0x8008af00, &(0x7f00000002c0)) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001808ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) socketpair(0x0, 0x1, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e03010000000000640500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000070600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00'}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffe}}]}, &(0x7f0000000200)='GPL\x00'}, 0x90) r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, 0x0) 4.831274376s ago: executing program 0 (id=1332): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) r0 = gettid() prlimit64(0x0, 0x6, 0x0, 0x0) syz_io_uring_setup(0x2705, &(0x7f0000000300)={0x0, 0x8000000, 0x10100}, 0x0, &(0x7f0000001440)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000001400)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, 0x0}) io_uring_enter(0xffffffffffffffff, 0xa3d, 0x0, 0x0, 0x0, 0x0) r2 = io_uring_setup(0x624a, &(0x7f0000000280)) io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x81, &(0x7f00000002c0)) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x400443c8, 0x20000002) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x0) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000), 0x0, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) gettid() r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000001c0), 0x0) read(r4, &(0x7f0000000080)=""/152, 0x98) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000040)={0x37, @time}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r4, 0xc04c5349, &(0x7f00000003c0)) tkill(r0, 0x7) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="e8692ad57a391cff291a", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) read$FUSE(r3, &(0x7f00000021c0)={0x2020}, 0x2020) 4.768186452s ago: executing program 1 (id=1333): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000001300)) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = syz_open_dev$dri(&(0x7f0000000040), 0xeea4, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r4, 0x0}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000940)={&(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000880)=[0x0, 0x0, 0x0], &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000900)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x3, 0x7, 0x6}) ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f00000009c0)={&(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6], 0x8, r4, r5, 0x6, 0x9, 0x10, 0x2, {0x1, 0x8, 0x7, 0x6, 0x0, 0x2c2, 0x3, 0x7, 0xf307, 0x3, 0xff, 0x6, 0x3, 0x6, "15106f430bee687c9bb46c2cfe512c1724ed460b87b763c7657934a44fa083ac"}}) ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000440)={r5, 0x0, 0x0, 0x0, 0x0, [0x0], [], [], [0x0, 0x0, 0x8]}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r8 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0) read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$kcm(0xa, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) sendmmsg$nfc_llcp(0xffffffffffffffff, 0x0, 0x0, 0x0) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r9, 0x0) recvmmsg(r9, &(0x7f00000055c0), 0x400023c, 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r7}) r10 = syz_io_uring_setup(0xfb7, &(0x7f0000000780)={0x0, 0x7849, 0x0, 0x0, 0x17e}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r11, r12, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r10, 0x567, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="05000000000000000000440000000800030009200296990053c1877c737d5d4869ac1a9e677da07caf12040d5404b8275832c98dfb17d94cf07ecbfb5c41889bf339607763e82511229cefa75918eb978efae7b34b3ba808a65756647246d6fbf57ec57026b51397ea33545b3279a2", @ANYRES32=r13, @ANYBLOB="0c0023800500130000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ioctl$sock_proto_private(r0, 0x89e2, &(0x7f0000000200)="24eee3f62cbdbb3aab65114732a5e5261eb0142c1f5f") 3.320391416s ago: executing program 0 (id=1339): open(&(0x7f0000000380)='./file2\x00', 0x14507e, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r1) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0) r3 = socket$netlink(0x10, 0x3, 0x5) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_VALIDATION={0x5, 0xd, 0x3}]}}}]}, 0x3c}}, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e"], 0x22) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r4 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7}) r5 = syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r4}, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000280)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0) dup(r8) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r9, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r9, 0x6, 0x1f, &(0x7f00000001c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r9, 0x11a, 0x2, &(0x7f0000000280)=@ccm_128={{0x304}, "3a997aae6644173f", "b9c0a8cd2707555d2fd4cc373ac51cf2", "1784fe44", "d3e69d47722a0439"}, 0x28) r10 = socket$rxrpc(0x21, 0x2, 0xa) sendmmsg(r10, &(0x7f0000000900)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x20}}], 0x1, 0x0) setsockopt$RXRPC_SECURITY_KEY(r10, 0x110, 0x1, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_req={{0x17, 0x6}, {@none}}}, 0x9) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) io_uring_enter(r5, 0xa3d, 0x0, 0x0, 0x0, 0x0) 2.836408604s ago: executing program 2 (id=1343): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a300000000014000480080002400000000008000140000000000900010073797a300000000054000000060a010400000000000000000100000008000b40000000000900010073797a30000000002c000480280001800d00010073796e70726f787900000000140002800800034000004f"], 0xdc}}, 0x0) pipe2(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x1, 0x80001, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000005c0)={'gretap0\x00', &(0x7f0000000500)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @private}}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @dev}}) 2.597323362s ago: executing program 0 (id=1344): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0x40, 0x3a, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="9dfa5f8a"]}, @typed={0xc, 0x3, 0x0, 0x0, @u64}, @typed={0x14, 0x5, 0x0, 0x0, @ipv6=@private1}]}, 0x40}}, 0x0) (fail_nth: 11) 2.596707663s ago: executing program 2 (id=1345): r0 = socket$packet(0x11, 0x3, 0x300) (async) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0x1, 0x4) socket$nl_route(0x10, 0x3, 0x0) (async) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async, rerun: 32) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4004af61, 0x0) (async, rerun: 32) syz_open_procfs(0x0, 0x0) (async) sendto$inet6(0xffffffffffffffff, 0x0, 0x10, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0xac141400}}, 0x1c) (async) socket$inet6(0xa, 0x0, 0x0) syz_80211_inject_frame(&(0x7f0000000000), &(0x7f00000017c0)=ANY=[@ANYBLOB="88170100ffffffffffff080211000001ffffffffffff000008021109005b6701"], 0x20) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 64) openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 64) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) (async, rerun: 64) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') (rerun: 64) chdir(&(0x7f0000000140)='./file1\x00') (async) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) getegid() (rerun: 32) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) (async, rerun: 64) sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40040}, 0xc, 0x0}, 0x0) (rerun: 64) r2 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000480)=ANY=[@ANYBLOB="1201000000000020961b0a000000000000010902000000092100000001220500090581030000000000090502030000000000000000000000000000000000002bd6762012cdca84738dd3ccac9bb60d67dd04138a6c6b377afe7530dae091488f9011d9f865a2f5b9929a2bd455f59353eb4706eeac4d5faf858afbb8fb170451e8b4d0652bfb981a6701dbad11884898bb7f381e81155a8655933a150c6d8c245b874c879336a576acadabf8f907a7bc6d044204967088f6108e615316ca97d4830a77f8319868df4770f69c223d4ea02a211469b9c4113f09916a70c9d44486578e0b"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) (async) syz_usb_control_io(r2, &(0x7f0000000d40)={0x2c, &(0x7f0000000780)=ANY=[@ANYBLOB="00000700000007007673ed26b029a925ac675bd612d8ab87f051a10ee74893f24ccd9ce3e96e268eef4b13"], 0x0, 0x0, 0x0, 0x0}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) syz_open_dev$hidraw(&(0x7f0000000280), 0x0, 0x4a141) 2.368364563s ago: executing program 2 (id=1346): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000280)="812ce18bc5dea5d6406f0aaede6d1620a26bb3da6a9686338f2fa31497a2a2e4890616df9233cd3855", 0x29}, {&(0x7f0000000300)="ed8cec3d29707c8812789b552d35b0c29aa0db8065d44fe046efdc42071747e62c0a03a09e7e049cb07f3e03e47eed87dc8ea6531d6cfdbce6d36b46974192d608b1cf6c61c96e7094a29e162f05b2f72e7c3f9d0fed3cac66d8f7fee614e651233688e1cf81ed9a28bf494d2add4b322f890c47ab4532d5866a050e4ec69ed6e548d1945562593389d15d9b6f363da3f1", 0x91}, {&(0x7f0000002940)="7608ec9747122c2fba43034828602bb150a3f4ae8e6e3debf6a3966fd6d44226214c4bc25664393bf2532666906fc797f46110f96518f6b0d96b103d26c7165731f723a3d4dcb7c3e68f7e523a51b3b4ca3e2b7fae882ad67bab3f0319e2bc1dc8a578a75d31e9952ad9476f68e692e44ab72f0e8e78856fe48151f41aa7b9221fb62ad43425eee4bf571afea53077cf469c3e1b540e9309d16bb97caebe1bd155dc00733529beccd6a2d1251fe1c858de86e49904095bec63b4cb3c696094c1b83f3fc3b9cfea231d2265c61b6ce879f2a0309d3e837c5892db01638585f1451eaf086717a55c56eb66607a67d372f27a4806ef8b0a6ff90539e978f3153a7ab24a11338bbfeb28d6faa27bc2676bce0feccfb693113b266f841e8134de402c39f2b8d197d33ba8f1496a426c802fbb8856158bc6dd0aa64a7922a8ae69b3e81de5b00b5aa2f9d20f5e89765c9f7e5b0c84b90d839556fc88f35f16d27560ac804be510951d0f01da5400421f071738c491424d03af26a3c28e2a7ccb4ec353327302ab261d666f65a0072a239d9eda00b93d9987ad5a30f7d5fe617a0b59f9fc282804faf9e5d378dc1a97e9c5debd3d09b66b0abb5d4dfb7ab669c8c2c6525ef56677cdd241b1b3e24574c8569ebd3134c8523c54241859cde5ff66f7ed4d4d4281778c1ac58470dac22e6e88258fc3234bb8e655a841d4d9ee3c090d278f5e7704ecc3f751073b9810f129c2829b4320baa6d529d61a2d89f2d1f802047bbc4c98368f8a10213b55d642b8bcc00fae278ce091e02066853d7c9acb79c8db00ba2c9cf6cceb586de95007f080fe084b77183adcb73e68094d017bf268b0f463f91c0020afc410408c3b8777fd26b15074fa737ed20806a571c3d616622d3885105499b23ceb19f7e8f5baec92e5b8b4436c68c41ccd40da76de2ef239f5d0d2235d12763e7041bf752739b32dc0243827a7d78c25d0607eb7df3479a6e2a663b6b0139df450872743e91f4f5aa7100a8e04f4ef5242263204d6601c8178be735b09fc772a38e46f73cb8b2fddc733ea8c5dd5861f2397f0295771ec895a7a6bc49780e1a4227fe3a6fe0d1ed2650516431109f51fe3b4bb06d47952be833adb83e47375c04df33d924f0d3de07bf61cede9d6b90ce3a3fd3db85bc7a902debeb68ea485ed370ccde6b7e46e3d6c422306aab8a665c5f1915661441d2bfab0525caaa3f9c8df1463abc8c4e25e36bfe033b0af125bd633945f0d6f65b72960a308469146ba7af95010b32f57451db58f9b9b1a76bce335921991a323a07a039d654ec70abdefdd9e64ec3acd709502558c31e0a7cc3af8351e8cf9ae14da40701d383cf49c27aab47ffafe3b91dfa738a603b3c2c398131651c0b46d13aed9830c392a1156c1a7c73a2ffafdbb5c7977b1f590a9d25b30b96ed5459689d6c35b139058cf6bf39c730ac14136cb469784212fa13c3ff11ef9990fc6d0e424c4fb7cbadedc37d09696017b9ccff17cb56fa3d520c89ad8a6c02291b5052a2ec8399d6476f17f90537dc06b27e4ec38c6010a6e74f92e2f0ce6bb23c1f195cccbba28f36daff76d0189a2488b069fc73ed10c0380cdcfe30d9d557dc0c7e6d9f20b79693f3a237d12896ba1c52c26c7d7872fe9d77267210036ccab7ea920211d70bb3891e66214501fe320822321a9c57bb6a02b7f4926f92aa0e0dfa37e65f8fb718d51906bdc7b8470a604f6d4c52bb56a91b70efca3cd1b7856106168ca65b78c3fb5f0aedc8ffc0b0bad4753cb631df075fd47df979c1da5682133f28c2f9cd5c46bcf19141aa5e1a7887357ae0eea03ea1c7d9fcc7253523e3be71972aa4e3434cd968cc71862e2b95f2177f42e53ff71aa311e5e039b6d61971e48aff01179a04d4b007e481a8badc193cc5e19559673ea951516807dd43157b03e67a38b988b50191cae12b3e4c94193579be20fcc31e98c92ac28075d1b9b4a8adaa2c1b58078401ac2209fed63baa142ddf5e0f54f234b1dc77a4f41c6696e2f04858d16d36fc5aa74eee6eeb119bb156344241a73def7ac53a6a780273eae1ed1fb22255999f35e5e89a5f364c23dda3d462cac21a0ac679f71da92e00cbc20356834fcfcd87189f6f3ddcea7ad567e1e590052a7b572d3e46fa88eaf2e4dc15769c96cb880bb37bd35010ae03692c9f4e1bbceb66b380a12493932da559c4e971e2c233fdfb9a44a81f14e5179ccc7c0aa5052e8f7902ea0de6923972672cf51783b8d298301f2c5253dca675e537ac127a2060a491fa63137b6efd1444b698fba2ce5ef425689b1898a3e156823f7d6ecc5ba3ac78f0a3ba7abc2ab9926b81c965fcaab0d215d28422a83f9eb8cc63f494596d6481318c0824331a268e5d00b1692446b41a3db71443aba69aa56a7f5068ffb8bcd9ef4b65aa90ab0a2af88e11d6d188823d664aedc49f00b2edd755ca20825a62669d66cfbdf22b32ba916cc49bf95eb5bc32a7928dc7b570d3283f7bc981dd36f3f93892cc0894d51ce779c8e1538e48e1787240353c910d350f687d21f699737c9e130e8d5e1e983b4f7c2f053481f46d7148597badf36d12a62794d89bdda4edc5c7165f9475eb2e2962c77378f08d8a56cbd9ce974d0de7a3d336e69b08a7062988ee3caa6ec9b51dfaa5efd6672d96333c1d7185e78459bf9787abd17026de222fc05dcc979fd8195a12420fa87d05356239d8a6521cc101be66f95d074dc2c", 0x795}], 0x3}, 0x44800) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000180)=[{&(0x7f00000039c0)=""/102386, 0x18ff2}], 0x1, 0x2, 0x0) getpgrp(0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000c40)="c10e020022003505d25a806f8c6394f90435fc60040011000a740100053582c137153e3702", 0x25}], 0x1}, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xfffffdf2, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90324fc60350005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0) 2.368147441s ago: executing program 0 (id=1347): r0 = socket$inet6(0xa, 0x80002, 0x88) r1 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "7774002a390bf16450d6ed530e39c16d4db1e7038e2129d908a11f1f1be9de5241d10e8e2ee81c3933f99f1c6bc277c18510892f0a53cbd29f05037a4dc95b41"}, 0x48, 0xffffffffffffffff) keyctl$revoke(0x5, r1) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x476}) ioctl$UFFDIO_CONTINUE(r2, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000ff9000/0x4000)=nil, 0xb00}}) add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000300)={'fscrypt:', @desc1}, &(0x7f0000000500)={0x0, "b7c913bb682eaddb954b9baa9e3beb3f62952860388464c531987523195928cd2bb67fb432881f0131abc85d7e683ac8222e8038d1cec8de23ca68d11b0e6b1e", 0x15}, 0x48, 0xffffffffffffffff) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f00000000c0), 0x4) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000180)={0x8607}, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="180000001600010a0000000000e5ffff09000000f40d000020010000000000000000000000000002"], 0x28}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) capset(&(0x7f0000001200)={0x19980330}, &(0x7f0000001240)) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000000000000000000000000104004e20004db0"], 0x0) 2.31994089s ago: executing program 0 (id=1348): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="fb002dc9"], 0x64}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendto$packet(0xffffffffffffffff, &(0x7f0000000080)="e7feeeb53d72", 0x6, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r3, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r2, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0xa) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@bridge_delneigh={0x30, 0x1d, 0xc07, 0x0, 0x0, {0x7, 0x0, 0x0, r1}, [@NDA_LLADDR={0xa, 0x2, @multicast}, @NDA_VLAN={0x6, 0x5, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x400c0}, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1674, 0x9}}, './file0\x00'}) sendto$packet(r6, &(0x7f0000000300)="d05bb1ce51a119843cf124d9a5269ece153c4275562d943a813b13d6675660e5d6ca54f0a8a4359a6d3d8458af28a91cbc8a8f90a84108e9ba587ad769b2b0e9e7619346efe76efc3bd737fdee72c3d8c59094f80ae6daf2ac61604f34efd6dee0a585b2d3152867747971b4bc23c3266fd75cbbe3285c5df7dcbe1ec2d1e759d3e59758cb32513ed47206feb097cbb6300645ec97d310b0d1fba762ab", 0x9d, 0x20000042, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000000)={0x8, r5, 0x80000}) r7 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}]}}]}, 0xa4}}, 0x0) socket(0x11, 0x800000003, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r10 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r10, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r11 = syz_open_dev$vim2m(&(0x7f0000000440), 0x8000, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r11, 0xc0405602, &(0x7f0000000000)={0x2, 0x2, 0x0, "8baadc68379dd10000419d09000000000000000000161c00"}) socket$kcm(0x2, 0x0, 0x84) fsopen(0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) syz_io_uring_submit(0x0, 0x0, 0x0) 1.679832019s ago: executing program 3 (id=1352): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0xd00, &(0x7f0000000180)={&(0x7f00000006c0)={0x40, 0x3a, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="9dfa5f8a"]}, @typed={0xc, 0x3, 0x0, 0x0, @u64}, @typed={0x14, 0x5, 0x0, 0x0, @ipv6=@private1}]}, 0x40}}, 0x0) 1.578086766s ago: executing program 3 (id=1353): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000070000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r0}, 0x10) socket$packet(0x11, 0x3, 0x300) (fail_nth: 11) 1.577608625s ago: executing program 2 (id=1354): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x68, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB="700224001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000010011a80100026800600058008000000000000003800038030000180050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006040078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e497133cc2d839f940d9f088d80500060000000000130002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018000180140004004d2906d0880fc8acc30fe2020f9849675000018014000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af080001000000000008000100000000006000018005000600000000000500060000000000080001000000000005000600000000000c00020073797a746e6c30000800010000000000130002006272696467655f736c6176655f30000014000500e078d277f38ed3a40a448f3f6b3c90417c000c"], 0x270}}, 0x0) 1.577288953s ago: executing program 2 (id=1355): r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) (async) r1 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0xffffff95}) (async) mkdir(&(0x7f0000000140)='./control\x00', 0x0) (async) close(r0) (async) inotify_init1(0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) socket$packet(0x11, 0x2, 0x300) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) (async) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000e318110207", @ANYRES32, @ANYBLOB="0000000000000000b7080000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={0xffffffffffffffff, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r2 = epoll_create1(0x0) (async) modify_ldt$read(0x300, 0x0, 0x0) (async) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000000c0)={0x60002015}) (async) getpgrp(0x0) (async) read$char_usb(r3, &(0x7f0000001980)=""/179, 0xb3) (async) write$P9_RREADLINK(r3, &(0x7f0000000080)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000000)) (async) socket$nl_netfilter(0x10, 0x3, 0xc) 1.413729442s ago: executing program 3 (id=1356): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_NEXT_CMD_LEN(r3, 0x2283, &(0x7f0000000380)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f0000000040)=0x21c) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9232f328db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f0000000080)="c67f0d7d14", 0x5}], 0x2) 1.190044268s ago: executing program 3 (id=1357): open(&(0x7f0000000380)='./file2\x00', 0x14507e, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r1) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0) r3 = socket$netlink(0x10, 0x3, 0x5) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_VALIDATION={0x5, 0xd, 0x3}]}}}]}, 0x3c}}, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e"], 0x22) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r4 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7}) r5 = syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r4}, &(0x7f0000000200), &(0x7f0000000140)) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0) dup(r6) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000001c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f0000000140)=@ccm_128={{0x303}, "b82beb2ef307f290", "ffff1a6ceccd0ee6830000008000", '\x00', "93d64437ddb41edb"}, 0x28) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x2, &(0x7f0000000280)=@ccm_128={{0x304}, "3a997aae6644173f", "b9c0a8cd2707555d2fd4cc373ac51cf2", "1784fe44", "d3e69d47722a0439"}, 0x28) ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000240)=0x10000) r8 = socket$rxrpc(0x21, 0x2, 0xa) sendmmsg(r8, &(0x7f0000000900)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x20}}], 0x1, 0x0) setsockopt$RXRPC_SECURITY_KEY(r8, 0x110, 0x1, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_req={{0x17, 0x6}, {@none}}}, 0x9) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) io_uring_enter(r5, 0xa3d, 0x0, 0x0, 0x0, 0x0) 1.078223417s ago: executing program 2 (id=1358): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0x0, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000080000000300000008000200000002000800040000000000080008000200000001d224c5ef047aac2e849f62f1f4e61c7eb88034b7db"], 0x2c}}, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map, 0xffffffffffffffff, 0x26}, 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@map, 0xffffffffffffffff, 0x26}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001ac0)={0xc, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="183500000200000002000000000000000792400005000000"], &(0x7f0000000600)='GPL\x00', 0x84b, 0xfe, &(0x7f0000001980)=""/240, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x7, 0xffffffff}, 0x35, 0x10, &(0x7f0000001680)={0x0, 0x10, 0x0, 0x7}, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001400)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x90) r4 = open(&(0x7f0000000180)='./bus\x00', 0x143042, 0x0) ftruncate(r4, 0x2007ffb) openat$null(0xffffffffffffff9c, &(0x7f0000000400), 0x20000, 0x0) r5 = open(&(0x7f0000000100)='./bus\x00', 0x1eb142, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800006, 0x11, r5, 0x80000) openat$full(0xffffffffffffff9c, &(0x7f0000000440), 0x200002, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000480)={[0x3ff]}, 0x8) syz_open_dev$vcsn(&(0x7f00000004c0), 0x2a, 0x200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$int_in(r6, 0x5452, &(0x7f0000000300)=0x208) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) setsockopt$sock_int(r6, 0x1, 0x7, &(0x7f0000000180), 0x4) sendto$inet6(r6, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) recvfrom$inet6(r6, &(0x7f0000001300)=""/29, 0x1d, 0x10020, &(0x7f0000001340)={0xa, 0x4e20, 0x0, @empty, 0x3}, 0x1c) poll(&(0x7f0000000040)=[{r6}], 0x1, 0x800) sendto$inet6(r6, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090011006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) shutdown(r6, 0x1) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001700)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) ioctl$BTRFS_IOC_GET_DEV_STATS(r6, 0xc4089434, &(0x7f0000000640)={r7, 0x9, 0x0, [0x10001, 0x0, 0x0, 0x400], [0x0, 0x0, 0x80000001, 0x0, 0x100000000, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9, 0x7, 0x10000000000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x3, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x100000001, 0x3, 0x0, 0x0, 0x400, 0x0, 0x0, 0x5e, 0xaad, 0xfffffffffffffffd, 0x0, 0x0, 0xe2, 0x4, 0x0, 0x0, 0x8, 0x5, 0x0, 0x0, 0x9c, 0x0, 0x14, 0x5, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x400, 0x0, 0xfa48, 0xfffffffffffffffa, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x10000, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xb062, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x8, 0x3, 0x0, 0x0, 0x5, 0x0, 0x800, 0x4, 0xfffffffffffffffd, 0x6, 0x9]}) 638.529701ms ago: executing program 3 (id=1360): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$sr(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0xffffffffffffffff, 0x0) r1 = dup(r0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x14) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000280)={'veth0_vlan\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r9, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000740)={0x30, 0x3, 0x1, 0x201, 0x0, 0x0, {0xa}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x220}]}, @CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}]}, 0x30}}, 0x0) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=@newlink={0x74, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r7, 0x22a0b}}, 0x74}}, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000000)={0x3000, 0x110000}) sendmsg$NL80211_CMD_DEL_PMKSA(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000600)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000005e97f4cc0008000300", @ANYRES32=r4, @ANYBLOB="08001f011f0000000600fd00000000000a0034"], 0x38}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r10 = openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x159000, 0x0) close_range(r10, 0xffffffffffffffff, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) r12 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r12, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r11, 0xc06864a1, &(0x7f00000002c0)={0x0, 0x0, r13, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r11, 0xc06864ce, &(0x7f0000000240)={r14, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r10, 0xc00c642d, &(0x7f0000000100)={r15}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r11, 0xc02064b2, &(0x7f00000000c0)={0x7f, 0x8004, 0x1}) syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) 0s ago: executing program 3 (id=1361): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = syz_open_procfs(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x100800001) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04080400"], 0x51) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='scalable\x00', 0x9) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(r4, &(0x7f0000000200), 0x4) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90012000e00050014010a00c4e05ef81b9f5dce0e4d00000700ffff00000700"], 0x17) syz_emit_vhci(&(0x7f0000000280)=ANY=[], 0x1ac) syz_emit_vhci(0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x4, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f0000001400)=[{{0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000000300)=""/84, 0x54}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/39, 0x27}], 0x3}, 0x8}], 0x1, 0x22, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r6, 0x4004ae99, &(0x7f0000000040)=0x4) socket$unix(0x1, 0x5, 0x0) kernel console output (not intermixed with test programs): 0c0 [ 203.741626][ T8206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 203.744424][ T8206] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 203.747880][ T8206] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 203.751056][ T8206] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 203.754087][ T8206] [ 204.073744][ T8213] netlink: 16 bytes leftover after parsing attributes in process `syz.2.780'. [ 204.125157][ T10] usb 8-1: new high-speed USB device number 39 using dummy_hcd [ 204.215377][ T5201] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 204.322880][ T10] usb 8-1: config 0 has no interfaces? [ 204.325775][ T10] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 204.329601][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.335273][ T30] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 204.335423][ T10] usb 8-1: config 0 descriptor?? [ 204.355397][ T8221] netlink: 191416 bytes leftover after parsing attributes in process `syz.2.782'. [ 204.423835][ T8223] netlink: 16 bytes leftover after parsing attributes in process `syz.2.783'. [ 204.526131][ T30] usb 6-1: config 0 has no interfaces? [ 204.528863][ T30] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 204.532858][ T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.542344][ T30] usb 6-1: config 0 descriptor?? [ 204.618822][ T10] usb 8-1: USB disconnect, device number 39 [ 204.782422][ T8231] netlink: 73008 bytes leftover after parsing attributes in process `syz.2.785'. [ 204.867282][ T25] usb 6-1: USB disconnect, device number 32 [ 205.126647][ T5201] Bluetooth: hci3: unexpected event 0x07 length: 8 < 255 [ 205.135766][ T5201] Bluetooth: hci3: SCO packet for unknown connection handle 1039 [ 205.940262][ T5201] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 205.945767][ T5201] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 205.968701][ T5201] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 205.995624][ T8273] net_ratelimit: 1159 callbacks suppressed [ 205.995635][ T8273] netlink: zone id is out of range [ 206.003114][ T8273] netlink: zone id is out of range [ 206.008007][ T8273] netlink: zone id is out of range [ 206.013286][ T8273] netlink: zone id is out of range [ 206.016619][ T8273] netlink: zone id is out of range [ 206.023431][ T8273] netlink: zone id is out of range [ 206.031346][ T8273] netlink: zone id is out of range [ 206.033647][ T8273] netlink: zone id is out of range [ 206.038016][ T8273] netlink: zone id is out of range [ 206.043757][ T8273] netlink: zone id is out of range [ 206.505484][ T5201] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 206.508590][ T5201] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 206.508639][ T5201] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 206.535241][ T10] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 206.745061][ T10] usb 6-1: config 0 has no interfaces? [ 206.755075][ T10] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 206.758932][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.764307][ T10] usb 6-1: config 0 descriptor?? [ 207.109605][ T30] usb 6-1: USB disconnect, device number 33 [ 207.144276][ T5201] Bluetooth: hci3: unexpected event 0x08 length: 78 > 4 [ 207.178104][ T5201] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 207.419548][ T8327] __nla_validate_parse: 10 callbacks suppressed [ 207.419560][ T8327] netlink: 153916 bytes leftover after parsing attributes in process `syz.0.813'. [ 207.763834][ T8336] netlink: 16 bytes leftover after parsing attributes in process `syz.0.816'. [ 207.869396][ T5201] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 207.872561][ T5201] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 207.874420][ T5201] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 208.116799][ T8356] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.821'. [ 208.222844][ T8360] Bluetooth: MGMT ver 1.22 [ 208.277029][ T8362] FAULT_INJECTION: forcing a failure. [ 208.277029][ T8362] name failslab, interval 1, probability 0, space 0, times 1 [ 208.281967][ T8362] CPU: 2 PID: 8362 Comm: syz.3.825 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 208.285707][ T8362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 208.290271][ T8362] Call Trace: [ 208.291684][ T8362] [ 208.292931][ T8362] dump_stack_lvl+0x16c/0x1f0 [ 208.294975][ T8362] should_fail_ex+0x497/0x5b0 [ 208.296999][ T8362] should_failslab+0x9/0x20 [ 208.298895][ T8362] kmem_cache_alloc_node_noprof+0x71/0x310 [ 208.301492][ T8362] ? __alloc_skb+0x2b3/0x380 [ 208.303190][ T8362] __alloc_skb+0x2b3/0x380 [ 208.305038][ T8362] ? __pfx___alloc_skb+0x10/0x10 [ 208.307236][ T8362] ? hlock_class+0x4e/0x130 [ 208.309170][ T8362] ? __lock_acquire+0xc10/0x3b30 [ 208.311302][ T8362] ? aa_label_sk_perm+0x165/0x560 [ 208.313451][ T8362] alloc_skb_with_frags+0xe4/0x710 [ 208.315608][ T8362] ? __pfx___lock_acquire+0x10/0x10 [ 208.317796][ T8362] sock_alloc_send_pskb+0x7f1/0x980 [ 208.319947][ T8362] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 208.322309][ T8362] ? __pfx_lock_release+0x10/0x10 [ 208.324184][ T8362] ? __pfx___might_resched+0x10/0x10 [ 208.326175][ T8362] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 208.328730][ T8362] hci_sock_sendmsg+0x1c8/0x25e0 [ 208.330887][ T8362] ? __pfx_aa_sk_perm+0x10/0x10 [ 208.333203][ T8362] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 208.335549][ T8362] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 208.337758][ T8362] sock_write_iter+0x50a/0x5c0 [ 208.339582][ T8362] ? __pfx_sock_write_iter+0x10/0x10 [ 208.341391][ T8362] ? bpf_lsm_file_permission+0x9/0x10 [ 208.343268][ T8362] ? security_file_permission+0x98/0xc0 [ 208.345197][ T8362] vfs_write+0x6b6/0x1140 [ 208.346627][ T8362] ? __pfx_sock_write_iter+0x10/0x10 [ 208.348525][ T8362] ? __pfx_vfs_write+0x10/0x10 [ 208.350660][ T8362] ? __fget_files+0x256/0x400 [ 208.352754][ T8362] ? __fget_light+0x173/0x210 [ 208.354815][ T8362] ksys_write+0x1f8/0x260 [ 208.356508][ T8362] ? __pfx_ksys_write+0x10/0x10 [ 208.358585][ T8362] __do_fast_syscall_32+0x73/0x120 [ 208.360866][ T8362] do_fast_syscall_32+0x32/0x80 [ 208.363041][ T8362] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 208.365813][ T8362] RIP: 0023:0xf7445579 [ 208.367607][ T8362] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 208.375989][ T8362] RSP: 002b:00000000f5d5d57c EFLAGS: 00000292 ORIG_RAX: 0000000000000004 [ 208.379759][ T8362] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000200 [ 208.383237][ T8362] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000 [ 208.386711][ T8362] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 208.390233][ T8362] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 208.393588][ T8362] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 208.396550][ T8362] [ 208.545286][ T25] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 208.649388][ T8371] FAULT_INJECTION: forcing a failure. [ 208.649388][ T8371] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 208.655321][ T8371] CPU: 2 PID: 8371 Comm: syz.2.829 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 208.659788][ T8371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 208.664493][ T8371] Call Trace: [ 208.665996][ T8371] [ 208.667459][ T8371] dump_stack_lvl+0x16c/0x1f0 [ 208.669430][ T8371] should_fail_ex+0x497/0x5b0 [ 208.671073][ T8371] _copy_from_user+0x30/0xf0 [ 208.672948][ T8371] get_compat_msghdr+0xa8/0x170 [ 208.673737][ T5206] Bluetooth: hci4: unexpected event 0x07 length: 8 < 255 [ 208.675019][ T8371] ? __pfx_get_compat_msghdr+0x10/0x10 [ 208.675053][ T8371] ? __pfx___lock_acquire+0x10/0x10 [ 208.675076][ T8371] ___sys_sendmsg+0x1b0/0x1e0 [ 208.678001][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 208.680132][ T8371] ? __pfx____sys_sendmsg+0x10/0x10 [ 208.689991][ T8371] ? ksys_write+0x21c/0x260 [ 208.691794][ T8371] ? __fget_light+0x173/0x210 [ 208.693890][ T8371] __sys_sendmsg+0x117/0x1f0 [ 208.695925][ T8371] ? __pfx___sys_sendmsg+0x10/0x10 [ 208.698227][ T8371] __do_fast_syscall_32+0x73/0x120 [ 208.700516][ T8371] do_fast_syscall_32+0x32/0x80 [ 208.702669][ T8371] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 208.705179][ T8371] RIP: 0023:0xf745f579 [ 208.706577][ T8371] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 208.714036][ T8371] RSP: 002b:00000000f5d7757c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 208.717408][ T8371] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000080 [ 208.720462][ T8371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 208.723422][ T8371] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 208.726321][ T8371] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 208.729598][ T8371] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 208.732858][ T8371] [ 208.776831][ T25] usb 5-1: config 0 has no interfaces? [ 208.779193][ T25] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 208.783044][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.793300][ T25] usb 5-1: config 0 descriptor?? [ 208.807587][ T8374] netlink: 16 bytes leftover after parsing attributes in process `syz.2.830'. [ 208.812475][ T5206] Bluetooth: hci3: unexpected event for opcode 0x040d [ 208.948302][ T8377] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.831'. [ 209.070914][ T8387] netlink: 4 bytes leftover after parsing attributes in process `syz.3.834'. [ 209.079705][ T8385] delete_channel: no stack [ 209.259208][ T5206] Bluetooth: hci2: unexpected event 0x08 length: 78 > 4 [ 209.263968][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 209.755863][ T5206] Bluetooth: hci3: unexpected event 0x08 length: 78 > 4 [ 209.817729][ T5206] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 209.850787][ T5206] Bluetooth: hci4: unexpected event 0x07 length: 8 < 255 [ 209.853528][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 210.065810][ T8407] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.840'. [ 210.164783][ T8411] delete_channel: no stack [ 210.295211][ T5201] Bluetooth: hci3: Opcode 0x1407 failed: -110 [ 210.549627][ T8418] FAULT_INJECTION: forcing a failure. [ 210.549627][ T8418] name failslab, interval 1, probability 0, space 0, times 0 [ 210.555121][ T8418] CPU: 0 PID: 8418 Comm: syz.3.843 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 210.558652][ T8418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 210.562703][ T8418] Call Trace: [ 210.563964][ T8418] [ 210.565200][ T8418] dump_stack_lvl+0x16c/0x1f0 [ 210.567109][ T8418] should_fail_ex+0x497/0x5b0 [ 210.569021][ T8418] should_failslab+0x9/0x20 [ 210.570859][ T8418] kmem_cache_alloc_lru_noprof+0x72/0x2f0 [ 210.573165][ T8418] ? sock_alloc_inode+0x25/0x1c0 [ 210.575220][ T8418] ? __pfx_sock_alloc_inode+0x10/0x10 [ 210.577039][ T8418] sock_alloc_inode+0x25/0x1c0 [ 210.578951][ T8418] alloc_inode+0x5d/0x230 [ 210.580802][ T8418] new_inode_pseudo+0x16/0x80 [ 210.582656][ T8418] sock_alloc+0x40/0x280 [ 210.584422][ T8418] __sock_create+0xc0/0x800 [ 210.586379][ T8418] __sys_socket+0x14f/0x260 [ 210.588315][ T8418] ? __pfx___sys_socket+0x10/0x10 [ 210.590124][ T8418] ? ksys_write+0x1ab/0x260 [ 210.591732][ T8418] ? __pfx_ksys_write+0x10/0x10 [ 210.593454][ T8418] __ia32_sys_socket+0x72/0xb0 [ 210.595256][ T8418] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 210.597504][ T8418] __do_fast_syscall_32+0x73/0x120 [ 210.599631][ T8418] do_fast_syscall_32+0x32/0x80 [ 210.601519][ T8418] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 210.603901][ T8418] RIP: 0023:0xf7445579 [ 210.605437][ T8418] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 210.613388][ T8418] RSP: 002b:00000000f5d5d57c EFLAGS: 00000292 ORIG_RAX: 0000000000000167 [ 210.616879][ T8418] RAX: ffffffffffffffda RBX: 0000000000000022 RCX: 0000000000000002 [ 210.620131][ T8418] RDX: 0000000000000011 RSI: 0000000000000000 RDI: 0000000000000000 [ 210.623620][ T8418] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 210.626965][ T8418] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 210.630349][ T8418] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 210.633718][ T8418] [ 210.754315][ T8420] netlink: 16 bytes leftover after parsing attributes in process `syz.3.844'. [ 210.762081][ T5201] Bluetooth: hci2: unexpected event for opcode 0x040d [ 211.207838][ T35] usb 5-1: USB disconnect, device number 30 [ 211.579347][ T8434] virtio-fs: tag <(null)> not found [ 211.580033][ T8435] virtio-fs: tag <(null)> not found [ 211.590565][ T8434] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 211.593467][ T8434] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 211.599063][ T8434] vhci_hcd vhci_hcd.0: Device attached [ 211.621362][ T8436] vhci_hcd: connection closed [ 211.621495][ T5201] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 211.626294][ T45] vhci_hcd: stop threads [ 211.629057][ T45] vhci_hcd: release socket [ 211.631136][ T45] vhci_hcd: disconnect device [ 211.702812][ T5201] Bluetooth: hci3: unexpected event 0x07 length: 8 < 255 [ 211.715081][ T5201] Bluetooth: hci3: SCO packet for unknown connection handle 201 [ 211.715131][ T5201] Bluetooth: hci3: SCO packet for unknown connection handle 1039 [ 211.978667][ T5201] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 211.984152][ T5201] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 211.984182][ T5201] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 212.107753][ T8452] netlink: 16 bytes leftover after parsing attributes in process `syz.0.854'. [ 212.435088][ T5243] usb 8-1: new high-speed USB device number 40 using dummy_hcd [ 212.636754][ T5243] usb 8-1: config 0 has no interfaces? [ 212.639390][ T5243] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 212.643503][ T5243] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.654210][ T5243] usb 8-1: config 0 descriptor?? [ 213.304883][ T8475] netlink: 9412 bytes leftover after parsing attributes in process `syz.1.860'. [ 213.598092][ T5201] Bluetooth: hci4: unexpected event 0x07 length: 8 < 255 [ 213.601442][ T5201] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 213.665131][ T5201] Bluetooth: hci2: command 0x206a tx timeout [ 213.758626][ T5201] Bluetooth: hci3: unexpected event 0x07 length: 8 < 255 [ 213.761762][ T5201] Bluetooth: hci3: SCO packet for unknown connection handle 201 [ 213.761834][ T5201] Bluetooth: hci3: SCO packet for unknown connection handle 1039 [ 213.814266][ T8484] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.863'. [ 213.822506][ T8484] net_ratelimit: 1009 callbacks suppressed [ 213.822518][ T8484] netlink: zone id is out of range [ 213.827409][ T8484] netlink: zone id is out of range [ 213.829486][ T8484] netlink: zone id is out of range [ 213.831795][ T8484] netlink: zone id is out of range [ 213.833865][ T8484] netlink: zone id is out of range [ 213.836429][ T8484] netlink: zone id is out of range [ 213.838670][ T8484] netlink: zone id is out of range [ 213.840987][ T8484] netlink: zone id is out of range [ 213.843171][ T8484] netlink: zone id is out of range [ 213.845566][ T8484] netlink: zone id is out of range [ 213.927503][ T8491] FAULT_INJECTION: forcing a failure. [ 213.927503][ T8491] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 213.932670][ T8491] CPU: 1 PID: 8491 Comm: syz.1.866 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 213.934398][ T8492] syz.2.865 uses obsolete (PF_INET,SOCK_PACKET) [ 213.936403][ T8491] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 213.936433][ T8491] Call Trace: [ 213.936439][ T8491] [ 213.936445][ T8491] dump_stack_lvl+0x16c/0x1f0 [ 213.936466][ T8491] should_fail_ex+0x497/0x5b0 [ 213.936489][ T8491] _copy_to_user+0x30/0xc0 [ 213.936511][ T8491] simple_read_from_buffer+0xd0/0x160 [ 213.936533][ T8491] proc_fail_nth_read+0x1b0/0x290 [ 213.936552][ T8491] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 213.936572][ T8491] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 213.936589][ T8491] vfs_read+0x1d4/0xbd0 [ 213.936607][ T8491] ? __fdget_pos+0xeb/0x180 [ 213.936625][ T8491] ? __pfx_vfs_read+0x10/0x10 [ 213.936640][ T8491] ? __pfx___mutex_lock+0x10/0x10 [ 213.936660][ T8491] ? __fget_files+0x256/0x400 [ 213.936683][ T8491] ksys_read+0x12f/0x260 [ 213.938502][ T8493] IPVS: set_ctl: invalid protocol: 51 172.20.20.170:20004 [ 213.973265][ T8491] ? __pfx_ksys_read+0x10/0x10 [ 213.974907][ T8491] __do_fast_syscall_32+0x73/0x120 [ 213.976845][ T8491] do_fast_syscall_32+0x32/0x80 [ 213.978899][ T8491] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 213.981516][ T8491] RIP: 0023:0xf73e9579 [ 213.983235][ T8491] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 213.990777][ T8491] RSP: 002b:00000000f5d015b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 213.993671][ T8491] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5d01630 [ 213.997072][ T8491] RDX: 000000000000000f RSI: 00000000f73d3ff4 RDI: 0000000000000000 [ 214.000359][ T8491] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 214.003090][ T8491] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 214.006324][ T8491] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 214.009144][ T8491] [ 214.010866][ T5201] Bluetooth: hci3: command 0x1407 tx timeout [ 214.118176][ T8501] FAULT_INJECTION: forcing a failure. [ 214.118176][ T8501] name failslab, interval 1, probability 0, space 0, times 0 [ 214.124259][ T8501] CPU: 3 PID: 8501 Comm: syz.2.869 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 214.128450][ T8501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 214.132623][ T8501] Call Trace: [ 214.134060][ T8501] [ 214.135337][ T8501] dump_stack_lvl+0x16c/0x1f0 [ 214.137122][ T8501] should_fail_ex+0x497/0x5b0 [ 214.138864][ T8501] should_failslab+0x9/0x20 [ 214.140843][ T8501] __kmalloc_noprof+0xcf/0x420 [ 214.142900][ T8501] ? __pfx_lock_acquire+0x10/0x10 [ 214.144929][ T8501] tomoyo_realpath_from_path+0xbf/0x710 [ 214.147250][ T8501] ? tomoyo_profile+0x47/0x60 [ 214.149154][ T8501] tomoyo_path_number_perm+0x245/0x5b0 [ 214.150995][ T8501] ? tomoyo_path_number_perm+0x232/0x5b0 [ 214.152949][ T8501] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 214.154976][ T8501] ? __pfx_lock_release+0x10/0x10 [ 214.156881][ T8501] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 214.159264][ T8501] ? __fget_files+0x256/0x400 [ 214.161094][ T8501] security_file_ioctl_compat+0x75/0xc0 [ 214.163389][ T8501] __do_compat_sys_ioctl+0x5d/0x330 [ 214.165692][ T8501] __do_fast_syscall_32+0x73/0x120 [ 214.167880][ T8501] do_fast_syscall_32+0x32/0x80 [ 214.169953][ T8501] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 214.172579][ T8501] RIP: 0023:0xf745f579 [ 214.174281][ T8501] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 214.182063][ T8501] RSP: 002b:00000000f5d7757c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 214.185463][ T8501] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000004c09 [ 214.188702][ T8501] RDX: 0000000000000800 RSI: 0000000000000000 RDI: 0000000000000000 [ 214.191948][ T8501] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 214.195040][ T8501] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 214.198094][ T8501] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 214.201092][ T8501] [ 214.203387][ T8501] ERROR: Out of memory at tomoyo_realpath_from_path. [ 214.441077][ T5201] Bluetooth: hci3: unexpected event 0x07 length: 8 < 255 [ 214.444311][ T5201] Bluetooth: hci3: SCO packet for unknown connection handle 201 [ 214.447762][ T5201] Bluetooth: hci3: SCO packet for unknown connection handle 1039 [ 214.769540][ T8510] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.873'. [ 214.776163][ T5206] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 214.780931][ T5206] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 214.784750][ T5206] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 214.790177][ T5206] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 214.793920][ T5206] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 214.797822][ T5206] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 214.976809][ T8513] chnl_net:caif_netlink_parms(): no params data found [ 215.183506][ T5243] usb 8-1: USB disconnect, device number 40 [ 215.185978][ T5206] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 215.189388][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 215.194531][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 215.206792][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.234005][ T8513] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.238389][ T8513] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.241037][ T8513] bridge_slave_0: entered allmulticast mode [ 215.244595][ T8513] bridge_slave_0: entered promiscuous mode [ 215.254630][ T8525] FAULT_INJECTION: forcing a failure. [ 215.254630][ T8525] name failslab, interval 1, probability 0, space 0, times 0 [ 215.254755][ T8513] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.271167][ T8513] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.276149][ T8513] bridge_slave_1: entered allmulticast mode [ 215.278940][ T8525] CPU: 0 PID: 8525 Comm: syz.3.875 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 215.279412][ T8513] bridge_slave_1: entered promiscuous mode [ 215.282902][ T8525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 215.291387][ T8525] Call Trace: [ 215.292805][ T8525] [ 215.293925][ T8525] dump_stack_lvl+0x16c/0x1f0 [ 215.295910][ T8525] should_fail_ex+0x497/0x5b0 [ 215.297576][ T8525] should_failslab+0x9/0x20 [ 215.299288][ T8525] kmem_cache_alloc_node_noprof+0x71/0x310 [ 215.302097][ T8525] ? __alloc_skb+0x2b3/0x380 [ 215.303932][ T8525] __alloc_skb+0x2b3/0x380 [ 215.305689][ T8525] ? __pfx___alloc_skb+0x10/0x10 [ 215.307811][ T8525] ? hlock_class+0x4e/0x130 [ 215.309713][ T8525] ? __lock_acquire+0xc10/0x3b30 [ 215.311758][ T8525] ? aa_label_sk_perm+0x165/0x560 [ 215.313873][ T8525] alloc_skb_with_frags+0xe4/0x710 [ 215.315962][ T8525] ? __pfx___lock_acquire+0x10/0x10 [ 215.318117][ T8525] sock_alloc_send_pskb+0x7f1/0x980 [ 215.320285][ T8525] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 215.322582][ T8525] ? __pfx_lock_release+0x10/0x10 [ 215.324536][ T8525] ? __pfx___might_resched+0x10/0x10 [ 215.327193][ T8525] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 215.329719][ T8525] hci_sock_sendmsg+0x1c8/0x25e0 [ 215.331811][ T8525] ? __pfx_aa_sk_perm+0x10/0x10 [ 215.333860][ T8525] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 215.336281][ T8525] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 215.338554][ T8525] sock_write_iter+0x50a/0x5c0 [ 215.340643][ T8525] ? __pfx_sock_write_iter+0x10/0x10 [ 215.342753][ T8525] ? bpf_lsm_file_permission+0x9/0x10 [ 215.344942][ T8525] ? security_file_permission+0x98/0xc0 [ 215.347291][ T8525] vfs_write+0x6b6/0x1140 [ 215.349103][ T8525] ? __pfx_sock_write_iter+0x10/0x10 [ 215.351294][ T8525] ? __pfx_vfs_write+0x10/0x10 [ 215.353315][ T8525] ? __fget_files+0x256/0x400 [ 215.355222][ T8525] ? __fget_light+0x173/0x210 [ 215.357139][ T8525] ksys_write+0x1f8/0x260 [ 215.358955][ T8525] ? __pfx_ksys_write+0x10/0x10 [ 215.361001][ T8525] __do_fast_syscall_32+0x73/0x120 [ 215.363134][ T8525] do_fast_syscall_32+0x32/0x80 [ 215.365159][ T8525] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 215.367759][ T8525] RIP: 0023:0xf7445579 [ 215.369430][ T8525] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 215.377549][ T8525] RSP: 002b:00000000f5d5d57c EFLAGS: 00000292 ORIG_RAX: 0000000000000004 [ 215.380989][ T8525] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000200 [ 215.384415][ T8525] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000 [ 215.387745][ T8525] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 215.390865][ T8525] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 215.393948][ T8525] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 215.397036][ T8525] [ 215.439250][ T8513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 215.462432][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.474414][ T8513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 215.530162][ T8536] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.878'. [ 215.571709][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.589547][ T8513] team0: Port device team_slave_0 added [ 215.595146][ T8513] team0: Port device team_slave_1 added [ 215.643917][ T8513] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 215.647895][ T8513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.658774][ T8513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 215.683419][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.693735][ T8513] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 215.696933][ T8513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.707973][ T8513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 215.728722][ T5206] Bluetooth: hci2: unexpected cc 0x2039 length: 4 > 1 [ 215.731427][ T5206] Bluetooth: hci2: unexpected event for opcode 0x2039 [ 215.813650][ T8513] hsr_slave_0: entered promiscuous mode [ 215.819496][ T8513] hsr_slave_1: entered promiscuous mode [ 215.831491][ T8513] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 215.834868][ T8513] Cannot create hsr debugfs directory [ 215.961250][ T5206] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 215.964374][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 215.965586][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 216.029729][ T13] bridge_slave_1: left allmulticast mode [ 216.039002][ T13] bridge_slave_1: left promiscuous mode [ 216.042059][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.049327][ T13] bridge_slave_0: left allmulticast mode [ 216.051386][ T13] bridge_slave_0: left promiscuous mode [ 216.053597][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.350467][ T8550] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.881'. [ 216.407255][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 216.417609][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 216.424738][ T13] bond0 (unregistering): Released all slaves [ 216.625010][ T815] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 216.649081][ T5206] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 216.652474][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 216.654254][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 216.827019][ T815] usb 6-1: config 0 has no interfaces? [ 216.833018][ T815] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 216.845972][ T815] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.857083][ T815] usb 6-1: config 0 descriptor?? [ 216.858862][ T5206] Bluetooth: hci1: command tx timeout [ 216.887008][ T13] hsr_slave_0: left promiscuous mode [ 216.891791][ T13] hsr_slave_1: left promiscuous mode [ 216.900528][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 216.903503][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 216.913923][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 216.916654][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 216.938426][ T13] veth1_macvtap: left promiscuous mode [ 216.940387][ T13] veth0_macvtap: left promiscuous mode [ 216.943284][ T13] veth1_vlan: left promiscuous mode [ 216.947448][ T13] veth0_vlan: left promiscuous mode [ 216.950329][ T5206] Bluetooth: hci2: unexpected event 0x08 length: 78 > 4 [ 217.051438][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 217.787987][ T13] team0 (unregistering): Port device team_slave_1 removed [ 217.857690][ T13] team0 (unregistering): Port device team_slave_0 removed [ 218.576825][ T8578] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.886'. [ 218.803102][ T8513] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 218.812366][ T8513] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 218.827876][ T5206] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 218.829583][ T8513] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 218.830923][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 218.834151][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 218.839939][ T8513] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 218.935744][ T5206] Bluetooth: hci1: command tx timeout [ 218.988312][ T8513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.017686][ T8513] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.029801][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.032636][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.048674][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.051336][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.256797][ T5206] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 219.260822][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 219.266639][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 219.348912][ T5242] usb 6-1: USB disconnect, device number 34 [ 219.384185][ T8513] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.483661][ T8513] veth0_vlan: entered promiscuous mode [ 219.503540][ T8513] veth1_vlan: entered promiscuous mode [ 219.580581][ T8513] veth0_macvtap: entered promiscuous mode [ 219.587211][ T8513] veth1_macvtap: entered promiscuous mode [ 219.613639][ T8513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.618871][ T8513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.623092][ T8513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.628065][ T8513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.632133][ T8513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.637533][ T8513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.643698][ T8513] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.657228][ T8513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 219.660457][ T8622] Illegal XDP return value 1617605061 on prog (id 54) dev syz_tun, expect packet loss! [ 219.661877][ T8513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.661912][ T8513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 219.661926][ T8513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.661936][ T8513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 219.688586][ T8513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.694653][ T8513] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.713931][ T8513] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.717671][ T8513] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.721255][ T8513] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.724541][ T8513] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.784483][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.796588][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.814349][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.827036][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.994693][ T8631] netlink: 36 bytes leftover after parsing attributes in process `syz.0.892'. [ 220.155115][ T56] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 220.348831][ T56] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 220.353376][ T56] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 220.358978][ T56] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 220.362711][ T56] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.371886][ T8627] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 220.667334][ T8643] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.895'. [ 220.671946][ T8643] net_ratelimit: 755 callbacks suppressed [ 220.671957][ T8643] netlink: zone id is out of range [ 220.677685][ T8643] netlink: zone id is out of range [ 220.680084][ T8643] netlink: zone id is out of range [ 220.682485][ T8643] netlink: zone id is out of range [ 220.684812][ T8643] netlink: zone id is out of range [ 220.687532][ T8643] netlink: zone id is out of range [ 220.689909][ T8643] netlink: zone id is out of range [ 220.692293][ T8643] netlink: zone id is out of range [ 220.694647][ T8643] netlink: zone id is out of range [ 220.697731][ T8643] netlink: zone id is out of range [ 220.759868][ T35] usb 7-1: USB disconnect, device number 29 [ 220.930874][ T5206] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 220.934106][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 220.934152][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 220.988200][ T8655] overlay: ./file0 is not a directory [ 221.025608][ T5206] Bluetooth: hci1: command tx timeout [ 221.125167][ T5243] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 221.320893][ T5243] usb 5-1: config 0 has no interfaces? [ 221.323622][ T5243] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 221.327760][ T5243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.334685][ T5243] usb 5-1: config 0 descriptor?? [ 221.365965][ T5206] Bluetooth: hci1: Malformed Event: 0x2f [ 221.914004][ T8672] tipc: Enabling of bearer rejected, failed to enable media [ 222.162693][ T8681] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.904'. [ 222.267682][ T8687] netlink: 36 bytes leftover after parsing attributes in process `syz.3.905'. [ 222.887367][ T5206] Bluetooth: hci1: unexpected event 0x07 length: 8 < 255 [ 222.890801][ T5206] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 223.095663][ T5206] Bluetooth: hci1: command tx timeout [ 223.136340][ T8704] netlink: 128468 bytes leftover after parsing attributes in process `syz.2.909'. [ 223.236162][ T35] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 223.427328][ T35] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 223.432221][ T35] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 223.436601][ T35] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 223.440596][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.447189][ T8699] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 223.512000][ T5206] Bluetooth: hci1: unexpected event 0x07 length: 8 < 255 [ 223.514821][ T5206] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 223.814639][ T8718] netlink: 191416 bytes leftover after parsing attributes in process `syz.2.913'. [ 223.836210][ T1937] usb 6-1: USB disconnect, device number 35 [ 223.871614][ T6323] usb 5-1: USB disconnect, device number 31 [ 224.162654][ T5206] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 224.268969][ T5206] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 224.275488][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 224.275537][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 224.648014][ T8751] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.922'. [ 224.787376][ T5206] Bluetooth: hci4: unexpected event 0x07 length: 8 < 255 [ 224.795853][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 225.124063][ T5206] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 225.130316][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 225.130346][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 225.135318][ T815] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 225.336309][ T815] usb 5-1: config 0 has no interfaces? [ 225.338815][ T815] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 225.342578][ T815] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.360371][ T815] usb 5-1: config 0 descriptor?? [ 225.485048][ T5242] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 225.501443][ T5206] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 225.504313][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 225.505308][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 225.669086][ T8775] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.931'. [ 225.696480][ T8775] net_ratelimit: 788 callbacks suppressed [ 225.696496][ T8775] netlink: zone id is out of range [ 225.701183][ T8775] netlink: zone id is out of range [ 225.703156][ T8775] netlink: zone id is out of range [ 225.705633][ T5242] usb 6-1: Using ep0 maxpacket: 32 [ 225.711341][ T8775] netlink: zone id is out of range [ 225.713577][ T8775] netlink: zone id is out of range [ 225.715775][ T8775] netlink: zone id is out of range [ 225.718048][ T8775] netlink: zone id is out of range [ 225.720510][ T5242] usb 6-1: config 0 has no interfaces? [ 225.723415][ T8775] netlink: zone id is out of range [ 225.735411][ T8775] netlink: zone id is out of range [ 225.737869][ T8775] netlink: zone id is out of range [ 225.742046][ T5242] usb 6-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 225.746701][ T5242] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.749950][ T5242] usb 6-1: Product: syz [ 225.751670][ T5242] usb 6-1: Manufacturer: syz [ 225.753627][ T5242] usb 6-1: SerialNumber: syz [ 225.763951][ T5242] usb 6-1: config 0 descriptor?? [ 225.795907][ T8782] syz.3.933 (8782): drop_caches: 2 [ 225.799166][ T8782] syz.3.933 (8782): drop_caches: 2 [ 226.236485][ T5206] Bluetooth: hci1: unexpected event 0x08 length: 78 > 4 [ 227.286778][ T8798] netlink: 134452 bytes leftover after parsing attributes in process `syz.3.937'. [ 227.651124][ T5206] Bluetooth: hci2: unexpected event 0x08 length: 78 > 4 [ 227.662267][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 227.901550][ T6323] usb 5-1: USB disconnect, device number 32 [ 228.107026][ T815] usb 6-1: USB disconnect, device number 36 [ 228.376608][ T8815] netlink: 16 bytes leftover after parsing attributes in process `syz.0.941'. [ 228.798513][ T5206] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 228.801582][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 228.802149][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 229.955104][ T815] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 230.048122][ T8851] netlink: 164980 bytes leftover after parsing attributes in process `syz.0.951'. [ 230.168716][ T815] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 230.173692][ T815] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 230.178639][ T815] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 230.183153][ T815] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.190070][ T8840] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 230.302015][ T8855] netlink: 16 bytes leftover after parsing attributes in process `syz.3.952'. [ 230.307024][ T5206] Bluetooth: hci2: unexpected event for opcode 0x040d [ 230.582986][ T25] usb 6-1: USB disconnect, device number 37 [ 231.569035][ T5206] Bluetooth: hci4: unexpected event 0x07 length: 8 < 255 [ 231.572383][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 231.824726][ T5206] Bluetooth: hci4: unexpected event 0x08 length: 78 > 4 [ 232.260230][ T8886] FAULT_INJECTION: forcing a failure. [ 232.260230][ T8886] name failslab, interval 1, probability 0, space 0, times 0 [ 232.292178][ T8886] CPU: 0 PID: 8886 Comm: syz.3.960 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 232.295717][ T8886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 232.299406][ T8886] Call Trace: [ 232.300593][ T8886] [ 232.301640][ T8886] dump_stack_lvl+0x16c/0x1f0 [ 232.303331][ T8886] should_fail_ex+0x497/0x5b0 [ 232.304978][ T8886] should_failslab+0x9/0x20 [ 232.306550][ T8886] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 232.308405][ T8886] ? sctp_chunkify+0x51/0x2d0 [ 232.310030][ T8886] sctp_chunkify+0x51/0x2d0 [ 232.311612][ T8886] _sctp_make_chunk+0x148/0x270 [ 232.313502][ T8886] sctp_make_control+0x2f/0x2d0 [ 232.315186][ T8886] sctp_make_init+0x6fb/0xdd0 [ 232.316820][ T8886] ? __pfx_sctp_make_init+0x10/0x10 [ 232.318477][ T8886] ? kernel_text_address+0x8d/0x100 [ 232.320466][ T8886] ? __kernel_text_address+0xd/0x40 [ 232.322264][ T8886] ? sctp_sm_lookup_event+0x15c/0x570 [ 232.323897][ T8886] ? __pfx_sctp_sm_lookup_event+0x10/0x10 [ 232.325794][ T8886] sctp_sf_do_prm_asoc+0xbf/0x360 [ 232.327545][ T8886] ? __pfx_sctp_pname+0x10/0x10 [ 232.329190][ T8886] sctp_do_sm+0x17f/0x5c90 [ 232.330771][ T8886] ? kasan_save_stack+0x42/0x60 [ 232.332452][ T8886] ? kasan_save_stack+0x33/0x60 [ 232.334159][ T8886] ? kasan_save_track+0x14/0x30 [ 232.335854][ T8886] ? __pfx_sctp_do_sm+0x10/0x10 [ 232.337517][ T8886] ? sctp_sendmsg+0x129c/0x1f10 [ 232.339240][ T8886] ? __sys_sendto+0x42c/0x4e0 [ 232.340854][ T8886] ? __ia32_sys_sendto+0xdd/0x1b0 [ 232.342644][ T8886] ? __do_fast_syscall_32+0x73/0x120 [ 232.344484][ T8886] ? do_fast_syscall_32+0x32/0x80 [ 232.346242][ T8886] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 232.348760][ T8886] ? sk_leave_memory_pressure+0xdd/0x130 [ 232.350811][ T8886] ? __sk_mem_raise_allocated+0x8a0/0x1740 [ 232.352961][ T8886] sctp_primitive_ASSOCIATE+0x9c/0xd0 [ 232.354847][ T8886] sctp_sendmsg_to_asoc+0xa4d/0x1ad0 [ 232.356702][ T8886] ? sctp_assoc_add_peer+0x254/0x14b0 [ 232.358533][ T8886] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 232.360523][ T8886] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 232.362669][ T8886] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 232.364738][ T8886] sctp_sendmsg+0x129c/0x1f10 [ 232.366646][ T8886] ? __pfx_sctp_sendmsg+0x10/0x10 [ 232.368411][ T8886] ? find_held_lock+0x2d/0x110 [ 232.370335][ T8886] ? __pfx___might_resched+0x10/0x10 [ 232.372649][ T8886] ? __pfx___might_resched+0x10/0x10 [ 232.374831][ T8886] ? __pfx_aa_sk_perm+0x10/0x10 [ 232.376871][ T8886] ? __might_fault+0xe3/0x190 [ 232.378816][ T8886] ? __pfx_sctp_sendmsg+0x10/0x10 [ 232.380896][ T8886] inet_sendmsg+0x119/0x140 [ 232.382775][ T8886] __sys_sendto+0x42c/0x4e0 [ 232.384625][ T8886] ? __pfx___sys_sendto+0x10/0x10 [ 232.386670][ T8886] ? ksys_write+0x1ab/0x260 [ 232.388196][ T8886] ? __pfx_ksys_write+0x10/0x10 [ 232.389863][ T8886] __ia32_sys_sendto+0xdd/0x1b0 [ 232.391534][ T8886] ? lockdep_hardirqs_on+0x7c/0x110 [ 232.393602][ T8886] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 232.396462][ T8886] __do_fast_syscall_32+0x73/0x120 [ 232.398561][ T8886] do_fast_syscall_32+0x32/0x80 [ 232.400248][ T8886] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 232.402887][ T8886] RIP: 0023:0xf7445579 [ 232.404525][ T8886] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 232.410960][ T8886] RSP: 002b:00000000f5d5d57c EFLAGS: 00000292 ORIG_RAX: 0000000000000171 [ 232.414105][ T8886] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000180 [ 232.417373][ T8886] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000020000200 [ 232.419980][ T8886] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 232.422600][ T8886] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 232.425435][ T8886] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 232.428278][ T8886] [ 232.775032][ T8897] netlink: 131188 bytes leftover after parsing attributes in process `syz.0.962'. [ 232.800085][ T8897] net_ratelimit: 472 callbacks suppressed [ 232.800132][ T8897] netlink: zone id is out of range [ 232.818490][ T8897] netlink: zone id is out of range [ 232.821497][ T8897] netlink: zone id is out of range [ 232.825891][ T8897] netlink: zone id is out of range [ 232.828810][ T8897] netlink: zone id is out of range [ 232.831580][ T8897] netlink: zone id is out of range [ 232.834235][ T8897] netlink: zone id is out of range [ 232.859431][ T8897] netlink: zone id is out of range [ 232.869910][ T8897] netlink: zone id is out of range [ 232.872688][ T8897] netlink: zone id is out of range [ 233.413392][ T8906] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.964'. [ 233.828477][ T5206] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 233.831832][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 233.831894][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 234.029212][ T8922] FAULT_INJECTION: forcing a failure. [ 234.029212][ T8922] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 234.040603][ T8922] CPU: 1 PID: 8922 Comm: syz.0.969 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 234.045000][ T8922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 234.049699][ T8922] Call Trace: [ 234.051160][ T8922] [ 234.052490][ T8922] dump_stack_lvl+0x16c/0x1f0 [ 234.054603][ T8922] should_fail_ex+0x497/0x5b0 [ 234.056690][ T8922] _copy_to_user+0x30/0xc0 [ 234.058686][ T8922] simple_read_from_buffer+0xd0/0x160 [ 234.061086][ T8922] proc_fail_nth_read+0x1b0/0x290 [ 234.063360][ T8922] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 234.065808][ T8922] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 234.068237][ T8922] vfs_read+0x1d4/0xbd0 [ 234.070092][ T8922] ? __fdget_pos+0xeb/0x180 [ 234.072093][ T8922] ? __might_fault+0xe3/0x190 [ 234.074180][ T8922] ? __pfx_vfs_read+0x10/0x10 [ 234.076269][ T8922] ? __pfx___mutex_lock+0x10/0x10 [ 234.078504][ T8922] ? __fget_files+0x256/0x400 [ 234.080605][ T8922] ksys_read+0x12f/0x260 [ 234.082500][ T8922] ? __pfx_ksys_read+0x10/0x10 [ 234.084630][ T8922] __do_fast_syscall_32+0x73/0x120 [ 234.086893][ T8922] do_fast_syscall_32+0x32/0x80 [ 234.089032][ T8922] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 234.091827][ T8922] RIP: 0023:0xf740d579 [ 234.093647][ T8922] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 234.102024][ T8922] RSP: 002b:00000000f5d255b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 234.105673][ T8922] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5d25630 [ 234.108968][ T8922] RDX: 000000000000000f RSI: 00000000f73f7ff4 RDI: 0000000000000000 [ 234.112448][ T8922] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 234.115885][ T8922] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 234.119350][ T8922] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 234.122842][ T8922] [ 234.303586][ T5206] Bluetooth: hci4: unexpected event 0x07 length: 8 < 255 [ 234.306969][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 234.435058][ T5206] Bluetooth: hci2: unexpected event for opcode 0x2060 [ 234.466066][ T1937] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 234.537905][ T8935] netlink: 16 bytes leftover after parsing attributes in process `syz.1.972'. [ 234.588653][ T8938] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.973'. [ 234.656471][ T1937] usb 5-1: config 0 has no interfaces? [ 234.665362][ T1937] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 234.668428][ T1937] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.672679][ T1937] usb 5-1: config 0 descriptor?? [ 235.048500][ T1937] usb 5-1: USB disconnect, device number 33 [ 235.536345][ T5240] usb 8-1: new high-speed USB device number 41 using dummy_hcd [ 235.746556][ T5240] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 235.750246][ T5240] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 235.754637][ T5240] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 235.758206][ T5240] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.762969][ T8953] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 236.095215][ T5206] Bluetooth: hci4: unexpected event 0x07 length: 8 < 255 [ 236.098298][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 236.190252][ T25] usb 8-1: USB disconnect, device number 41 [ 236.427732][ T8976] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.983'. [ 237.125721][ T815] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 237.228904][ T5206] Bluetooth: hci4: unexpected event 0x08 length: 78 > 4 [ 237.240259][ T5206] Bluetooth: hci4: link tx timeout [ 237.245728][ T5206] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 237.320462][ T815] usb 5-1: config 0 has no interfaces? [ 237.322594][ T815] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 237.325672][ T815] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.329964][ T815] usb 5-1: config 0 descriptor?? [ 237.741643][ T815] usb 5-1: USB disconnect, device number 34 [ 238.295153][ T5201] Bluetooth: hci0: Opcode 0x206a failed: -110 [ 238.295468][ T5212] Bluetooth: hci0: command 0x206a tx timeout [ 238.903469][ T9013] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.992'. [ 238.907342][ T9013] net_ratelimit: 634 callbacks suppressed [ 238.907355][ T9013] netlink: zone id is out of range [ 238.911398][ T9013] netlink: zone id is out of range [ 238.913352][ T9013] netlink: zone id is out of range [ 238.917267][ T9013] netlink: zone id is out of range [ 238.919049][ T9013] netlink: zone id is out of range [ 238.920908][ T9013] netlink: zone id is out of range [ 238.922858][ T9013] netlink: zone id is out of range [ 238.924512][ T9013] netlink: zone id is out of range [ 238.926904][ T9013] netlink: zone id is out of range [ 238.935273][ T9013] netlink: zone id is out of range [ 239.255057][ T5212] Bluetooth: hci4: command 0x0406 tx timeout [ 239.365016][ T5243] usb 8-1: new high-speed USB device number 42 using dummy_hcd [ 239.556826][ T5243] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 239.560575][ T5243] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 239.563942][ T5243] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 239.570716][ T5243] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.580971][ T9024] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 239.865193][ T25] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 239.958382][ T10] usb 8-1: USB disconnect, device number 42 [ 240.057977][ T25] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 240.062537][ T25] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 240.066842][ T25] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 240.070616][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.077794][ T9030] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 240.209859][ T9040] netlink: 16 bytes leftover after parsing attributes in process `syz.2.999'. [ 240.245101][ T5243] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 240.427212][ T5243] usb 6-1: config 0 has no interfaces? [ 240.429787][ T5243] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 240.433724][ T5243] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.439332][ T5243] usb 6-1: config 0 descriptor?? [ 240.469170][ T25] usb 5-1: USB disconnect, device number 35 [ 240.828037][ T5243] usb 6-1: USB disconnect, device number 38 [ 241.009604][ T5206] Bluetooth: hci1: unexpected event 0x08 length: 78 > 4 [ 241.075047][ T9057] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.1003'. [ 242.445039][ T25] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 242.630306][ T25] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 242.634126][ T25] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 242.637551][ T25] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 242.641421][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.647818][ T9081] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 242.747893][ T9089] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1011'. [ 243.010596][ T5212] Bluetooth: hci1: unexpected event 0x07 length: 8 < 255 [ 243.013174][ T5212] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 243.187750][ T9102] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1015'. [ 243.263315][ T9108] netlink: 107084 bytes leftover after parsing attributes in process `syz.1.1014'. [ 243.495093][ T5206] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 243.495097][ T5212] Bluetooth: hci4: command 0x0406 tx timeout [ 243.499996][ T5206] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 243.519317][ T5206] Bluetooth: hci1: unexpected event 0x08 length: 78 > 4 [ 244.299580][ T5212] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 244.306605][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 244.316086][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 244.894867][ T5212] Bluetooth: hci1: unexpected event 0x08 length: 78 > 4 [ 245.238205][ T5212] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 245.243743][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 245.243771][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 245.319734][ T6323] usb 5-1: USB disconnect, device number 36 [ 245.352513][ T9139] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1024'. [ 245.357733][ T5212] Bluetooth: hci0: unexpected event for opcode 0x040d [ 245.575209][ T5212] Bluetooth: hci4: command 0x0406 tx timeout [ 245.581133][ T5206] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 246.163911][ T5212] Bluetooth: hci1: unexpected event 0x07 length: 8 < 255 [ 246.173262][ T5212] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 246.510029][ T5212] Bluetooth: hci1: unexpected event 0x08 length: 78 > 4 [ 246.865610][ T5243] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 246.991747][ T9174] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1034'. [ 246.997195][ T5212] Bluetooth: hci4: unexpected event for opcode 0x040d [ 247.056389][ T5243] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 247.060161][ T5243] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 247.063577][ T5243] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 247.068996][ T5243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.074493][ T9168] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 247.173244][ T9177] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1035'. [ 247.665398][ T5206] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 247.929275][ T5206] Bluetooth: hci1: unexpected event 0x07 length: 8 < 255 [ 247.934234][ T5206] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 248.187989][ T9204] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1043'. [ 248.197812][ T5206] Bluetooth: hci4: unexpected event for opcode 0x040d [ 248.280155][ T5206] Bluetooth: hci2: unexpected event 0x08 length: 78 > 4 [ 248.286064][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 248.484485][ T5206] Bluetooth: hci4: unexpected event 0x07 length: 8 < 255 [ 248.488441][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 201 [ 248.488493][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 248.746969][ T9218] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1047'. [ 249.360123][ T5206] Bluetooth: hci2: unexpected event 0x08 length: 78 > 4 [ 249.379100][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 249.495299][ T5212] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 249.497194][ T5206] Bluetooth: hci2: command 0x206a tx timeout [ 249.737485][ T35] usb 5-1: USB disconnect, device number 37 [ 250.031310][ T5212] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 250.036621][ T5212] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 250.055124][ T5212] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 250.190760][ T9241] netlink: 191416 bytes leftover after parsing attributes in process `syz.2.1053'. [ 250.197755][ T9241] net_ratelimit: 473 callbacks suppressed [ 250.197763][ T9241] netlink: zone id is out of range [ 250.202265][ T9241] netlink: zone id is out of range [ 250.204379][ T9241] netlink: zone id is out of range [ 250.206932][ T9241] netlink: zone id is out of range [ 250.209282][ T9241] netlink: zone id is out of range [ 250.211082][ T9241] netlink: zone id is out of range [ 250.212957][ T9241] netlink: zone id is out of range [ 250.215820][ T9241] netlink: zone id is out of range [ 250.218976][ T9241] netlink: zone id is out of range [ 250.229220][ T9241] netlink: zone id is out of range [ 250.427290][ T5212] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 250.430375][ T5212] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 250.442501][ T5212] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 250.520480][ T5212] Bluetooth: hci4: unexpected event 0x08 length: 78 > 4 [ 250.524070][ T5212] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 250.675260][ T5212] Bluetooth: hci2: unexpected event 0x08 length: 78 > 4 [ 250.679233][ T5212] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 250.787344][ T9261] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1058'. [ 251.314258][ T9272] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1060'. [ 251.602206][ T9281] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1065'. [ 251.608413][ T9281] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1065'. [ 251.619709][ T9287] netlink: 191416 bytes leftover after parsing attributes in process `syz.2.1063'. [ 251.623964][ T9281] capability: warning: `syz.1.1065' uses deprecated v2 capabilities in a way that may be insecure [ 251.631805][ T9281] 9pnet_fd: p9_fd_create_tcp (9281): problem binding to privport [ 251.645936][ T39] audit: type=1326 audit(1720979527.385:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9280 comm="syz.1.1065" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73e9579 code=0x0 [ 251.649080][ T9284] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1064'. [ 251.815068][ T5212] Bluetooth: hci4: command 0x206a tx timeout [ 251.815137][ T5206] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 251.864297][ T5206] Bluetooth: hci1: unexpected event 0x07 length: 8 < 255 [ 251.867443][ T5206] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 252.151155][ T9299] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1069'. [ 252.972274][ T5206] Bluetooth: hci1: unexpected event 0x08 length: 78 > 4 [ 253.140914][ T9323] warning: `syz.1.1075' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 253.378223][ T9330] __nla_validate_parse: 1 callbacks suppressed [ 253.378244][ T9330] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.1077'. [ 253.448367][ T5206] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 253.451213][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 253.452648][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 253.814797][ T9344] FAULT_INJECTION: forcing a failure. [ 253.814797][ T9344] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 253.825061][ T9344] CPU: 3 PID: 9344 Comm: syz.0.1081 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 253.828685][ T9344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 253.832458][ T9344] Call Trace: [ 253.833637][ T9344] [ 253.834676][ T9344] dump_stack_lvl+0x16c/0x1f0 [ 253.836303][ T9344] should_fail_ex+0x497/0x5b0 [ 253.838080][ T9344] _copy_from_user+0x30/0xf0 [ 253.839968][ T9344] get_compat_msghdr+0xa8/0x170 [ 253.841695][ T9344] ? __pfx_get_compat_msghdr+0x10/0x10 [ 253.843552][ T9344] ? kfree+0x245/0x3b0 [ 253.845182][ T9344] ? find_held_lock+0x2d/0x110 [ 253.846914][ T9344] ___sys_recvmsg+0x193/0x1a0 [ 253.848667][ T9344] ? __pfx____sys_recvmsg+0x10/0x10 [ 253.850872][ T9344] ? __pfx___might_resched+0x10/0x10 [ 253.853216][ T9344] ? __fget_light+0x173/0x210 [ 253.855087][ T9344] do_recvmmsg+0x51a/0x750 [ 253.857008][ T9344] ? __pfx_do_recvmmsg+0x10/0x10 [ 253.859234][ T9344] ? __pfx_lock_release+0x10/0x10 [ 253.861209][ T9344] ? vfs_write+0x14d/0x1140 [ 253.862816][ T9344] __sys_recvmmsg+0x21e/0x280 [ 253.864854][ T9344] ? __pfx___sys_recvmmsg+0x10/0x10 [ 253.867070][ T9344] ? __pfx_ksys_write+0x10/0x10 [ 253.868970][ T9344] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 253.871542][ T9344] ? lockdep_hardirqs_on+0x7c/0x110 [ 253.873736][ T9344] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 253.876500][ T9344] __do_fast_syscall_32+0x73/0x120 [ 253.878851][ T9344] do_fast_syscall_32+0x32/0x80 [ 253.880991][ T9344] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 253.883991][ T9344] RIP: 0023:0xf740d579 [ 253.885910][ T9344] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 253.894400][ T9344] RSP: 002b:00000000f5d2557c EFLAGS: 00000292 ORIG_RAX: 0000000000000151 [ 253.898175][ T9344] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020008880 [ 253.901586][ T9344] RDX: 000000000000045b RSI: 0000000044000102 RDI: 0000000000000000 [ 253.904603][ T9344] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 253.907960][ T9344] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 253.911638][ T9344] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 253.915182][ T9344] [ 253.917387][ T5206] Bluetooth: hci4: command 0x206a tx timeout [ 254.103375][ T9353] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.1085'. [ 254.526886][ T9364] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1087'. [ 254.630192][ T9372] netlink: 'syz.2.1090': attribute type 5 has an invalid length. [ 254.643007][ T9372] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1090'. [ 254.690020][ T5206] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 254.692622][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 254.692651][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 254.860306][ T5206] Bluetooth: hci0: unexpected event 0x08 length: 78 > 4 [ 254.867515][ T5206] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 255.129743][ T9384] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1093'. [ 255.317634][ T9386] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1094'. [ 255.640704][ T5206] Bluetooth: hci1: unexpected event 0x08 length: 78 > 4 [ 255.911003][ T1354] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.916143][ T1354] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.956474][ T9403] netlink: 'syz.0.1099': attribute type 5 has an invalid length. [ 255.987011][ T9403] nbd: device at index 0 is going down [ 255.990678][ T9403] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1099'. [ 256.282424][ T5206] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 256.285634][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 256.285668][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 256.603679][ T9417] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1104'. [ 257.131156][ T5206] Bluetooth: hci0: unexpected event 0x08 length: 78 > 4 [ 257.135735][ T5206] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 257.212333][ T9431] netlink: 'syz.3.1108': attribute type 5 has an invalid length. [ 257.239347][ T9431] nbd: couldn't find device at index 0 [ 257.242745][ T9431] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1108'. [ 257.489736][ T5206] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 257.492417][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 257.492463][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 257.700493][ T5206] Bluetooth: hci4: unexpected event 0x07 length: 8 < 255 [ 257.707377][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 201 [ 257.707422][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 257.843037][ T5206] Bluetooth: hci1: unexpected event 0x07 length: 8 < 255 [ 257.849972][ T5206] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 257.899287][ T9448] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1114'. [ 258.170669][ T9455] net_ratelimit: 1117 callbacks suppressed [ 258.170682][ T9455] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 258.178715][ T5206] Bluetooth: hci4: Malformed LE Event: 0x1b [ 258.181951][ T5206] Bluetooth: hci4: Ignoring connect complete event for invalid link type [ 258.207798][ T9457] netlink: 'syz.0.1118': attribute type 5 has an invalid length. [ 258.300312][ T9463] block nbd0: NBD_DISCONNECT [ 258.444475][ T5206] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 258.447321][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 258.815515][ T9476] __nla_validate_parse: 3 callbacks suppressed [ 258.815531][ T9476] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1122'. [ 259.161642][ T9486] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1123'. [ 259.190197][ T9488] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1124'. [ 259.194894][ T9488] netlink: zone id is out of range [ 259.199422][ T9488] netlink: zone id is out of range [ 259.201796][ T9488] netlink: zone id is out of range [ 259.204736][ T9488] netlink: zone id is out of range [ 259.209540][ T9488] netlink: zone id is out of range [ 259.211920][ T9488] netlink: zone id is out of range [ 259.214317][ T9488] netlink: zone id is out of range [ 259.217138][ T9488] netlink: zone id is out of range [ 259.219999][ T9488] netlink: zone id is out of range [ 259.415699][ T5206] Bluetooth: hci2: unexpected event 0x08 length: 78 > 4 [ 259.419169][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 259.727855][ T5206] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 259.730965][ T5206] bt_err_ratelimited: 1 callbacks suppressed [ 259.730975][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 259.733528][ T5206] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 260.296765][ T5206] Bluetooth: hci4: unexpected event 0x07 length: 8 < 255 [ 260.304137][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 201 [ 260.304190][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 260.458705][ T9518] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1134'. [ 260.468476][ T9521] VFS: could not find a valid V7 on nullb0. [ 260.628011][ T9529] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1136'. [ 261.014843][ T5206] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 261.019708][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 261.019739][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 261.235594][ T5206] Bluetooth: hci4: unexpected event 0x07 length: 8 < 255 [ 261.242987][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 201 [ 261.246340][ T5206] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 261.403001][ T5206] Bluetooth: hci1: unexpected event 0x07 length: 8 < 255 [ 261.414731][ T5206] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 261.537050][ T9548] block device autoloading is deprecated and will be removed. [ 261.642037][ T9549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 261.643712][ T9552] ======================================================= [ 261.643712][ T9552] WARNING: The mand mount option has been deprecated and [ 261.643712][ T9552] and is ignored by this kernel. Remove the mand [ 261.643712][ T9552] option from the mount to silence this warning. [ 261.643712][ T9552] ======================================================= [ 261.870576][ T9569] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1147'. [ 261.879877][ T9570] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1148'. [ 262.140720][ T5206] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 262.143563][ T5206] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 262.216584][ T5206] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 262.223026][ T5206] Bluetooth: hci4: Injecting HCI hardware error event [ 262.229615][ T5212] Bluetooth: hci4: hardware error 0x00 [ 262.569067][ T5206] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 263.268720][ T5206] Bluetooth: hci4: unexpected event 0x07 length: 8 < 255 [ 263.452874][ T9600] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1157'. [ 263.508424][ T9603] hsr0: entered promiscuous mode [ 263.645991][ T9613] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1159'. [ 263.997373][ T9619] FAULT_INJECTION: forcing a failure. [ 263.997373][ T9619] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 264.011827][ T9619] CPU: 0 PID: 9619 Comm: syz.2.1162 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 264.015506][ T9619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 264.019817][ T9619] Call Trace: [ 264.021190][ T9619] [ 264.022419][ T9619] dump_stack_lvl+0x16c/0x1f0 [ 264.024440][ T9619] should_fail_ex+0x497/0x5b0 [ 264.026448][ T9619] _copy_from_iter+0x27a/0xfb0 [ 264.028360][ T5206] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 264.028377][ T9619] ? __alloc_skb+0x200/0x380 [ 264.032799][ T9619] ? __pfx__copy_from_iter+0x10/0x10 [ 264.035111][ T9619] ? __virt_addr_valid+0x5e/0x590 [ 264.037208][ T9619] ? __phys_addr_symbol+0x30/0x80 [ 264.039336][ T9619] ? __check_object_size+0x48e/0x720 [ 264.041415][ T9619] netlink_sendmsg+0x813/0xd70 [ 264.043465][ T9619] ? __pfx_netlink_sendmsg+0x10/0x10 [ 264.045731][ T9619] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 264.047844][ T9619] ____sys_sendmsg+0x9b4/0xb50 [ 264.049752][ T9619] ? __pfx_____sys_sendmsg+0x10/0x10 [ 264.051746][ T9619] ? get_compat_msghdr+0x11b/0x170 [ 264.053613][ T9619] ? __pfx___lock_acquire+0x10/0x10 [ 264.055755][ T9619] ___sys_sendmsg+0x135/0x1e0 [ 264.057424][ T9619] ? __pfx____sys_sendmsg+0x10/0x10 [ 264.059404][ T9619] ? ksys_write+0x21c/0x260 [ 264.061186][ T9619] ? __fget_light+0x173/0x210 [ 264.063194][ T9619] __sys_sendmsg+0x117/0x1f0 [ 264.065069][ T9619] ? __pfx___sys_sendmsg+0x10/0x10 [ 264.067157][ T9619] __do_fast_syscall_32+0x73/0x120 [ 264.069274][ T9619] do_fast_syscall_32+0x32/0x80 [ 264.071210][ T9619] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 264.073770][ T9619] RIP: 0023:0xf7474579 [ 264.075415][ T9619] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 264.083356][ T9619] RSP: 002b:00000000f5d8c57c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 264.086938][ T9619] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000020000140 [ 264.090293][ T9619] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 264.093651][ T9619] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 264.096980][ T9619] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 264.100632][ T9619] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 264.104013][ T9619] [ 264.219098][ T9618] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 264.295149][ T5212] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 264.496754][ T9640] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1167'. [ 264.500144][ T9640] net_ratelimit: 313 callbacks suppressed [ 264.500152][ T9640] netlink: zone id is out of range [ 264.503786][ T9640] netlink: zone id is out of range [ 264.505711][ T9640] netlink: zone id is out of range [ 264.507822][ T9640] netlink: zone id is out of range [ 264.510101][ T9640] netlink: zone id is out of range [ 264.511825][ T9640] netlink: zone id is out of range [ 264.513592][ T9640] netlink: zone id is out of range [ 264.515380][ T9640] netlink: zone id is out of range [ 264.517165][ T9640] netlink: zone id is out of range [ 264.519090][ T9640] netlink: zone id is out of range [ 264.581182][ T9644] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1168'. [ 264.956794][ T9652] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1171'. [ 264.961830][ T5212] Bluetooth: hci1: unexpected event 0x07 length: 8 < 255 [ 264.965133][ T5212] bt_err_ratelimited: 5 callbacks suppressed [ 264.965145][ T5212] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 265.028622][ T9658] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1172'. [ 265.044997][ T25] usb 8-1: new high-speed USB device number 43 using dummy_hcd [ 265.229097][ T25] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 265.236650][ T25] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 265.244716][ T25] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 265.252071][ T25] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.266314][ T9649] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 265.309993][ T5212] Bluetooth: hci1: unexpected event 0x07 length: 8 < 255 [ 265.315120][ T5212] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 265.668902][ T1937] usb 8-1: USB disconnect, device number 43 [ 265.783919][ T9687] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1181'. [ 265.981201][ T5212] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 265.985040][ T5212] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 265.987784][ T5212] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 266.403904][ T5212] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 266.411820][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 266.412951][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 266.663352][ T9718] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1188'. [ 266.733735][ T9723] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 266.742665][ T9723] FAULT_INJECTION: forcing a failure. [ 266.742665][ T9723] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 266.748474][ T9723] CPU: 1 PID: 9723 Comm: syz.0.1190 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 266.752773][ T9723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 266.757751][ T9723] Call Trace: [ 266.759216][ T9723] [ 266.760565][ T9723] dump_stack_lvl+0x16c/0x1f0 [ 266.762779][ T9723] should_fail_ex+0x497/0x5b0 [ 266.764922][ T9723] _copy_from_user+0x30/0xf0 [ 266.766999][ T9723] snd_ctl_elem_add_compat+0xa2/0x3f0 [ 266.769329][ T9723] snd_ctl_ioctl_compat+0x386/0x900 [ 266.771593][ T9723] ? __pfx_snd_ctl_ioctl_compat+0x10/0x10 [ 266.774029][ T9723] ? __fget_files+0x256/0x400 [ 266.776051][ T9723] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 266.778496][ T9723] ? __pfx_snd_ctl_ioctl_compat+0x10/0x10 [ 266.780970][ T9723] __do_compat_sys_ioctl+0x2c3/0x330 [ 266.783217][ T9723] __do_fast_syscall_32+0x73/0x120 [ 266.785358][ T9723] do_fast_syscall_32+0x32/0x80 [ 266.787490][ T9723] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 266.790253][ T9723] RIP: 0023:0xf740d579 [ 266.792020][ T9723] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 266.800605][ T9723] RSP: 002b:00000000f5d2557c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 266.804277][ T9723] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c1105518 [ 266.807735][ T9723] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 266.811210][ T9723] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 266.814712][ T9723] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 266.817952][ T9723] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 266.821101][ T9723] [ 267.067970][ T5212] Bluetooth: hci0: unexpected event 0x07 length: 8 < 255 [ 267.071122][ T5212] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 267.071171][ T5212] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 267.349418][ T5212] Bluetooth: hci2: unexpected event 0x08 length: 78 > 4 [ 267.366441][ T5212] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 267.442016][ T1090] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.505119][ T6323] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 267.549312][ T1090] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.645366][ T1090] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.673632][ T9739] bridge_slave_1: left allmulticast mode [ 267.674656][ T5206] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 267.676560][ T9739] bridge_slave_1: left promiscuous mode [ 267.681072][ T5206] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 267.682392][ T9739] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.689493][ T5206] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 267.694116][ T5206] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 267.699764][ T5206] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 267.701035][ T6323] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 267.703084][ T5206] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 267.710679][ T6323] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 267.716533][ T6323] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 267.720369][ T6323] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.727019][ T9733] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 267.732198][ T1090] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.890637][ T9750] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.1199'. [ 267.902428][ T1090] bridge_slave_1: left allmulticast mode [ 267.904871][ T1090] bridge_slave_1: left promiscuous mode [ 267.909065][ T1090] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.914707][ T1090] bridge_slave_0: left allmulticast mode [ 267.917883][ T1090] bridge_slave_0: left promiscuous mode [ 267.920128][ T1090] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.122028][ T6323] usb 5-1: USB disconnect, device number 38 [ 268.231108][ T1090] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 268.249684][ T1090] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 268.265305][ T1090] bond0 (unregistering): Released all slaves [ 268.371720][ T9758] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1202'. [ 268.398899][ T9741] chnl_net:caif_netlink_parms(): no params data found [ 268.564290][ T9741] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.567503][ T9741] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.570365][ T9741] bridge_slave_0: entered allmulticast mode [ 268.574552][ T9741] bridge_slave_0: entered promiscuous mode [ 268.603204][ T9741] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.606546][ T9741] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.609641][ T9741] bridge_slave_1: entered allmulticast mode [ 268.612804][ T9741] bridge_slave_1: entered promiscuous mode [ 268.702191][ T9741] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 268.712960][ T9741] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 268.779673][ T9741] team0: Port device team_slave_0 added [ 268.784483][ T9741] team0: Port device team_slave_1 added [ 268.819685][ T1090] hsr_slave_0: left promiscuous mode [ 268.823933][ T1090] hsr_slave_1: left promiscuous mode [ 268.830423][ T1090] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 268.833712][ T1090] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 268.838149][ T1090] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 268.841606][ T1090] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 268.871179][ T1090] veth1_macvtap: left promiscuous mode [ 268.873641][ T1090] veth0_macvtap: left promiscuous mode [ 268.876152][ T1090] veth1_vlan: left promiscuous mode [ 268.878132][ T1090] veth0_vlan: left promiscuous mode [ 269.240074][ T9791] FAULT_INJECTION: forcing a failure. [ 269.240074][ T9791] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 269.245412][ T9791] CPU: 2 PID: 9791 Comm: syz.3.1206 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 269.249378][ T9791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 269.253837][ T9791] Call Trace: [ 269.255302][ T9791] [ 269.256598][ T9791] dump_stack_lvl+0x16c/0x1f0 [ 269.258677][ T9791] should_fail_ex+0x497/0x5b0 [ 269.260675][ T9791] _copy_from_iter+0x27a/0xfb0 [ 269.262782][ T9791] ? __alloc_skb+0x200/0x380 [ 269.264752][ T9791] ? __pfx__copy_from_iter+0x10/0x10 [ 269.267143][ T9791] ? __virt_addr_valid+0x5e/0x590 [ 269.269297][ T9791] ? __phys_addr_symbol+0x30/0x80 [ 269.271421][ T9791] ? __check_object_size+0x48e/0x720 [ 269.273658][ T9791] netlink_sendmsg+0x813/0xd70 [ 269.275717][ T9791] ? __pfx_netlink_sendmsg+0x10/0x10 [ 269.277992][ T9791] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 269.280218][ T9791] ____sys_sendmsg+0x9b4/0xb50 [ 269.282301][ T9791] ? __pfx_____sys_sendmsg+0x10/0x10 [ 269.284568][ T9791] ? get_compat_msghdr+0x11b/0x170 [ 269.286805][ T9791] ? __pfx___lock_acquire+0x10/0x10 [ 269.289054][ T9791] ___sys_sendmsg+0x135/0x1e0 [ 269.291112][ T9791] ? __pfx____sys_sendmsg+0x10/0x10 [ 269.293324][ T9791] ? ksys_write+0x21c/0x260 [ 269.295262][ T9791] ? __fget_light+0x173/0x210 [ 269.297267][ T9791] __sys_sendmsg+0x117/0x1f0 [ 269.299224][ T9791] ? __pfx___sys_sendmsg+0x10/0x10 [ 269.301451][ T9791] __do_fast_syscall_32+0x73/0x120 [ 269.303714][ T9791] do_fast_syscall_32+0x32/0x80 [ 269.305649][ T9791] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 269.308193][ T9791] RIP: 0023:0xf7445579 [ 269.310026][ T9791] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 269.318231][ T9791] RSP: 002b:00000000f5d5d57c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 269.321804][ T9791] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000300 [ 269.324918][ T9791] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 269.327628][ T9791] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 269.330288][ T9791] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 269.332972][ T9791] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 269.335650][ T9791] [ 269.467401][ T9795] UBIFS error (pid: 9795): cannot open "./file0", error -22 [ 269.519874][ T9796] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.1208'. [ 269.529419][ T9796] net_ratelimit: 473 callbacks suppressed [ 269.529431][ T9796] netlink: zone id is out of range [ 269.534293][ T9796] netlink: zone id is out of range [ 269.537391][ T9796] netlink: zone id is out of range [ 269.539605][ T9796] netlink: zone id is out of range [ 269.541761][ T9796] netlink: zone id is out of range [ 269.543807][ T9796] netlink: zone id is out of range [ 269.546069][ T9796] netlink: zone id is out of range [ 269.548361][ T9796] netlink: zone id is out of range [ 269.550636][ T9796] netlink: zone id is out of range [ 269.552809][ T9796] netlink: zone id is out of range [ 269.738026][ T5212] Bluetooth: hci1: command tx timeout [ 269.780899][ T1090] team0 (unregistering): Port device team_slave_1 removed [ 269.868247][ T1090] team0 (unregistering): Port device team_slave_0 removed [ 270.171695][ T9805] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1211'. [ 270.508799][ T9741] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 270.511615][ T9741] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.515109][ T25] usb 8-1: new high-speed USB device number 44 using dummy_hcd [ 270.522509][ T9741] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 270.531844][ T9741] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 270.534815][ T9741] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.546222][ T9741] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 270.612330][ T9741] hsr_slave_0: entered promiscuous mode [ 270.616335][ T9741] hsr_slave_1: entered promiscuous mode [ 270.719636][ T25] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 270.724267][ T25] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 270.731643][ T25] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 270.738430][ T25] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.760219][ T9808] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 271.173600][ T5240] usb 8-1: USB disconnect, device number 44 [ 271.371701][ T9741] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 271.376115][ T9741] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 271.381247][ T9741] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 271.394051][ T9741] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 271.502392][ T9741] 8021q: adding VLAN 0 to HW filter on device bond0 [ 271.547260][ T9741] 8021q: adding VLAN 0 to HW filter on device team0 [ 271.558867][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.561893][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.573252][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.576304][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 271.780201][ T9741] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 271.815221][ T5212] Bluetooth: hci1: command tx timeout [ 271.831326][ T9741] veth0_vlan: entered promiscuous mode [ 271.839763][ T9741] veth1_vlan: entered promiscuous mode [ 271.869842][ T9865] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1217'. [ 271.874895][ T9741] veth0_macvtap: entered promiscuous mode [ 271.880388][ T9741] veth1_macvtap: entered promiscuous mode [ 271.894394][ T9741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.900636][ T9741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.905518][ T9741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.910058][ T9741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.914306][ T9741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.921833][ T9741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.927101][ T9741] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 271.937677][ T9741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.942234][ T9741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.950432][ T9741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.955850][ T9741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.960318][ T9741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.964750][ T9741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.974481][ T9741] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 271.985424][ T9868] Zero length message leads to an empty skb [ 271.993117][ T9741] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.997340][ T9741] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.001011][ T9741] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.006395][ T9741] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.151378][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.159403][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.183923][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.192281][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.291740][ T5212] Bluetooth: hci0: unexpected event 0x08 length: 78 > 4 [ 272.450312][ T5212] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 272.525241][ T9891] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1221'. [ 272.952561][ T9897] sctp: [Deprecated]: syz.2.1223 (pid 9897) Use of int in max_burst socket option deprecated. [ 272.952561][ T9897] Use struct sctp_assoc_value instead [ 273.301512][ T9914] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1225'. [ 273.602950][ T9919] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1226'. [ 273.884429][ T9926] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1229'. [ 273.953110][ T5212] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 273.962402][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 273.975060][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 274.015028][ T10] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 274.061565][ T9931] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 274.094741][ T9934] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1232'. [ 274.205653][ T10] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 274.221067][ T10] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 274.228658][ T10] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 274.232394][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.236540][ T10] usb 7-1: Product: 抡֨顼쒙⃉ꝫ㧨㙘ܓ슪ꀡ⚃⶟墔蓼༣鴾Ꚑ儧홳ڋ쪗鸎 [ 274.240709][ T10] usb 7-1: Manufacturer: 她蕋멳龜ؔ됛ꦆ뗮齔㗘మᆤ幽埍瀷쬎룱窛퍽黱覝轤㴓犂讯࣍䉙녒ⶇ扚邆镻㢗濇蕃鐍혣☲밉庙랸袰৽夂憬芣稐录빬旟깿ꦇ婞㘳௴ﺋ࣊绾鸓ᬪ哴s [ 274.250932][ T10] usb 7-1: SerialNumber: syz [ 274.402328][ T9950] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1234'. [ 274.615089][ T5212] Bluetooth: hci1: command tx timeout [ 274.787748][ T9952] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.1236'. [ 274.792828][ T9952] net_ratelimit: 473 callbacks suppressed [ 274.792841][ T9952] netlink: zone id is out of range [ 274.798439][ T9952] netlink: zone id is out of range [ 274.800776][ T9952] netlink: zone id is out of range [ 274.803133][ T9952] netlink: zone id is out of range [ 274.805777][ T9952] netlink: zone id is out of range [ 274.808031][ T9952] netlink: zone id is out of range [ 274.810085][ T9952] netlink: zone id is out of range [ 274.812130][ T9952] netlink: zone id is out of range [ 274.814189][ T9952] netlink: zone id is out of range [ 274.816492][ T9952] netlink: zone id is out of range [ 274.934360][ T9957] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1237'. [ 274.991160][ T9964] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1239'. [ 275.256203][ T5212] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 275.260101][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 275.261215][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 275.928354][ T9988] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.1247'. [ 276.003635][ T9994] serio: Serial port pts0 [ 276.057759][ T9994] FAULT_INJECTION: forcing a failure. [ 276.057759][ T9994] name failslab, interval 1, probability 0, space 0, times 0 [ 276.085101][ T9994] CPU: 0 PID: 9994 Comm: syz.3.1249 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 276.089454][ T9994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 276.094022][ T9994] Call Trace: [ 276.095504][ T9994] [ 276.096782][ T9994] dump_stack_lvl+0x16c/0x1f0 [ 276.098865][ T9994] should_fail_ex+0x497/0x5b0 [ 276.100919][ T9994] should_failslab+0x9/0x20 [ 276.102911][ T9994] __kmalloc_noprof+0xcf/0x420 [ 276.104931][ T9994] kobject_get_path+0xcb/0x230 [ 276.106565][ T9994] kobject_uevent_env+0x28f/0x15f0 [ 276.108292][ T9994] ? kobject_put+0xbe/0x5b0 [ 276.109841][ T9994] device_del+0x623/0x9f0 [ 276.111305][ T9994] ? __pfx_device_del+0x10/0x10 [ 276.113030][ T9994] ? mark_held_locks+0x9f/0xe0 [ 276.114663][ T9994] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 276.116609][ T9994] serio_destroy_port+0x49d/0x5a0 [ 276.118172][ T9994] serio_unregister_port+0x2b/0x40 [ 276.119828][ T9994] serport_ldisc_read+0x3c0/0x630 [ 276.121418][ T9994] ? __pfx_serport_ldisc_read+0x10/0x10 [ 276.123327][ T9994] ? __pfx_autoremove_wake_function+0x10/0x10 [ 276.125853][ T9994] tty_read+0x31a/0x5c0 [ 276.127718][ T9994] ? __pfx_tty_read+0x10/0x10 [ 276.129370][ T9994] ? bpf_lsm_file_permission+0x9/0x10 [ 276.131495][ T9994] ? security_file_permission+0x98/0xc0 [ 276.133801][ T9994] vfs_read+0x869/0xbd0 [ 276.135651][ T9994] ? __pfx_vfs_read+0x10/0x10 [ 276.137345][ T9994] ? __fget_files+0x256/0x400 [ 276.138992][ T9994] ? __fget_light+0x173/0x210 [ 276.140760][ T9994] ksys_read+0x12f/0x260 [ 276.142277][ T9994] ? __pfx_ksys_read+0x10/0x10 [ 276.144021][ T9994] __do_fast_syscall_32+0x73/0x120 [ 276.145823][ T9994] do_fast_syscall_32+0x32/0x80 [ 276.147697][ T9994] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 276.150117][ T9994] RIP: 0023:0xf7445579 [ 276.151924][ T9994] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 276.159542][ T9994] RSP: 002b:00000000f5d5d57c EFLAGS: 00000292 ORIG_RAX: 0000000000000003 [ 276.162994][ T9994] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000 [ 276.166256][ T9994] RDX: 0000000000002006 RSI: 0000000000000000 RDI: 0000000000000000 [ 276.169150][ T9994] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 276.171909][ T9994] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 276.174623][ T9994] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 276.177386][ T9994] [ 276.252844][T10000] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1250'. [ 276.894078][ T5212] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 276.897314][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 276.898843][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 277.153303][T10022] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.1256'. [ 277.352772][T10031] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1261'. [ 277.917691][T10038] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1264'. [ 278.064833][ T10] usb 7-1: 0:2 : does not exist [ 278.079619][ T10] usb 7-1: USB disconnect, device number 30 [ 278.293627][ T5215] udevd[5215]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 278.580719][T10059] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1271'. [ 278.899964][T10076] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1275'. [ 279.718837][T10096] xt_TCPMSS: Only works on TCP SYN packets [ 279.911996][T10108] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1284'. [ 279.915722][T10108] net_ratelimit: 956 callbacks suppressed [ 279.915736][T10108] netlink: zone id is out of range [ 279.920875][T10108] netlink: zone id is out of range [ 279.922748][T10108] netlink: zone id is out of range [ 279.924494][T10108] netlink: zone id is out of range [ 279.927623][T10108] netlink: zone id is out of range [ 279.929713][T10108] netlink: zone id is out of range [ 279.933431][T10108] netlink: zone id is out of range [ 279.935940][T10108] netlink: zone id is out of range [ 279.938268][T10108] netlink: zone id is out of range [ 279.940589][T10108] netlink: zone id is out of range [ 280.194816][ T5212] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 280.198556][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 280.198601][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 280.443587][T10122] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1287'. [ 280.461410][T10118] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1286'. [ 280.760643][T10126] FAULT_INJECTION: forcing a failure. [ 280.760643][T10126] name failslab, interval 1, probability 0, space 0, times 0 [ 280.766536][T10126] CPU: 3 PID: 10126 Comm: syz.1.1289 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 280.771610][T10126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 280.776400][T10126] Call Trace: [ 280.777886][T10126] [ 280.779189][T10126] dump_stack_lvl+0x16c/0x1f0 [ 280.781324][T10126] should_fail_ex+0x497/0x5b0 [ 280.783418][T10126] should_failslab+0x9/0x20 [ 280.785436][T10126] __kmalloc_noprof+0xcf/0x420 [ 280.787543][T10126] ? __pfx_lock_acquire+0x10/0x10 [ 280.789768][T10126] tomoyo_realpath_from_path+0xbf/0x710 [ 280.792164][T10126] ? tomoyo_profile+0x47/0x60 [ 280.794246][T10126] tomoyo_path_number_perm+0x245/0x5b0 [ 280.796886][T10126] ? tomoyo_path_number_perm+0x232/0x5b0 [ 280.799385][T10126] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 280.802327][T10126] ? __pfx_lock_release+0x10/0x10 [ 280.804534][T10126] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 280.807779][T10126] ? __fget_files+0x256/0x400 [ 280.811297][T10126] security_file_ioctl_compat+0x75/0xc0 [ 280.815905][T10126] __do_compat_sys_ioctl+0x5d/0x330 [ 280.818724][T10126] __do_fast_syscall_32+0x73/0x120 [ 280.822523][T10126] do_fast_syscall_32+0x32/0x80 [ 280.824831][T10126] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 280.827612][T10126] RIP: 0023:0xf73e9579 [ 280.829884][T10126] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 280.838193][T10126] RSP: 002b:00000000f5d0157c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 280.841592][T10126] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008914 [ 280.845046][T10126] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 280.848270][T10126] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 280.851639][T10126] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 280.855515][T10126] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 280.858953][T10126] [ 280.867872][T10126] ERROR: Out of memory at tomoyo_realpath_from_path. [ 281.211445][T10141] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.1293'. [ 281.285142][ T10] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 281.431123][ T5212] Bluetooth: hci2: unexpected event 0x07 length: 8 < 255 [ 281.434471][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 281.434500][ T5212] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 281.485012][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 281.497274][ T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 166, changing to 11 [ 281.502083][ T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 8383, setting to 1024 [ 281.517049][ T10] usb 6-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.40 [ 281.521353][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.526058][ T10] usb 6-1: Product: ☜萏断鯿⎎緱殘꧃嫏לៈꚁﴍ固죝斈ﲩ䓙敥큑ꇖ橨駳蓅᧡㮱䔎﷯㔛嚴惶浞ౚᎮ屫㳛ㄛ쓉叺鯉莄靚Ὁ砵ڙᎸ뫸騸ᱚ梮 [ 281.534857][ T10] usb 6-1: Manufacturer: Т [ 281.537320][ T10] usb 6-1: SerialNumber: syz [ 281.665735][T10152] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1296'. [ 282.056363][T10167] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1298'. [ 282.087901][ T10] usbhid 6-1:1.0: can't add hid device: -71 [ 282.100475][ T10] usbhid 6-1:1.0: probe with driver usbhid failed with error -71 [ 282.120105][ T10] usb 6-1: USB disconnect, device number 39 [ 282.403035][ T39] audit: type=1326 audit(1720979558.135:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10168 comm="syz.0.1299" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 282.735269][T10180] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1301'. [ 283.554545][T10208] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1308'. [ 283.847275][T10219] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1311'. [ 284.312936][T10228] FAULT_INJECTION: forcing a failure. [ 284.312936][T10228] name failslab, interval 1, probability 0, space 0, times 0 [ 284.321040][T10228] CPU: 2 PID: 10228 Comm: syz.2.1314 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 284.325494][T10228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 284.330310][T10228] Call Trace: [ 284.331853][T10228] [ 284.333211][T10228] dump_stack_lvl+0x16c/0x1f0 [ 284.335317][T10228] should_fail_ex+0x497/0x5b0 [ 284.337428][T10228] should_failslab+0x9/0x20 [ 284.339234][T10228] kmem_cache_alloc_node_noprof+0x71/0x310 [ 284.341560][T10228] ? __alloc_skb+0x2b3/0x380 [ 284.343436][T10228] ? genl_start+0x1e7/0x950 [ 284.345406][T10228] __alloc_skb+0x2b3/0x380 [ 284.347353][T10228] ? __pfx___alloc_skb+0x10/0x10 [ 284.349471][T10228] ? do_fast_syscall_32+0x32/0x80 [ 284.351483][T10228] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 284.354265][T10228] netlink_dump+0x75f/0xe00 [ 284.356260][T10228] ? __pfx_netlink_dump+0x10/0x10 [ 284.358491][T10228] ? kasan_save_track+0x14/0x30 [ 284.360683][T10228] ? __kasan_kmalloc+0xaa/0xb0 [ 284.362631][T10228] ? genl_start+0x677/0x950 [ 284.364475][T10228] __netlink_dump_start+0x6e6/0x9c0 [ 284.366807][T10228] genl_family_rcv_msg_dumpit+0x1e1/0x2e0 [ 284.369336][T10228] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 284.372090][T10228] ? genl_op_from_small+0x25/0x440 [ 284.374218][T10228] ? apparmor_capable+0x126/0x1e0 [ 284.376308][T10228] ? __pfx_genl_start+0x10/0x10 [ 284.378430][T10228] ? __pfx_genl_dumpit+0x10/0x10 [ 284.380525][T10228] ? __pfx_genl_done+0x10/0x10 [ 284.382660][T10228] ? ns_capable+0xd7/0x110 [ 284.384659][T10228] genl_rcv_msg+0x470/0x800 [ 284.386512][T10228] ? __pfx_genl_rcv_msg+0x10/0x10 [ 284.388599][T10228] ? __dev_queue_xmit+0x85d/0x4130 [ 284.390830][T10228] ? __pfx_batadv_dat_cache_dump+0x10/0x10 [ 284.393349][T10228] netlink_rcv_skb+0x165/0x410 [ 284.395436][T10228] ? __pfx_genl_rcv_msg+0x10/0x10 [ 284.397703][T10228] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 284.400052][T10228] ? down_read+0xc9/0x330 [ 284.401880][T10228] ? __pfx_down_read+0x10/0x10 [ 284.403773][T10228] ? netlink_deliver_tap+0x1ae/0xcf0 [ 284.405945][T10228] genl_rcv+0x28/0x40 [ 284.407699][T10228] netlink_unicast+0x542/0x820 [ 284.409799][T10228] ? __pfx_netlink_unicast+0x10/0x10 [ 284.412115][T10228] ? __phys_addr_symbol+0x30/0x80 [ 284.414241][T10228] ? __check_object_size+0x4a7/0x720 [ 284.416622][T10228] netlink_sendmsg+0x8b8/0xd70 [ 284.418801][T10228] ? __pfx_netlink_sendmsg+0x10/0x10 [ 284.421129][T10228] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 284.423205][T10228] ____sys_sendmsg+0x9b4/0xb50 [ 284.425140][T10228] ? __pfx_____sys_sendmsg+0x10/0x10 [ 284.428273][T10228] ? get_compat_msghdr+0x11b/0x170 [ 284.430633][T10228] ? __pfx___lock_acquire+0x10/0x10 [ 284.433090][T10228] ___sys_sendmsg+0x135/0x1e0 [ 284.435151][T10228] ? __pfx____sys_sendmsg+0x10/0x10 [ 284.437216][T10228] ? ksys_write+0x21c/0x260 [ 284.439289][T10228] ? __fget_light+0x173/0x210 [ 284.441389][T10228] __sys_sendmsg+0x117/0x1f0 [ 284.443526][T10228] ? __pfx___sys_sendmsg+0x10/0x10 [ 284.445811][T10228] __do_fast_syscall_32+0x73/0x120 [ 284.448062][T10228] do_fast_syscall_32+0x32/0x80 [ 284.450389][T10228] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 284.453127][T10228] RIP: 0023:0xf741f579 [ 284.454848][T10228] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 284.462874][T10228] RSP: 002b:00000000f5d3757c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 284.466378][T10228] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000280 [ 284.469964][T10228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 284.473436][T10228] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 284.476883][T10228] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 284.480246][T10228] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 284.483928][T10228] [ 284.672262][T10234] program syz.2.1317 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 284.809270][T10251] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1324'. [ 285.063056][ T5212] Bluetooth: hci1: unexpected event 0x08 length: 78 > 4 [ 285.539468][T10267] program syz.0.1328 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 285.761962][T10281] __nla_validate_parse: 1 callbacks suppressed [ 285.761979][T10281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1334'. [ 285.897220][ T5240] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 285.919821][T10285] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1333'. [ 286.011562][T10287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1335'. [ 286.096867][ T5240] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 286.102158][ T5240] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 286.115460][ T5240] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 286.119875][ T5240] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.143756][T10277] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 286.225742][T10293] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1336'. [ 286.528508][ T5240] usb 5-1: USB disconnect, device number 39 [ 287.043553][T10302] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1338'. [ 287.668738][T10316] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1343'. [ 287.834462][T10320] FAULT_INJECTION: forcing a failure. [ 287.834462][T10320] name failslab, interval 1, probability 0, space 0, times 0 [ 287.865724][T10320] CPU: 1 PID: 10320 Comm: syz.0.1344 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 287.870043][T10320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 287.874531][T10320] Call Trace: [ 287.875802][T10320] [ 287.877088][T10320] dump_stack_lvl+0x16c/0x1f0 [ 287.879842][T10320] should_fail_ex+0x497/0x5b0 [ 287.882470][T10320] should_failslab+0x9/0x20 [ 287.884674][T10320] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 287.887040][T10320] ? skb_clone+0x190/0x3f0 [ 287.889007][T10320] skb_clone+0x190/0x3f0 [ 287.890845][T10320] netlink_deliver_tap+0xb26/0xcf0 [ 287.892840][T10320] netlink_unicast+0x6be/0x820 [ 287.894828][T10320] ? __pfx_netlink_unicast+0x10/0x10 [ 287.897126][T10320] ? genl_rcv_msg+0x4bd/0x800 [ 287.899074][T10320] netlink_ack+0x6a3/0xb20 [ 287.901100][T10320] netlink_rcv_skb+0x327/0x410 [ 287.903340][T10320] ? __pfx_genl_rcv_msg+0x10/0x10 [ 287.905386][T10320] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 287.907791][T10320] ? down_read+0xc9/0x330 [ 287.909958][T10320] ? __pfx_down_read+0x10/0x10 [ 287.912268][T10320] ? netlink_deliver_tap+0x1ae/0xcf0 [ 287.914796][T10320] genl_rcv+0x28/0x40 [ 287.916642][T10320] netlink_unicast+0x542/0x820 [ 287.918694][T10320] ? __pfx_netlink_unicast+0x10/0x10 [ 287.920909][T10320] ? __phys_addr_symbol+0x30/0x80 [ 287.922939][T10320] ? __check_object_size+0x48e/0x720 [ 287.925168][T10320] netlink_sendmsg+0x8b8/0xd70 [ 287.927116][T10320] ? __pfx_netlink_sendmsg+0x10/0x10 [ 287.929969][T10320] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 287.932375][T10320] ____sys_sendmsg+0x9b4/0xb50 [ 287.934710][T10320] ? __pfx_____sys_sendmsg+0x10/0x10 [ 287.937575][T10320] ? get_compat_msghdr+0x11b/0x170 [ 287.940113][T10320] ? __pfx___lock_acquire+0x10/0x10 [ 287.942503][T10320] ___sys_sendmsg+0x135/0x1e0 [ 287.944591][T10320] ? __pfx____sys_sendmsg+0x10/0x10 [ 287.946811][T10320] ? ksys_write+0x21c/0x260 [ 287.948585][T10320] ? __fget_light+0x173/0x210 [ 287.950606][T10320] __sys_sendmsg+0x117/0x1f0 [ 287.952922][T10320] ? __pfx___sys_sendmsg+0x10/0x10 [ 287.955492][T10320] __do_fast_syscall_32+0x73/0x120 [ 287.957676][T10320] do_fast_syscall_32+0x32/0x80 [ 287.959949][T10320] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 287.962697][T10320] RIP: 0023:0xf740d579 [ 287.964500][T10320] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 287.973711][T10320] RSP: 002b:00000000f5d2557c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 287.982645][T10320] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 287.986334][T10320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 287.989707][T10320] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 287.992963][T10320] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 287.995850][T10320] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 287.998541][T10320] [ 288.044368][T10329] capability: warning: `syz.0.1347' uses 32-bit capabilities (legacy support in use) [ 288.176839][T10338] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1346'. [ 288.318675][T10343] netlink: 'syz.3.1350': attribute type 10 has an invalid length. [ 288.326814][T10343] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1350'. [ 288.334325][T10343] FAULT_INJECTION: forcing a failure. [ 288.334325][T10343] name failslab, interval 1, probability 0, space 0, times 0 [ 288.341092][T10343] CPU: 2 PID: 10343 Comm: syz.3.1350 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 288.345682][T10343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 288.350208][T10343] Call Trace: [ 288.351422][T10343] [ 288.352571][T10343] dump_stack_lvl+0x16c/0x1f0 [ 288.354685][T10343] should_fail_ex+0x497/0x5b0 [ 288.356668][T10343] should_failslab+0x9/0x20 [ 288.358834][T10343] kmem_cache_alloc_node_noprof+0x71/0x310 [ 288.361197][T10343] ? __alloc_skb+0x2b3/0x380 [ 288.363357][T10343] __alloc_skb+0x2b3/0x380 [ 288.365132][T10343] ? __pfx___alloc_skb+0x10/0x10 [ 288.367326][T10343] ? __pfx_mark_lock+0x10/0x10 [ 288.369356][T10343] rtmsg_ifa+0x16a/0x2a0 [ 288.371392][T10343] ? __pfx_rtmsg_ifa+0x10/0x10 [ 288.373408][T10343] __inet_del_ifa+0x3c9/0xf40 [ 288.375501][T10343] inetdev_event+0x5c5/0x1800 [ 288.377633][T10343] ? __pfx_inetdev_event+0x10/0x10 [ 288.380020][T10343] ? preempt_schedule_notrace_thunk+0x1a/0x30 [ 288.382496][T10343] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 288.385034][T10343] notifier_call_chain+0xb9/0x410 [ 288.387030][T10343] ? __pfx_inetdev_event+0x10/0x10 [ 288.389154][T10343] call_netdevice_notifiers_info+0xbe/0x140 [ 288.391351][T10343] unregister_netdevice_many_notify+0x8a1/0x19f0 [ 288.393621][T10343] ? unregister_netdevice_queue+0x22f/0x3f0 [ 288.396058][T10343] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 288.399260][T10343] ? __pfx_virt_wifi_dellink+0x10/0x10 [ 288.401712][T10343] rtnl_dellink+0x3c2/0xaf0 [ 288.403871][T10343] ? kfree_skbmem+0x10e/0x200 [ 288.405608][T10343] ? stack_trace_save+0x95/0xd0 [ 288.407391][T10343] ? __pfx_rtnl_dellink+0x10/0x10 [ 288.409401][T10343] ? hlock_class+0x4e/0x130 [ 288.411594][T10343] ? trace_contention_end+0xea/0x140 [ 288.413930][T10343] ? __mutex_lock+0x1a6/0x9c0 [ 288.415821][T10343] ? rtnetlink_rcv_msg+0x372/0xea0 [ 288.417640][T10343] ? __pfx___mutex_lock+0x10/0x10 [ 288.419572][T10343] ? rtnetlink_rcv_msg+0x35a/0xea0 [ 288.421465][T10343] ? __pfx_rtnl_dellink+0x10/0x10 [ 288.423340][T10343] rtnetlink_rcv_msg+0x3c7/0xea0 [ 288.425273][T10343] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 288.427816][T10343] ? __dev_queue_xmit+0x87e/0x4130 [ 288.430243][T10343] netlink_rcv_skb+0x165/0x410 [ 288.432489][T10343] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 288.434916][T10343] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 288.437359][T10343] ? netlink_deliver_tap+0x1ae/0xcf0 [ 288.439827][T10343] netlink_unicast+0x542/0x820 [ 288.441979][T10343] ? __pfx_netlink_unicast+0x10/0x10 [ 288.444427][T10343] ? __phys_addr_symbol+0x30/0x80 [ 288.446806][T10343] ? __check_object_size+0x48e/0x720 [ 288.449303][T10343] netlink_sendmsg+0x8b8/0xd70 [ 288.451442][T10343] ? __pfx_netlink_sendmsg+0x10/0x10 [ 288.453957][T10343] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 288.456403][T10343] ____sys_sendmsg+0x9b4/0xb50 [ 288.458583][T10343] ? __pfx_____sys_sendmsg+0x10/0x10 [ 288.461052][T10343] ? get_compat_msghdr+0x11b/0x170 [ 288.463423][T10343] ? __pfx___lock_acquire+0x10/0x10 [ 288.465864][T10343] ___sys_sendmsg+0x135/0x1e0 [ 288.467995][T10343] ? __pfx____sys_sendmsg+0x10/0x10 [ 288.470434][T10343] ? ksys_write+0x21c/0x260 [ 288.472507][T10343] ? __fget_light+0x173/0x210 [ 288.474682][T10343] __sys_sendmsg+0x117/0x1f0 [ 288.476869][T10343] ? __pfx___sys_sendmsg+0x10/0x10 [ 288.479140][T10343] __do_fast_syscall_32+0x73/0x120 [ 288.481459][T10343] do_fast_syscall_32+0x32/0x80 [ 288.483526][T10343] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 288.486433][T10343] RIP: 0023:0xf7445579 [ 288.488334][T10343] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 288.496755][T10343] RSP: 002b:00000000f5d5d57c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 288.500472][T10343] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000000 [ 288.504069][T10343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 288.507836][T10343] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 288.511663][T10343] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 288.515317][T10343] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 288.519087][T10343] [ 288.668589][T10347] netlink: 'syz.3.1351': attribute type 10 has an invalid length. [ 288.671968][T10347] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1351'. [ 288.835733][T10353] FAULT_INJECTION: forcing a failure. [ 288.835733][T10353] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 288.855083][T10353] CPU: 3 PID: 10353 Comm: syz.3.1353 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 288.859735][T10353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 288.864061][T10353] Call Trace: [ 288.865405][T10353] [ 288.866686][T10353] dump_stack_lvl+0x16c/0x1f0 [ 288.868778][T10353] should_fail_ex+0x497/0x5b0 [ 288.870843][T10353] _copy_to_user+0x30/0xc0 [ 288.872846][T10353] __copy_siginfo_to_user32+0x97/0xf0 [ 288.875188][T10353] ? __pfx___copy_siginfo_to_user32+0x10/0x10 [ 288.877795][T10353] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.880032][T10353] ? siginfo_layout+0x1d2/0x290 [ 288.882021][T10353] ia32_setup_rt_frame+0x6c3/0xb20 [ 288.883970][T10353] ? __pfx_ia32_setup_rt_frame+0x10/0x10 [ 288.886089][T10353] ? __pfx_lock_release+0x10/0x10 [ 288.887983][T10353] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 288.891050][T10353] arch_do_signal_or_restart+0x47b/0x7e0 [ 288.893724][T10353] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 288.896373][T10353] ? fd_install+0x242/0x750 [ 288.898374][T10353] ? ksys_write+0x1ab/0x260 [ 288.900380][T10353] ? __pfx_ksys_write+0x10/0x10 [ 288.902466][T10353] syscall_exit_to_user_mode+0x14a/0x2a0 [ 288.904815][T10353] __do_fast_syscall_32+0x80/0x120 [ 288.907032][T10353] do_fast_syscall_32+0x32/0x80 [ 288.909246][T10353] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 288.912734][T10353] RIP: 0023:0xf7445579 [ 288.914783][T10353] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 288.924321][T10353] RSP: 002b:00000000f5d5d57c EFLAGS: 00000292 ORIG_RAX: 0000000000000167 [ 288.928050][T10353] RAX: 0000000000000006 RBX: 0000000000000011 RCX: 0000000000000003 [ 288.931437][T10353] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000000000000 [ 288.934836][T10353] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 288.938070][T10353] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 288.941388][T10353] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 288.944701][T10353] [ 289.360900][ T1085] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.486140][ T1085] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.503388][ T5206] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 289.510966][ T5206] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 289.518426][ T5206] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 289.522683][ T5206] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 289.526912][ T5206] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 289.530076][ T5206] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 289.549253][ T1085] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.624834][ T1085] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.745882][T10364] chnl_net:caif_netlink_parms(): no params data found [ 289.837207][ T1085] bridge_slave_1: left allmulticast mode [ 289.839670][ T1085] bridge_slave_1: left promiscuous mode [ 289.842259][ T1085] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.860147][ T1085] bridge_slave_0: left allmulticast mode [ 289.862621][ T1085] bridge_slave_0: left promiscuous mode [ 289.866196][ T1085] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.306631][ T1085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 290.313247][ T1085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 290.319742][ T1085] bond0 (unregistering): Released all slaves [ 290.335975][T10371] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1360'. [ 290.339422][T10371] veth0_vlan: entered allmulticast mode [ 290.515205][T10364] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.518325][T10364] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.521385][T10364] bridge_slave_0: entered allmulticast mode [ 290.527550][T10364] bridge_slave_0: entered promiscuous mode [ 290.532369][T10364] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.536310][T10364] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.540691][T10364] bridge_slave_1: entered allmulticast mode [ 290.544607][T10364] bridge_slave_1: entered promiscuous mode [ 290.555365][ T5206] Bluetooth: hci2: unexpected event 0x08 length: 78 > 4 [ 290.619812][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 290.720016][T10364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 290.745445][T10364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 291.020829][T10364] team0: Port device team_slave_0 added [ 291.031130][ T1085] ------------[ cut here ]------------ [ 291.033442][ T1085] Have pending ack frames! [ 291.036296][ T1085] WARNING: CPU: 2 PID: 1085 at net/mac80211/main.c:1691 ieee80211_free_ack_frame+0x58/0x60 [ 291.040508][ T1085] Modules linked in: [ 291.043751][ T1085] CPU: 2 PID: 1085 Comm: kworker/u32:5 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 291.050093][ T1085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 291.053969][ T1085] Workqueue: netns cleanup_net [ 291.056883][ T1085] RIP: 0010:ieee80211_free_ack_frame+0x58/0x60 [ 291.059649][ T1085] Code: 00 00 e8 3b 82 71 fe 31 c0 5b 5d c3 cc cc cc cc e8 6d 9d 49 f7 c6 05 b3 6c 87 05 01 90 48 c7 c7 00 d3 72 8c e8 69 1f 0c f7 90 <0f> 0b 90 90 eb c5 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 291.069038][ T1085] RSP: 0018:ffffc9000742f920 EFLAGS: 00010286 [ 291.071745][ T1085] RAX: 0000000000000000 RBX: ffff8880207637c0 RCX: ffffffff815112c9 [ 291.074827][ T1085] RDX: ffff88802056a440 RSI: ffffffff815112d6 RDI: 0000000000000001 [ 291.078595][ T1085] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 291.081612][ T1085] R10: 0000000000000001 R11: 0000000000000003 R12: dffffc0000000000 [ 291.084806][ T1085] R13: ffffffff8a44f170 R14: 0000000080000000 R15: 0000000000000000 [ 291.087818][ T1085] FS: 0000000000000000(0000) GS:ffff88802c200000(0000) knlGS:0000000000000000 [ 291.091655][ T1085] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 291.095455][ T1085] CR2: 00005567b73f4131 CR3: 000000005723e000 CR4: 0000000000352ef0 [ 291.098588][ T1085] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 291.101761][ T1085] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 291.105176][ T1085] Call Trace: [ 291.106633][ T1085] [ 291.107908][ T1085] ? show_regs+0x8c/0xa0 [ 291.109540][ T1085] ? __warn+0xe5/0x3c0 [ 291.111156][ T1085] ? ieee80211_free_ack_frame+0x58/0x60 [ 291.113361][ T1085] ? report_bug+0x3c0/0x580 [ 291.115217][ T1085] ? handle_bug+0x3d/0x70 [ 291.116861][ T1085] ? exc_invalid_op+0x17/0x50 [ 291.119301][ T1085] ? asm_exc_invalid_op+0x1a/0x20 [ 291.121268][ T1085] ? __pfx_ieee80211_free_ack_frame+0x10/0x10 [ 291.123586][ T1085] ? __warn_printk+0x199/0x350 [ 291.125681][ T1085] ? __warn_printk+0x1a6/0x350 [ 291.127574][ T1085] ? ieee80211_free_ack_frame+0x58/0x60 [ 291.129743][ T1085] idr_for_each+0x141/0x270 [ 291.131535][ T1085] ? __pfx_idr_for_each+0x10/0x10 [ 291.133456][ T1085] ? kfree+0x12a/0x3b0 [ 291.134823][ T1085] ? kfree_const+0x55/0x60 [ 291.136813][ T1085] ieee80211_free_hw+0xa6/0x2f0 [ 291.138907][ T1085] ? kobject_put+0x226/0x5b0 [ 291.140978][ T1085] mac80211_hwsim_del_radio+0x2ca/0x370 [ 291.143415][ T1085] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 291.146146][ T1085] ? hwsim_exit_net+0x2f3/0x6d0 [ 291.147721][T10364] team0: Port device team_slave_1 added [ 291.147932][ T1085] ? __local_bh_enable_ip+0xa4/0x120 [ 291.153615][ T1085] hwsim_exit_net+0x33f/0x6d0 [ 291.156234][ T1085] ? __pfx_hwsim_exit_net+0x10/0x10 [ 291.158427][ T1085] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 291.160440][ T1085] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 291.162348][ T1085] ? __pfx_hwsim_exit_net+0x10/0x10 [ 291.164234][ T1085] ops_exit_list+0xb0/0x180 [ 291.166094][ T1085] cleanup_net+0x5b7/0xbf0 [ 291.167955][ T1085] ? __pfx_cleanup_net+0x10/0x10 [ 291.170102][ T1085] process_one_work+0x958/0x1ad0 [ 291.172370][ T1085] ? __pfx_lock_acquire+0x10/0x10 [ 291.174824][ T1085] ? __pfx_process_one_work+0x10/0x10 [ 291.177191][ T1085] ? assign_work+0x1a0/0x250 [ 291.178984][ T1085] worker_thread+0x6c8/0xf30 [ 291.180793][ T1085] ? __pfx_worker_thread+0x10/0x10 [ 291.182688][ T1085] kthread+0x2c1/0x3a0 [ 291.184412][ T1085] ? _raw_spin_unlock_irq+0x23/0x50 [ 291.186622][ T1085] ? __pfx_kthread+0x10/0x10 [ 291.188592][ T1085] ret_from_fork+0x45/0x80 [ 291.190539][ T1085] ? __pfx_kthread+0x10/0x10 [ 291.192444][ T1085] ret_from_fork_asm+0x1a/0x30 [ 291.194279][ T1085] [ 291.195358][ T1085] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 291.198293][ T1085] CPU: 2 PID: 1085 Comm: kworker/u32:5 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 291.202161][ T1085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 291.206593][ T1085] Workqueue: netns cleanup_net [ 291.208431][ T1085] Call Trace: [ 291.209641][ T1085] [ 291.210621][ T1085] dump_stack_lvl+0x3d/0x1f0 [ 291.212280][ T1085] panic+0x6f5/0x7a0 [ 291.213693][ T1085] ? __pfx_panic+0x10/0x10 [ 291.215420][ T1085] ? show_trace_log_lvl+0x363/0x500 [ 291.217314][ T1085] ? check_panic_on_warn+0x1f/0xb0 [ 291.219498][ T1085] ? ieee80211_free_ack_frame+0x58/0x60 [ 291.221869][ T1085] check_panic_on_warn+0xab/0xb0 [ 291.224006][ T1085] __warn+0xf1/0x3c0 [ 291.225721][ T1085] ? ieee80211_free_ack_frame+0x58/0x60 [ 291.228050][ T1085] report_bug+0x3c0/0x580 [ 291.229942][ T1085] handle_bug+0x3d/0x70 [ 291.231751][ T1085] exc_invalid_op+0x17/0x50 [ 291.233784][ T1085] asm_exc_invalid_op+0x1a/0x20 [ 291.235908][ T1085] RIP: 0010:ieee80211_free_ack_frame+0x58/0x60 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 291.238562][ T1085] Code: 00 00 e8 3b 82 71 fe 31 c0 5b 5d c3 cc cc cc cc e8 6d 9d 49 f7 c6 05 b3 6c 87 05 01 90 48 c7 c7 00 d3 72 8c e8 69 1f 0c f7 90 <0f> 0b 90 90 eb c5 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 291.246540][ T1085] RSP: 0018:ffffc9000742f920 EFLAGS: 00010286 [ 291.249132][ T1085] RAX: 0000000000000000 RBX: ffff8880207637c0 RCX: ffffffff815112c9 [ 291.252442][ T1085] RDX: ffff88802056a440 RSI: ffffffff815112d6 RDI: 0000000000000001 [ 291.255917][ T1085] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 291.259174][ T1085] R10: 0000000000000001 R11: 0000000000000003 R12: dffffc0000000000 [ 291.262464][ T1085] R13: ffffffff8a44f170 R14: 0000000080000000 R15: 0000000000000000 [ 291.265799][ T1085] ? __pfx_ieee80211_free_ack_frame+0x10/0x10 [ 291.268337][ T1085] ? __warn_printk+0x199/0x350 [ 291.270363][ T1085] ? __warn_printk+0x1a6/0x350 [ 291.272381][ T1085] idr_for_each+0x141/0x270 [ 291.274374][ T1085] ? __pfx_idr_for_each+0x10/0x10 [ 291.276170][ T1085] ? kfree+0x12a/0x3b0 [ 291.277540][ T1085] ? kfree_const+0x55/0x60 [ 291.279041][ T1085] ieee80211_free_hw+0xa6/0x2f0 [ 291.281191][ T1085] ? kobject_put+0x226/0x5b0 [ 291.283242][ T1085] mac80211_hwsim_del_radio+0x2ca/0x370 [ 291.285662][ T1085] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 291.288272][ T1085] ? hwsim_exit_net+0x2f3/0x6d0 [ 291.290377][ T1085] ? __local_bh_enable_ip+0xa4/0x120 [ 291.292654][ T1085] hwsim_exit_net+0x33f/0x6d0 [ 291.294680][ T1085] ? __pfx_hwsim_exit_net+0x10/0x10 [ 291.296924][ T1085] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 291.299316][ T1085] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 291.301747][ T1085] ? __pfx_hwsim_exit_net+0x10/0x10 [ 291.303481][ T1085] ops_exit_list+0xb0/0x180 [ 291.305226][ T1085] cleanup_net+0x5b7/0xbf0 [ 291.306978][ T1085] ? __pfx_cleanup_net+0x10/0x10 [ 291.309140][ T1085] process_one_work+0x958/0x1ad0 [ 291.311129][ T1085] ? __pfx_lock_acquire+0x10/0x10 [ 291.312857][ T1085] ? __pfx_process_one_work+0x10/0x10 [ 291.314648][ T1085] ? assign_work+0x1a0/0x250 [ 291.316179][ T1085] worker_thread+0x6c8/0xf30 [ 291.317738][ T1085] ? __pfx_worker_thread+0x10/0x10 [ 291.319457][ T1085] kthread+0x2c1/0x3a0 [ 291.321142][ T1085] ? _raw_spin_unlock_irq+0x23/0x50 [ 291.323338][ T1085] ? __pfx_kthread+0x10/0x10 [ 291.325145][ T1085] ret_from_fork+0x45/0x80 [ 291.326602][ T1085] ? __pfx_kthread+0x10/0x10 [ 291.328549][ T1085] ret_from_fork_asm+0x1a/0x30 [ 291.330412][ T1085] [ 291.331990][ T1085] Kernel Offset: disabled [ 291.333923][ T1085] Rebooting in 86400 seconds.. VM DIAGNOSIS: 17:52:46 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffff888025f50b2a RCX=0000000000000000 RDX=0000000000000001 RSI=0000000000000008 RDI=ffff888025f50b29 RBP=0000000000000009 RSP=ffffc90025d076e8 R8 =0000000000000004 R9 =0000000000000001 R10=ffffffff941fa3ef R11=0000000000000000 R12=ffffed1004bea15b R13=ffff888025f50ae0 R14=ffff888025f50b08 R15=0000000000000004 RIP=ffffffff816c7743 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c000000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020c3d018 CR3=00000000003d4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000004080 Opmask01=0000000000000000 Opmask02=00000000ffbfef77 Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffebe4a0610 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 00000000ff000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 656e696c5f706c63 73002a5d392d305b 79747400786d7470 0079747400646461 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 54003d534b4e494c 564544003d4d4554 535953425553003d 4854415056454400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 540018534b4e494c 56454400184d4554 5359534255530018 4854415056454400 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000040 000000000034316d 697377682f6d6973 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000565208137bb0 000056520813b640 000056520813b600 0000565208136f40 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000565208136f00 000056520813e2a0 0000565208126d10 000056520812e350 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a3a263e383a3a26 39383a3a2638383a 3a263b383a3a263a 383a3a26493b3a3a ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000210 0000000000000030 003064626e2f6b3e 0000562f6c337500 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000210 0000000000000030 000056520812343e 0000562f6c337500 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000a2677d RBX=0000000000000001 RCX=ffffffff8adc9be9 RDX=0000000000000000 RSI=ffffffff8b2cb9e0 RDI=ffffffff8b8ff8e0 RBP=ffffed1002ce9910 RSP=ffffc90000477e08 R8 =0000000000000001 R9 =ffffed1005826fdd R10=ffff88802c137eeb R11=0000000000000001 R12=0000000000000001 R13=ffff88801674c880 R14=ffffffff8fe2e3d0 R15=0000000000000000 RIP=ffffffff8adcafdf RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020025000 CR3=0000000026b48000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000003000000 Opmask01=0000000000008002 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffeb9d1d340 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f6e3a6d5e007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4b1f485e005600 0b56000041000b56 000040494a564b4a 460a5340410a000a ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3520313520303020 3030203030203020 000a30202d203138 30202074696f000a ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000043 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84f9bf15 RDI=ffffffff94d60e40 RBP=ffffffff94d60e00 RSP=ffffc9000742f310 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000006 R12=0000000000000000 R13=0000000000000043 R14=ffffffff84f9beb0 R15=0000000000000000 RIP=ffffffff84f9bf3f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005567b73f4131 CR3=000000005723e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000006000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=fffffbfff1a9336f RBX=0000000000000003 RCX=ffffffff8983a5a1 RDX=0000000000000004 RSI=0000000000000026 RDI=0000000000000005 RBP=0000000000000004 RSP=ffffc900078fee40 R8 =0000000000000005 R9 =0000000000000026 R10=0000000000000003 R11=0000000000000002 R12=dffffc0000000000 R13=ffffc900078feee8 R14=0000000000000003 R15=0000000000000007 RIP=ffffffff818e8860 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fdfb92fd740 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f73f3c94 CR3=000000001c9e8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000004040003 Opmask01=00000000011000f0 Opmask02=000000000fffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe6b1b61f0 0000003000000010 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe6b1b61f0 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e2e2e2e2e2e2e2e 2e2e2e2e2e2e2e2e ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff00ffffff00 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ff00ff00ff00ff00 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff00ffffff00 00ff000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f73616500000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a56444057001346 4c51445156004050 4050545f494a5751 4b4a46051f560000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000181 0000000000000000 326874652f74656e 2f326d6973766564 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000041 0000000000000000 00306e6170772f74 656e2f307968702f ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6b505617071e5573 4157505d0639004f 64090b1f520c1648 6e1107485d5d4245 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7f5e5f57677f5f7f 5f5f775f773f5d5f 775f5b7f5b7f5f5f 6f175f6a5f5f735f ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 252d73250073252d 7325007473657571 65726f6e20007473 6575716572200032 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 61203234200a6e69 65656400735f6574 6e20735f65696400 6170652064616170 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f203234200a6e69 20616100655f2034 3420655f20666400 0a69622033342065 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbf2b313423342c ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 262821df2e2e33df 3228df3232202b22 df312e232d2435bf 2324353124322431 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020