last executing test programs: 6.278987427s ago: executing program 2 (id=332): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, 0x400d1) syz_io_uring_submit(0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000140)={{0x1, 0x1, 0x18, r1, {0xfff}}, './file1\x00'}) io_uring_enter(r2, 0x20007113, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f00000002c0)={'syztnl0\x00', 0x0, 0x29, 0x7f, 0xab, 0x6f9, 0x66, @mcast2, @private2, 0x1, 0x40, 0xb5, 0x8}}) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0x80049363, 0x0) r4 = io_uring_setup(0x5c01, &(0x7f0000000440)={0x0, 0x0, 0x800}) close_range(r4, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x1a1281) ioctl$USBDEVFS_REAPURB(r5, 0x4004550c, 0x0) inotify_add_watch(r2, &(0x7f00000001c0)='./file1\x00', 0x400017e) creat(0x0, 0x0) r6 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r6) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r6}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000500)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0, 0x4000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000180)=0x20000) pread64(0xffffffffffffffff, &(0x7f0000000040)=""/238, 0xee, 0x0) ioctl$VIDIOC_STREAMON(0xffffffffffffffff, 0x40045612, 0x0) 6.072326318s ago: executing program 2 (id=342): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) userfaultfd(0x80001) socket$netlink(0x10, 0x3, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001980)={&(0x7f00000005c0), 0x6e, &(0x7f0000000400), 0x0, &(0x7f00000019c0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0xc}}, @cred={{0x18}}, @rights={{0xc}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}, 0x40000023) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x1e1982, 0x0) ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000140)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, 0x0, 0x8001000d, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x0, 0xfffe, 0xcf0d, 0xb19, 0x2}}) ioctl(r3, 0x8b2a, &(0x7f0000000040)) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(0xffffffffffffffff, 0xc1004111, &(0x7f0000000440)={0x5, [0x4, 0x8, 0x1c5], [{0x94d, 0x809, 0x0, 0x1, 0x0, 0x1}, {0x1, 0xd, 0x1, 0x1, 0x1}, {0xa08, 0x6, 0x0, 0x0, 0x1}, {0x0, 0x7, 0x1}, {0xf, 0x800, 0x1}, {0x4d37, 0x400, 0x0, 0x0, 0x1, 0x1}, {0x6, 0x400, 0x0, 0x1}, {0x500, 0x8}, {0x8001, 0x7, 0x0, 0x0, 0x1, 0x1}, {0x3, 0x7}, {0x5, 0x3, 0x1, 0x0, 0x1, 0x1}, {0x0, 0x1, 0x0, 0x1, 0x0, 0x1}], 0x7}) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="043e1f0a00c9000001aaaaaaaaaa50"], 0x22) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_usb_connect(0x4, 0x2d, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b1000905815a68ce82476f1b80eb532754c1b884763b9dd58cf449b23ba6f46108e9f979f7a8cdaf676d0115481ce3ea63382f95e34ba0f8bc8cec49fcb131fe306c8c1df63de302236257ab566069a1"], 0x0) r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x4, 0x60001) ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) setsockopt$SO_BINDTODEVICE_wg(r5, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) connect(r5, &(0x7f0000000080)=@un=@abs, 0x80) ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f00000000c0)=0x8000041) io_uring_setup(0x1212, 0x0) 5.479160343s ago: executing program 1 (id=335): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f00000003c0)=@abs={0x1}, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = syz_io_uring_setup(0x1c15, 0x0, &(0x7f00000001c0), &(0x7f0000000000)) io_uring_enter(r2, 0x0, 0x0, 0xd, &(0x7f0000000800), 0x18) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="5000000010000304000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="05a00200000000002800128009000100766c616e00000000180002800c000200540a00001d000000060001000000000008000500", @ANYRES32=r6], 0x50}, 0x1, 0xba01}, 0x20) r7 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) (fail_nth: 23) 5.149114105s ago: executing program 1 (id=336): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0185648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f905, 0x7, '\x00', @p_u32=&(0x7f0000000100)}}) syz_emit_ethernet(0x3e, &(0x7f0000000400)={@multicast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x88, 0x0, @empty, @broadcast}, @dest_unreach={0x3, 0x0, 0x0, 0x0, 0x3, 0x7, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev}}}}}}, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000040), 0x8) setrlimit(0x0, &(0x7f0000000100)={0xffffffffffffffff}) open(0x0, 0xca942, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {0x0}], 0x2, &(0x7f0000008640), 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) prlimit64(0x0, 0x8, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000180)=ANY=[@ANYRESHEX]) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) syz_emit_ethernet(0x7a, &(0x7f00000005c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa008100000086dd602e5cea00403c0020010000000000000000000000000002ff0200000000000000000000000000010004000000000000c910fc020000000000000000000000000000c910fc010000000700000000000000000000000000000000001090780200000800000000f64ee4fa6ea6a13516694640faa65efd93"], 0x0) read(r5, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000080)={0x0, @tick=0x200, 0xfc, {0x0, 0xfe}}) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r5, 0xc0505350, &(0x7f0000000480)={{}, {}, 0x4, 0x5}) r6 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r6, 0xc0305602, &(0x7f0000000880)={0x1, 0x10}) sendmsg$NFT_BATCH(r0, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000007000)={&(0x7f0000003d00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000001e01010000000000000000070000000900010073797a300000000028000000000a010800000000fae000000a00000008000240000000010900010073797a300000000028000000020a03000056c000000000000a00020008000240000000000900010073797a30"], 0x98}}, 0x0) 4.627966046s ago: executing program 0 (id=337): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) userfaultfd(0x80001) socket$netlink(0x10, 0x3, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001980)={&(0x7f00000005c0), 0x6e, &(0x7f0000000400), 0x0, &(0x7f00000019c0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0xc}}, @cred={{0x18}}, @rights={{0xc}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}, 0x40000023) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x1e1982, 0x0) ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000140)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, 0x0, 0x8001000d, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x0, 0xfffe, 0xcf0d, 0xb19, 0x2}}) ioctl(r3, 0x8b2a, &(0x7f0000000040)) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(0xffffffffffffffff, 0xc1004111, &(0x7f0000000440)={0x5, [0x4, 0x8, 0x1c5], [{0x94d, 0x809, 0x0, 0x1, 0x0, 0x1}, {0x1, 0xd, 0x1, 0x1, 0x1}, {0xa08, 0x6, 0x0, 0x0, 0x1}, {0x0, 0x7, 0x1}, {0xf, 0x800, 0x1}, {0x4d37, 0x400, 0x0, 0x0, 0x1, 0x1}, {0x6, 0x400, 0x0, 0x1}, {0x500, 0x8}, {0x8001, 0x7, 0x0, 0x0, 0x1, 0x1}, {0x3, 0x7}, {0x5, 0x3, 0x1, 0x0, 0x1, 0x1}, {0x0, 0x1, 0x0, 0x1, 0x0, 0x1}], 0x7}) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="043e1f0a00c9000001aaaaaaaaaa50"], 0x22) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_usb_connect(0x4, 0x2d, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b1000905815a68ce82476f1b80eb532754c1b884763b9dd58cf449b23ba6f46108e9f979f7a8cdaf676d0115481ce3ea63382f95e34ba0f8bc8cec49fcb131fe306c8c1df63de302236257ab566069a1"], 0x0) r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x4, 0x60001) ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, &(0x7f0000000180)={0x0, 0x8, 0x0, 0x5, "d88fd87f1ad6eeb75a957fe0213b2e100af028f0030b2eff0b61e6e66b8f37ff"}) r5 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r5, 0x0, 0x0) setsockopt$SO_BINDTODEVICE_wg(r5, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) connect(r5, &(0x7f0000000080)=@un=@abs, 0x80) ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f00000000c0)=0x8000041) io_uring_setup(0x1212, 0x0) 3.032384364s ago: executing program 3 (id=338): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=']) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x6d89}, &(0x7f0000000440)=0x0, &(0x7f0000000040)=0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0xa8882) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r5, 0x0, 0x0}) io_uring_enter(r2, 0x8aa, 0x0, 0x0, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="2e00000010008188040f46ecdb4cb9cc8d480ef43c000000e3bd6efb440309000e0056ab10000000ba8000001201", 0x2e}], 0x1}, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) sendmsg$kcm(r6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0xfddd, 0x0, 0x0, 0x3000}, 0x10) r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r7, 0xc004743e, 0x20001439) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r8, 0x4b67, &(0x7f0000000380)={0x0, 0x0}) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x4000080}, 0x44005) mkdirat(r0, &(0x7f0000000340)='./file0\x00', 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) pipe2(&(0x7f0000000040), 0x0) r9 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_KEY(r10, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)={0x14, 0x0, 0x1, 0x70bd2c, 0x25dfdbfe, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1c880}, 0x4) fcntl$notify(r9, 0x402, 0x5) 3.022502042s ago: executing program 0 (id=347): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r1, @ANYBLOB="08002600901500000800570080"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xc044) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[], 0x2c}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="05000c000000000000000600000008000300", @ANYRES32=r5, @ANYBLOB="080005000b000000"], 0x24}}, 0x0) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001940)={0x14, 0x2b, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) syz_emit_vhci(&(0x7f0000003d40)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xc}, @hci_ev_le_remote_feat_complete={{}, {0x3, 0xc9, "705c5c7ff14d690d"}}}}, 0xf) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000500)={0x328, r6, 0x300, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_PBSS={0x4}, @NL80211_ATTR_TX_RATES={0x310, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x60, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x4a, 0x2, [{0x0, 0x2}, {0x1, 0x8}, {0x0, 0x7}, {0x3, 0x9}, {0x3, 0x8}, {0x4, 0xa}, {0x6, 0x4}, {0x3, 0x5}, {0x0, 0x5}, {0x1, 0x1}, {0x1, 0x3}, {0x5, 0x2}, {}, {0x5, 0x5}, {0x4, 0x4}, {0x2, 0x8}, {0x6, 0x7}, {0x0, 0x5}, {0x3, 0x2}, {}, {0x2, 0x1}, {0x6, 0x4}, {0x6, 0x3}, {0x3, 0x7}, {0x2, 0x2}, {0x7, 0x1}, {0x1, 0xa}, {0x3, 0x5}, {0x1, 0x2}, {0x5, 0x2}, {0x4, 0x9}, {0x1, 0x9}, {0x3, 0x5}, {0x1}, {0x4, 0x9}, {0x7}, {0x6, 0x9}, {}, {0x4, 0x9}, {0x5, 0x8}, {0x6, 0x2}, {0x6, 0x3}, {0x0, 0x9}, {0x2}, {0x4, 0x3}, {0x3}, {0x6, 0x1}, {0x2, 0x4}, {0x4, 0x6}, {0x1, 0x3}, {0x3, 0x5}, {0x2, 0x9}, {0x2, 0x8}, {0x7, 0x1}, {0x5, 0x1}, {0x6, 0x4}, {0x1}, {0x1, 0x1}, {0x7, 0x7}, {0x4, 0x1}, {0x2, 0x7}, {0x5, 0x6}, {0x1, 0x1}, {0x5, 0xa}, {0x3, 0x5}, {0x6, 0x5}, {0x1, 0x3}, {0x7, 0x9}, {0x5, 0x3}, {0x0, 0x5}]}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_60GHZ={0xc8, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xa7, 0x20a, 0x2, 0x4, 0xa3d3, 0x7, 0x6f, 0x7]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x9, 0x1b, 0x6c, 0x30, 0x48, 0x12, 0x1b, 0x48, 0x30, 0x48, 0x1b, 0xb, 0x6]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x8, 0xcb8, 0x4, 0xf, 0x3, 0x5, 0xe]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x42, 0x2, [{0x2, 0x7}, {0x6, 0x4}, {0x5, 0x1}, {0x0, 0x4}, {0x2, 0x7}, {0x6, 0x2}, {0x0, 0x5}, {0x1}, {0x1, 0x4}, {0x2, 0x2}, {0x1, 0x8}, {0x5, 0x8}, {0x6}, {0x2, 0x5}, {0x7, 0x8}, {0x1, 0x6}, {0x0, 0xa}, {0x1}, {0x2, 0xa}, {0x5, 0x7}, {0x0, 0x3}, {0x4, 0x8}, {0x5, 0xa}, {0x6}, {0x6, 0x2}, {0x5, 0x4}, {0x6, 0x3}, {0x0, 0x4}, {0x2, 0xa}, {0x5, 0x2}, {0x0, 0x5}, {0x7, 0x4}, {0x5, 0x1}, {0x4, 0x6}, {0x7, 0x1}, {0x1, 0x3}, {}, {0x0, 0x2}, {0x6, 0x2}, {0x1, 0x5}, {0x7, 0x3}, {0x3, 0x5}, {0x2, 0x6}, {0x6, 0x7}, {0x1, 0x8}, {0x3, 0x1}, {0x1, 0x9}, {0x4, 0x4}, {0x7, 0x9}, {0x0, 0x9}, {0x0, 0x7}, {0x4, 0x9}, {0x0, 0xb}, {0x1, 0x5}, {0x7, 0x8}, {0x7, 0x7}, {0x3, 0x7}, {0x0, 0x2}, {0x6, 0x3}, {0x5}, {0x1, 0x5}, {0x1, 0x5}]}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x12, 0x0, 0x36, 0x4, 0x60, 0xb, 0x2, 0x25, 0x24, 0x3, 0x6c, 0x12, 0x9, 0x36, 0x18, 0x48, 0x6, 0x30, 0x12, 0x6c, 0x48, 0x5, 0x60]}]}, @NL80211_BAND_60GHZ={0x20, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x0, 0x4, 0x1, 0x7c, 0x1, 0x7, 0x2]}}]}, @NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x64, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x10, 0x7, 0x1637, 0xc, 0x5, 0x86, 0xf]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x5, 0x30, 0xc, 0xb, 0x9, 0x24, 0x6c, 0xc, 0x4, 0x6c, 0x4, 0x6, 0x3d, 0x24, 0x24, 0x1b, 0x2, 0x5, 0x1, 0x36, 0x9, 0x30, 0x12, 0x4, 0x48, 0x12]}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x12, 0x30, 0x1, 0x30, 0x13, 0x1b, 0x1b, 0x2, 0xc, 0x24, 0x16, 0x2, 0x3b, 0x2, 0x9, 0x1, 0xc, 0x6, 0x12, 0x65, 0x18, 0x36, 0x1, 0x0, 0x12, 0x1, 0x1b, 0x12, 0x3]}]}, @NL80211_BAND_60GHZ={0xc, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x74, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x4e, 0x2, [{0x1, 0x6}, {0x0, 0x1}, {0x1, 0x9}, {0x3, 0x9}, {0x2, 0x1}, {0x7, 0x8}, {0x2, 0x6}, {0x7, 0xa}, {0x0, 0x1}, {0x4, 0x3}, {0x1, 0x8}, {0x2, 0x1}, {0x2, 0x7}, {0x1, 0x8}, {0x3, 0x4}, {0x4, 0x8}, {0x3, 0xa}, {0x5, 0x8}, {0x3, 0x9}, {0x7, 0xa}, {0x7, 0x2}, {0x0, 0x7}, {0x7, 0x5}, {0x5, 0x8}, {0x2, 0x2}, {0x0, 0xa}, {0x5, 0x9}, {0x1, 0xa}, {0x2, 0x8}, {0x0, 0x9}, {0x5, 0x6}, {0x3, 0x1}, {0x6, 0x1}, {0x2, 0x3}, {0x6, 0x5}, {0x0, 0x2}, {0x2, 0x7}, {0x1, 0xa}, {0x3, 0xa}, {0x7, 0x1}, {0x1, 0x4}, {0x2, 0xa}, {0x0, 0x9}, {0x4, 0x8}, {0x3, 0x5}, {0x2, 0x8}, {0x2, 0x8}, {0x1, 0x9}, {0x5, 0xa}, {0x0, 0x2}, {0x1, 0x8}, {0x1, 0x3}, {0x6, 0x4}, {0x5, 0x4}, {0x7, 0x4}, {0x1, 0x2}, {0x1, 0x5}, {0x6, 0x9}, {0x3, 0x9}, {0x1, 0x3}, {0x2, 0x4}, {0x3, 0x7}, {0x2, 0x6}, {0x5, 0x5}, {0x2, 0x8}, {0x1, 0x5}, {0x2, 0x3}, {0x6, 0x5}, {0x2, 0x5}, {0x3, 0x3}, {0x5}, {0x0, 0x3}, {0x7, 0x6}, {0x6}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_5GHZ={0xcc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x81, 0x1, 0x200, 0x1, 0x401, 0x0, 0x6]}}, @NL80211_TXRATE_HT={0x44, 0x2, [{0x0, 0x2}, {}, {0x4, 0x6}, {0x0, 0x7}, {0x1, 0x1}, {0x1, 0x9}, {0x2}, {0x6, 0x3}, {0x0, 0x5}, {0x1, 0x2}, {0x1, 0x7}, {0x2, 0x1}, {0x4, 0x5}, {0x7, 0x7}, {0x4}, {0x7, 0x2}, {0x3, 0xa}, {0x7, 0x5}, {0x7, 0x8}, {0x5, 0xa}, {0x3, 0x6}, {0x7, 0x2}, {0x4, 0x1}, {0x3, 0x3}, {0x0, 0x2}, {0x0, 0x1}, {0x1, 0x8}, {0x5, 0x1}, {0x6, 0x2}, {0x4, 0xa}, {0x2, 0x3}, {0x3, 0x3}, {0x2, 0x1}, {0x1, 0x4}, {0x2, 0x3}, {0x7, 0x4}, {0x0, 0xa}, {0x1, 0x4}, {0x0, 0x3}, {0x3, 0x2}, {0x0, 0x4}, {0x3, 0x4}, {0x1, 0x3}, {0x0, 0x3}, {0x3, 0x5}, {0x6, 0xa}, {0x7, 0x2}, {0x2, 0x6}, {0x0, 0x6}, {0x1, 0x2}, {0x4, 0x6}, {0x1}, {0x3, 0x8}, {0x1}, {0x1, 0x1}, {0x6, 0x4}, {0x4, 0x2}, {0x1, 0x8}, {0x4, 0xa}, {0x6, 0x3}, {0x0, 0x7}, {0x0, 0x7}, {0x7, 0x2}, {0x0, 0x7}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xae0a, 0x0, 0xa9, 0x401, 0x3, 0x0, 0x9, 0xc2ac]}}, @NL80211_TXRATE_HT={0x13, 0x2, [{0x2, 0x3}, {0x1, 0x5}, {0x2, 0x7}, {0x0, 0x3}, {0x7, 0x6}, {0x4, 0x8}, {0x3, 0x9}, {0x6, 0x4}, {0x5, 0x3}, {0x4, 0x7}, {0x3, 0x5}, {0x6, 0x3}, {0x3, 0x1}, {0x0, 0x6}, {0x4, 0x3}]}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x48, 0x1, 0x24, 0x60, 0x3, 0x12, 0x24, 0x4, 0x1b]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x3, 0x119, 0x1, 0x5, 0xb, 0x9, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0xe3f, 0x401, 0x8001, 0x6, 0x0, 0x3, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5}]}]}]}, 0x328}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) 3.014229839s ago: executing program 1 (id=339): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) userfaultfd(0x80001) socket$netlink(0x10, 0x3, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001980)={&(0x7f00000005c0), 0x6e, &(0x7f0000000400), 0x0, &(0x7f00000019c0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0xc}}, @cred={{0x18}}, @rights={{0xc}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}, 0x40000023) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x1e1982, 0x0) ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000140)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, 0x0, 0x8001000d, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x0, 0xfffe, 0xcf0d, 0xb19, 0x2}}) ioctl(r3, 0x8b2a, &(0x7f0000000040)) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(0xffffffffffffffff, 0xc1004111, &(0x7f0000000440)={0x5, [0x4, 0x8, 0x1c5], [{0x94d, 0x809, 0x0, 0x1, 0x0, 0x1}, {0x1, 0xd, 0x1, 0x1, 0x1}, {0xa08, 0x6, 0x0, 0x0, 0x1}, {0x0, 0x7, 0x1}, {0xf, 0x800, 0x1}, {0x4d37, 0x400, 0x0, 0x0, 0x1, 0x1}, {0x6, 0x400, 0x0, 0x1}, {0x500, 0x8}, {0x8001, 0x7, 0x0, 0x0, 0x1, 0x1}, {0x3, 0x7}, {0x5, 0x3, 0x1, 0x0, 0x1, 0x1}, {0x0, 0x1, 0x0, 0x1, 0x0, 0x1}], 0x7}) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="043e1f0a00c9000001aaaaaaaaaa50"], 0x22) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_usb_connect(0x4, 0x2d, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b1000905815a68ce82476f1b80eb532754c1b884763b9dd58cf449b23ba6f46108e9f979f7a8cdaf676d0115481ce3ea63382f95e34ba0f8bc8cec49fcb131fe306c8c1df63de302236257ab566069a1"], 0x0) r4 = syz_open_dev$evdev(0x0, 0x4, 0x60001) ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, &(0x7f0000000180)={0x0, 0x8, 0x0, 0x5, "d88fd87f1ad6eeb75a957fe0213b2e100af028f0030b2eff0b61e6e66b8f37ff"}) r5 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) setsockopt$SO_BINDTODEVICE_wg(r5, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) connect(r5, &(0x7f0000000080)=@un=@abs, 0x80) ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f00000000c0)=0x8000041) io_uring_setup(0x1212, 0x0) 3.013066603s ago: executing program 2 (id=340): syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x8eb82) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syz_tun\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="01000000030000006102000002001b0000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=r2, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000100)) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x6) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(r4, &(0x7f00000023c0)={0x2020}, 0x2020) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001440)={r3, 0x0, 0x0}, 0x10) listen(0xffffffffffffffff, 0x4) syz_usb_connect$printer(0x3, 0x2d, &(0x7f0000000300)=ANY=[@ANYBLOB="12014105000000202505a8a440000102030109021b000101083004090400fc010701020409050102100006020679a208fe4c80ce3f7b60f9ff25010d5c9da0887c4db37707c8d3358e953b7da67590455379cdbcc802c4ce344aeaf466216a7880b73e4d6d19bf"], &(0x7f0000000440)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x110, 0xb4, 0x7, 0x0, 0xff}, 0x47, &(0x7f0000000280)=ANY=[@ANYBLOB="050f47000514100405883b172c65fde1057696ddd4d0139fb42518bfd1f8cc881511604adc4c8f03100b031002141004074c5f40589eadee461e56788fb8d2e744000000000000"], 0x1, [{0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x418}}]}) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r6, 0x0, 0x30, &(0x7f0000000c80)=ANY=[@ANYBLOB], 0x210) openat$vim2m(0xffffff9c, &(0x7f0000000540), 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000380)=[{0x0, 0x2, 0x7, 0x7}]}) r7 = socket(0x10, 0x2, 0x0) r8 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r8) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000240)={'syztnl2\x00', r9, 0x0, 0x1, 0xfc, 0x0, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x8000}}) 2.211209029s ago: executing program 3 (id=341): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="00000000d42a2a8400000000bf0500000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095000000000000000000000000f35a073df41e67402a2e393b71082a2919815d0c4a357ee944c271cf4e2c98d282df6382072ec94490d1afca6184ea7ee09b28f9a986e76b485104f4aa18f28e6b9b84c7dbd6de2a7c3f4bd2d448e4da4b0c532c1414b3fc103219cdf12f7d78eb56fef0f514304eb1d619e98f050e0d08c76f1abbfb2b6b9b03ab2d7a1914658c985a2b7157c3d7661d5518fde560894adc5e0ff0522448ac50ff0312de17c8b0f7386173e9851307516ee7d03934d869b3de4ff762"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000240)={0x33, 0x17, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x48, {0x1, 0x10, 0xa, 0x3, [0x0, 0x8000000000000000, 0x6, 0x8, 0x7, 0x100000001, 0x8, 0xc1]}}, @calipso={0x7, 0x58, {0x1, 0x14, 0x1, 0x6, [0x3, 0x80, 0x0, 0x3a004130, 0x3060c2c3, 0x10000, 0xfe85, 0x8, 0xff, 0x1]}}, @pad1, @ra]}, 0xc8) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) getsockopt$PNPIPE_ENCAP(r3, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') read$FUSE(r4, &(0x7f0000003180)={0x2020}, 0x2020) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000000c0), 0x4) sched_setscheduler(0x0, 0x2, 0x0) mkdir(0x0, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @host}, 0x10) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ed5000410"], 0x11) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x210020, &(0x7f0000000040)=ANY=[@ANYBLOB="643d0000000000000000a8d00000000000", @ANYRESHEX=0x0, @ANYBLOB=',\x00']) 2.202949722s ago: executing program 0 (id=351): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000200)=0x0, &(0x7f0000000040)=0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000540)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4008840}, 0x50) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x102}) io_uring_enter(r2, 0x7a98, 0x0, 0x0, 0x0, 0xfff2) 2.122063704s ago: executing program 0 (id=343): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xe}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @multicast2}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r1, 0x0, 0x3, &(0x7f0000000080)=0x90e, 0x4) sendto$inet(r1, &(0x7f0000000100)="1ce0", 0xffeb, 0x0, &(0x7f0000001100)={0x2, 0xe000, @private}, 0x10) 2.081916703s ago: executing program 3 (id=344): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r1, @ANYBLOB="08002600901500000800570080"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xc044) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[], 0x2c}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="05000c000000000000000600000008000300", @ANYRES32=r5, @ANYBLOB="080005000b000000"], 0x24}}, 0x0) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001940)={0x14, 0x2b, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) syz_emit_vhci(&(0x7f0000003d40)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xc}, @hci_ev_le_remote_feat_complete={{}, {0x3, 0xc9, "705c5c7ff14d690d"}}}}, 0xf) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000500)={0x328, r6, 0x300, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_PBSS={0x4}, @NL80211_ATTR_TX_RATES={0x310, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x60, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x4a, 0x2, [{0x0, 0x2}, {0x1, 0x8}, {0x0, 0x7}, {0x3, 0x9}, {0x3, 0x8}, {0x4, 0xa}, {0x6, 0x4}, {0x3, 0x5}, {0x0, 0x5}, {0x1, 0x1}, {0x1, 0x3}, {0x5, 0x2}, {}, {0x5, 0x5}, {0x4, 0x4}, {0x2, 0x8}, {0x6, 0x7}, {0x0, 0x5}, {0x3, 0x2}, {}, {0x2, 0x1}, {0x6, 0x4}, {0x6, 0x3}, {0x3, 0x7}, {0x2, 0x2}, {0x7, 0x1}, {0x1, 0xa}, {0x3, 0x5}, {0x1, 0x2}, {0x5, 0x2}, {0x4, 0x9}, {0x1, 0x9}, {0x3, 0x5}, {0x1}, {0x4, 0x9}, {0x7}, {0x6, 0x9}, {}, {0x4, 0x9}, {0x5, 0x8}, {0x6, 0x2}, {0x6, 0x3}, {0x0, 0x9}, {0x2}, {0x4, 0x3}, {0x3}, {0x6, 0x1}, {0x2, 0x4}, {0x4, 0x6}, {0x1, 0x3}, {0x3, 0x5}, {0x2, 0x9}, {0x2, 0x8}, {0x7, 0x1}, {0x5, 0x1}, {0x6, 0x4}, {0x1}, {0x1, 0x1}, {0x7, 0x7}, {0x4, 0x1}, {0x2, 0x7}, {0x5, 0x6}, {0x1, 0x1}, {0x5, 0xa}, {0x3, 0x5}, {0x6, 0x5}, {0x1, 0x3}, {0x7, 0x9}, {0x5, 0x3}, {0x0, 0x5}]}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_60GHZ={0xc8, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xa7, 0x20a, 0x2, 0x4, 0xa3d3, 0x7, 0x6f, 0x7]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x9, 0x1b, 0x6c, 0x30, 0x48, 0x12, 0x1b, 0x48, 0x30, 0x48, 0x1b, 0xb, 0x6]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x8, 0xcb8, 0x4, 0xf, 0x3, 0x5, 0xe]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x42, 0x2, [{0x2, 0x7}, {0x6, 0x4}, {0x5, 0x1}, {0x0, 0x4}, {0x2, 0x7}, {0x6, 0x2}, {0x0, 0x5}, {0x1}, {0x1, 0x4}, {0x2, 0x2}, {0x1, 0x8}, {0x5, 0x8}, {0x6}, {0x2, 0x5}, {0x7, 0x8}, {0x1, 0x6}, {0x0, 0xa}, {0x1}, {0x2, 0xa}, {0x5, 0x7}, {0x0, 0x3}, {0x4, 0x8}, {0x5, 0xa}, {0x6}, {0x6, 0x2}, {0x5, 0x4}, {0x6, 0x3}, {0x0, 0x4}, {0x2, 0xa}, {0x5, 0x2}, {0x0, 0x5}, {0x7, 0x4}, {0x5, 0x1}, {0x4, 0x6}, {0x7, 0x1}, {0x1, 0x3}, {}, {0x0, 0x2}, {0x6, 0x2}, {0x1, 0x5}, {0x7, 0x3}, {0x3, 0x5}, {0x2, 0x6}, {0x6, 0x7}, {0x1, 0x8}, {0x3, 0x1}, {0x1, 0x9}, {0x4, 0x4}, {0x7, 0x9}, {0x0, 0x9}, {0x0, 0x7}, {0x4, 0x9}, {0x0, 0xb}, {0x1, 0x5}, {0x7, 0x8}, {0x7, 0x7}, {0x3, 0x7}, {0x0, 0x2}, {0x6, 0x3}, {0x5}, {0x1, 0x5}, {0x1, 0x5}]}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x12, 0x0, 0x36, 0x4, 0x60, 0xb, 0x2, 0x25, 0x24, 0x3, 0x6c, 0x12, 0x9, 0x36, 0x18, 0x48, 0x6, 0x30, 0x12, 0x6c, 0x48, 0x5, 0x60]}]}, @NL80211_BAND_60GHZ={0x20, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x0, 0x4, 0x1, 0x7c, 0x1, 0x7, 0x2]}}]}, @NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x64, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x10, 0x7, 0x1637, 0xc, 0x5, 0x86, 0xf]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x5, 0x30, 0xc, 0xb, 0x9, 0x24, 0x6c, 0xc, 0x4, 0x6c, 0x4, 0x6, 0x3d, 0x24, 0x24, 0x1b, 0x2, 0x5, 0x1, 0x36, 0x9, 0x30, 0x12, 0x4, 0x48, 0x12]}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x12, 0x30, 0x1, 0x30, 0x13, 0x1b, 0x1b, 0x2, 0xc, 0x24, 0x16, 0x2, 0x3b, 0x2, 0x9, 0x1, 0xc, 0x6, 0x12, 0x65, 0x18, 0x36, 0x1, 0x0, 0x12, 0x1, 0x1b, 0x12, 0x3]}]}, @NL80211_BAND_60GHZ={0xc, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x74, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x4e, 0x2, [{0x1, 0x6}, {0x0, 0x1}, {0x1, 0x9}, {0x3, 0x9}, {0x2, 0x1}, {0x7, 0x8}, {0x2, 0x6}, {0x7, 0xa}, {0x0, 0x1}, {0x4, 0x3}, {0x1, 0x8}, {0x2, 0x1}, {0x2, 0x7}, {0x1, 0x8}, {0x3, 0x4}, {0x4, 0x8}, {0x3, 0xa}, {0x5, 0x8}, {0x3, 0x9}, {0x7, 0xa}, {0x7, 0x2}, {0x0, 0x7}, {0x7, 0x5}, {0x5, 0x8}, {0x2, 0x2}, {0x0, 0xa}, {0x5, 0x9}, {0x1, 0xa}, {0x2, 0x8}, {0x0, 0x9}, {0x5, 0x6}, {0x3, 0x1}, {0x6, 0x1}, {0x2, 0x3}, {0x6, 0x5}, {0x0, 0x2}, {0x2, 0x7}, {0x1, 0xa}, {0x3, 0xa}, {0x7, 0x1}, {0x1, 0x4}, {0x2, 0xa}, {0x0, 0x9}, {0x4, 0x8}, {0x3, 0x5}, {0x2, 0x8}, {0x2, 0x8}, {0x1, 0x9}, {0x5, 0xa}, {0x0, 0x2}, {0x1, 0x8}, {0x1, 0x3}, {0x6, 0x4}, {0x5, 0x4}, {0x7, 0x4}, {0x1, 0x2}, {0x1, 0x5}, {0x6, 0x9}, {0x3, 0x9}, {0x1, 0x3}, {0x2, 0x4}, {0x3, 0x7}, {0x2, 0x6}, {0x5, 0x5}, {0x2, 0x8}, {0x1, 0x5}, {0x2, 0x3}, {0x6, 0x5}, {0x2, 0x5}, {0x3, 0x3}, {0x5}, {0x0, 0x3}, {0x7, 0x6}, {0x6}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_5GHZ={0xcc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x81, 0x1, 0x200, 0x1, 0x401, 0x0, 0x6]}}, @NL80211_TXRATE_HT={0x44, 0x2, [{0x0, 0x2}, {}, {0x4, 0x6}, {0x0, 0x7}, {0x1, 0x1}, {0x1, 0x9}, {0x2}, {0x6, 0x3}, {0x0, 0x5}, {0x1, 0x2}, {0x1, 0x7}, {0x2, 0x1}, {0x4, 0x5}, {0x7, 0x7}, {0x4}, {0x7, 0x2}, {0x3, 0xa}, {0x7, 0x5}, {0x7, 0x8}, {0x5, 0xa}, {0x3, 0x6}, {0x7, 0x2}, {0x4, 0x1}, {0x3, 0x3}, {0x0, 0x2}, {0x0, 0x1}, {0x1, 0x8}, {0x5, 0x1}, {0x6, 0x2}, {0x4, 0xa}, {0x2, 0x3}, {0x3, 0x3}, {0x2, 0x1}, {0x1, 0x4}, {0x2, 0x3}, {0x7, 0x4}, {0x0, 0xa}, {0x1, 0x4}, {0x0, 0x3}, {0x3, 0x2}, {0x0, 0x4}, {0x3, 0x4}, {0x1, 0x3}, {0x0, 0x3}, {0x3, 0x5}, {0x6, 0xa}, {0x7, 0x2}, {0x2, 0x6}, {0x0, 0x6}, {0x1, 0x2}, {0x4, 0x6}, {0x1}, {0x3, 0x8}, {0x1}, {0x1, 0x1}, {0x6, 0x4}, {0x4, 0x2}, {0x1, 0x8}, {0x4, 0xa}, {0x6, 0x3}, {0x0, 0x7}, {0x0, 0x7}, {0x7, 0x2}, {0x0, 0x7}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xae0a, 0x0, 0xa9, 0x401, 0x3, 0x0, 0x9, 0xc2ac]}}, @NL80211_TXRATE_HT={0x13, 0x2, [{0x2, 0x3}, {0x1, 0x5}, {0x2, 0x7}, {0x0, 0x3}, {0x7, 0x6}, {0x4, 0x8}, {0x3, 0x9}, {0x6, 0x4}, {0x5, 0x3}, {0x4, 0x7}, {0x3, 0x5}, {0x6, 0x3}, {0x3, 0x1}, {0x0, 0x6}, {0x4, 0x3}]}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x48, 0x1, 0x24, 0x60, 0x3, 0x12, 0x24, 0x4, 0x1b]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x3, 0x119, 0x1, 0x5, 0xb, 0x9, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0xe3f, 0x401, 0x8001, 0x6, 0x0, 0x3, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5}]}]}]}, 0x328}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) 2.013959764s ago: executing program 3 (id=345): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) pipe(&(0x7f0000000040)={0xffffffffffffffff}) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000400"/20, @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) getpeername$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000200)=0x14) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r4, &(0x7f0000000240)={0x0, 0x5, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1800000001140100000000000800010000000000bbe043ac53176101e834035a689d096446f5f6b5d81fb648e9e3db8277b9e45b7d5d36dfb8c0ac518a86c39882c7e89de1d3c76774c4d3f81fc739b71821259c53b46d018dca121c541932a50b5933c0ff9c11c0d5a065073f57f7c75e6cde2eda862ac649f0133b8efa"], 0x18}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x300}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x18}, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8) syz_io_uring_setup(0x55b1, &(0x7f0000000040)={0x0, 0xc098, 0x200, 0x1, 0x1}, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)={0x3}) ioctl$PPPIOCGIDLE32(r2, 0x8008743f, &(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="44000000020101"], 0x44}}, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000b40)="f30f09ba6100b8c400ef66b9eb0a00000f3266b9830000c066b84700000066ba000000000f30f2a60fc75add650fdabc755ac09af67f0066b98004000066b8532ebe1866ba0bffd3710f3066b9830500000f32", 0x53}], 0x1, 0x0, 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0xdcc2, 0x2) 2.012024716s ago: executing program 0 (id=355): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(r2, 0x111, 0x2, 0x0, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x3, [@func={0x4, 0x0, 0x0, 0xc, 0x2}, @var={0x3, 0x0, 0x0, 0xe, 0x5}, @fwd={0x8}]}, {0x0, [0x83]}}, &(0x7f0000000280)=""/76, 0x43, 0x4c, 0x0, 0x2, 0x10000, @value}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, @fallback=0x36, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r3, r0}, 0xc) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r5, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) fsmount(r5, 0x0, 0x0) mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='xfs\x00', 0x808000, 0x0) 1.048656123s ago: executing program 0 (id=346): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021500000000c0a01010000000000000000070000000900020073797a31000000000900010073797a300000000024000380f2fe008008000340000000000b801000018000000100667764000000028000000340000000000000024000000000000003400000000000000340000000000000024000000000000002400000000000000140000000000000014000000000140000001000010000000000000000000084000a"], 0xd4}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) gettid() bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000004200000a90200008000000042000000", @ANYRES32, @ANYBLOB="06000000000000000000000000000000009d0000", @ANYRES32=0x0, @ANYRES32], 0x48) r2 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000040)="1002d7d97043d66fda937c7b65567297207adb3029e20544ec044c2fbb6bf865c9331165cb94d9fcb78cb57f9b40b11193c0030046c2ccf1295f9abfb2b534ba00", 0x0, 0x48) mbind(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x4002, &(0x7f0000000000)=0xfffffffffffffffe, 0x3, 0x0) prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffc000/0x4000)=nil) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) syz_io_uring_setup(0x42502, &(0x7f0000000080)={0x0, 0x954b, 0x20, 0x10}, &(0x7f0000000300), &(0x7f0000000140)) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="bd4e54d45303aaaaaaaaaa0008060001050006040000ffffffffffffac141400aaaaaaaaaaaae0000002"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r5, 0x5b24, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) shmget$private(0x0, 0x1000, 0x200, &(0x7f0000ffc000/0x1000)=nil) r6 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r6, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) 927.201881ms ago: executing program 3 (id=348): sched_setaffinity(0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000003c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x5, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x20}]}) 408.984478ms ago: executing program 3 (id=349): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) getresuid(&(0x7f0000000240), &(0x7f0000000340), &(0x7f0000000380)) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"]) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d00000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2) ioctl$vim2m_VIDIOC_EXPBUF(r2, 0xc0405610, &(0x7f0000000080)={0x1}) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000000)={0x0, 0x1, 0x2}) close_range(r1, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) ftruncate(r3, 0xc17c) sendmsg$nl_route_sched(r3, &(0x7f0000008f40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14850}, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) unshare(0x42000000) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x20001439) unshare(0x44000000) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r5, 0xffffffffffffffff, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0xb, 0x101000) ioctl$USBDEVFS_REAPURB(r6, 0x4004550c, &(0x7f0000000140)) r7 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_TABLE(r7, 0x29, 0xd1, &(0x7f0000000040)=0xfe, 0x4) r8 = getpid() process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) write$FUSE_LK(r3, &(0x7f00000002c0)={0x28, 0x0, 0x0, {{0x1fd, 0x9, 0x0, r8}}}, 0x28) 306.211556ms ago: executing program 2 (id=350): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000300)=[@in6={0xa, 0x4e22, 0x6, @rand_addr=' \x01\x00', 0x5}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x25, &(0x7f00000000c0)={r3, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x52}, &(0x7f00000001c0)=0x9c) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000480)={'team_slave_1\x00', 0x0}) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x6, 0x4, &(0x7f0000013d40)=ANY=[@ANYBLOB="18000000000000100000000000000700b5000000087c9a0095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r5, r4, 0x25, 0x0, @val=@netkit={@void, @value}}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) 209.015394ms ago: executing program 2 (id=352): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) syz_emit_ethernet(0x52, &(0x7f00000007c0)={@local, @random="89ab9b4c72ca", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x1c, 0x2c, 0x0, @remote, @local, {[@routing={0x0, 0x0, 0x0, 0x8}], {{0x0, 0x400, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0) ioctl$VT_WAITACTIVE(r1, 0x5607) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000100), 0x8) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}, 0x2}], 0x400000000000172, 0x4000000) r3 = openat$procfs(0xffffff9c, &(0x7f0000000100)='/proc/asound/seq/timer\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000500)={0x10000005}) syz_emit_ethernet(0xcf, &(0x7f0000000880)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x12, 0x4, 0x1, 0x9, 0xc1, 0x64, 0x0, 0x3, 0x1, 0x0, @multicast2, @empty, {[@generic={0x89, 0x3, '5'}, @generic={0x44, 0x8, "c324061b6415"}, @noop, @timestamp_prespec={0x44, 0xc, 0x2a, 0x3, 0x0, [{@multicast1, 0x2}]}, @timestamp_prespec={0x44, 0x1c, 0x75, 0x3, 0x8, [{@multicast2, 0x5}, {@remote, 0x3}, {@local, 0x28}]}]}}, @echo={0x8, 0x0, 0x0, 0x5, 0x3, "d4d3e88c07e5e5ab34d13290bde53a12843870d44cba97e4cde068d60ee2cf8a578939747108d03774bcd62e57a7df4ce591c3b9a332bf6613ca6deba5c791a67383ecec4beb4d86277c939578872236d1ac5b7550d5683504558572e480912332c391d35fd792f4b0040d367c27e4064d"}}}}}, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2) r5 = openat$uhid(0xffffff9c, &(0x7f0000000540), 0x802, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000580)={0xb, {'syz0\x00', 'syz1\x00', 'syz0\x00', 0x63, 0x3, 0x2, 0x5, 0x8, 0x44ba, "a321ad9dea372f6abc051fdbdce385d5d49841754481efae5e629270be3104a8c21f6cc920fb8f999cee6d175a22a102e2d4b2eee5d9c43e16445c91a4852590385532c5bae4f35fe8ff64cfe1cf560fdecb7a83c432b47065fd680e09e696347f9543"}}, 0x17b) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000040)={0x49, 0x2, 0x0, "0ba7dfadd940d2c1aebd746fc04a0026d174932d4600"}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r7, &(0x7f0000000500)=[{{&(0x7f0000000300)=@file={0x1, './file0/file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000000)=[@rights={{0x14, 0x1, 0x1, [r7, r6]}}], 0x14, 0x8005}}], 0x1, 0x4000d48) writev(r4, &(0x7f0000000480)=[{&(0x7f0000000000)="79347d64ec2c18a970ab8f16c2db382f726e0e37035b9301971100e15de55fd30a6b7e02d4271bce3ee2846a046180f65b02e2cd72c865a634345f4f1bc57e9361f80eb4d945391b831b485763244b20e9ae9e27d9a36701b5ae9fa72272a2d2fb49c23b9c1492b1168451e573394485fbc132944c5a8946c60a5686d694bb9ba1dd2b5c9f6962a54a3e3dad520c7fb42f5c7ca720071db19e06b9c08cf135ed0345941f7d5bd58001ca9bd45141c0d34493eff4caaa096936c0837c306a3bd283ead075f9fb5bad6e1365289d07d4e072", 0xd1}, {&(0x7f0000000100)}, {&(0x7f0000000140)="7d38637f4d442bb18707d6f5f06839f3bd730fcc20f0f48f7de4e2e5fa643d0097cb06841f23095e45e4bfd236d763658eceb19b9b80c88ad62568cd59072be0ddb7d44c5054661291c1623508fef71f0054cc3f5c9451b4d15f50f116", 0x5d}, {&(0x7f00000001c0)="fbaf34b445dc844623ae", 0xa}, {&(0x7f0000000200)="be926072ee17eb927f8f6a", 0xb}, {&(0x7f0000000240)="b7fdc00b1110f9d2352dcbe11e9966ca8188", 0x12}, {&(0x7f0000000280)="8c9d866cfbef85d9bd71aa0c4f791ca37f4f61b42e70e87222b6221196b667bbc0cd1f0724fb0ab2619cf34daa5e33585c87653abd5a53ba9bd885d16794960f295081fe72318421f36701f89663de810152e383aec6471f20d14989297c07d1edf5deb43194f5cb88294aeb2866e48c0a42f6b8f13db09e", 0x78}, {&(0x7f0000000300)="62c618e111a97a1715c4a6a45363a60cccf6a93526dd7735e64d8e057954fdb3c50b6cc31cbc4a2f08831d8ab61d91709d0f9755331edc50d005014ef2ca83b310648735ddc90efd659bf2a6eeaba6548042629f888c262acf", 0x59}, {&(0x7f0000000380)="c1334190d388e5a4eee32a01384f057ee20a733662b5066ca537c7d75c9e2c7d61e4d93e77a429d8b482bb88e8f80804109108750285e4e9300f9e9d68c9e04f59e428eface07695eae162d4ccb98ff0decd2599f0845e1b0deff42d6f23e9799d1459aaa827ef984fdb78d0bc9ee2a573a34977adaa0afc97c5d7ef2921e4d3561d3c293c94aaf6909886a3c8f7e80acc1be203ddd584064d98f84c648bc550906c6654a68a92c88ad7487fa40afdbc64cd25b50082ce3692b0af33d8a1b5dc9157a83a2b4a517eb528a7120a388e4ed8bee7eda790b6762d537dceab38ed595c3a08", 0xe3}], 0x9) write$UHID_INPUT(r1, &(0x7f0000001040)={0xc, {"a2e3ad214fc752f91b3e090987f70e06d038e7ff7fc6e5539b3264078b089b0e083871090890e0878f0e1ac6e7049b334c959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31360d3b5d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d780231c9c99a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f068bb87af8b90fd8f08876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b281769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e51074b41bc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x7c4}}, 0x1006) 160.739646ms ago: executing program 1 (id=353): r0 = openat$sndtimer(0xffffff9c, &(0x7f0000000040), 0x100) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000080)={0x1, 0x3, 0x2, 0x2, 0x81}) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r1, 0x101) r2 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r2, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) r3 = accept4(r1, 0x0, 0x0, 0x0) write$binfmt_script(r3, &(0x7f0000000440)={'#! ', './file0'}, 0xb) sendto$inet(r2, &(0x7f0000000780)='+', 0xffc3, 0x0, 0x0, 0x0) migrate_pages(0x0, 0x0, 0x0, &(0x7f0000000000)=0xfffffffffffffffc) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e06f40908"], 0xa) 99.095207ms ago: executing program 2 (id=354): pipe(&(0x7f00000001c0)) socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x37, 0x6b, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000300)="000000000000c862b779b6ebb7bd3312bab85be550f7679d8e9d88b886edd26b0f5d53d06b1d8822895b9787abe255e000000000000000", &(0x7f0000002240)=""/4088, 0x0, 0x0, 0x0, 0x0}) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0, 0x0) r1 = socket(0x0, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mount$fuse(0x0, 0x0, 0x0, 0x4000, &(0x7f00000002c0)=ANY=[@ANYRESOCT=r1]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c000980080001400037"], 0xb0}}, 0x0) r3 = socket(0x10, 0x3, 0xc) write(r3, &(0x7f0000000040)="effd00001000ff00fd4344c007110000f3050a00dbfd010000000001ffdf00", 0xfe00) sendmsg$kcm(r3, &(0x7f0000000400)={0x0, 0xfffffebd, 0x0, 0xfffffffffffffdc2, 0x0, 0x0, 0x3000}, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x20001439) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[], 0x48) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="c7"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r8 = dup(r7) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4400ae8f, &(0x7f0000000040)) ioctl$KVM_SET_VAPIC_ADDR(r8, 0x4008ae93, &(0x7f00000001c0)=0x10000) 36.736729ms ago: executing program 1 (id=356): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r1, @ANYBLOB="08002600901500000800570080"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xc044) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[], 0x2c}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="05000c000000000000000600000008000300", @ANYRES32=r5, @ANYBLOB="080005000b000000"], 0x24}}, 0x0) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001940)={0x14, 0x2b, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) syz_emit_vhci(&(0x7f0000003d40)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xc}, @hci_ev_le_remote_feat_complete={{}, {0x3, 0xc9, "705c5c7ff14d690d"}}}}, 0xf) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000500)={0x328, r6, 0x300, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_PBSS={0x4}, @NL80211_ATTR_TX_RATES={0x310, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x60, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x4a, 0x2, [{0x0, 0x2}, {0x1, 0x8}, {0x0, 0x7}, {0x3, 0x9}, {0x3, 0x8}, {0x4, 0xa}, {0x6, 0x4}, {0x3, 0x5}, {0x0, 0x5}, {0x1, 0x1}, {0x1, 0x3}, {0x5, 0x2}, {}, {0x5, 0x5}, {0x4, 0x4}, {0x2, 0x8}, {0x6, 0x7}, {0x0, 0x5}, {0x3, 0x2}, {}, {0x2, 0x1}, {0x6, 0x4}, {0x6, 0x3}, {0x3, 0x7}, {0x2, 0x2}, {0x7, 0x1}, {0x1, 0xa}, {0x3, 0x5}, {0x1, 0x2}, {0x5, 0x2}, {0x4, 0x9}, {0x1, 0x9}, {0x3, 0x5}, {0x1}, {0x4, 0x9}, {0x7}, {0x6, 0x9}, {}, {0x4, 0x9}, {0x5, 0x8}, {0x6, 0x2}, {0x6, 0x3}, {0x0, 0x9}, {0x2}, {0x4, 0x3}, {0x3}, {0x6, 0x1}, {0x2, 0x4}, {0x4, 0x6}, {0x1, 0x3}, {0x3, 0x5}, {0x2, 0x9}, {0x2, 0x8}, {0x7, 0x1}, {0x5, 0x1}, {0x6, 0x4}, {0x1}, {0x1, 0x1}, {0x7, 0x7}, {0x4, 0x1}, {0x2, 0x7}, {0x5, 0x6}, {0x1, 0x1}, {0x5, 0xa}, {0x3, 0x5}, {0x6, 0x5}, {0x1, 0x3}, {0x7, 0x9}, {0x5, 0x3}, {0x0, 0x5}]}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_60GHZ={0xc8, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xa7, 0x20a, 0x2, 0x4, 0xa3d3, 0x7, 0x6f, 0x7]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x9, 0x1b, 0x6c, 0x30, 0x48, 0x12, 0x1b, 0x48, 0x30, 0x48, 0x1b, 0xb, 0x6]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x8, 0xcb8, 0x4, 0xf, 0x3, 0x5, 0xe]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x42, 0x2, [{0x2, 0x7}, {0x6, 0x4}, {0x5, 0x1}, {0x0, 0x4}, {0x2, 0x7}, {0x6, 0x2}, {0x0, 0x5}, {0x1}, {0x1, 0x4}, {0x2, 0x2}, {0x1, 0x8}, {0x5, 0x8}, {0x6}, {0x2, 0x5}, {0x7, 0x8}, {0x1, 0x6}, {0x0, 0xa}, {0x1}, {0x2, 0xa}, {0x5, 0x7}, {0x0, 0x3}, {0x4, 0x8}, {0x5, 0xa}, {0x6}, {0x6, 0x2}, {0x5, 0x4}, {0x6, 0x3}, {0x0, 0x4}, {0x2, 0xa}, {0x5, 0x2}, {0x0, 0x5}, {0x7, 0x4}, {0x5, 0x1}, {0x4, 0x6}, {0x7, 0x1}, {0x1, 0x3}, {}, {0x0, 0x2}, {0x6, 0x2}, {0x1, 0x5}, {0x7, 0x3}, {0x3, 0x5}, {0x2, 0x6}, {0x6, 0x7}, {0x1, 0x8}, {0x3, 0x1}, {0x1, 0x9}, {0x4, 0x4}, {0x7, 0x9}, {0x0, 0x9}, {0x0, 0x7}, {0x4, 0x9}, {0x0, 0xb}, {0x1, 0x5}, {0x7, 0x8}, {0x7, 0x7}, {0x3, 0x7}, {0x0, 0x2}, {0x6, 0x3}, {0x5}, {0x1, 0x5}, {0x1, 0x5}]}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x12, 0x0, 0x36, 0x4, 0x60, 0xb, 0x2, 0x25, 0x24, 0x3, 0x6c, 0x12, 0x9, 0x36, 0x18, 0x48, 0x6, 0x30, 0x12, 0x6c, 0x48, 0x5, 0x60]}]}, @NL80211_BAND_60GHZ={0x20, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x0, 0x4, 0x1, 0x7c, 0x1, 0x7, 0x2]}}]}, @NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x64, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x10, 0x7, 0x1637, 0xc, 0x5, 0x86, 0xf]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x5, 0x30, 0xc, 0xb, 0x9, 0x24, 0x6c, 0xc, 0x4, 0x6c, 0x4, 0x6, 0x3d, 0x24, 0x24, 0x1b, 0x2, 0x5, 0x1, 0x36, 0x9, 0x30, 0x12, 0x4, 0x48, 0x12]}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x12, 0x30, 0x1, 0x30, 0x13, 0x1b, 0x1b, 0x2, 0xc, 0x24, 0x16, 0x2, 0x3b, 0x2, 0x9, 0x1, 0xc, 0x6, 0x12, 0x65, 0x18, 0x36, 0x1, 0x0, 0x12, 0x1, 0x1b, 0x12, 0x3]}]}, @NL80211_BAND_60GHZ={0xc, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x74, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x4e, 0x2, [{0x1, 0x6}, {0x0, 0x1}, {0x1, 0x9}, {0x3, 0x9}, {0x2, 0x1}, {0x7, 0x8}, {0x2, 0x6}, {0x7, 0xa}, {0x0, 0x1}, {0x4, 0x3}, {0x1, 0x8}, {0x2, 0x1}, {0x2, 0x7}, {0x1, 0x8}, {0x3, 0x4}, {0x4, 0x8}, {0x3, 0xa}, {0x5, 0x8}, {0x3, 0x9}, {0x7, 0xa}, {0x7, 0x2}, {0x0, 0x7}, {0x7, 0x5}, {0x5, 0x8}, {0x2, 0x2}, {0x0, 0xa}, {0x5, 0x9}, {0x1, 0xa}, {0x2, 0x8}, {0x0, 0x9}, {0x5, 0x6}, {0x3, 0x1}, {0x6, 0x1}, {0x2, 0x3}, {0x6, 0x5}, {0x0, 0x2}, {0x2, 0x7}, {0x1, 0xa}, {0x3, 0xa}, {0x7, 0x1}, {0x1, 0x4}, {0x2, 0xa}, {0x0, 0x9}, {0x4, 0x8}, {0x3, 0x5}, {0x2, 0x8}, {0x2, 0x8}, {0x1, 0x9}, {0x5, 0xa}, {0x0, 0x2}, {0x1, 0x8}, {0x1, 0x3}, {0x6, 0x4}, {0x5, 0x4}, {0x7, 0x4}, {0x1, 0x2}, {0x1, 0x5}, {0x6, 0x9}, {0x3, 0x9}, {0x1, 0x3}, {0x2, 0x4}, {0x3, 0x7}, {0x2, 0x6}, {0x5, 0x5}, {0x2, 0x8}, {0x1, 0x5}, {0x2, 0x3}, {0x6, 0x5}, {0x2, 0x5}, {0x3, 0x3}, {0x5}, {0x0, 0x3}, {0x7, 0x6}, {0x6}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_5GHZ={0xcc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x81, 0x1, 0x200, 0x1, 0x401, 0x0, 0x6]}}, @NL80211_TXRATE_HT={0x44, 0x2, [{0x0, 0x2}, {}, {0x4, 0x6}, {0x0, 0x7}, {0x1, 0x1}, {0x1, 0x9}, {0x2}, {0x6, 0x3}, {0x0, 0x5}, {0x1, 0x2}, {0x1, 0x7}, {0x2, 0x1}, {0x4, 0x5}, {0x7, 0x7}, {0x4}, {0x7, 0x2}, {0x3, 0xa}, {0x7, 0x5}, {0x7, 0x8}, {0x5, 0xa}, {0x3, 0x6}, {0x7, 0x2}, {0x4, 0x1}, {0x3, 0x3}, {0x0, 0x2}, {0x0, 0x1}, {0x1, 0x8}, {0x5, 0x1}, {0x6, 0x2}, {0x4, 0xa}, {0x2, 0x3}, {0x3, 0x3}, {0x2, 0x1}, {0x1, 0x4}, {0x2, 0x3}, {0x7, 0x4}, {0x0, 0xa}, {0x1, 0x4}, {0x0, 0x3}, {0x3, 0x2}, {0x0, 0x4}, {0x3, 0x4}, {0x1, 0x3}, {0x0, 0x3}, {0x3, 0x5}, {0x6, 0xa}, {0x7, 0x2}, {0x2, 0x6}, {0x0, 0x6}, {0x1, 0x2}, {0x4, 0x6}, {0x1}, {0x3, 0x8}, {0x1}, {0x1, 0x1}, {0x6, 0x4}, {0x4, 0x2}, {0x1, 0x8}, {0x4, 0xa}, {0x6, 0x3}, {0x0, 0x7}, {0x0, 0x7}, {0x7, 0x2}, {0x0, 0x7}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xae0a, 0x0, 0xa9, 0x401, 0x3, 0x0, 0x9, 0xc2ac]}}, @NL80211_TXRATE_HT={0x13, 0x2, [{0x2, 0x3}, {0x1, 0x5}, {0x2, 0x7}, {0x0, 0x3}, {0x7, 0x6}, {0x4, 0x8}, {0x3, 0x9}, {0x6, 0x4}, {0x5, 0x3}, {0x4, 0x7}, {0x3, 0x5}, {0x6, 0x3}, {0x3, 0x1}, {0x0, 0x6}, {0x4, 0x3}]}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x48, 0x1, 0x24, 0x60, 0x3, 0x12, 0x24, 0x4, 0x1b]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x3, 0x119, 0x1, 0x5, 0xb, 0x9, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0xe3f, 0x401, 0x8001, 0x6, 0x0, 0x3, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5}]}]}]}, 0x328}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) 0s ago: executing program 1 (id=357): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) userfaultfd(0x80001) socket$netlink(0x10, 0x3, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001980)={&(0x7f00000005c0), 0x6e, &(0x7f0000000400), 0x0, &(0x7f00000019c0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0xc}}, @cred={{0x18}}, @rights={{0xc}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}, 0x40000023) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x1e1982, 0x0) ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000140)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, 0x0, 0x8001000d, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x0, 0xfffe, 0xcf0d, 0xb19, 0x2}}) ioctl(r3, 0x8b2a, &(0x7f0000000040)) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(0xffffffffffffffff, 0xc1004111, &(0x7f0000000440)={0x5, [0x4, 0x8, 0x1c5], [{0x94d, 0x809, 0x0, 0x1, 0x0, 0x1}, {0x1, 0xd, 0x1, 0x1, 0x1}, {0xa08, 0x6, 0x0, 0x0, 0x1}, {0x0, 0x7, 0x1}, {0xf, 0x800, 0x1}, {0x4d37, 0x400, 0x0, 0x0, 0x1, 0x1}, {0x6, 0x400, 0x0, 0x1}, {0x500, 0x8}, {0x8001, 0x7, 0x0, 0x0, 0x1, 0x1}, {0x3, 0x7}, {0x5, 0x3, 0x1, 0x0, 0x1, 0x1}, {0x0, 0x1, 0x0, 0x1, 0x0, 0x1}], 0x7}) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="043e1f0a00c9000001aaaaaaaaaa50"], 0x22) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_usb_connect(0x4, 0x2d, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b1000905815a68ce82476f1b80eb532754c1b884763b9dd58cf449b23ba6f46108e9f979f7a8cdaf676d0115481ce3ea63382f95e34ba0f8bc8cec49fcb131fe306c8c1df63de302236257ab566069a1"], 0x0) r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x4, 0x60001) ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) setsockopt$SO_BINDTODEVICE_wg(r5, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) connect(r5, &(0x7f0000000080)=@un=@abs, 0x80) ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f00000000c0)=0x8000041) io_uring_setup(0x1212, 0x0) kernel console output (not intermixed with test programs): 43][ T64] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 71.102397][ T64] hci_event_packet+0x666/0x1190 [ 71.103708][ T64] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 71.105095][ T64] ? __pfx_hci_event_packet+0x10/0x10 [ 71.106492][ T64] ? mark_held_locks+0x9f/0xe0 [ 71.107763][ T64] ? kcov_remote_start+0x3cf/0x6e0 [ 71.109110][ T64] ? lockdep_hardirqs_on+0x7c/0x110 [ 71.110471][ T64] hci_rx_work+0x2c6/0x1610 [ 71.111672][ T64] ? lock_acquire+0x2f/0xb0 [ 71.112865][ T64] ? process_one_work+0x8bb/0x1b30 [ 71.114211][ T64] process_one_work+0x958/0x1b30 [ 71.115521][ T64] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 71.117004][ T64] ? __pfx_process_one_work+0x10/0x10 [ 71.118425][ T64] ? assign_work+0x1a0/0x250 [ 71.119660][ T64] worker_thread+0x6c8/0xf00 [ 71.120887][ T64] ? __pfx_worker_thread+0x10/0x10 [ 71.122188][ T64] kthread+0x2c1/0x3a0 [ 71.123280][ T64] ? _raw_spin_unlock_irq+0x23/0x50 [ 71.124660][ T64] ? __pfx_kthread+0x10/0x10 [ 71.125859][ T64] ret_from_fork+0x45/0x80 [ 71.126956][ T64] ? __pfx_kthread+0x10/0x10 [ 71.128102][ T64] ret_from_fork_asm+0x1a/0x30 [ 71.129377][ T64] [ 71.130968][ T64] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 71.134321][ T64] Bluetooth: hci2: failed to register connection device [ 71.394662][ T1420] usb 5-1: usb_control_msg returned -32 [ 71.396254][ T1420] usbtmc 5-1:16.0: can't read capabilities [ 71.666170][ T1420] usb 8-1: USB disconnect, device number 3 [ 71.776087][ T5658] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 71.779258][ T5658] overlayfs: failed to set xattr on upper [ 71.781753][ T5658] overlayfs: ...falling back to redirect_dir=nofollow. [ 71.784237][ T5658] overlayfs: ...falling back to index=off. [ 71.786367][ T5658] overlayfs: ...falling back to uuid=null. [ 72.779785][ T1420] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 72.862756][ T5666] netlink: 16 bytes leftover after parsing attributes in process `syz.2.53'. [ 72.863487][ T5387] usb 6-1: USB disconnect, device number 4 [ 72.892363][ T5666] sg_write: data in/out 28753/60 bytes for SCSI command 0x0-- guessing data in; [ 72.892363][ T5666] program syz.2.53 not setting count and/or reply_len properly [ 72.940528][ T1420] usb 8-1: Using ep0 maxpacket: 8 [ 72.943054][ T1420] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 72.945456][ T1420] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 72.948106][ T1420] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 72.951117][ T1420] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 72.953735][ T1420] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 72.957132][ T1420] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 72.959560][ T1420] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 73.180236][ T64] Bluetooth: hci2: command tx timeout [ 73.207690][ T1420] usb 8-1: usb_control_msg returned -32 [ 73.209259][ T1420] usbtmc 8-1:16.0: can't read capabilities [ 73.264208][ T1420] usb 5-1: USB disconnect, device number 3 [ 73.459930][ T64] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 73.609286][ T5684] netlink: 'syz.1.56': attribute type 1 has an invalid length. [ 73.613143][ T5684] netlink: 'syz.1.56': attribute type 4 has an invalid length. [ 73.615219][ T5684] netlink: 15334 bytes leftover after parsing attributes in process `syz.1.56'. [ 73.812057][ T5686] syz.2.57 uses obsolete (PF_INET,SOCK_PACKET) [ 74.340937][ T5689] EXT4-fs warning (device sda1): ext4_resize_fs:2017: can't read last block, resize aborted [ 74.496181][ T64] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 74.949957][ T829] usb 8-1: USB disconnect, device number 4 [ 75.227997][ T5701] netlink: 4 bytes leftover after parsing attributes in process `syz.0.60'. [ 75.468372][ T5709] netlink: 'syz.2.61': attribute type 1 has an invalid length. [ 75.470605][ T5709] netlink: 'syz.2.61': attribute type 4 has an invalid length. [ 75.473275][ T5709] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.61'. [ 75.911483][ T30] cfg80211: failed to load regulatory.db [ 76.171768][ T5351] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 76.302374][ T9] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 76.380102][ T5723] netlink: 'syz.2.63': attribute type 1 has an invalid length. [ 76.382151][ T5723] netlink: 'syz.2.63': attribute type 4 has an invalid length. [ 76.384155][ T5723] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.63'. [ 76.498161][ T9] usb 8-1: Using ep0 maxpacket: 8 [ 76.503053][ T9] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 76.505847][ T9] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 76.510647][ T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 76.513911][ T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 76.516495][ T9] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 76.521118][ T9] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 76.523585][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.582517][ T64] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 76.787458][ T9] usb 8-1: usb_control_msg returned -32 [ 76.789348][ T9] usbtmc 8-1:16.0: can't read capabilities [ 77.073548][ T5729] overlayfs: failed to get inode (-116) [ 77.075287][ T5729] overlayfs: failed to get inode (-116) [ 77.474990][ T64] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 78.199975][ T9] usb 8-1: USB disconnect, device number 5 [ 78.587343][ T5748] mkiss: ax0: crc mode is auto. [ 78.599733][ T30] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 78.679846][ T9] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 78.759717][ T30] usb 5-1: Using ep0 maxpacket: 8 [ 78.764349][ T30] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 78.766330][ T30] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 78.768737][ T30] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 78.771504][ T30] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 78.774066][ T30] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 78.777329][ T30] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 78.779624][ T30] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.839736][ T9] usb 8-1: Using ep0 maxpacket: 16 [ 78.845801][ T9] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 78.848682][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 78.857028][ T9] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 78.859594][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.862699][ T9] usb 8-1: Product: syz [ 78.864099][ T9] usb 8-1: Manufacturer: syz [ 78.865475][ T9] usb 8-1: SerialNumber: syz [ 78.868820][ T9] usb 8-1: config 0 descriptor?? [ 78.888929][ T9] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 78.891985][ T9] em28xx 8-1:0.0: Audio interface 0 found (Vendor Class) [ 79.061633][ T30] usb 5-1: usb_control_msg returned -32 [ 79.063356][ T30] usbtmc 5-1:16.0: can't read capabilities [ 79.179744][ T5408] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 79.339721][ T5408] usb 7-1: Using ep0 maxpacket: 32 [ 79.345293][ T5408] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 79.348658][ T5408] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 79.356092][ T5408] usb 7-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 79.358952][ T5408] usb 7-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 79.361676][ T5408] usb 7-1: Product: syz [ 79.363499][ T5408] usb 7-1: Manufacturer: syz [ 79.364846][ T5408] usb 7-1: SerialNumber: syz [ 79.372196][ T5408] appletouch 7-1:1.0: Could not find int-in endpoint [ 79.373973][ T5408] appletouch 7-1:1.0: probe with driver appletouch failed with error -5 [ 79.377358][ T5408] usbhid 7-1:1.0: couldn't find an input interrupt endpoint [ 79.484486][ T9] em28xx 8-1:0.0: unknown em28xx chip ID (0) [ 79.488005][ T9] em28xx 8-1:0.0: Config register raw data: 0xfffffffb [ 79.639606][ T64] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 79.657683][ T5752] netdevsim netdevsim2: Firmware load for './cgroup/../file0' refused, path contains '..' component [ 79.722137][ T56] usb 7-1: USB disconnect, device number 5 [ 79.727338][ T9] em28xx 8-1:0.0: AC97 chip type couldn't be determined [ 79.729104][ T9] em28xx 8-1:0.0: No AC97 audio processor [ 79.742434][ T9] usb 8-1: USB disconnect, device number 6 [ 79.750772][ T9] em28xx 8-1:0.0: Disconnecting em28xx [ 79.767761][ T9] em28xx 8-1:0.0: Freeing device [ 80.022838][ T5769] capability: warning: `syz.3.76' uses deprecated v2 capabilities in a way that may be insecure [ 80.336405][ T5773] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.018310][ T57] usb 5-1: USB disconnect, device number 4 [ 82.309287][ T5810] ptrace attach of "/syz-executor exec"[5343] was attempted by "/syz-executor exec"[5810] [ 82.483277][ T64] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 82.519882][ T9] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 82.709877][ T9] usb 8-1: Using ep0 maxpacket: 8 [ 82.715302][ T9] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 82.717905][ T9] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 82.720807][ T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 82.723981][ T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 82.727502][ T9] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 82.731812][ T9] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 82.734448][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.986698][ T9] usb 8-1: usb_control_msg returned -32 [ 82.996993][ T9] usbtmc 8-1:16.0: can't read capabilities [ 84.344316][ T5836] netlink: 8 bytes leftover after parsing attributes in process `syz.2.93'. [ 84.352537][ T5836] vlan2: entered promiscuous mode [ 84.388957][ T5841] ======================================================= [ 84.388957][ T5841] WARNING: The mand mount option has been deprecated and [ 84.388957][ T5841] and is ignored by this kernel. Remove the mand [ 84.388957][ T5841] option from the mount to silence this warning. [ 84.388957][ T5841] ======================================================= [ 84.430599][ T5843] FAULT_INJECTION: forcing a failure. [ 84.430599][ T5843] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 84.434118][ T5843] CPU: 3 UID: 0 PID: 5843 Comm: syz.2.95 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 84.436878][ T5843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 84.439757][ T5843] Call Trace: [ 84.440650][ T5843] [ 84.441439][ T5843] dump_stack_lvl+0x16c/0x1f0 [ 84.442694][ T5843] should_fail_ex+0x497/0x5b0 [ 84.443977][ T5843] _copy_to_user+0x30/0xc0 [ 84.445160][ T5843] bpf_verifier_vlog+0x25d/0x6a0 [ 84.446470][ T5843] verbose+0x171/0x190 [ 84.447571][ T5843] ? __pfx_verbose+0x10/0x10 [ 84.448791][ T5843] ? add_subprog+0x276/0x380 [ 84.450034][ T5843] ? __pfx_add_subprog+0x10/0x10 [ 84.450629][ T57] usb 8-1: USB disconnect, device number 7 [ 84.451348][ T5843] add_subprog_and_kfunc+0x109d/0x1b80 [ 84.454899][ T5843] ? __pfx_add_subprog_and_kfunc+0x10/0x10 [ 84.456472][ T5843] ? rcu_is_watching+0x12/0xc0 [ 84.457755][ T5843] ? trace_kmalloc+0x2d/0xe0 [ 84.459016][ T5843] ? __kmalloc_node_noprof+0x22f/0x440 [ 84.460487][ T5843] ? __pfx_bpf_lsm_ptrace_traceme+0x1/0x10 [ 84.462037][ T5843] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 84.463683][ T5843] bpf_check+0x132e/0xc7c0 [ 84.464953][ T5843] ? __pfx_bpf_check+0x10/0x10 [ 84.466142][ T5843] ? find_held_lock+0x2d/0x110 [ 84.467361][ T5843] ? ktime_get_with_offset+0x13a/0x240 [ 84.468799][ T5843] ? trace_lock_acquire+0x14a/0x1d0 [ 84.470181][ T5843] ? ktime_get_with_offset+0x13a/0x240 [ 84.471632][ T5843] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 84.473144][ T5843] ? lockdep_hardirqs_on+0x7c/0x110 [ 84.474527][ T5843] ? read_tsc+0x9/0x20 [ 84.475642][ T5843] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 84.477143][ T5843] ? bpf_obj_name_cpy+0x156/0x1b0 [ 84.478488][ T5843] bpf_prog_load+0xe3f/0x2670 [ 84.479783][ T5843] ? __pfx_bpf_prog_load+0x10/0x10 [ 84.481110][ T5843] ? find_held_lock+0x2d/0x110 [ 84.482393][ T5843] __sys_bpf+0x4c8c/0x5780 [ 84.483594][ T5843] ? ksys_write+0x21e/0x260 [ 84.484806][ T5843] ? __pfx___sys_bpf+0x10/0x10 [ 84.486087][ T5843] ? vfs_write+0x14d/0x1140 [ 84.487312][ T5843] ? __mutex_unlock_slowpath+0x164/0x650 [ 84.488812][ T5843] ? fput+0x30/0x390 [ 84.489860][ T5843] ? ksys_write+0x1ad/0x260 [ 84.491083][ T5843] ? __pfx_ksys_write+0x10/0x10 [ 84.492373][ T5843] __ia32_sys_bpf+0x76/0xe0 [ 84.493581][ T5843] __do_fast_syscall_32+0x73/0x120 [ 84.494939][ T5843] do_fast_syscall_32+0x32/0x80 [ 84.496235][ T5843] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 84.497902][ T5843] RIP: 0023:0xf7fa3579 [ 84.499006][ T5843] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 84.504035][ T5843] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 84.506209][ T5843] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000202a0fb8 [ 84.508286][ T5843] RDX: 000000000000002d RSI: 0000000000000000 RDI: 0000000000000000 [ 84.510354][ T5843] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 84.512431][ T5843] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 84.514502][ T5843] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 84.516612][ T5843] [ 84.632732][ T5848] FAULT_INJECTION: forcing a failure. [ 84.632732][ T5848] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 84.638475][ T5848] CPU: 0 UID: 0 PID: 5848 Comm: syz.2.97 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 84.642565][ T5848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 84.646440][ T5848] Call Trace: [ 84.647676][ T5848] [ 84.648769][ T5848] dump_stack_lvl+0x16c/0x1f0 [ 84.650509][ T5848] should_fail_ex+0x497/0x5b0 [ 84.652271][ T5848] ? fs_reclaim_acquire+0xae/0x160 [ 84.654143][ T5848] should_fail_alloc_page+0xe7/0x130 [ 84.656142][ T5848] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 84.658519][ T5848] __alloc_pages_noprof+0x190/0x25c0 [ 84.660581][ T5848] ? hlock_class+0x4e/0x130 [ 84.662285][ T5848] ? __lock_acquire+0xbdd/0x3ce0 [ 84.664104][ T5848] ? hlock_class+0x4e/0x130 [ 84.665502][ T5848] ? mark_lock+0xb5/0xc60 [ 84.667010][ T5848] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 84.669091][ T5848] ? __pfx_mark_lock+0x10/0x10 [ 84.670761][ T5848] ? hlock_class+0x4e/0x130 [ 84.672441][ T5848] ? __lock_acquire+0xbdd/0x3ce0 [ 84.674253][ T5848] ? hlock_class+0x4e/0x130 [ 84.675921][ T5848] ? mark_lock+0xb5/0xc60 [ 84.677515][ T5848] ? hlock_class+0x4e/0x130 [ 84.679231][ T5848] ? mark_lock+0xb5/0xc60 [ 84.680788][ T5848] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 84.682960][ T5848] ? policy_nodemask+0xea/0x4e0 [ 84.684771][ T5848] alloc_pages_mpol_noprof+0x2c9/0x610 [ 84.686767][ T5848] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 84.688974][ T5848] ? find_held_lock+0x2d/0x110 [ 84.690823][ T5848] folio_alloc_mpol_noprof+0x36/0xd0 [ 84.692406][ T5848] vma_alloc_folio_noprof+0xee/0x1b0 [ 84.693818][ T5848] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 84.695447][ T5848] ? __pfx___lock_acquire+0x10/0x10 [ 84.696839][ T5848] do_wp_page+0x2012/0x4930 [ 84.698117][ T5848] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 84.700158][ T5848] ? __pfx_do_wp_page+0x10/0x10 [ 84.701900][ T5848] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 84.703837][ T5848] ? lock_acquire+0x2f/0xb0 [ 84.705446][ T5848] ? __handle_mm_fault+0xdcd/0x2a10 [ 84.707300][ T5848] __handle_mm_fault+0x1a93/0x2a10 [ 84.709011][ T5848] ? __pfx_mt_find+0x10/0x10 [ 84.710279][ T5848] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 84.711768][ T5848] ? __pfx___handle_mm_fault+0x10/0x10 [ 84.713209][ T5848] ? find_vma+0xc0/0x140 [ 84.714337][ T5848] ? __pfx_find_vma+0x10/0x10 [ 84.715618][ T5848] handle_mm_fault+0x3fa/0xaa0 [ 84.716907][ T5848] do_user_addr_fault+0x7a3/0x13f0 [ 84.718282][ T5848] exc_page_fault+0x5c/0xc0 [ 84.719524][ T5848] asm_exc_page_fault+0x26/0x30 [ 84.720832][ T5848] RIP: 0010:rep_stos_alternative+0x5b/0x80 [ 84.722376][ T5848] Code: 73 ef eb de 66 66 2e 0f 1f 84 00 00 00 00 00 48 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47 28 48 89 47 30 <48> 89 47 38 48 83 c7 40 48 83 e9 40 48 83 f9 40 73 d3 83 f9 08 73 [ 84.727678][ T5848] RSP: 0018:ffffc90022ce7d30 EFLAGS: 00050206 [ 84.729348][ T5848] RAX: 0000000000000000 RBX: 0000000120000136 RCX: 00000000fffe416e [ 84.731445][ T5848] RDX: ffff88802a6b0000 RSI: ffffffff874df944 RDI: 000000002001bfc8 [ 84.733519][ T5848] RBP: 1ffff9200459cfad R08: 0000000000000000 R09: fffffbfff20398c1 [ 84.735600][ T5848] R10: ffffffff901cc60f R11: 0000000000000000 R12: 0000000000000000 [ 84.737719][ T5848] R13: 0000000000000008 R14: 00000000ffffff2e R15: 0000000020000208 [ 84.739804][ T5848] ? evdev_do_ioctl+0xe84/0x1ad0 [ 84.741126][ T5848] evdev_do_ioctl+0xe94/0x1ad0 [ 84.742379][ T5848] ? __pfx_evdev_do_ioctl+0x10/0x10 [ 84.743895][ T5848] ? evdev_ioctl_compat+0x80/0x1a0 [ 84.745297][ T5848] evdev_ioctl_compat+0x16d/0x1a0 [ 84.746682][ T5848] ? __pfx_evdev_ioctl_compat+0x10/0x10 [ 84.748304][ T5848] __do_compat_sys_ioctl+0x259/0x2b0 [ 84.750170][ T5848] __do_fast_syscall_32+0x73/0x120 [ 84.752004][ T5848] do_fast_syscall_32+0x32/0x80 [ 84.753696][ T5848] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 84.755978][ T5848] RIP: 0023:0xf7fa3579 [ 84.757499][ T5848] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 84.763068][ T5848] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 84.765260][ T5848] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080104592 [ 84.767367][ T5848] RDX: 0000000020000300 RSI: 0000000000000000 RDI: 0000000000000000 [ 84.769946][ T5848] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 84.772705][ T5848] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 84.775483][ T5848] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 84.778195][ T5848] [ 84.779340][ C0] vkms_vblank_simulate: vblank timer overrun [ 86.109825][ T30] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 86.271866][ T30] usb 6-1: Using ep0 maxpacket: 8 [ 86.277304][ T30] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 86.279467][ T30] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 86.288375][ T30] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 86.300085][ T30] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 86.303075][ T30] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 86.307667][ T30] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 86.310986][ T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.534600][ T30] usb 6-1: usb_control_msg returned -32 [ 86.536669][ T30] usbtmc 6-1:16.0: can't read capabilities [ 86.579751][ T57] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 86.729725][ T57] usb 8-1: Using ep0 maxpacket: 8 [ 86.745136][ T57] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 86.748240][ T57] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 86.758310][ T57] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 86.761963][ T57] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 86.765408][ T57] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 86.770355][ T57] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 86.773565][ T57] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.909041][ T39] audit: type=1804 audit(1727895415.716:2): pid=5873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.103" name="/newroot/29/file0/bus" dev="9p" ino=36049832 res=1 errno=0 [ 87.016124][ T57] usb 8-1: usb_control_msg returned -32 [ 87.017849][ T57] usbtmc 8-1:16.0: can't read capabilities [ 87.312302][ T5880] random: crng reseeded on system resumption [ 87.985172][ T5408] usb 6-1: USB disconnect, device number 5 [ 88.162752][ T5892] Bluetooth: MGMT ver 1.23 [ 88.166582][ T5893] FAULT_INJECTION: forcing a failure. [ 88.166582][ T5893] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 88.176039][ T5893] CPU: 1 UID: 0 PID: 5893 Comm: syz.2.110 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 88.179973][ T5893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.184145][ T5893] Call Trace: [ 88.185351][ T5893] [ 88.186510][ T5893] dump_stack_lvl+0x16c/0x1f0 [ 88.188222][ T5893] should_fail_ex+0x497/0x5b0 [ 88.189851][ T5893] _copy_from_user+0x30/0xf0 [ 88.191493][ T5893] get_compat_msghdr+0xa8/0x170 [ 88.193130][ T5893] ? __pfx_get_compat_msghdr+0x10/0x10 [ 88.194959][ T5893] ? __pfx___lock_acquire+0x10/0x10 [ 88.196760][ T5893] ___sys_sendmsg+0x1b0/0x1e0 [ 88.198454][ T5893] ? __pfx____sys_sendmsg+0x10/0x10 [ 88.200318][ T5893] ? lock_acquire+0x2f/0xb0 [ 88.201835][ T5893] ? __fget_files+0x40/0x3f0 [ 88.203411][ T5893] ? fdget+0x176/0x210 [ 88.204812][ T5893] __sys_sendmsg+0x117/0x1f0 [ 88.206461][ T5893] ? __pfx___sys_sendmsg+0x10/0x10 [ 88.208345][ T5893] ? __fget_files+0x244/0x3f0 [ 88.210071][ T5893] __do_fast_syscall_32+0x73/0x120 [ 88.211802][ T5893] do_fast_syscall_32+0x32/0x80 [ 88.213442][ T5893] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 88.215606][ T5893] RIP: 0023:0xf7fa3579 [ 88.216967][ T5893] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 88.223460][ T5893] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 88.226358][ T5893] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200002c0 [ 88.228988][ T5893] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 88.231620][ T5893] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 88.234228][ T5893] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 88.236913][ T5893] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 88.239686][ T5893] [ 88.463006][ T57] usb 8-1: USB disconnect, device number 8 [ 88.833236][ T39] audit: type=1804 audit(1727895417.646:3): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.122" name="/" dev="pidfs" ino=6231 res=1 errno=0 [ 88.835497][ T5933] netlink: 4 bytes leftover after parsing attributes in process `syz.2.122'. [ 89.759786][ T72] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 89.919811][ T72] usb 8-1: Using ep0 maxpacket: 8 [ 89.919903][ T25] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 89.926630][ T72] usb 8-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 89.929365][ T72] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 89.931847][ T72] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.069857][ T25] usb 6-1: Using ep0 maxpacket: 8 [ 90.080240][ T25] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 90.083219][ T25] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 90.086495][ T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 90.099694][ T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 90.103086][ T25] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 90.107460][ T25] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 90.129751][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.343122][ T25] usb 6-1: usb_control_msg returned -32 [ 90.345075][ T25] usbtmc 6-1:16.0: can't read capabilities [ 91.404321][ T5957] netlink: 20 bytes leftover after parsing attributes in process `syz.0.129'. [ 91.406878][ T5957] netlink: 12 bytes leftover after parsing attributes in process `syz.0.129'. [ 91.780122][ T9] usb 6-1: USB disconnect, device number 6 [ 92.540284][ T9] usb 8-1: USB disconnect, device number 9 [ 92.615442][ T5969] netlink: 'syz.3.132': attribute type 3 has an invalid length. [ 92.617984][ T5969] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.132'. [ 93.469739][ T39] audit: type=1804 audit(1727895422.276:4): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.135" name="/newroot/36/file0/bus" dev="9p" ino=36049832 res=1 errno=0 [ 93.829789][ T72] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 93.980628][ T72] usb 8-1: Using ep0 maxpacket: 8 [ 93.990788][ T72] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 93.992954][ T72] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 93.995456][ T72] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 93.997963][ T72] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 94.009772][ T72] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 94.013190][ T72] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 94.015541][ T72] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.180846][ T5996] FAULT_INJECTION: forcing a failure. [ 94.180846][ T5996] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.184564][ T5996] CPU: 3 UID: 0 PID: 5996 Comm: syz.0.139 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 94.187302][ T5996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.190108][ T5996] Call Trace: [ 94.190997][ T5996] [ 94.191774][ T5996] dump_stack_lvl+0x16c/0x1f0 [ 94.193018][ T5996] should_fail_ex+0x497/0x5b0 [ 94.194251][ T5996] _copy_to_user+0x30/0xc0 [ 94.195433][ T5996] simple_read_from_buffer+0xd0/0x160 [ 94.196840][ T5996] proc_fail_nth_read+0x198/0x270 [ 94.198161][ T5996] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 94.199627][ T5996] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 94.201091][ T5996] vfs_read+0x1ce/0xbd0 [ 94.202185][ T5996] ? __fget_files+0x23a/0x3f0 [ 94.203424][ T5996] ? fdget_pos+0x24c/0x360 [ 94.204596][ T5996] ? __pfx_lock_release+0x10/0x10 [ 94.205911][ T5996] ? trace_lock_acquire+0x14a/0x1d0 [ 94.207291][ T5996] ? __pfx_vfs_read+0x10/0x10 [ 94.208536][ T5996] ? __pfx___mutex_lock+0x10/0x10 [ 94.209860][ T5996] ? __fget_files+0x244/0x3f0 [ 94.211106][ T5996] ksys_read+0x12f/0x260 [ 94.212223][ T5996] ? __pfx_ksys_read+0x10/0x10 [ 94.213474][ T5996] ? syscall_user_dispatch+0x77/0x140 [ 94.214882][ T5996] __do_fast_syscall_32+0x73/0x120 [ 94.216256][ T5996] do_fast_syscall_32+0x32/0x80 [ 94.217550][ T5996] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 94.219237][ T5996] RIP: 0023:0xf7f14579 [ 94.220301][ T5996] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 94.225526][ T5996] RSP: 002b:00000000f56965a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 94.227858][ T5996] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5696620 [ 94.229896][ T5996] RDX: 000000000000000f RSI: 00000000f739bff4 RDI: 0000000000000000 [ 94.231935][ T5996] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 94.233968][ T5996] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 94.236007][ T5996] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 94.238057][ T5996] [ 94.409755][ T72] usb 8-1: usb_control_msg returned -32 [ 94.411241][ T72] usbtmc 8-1:16.0: can't read capabilities [ 94.629768][ T30] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 94.781873][ T30] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 94.784759][ T30] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 94.787457][ T30] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 94.792541][ T6005] fuse: Unknown parameter 'fô' [ 94.793076][ T30] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.804025][ T6000] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 94.814242][ T30] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 94.864970][ T6010] FAULT_INJECTION: forcing a failure. [ 94.864970][ T6010] name failslab, interval 1, probability 0, space 0, times 1 [ 94.868408][ T6010] CPU: 2 UID: 0 PID: 6010 Comm: syz.1.145 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 94.871155][ T6010] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.873952][ T6010] Call Trace: [ 94.874838][ T6010] [ 94.875626][ T6010] dump_stack_lvl+0x16c/0x1f0 [ 94.876864][ T6010] should_fail_ex+0x497/0x5b0 [ 94.878117][ T6010] ? fs_reclaim_acquire+0xae/0x160 [ 94.879488][ T6010] should_failslab+0xc2/0x120 [ 94.880740][ T6010] kmem_cache_alloc_node_noprof+0x71/0x310 [ 94.882619][ T6010] ? __alloc_skb+0x2b3/0x380 [ 94.883888][ T6010] __alloc_skb+0x2b3/0x380 [ 94.885072][ T6010] ? __pfx___alloc_skb+0x10/0x10 [ 94.886376][ T6010] ? aa_sk_perm+0x2f5/0xb20 [ 94.887591][ T6010] ? __might_fault+0x13b/0x190 [ 94.888846][ T6010] ? __pfx_aa_sk_perm+0x10/0x10 [ 94.890129][ T6010] pfkey_sendmsg+0x16e/0x840 [ 94.891366][ T6010] ____sys_sendmsg+0x9ae/0xb40 [ 94.892619][ T6010] ? __pfx_____sys_sendmsg+0x10/0x10 [ 94.894001][ T6010] ? get_compat_msghdr+0x11b/0x170 [ 94.895364][ T6010] ? __pfx___lock_acquire+0x10/0x10 [ 94.896738][ T6010] ___sys_sendmsg+0x135/0x1e0 [ 94.897988][ T6010] ? __pfx____sys_sendmsg+0x10/0x10 [ 94.899385][ T6010] ? lock_acquire+0x2f/0xb0 [ 94.900579][ T6010] ? __fget_files+0x40/0x3f0 [ 94.901799][ T6010] ? fdget+0x176/0x210 [ 94.902870][ T6010] __sys_sendmsg+0x117/0x1f0 [ 94.904103][ T6010] ? __pfx___sys_sendmsg+0x10/0x10 [ 94.905444][ T6010] ? __fget_files+0x244/0x3f0 [ 94.906683][ T6010] __do_fast_syscall_32+0x73/0x120 [ 94.908043][ T6010] do_fast_syscall_32+0x32/0x80 [ 94.909318][ T6010] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 94.910986][ T6010] RIP: 0023:0xf7fa5579 [ 94.912060][ T6010] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 94.917019][ T6010] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 94.919193][ T6010] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 94.921247][ T6010] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 94.923294][ T6010] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 94.925343][ T6010] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 94.927400][ T6010] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 94.929449][ T6010] [ 95.093818][ T6017] netlink: 'syz.0.142': attribute type 10 has an invalid length. [ 95.095940][ T6017] netlink: 2 bytes leftover after parsing attributes in process `syz.0.142'. [ 95.098271][ T6017] bond0: entered promiscuous mode [ 95.099806][ T6017] bond_slave_0: entered promiscuous mode [ 95.101350][ T6017] bond_slave_1: entered promiscuous mode [ 95.103643][ T6017] bridge0: port 3(bond0) entered blocking state [ 95.109734][ T6017] bridge0: port 3(bond0) entered disabled state [ 95.111698][ T6017] bond0: entered allmulticast mode [ 95.113182][ T6017] bond_slave_0: entered allmulticast mode [ 95.119840][ T6017] bond_slave_1: entered allmulticast mode [ 95.126731][ T6017] bridge0: port 3(bond0) entered blocking state [ 95.128739][ T6017] bridge0: port 3(bond0) entered forwarding state [ 95.193617][ T39] audit: type=1804 audit(1727895424.006:5): pid=6018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.148" name="/newroot/34/file0/bus" dev="9p" ino=36049832 res=1 errno=0 [ 96.273767][ T9] usb 5-1: USB disconnect, device number 5 [ 96.348151][ T5408] usb 8-1: USB disconnect, device number 10 [ 96.444481][ T6029] netlink: 191384 bytes leftover after parsing attributes in process `syz.3.152'. [ 96.914108][ T6037] sctp: [Deprecated]: syz.0.154 (pid 6037) Use of int in max_burst socket option. [ 96.914108][ T6037] Use struct sctp_assoc_value instead [ 97.302437][ T6048] FAULT_INJECTION: forcing a failure. [ 97.302437][ T6048] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 97.309769][ T6048] CPU: 1 UID: 0 PID: 6048 Comm: syz.1.157 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 97.312511][ T6048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.315268][ T6048] Call Trace: [ 97.316139][ T6048] [ 97.316897][ T6048] dump_stack_lvl+0x16c/0x1f0 [ 97.318140][ T6048] should_fail_ex+0x497/0x5b0 [ 97.319404][ T6048] _copy_from_user+0x30/0xf0 [ 97.320611][ T6048] ia32_restore_sigcontext+0xc4/0x5d0 [ 97.322022][ T6048] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 97.323594][ T6048] ? __pfx_lock_release+0x10/0x10 [ 97.324961][ T6048] ? _raw_spin_unlock_irq+0x23/0x50 [ 97.326315][ T6048] ? lockdep_hardirqs_on+0x7c/0x110 [ 97.327679][ T6048] __do_compat_sys_rt_sigreturn+0x116/0x1f0 [ 97.329222][ T6048] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 97.330884][ T6048] do_int80_emulation+0x104/0x200 [ 97.332206][ T6048] asm_int80_emulation+0x1a/0x20 [ 97.333494][ T6048] RIP: 0023:0xf7fa55a7 [ 97.334542][ T6048] Code: 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 90 58 b8 77 00 00 00 cd 80 90 8d b4 26 00 00 00 00 b8 ad 00 00 00 cd 80 <90> 90 90 90 90 90 90 90 90 55 89 e5 57 56 8d 3d 2c cc ff ff 53 e8 [ 97.339457][ T6048] RSP: 002b:00000000f5725940 EFLAGS: 00000286 ORIG_RAX: 00000000000000ad [ 97.341611][ T6048] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f57259cc [ 97.343643][ T6048] RDX: 00000000f572594c RSI: 0000000000000000 RDI: 0000000000000000 [ 97.345671][ T6048] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 97.347709][ T6048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 97.349744][ T6048] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.351782][ T6048] [ 97.542907][ T6061] FAULT_INJECTION: forcing a failure. [ 97.542907][ T6061] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 97.547484][ T6061] CPU: 2 UID: 0 PID: 6061 Comm: syz.2.161 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 97.551072][ T6061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.554724][ T6061] Call Trace: [ 97.555901][ T6061] [ 97.556934][ T6061] dump_stack_lvl+0x16c/0x1f0 [ 97.558559][ T6061] should_fail_ex+0x497/0x5b0 [ 97.560225][ T6061] _copy_to_iter+0x29b/0x13e0 [ 97.561863][ T6061] ? __pfx__copy_to_iter+0x10/0x10 [ 97.563642][ T6061] ? __virt_addr_valid+0x1a4/0x590 [ 97.565441][ T6061] ? __virt_addr_valid+0x5e/0x590 [ 97.567209][ T6061] ? const_folio_flags.constprop.0+0x56/0x150 [ 97.569325][ T6061] ? __phys_addr_symbol+0x30/0x80 [ 97.571062][ T6061] ? __check_object_size+0x488/0x710 [ 97.572892][ T6061] simple_copy_to_iter+0x4f/0x80 [ 97.574607][ T6061] __skb_datagram_iter+0x5a6/0x8c0 [ 97.576396][ T6061] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 97.578343][ T6061] skb_copy_datagram_iter+0x40/0x50 [ 97.580175][ T6061] tcp_recvmsg_locked+0x1aa3/0x2780 [ 97.581954][ T6061] ? __pfx_tcp_recvmsg_locked+0x10/0x10 [ 97.583864][ T6061] ? tcp_recvmsg+0x113/0x680 [ 97.585469][ T6061] ? __local_bh_enable_ip+0xa4/0x120 [ 97.587309][ T6061] tcp_recvmsg+0x12e/0x680 [ 97.588906][ T6061] ? __pfx_tcp_recvmsg+0x10/0x10 [ 97.590639][ T6061] ? aa_sk_perm+0x2f5/0xb20 [ 97.592285][ T6061] ? __pfx_tcp_recvmsg+0x10/0x10 [ 97.594047][ T6061] inet_recvmsg+0x12b/0x6a0 [ 97.595693][ T6061] ? __pfx_inet_recvmsg+0x10/0x10 [ 97.597498][ T6061] ? find_held_lock+0x2d/0x110 [ 97.599263][ T6061] sock_recvmsg+0x1b2/0x250 [ 97.600914][ T6061] ____sys_recvmsg+0x219/0x6b0 [ 97.602646][ T6061] ? __pfx_____sys_recvmsg+0x10/0x10 [ 97.604546][ T6061] ? find_held_lock+0x2d/0x110 [ 97.606210][ T6061] ___sys_recvmsg+0x115/0x1a0 [ 97.607871][ T6061] ? __pfx____sys_recvmsg+0x10/0x10 [ 97.609690][ T6061] ? lock_acquire+0x2f/0xb0 [ 97.611320][ T6061] ? __fget_files+0x40/0x3f0 [ 97.612933][ T6061] ? fdget+0x176/0x210 [ 97.614359][ T6061] __sys_recvmsg+0x114/0x1e0 [ 97.615998][ T6061] ? __pfx___sys_recvmsg+0x10/0x10 [ 97.617771][ T6061] ? __fget_files+0x244/0x3f0 [ 97.619430][ T6061] __do_fast_syscall_32+0x73/0x120 [ 97.621227][ T6061] do_fast_syscall_32+0x32/0x80 [ 97.622949][ T6061] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 97.625175][ T6061] RIP: 0023:0xf7fa3579 [ 97.626616][ T6061] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 97.633220][ T6061] RSP: 002b:00000000f570556c EFLAGS: 00000296 ORIG_RAX: 0000000000000174 [ 97.636104][ T6061] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001500 [ 97.638829][ T6061] RDX: 0000000000000104 RSI: 0000000000000000 RDI: 0000000000000000 [ 97.641562][ T6061] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 97.644290][ T6061] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 97.647004][ T6061] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.649756][ T6061] [ 97.964766][ T6069] FAULT_INJECTION: forcing a failure. [ 97.964766][ T6069] name failslab, interval 1, probability 0, space 0, times 0 [ 97.968676][ T6069] CPU: 3 UID: 0 PID: 6069 Comm: syz.0.164 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 97.971942][ T6069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.975751][ T6069] Call Trace: [ 97.976962][ T6069] [ 97.978032][ T6069] dump_stack_lvl+0x16c/0x1f0 [ 97.979768][ T6069] should_fail_ex+0x497/0x5b0 [ 97.981469][ T6069] ? fs_reclaim_acquire+0xae/0x160 [ 97.983343][ T6069] should_failslab+0xc2/0x120 [ 97.985069][ T6069] __kmalloc_node_noprof+0xd1/0x440 [ 97.986959][ T6069] ? __nf_register_net_hook+0x184/0x730 [ 97.988989][ T6069] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 97.991078][ T6069] __kvmalloc_node_noprof+0xad/0x1a0 [ 97.993133][ T6069] nf_hook_entries_grow+0x282/0x810 [ 97.995244][ T6069] __nf_register_net_hook+0x1cd/0x730 [ 97.997359][ T6069] nf_register_net_hook+0x109/0x160 [ 97.999454][ T6069] nf_register_net_hooks+0x5d/0xd0 [ 98.001537][ T6069] nf_defrag_ipv6_enable+0xc1/0x130 [ 98.003617][ T6069] nf_ct_netns_do_get+0x227/0x620 [ 98.005510][ T6069] ? __pfx_nf_ct_netns_do_get+0x10/0x10 [ 98.007588][ T6069] ? lockdep_init_map_type+0x16d/0x7d0 [ 98.009605][ T6069] nf_ct_netns_get+0xf7/0x150 [ 98.011533][ T6069] nft_connlimit_do_init+0x229/0x330 [ 98.013811][ T6069] ? __pfx_nft_connlimit_init+0x10/0x10 [ 98.016083][ T6069] nft_expr_init+0x28b/0x3b0 [ 98.017804][ T6069] ? __pfx_nft_expr_init+0x10/0x10 [ 98.019797][ T6069] ? do_init_timer+0xc9/0x110 [ 98.021590][ T6069] nft_set_elem_expr_alloc+0x27/0x270 [ 98.023636][ T6069] nft_set_expr_alloc+0x6c/0x5f0 [ 98.025508][ T6069] nf_tables_newset+0x2e91/0x4120 [ 98.027387][ T6069] ? __pfx_nf_tables_newset+0x10/0x10 [ 98.029567][ T6069] ? __pfx___lock_acquire+0x10/0x10 [ 98.031781][ T6069] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 98.034153][ T6069] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 98.036342][ T6069] ? __nla_validate_parse+0x605/0x2b10 [ 98.038428][ T6069] ? net_generic+0xea/0x2a0 [ 98.040144][ T6069] ? __pfx_lock_release+0x10/0x10 [ 98.042002][ T6069] ? trace_lock_acquire+0x14a/0x1d0 [ 98.043965][ T6069] ? __nla_parse+0x40/0x60 [ 98.045756][ T6069] nfnetlink_rcv_batch+0x1a28/0x24e0 [ 98.048076][ T6069] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 98.050715][ T6069] ? __pfx_lock_release+0x10/0x10 [ 98.052908][ T6069] ? __local_bh_enable_ip+0xa4/0x120 [ 98.054962][ T6069] ? lockdep_hardirqs_on+0x7c/0x110 [ 98.057013][ T6069] ? __pfx___dev_queue_xmit+0x10/0x10 [ 98.059137][ T6069] ? __nla_parse+0x40/0x60 [ 98.060859][ T6069] nfnetlink_rcv+0x3c3/0x430 [ 98.062742][ T6069] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 98.064899][ T6069] netlink_unicast+0x53c/0x7f0 [ 98.067053][ T6069] ? __pfx_netlink_unicast+0x10/0x10 [ 98.069141][ T6069] ? __phys_addr_symbol+0x30/0x80 [ 98.071058][ T6069] ? __check_object_size+0x488/0x710 [ 98.073089][ T6069] netlink_sendmsg+0x8b8/0xd70 [ 98.074982][ T6069] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.077104][ T6069] ? lock_acquire+0x2f/0xb0 [ 98.079072][ T6069] ____sys_sendmsg+0x9ae/0xb40 [ 98.081046][ T6069] ? __pfx_____sys_sendmsg+0x10/0x10 [ 98.083239][ T6069] ? get_compat_msghdr+0x11b/0x170 [ 98.085244][ T6069] ? __pfx___lock_acquire+0x10/0x10 [ 98.087300][ T6069] ___sys_sendmsg+0x135/0x1e0 [ 98.089149][ T6069] ? __pfx____sys_sendmsg+0x10/0x10 [ 98.091289][ T6069] ? lock_acquire+0x2f/0xb0 [ 98.093135][ T6069] ? __fget_files+0x40/0x3f0 [ 98.094990][ T6069] ? fdget+0x176/0x210 [ 98.096526][ T6069] __sys_sendmsg+0x117/0x1f0 [ 98.098267][ T6069] ? __pfx___sys_sendmsg+0x10/0x10 [ 98.100194][ T6069] ? __fget_files+0x244/0x3f0 [ 98.101926][ T6069] __do_fast_syscall_32+0x73/0x120 [ 98.103860][ T6069] do_fast_syscall_32+0x32/0x80 [ 98.105919][ T6069] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 98.108575][ T6069] RIP: 0023:0xf7f14579 [ 98.110137][ T6069] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 98.117140][ T6069] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 98.120242][ T6069] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 98.123452][ T6069] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 98.126706][ T6069] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 98.129655][ T6069] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 98.132549][ T6069] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 98.135460][ T6069] [ 98.489821][ T72] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 98.565265][ T6084] FAULT_INJECTION: forcing a failure. [ 98.565265][ T6084] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 98.569584][ T6084] CPU: 2 UID: 0 PID: 6084 Comm: syz.2.169 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 98.573272][ T6084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 98.577139][ T6084] Call Trace: [ 98.578415][ T6084] [ 98.579585][ T6084] dump_stack_lvl+0x16c/0x1f0 [ 98.581316][ T6084] should_fail_ex+0x497/0x5b0 [ 98.582979][ T6084] ? fs_reclaim_acquire+0xae/0x160 [ 98.584724][ T6084] should_fail_alloc_page+0xe7/0x130 [ 98.586532][ T6084] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 98.588698][ T6084] ? __pfx_stack_trace_save+0x10/0x10 [ 98.590781][ T6084] __alloc_pages_noprof+0x190/0x25c0 [ 98.592812][ T6084] ? save_trace+0x42/0xa10 [ 98.594359][ T6084] ? add_lock_to_list+0x17d/0x390 [ 98.596169][ T6084] ? hlock_class+0x4e/0x130 [ 98.597789][ T6084] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 98.599812][ T6084] ? __pfx___lock_acquire+0x10/0x10 [ 98.601734][ T6084] ? save_trace+0x42/0xa10 [ 98.603404][ T6084] ? add_lock_to_list+0x17d/0x390 [ 98.605400][ T6084] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 98.607625][ T6084] ? policy_nodemask+0xea/0x4e0 [ 98.609320][ T6084] alloc_pages_mpol_noprof+0x2c9/0x610 [ 98.611160][ T6084] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 98.613231][ T6084] ? do_raw_spin_lock+0x12d/0x2c0 [ 98.614983][ T6084] ? lock_acquire+0x2f/0xb0 [ 98.616679][ T6084] ? kasan_populate_vmalloc_pte+0xfb/0x160 [ 98.618856][ T6084] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 98.621081][ T6084] get_free_pages_noprof+0xc/0x40 [ 98.622839][ T6084] kasan_populate_vmalloc_pte+0x2d/0x160 [ 98.624760][ T6084] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 98.626860][ T6084] __apply_to_page_range+0x5fd/0xd30 [ 98.628705][ T6084] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 98.630887][ T6084] ? __pfx___apply_to_page_range+0x10/0x10 [ 98.633076][ T6084] ? insert_vmap_area+0x2ef/0x4d0 [ 98.634968][ T6084] alloc_vmap_area+0x93e/0x2a70 [ 98.636690][ T6084] ? __pfx_alloc_vmap_area+0x10/0x10 [ 98.638510][ T6084] __get_vm_area_node+0x17e/0x2d0 [ 98.639785][ T72] usb 6-1: Using ep0 maxpacket: 8 [ 98.640270][ T6084] __vmalloc_node_range_noprof+0x26a/0x15a0 [ 98.643696][ T72] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 98.644194][ T6084] ? __snd_dma_alloc_pages+0x50/0x90 [ 98.647073][ T72] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 98.648851][ T6084] ? __snd_dma_alloc_pages+0x50/0x90 [ 98.653920][ T6084] ? trace_contention_end+0xea/0x140 [ 98.656067][ T6084] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 98.658431][ T6084] ? __mutex_unlock_slowpath+0x164/0x650 [ 98.660173][ T72] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 98.660414][ T6084] ? __snd_dma_alloc_pages+0x50/0x90 [ 98.663414][ T72] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 98.665252][ T6084] vmalloc_noprof+0x6b/0x90 [ 98.665283][ T6084] ? __snd_dma_alloc_pages+0x50/0x90 [ 98.665307][ T6084] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 98.665323][ T6084] __snd_dma_alloc_pages+0x50/0x90 [ 98.668648][ T72] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 98.670255][ T6084] snd_dma_alloc_dir_pages+0x151/0x240 [ 98.670287][ T6084] do_alloc_pages+0x126/0x200 [ 98.670315][ T6084] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 98.670344][ T6084] snd_pcm_hw_params+0x152b/0x1a30 [ 98.688069][ T6084] ? snd_pcm_hw_param_near.constprop.0+0x73e/0x8f0 [ 98.690196][ T6084] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 98.692128][ T6084] ? snd_pcm_hw_param_near.constprop.0+0x743/0x8f0 [ 98.694117][ T6084] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 98.696566][ T6084] snd_pcm_kernel_ioctl+0x147/0x2d0 [ 98.698409][ T6084] snd_pcm_oss_change_params_locked+0x1410/0x3a50 [ 98.700751][ T6084] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 98.703089][ T6084] ? snd_pcm_oss_get_active_substream+0x146/0x1d0 [ 98.705310][ T6084] ? __mutex_lock+0x1a6/0x9c0 [ 98.706976][ T6084] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 98.709154][ T6084] snd_pcm_oss_set_channels+0x23e/0x370 [ 98.711102][ T6084] ? __pfx_snd_pcm_oss_set_channels+0x10/0x10 [ 98.713236][ T6084] ? snd_pcm_oss_ioctl+0x215d/0x3780 [ 98.715124][ T6084] snd_pcm_oss_ioctl+0x218d/0x3780 [ 98.716909][ T6084] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 98.718833][ T6084] ? __fget_files+0x244/0x3f0 [ 98.720482][ T6084] ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10 [ 98.722568][ T6084] __do_compat_sys_ioctl+0x259/0x2b0 [ 98.724420][ T6084] __do_fast_syscall_32+0x73/0x120 [ 98.726210][ T6084] do_fast_syscall_32+0x32/0x80 [ 98.727907][ T6084] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 98.730089][ T6084] RIP: 0023:0xf7fa3579 [ 98.731518][ T6084] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 98.738059][ T6084] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 98.740948][ T6084] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0045006 [ 98.743716][ T6084] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 98.746446][ T6084] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 98.749171][ T6084] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 98.751937][ T6084] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 98.754678][ T6084] [ 98.755933][ T72] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 98.759040][ T72] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.765096][ T6084] syz.2.169: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 98.771389][ T6084] CPU: 3 UID: 0 PID: 6084 Comm: syz.2.169 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 98.774927][ T6084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 98.778519][ T6084] Call Trace: [ 98.779677][ T6084] [ 98.780682][ T6084] dump_stack_lvl+0x16c/0x1f0 [ 98.782295][ T6084] warn_alloc+0x24d/0x3a0 [ 98.783799][ T6084] ? __pfx_warn_alloc+0x10/0x10 [ 98.785457][ T6084] ? kfree+0x14f/0x4b0 [ 98.786850][ T6084] ? __get_vm_area_node+0x1bc/0x2d0 [ 98.788760][ T6084] __vmalloc_node_range_noprof+0xd27/0x15a0 [ 98.790765][ T6084] ? __snd_dma_alloc_pages+0x50/0x90 [ 98.792703][ T6084] ? trace_contention_end+0xea/0x140 [ 98.794504][ T6084] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 98.796651][ T6084] ? __mutex_unlock_slowpath+0x164/0x650 [ 98.798570][ T6084] ? __snd_dma_alloc_pages+0x50/0x90 [ 98.800379][ T6084] vmalloc_noprof+0x6b/0x90 [ 98.801940][ T6084] ? __snd_dma_alloc_pages+0x50/0x90 [ 98.803753][ T6084] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 98.805729][ T6084] __snd_dma_alloc_pages+0x50/0x90 [ 98.807490][ T6084] snd_dma_alloc_dir_pages+0x151/0x240 [ 98.809344][ T6084] do_alloc_pages+0x126/0x200 [ 98.810956][ T6084] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 98.812842][ T6084] snd_pcm_hw_params+0x152b/0x1a30 [ 98.814578][ T6084] ? snd_pcm_hw_param_near.constprop.0+0x73e/0x8f0 [ 98.816773][ T6084] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 98.818632][ T6084] ? snd_pcm_hw_param_near.constprop.0+0x743/0x8f0 [ 98.820865][ T6084] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 98.823190][ T6084] snd_pcm_kernel_ioctl+0x147/0x2d0 [ 98.824972][ T6084] snd_pcm_oss_change_params_locked+0x1410/0x3a50 [ 98.827158][ T6084] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 98.829427][ T6084] ? snd_pcm_oss_get_active_substream+0x146/0x1d0 [ 98.831606][ T6084] ? __mutex_lock+0x1a6/0x9c0 [ 98.833218][ T6084] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 98.835348][ T6084] snd_pcm_oss_set_channels+0x23e/0x370 [ 98.837233][ T6084] ? __pfx_snd_pcm_oss_set_channels+0x10/0x10 [ 98.839311][ T6084] ? snd_pcm_oss_ioctl+0x215d/0x3780 [ 98.841061][ T6084] snd_pcm_oss_ioctl+0x218d/0x3780 [ 98.842756][ T6084] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 98.844592][ T6084] ? __fget_files+0x244/0x3f0 [ 98.846158][ T6084] ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10 [ 98.848297][ T6084] __do_compat_sys_ioctl+0x259/0x2b0 [ 98.850069][ T6084] __do_fast_syscall_32+0x73/0x120 [ 98.851781][ T6084] do_fast_syscall_32+0x32/0x80 [ 98.853414][ T6084] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 98.855520][ T6084] RIP: 0023:0xf7fa3579 [ 98.856897][ T6084] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 98.863357][ T6084] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 98.866134][ T6084] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0045006 [ 98.868558][ T6084] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 98.870962][ T6084] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 98.872884][ T6084] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 98.875517][ T6084] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 98.878166][ T6084] [ 98.881030][ T6084] Mem-Info: [ 98.882173][ T6084] active_anon:5461 inactive_anon:59 isolated_anon:0 [ 98.882173][ T6084] active_file:12658 inactive_file:31018 isolated_file:0 [ 98.882173][ T6084] unevictable:768 dirty:302 writeback:0 [ 98.882173][ T6084] slab_reclaimable:5315 slab_unreclaimable:50982 [ 98.882173][ T6084] mapped:20330 shmem:3781 pagetables:681 [ 98.882173][ T6084] sec_pagetables:309 bounce:0 [ 98.882173][ T6084] kernel_misc_reclaimable:0 [ 98.882173][ T6084] free:88844 free_pcp:3147 free_cma:0 [ 98.897050][ T6084] Node 0 active_anon:0kB inactive_anon:224kB active_file:0kB inactive_file:244kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:5388kB dirty:184kB writeback:0kB shmem:1544kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9612kB pagetables:1460kB sec_pagetables:1200kB all_unreclaimable? no [ 98.906170][ T6084] Node 1 active_anon:21884kB inactive_anon:12kB active_file:50544kB inactive_file:123964kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:75932kB dirty:1024kB writeback:0kB shmem:13580kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1748kB pagetables:1264kB sec_pagetables:36kB all_unreclaimable? no [ 98.916658][ T6084] Node 0 DMA free:908kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:0kB free_cma:0kB [ 98.923665][ T6084] lowmem_reserve[]: 0 273 0 0 0 [ 98.924998][ T6084] Node 0 DMA32 free:21188kB boost:0kB min:13904kB low:17380kB high:20856kB reserved_highatomic:4096KB active_anon:196kB inactive_anon:0kB active_file:180kB inactive_file:12kB unevictable:1536kB writepending:180kB present:1032196kB managed:306284kB mlocked:0kB bounce:0kB free_pcp:2708kB local_pcp:2424kB free_cma:0kB [ 98.934771][ T6084] lowmem_reserve[]: 0 0 0 0 0 [ 98.936091][ T6084] Node 1 DMA32 free:333280kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:21884kB inactive_anon:12kB active_file:50544kB inactive_file:123964kB unevictable:1536kB writepending:1024kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:9900kB local_pcp:7124kB free_cma:0kB [ 98.944008][ T6084] lowmem_reserve[]: 0 0 0 0 0 [ 98.945304][ T6084] Node 0 DMA: 7*4kB (U) 3*8kB (U) 24*16kB (U) 16*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 948kB [ 98.948856][ T6084] Node 0 DMA32: 304*4kB (UMEH) 73*8kB (UMH) 30*16kB (UMEH) 57*32kB (UEH) 17*64kB (UEH) 19*128kB (UME) 8*256kB (UM) 7*512kB (M) 2*1024kB (M) 3*2048kB (UM) 0*4096kB = 21448kB [ 98.955528][ T6084] Node 1 DMA32: 599*4kB (UME) 294*8kB (UME) 179*16kB (UME) 121*32kB (UME) 362*64kB (UME) 142*128kB (UME) 48*256kB (UME) 27*512kB (ME) 17*1024kB (UME) 6*2048kB (ME) 55*4096kB (UM) = 333916kB [ 98.960542][ T6084] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 98.963026][ T6084] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 98.965432][ T6084] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 98.968189][ T6084] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 98.973000][ T6084] 48188 total pagecache pages [ 98.974285][ T6084] 729 pages in swap cache [ 98.975483][ T6084] Free swap = 110552kB [ 98.976618][ T6084] Total swap = 124996kB [ 98.977747][ T6084] 524155 pages RAM [ 98.978782][ T6084] 0 pages HighMem/MovableOnly [ 98.980121][ T6084] 206681 pages reserved [ 98.981349][ T6084] 0 pages cma reserved [ 99.100980][ T72] usb 6-1: usb_control_msg returned -32 [ 99.102719][ T72] usbtmc 6-1:16.0: can't read capabilities [ 99.643203][ T1076] sr 2:0:0:0: [sr0] tag#21 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 99.645927][ T1076] sr 2:0:0:0: [sr0] tag#21 Sense Key : Illegal Request [current] [ 99.648836][ T1076] sr 2:0:0:0: [sr0] tag#21 Add. Sense: Invalid command operation code [ 99.652130][ T1076] sr 2:0:0:0: [sr0] tag#21 CDB: Write(10) 2a 00 00 00 00 00 00 00 02 00 [ 99.654715][ T1076] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 99.657675][ T1076] Buffer I/O error on dev sr0, logical block 0, lost async page write [ 99.843581][ T6115] FAULT_INJECTION: forcing a failure. [ 99.843581][ T6115] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.847142][ T6115] CPU: 0 UID: 0 PID: 6115 Comm: syz.2.178 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 99.849867][ T6115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.852651][ T6115] Call Trace: [ 99.853524][ T6115] [ 99.854295][ T6115] dump_stack_lvl+0x16c/0x1f0 [ 99.855512][ T6115] should_fail_ex+0x497/0x5b0 [ 99.856728][ T6115] _copy_from_user+0x30/0xf0 [ 99.857940][ T6115] get_compat_msghdr+0xa8/0x170 [ 99.859428][ T6115] ? __pfx_get_compat_msghdr+0x10/0x10 [ 99.860915][ T6115] ? find_held_lock+0x2d/0x110 [ 99.862176][ T6115] ___sys_recvmsg+0x193/0x1a0 [ 99.863524][ T6115] ? __pfx____sys_recvmsg+0x10/0x10 [ 99.864890][ T6115] ? lock_acquire+0x2f/0xb0 [ 99.866093][ T6115] ? __fget_files+0x40/0x3f0 [ 99.867314][ T6115] ? fdget+0x176/0x210 [ 99.868374][ T6115] do_recvmmsg+0x51a/0x750 [ 99.869539][ T6115] ? __pfx_do_recvmmsg+0x10/0x10 [ 99.870819][ T6115] ? __pfx_lock_release+0x10/0x10 [ 99.872158][ T6115] ? vfs_write+0x14d/0x1140 [ 99.873368][ T6115] ? __fget_files+0x244/0x3f0 [ 99.874736][ T6115] __sys_recvmmsg+0x21e/0x280 [ 99.875987][ T6115] ? __pfx___sys_recvmmsg+0x10/0x10 [ 99.877340][ T6115] ? __pfx_ksys_write+0x10/0x10 [ 99.878695][ T6115] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 99.880319][ T6115] ? lockdep_hardirqs_on+0x7c/0x110 [ 99.881686][ T6115] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 99.883399][ T6115] __do_fast_syscall_32+0x73/0x120 [ 99.884725][ T6115] do_fast_syscall_32+0x32/0x80 [ 99.885980][ T6115] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 99.887614][ T6115] RIP: 0023:0xf7fa3579 [ 99.888668][ T6115] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 99.893670][ T6115] RSP: 002b:00000000f570556c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 99.895834][ T6115] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000200048c0 [ 99.897877][ T6115] RDX: 0000000000001003 RSI: 0000000000010122 RDI: 0000000000000000 [ 99.900051][ T6115] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 99.902800][ T6115] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 99.905585][ T6115] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 99.908405][ T6115] [ 99.909677][ C0] vkms_vblank_simulate: vblank timer overrun [ 100.533794][ T57] usb 6-1: USB disconnect, device number 7 [ 101.341100][ T6133] binder: 6132:6133 ioctl c0306201 20000080 returned -14 [ 101.498356][ T6141] netlink: 'syz.1.187': attribute type 21 has an invalid length. [ 101.506431][ T6141] netlink: 'syz.1.187': attribute type 20 has an invalid length. [ 101.514738][ T6141] IPv6: NLM_F_CREATE should be specified when creating new route [ 102.167683][ T6178] netlink: 20 bytes leftover after parsing attributes in process `syz.1.196'. [ 102.216780][ T6182] openvswitch: netlink: Actions may not be safe on all matching packets [ 102.244471][ T6182] bridge: RTM_NEWNEIGH with invalid ether address [ 102.289953][ T5408] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 102.375389][ T6190] netlink: 24 bytes leftover after parsing attributes in process `syz.3.200'. [ 102.459762][ T5408] usb 7-1: Using ep0 maxpacket: 8 [ 102.462822][ T5408] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 102.464997][ T5408] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 102.468265][ T5408] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 102.471270][ T5408] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 102.474309][ T5408] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 102.478788][ T5408] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 102.486379][ T5408] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.749112][ T5408] usb 7-1: usb_control_msg returned -32 [ 102.751775][ T5408] usbtmc 7-1:16.0: can't read capabilities [ 103.122813][ T6199] netlink: 'syz.1.202': attribute type 21 has an invalid length. [ 103.852633][ T6205] FAULT_INJECTION: forcing a failure. [ 103.852633][ T6205] name failslab, interval 1, probability 0, space 0, times 0 [ 103.857158][ T6205] CPU: 3 UID: 0 PID: 6205 Comm: syz.3.204 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 103.860959][ T6205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 103.864768][ T6205] Call Trace: [ 103.866155][ T6205] [ 103.867254][ T6205] dump_stack_lvl+0x16c/0x1f0 [ 103.869026][ T6205] should_fail_ex+0x497/0x5b0 [ 103.870762][ T6205] should_failslab+0xc2/0x120 [ 103.872474][ T6205] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 103.874410][ T6205] ? skb_clone+0x190/0x3f0 [ 103.876065][ T6205] skb_clone+0x190/0x3f0 [ 103.877615][ T6205] netlink_deliver_tap+0xb26/0xcf0 [ 103.879486][ T6205] netlink_unicast+0x6b4/0x7f0 [ 103.881214][ T6205] ? __pfx_netlink_unicast+0x10/0x10 [ 103.883132][ T6205] ? __pfx_nf_tables_abort+0x10/0x10 [ 103.885074][ T6205] netlink_ack+0x6a5/0xb20 [ 103.886703][ T6205] nfnetlink_rcv_batch+0x1626/0x24e0 [ 103.888659][ T6205] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 103.890702][ T6205] ? __pfx_lock_release+0x10/0x10 [ 103.892554][ T6205] ? __local_bh_enable_ip+0xa4/0x120 [ 103.894462][ T6205] ? lockdep_hardirqs_on+0x7c/0x110 [ 103.896395][ T6205] ? __pfx___dev_queue_xmit+0x10/0x10 [ 103.898383][ T6205] ? __nla_parse+0x40/0x60 [ 103.900060][ T6205] nfnetlink_rcv+0x3c3/0x430 [ 103.901742][ T6205] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 103.903603][ T6205] netlink_unicast+0x53c/0x7f0 [ 103.905342][ T6205] ? __pfx_netlink_unicast+0x10/0x10 [ 103.907289][ T6205] ? __phys_addr_symbol+0x30/0x80 [ 103.909113][ T6205] ? __check_object_size+0x488/0x710 [ 103.911043][ T6205] netlink_sendmsg+0x8b8/0xd70 [ 103.912774][ T6205] ? __pfx_netlink_sendmsg+0x10/0x10 [ 103.914690][ T6205] ? lock_acquire+0x2f/0xb0 [ 103.916392][ T6205] ____sys_sendmsg+0x9ae/0xb40 [ 103.918155][ T6205] ? __pfx_____sys_sendmsg+0x10/0x10 [ 103.920109][ T6205] ? get_compat_msghdr+0x11b/0x170 [ 103.921953][ T6205] ? __pfx___lock_acquire+0x10/0x10 [ 103.923835][ T6205] ___sys_sendmsg+0x135/0x1e0 [ 103.925563][ T6205] ? __pfx____sys_sendmsg+0x10/0x10 [ 103.927487][ T6205] ? lock_acquire+0x2f/0xb0 [ 103.929179][ T6205] ? __fget_files+0x40/0x3f0 [ 103.930861][ T6205] ? fdget+0x176/0x210 [ 103.932362][ T6205] __sys_sendmsg+0x117/0x1f0 [ 103.934051][ T6205] ? __pfx___sys_sendmsg+0x10/0x10 [ 103.935927][ T6205] ? __fget_files+0x244/0x3f0 [ 103.937670][ T6205] __do_fast_syscall_32+0x73/0x120 [ 103.939543][ T6205] do_fast_syscall_32+0x32/0x80 [ 103.941317][ T6205] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 103.943586][ T6205] RIP: 0023:0xf7f68579 [ 103.945083][ T6205] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 103.951959][ T6205] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 103.954961][ T6205] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 103.957827][ T6205] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 103.960697][ T6205] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 103.963528][ T6205] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 103.966406][ T6205] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 103.969301][ T6205] [ 104.008206][ T6207] netlink: 'syz.3.205': attribute type 27 has an invalid length. [ 104.035186][ T6207] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.037589][ T6207] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.070200][ T6208] netlink: 4 bytes leftover after parsing attributes in process `syz.3.205'. [ 104.125637][ T6207] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 104.141061][ T6207] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 104.220912][ T6207] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.223316][ T6207] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.225835][ T6207] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.228206][ T6207] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.263401][ T6207] syz.3.205 (6207) used greatest stack depth: 21216 bytes left [ 104.615150][ T57] usb 7-1: USB disconnect, device number 6 [ 105.029826][ T5408] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 105.191227][ T5408] usb 6-1: Using ep0 maxpacket: 8 [ 105.350142][ T5408] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 105.353423][ T5408] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 105.357181][ T5408] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 105.361622][ T5408] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 105.493659][ T6233] netlink: 20 bytes leftover after parsing attributes in process `syz.3.211'. [ 105.633223][ T5408] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 105.648930][ T5408] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 105.680723][ T5408] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.128629][ T5408] usb 6-1: usb_control_msg returned -32 [ 106.131464][ T5408] usbtmc 6-1:16.0: can't read capabilities [ 106.152326][ T6238] warning: `syz.3.212' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 106.588157][ T6248] netlink: 24 bytes leftover after parsing attributes in process `syz.3.214'. [ 106.839837][ T6251] IPVS: persistence engine module ip_vs_pe_@ not found [ 107.499790][ T5408] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 107.669806][ T5408] usb 8-1: Using ep0 maxpacket: 8 [ 107.673222][ T5408] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 107.676477][ T5408] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 107.680146][ T5408] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 107.683543][ T5408] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 107.686494][ T5408] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 107.690683][ T5408] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 107.693391][ T5408] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.730542][ T5387] usb 6-1: USB disconnect, device number 8 [ 107.808321][ T6269] netlink: 20 bytes leftover after parsing attributes in process `syz.1.219'. [ 107.914635][ T5408] usb 8-1: usb_control_msg returned -32 [ 107.916112][ T5408] usbtmc 8-1:16.0: can't read capabilities [ 108.945987][ T64] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 109.747697][ T5403] usb 8-1: USB disconnect, device number 11 [ 109.908011][ T64] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 110.218516][ T5351] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 110.939829][ T5403] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 111.099803][ T5403] usb 5-1: Using ep0 maxpacket: 8 [ 111.107575][ T5403] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 111.110480][ T5403] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 111.113295][ T5403] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 111.116090][ T5403] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 111.118955][ T5403] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 111.122537][ T5403] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 111.125219][ T5403] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.349474][ T5403] usb 5-1: usb_control_msg returned -32 [ 111.351194][ T5403] usbtmc 5-1:16.0: can't read capabilities [ 111.811764][ T6304] FAULT_INJECTION: forcing a failure. [ 111.811764][ T6304] name failslab, interval 1, probability 0, space 0, times 0 [ 111.815056][ T6304] CPU: 0 UID: 0 PID: 6304 Comm: syz.1.227 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 111.817787][ T6304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 111.820913][ T6304] Call Trace: [ 111.821844][ T6304] [ 111.822607][ T6304] dump_stack_lvl+0x16c/0x1f0 [ 111.823936][ T6304] should_fail_ex+0x497/0x5b0 [ 111.825173][ T6304] ? fs_reclaim_acquire+0xae/0x160 [ 111.826513][ T6304] should_failslab+0xc2/0x120 [ 111.827761][ T6304] __kmalloc_cache_noprof+0x6b/0x310 [ 111.829148][ T6304] ? ovl_init_fs_context+0x52/0x5d0 [ 111.830527][ T6304] ovl_init_fs_context+0x52/0x5d0 [ 111.831859][ T6304] ? __pfx_ovl_init_fs_context+0x10/0x10 [ 111.833327][ T6304] alloc_fs_context+0x54a/0x9c0 [ 111.834609][ T6304] path_mount+0xbfb/0x1f10 [ 111.835807][ T6304] ? kmem_cache_free+0x152/0x4b0 [ 111.837114][ T6304] ? __pfx_path_mount+0x10/0x10 [ 111.838434][ T6304] ? putname+0x12e/0x170 [ 111.839570][ T6304] __ia32_sys_mount+0x292/0x310 [ 111.840880][ T6304] ? __pfx___ia32_sys_mount+0x10/0x10 [ 111.842285][ T6304] __do_fast_syscall_32+0x73/0x120 [ 111.843646][ T6304] do_fast_syscall_32+0x32/0x80 [ 111.844931][ T6304] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 111.846584][ T6304] RIP: 0023:0xf7fa5579 [ 111.847670][ T6304] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 111.852662][ T6304] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 111.854833][ T6304] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 111.856887][ T6304] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000020000400 [ 111.858982][ T6304] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 111.861029][ T6304] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 111.863076][ T6304] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 111.865092][ T6304] [ 111.873165][ T6304] netlink: 24 bytes leftover after parsing attributes in process `syz.1.227'. [ 113.111106][ T25] usb 5-1: USB disconnect, device number 6 [ 113.338636][ T64] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 114.491370][ T35] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 114.639761][ T35] usb 5-1: Using ep0 maxpacket: 8 [ 114.643027][ T35] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 114.645964][ T35] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 114.649413][ T35] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 114.653133][ T35] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 114.656707][ T35] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 114.661284][ T35] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 114.663621][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.887670][ T35] usb 5-1: usb_control_msg returned -32 [ 114.889241][ T35] usbtmc 5-1:16.0: can't read capabilities [ 116.386668][ T5385] usb 5-1: USB disconnect, device number 7 [ 116.544581][ T5351] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 116.548254][ T5351] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 116.551288][ T5351] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 116.554258][ T5351] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 116.556685][ T5351] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 116.558831][ T5351] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 116.688444][ T5351] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 116.765491][ T6334] chnl_net:caif_netlink_parms(): no params data found [ 116.875671][ T6334] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.878343][ T6334] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.881364][ T6334] bridge_slave_0: entered allmulticast mode [ 116.884329][ T6334] bridge_slave_0: entered promiscuous mode [ 116.888689][ T6334] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.892495][ T6334] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.894542][ T6334] bridge_slave_1: entered allmulticast mode [ 116.896666][ T6334] bridge_slave_1: entered promiscuous mode [ 116.922312][ T6334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.926102][ T6334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.949435][ T6334] team0: Port device team_slave_0 added [ 116.952546][ T6334] team0: Port device team_slave_1 added [ 116.973205][ T6334] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.975135][ T6334] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.983097][ T6334] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.986966][ T6334] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.988827][ T6334] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.995804][ T6334] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.044559][ T6334] hsr_slave_0: entered promiscuous mode [ 117.047052][ T6334] hsr_slave_1: entered promiscuous mode [ 117.049121][ T6334] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 117.053498][ T6334] Cannot create hsr debugfs directory [ 117.129304][ T6334] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.207711][ T6334] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.341147][ T6334] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.433481][ T6334] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.528115][ T6334] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 117.532660][ T6334] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 117.535791][ T6334] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 117.538853][ T6334] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 117.555537][ T6334] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.557437][ T6334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.559430][ T6334] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.561338][ T6334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.583801][ T6334] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.594134][ T66] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.598266][ T66] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.616977][ T6334] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.628193][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.630127][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.636986][ T1129] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.638929][ T1129] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.747225][ T6334] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.765128][ T6334] veth0_vlan: entered promiscuous mode [ 117.772345][ T6334] veth1_vlan: entered promiscuous mode [ 117.787352][ T6334] veth0_macvtap: entered promiscuous mode [ 117.791667][ T6334] veth1_macvtap: entered promiscuous mode [ 117.797687][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.801533][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.804438][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.807574][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.810609][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.814088][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.817314][ T6334] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.819954][ T5403] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 117.822386][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.825198][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.827723][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.831095][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.833615][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.836404][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.840401][ T6334] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.848673][ T6334] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.851508][ T6334] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.854460][ T6334] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.857477][ T6334] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.892957][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.895511][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.935131][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.938009][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.979781][ T5403] usb 6-1: Using ep0 maxpacket: 8 [ 117.982346][ T5403] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 117.984745][ T5403] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 117.987392][ T5403] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 117.990311][ T5403] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 117.996698][ T5403] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 118.001396][ T5403] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 118.003917][ T5403] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.105966][ T5351] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 118.108786][ T5351] CPU: 0 UID: 0 PID: 5351 Comm: kworker/u33:4 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 118.111797][ T5351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 118.114634][ T5351] Workqueue: hci4 hci_rx_work [ 118.115907][ T5351] Call Trace: [ 118.116806][ T5351] [ 118.117600][ T5351] dump_stack_lvl+0x16c/0x1f0 [ 118.118890][ T5351] sysfs_warn_dup+0x7f/0xa0 [ 118.120208][ T5351] sysfs_create_dir_ns+0x24d/0x2b0 [ 118.121735][ T5351] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 118.123357][ T5351] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 118.124831][ T5351] ? kobject_add_internal+0x12d/0x990 [ 118.126169][ T5351] ? do_raw_spin_unlock+0x172/0x230 [ 118.127530][ T5351] kobject_add_internal+0x2c8/0x990 [ 118.128906][ T5351] kobject_add+0x16f/0x240 [ 118.130091][ T5351] ? __pfx_kobject_add+0x10/0x10 [ 118.131412][ T5351] ? kobject_put+0xab/0x5a0 [ 118.132753][ T5351] device_add+0x289/0x1a70 [ 118.133911][ T5351] ? __pfx_dev_set_name+0x10/0x10 [ 118.135303][ T5351] ? __pfx_device_add+0x10/0x10 [ 118.136700][ T5351] ? mgmt_send_event_skb+0x2f2/0x460 [ 118.138264][ T5351] hci_conn_add_sysfs+0x17e/0x230 [ 118.139818][ T5351] le_conn_complete_evt+0xfc7/0x1cf0 [ 118.141483][ T5351] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 118.143125][ T5351] ? trace_contention_end+0xea/0x140 [ 118.144564][ T5351] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 118.146123][ T5351] ? skb_pull_data+0x166/0x210 [ 118.147402][ T5351] hci_le_meta_evt+0x2e2/0x5d0 [ 118.148674][ T5351] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 118.150380][ T5351] hci_event_packet+0x666/0x1190 [ 118.151704][ T5351] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 118.153109][ T5351] ? __pfx_hci_event_packet+0x10/0x10 [ 118.154528][ T5351] ? mark_held_locks+0x9f/0xe0 [ 118.155824][ T5351] ? kcov_remote_start+0x3cf/0x6e0 [ 118.157213][ T5351] ? lockdep_hardirqs_on+0x7c/0x110 [ 118.158694][ T5351] hci_rx_work+0x2c6/0x1610 [ 118.160047][ T5351] ? lock_acquire+0x2f/0xb0 [ 118.161374][ T5351] ? process_one_work+0x8bb/0x1b30 [ 118.162834][ T5351] process_one_work+0x958/0x1b30 [ 118.164153][ T5351] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 118.165631][ T5351] ? __pfx_process_one_work+0x10/0x10 [ 118.167064][ T5351] ? assign_work+0x1a0/0x250 [ 118.168301][ T5351] worker_thread+0x6c8/0xf00 [ 118.169499][ T5351] ? __pfx_worker_thread+0x10/0x10 [ 118.170847][ T5351] kthread+0x2c1/0x3a0 [ 118.171934][ T5351] ? _raw_spin_unlock_irq+0x23/0x50 [ 118.173370][ T5351] ? __pfx_kthread+0x10/0x10 [ 118.174684][ T5351] ret_from_fork+0x45/0x80 [ 118.175942][ T5351] ? __pfx_kthread+0x10/0x10 [ 118.177214][ T5351] ret_from_fork_asm+0x1a/0x30 [ 118.178518][ T5351] [ 118.188147][ T5351] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 118.199215][ T5351] Bluetooth: hci4: failed to register connection device [ 118.218571][ T5403] usb 6-1: usb_control_msg returned -32 [ 118.224542][ T5403] usbtmc 6-1:16.0: can't read capabilities [ 118.619887][ T64] Bluetooth: hci4: command tx timeout [ 118.774312][ T64] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 119.626446][ T72] usb 6-1: USB disconnect, device number 9 [ 119.680231][ T6385] input: syz1 as /devices/virtual/input/input8 [ 120.690537][ T64] Bluetooth: hci4: command tx timeout [ 120.987202][ T6399] input: syz1 as /devices/virtual/input/input9 [ 122.289802][ T5403] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 122.439710][ T5403] usb 7-1: Using ep0 maxpacket: 8 [ 122.446147][ T5403] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 122.448357][ T5403] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 122.451830][ T5403] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 122.454516][ T5403] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 122.457093][ T5403] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 122.460903][ T5403] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 122.463785][ T5403] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.500798][ T64] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 122.679747][ T35] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 122.714429][ T5403] usb 7-1: usb_control_msg returned -32 [ 122.715997][ T5403] usbtmc 7-1:16.0: can't read capabilities [ 122.779752][ T5351] Bluetooth: hci4: command tx timeout [ 122.859820][ T35] usb 8-1: Using ep0 maxpacket: 8 [ 122.864762][ T35] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 122.866953][ T35] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 122.869452][ T35] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 122.872199][ T35] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 122.874754][ T35] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 122.878157][ T35] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 122.883315][ T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.123814][ T35] usb 8-1: usb_control_msg returned -32 [ 123.125298][ T35] usbtmc 8-1:16.0: can't read capabilities [ 124.228138][ T30] usb 7-1: USB disconnect, device number 7 [ 124.423016][ T6456] input: syz1 as /devices/virtual/input/input10 [ 124.526807][ T5351] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 124.542508][ T35] usb 8-1: USB disconnect, device number 12 [ 124.859758][ T5351] Bluetooth: hci4: command tx timeout [ 125.169400][ T6468] dlm: non-version read from control device 231 [ 125.332073][ T5351] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 125.800241][ T5403] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 125.958993][ T5403] usb 6-1: Using ep0 maxpacket: 8 [ 125.976637][ T5403] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 125.979559][ T5403] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 125.982592][ T5403] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 125.985397][ T5403] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 125.988224][ T5403] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 125.991851][ T5403] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 125.994312][ T5403] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.409224][ T5403] usb 6-1: usb_control_msg returned -32 [ 126.411371][ T5403] usbtmc 6-1:16.0: can't read capabilities [ 126.929761][ T5351] Bluetooth: hci4: command tx timeout [ 128.240919][ T6490] FAULT_INJECTION: forcing a failure. [ 128.240919][ T6490] name failslab, interval 1, probability 0, space 0, times 0 [ 128.244331][ T6490] CPU: 2 UID: 0 PID: 6490 Comm: syz.2.267 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 128.247042][ T6490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 128.249884][ T6490] Call Trace: [ 128.250806][ T6490] [ 128.251604][ T6490] dump_stack_lvl+0x16c/0x1f0 [ 128.252967][ T6490] should_fail_ex+0x497/0x5b0 [ 128.254390][ T6490] ? fs_reclaim_acquire+0xae/0x160 [ 128.255934][ T6490] should_failslab+0xc2/0x120 [ 128.257287][ T6490] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 128.258921][ T6490] ? copy_mm+0x2bd/0x2550 [ 128.260182][ T6490] copy_mm+0x2bd/0x2550 [ 128.261444][ T6490] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 128.263120][ T6490] ? lockdep_hardirqs_on+0x7c/0x110 [ 128.264897][ T6490] ? lock_acquire.part.0+0x11b/0x380 [ 128.266666][ T6490] ? __pfx_copy_mm+0x10/0x10 [ 128.267977][ T6490] ? copy_process+0x38ef/0x6f00 [ 128.269338][ T6490] ? __pfx_lock_release+0x10/0x10 [ 128.270842][ T6490] ? lockdep_init_map_type+0x16d/0x7d0 [ 128.272304][ T6490] ? __raw_spin_lock_init+0x3a/0x110 [ 128.273804][ T6490] copy_process+0x3ab9/0x6f00 [ 128.275079][ T6490] ? __pfx_copy_process+0x10/0x10 [ 128.276478][ T6490] ? find_held_lock+0x2d/0x110 [ 128.278074][ T6490] kernel_clone+0xfd/0x960 [ 128.279324][ T6490] ? __pfx_kernel_clone+0x10/0x10 [ 128.280843][ T6490] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 128.282606][ T6490] __do_compat_sys_ia32_clone+0xb7/0x100 [ 128.284181][ T6490] ? __pfx___do_compat_sys_ia32_clone+0x10/0x10 [ 128.285996][ T6490] __do_fast_syscall_32+0x73/0x120 [ 128.287513][ T6490] do_fast_syscall_32+0x32/0x80 [ 128.288931][ T6490] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 128.290843][ T6490] RIP: 0023:0xf7fbf579 [ 128.291964][ T6490] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 128.297457][ T6490] RSP: 002b:00000000f574651c EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 128.299861][ T6490] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 128.301940][ T6490] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 128.304037][ T6490] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 128.306438][ T6490] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 128.308653][ T6490] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 128.310903][ T6490] [ 128.345690][ T57] usb 6-1: USB disconnect, device number 10 [ 128.356915][ T6499] netlink: 209832 bytes leftover after parsing attributes in process `syz.2.268'. [ 128.361654][ T6500] netlink: 209832 bytes leftover after parsing attributes in process `syz.2.268'. [ 128.422789][ T5351] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 128.765837][ T64] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 129.173154][ T6525] input: syz1 as /devices/virtual/input/input11 [ 129.199791][ T5347] udevd[5347]: setting mode of /dev/input/event4 to 020660 failed: No such file or directory [ 129.202550][ T5347] udevd[5347]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 130.180593][ T6528] netlink: 16 bytes leftover after parsing attributes in process `syz.1.273'. [ 130.185555][ T6528] netlink: 8 bytes leftover after parsing attributes in process `syz.1.273'. [ 130.189061][ T6528] FAULT_INJECTION: forcing a failure. [ 130.189061][ T6528] name failslab, interval 1, probability 0, space 0, times 0 [ 130.192949][ T6528] CPU: 2 UID: 0 PID: 6528 Comm: syz.1.273 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 130.196393][ T6528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 130.199958][ T6528] Call Trace: [ 130.201354][ T6528] [ 130.202412][ T6528] dump_stack_lvl+0x16c/0x1f0 [ 130.204088][ T6528] should_fail_ex+0x497/0x5b0 [ 130.205592][ T6528] ? fs_reclaim_acquire+0xae/0x160 [ 130.207364][ T6528] should_failslab+0xc2/0x120 [ 130.209008][ T6528] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 130.210934][ T6528] ? __kernfs_new_node+0xd3/0x890 [ 130.212792][ T6528] ? kstrdup+0x5c/0x80 [ 130.214305][ T6528] __kernfs_new_node+0xd3/0x890 [ 130.216112][ T6528] ? __pfx___kernfs_new_node+0x10/0x10 [ 130.218204][ T6528] ? __pfx_lock_release+0x10/0x10 [ 130.220040][ T6528] ? kernfs_add_one+0x39d/0x520 [ 130.221893][ T6528] ? lock_acquire.part.0+0x11b/0x380 [ 130.223729][ T6528] ? find_held_lock+0x2d/0x110 [ 130.225402][ T6528] kernfs_new_node+0x186/0x240 [ 130.226916][ T6528] kernfs_create_link+0xcc/0x240 [ 130.228638][ T6528] sysfs_do_create_link_sd+0x90/0x140 [ 130.230529][ T6528] sysfs_create_link+0x61/0xc0 [ 130.232238][ T6528] device_add+0x62e/0x1a70 [ 130.233813][ T6528] ? __pfx_device_add+0x10/0x10 [ 130.235547][ T6528] ? __init_waitqueue_head+0xca/0x150 [ 130.237440][ T6528] netdev_register_kobject+0x187/0x3f0 [ 130.239153][ T6528] register_netdevice+0x1473/0x1e20 [ 130.240785][ T6528] ? __pfx_register_netdevice+0x10/0x10 [ 130.242729][ T6528] ? alloc_netdev_mqs+0xf2a/0x12a0 [ 130.244524][ T6528] ? validate_linkmsg+0x6d2/0x9a0 [ 130.246242][ T6528] br_dev_newlink+0x27/0x110 [ 130.247898][ T6528] ? __pfx_br_dev_newlink+0x10/0x10 [ 130.249564][ T6528] __rtnl_newlink+0x119c/0x1920 [ 130.251130][ T6528] ? __pfx___rtnl_newlink+0x10/0x10 [ 130.252930][ T6528] rtnl_newlink+0x67/0xa0 [ 130.254366][ T6528] ? __pfx_rtnl_newlink+0x10/0x10 [ 130.256086][ T6528] rtnetlink_rcv_msg+0x3c7/0xea0 [ 130.257623][ T6528] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 130.259378][ T6528] ? __pfx___dev_queue_xmit+0x10/0x10 [ 130.260962][ T6528] netlink_rcv_skb+0x165/0x410 [ 130.262419][ T6528] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 130.263956][ T6528] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 130.265389][ T6528] ? netlink_deliver_tap+0x1ae/0xcf0 [ 130.266836][ T6528] netlink_unicast+0x53c/0x7f0 [ 130.268146][ T6528] ? __pfx_netlink_unicast+0x10/0x10 [ 130.269893][ T6528] ? __phys_addr_symbol+0x30/0x80 [ 130.271702][ T6528] ? __check_object_size+0x488/0x710 [ 130.273241][ T6528] netlink_sendmsg+0x8b8/0xd70 [ 130.274584][ T6528] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.276098][ T6528] ? lock_acquire+0x2f/0xb0 [ 130.277407][ T6528] ____sys_sendmsg+0x9ae/0xb40 [ 130.278902][ T6528] ? __pfx_____sys_sendmsg+0x10/0x10 [ 130.280781][ T6528] ? get_compat_msghdr+0x11b/0x170 [ 130.282379][ T6528] ? __pfx___lock_acquire+0x10/0x10 [ 130.283837][ T6528] ___sys_sendmsg+0x135/0x1e0 [ 130.285118][ T6528] ? __pfx____sys_sendmsg+0x10/0x10 [ 130.286676][ T6528] ? lock_acquire+0x2f/0xb0 [ 130.287921][ T6528] ? __fget_files+0x40/0x3f0 [ 130.289524][ T6528] ? fdget+0x176/0x210 [ 130.291072][ T6528] __sys_sendmmsg+0x2a5/0x450 [ 130.292892][ T6528] ? __pfx___sys_sendmmsg+0x10/0x10 [ 130.294447][ T6528] ? vfs_write+0x14d/0x1140 [ 130.295812][ T6528] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 130.297422][ T6528] ? fput+0x30/0x390 [ 130.298562][ T6528] ? ksys_write+0x1ad/0x260 [ 130.299908][ T6528] ? __pfx_ksys_write+0x10/0x10 [ 130.301165][ T6528] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 130.302784][ T6528] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 130.304613][ T6528] __do_fast_syscall_32+0x73/0x120 [ 130.305956][ T6528] do_fast_syscall_32+0x32/0x80 [ 130.307248][ T6528] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 130.309064][ T6528] RIP: 0023:0xf7fa5579 [ 130.310542][ T6528] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 130.316436][ T6528] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 130.318732][ T6528] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140 [ 130.320882][ T6528] RDX: 0000000004924b68 RSI: 0000000000000000 RDI: 0000000000000000 [ 130.322914][ T6528] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 130.324957][ T6528] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 130.326964][ T6528] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 130.329079][ T6528] [ 130.697695][ T6536] input input12: cannot allocate more than FF_MAX_EFFECTS effects [ 131.015052][ T6543] Invalid logical block size (48858) [ 131.299988][ T6558] input: syz1 as /devices/virtual/input/input13 [ 132.029916][ T5403] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 132.179801][ T5403] usb 8-1: Using ep0 maxpacket: 8 [ 132.220256][ T1372] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.222061][ T1372] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.251166][ T5403] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 132.260174][ T5403] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 132.263584][ T5403] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 132.265663][ T6572] input: syz1 as /devices/virtual/input/input14 [ 132.275855][ T5403] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 132.281103][ T5403] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 132.285680][ T5403] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 132.289548][ T5403] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.716267][ T5403] usb 8-1: usb_control_msg returned -32 [ 132.717812][ T5403] usbtmc 8-1:16.0: can't read capabilities [ 133.149376][ T6578] FAULT_INJECTION: forcing a failure. [ 133.149376][ T6578] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.158354][ T6578] CPU: 0 UID: 0 PID: 6578 Comm: syz.2.287 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 133.161970][ T6578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.165944][ T6578] Call Trace: [ 133.167141][ T6578] [ 133.168188][ T6578] dump_stack_lvl+0x16c/0x1f0 [ 133.169893][ T6578] should_fail_ex+0x497/0x5b0 [ 133.171625][ T6578] _copy_to_user+0x30/0xc0 [ 133.173061][ T6578] bpf_verifier_vlog+0x25d/0x6a0 [ 133.174362][ T6578] bpf_verifier_log_write+0x171/0x190 [ 133.176258][ T6578] ? __pfx_bpf_verifier_log_write+0x10/0x10 [ 133.178548][ T6578] ? _copy_to_user+0x46/0xc0 [ 133.180145][ T6578] ? print_liveness+0x6f/0xe0 [ 133.181333][ T6578] print_verifier_state+0x1da/0x1110 [ 133.182752][ T6578] ? __pfx_print_verifier_state+0x10/0x10 [ 133.184250][ T6578] ? print_insn_state+0x48/0x170 [ 133.186008][ T6578] do_check_common+0xf3e/0xd610 [ 133.188032][ T6578] ? bpf_sk_base_func_proto+0xfa/0x180 [ 133.189785][ T6578] ? tc_cls_act_func_proto+0x75/0x500 [ 133.191729][ T6578] ? __pfx_mark_fastcall_pattern_for_call+0x10/0x10 [ 133.194054][ T6578] ? kfree+0x14f/0x4b0 [ 133.195543][ T6578] ? __pfx_do_check_common+0x10/0x10 [ 133.197486][ T6578] ? __pfx_verbose+0x10/0x10 [ 133.199296][ T6578] ? __pfx_disasm_kfunc_name+0x10/0x10 [ 133.201351][ T6578] ? check_cfg+0x400/0x840 [ 133.203040][ T6578] bpf_check+0x7737/0xc7c0 [ 133.204672][ T6578] ? __pfx_bpf_check+0x10/0x10 [ 133.206405][ T6578] ? find_held_lock+0x2d/0x110 [ 133.208119][ T6578] ? ktime_get_with_offset+0x13a/0x240 [ 133.210023][ T6578] ? trace_lock_acquire+0x14a/0x1d0 [ 133.211515][ T6578] ? ktime_get_with_offset+0x13a/0x240 [ 133.212936][ T6578] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 133.214406][ T6578] ? lockdep_hardirqs_on+0x7c/0x110 [ 133.215872][ T6578] ? bpf_obj_name_cpy+0x156/0x1b0 [ 133.217241][ T6578] bpf_prog_load+0xe3f/0x2670 [ 133.218636][ T6578] ? __pfx_bpf_prog_load+0x10/0x10 [ 133.219967][ T6578] ? find_held_lock+0x2d/0x110 [ 133.221420][ T6578] __sys_bpf+0x4c8c/0x5780 [ 133.223004][ T6578] ? ksys_write+0x21e/0x260 [ 133.224639][ T6578] ? __pfx___sys_bpf+0x10/0x10 [ 133.226331][ T6578] ? vfs_write+0x14d/0x1140 [ 133.227960][ T6578] ? __mutex_unlock_slowpath+0x164/0x650 [ 133.229940][ T6578] ? fput+0x30/0x390 [ 133.231380][ T6578] ? ksys_write+0x1ad/0x260 [ 133.232993][ T6578] ? __pfx_ksys_write+0x10/0x10 [ 133.234769][ T6578] __ia32_sys_bpf+0x76/0xe0 [ 133.236320][ T6578] __do_fast_syscall_32+0x73/0x120 [ 133.237697][ T6578] do_fast_syscall_32+0x32/0x80 [ 133.239091][ T6578] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 133.241351][ T6578] RIP: 0023:0xf7fbf579 [ 133.242832][ T6578] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 133.248995][ T6578] RSP: 002b:00000000f574656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 133.251773][ T6578] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000440 [ 133.254308][ T6578] RDX: 0000000000000070 RSI: 0000000000000000 RDI: 0000000000000000 [ 133.256645][ T6578] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 133.258716][ T6578] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 133.261499][ T6578] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 133.264326][ T6578] [ 133.298648][ T6582] capability: warning: `syz.2.289' uses 32-bit capabilities (legacy support in use) [ 133.579724][ T30] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 133.709723][ T30] usb 7-1: device descriptor read/64, error -71 [ 133.968642][ T6595] input: syz1 as /devices/virtual/input/input15 [ 133.969700][ T30] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 134.081204][ T6599] devtmpfs: Unknown parameter 'source2' [ 134.109797][ T30] usb 7-1: device descriptor read/64, error -71 [ 134.220182][ T30] usb usb7-port1: attempt power cycle [ 134.394505][ T1420] usb 8-1: USB disconnect, device number 13 [ 134.579727][ T30] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 134.600120][ T30] usb 7-1: device descriptor read/8, error -71 [ 134.853635][ T6605] macvlan2: entered allmulticast mode [ 134.869753][ T30] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 134.890156][ T30] usb 7-1: device descriptor read/8, error -71 [ 134.903641][ T6605] netlink: 14 bytes leftover after parsing attributes in process `syz.3.297'. [ 134.906262][ T6605] bond0: entered promiscuous mode [ 134.907651][ T6605] bond_slave_0: entered promiscuous mode [ 134.909226][ T6605] bond_slave_1: entered promiscuous mode [ 134.999818][ T30] usb usb7-port1: unable to enumerate USB device [ 135.216184][ T6614] FAULT_INJECTION: forcing a failure. [ 135.216184][ T6614] name failslab, interval 1, probability 0, space 0, times 0 [ 135.222200][ T6614] CPU: 1 UID: 0 PID: 6614 Comm: syz.0.300 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 135.225115][ T6614] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 135.228162][ T6614] Call Trace: [ 135.229059][ T6614] [ 135.229857][ T6614] dump_stack_lvl+0x16c/0x1f0 [ 135.231151][ T6614] should_fail_ex+0x497/0x5b0 [ 135.232489][ T6614] ? fs_reclaim_acquire+0xae/0x160 [ 135.233945][ T6614] should_failslab+0xc2/0x120 [ 135.235279][ T6614] __kmalloc_noprof+0xcb/0x410 [ 135.236627][ T6614] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 135.238136][ T6614] tomoyo_realpath_from_path+0xbf/0x710 [ 135.239637][ T6614] tomoyo_check_open_permission+0x2a7/0x3b0 [ 135.241416][ T6614] ? __lock_acquire+0x163e/0x3ce0 [ 135.242975][ T6614] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 135.245106][ T6614] ? __pfx___lock_acquire+0x10/0x10 [ 135.246722][ T6614] ? __pfx_hook_file_open+0x10/0x10 [ 135.248101][ T6614] ? path_get+0x61/0x80 [ 135.249213][ T6614] tomoyo_file_open+0xcf/0x100 [ 135.250487][ T6614] security_file_open+0x64c/0x9d0 [ 135.251856][ T6614] do_dentry_open+0x57c/0x1530 [ 135.253516][ T6614] ? inode_permission+0xdd/0x5f0 [ 135.255262][ T6614] vfs_open+0x82/0x3f0 [ 135.256704][ T6614] ? may_open+0x1f2/0x400 [ 135.258070][ T6614] path_openat+0x1e6a/0x2d60 [ 135.259439][ T6614] ? __pfx_path_openat+0x10/0x10 [ 135.260954][ T6614] ? __pfx___lock_acquire+0x10/0x10 [ 135.262457][ T6614] do_filp_open+0x1dc/0x430 [ 135.263685][ T6614] ? __pfx_do_filp_open+0x10/0x10 [ 135.265012][ T6614] ? find_held_lock+0x2d/0x110 [ 135.266310][ T6614] ? _raw_spin_unlock+0x28/0x50 [ 135.268031][ T6614] ? alloc_fd+0x2d7/0x6c0 [ 135.269552][ T6614] do_sys_openat2+0x17a/0x1e0 [ 135.271241][ T6614] ? __pfx_do_sys_openat2+0x10/0x10 [ 135.273145][ T6614] ? __fget_files+0x244/0x3f0 [ 135.274896][ T6614] __ia32_compat_sys_openat+0x16e/0x210 [ 135.276532][ T6614] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 135.278198][ T6614] ? ksys_write+0x1ad/0x260 [ 135.279474][ T6614] __do_fast_syscall_32+0x73/0x120 [ 135.280835][ T6614] do_fast_syscall_32+0x32/0x80 [ 135.282148][ T6614] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 135.284110][ T6614] RIP: 0023:0xf7f14579 [ 135.285530][ T6614] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 135.291726][ T6614] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 135.294380][ T6614] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000280 [ 135.297006][ T6614] RDX: 0000000000000804 RSI: 0000000000000000 RDI: 0000000000000000 [ 135.299354][ T6614] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 135.301903][ T6614] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 135.304285][ T6614] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 135.307117][ T6614] [ 135.314472][ T6614] ERROR: Out of memory at tomoyo_realpath_from_path. [ 135.961332][ T6625] input: syz1 as /devices/virtual/input/input16 [ 136.027169][ T5351] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 136.364494][ T6637] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 136.366326][ T6637] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 136.369427][ T6637] vhci_hcd vhci_hcd.0: Device attached [ 136.379728][ T6638] vhci_hcd: connection closed [ 136.382090][ T66] vhci_hcd: stop threads [ 136.384985][ T66] vhci_hcd: release socket [ 136.386458][ T66] vhci_hcd: disconnect device [ 136.770037][ T35] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 136.902214][ T6645] netlink: 8 bytes leftover after parsing attributes in process `syz.0.308'. [ 136.929781][ T35] usb 6-1: Using ep0 maxpacket: 32 [ 136.932769][ T35] usb 6-1: descriptor type invalid, skip [ 136.936390][ T35] usb 6-1: config 1 interface 0 altsetting 252 bulk endpoint 0x1 has invalid maxpacket 16 [ 136.939082][ T35] usb 6-1: config 1 interface 0 has no altsetting 0 [ 136.948662][ T35] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 136.953460][ T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.955606][ T35] usb 6-1: Product: syz [ 136.956770][ T35] usb 6-1: Manufacturer: syz [ 136.958273][ T35] usb 6-1: SerialNumber: syz [ 136.965843][ T6643] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 137.289985][ T64] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 138.161213][ T35] usb 6-1: USB disconnect, device number 11 [ 138.777570][ T6664] ipvlan1: entered promiscuous mode [ 139.661403][ T6685] input: syz1 as /devices/virtual/input/input17 [ 140.487415][ T5351] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 140.619868][ T1420] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 140.654533][ T6698] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 140.657207][ T6698] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 140.659725][ T6698] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 140.779748][ T1420] usb 7-1: Using ep0 maxpacket: 8 [ 140.784251][ T1420] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 140.786616][ T1420] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 140.789203][ T1420] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 140.791904][ T1420] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 140.794429][ T1420] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 140.797847][ T1420] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 140.800717][ T1420] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.014558][ T1420] usb 7-1: usb_control_msg returned -32 [ 141.021533][ T1420] usbtmc 7-1:16.0: can't read capabilities [ 141.021641][ T5351] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 141.026959][ T5351] Bluetooth: hci4: Injecting HCI hardware error event [ 141.031066][ T5351] Bluetooth: hci4: hardware error 0x00 [ 141.072397][ T6702] netlink: 32 bytes leftover after parsing attributes in process `syz.0.320'. [ 141.079180][ T6658] IPVS: starting estimator thread 0... [ 141.175676][ T6703] IPVS: using max 35 ests per chain, 84000 per kthread [ 142.395701][ T1420] usb 7-1: USB disconnect, device number 12 [ 142.448962][ T6715] random: crng reseeded on system resumption [ 142.460446][ T6715] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 142.467178][ T6715] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 142.577177][ T6720] ipvlan1: entered promiscuous mode [ 142.920155][ T1420] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 143.079739][ T1420] usb 5-1: Using ep0 maxpacket: 8 [ 143.082787][ T1420] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 143.085021][ T1420] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 143.088005][ T1420] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 143.105789][ T1420] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 143.108500][ T1420] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 143.112814][ T5351] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 143.115394][ T1420] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 143.119088][ T1420] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.158030][ T6727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.174853][ T6727] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.332443][ T6731] netlink: 184 bytes leftover after parsing attributes in process `syz.3.329'. [ 143.336495][ T1420] usb 5-1: usb_control_msg returned -32 [ 143.337987][ T1420] usbtmc 5-1:16.0: can't read capabilities [ 143.389782][ T25] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 143.563777][ T25] usb 7-1: config 0 has no interfaces? [ 143.565273][ T25] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 143.567634][ T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.580621][ T25] usb 7-1: config 0 descriptor?? [ 143.655115][ T6736] kvm: kvm [6734]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x21 [ 143.854984][ T1420] usb 7-1: USB disconnect, device number 13 [ 144.469751][ T1420] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 144.631206][ T1420] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 144.633530][ T1420] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 144.636308][ T1420] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 144.638786][ T1420] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 144.644666][ T1420] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 144.653230][ T1420] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 144.655626][ T1420] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 144.658511][ T1420] usb 8-1: Product: syz [ 144.659840][ T1420] usb 8-1: Manufacturer: syz [ 144.672963][ T1420] cdc_wdm 8-1:1.0: skipping garbage [ 144.674468][ T1420] cdc_wdm 8-1:1.0: skipping garbage [ 144.677038][ T1420] cdc_wdm 8-1:1.0: cdc-wdm1: USB WDM device [ 144.678735][ T1420] cdc_wdm 8-1:1.0: Unknown control protocol [ 144.760532][ T6756] netlink: 'syz.1.335': attribute type 10 has an invalid length. [ 144.763419][ T6756] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.765470][ T6756] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.767301][ T6756] FAULT_INJECTION: forcing a failure. [ 144.767301][ T6756] name failslab, interval 1, probability 0, space 0, times 0 [ 144.770623][ T6756] CPU: 1 UID: 0 PID: 6756 Comm: syz.1.335 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 144.773366][ T6756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 144.776159][ T6756] Call Trace: [ 144.777042][ T6756] [ 144.777822][ T6756] dump_stack_lvl+0x16c/0x1f0 [ 144.779092][ T6756] should_fail_ex+0x497/0x5b0 [ 144.780344][ T6756] should_failslab+0xc2/0x120 [ 144.781599][ T6756] kmem_cache_alloc_node_noprof+0x71/0x310 [ 144.783136][ T6756] ? __alloc_skb+0x2b3/0x380 [ 144.784370][ T6756] __alloc_skb+0x2b3/0x380 [ 144.785516][ T6756] ? __pfx___alloc_skb+0x10/0x10 [ 144.787088][ T6756] ? __pfx_br_set_state+0x10/0x10 [ 144.788416][ T6756] br_info_notify+0x10f/0x2e0 [ 144.789650][ T6756] br_stp_disable_port+0xca/0x1d0 [ 144.790984][ T6756] br_stp_disable_bridge+0xca/0x180 [ 144.792598][ T6756] ? __pfx_br_dev_stop+0x10/0x10 [ 144.794254][ T6756] br_dev_stop+0x26/0x140 [ 144.795730][ T6756] __dev_close_many+0x1c5/0x310 [ 144.797319][ T6756] ? __pfx___dev_close_many+0x10/0x10 [ 144.799011][ T6756] ? mark_held_locks+0x9f/0xe0 [ 144.800636][ T6756] ? __local_bh_enable_ip+0xa4/0x120 [ 144.802418][ T6756] __dev_change_flags+0x4dc/0x720 [ 144.804133][ T6756] ? __pfx___dev_change_flags+0x10/0x10 [ 144.805995][ T6756] ? tick_nohz_tick_stopped+0x6c/0xa0 [ 144.807777][ T6756] ? __irq_work_queue_local+0x136/0x440 [ 144.809244][ T6756] dev_change_flags+0x8f/0x160 [ 144.810871][ T6756] do_setlink+0x19dd/0x3ee0 [ 144.812408][ T6756] ? __pfx_lock_release+0x10/0x10 [ 144.814111][ T6756] ? __pfx_do_setlink+0x10/0x10 [ 144.815761][ T6756] ? vprintk+0x86/0xa0 [ 144.817160][ T6756] ? _printk+0xc8/0x100 [ 144.818594][ T6756] ? __pfx__printk+0x10/0x10 [ 144.820163][ T6756] ? ___ratelimit+0x24c/0x570 [ 144.821753][ T6756] ? is_bpf_text_address+0x94/0x1a0 [ 144.823521][ T6756] ? __pfx____ratelimit+0x10/0x10 [ 144.825222][ T6756] ? __kernel_text_address+0xd/0x40 [ 144.826995][ T6756] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 144.828989][ T6756] ? __nla_validate_parse+0x605/0x2b10 [ 144.830839][ T6756] ? __pfx___nla_validate_parse+0x10/0x10 [ 144.832758][ T6756] ? stack_trace_save+0x95/0xd0 [ 144.834398][ T6756] ? __pfx_stack_trace_save+0x10/0x10 [ 144.836224][ T6756] ? stack_depot_save_flags+0x28/0x900 [ 144.838052][ T6756] ? __nla_parse+0x40/0x60 [ 144.839628][ T6756] __rtnl_newlink+0xc3a/0x1920 [ 144.841254][ T6756] ? __pfx___rtnl_newlink+0x10/0x10 [ 144.843031][ T6756] rtnl_newlink+0x67/0xa0 [ 144.844483][ T6756] ? __pfx_rtnl_newlink+0x10/0x10 [ 144.846180][ T6756] rtnetlink_rcv_msg+0x3c7/0xea0 [ 144.847867][ T6756] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 144.849699][ T6756] ? __pfx___lock_acquire+0x10/0x10 [ 144.851475][ T6756] netlink_rcv_skb+0x165/0x410 [ 144.853092][ T6756] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 144.854934][ T6756] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 144.856728][ T6756] ? rcu_is_watching+0x12/0xc0 [ 144.858095][ T6756] netlink_unicast+0x53c/0x7f0 [ 144.859732][ T6756] ? __pfx_netlink_unicast+0x10/0x10 [ 144.861500][ T6756] ? __phys_addr_symbol+0x30/0x80 [ 144.863204][ T6756] ? __check_object_size+0x488/0x710 [ 144.864976][ T6756] netlink_sendmsg+0x8b8/0xd70 [ 144.866615][ T6756] ? __pfx_netlink_sendmsg+0x10/0x10 [ 144.868384][ T6756] ? lock_acquire+0x2f/0xb0 [ 144.869937][ T6756] ____sys_sendmsg+0x9ae/0xb40 [ 144.871566][ T6756] ? __pfx_____sys_sendmsg+0x10/0x10 [ 144.873339][ T6756] ? get_compat_msghdr+0x11b/0x170 [ 144.875073][ T6756] ? do_swap_page+0x567/0x59b0 [ 144.876704][ T6756] ? __pfx___lock_acquire+0x10/0x10 [ 144.878470][ T6756] ___sys_sendmsg+0x135/0x1e0 [ 144.880099][ T6756] ? __pfx____sys_sendmsg+0x10/0x10 [ 144.881862][ T6756] ? lock_acquire+0x2f/0xb0 [ 144.882167][ T5408] usb 8-1: USB disconnect, device number 14 [ 144.883404][ T6756] ? __fget_files+0x40/0x3f0 [ 144.886629][ T6756] ? fdget+0x176/0x210 [ 144.888029][ T6756] __sys_sendmsg+0x117/0x1f0 [ 144.889332][ T6756] ? __pfx___sys_sendmsg+0x10/0x10 [ 144.890726][ T6756] __do_fast_syscall_32+0x73/0x120 [ 144.892082][ T6756] do_fast_syscall_32+0x32/0x80 [ 144.893373][ T6756] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 144.895049][ T6756] RIP: 0023:0xf7fa5579 [ 144.896138][ T6756] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 144.901280][ T6756] RSP: 002b:00000000f570556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 144.903470][ T6756] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000040 [ 144.905536][ T6756] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 144.907608][ T6756] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 144.909668][ T6756] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 144.911745][ T6756] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 144.913806][ T6756] [ 144.934410][ T6756] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.936961][ T6756] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.939234][ T6756] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.941407][ T6756] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.946196][ T6756] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 145.169838][ T5351] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 145.172200][ T5351] Bluetooth: hci0: Injecting HCI hardware error event [ 145.175194][ T64] Bluetooth: hci0: hardware error 0x00 [ 145.224891][ T6759] program syz.1.336 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 145.491906][ T829] usb 5-1: USB disconnect, device number 8 [ 147.249764][ T64] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 147.298853][ T64] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 147.355242][ T6777] ipvlan1: entered promiscuous mode [ 147.549739][ T57] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 147.569866][ T5351] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 147.572834][ T5351] Bluetooth: hci3: Injecting HCI hardware error event [ 147.575160][ T5351] Bluetooth: hci3: hardware error 0x00 [ 147.699694][ T57] usb 7-1: Using ep0 maxpacket: 32 [ 147.703166][ T57] usb 7-1: descriptor type invalid, skip [ 147.706244][ T57] usb 7-1: config 1 interface 0 altsetting 252 bulk endpoint 0x1 has invalid maxpacket 16 [ 147.708989][ T57] usb 7-1: config 1 interface 0 has no altsetting 0 [ 147.714161][ T57] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 147.716590][ T57] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.718755][ T57] usb 7-1: Product: syz [ 147.721667][ T57] usb 7-1: Manufacturer: syz [ 147.723022][ T57] usb 7-1: SerialNumber: syz [ 147.736453][ T6778] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 148.218627][ T6791] netlink: 8 bytes leftover after parsing attributes in process `syz.3.345'. [ 148.423992][ T6793] syz.0.355: attempt to access beyond end of device [ 148.423992][ T6793] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 149.295564][ T39] audit: type=1326 audit(1727895478.106:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6811 comm="syz.3.348" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f68579 code=0x0 [ 149.304063][ T57] usb 7-1: USB disconnect, device number 14 [ 149.344483][ T39] audit: type=1326 audit(1727895478.156:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6811 comm="syz.3.348" exe="/syz-executor" sig=31 arch=40000003 syscall=436 compat=1 ip=0xf7f68579 code=0x0 [ 149.659865][ T5351] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 149.957229][ T35] hid (null): unknown global tag 0xd [ 149.958805][ T35] hid (null): bogus close delimiter [ 149.962741][ T35] hid-generic 0003:0002:0005.0002: unknown global tag 0xd [ 149.964694][ T35] hid-generic 0003:0002:0005.0002: item 0 1 1 13 parsing failed [ 149.967243][ T35] hid-generic 0003:0002:0005.0002: probe with driver hid-generic failed with error -22 [ 149.979927][ T1991] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 150.091616][ T6825] dccp_close: ABORT with 65475 bytes unread [ 150.115196][ T6819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xf7f55 pfn:0x7179a [ 150.117891][ T6819] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 150.122405][ T6819] raw: 04fff00000000000 ffffea0001c5e508 ffffea0001b2fe48 0000000000000000 [ 150.124847][ T6819] raw: 00000000000f7f55 0000000000000000 00000000ffffffff 0000000000000000 [ 150.127087][ T6819] page dumped because: VM_BUG_ON_FOLIO(((unsigned int) folio_ref_count(folio) + 127u <= 127u)) [ 150.134284][ T6819] page_owner tracks the page as allocated [ 150.136257][ T6819] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 6831, tgid 6831 (syz.1.356), ts 150124953348, free_ts 150113603165 [ 150.142351][ T1991] usb 5-1: Using ep0 maxpacket: 8 [ 150.147419][ T1991] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 150.149544][ T1991] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 150.157864][ T1991] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 150.159721][ T6819] post_alloc_hook+0x2d1/0x350 [ 150.164378][ T6819] get_page_from_freelist+0x101e/0x3070 [ 150.164428][ T1991] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 150.165912][ T6819] __alloc_pages_noprof+0x223/0x25c0 [ 150.168481][ T1991] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 150.172114][ T6819] alloc_pages_mpol_noprof+0x2c9/0x610 [ 150.173345][ T1991] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 150.175829][ T6819] folio_alloc_mpol_noprof+0x36/0xd0 [ 150.177030][ T1991] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.178448][ T6819] vma_alloc_folio_noprof+0xee/0x1b0 [ 150.181404][ T6833] netlink: 'syz.2.354': attribute type 1 has an invalid length. [ 150.181936][ T6819] do_wp_page+0x10d1/0x4930 [ 150.185221][ T6819] __handle_mm_fault+0x1a93/0x2a10 [ 150.186603][ T6819] handle_mm_fault+0x3fa/0xaa0 [ 150.188852][ T6819] do_user_addr_fault+0x60d/0x13f0 [ 150.201870][ T6819] exc_page_fault+0x5c/0xc0 [ 150.203153][ T6819] asm_exc_page_fault+0x26/0x30 [ 150.204444][ T6819] page last free pid 6831 tgid 6831 stack trace: [ 150.206100][ T6819] free_unref_folios+0x956/0x1310 [ 150.212775][ T6819] folios_put_refs+0x551/0x750 [ 150.214159][ T6819] free_pages_and_swap_cache+0x36d/0x510 [ 150.215680][ T6819] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 150.224666][ T6819] tlb_finish_mmu+0x168/0x7b0 [ 150.225961][ T6819] exit_mmap+0x3df/0xb30 [ 150.227087][ T6819] __mmput+0x12a/0x480 [ 150.228165][ T6819] mmput+0x62/0x70 [ 150.229153][ T6819] do_exit+0x9bf/0x2d70 [ 150.231039][ T6819] do_group_exit+0xd3/0x2a0 [ 150.232326][ T6819] __ia32_sys_exit_group+0x3e/0x50 [ 150.233717][ T6819] ia32_sys_call+0x13f8/0x1bb0 [ 150.239294][ T6819] __do_fast_syscall_32+0x73/0x120 [ 150.241010][ T6819] do_fast_syscall_32+0x32/0x80 [ 150.242360][ T6819] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 150.244502][ T6819] ------------[ cut here ]------------ [ 150.245922][ T6819] kernel BUG at include/linux/mm.h:1444! [ 150.247383][ T6819] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 150.249314][ T6819] CPU: 1 UID: 0 PID: 6819 Comm: syz.3.349 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 150.253745][ T6819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 150.256521][ T6819] RIP: 0010:__iov_iter_get_pages_alloc+0x1d10/0x2230 [ 150.258265][ T6819] Code: b0 8b 48 89 df e8 f0 23 4b fd 90 0f 0b 49 89 c5 e9 99 f6 ff ff e8 40 75 05 fd 48 c7 c6 a0 c6 b0 8b 4c 89 e7 e8 d1 23 4b fd 90 <0f> 0b e8 29 75 05 fd 4c 8b 64 24 48 49 83 ec 01 e9 94 fd ff ff 4c [ 150.263344][ T6819] RSP: 0018:ffffc9000311ec70 EFLAGS: 00010293 [ 150.264922][ T6819] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 150.266969][ T6819] RDX: ffff888024d90000 RSI: ffffffff84873a3f RDI: ffff888024d90444 [ 150.269011][ T6819] RBP: ffffea0001c5e6b4 R08: 0000000000000001 R09: fffffbfff2d315c0 [ 150.271054][ T6819] R10: ffffffff9698ae07 R11: ffffffff815f4a4e R12: ffffea0001c5e680 [ 150.273153][ T6819] R13: ffff88805fb78c00 R14: 0000000000001000 R15: 0000000000001000 [ 150.275216][ T6819] FS: 0000000000000000(0000) GS:ffff88802b500000(0000) knlGS:0000000000000000 [ 150.277516][ T6819] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 150.279247][ T6819] CR2: 0000000031b02ff8 CR3: 000000006e6ea000 CR4: 0000000000352ef0 [ 150.281311][ T6819] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 150.283406][ T6819] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 150.285433][ T6819] Call Trace: [ 150.286303][ T6819] [ 150.287091][ T6819] ? die+0x31/0x80 [ 150.288072][ T6819] ? do_trap+0x232/0x430 [ 150.289180][ T6819] ? __iov_iter_get_pages_alloc+0x1d10/0x2230 [ 150.290865][ T6819] ? __iov_iter_get_pages_alloc+0x1d10/0x2230 [ 150.292441][ T6819] ? do_error_trap+0xf4/0x230 [ 150.293677][ T6819] ? __iov_iter_get_pages_alloc+0x1d10/0x2230 [ 150.295276][ T6819] ? handle_invalid_op+0x34/0x40 [ 150.296578][ T6819] ? __iov_iter_get_pages_alloc+0x1d10/0x2230 [ 150.298170][ T6819] ? exc_invalid_op+0x2e/0x50 [ 150.299416][ T6819] ? asm_exc_invalid_op+0x1a/0x20 [ 150.300738][ T6819] ? select_task_rq_fair+0x36e/0x44e0 [ 150.302235][ T6819] ? __iov_iter_get_pages_alloc+0x1d0f/0x2230 [ 150.303845][ T6819] ? __iov_iter_get_pages_alloc+0x1d10/0x2230 [ 150.305445][ T6819] ? __pfx___iov_iter_get_pages_alloc+0x10/0x10 [ 150.307092][ T6819] ? delete_node+0x207/0x8e0 [ 150.308315][ T6819] iov_iter_get_pages_alloc2+0x53/0xf0 [ 150.309718][ T6819] p9_get_mapped_pages.part.0.constprop.0+0x4ca/0x7d0 [ 150.311481][ T6819] ? p9pdu_vwritef+0x368/0x21d0 [ 150.312751][ T6819] ? __pfx_p9_get_mapped_pages.part.0.constprop.0+0x10/0x10 [ 150.314646][ T6819] ? __pfx_p9pdu_vwritef+0x10/0x10 [ 150.315979][ T6819] ? __pfx_p9pdu_vwritef+0x10/0x10 [ 150.317317][ T6819] ? p9_tag_alloc+0x4cc/0x870 [ 150.318563][ T6819] ? reacquire_held_locks+0x466/0x4c0 [ 150.319959][ T6819] p9_virtio_zc_request+0x1ac/0x1460 [ 150.321340][ T6819] ? p9pdu_writef+0xc4/0x100 [ 150.322551][ T6819] ? __pfx_p9pdu_writef+0x10/0x10 [ 150.323866][ T6819] ? __pfx_p9pdu_vwritef+0x10/0x10 [ 150.325190][ T6819] ? __pfx_p9_virtio_zc_request+0x10/0x10 [ 150.326672][ T6819] ? rcu_is_watching+0x12/0xc0 [ 150.327916][ T6819] ? trace_9p_protocol_dump+0x192/0x220 [ 150.329353][ T6819] ? rcu_is_watching+0x12/0xc0 [ 150.330608][ T6819] ? p9_client_prepare_req+0x111/0x4d0 [ 150.332020][ T6819] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 150.333529][ T6819] ? hlock_class+0x4e/0x130 [ 150.334725][ T6819] p9_client_zc_rpc.constprop.0+0x29a/0x880 [ 150.336251][ T6819] ? __pfx_p9_client_zc_rpc.constprop.0+0x10/0x10 [ 150.337917][ T6819] ? hlock_class+0x4e/0x130 [ 150.339119][ T6819] ? mark_lock+0xb5/0xc60 [ 150.340251][ T6819] ? __pfx_mark_lock+0x10/0x10 [ 150.341496][ T6819] ? __pfx_p9_virtio_zc_request+0x10/0x10 [ 150.342998][ T6819] p9_client_write+0x447/0x680 [ 150.344268][ T6819] ? __pfx_p9_client_write+0x10/0x10 [ 150.345637][ T6819] ? mark_held_locks+0x9f/0xe0 [ 150.346882][ T6819] v9fs_issue_write+0xe2/0x180 [ 150.348122][ T6819] ? __pfx_v9fs_issue_write+0x10/0x10 [ 150.349503][ T6819] ? rcu_is_watching+0x12/0xc0 [ 150.350744][ T6819] ? trace_netfs_sreq+0x193/0x220 [ 150.352039][ T6819] netfs_do_issue_write+0x92/0x110 [ 150.353360][ T6819] netfs_advance_write+0x164/0xc80 [ 150.354686][ T6819] ? netfs_buffer_append_folio+0x276/0x360 [ 150.356190][ T6819] netfs_write_folio+0xc19/0x1930 [ 150.357500][ T6819] netfs_writepages+0x2ba/0xb90 [ 150.358784][ T6819] ? __pfx_netfs_writepages+0x10/0x10 [ 150.360175][ T6819] ? __pfx___lock_acquire+0x10/0x10 [ 150.361525][ T6819] ? __pfx_netfs_writepages+0x10/0x10 [ 150.362969][ T6819] do_writepages+0x1a3/0x7f0 [ 150.364167][ T6819] ? __pfx_do_writepages+0x10/0x10 [ 150.365460][ T6819] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 150.366930][ T6819] ? do_raw_spin_lock+0x12d/0x2c0 [ 150.368234][ T6819] ? do_raw_spin_unlock+0x172/0x230 [ 150.369564][ T6819] ? _raw_spin_unlock+0x28/0x50 [ 150.370778][ T6819] ? wbc_attach_and_unlock_inode+0x597/0x940 [ 150.372308][ T6819] filemap_fdatawrite_wbc+0x148/0x1c0 [ 150.373696][ T6819] ? hlock_class+0x4e/0x130 [ 150.374884][ T6819] v9fs_mmap_vm_close+0x1ff/0x250 [ 150.376201][ T6819] ? __pfx_v9fs_mmap_vm_close+0x10/0x10 [ 150.377510][ T6819] ? __pfx___might_resched+0x10/0x10 [ 150.378829][ T6819] ? __pfx_v9fs_mmap_vm_close+0x10/0x10 [ 150.380256][ T6819] remove_vma+0xa8/0x1a0 [ 150.381365][ T6819] exit_mmap+0x4e0/0xb30 [ 150.382474][ T6819] ? __pfx_exit_mmap+0x10/0x10 [ 150.383714][ T6819] ? __mutex_lock+0x1a6/0x9c0 [ 150.384940][ T6819] __mmput+0x12a/0x480 [ 150.386004][ T6819] mmput+0x62/0x70 [ 150.386987][ T6819] do_exit+0x9bf/0x2d70 [ 150.388071][ T6819] ? get_signal+0x8fb/0x26d0 [ 150.389273][ T6819] ? __pfx_do_exit+0x10/0x10 [ 150.390480][ T6819] ? do_raw_spin_lock+0x12d/0x2c0 [ 150.391776][ T6819] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 150.393159][ T6819] do_group_exit+0xd3/0x2a0 [ 150.394347][ T6819] get_signal+0x2658/0x26d0 [ 150.395536][ T6819] ? __pfx_get_signal+0x10/0x10 [ 150.396793][ T6819] ? __pfx_do_futex+0x10/0x10 [ 150.398011][ T6819] arch_do_signal_or_restart+0x90/0x7e0 [ 150.399466][ T6819] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 150.401048][ T6819] syscall_exit_to_user_mode+0x150/0x2a0 [ 150.402494][ T6819] __do_fast_syscall_32+0x80/0x120 [ 150.403826][ T6819] do_fast_syscall_32+0x32/0x80 [ 150.405111][ T6819] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 150.406756][ T6819] RIP: 0023:0xf7f68579 [ 150.407814][ T6819] Code: Unable to access opcode bytes at 0xf7f6854f. [ 150.409525][ T6819] RSP: 002b:00000000f56e660c EFLAGS: 00000296 ORIG_RAX: 00000000000000f0 [ 150.411679][ T6819] RAX: fffffffffffffe00 RBX: 00000000f7424f88 RCX: 0000000000000080 [ 150.413711][ T6819] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000f7424f8c [ 150.415746][ T6819] RBP: 0000000000000081 R08: 0000000000000000 R09: 0000000000000000 [ 150.417770][ T6819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 150.419808][ T6819] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 150.421835][ T6819] [ 150.422684][ T6819] Modules linked in: [ 150.424104][ T6819] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 150.462018][ T6819] RIP: 0010:__iov_iter_get_pages_alloc+0x1d10/0x2230 [ 150.463974][ T6819] Code: b0 8b 48 89 df e8 f0 23 4b fd 90 0f 0b 49 89 c5 e9 99 f6 ff ff e8 40 75 05 fd 48 c7 c6 a0 c6 b0 8b 4c 89 e7 e8 d1 23 4b fd 90 <0f> 0b e8 29 75 05 fd 4c 8b 64 24 48 49 83 ec 01 e9 94 fd ff ff 4c [ 150.468988][ T6819] RSP: 0018:ffffc9000311ec70 EFLAGS: 00010293 [ 150.470949][ T6819] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 150.473075][ T6819] RDX: ffff888024d90000 RSI: ffffffff84873a3f RDI: ffff888024d90444 [ 150.475228][ T6819] RBP: ffffea0001c5e6b4 R08: 0000000000000001 R09: fffffbfff2d315c0 [ 150.480167][ T6819] R10: ffffffff9698ae07 R11: ffffffff815f4a4e R12: ffffea0001c5e680 [ 150.482443][ T6819] R13: ffff88805fb78c00 R14: 0000000000001000 R15: 0000000000001000 [ 150.484628][ T6819] FS: 0000000000000000(0000) GS:ffff88802b500000(0000) knlGS:0000000000000000 [ 150.487119][ T6819] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 150.488950][ T6819] CR2: 0000000056c354ac CR3: 000000006e6ea000 CR4: 0000000000352ef0 [ 150.510942][ T6819] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 150.513083][ T6819] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 150.515189][ T6819] Kernel panic - not syncing: Fatal exception [ 150.517206][ T6819] Kernel Offset: disabled [ 150.518352][ T6819] Rebooting in 86400 seconds.. VM DIAGNOSIS: 18:57:59 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffffc900034c7538 RCX=ffffffff848ee9c9 RDX=ffff888024f70000 RSI=ffffffff848ee9d7 RDI=0000000000000005 RBP=0000000000000004 RSP=ffffc900034c7320 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=00000000000a2012 R12=0000000000000000 R13=0000000000000800 R14=ffff888066e0ef64 R15=ffff888066e0e000 RIP=ffffffff818cafd6 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fd90f6f0d00 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000557bce7df000 CR3=000000004a88a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=707fb16b707fb16b 707fb16b707fb16b 707fb16b707fb16b 707fb16b707fb16b 707fb16b707fb16b 707fb16b707fb16b 707fb16b707fb16b 707fb16b707fb16b ZMM22=6aab31d16aab31d1 6aab31d16aab31d1 6aab31d16aab31d1 6aab31d16aab31d1 6aab31d16aab31d1 6aab31d16aab31d1 6aab31d16aab31d1 6aab31d16aab31d1 ZMM23=a5c06beba5c06beb a5c06beba5c06beb a5c06beba5c06beb a5c06beba5c06beb a5c06beba5c06beb a5c06beba5c06beb a5c06beba5c06beb a5c06beba5c06beb ZMM24=3209ce253209ce25 3209ce253209ce25 3209ce253209ce25 3209ce253209ce25 3209ce253209ce25 3209ce253209ce25 3209ce253209ce25 3209ce253209ce25 ZMM25=0b0548900b054890 0b0548900b054890 0b0548900b054890 0b0548900b054890 0b0548900b054890 0b0548900b054890 0b0548900b054890 0b0548900b054890 ZMM26=ae6d7d85ae6d7d85 ae6d7d85ae6d7d85 ae6d7d85ae6d7d85 ae6d7d85ae6d7d85 ae6d7d85ae6d7d85 ae6d7d85ae6d7d85 ae6d7d85ae6d7d85 ae6d7d85ae6d7d85 ZMM27=03a83b5b03a83b5b 03a83b5b03a83b5b 03a83b5b03a83b5b 03a83b5b03a83b5b 03a83b5b03a83b5b 03a83b5b03a83b5b 03a83b5b03a83b5b 03a83b5b03a83b5b ZMM28=000001500000014f 0000014e0000014d 0000014c0000014b 0000014a00000149 0000014800000147 0000014600000145 0000014400000143 0000014200000141 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=d7070000d7070000 d7070000d7070000 d7070000d7070000 d7070000d7070000 d7070000d7070000 d7070000d7070000 d7070000d7070000 d7070000d7070000 info registers vcpu 1 CPU#1 RAX=0000000000000049 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85035a15 RDI=ffffffff9a63a260 RBP=ffffffff9a63a220 RSP=ffffc9000311e590 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552031203a555043 R12=0000000000000000 R13=0000000000000049 R14=ffffffff850359b0 R15=0000000000000000 RIP=ffffffff85035a3f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000031b02ff8 CR3=000000006e6ea000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000008000008fd RBX=ffff888021a2a440 RCX=0000000000000830 RDX=0000000000000008 RSI=00000000000000fd RDI=0000000000000008 RBP=0000000000000003 RSP=ffffc90002f07880 R8 =0000000000000000 R9 =fffffbfff20398c1 R10=ffffffff901cc60f R11=ffff88802b728a40 R12=1ffff920005e0f11 R13=ffffc90002f078a8 R14=ffffffff8d809c18 R15=ffffffff901cf8f8 RIP=ffffffff813ba068 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3c8dc0 CR3=000000006e664000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000007c00000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000002 RBX=dffffc0000000000 RCX=ffffffff8949a720 RDX=ffff888021a2a440 RSI=0000000000800000 RDI=0000000000000004 RBP=00000000ffffffa1 RSP=ffffc900034971c8 R8 =0000000000000004 R9 =0000000000800000 R10=00000000002cc6fb R11=0000000000000000 R12=0000000000000000 R13=dead000000000122 R14=00000000002cc6fb R15=0000000000800000 RIP=ffffffff818caf70 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f57256f0 CR3=000000006e664000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000007c00000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000