last executing test programs: 6.928403559s ago: executing program 2 (id=2743): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) socket(0x0, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=']) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000}, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001439) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000380)={0x0, 0x0}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x14, 0x4, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x200}}, 0x14}}, 0x44005) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r4 = getpid() ptrace$PTRACE_SETSIGMASK(0x420b, r4, 0x8, &(0x7f0000000200)={[0x6]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r5 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r6 = open(0x0, 0x80200, 0x0) write$binfmt_elf64(r5, &(0x7f0000000100)=ANY=[], 0xfe3c) dup2(r6, r5) setxattr$security_ima(&(0x7f0000000180)='./bus\x00', &(0x7f0000000000), &(0x7f00000000c0)=@sha1={0x1, "0293390000000000001d00"}, 0x15, 0x0) finit_module(r1, 0x0, 0x0) read(0xffffffffffffffff, 0x0, 0x0) 6.563265571s ago: executing program 0 (id=2746): ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000005400)=[{{0x0, 0x8, &(0x7f0000000ac0)=[{&(0x7f0000000080)="3b464c3bcd2bd7d2b1a92eca79c286a06dffdfeb623ea9e40a2c95cd702350d944237596556c9479bf1521276d845eb45d2cd8e6500fc6ce9c3451c4c197909a89cc640607df2e7a07", 0x2ff80}, {&(0x7f0000000180)="fa302c5276f60e090ecdcd2ab8152552e0ec74a69db872f09ac999fb27496391dbf3d0bc94611c29a7ddbe0b2b272911544465bb22aa", 0x36}, {&(0x7f00000002c0)="87c3752dd3dafc", 0x1ed}], 0x3}}], 0x4000000000001ee, 0x0) 6.109409653s ago: executing program 0 (id=2747): r0 = syz_open_procfs(0x0, &(0x7f00000194c0)='net/ip_tables_matches\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000140)) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1004068, &(0x7f0000019600)=ANY=[]) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f0000019340), 0x0, 0x0) read$msr(r3, &(0x7f0000000300)=""/102400, 0x19000) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x141a42, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000019300)='/sys/block/loop0', 0x0, 0x120) symlinkat(&(0x7f0000000280)='./file2\x00', r4, &(0x7f0000000100)='./file2\x00') lsm_set_self_attr(0x65, &(0x7f0000000240)=ANY=[@ANYRESDEC=r4], 0x20, 0x0) r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000a40)={r5, r5, r5}, 0x0, 0x0, 0x0) keyctl$read(0xb, r5, &(0x7f0000019380)=""/214, 0xd6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0x5, &(0x7f00000001c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT=r2, @ANYRESOCT=r0, @ANYRES16], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x90) r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r6, 0xc0405602, &(0x7f0000000040)={0x25, 0xb, 0x1, "32581e08000000b06ccd730100"}) ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000180)=0x2) openat2$dir(0xffffff9c, &(0x7f0000019500)='./file0\x00', &(0x7f0000019540)={0x10000, 0xc0, 0x24}, 0x18) openat$ptmx(0xffffffffffffff9c, 0x0, 0x80100, 0x0) 5.856947937s ago: executing program 2 (id=2750): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) socket(0x0, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=']) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000}, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001439) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000380)={0x0, 0x0}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x14, 0x4, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x200}}, 0x14}}, 0x44005) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r4 = getpid() ptrace$PTRACE_SETSIGMASK(0x420b, r4, 0x8, &(0x7f0000000200)={[0x6]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r5 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r6 = open(&(0x7f0000000140)='./bus\x00', 0x80200, 0x0) write$binfmt_elf64(r5, &(0x7f0000000100)=ANY=[], 0xfe3c) dup2(r6, r5) setxattr$security_ima(0x0, &(0x7f0000000000), &(0x7f00000000c0)=@sha1={0x1, "0293390000000000001d00"}, 0x15, 0x0) finit_module(r1, 0x0, 0x0) read(0xffffffffffffffff, 0x0, 0x0) 4.993625051s ago: executing program 2 (id=2754): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197a"], &(0x7f0000000100)='GPL\x00'}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000006180)=""/152, 0x98}], 0x1, &(0x7f0000008640)=[{&(0x7f0000000340)=""/83, 0x53}], 0x1, 0x0) r1 = openat$ttyS3(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRESDEC=r1, @ANYRES8=r1], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x11}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000240)='tlb_flush\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000000104010200000180000000000000000008000540000000000500010001"], 0x24}}, 0x0) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r0, r0, 0x2e, 0x0, 0x0, @prog_fd}, 0x20) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, 0x0}, 0x8) r6 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r5, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x149000, 0x0) close(r8) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r10, 0x107, 0x12, &(0x7f0000000140), 0x4) r11 = syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001540)=ANY=[@ANYBLOB="387cfbffde101b078801f8ffffffffffff0000", @ANYRES16=r11, @ANYBLOB="01000000000000000000010000000000000001410000001c00170000001e000000006574683a73797a6b616c6c65723000"], 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r7, &(0x7f0000000d00)=[{&(0x7f0000000c00)}], 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000340)={r6, r2, 0x4, r0}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) 4.537634237s ago: executing program 0 (id=2756): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$CAPI_MANUFACTURER_CMD(0xffffffffffffffff, 0xc0084320, &(0x7f0000000000)={0x10000, &(0x7f0000000100)="112f6d374e4ea933ae41c1d44743a7a9bbc65677e7e88f49d96811ae9f41ecced643c357c685f84306b788e1549f38b8e124fa1b6aa2732e332364cb85d4cfa947a050fdc263987c88441a02d9648d9337b06e93d65a4c97dda4017bef6b5acc967ab6649d5612a9ddbb0d3a2aca83acf849d5bbf8ad3cf9"}) 4.27712643s ago: executing program 1 (id=2759): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000080)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) writev(r0, &(0x7f0000000880)=[{&(0x7f0000000340)="64e5fa06", 0x9b}, {0x0, 0x97}], 0x2) 4.215324849s ago: executing program 1 (id=2760): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x14, r1, 0x1}, 0x14}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="380000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000000200000000180012800e000100776972656775617264"], 0x38}}, 0x0) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff7f, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000038000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x0) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000240), 0x4) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r6, 0x1, 0x0, 0x0, {{}, {0x0, 0x410c}, {0x4c, 0x14, {0xfffffff0, @link='broadcast-link\x00'}}}}, 0x68}}, 0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x24, r6, 0x100, 0x70bd25, 0x25dfdbfb, {{}, {}, {0x8, 0x11, 0x3}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x24014010) r8 = socket$inet6_mptcp(0xa, 0x1, 0x106) r9 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000200)={0x0, 0x2, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001c00110c0000001400000f0007000000", @ANYRES32=r10, @ANYBLOB="800202000a000200577f0000aabb000020000e80050001008f000000050001000100000004000200050001"], 0x48}}, 0x0) r11 = openat$cdrom(0xffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$CDROMREADAUDIO(r11, 0x530e, &(0x7f0000000380)={@msf={0x0, 0x0, 0x2}, 0x1, 0x42, &(0x7f0000000400)=""/66}) sendto$inet6(r8, 0x0, 0x0, 0x20010004, 0x0, 0x0) connect$inet6(r8, &(0x7f0000000080)={0xa, 0xffff, 0xfffffffd, @ipv4={'\x00', '\xff\xff', @broadcast}, 0xfffffffc}, 0x1c) 4.2147514s ago: executing program 0 (id=2761): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000008080)={0x0, 0x0, &(0x7f0000000a40)=[{0x0, 0x2198}], 0x1}, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000007e40), 0x4000000000000aa, 0x9821) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) recvmsg(r0, &(0x7f00000005c0)={&(0x7f0000000300)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, 0x80, &(0x7f0000000480)=[{&(0x7f00000003c0)=""/188, 0xbc}, {&(0x7f0000000500)=""/178, 0xb2}, {&(0x7f0000000640)=""/200, 0xc8}], 0x3, &(0x7f0000000740)=""/252, 0xfc}, 0x100) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000008c0)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00'}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) read$FUSE(r2, &(0x7f00000023c0)={0x2020}, 0x2020) (fail_nth: 7) syz_usb_connect(0x0, 0xe4, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xb00, &(0x7f0000000140)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002b00010a000000000000001807"], 0x114}], 0x1}, 0x0) openat$sndseq(0xffffff9c, &(0x7f00000004c0), 0x2) 1.797008853s ago: executing program 1 (id=2764): unshare(0x22000600) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid_for_children\x00') r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) ioctl$SNDRV_PCM_IOCTL_UNLINK(r1, 0x4161, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) r2 = getpid() r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r3}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) inotify_init1(0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000340)=[@in={0x2, 0x4e20, @private=0xa010102}, @in6={0xa, 0x4e24, 0x3, @loopback, 0x2}, @in={0x2, 0x4e24, @empty}, @in6={0xa, 0x4e24, 0x6, @mcast2, 0x480}, @in={0x2, 0x4e21, @loopback}, @in={0x2, 0x4e20, @empty}, @in={0x2, 0x4e23, @multicast2}], 0x88) (fail_nth: 7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000008400), 0x0, 0x0, 0x0, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x2e) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r5, 0x5453, 0x0) landlock_create_ruleset(&(0x7f0000000000)={0x4a22}, 0x10, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$SNDCTL_SEQ_PANIC(0xffffffffffffffff, 0x5100) ioctl$KDFONTOP_GET(r1, 0x4b4b, &(0x7f0000000000)={0x5, 0x1, 0xfffffffd, 0x0, 0x110, 0x0}) 1.725934606s ago: executing program 2 (id=2765): mkdirat(0xffffffffffffff9c, 0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000380)=ANY=[], 0x4a1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000540)=ANY=[@ANYBLOB="010000000000000001000080"]) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000380)=ANY=[@ANYBLOB="3b00000000000000400101c000000000cc24"]) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) munmap(&(0x7f0000002000/0x800000)=nil, 0x800000) r4 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r4, 0xc01064c8, &(0x7f0000000200)={0x2, 0x0, &(0x7f0000000300)=[0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r4, 0xc04064aa, &(0x7f00000003c0)={&(0x7f0000001280), 0x0, r5, 0x0, '\x00', 0x1ffffffffffffd64}) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x2, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r8, 0x6, 0x9, &(0x7f0000000200)=0x6, 0x4) write$binfmt_elf32(r6, &(0x7f0000000f80)={{0x7f, 0x45, 0x4c, 0x46, 0x46, 0x8, 0x7, 0x7, 0x9df4, 0x3, 0x6, 0xf, 0x3cb, 0x34, 0xf6, 0x80000001, 0x8, 0x20, 0x2, 0x4, 0x4, 0x6}, [{0x10000006, 0x10000, 0x7787, 0x401, 0x2, 0x1b, 0x100}, {0x70000000, 0x324, 0x2474, 0xc61, 0x6822, 0x5, 0x3f, 0x7}], "2ef3", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x676) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10) r9 = io_uring_setup(0x7af2, &(0x7f00000003c0)) io_uring_register$IORING_REGISTER_BUFFERS(r9, 0x0, &(0x7f0000001880)=[{&(0x7f0000002e00)=""/4096, 0x1000}], 0x1) r10 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r10, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x0, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf6700000000000036000b000fff52004507000015300000d60600000ee60000bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070000000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15"], 0x0}, 0x90) syz_emit_ethernet(0x7a, &(0x7f00000001c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa86dd60000b28000c2f00fe800000000000000000000000100002fe8000000000000000000000000000aa242088be"], 0x0) 1.489792732s ago: executing program 3 (id=2766): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', &(0x7f00000024c0), 0x0, &(0x7f0000000740)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}}) 1.489294495s ago: executing program 3 (id=2767): syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x100000000a, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$netlink(0x10, 0x3, 0xf) sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x14, 0x1, 0x6, 0x201}, 0x14}}, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) process_vm_readv(0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/59, 0x3b}], 0x1, &(0x7f0000008640)=[{&(0x7f0000002c00)=""/111, 0x6f}], 0x1, 0x0) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmmsg$inet(r3, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1}}], 0xfffffdef, 0x0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(0xffffffffffffffff, 0x5386, &(0x7f0000000f00)) listen(0xffffffffffffffff, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_OPENQRY(r4, 0x4b46, &(0x7f00000000c0)) unshare(0x20000400) unshare(0x68020080) 1.219769078s ago: executing program 3 (id=2768): syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x100000000a, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$netlink(0x10, 0x3, 0xf) sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x14, 0x1, 0x6, 0x201}, 0x14}}, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) process_vm_readv(0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/59, 0x3b}], 0x1, &(0x7f0000008640)=[{&(0x7f0000002c00)=""/111, 0x6f}], 0x1, 0x0) r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmmsg$inet(r4, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1}}], 0xfffffdef, 0x0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(0xffffffffffffffff, 0x5386, &(0x7f0000000f00)) listen(r3, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_OPENQRY(r5, 0x4b46, &(0x7f00000000c0)) unshare(0x20000400) unshare(0x68020080) 1.146267796s ago: executing program 0 (id=2769): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@iv={0xac, 0x117, 0x2, 0x9b, "ad4b01d9a2b2f43d5a35e7ed4029ea3dae3974ee5e32a4e2b83a3d26c15457bc05d11d1277b5f1a466a84e6b87a2bc670aa7f7e278140deb2c0f5e6fb64b5c2fef3e225c7600b9639ac11716f35356f385494443cfed2d7050e993cc67b90e5c48e582bfe8132afb8dab4e75c1ecc260a8356559fdea2228b4d7d776f1a39d2fc836f2559156ac5f91b8ba8a05dd9e86ae176eec32e68669cc1767"}, @op={0x10, 0x117, 0x3, 0x1}, @assoc={0x10, 0x117, 0x4, 0x80000001}, @op={0x10, 0x117, 0x3, 0x1}, @op={0x10}, @op={0x10, 0x117, 0x3, 0x1}], 0xfc}, 0x40) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), r3) r5 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0xfffffeee, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYRESOCT=r1, @ANYRES64=r0, @ANYRESOCT=r4], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x44, 0x24, 0x5820a61ca228651, 0x201, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xf}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_rr={{0x7}, {0x18, 0x2, {0x7, "f8b51dbc93b05fe5b4dea8f9fcca6cf9"}}}]}, 0x44}}, 0x0) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r8, 0x6, 0x80000000000002, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6) r9 = getpid() r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x8000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r10}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) process_vm_readv(r9, &(0x7f0000008400)=[{&(0x7f0000000400)=""/50, 0x32}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team_slave_1\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x40000, 0x1, 0xffffffffffffffff, 0x3, '\x00', r11}, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r12 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r12, 0xc0045006, &(0x7f0000000100)) socket$inet6_sctp(0xa, 0x1, 0x84) 998.377292ms ago: executing program 1 (id=2770): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x20}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$CAPI_MANUFACTURER_CMD(0xffffffffffffffff, 0xc0084320, &(0x7f0000000000)={0x10000, &(0x7f0000000100)="112f6d374e4ea933ae41c1d44743a7a9bbc65677e7e88f49d96811ae9f41ecced643c357c685f84306b788e1549f38b8e124fa1b6aa2732e332364cb85d4cfa947a050fdc263987c88441a02d9648d9337b06e93d65a4c97dda4017bef6b5acc967ab6649d5612a9ddbb0d3a2aca83acf849d5bbf8ad3cf9"}) 990.535229ms ago: executing program 3 (id=2771): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000300)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000180)={'ip6_vti0\x00', 0x0, 0x29, 0x81, 0x7, 0xfff, 0x15, @ipv4={'\x00', '\xff\xff', @multicast2}, @mcast2, 0x8000, 0x1, 0x2, 0xf}}) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') r4 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) lchown(&(0x7f0000000240)='./file0\x00', r5, 0x0) sendmsg$xdp(r2, &(0x7f0000000600)={&(0x7f0000000200)={0x2c, 0x3, r3, 0x37}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000240)}, {0x0}, {&(0x7f0000000640)}, {0x0}, {&(0x7f0000000540)="78e53c4defb5f0b7737c378fbba542385ca9991d54509ddea5fa7173279d475ccace7ec606f64a18c2024b9c16b99a10670123d26c7caa6305310aa0c4ec", 0x3e}], 0x5, 0x0, 0x0, 0x10}, 0x801) r6 = getpid() r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r7}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r8 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/wireless\x00') preadv(r8, &(0x7f0000000100)=[{&(0x7f0000000280)=""/254, 0xfe}], 0x1, 0x1fc, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000000)=ANY=[], 0x8) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 919.22201ms ago: executing program 1 (id=2772): socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6_udplite(0xa, 0x2, 0x88) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_triestat\x00') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000540)={&(0x7f0000000440), 0xc, &(0x7f0000000500)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00@\x00', @ANYRES16=0x0, @ANYBLOB="020126bd7000fcdbdf2504000000100004800900010073797a30000000000800068004000200"], 0x2c}, 0x1, 0x0, 0x0, 0x5}, 0x0) r2 = socket(0x1d, 0x2, 0x6) memfd_secret(0x80000) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) r4 = socket(0x1d, 0x2, 0x6) bind$can_j1939(r4, &(0x7f0000000000)={0x1d, r3, 0x3}, 0x18) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[], 0x14}}, 0x0) io_uring_setup(0x396b, &(0x7f0000000180)) sendmsg$nl_route(r4, 0x0, 0x44004) sendmsg$TIPC_NL_MON_GET(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x13c}}, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='contention_end\x00'}, 0x10) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) pread64(r0, &(0x7f0000000340)=""/169, 0xa9, 0x7fff) write(0xffffffffffffffff, &(0x7f0000000000), 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYRES8], 0x70}}, 0x0) r5 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000240)={0x2, 0x0, @broadcast}, 0x10) bind$inet(r5, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) socket(0x15, 0x5, 0x0) 918.772298ms ago: executing program 2 (id=2773): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) socket(0x0, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=']) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000}, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001439) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000380)={0x0, 0x0}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x14, 0x4, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x200}}, 0x14}}, 0x44005) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r4 = getpid() ptrace$PTRACE_SETSIGMASK(0x420b, r4, 0x8, &(0x7f0000000200)={[0x6]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r5 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r6 = open(&(0x7f0000000140)='./bus\x00', 0x80200, 0x0) write$binfmt_elf64(r5, &(0x7f0000000100)=ANY=[], 0xfe3c) dup2(r6, r5) setxattr$security_ima(0x0, &(0x7f0000000000), &(0x7f00000000c0)=@sha1={0x1, "0293390000000000001d00"}, 0x15, 0x0) finit_module(r1, 0x0, 0x0) read(0xffffffffffffffff, 0x0, 0x0) 270.084971ms ago: executing program 0 (id=2774): socket(0x2, 0x3, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000300000020040000000000000000bfa100000000000007010000f8ffffffb70200f008000000b70300000600000085000000060000009500000000000000a5afd1e92adb3590aad9621d73ff2f06ca1a62b5c5b42629b889933d496148e9c9d0203b28e4a5f1a1f9032b3002461b2e68cbb383bdba284cd659ef48a54a6e3b452254c137530f5b6fb97895f3fe62b85cfc9423be0ccbfc49b73a2b4d79e108a989ae82303629e531fbb216e969be2e2340f5f328085f4d8399b55d8ebab53e5a225fc4590091f4ac085d1866f6fe24dd2af6a4d2a94f557da3b58a77c234cc2b4e9dabb32a1be7b814b19fb6d66d13"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r1, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfffffffe, "00207d2000000000201b14700c1e0ac74f000000001280000000000900"}) ioctl$EVIOCGBITSND(r1, 0x8000451a, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r2, &(0x7f0000000240)=""/75, 0x4b) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0) munlock(&(0x7f00008b2000/0x4000)=nil, 0x4000) syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r2, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000240)={0x8, {{0xa, 0x0, 0x0, @mcast1, 0x42d0c43c}}, {{0xa, 0x0, 0x0, @private1}}}, 0x104) ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f0000000380)=0x2) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000540)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @local}}, {{0xa, 0x0, 0x0, @private1}}]}, 0x190) r4 = openat$vmci(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000100)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000040)={@host, 0x3}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r6, 0x8933, &(0x7f0000000740)={'wg1\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000010000100"/20, @ANYRES32=r7, @ANYBLOB="000000164000000004002b80"], 0x24}}, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r4, 0x7b0, &(0x7f0000000140)={{@any, 0x802}, 0x0, 0x8}) 263.869342ms ago: executing program 1 (id=2775): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000002d0000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='tlb_flush\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee3, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) (fail_nth: 2) 212.378469ms ago: executing program 3 (id=2776): syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x100000000a, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$netlink(0x10, 0x3, 0xf) sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x14, 0x1, 0x6, 0x201}, 0x14}}, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) process_vm_readv(0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/59, 0x3b}], 0x1, &(0x7f0000008640)=[{&(0x7f0000002c00)=""/111, 0x6f}], 0x1, 0x0) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmmsg$inet(r3, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1}}], 0xfffffdef, 0x0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(0xffffffffffffffff, 0x5386, &(0x7f0000000f00)) listen(0xffffffffffffffff, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_OPENQRY(r4, 0x4b46, &(0x7f00000000c0)) unshare(0x20000400) unshare(0x68020080) 185.85609ms ago: executing program 2 (id=2777): socket(0x2, 0x3, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000300000020040000000000000000bfa100000000000007010000f8ffffffb70200f008000000b70300000600000085000000060000009500000000000000a5afd1e92adb3590aad9621d73ff2f06ca1a62b5c5b42629b889933d496148e9c9d0203b28e4a5f1a1f9032b3002461b2e68cbb383bdba284cd659ef48a54a6e3b452254c137530f5b6fb97895f3fe62b85cfc9423be0ccbfc49b73a2b4d79e108a989ae82303629e531fbb216e969be2e2340f5f328085f4d8399b55d8ebab53e5a225fc4590091f4ac085d1866f6fe24dd2af6a4d2a94f557da3b58a77c234cc2b4e9dabb32a1be7b814"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfffffffe, "00207d2000000000201b14700c1e0ac74f000000001280000000000900"}) ioctl$EVIOCGBITSND(r0, 0x8000451a, 0x0) syz_open_dev$hidraw(0x0, 0x0, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000240)={0x8, {{0xa, 0x0, 0x0, @mcast1, 0x42d0c43c}}, {{0xa, 0x0, 0x0, @private1}}}, 0x104) ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000000380)=0x2) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000540)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @local}}, {{0xa, 0x0, 0x0, @private1}}]}, 0x190) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000100)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000040)={@host, 0x3}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000740)={'wg1\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000010000100"/20, @ANYRES32=r5, @ANYBLOB="000000164000000004002b80"], 0x24}}, 0x0) 0s ago: executing program 3 (id=2778): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x10000}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_CREATE_VCPU(r1, 0xaec7, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(r7, r7) ioctl$TIOCL_BLANKSCREEN(r5, 0x5609, 0x0) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0xd000) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000200)={0x1, 0x0, [{0x0, 0x4, 0x0, 0x0, @msi}]}) kernel console output (not intermixed with test programs): 50 [ 580.000248][T11541] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 580.011285][T11541] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 580.359044][T14009] fuse: Unknown parameter '' [ 581.213927][ T5366] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 581.222091][ T5366] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 581.226390][ T5366] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 581.242089][ T5366] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 581.246196][ T5366] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 581.249343][ T5366] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 581.362110][ T5363] Bluetooth: hci4: command tx timeout [ 581.451604][T14032] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 581.476000][T14030] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 581.479508][T14030] IPv6: NLM_F_CREATE should be set when creating new route [ 581.483016][T14030] IPv6: NLM_F_CREATE should be set when creating new route [ 581.538750][T14030] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2359'. [ 581.550370][T14030] IPVS: stopping backup sync thread 14032 ... [ 581.935774][T14027] chnl_net:caif_netlink_parms(): no params data found [ 582.174865][T14027] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.178090][T14027] bridge0: port 1(bridge_slave_0) entered disabled state [ 582.181348][T14027] bridge_slave_0: entered allmulticast mode [ 582.187786][T14027] bridge_slave_0: entered promiscuous mode [ 582.194787][T14027] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.197999][T14027] bridge0: port 2(bridge_slave_1) entered disabled state [ 582.201148][T14027] bridge_slave_1: entered allmulticast mode [ 582.206296][T14027] bridge_slave_1: entered promiscuous mode [ 582.347108][T14027] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 582.366288][T14027] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 582.477054][T14027] team0: Port device team_slave_0 added [ 582.485254][T14027] team0: Port device team_slave_1 added [ 582.560286][T14027] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 582.565036][T14027] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 582.576689][T14027] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 582.583094][T14027] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 582.585997][T14027] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 582.597912][T14027] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 582.683560][T14027] hsr_slave_0: entered promiscuous mode [ 582.687111][T14027] hsr_slave_1: entered promiscuous mode [ 582.690438][T14027] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 582.697221][T14027] Cannot create hsr debugfs directory [ 582.915725][T14027] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.019045][T14027] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.136737][T14027] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.235589][T14027] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.282011][ T5363] Bluetooth: hci0: command tx timeout [ 583.451848][ T5363] Bluetooth: hci4: command tx timeout [ 583.462934][ T39] audit: type=1326 audit(1725853412.731:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14073 comm="syz.0.2368" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f38579 code=0x0 [ 583.549414][T14078] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2369'. [ 583.596367][T14027] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 583.609735][T14027] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 583.649618][T14027] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 583.668534][T14027] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 583.836118][T14082] syz.0.2368: attempt to access beyond end of device [ 583.836118][T14082] nbd0: rw=0, sector=16, nr_sectors = 8 limit=0 [ 583.843204][T14082] REISERFS warning (device nbd0): sh-2006 read_super_block: bread failed (dev nbd0, block 2, size 4096) [ 583.848536][T14082] syz.0.2368: attempt to access beyond end of device [ 583.848536][T14082] nbd0: rw=0, sector=128, nr_sectors = 8 limit=0 [ 583.854929][T14082] REISERFS warning (device nbd0): sh-2006 read_super_block: bread failed (dev nbd0, block 16, size 4096) [ 583.859734][T14082] REISERFS warning (device nbd0): sh-2021 reiserfs_fill_super: can not find reiserfs on nbd0 [ 583.906123][T14027] 8021q: adding VLAN 0 to HW filter on device bond0 [ 584.050389][T14027] 8021q: adding VLAN 0 to HW filter on device team0 [ 584.059424][ T105] bridge0: port 1(bridge_slave_0) entered blocking state [ 584.062627][ T105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 584.110116][ T105] bridge0: port 2(bridge_slave_1) entered blocking state [ 584.113645][ T105] bridge0: port 2(bridge_slave_1) entered forwarding state [ 584.576655][T14097] FAULT_INJECTION: forcing a failure. [ 584.576655][T14097] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 584.583183][T14097] CPU: 0 UID: 0 PID: 14097 Comm: syz.0.2372 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 584.587369][T14097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 584.590991][T14097] Call Trace: [ 584.592233][T14097] [ 584.593484][T14097] dump_stack_lvl+0x16c/0x1f0 [ 584.595465][T14097] should_fail_ex+0x497/0x5b0 [ 584.597252][T14097] _copy_from_user+0x30/0xf0 [ 584.598912][T14097] get_compat_msghdr+0xa8/0x170 [ 584.600865][T14097] ? __pfx_get_compat_msghdr+0x10/0x10 [ 584.603157][T14097] ? find_held_lock+0x2d/0x110 [ 584.605160][T14097] ___sys_recvmsg+0x193/0x1a0 [ 584.607107][T14097] ? __pfx____sys_recvmsg+0x10/0x10 [ 584.608833][T14027] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 584.609153][T14097] ? __fget_light+0x173/0x210 [ 584.614149][T14097] do_recvmmsg+0x51a/0x750 [ 584.615854][T14097] ? __pfx_do_recvmmsg+0x10/0x10 [ 584.617569][T14097] ? __pfx_lock_release+0x10/0x10 [ 584.619698][T14097] ? vfs_write+0x14d/0x1140 [ 584.621741][T14097] __sys_recvmmsg+0x21e/0x280 [ 584.623841][T14097] ? __pfx___sys_recvmmsg+0x10/0x10 [ 584.626145][T14097] ? __pfx_ksys_write+0x10/0x10 [ 584.627976][T14097] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 584.630083][T14097] ? lockdep_hardirqs_on+0x7c/0x110 [ 584.631832][T14097] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 584.634707][T14097] __do_fast_syscall_32+0x73/0x120 [ 584.636473][T14097] do_fast_syscall_32+0x32/0x80 [ 584.638178][T14097] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 584.640811][T14097] RIP: 0023:0xf7f38579 [ 584.642465][T14097] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 584.650031][T14097] RSP: 002b:00000000f56c656c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 584.653356][T14097] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200002c0 [ 584.656611][T14097] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 584.659821][T14097] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 584.663519][T14097] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 584.666860][T14097] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 584.669839][T14097] [ 584.728835][T14027] veth0_vlan: entered promiscuous mode [ 584.777670][T14027] veth1_vlan: entered promiscuous mode [ 584.869872][T14027] veth0_macvtap: entered promiscuous mode [ 584.878207][T14027] veth1_macvtap: entered promiscuous mode [ 584.895055][T14027] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.899487][T14027] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.904467][T14027] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.908795][T14027] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.913040][T14027] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.917917][T14027] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.922238][T14027] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.926578][T14027] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.930733][T14027] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.936161][T14027] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.942409][T14027] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 584.956355][T14027] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.960463][T14027] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.965159][T14027] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.968940][T14027] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.972697][T14027] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.972831][ T39] audit: type=1326 audit(1725853414.241:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14098 comm="syz.0.2373" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f38579 code=0x7ffc0000 [ 584.976454][T14027] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.988728][T14027] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.988810][ T39] audit: type=1326 audit(1725853414.241:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14098 comm="syz.0.2373" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f38579 code=0x7ffc0000 [ 584.992350][T14027] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.005859][T14027] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 585.006070][ T39] audit: type=1326 audit(1725853414.261:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14098 comm="syz.0.2373" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f38579 code=0x7ffc0000 [ 585.009685][T14027] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.025029][ T39] audit: type=1326 audit(1725853414.261:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14098 comm="syz.0.2373" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f38579 code=0x7ffc0000 [ 585.026631][T14027] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 585.034504][ T39] audit: type=1326 audit(1725853414.261:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14098 comm="syz.0.2373" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f38579 code=0x7ffc0000 [ 585.046530][ T39] audit: type=1326 audit(1725853414.271:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14098 comm="syz.0.2373" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf7f38579 code=0x7ffc0000 [ 585.061803][T14027] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 585.065814][T14027] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 585.069858][ T39] audit: type=1326 audit(1725853414.271:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14098 comm="syz.0.2373" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f38579 code=0x7ffc0000 [ 585.079390][T14027] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 585.083402][T14027] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 585.087416][ T39] audit: type=1326 audit(1725853414.271:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14098 comm="syz.0.2373" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f38579 code=0x7ffc0000 [ 585.100730][ T39] audit: type=1326 audit(1725853414.301:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14098 comm="syz.0.2373" exe="/syz-executor" sig=0 arch=40000003 syscall=156 compat=1 ip=0xf7f38579 code=0x7ffc0000 [ 585.266829][T11535] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 585.279916][T11535] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 585.319064][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 585.325246][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 585.371918][ T5363] Bluetooth: hci0: command tx timeout [ 585.531868][ T5363] Bluetooth: hci4: command tx timeout [ 587.441983][ T5363] Bluetooth: hci0: command tx timeout [ 587.958530][T14141] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2381'. [ 588.054786][ T5355] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 588.106358][T14145] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2382'. [ 588.254699][ T5355] usb 6-1: Using ep0 maxpacket: 8 [ 588.264888][ T5355] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 588.268346][ T5355] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 588.276309][ T5355] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 588.280943][ T5355] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 588.286114][ T5355] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 588.290310][ T5355] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.329533][ T5355] hub 6-1:1.0: bad descriptor, ignoring hub [ 588.332683][ T5355] hub 6-1:1.0: probe with driver hub failed with error -5 [ 588.342100][ T5355] cdc_wdm 6-1:1.0: skipping garbage [ 588.345164][ T5355] cdc_wdm 6-1:1.0: skipping garbage [ 588.349005][ T5355] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 588.351269][ T5355] cdc_wdm 6-1:1.0: Unknown control protocol [ 588.689879][T14151] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2384'. [ 589.257265][ T5366] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 589.263594][ T5366] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 589.268892][ T5366] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 589.273543][ T5366] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 589.278089][ T5366] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 589.282066][ T5366] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 589.523431][ T5363] Bluetooth: hci0: command tx timeout [ 589.646070][T14162] chnl_net:caif_netlink_parms(): no params data found [ 589.807659][T14162] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.810609][T14162] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.815520][T14162] bridge_slave_0: entered allmulticast mode [ 589.821287][T14162] bridge_slave_0: entered promiscuous mode [ 589.827941][T14162] bridge0: port 2(bridge_slave_1) entered blocking state [ 589.831217][T14162] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.835114][T14162] bridge_slave_1: entered allmulticast mode [ 589.845230][T14162] bridge_slave_1: entered promiscuous mode [ 589.920911][T14162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 589.938003][T14162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 590.031239][T14162] team0: Port device team_slave_0 added [ 590.041457][T14162] team0: Port device team_slave_1 added [ 590.127070][T14162] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 590.130112][T14162] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 590.140674][T14162] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 590.148461][T14162] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 590.151841][T14162] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 590.163022][T14162] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 590.346337][T14162] hsr_slave_0: entered promiscuous mode [ 590.366280][T14162] hsr_slave_1: entered promiscuous mode [ 590.370477][T14162] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 590.374058][T14162] Cannot create hsr debugfs directory [ 590.682159][ T1286] usb 6-1: USB disconnect, device number 36 [ 590.823763][T14162] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.870006][ T39] kauditd_printk_skb: 14 callbacks suppressed [ 590.870021][ T39] audit: type=1326 audit(1725853420.131:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14184 comm="syz.3.2390" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 590.917242][ T39] audit: type=1326 audit(1725853420.131:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14184 comm="syz.3.2390" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 590.927536][ T39] audit: type=1326 audit(1725853420.141:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14184 comm="syz.3.2390" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 590.940778][ T39] audit: type=1326 audit(1725853420.151:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14184 comm="syz.3.2390" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 590.949630][ T39] audit: type=1326 audit(1725853420.161:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14184 comm="syz.3.2390" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 590.960597][T14162] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.964505][ T39] audit: type=1326 audit(1725853420.161:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14186 comm="syz.3.2390" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 590.978795][ T39] audit: type=1326 audit(1725853420.161:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14184 comm="syz.3.2390" exe="/syz-executor" sig=0 arch=40000003 syscall=284 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 590.988040][ T39] audit: type=1326 audit(1725853420.231:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14184 comm="syz.3.2390" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749e598 code=0x7ffc0000 [ 591.002869][ T39] audit: type=1326 audit(1725853420.231:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14184 comm="syz.3.2390" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749e598 code=0x7ffc0000 [ 591.011460][ T39] audit: type=1326 audit(1725853420.231:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14184 comm="syz.3.2390" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749e598 code=0x7ffc0000 [ 591.134203][T14162] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 591.334395][T14162] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 591.362894][ T5363] Bluetooth: hci3: command tx timeout [ 591.839324][T14162] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 591.850113][T14162] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 591.862082][T14162] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 591.867105][T14162] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 591.941719][T14185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2390'. [ 591.961170][T14162] 8021q: adding VLAN 0 to HW filter on device bond0 [ 591.993176][T14162] 8021q: adding VLAN 0 to HW filter on device team0 [ 592.000355][T11535] bridge0: port 1(bridge_slave_0) entered blocking state [ 592.003456][T11535] bridge0: port 1(bridge_slave_0) entered forwarding state [ 592.049394][T11539] bridge0: port 2(bridge_slave_1) entered blocking state [ 592.052404][T11539] bridge0: port 2(bridge_slave_1) entered forwarding state [ 592.470727][T14162] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 592.471788][T10291] usb 8-1: new high-speed USB device number 45 using dummy_hcd [ 592.613765][T14162] veth0_vlan: entered promiscuous mode [ 592.625835][T14162] veth1_vlan: entered promiscuous mode [ 592.661856][T10291] usb 8-1: Using ep0 maxpacket: 8 [ 592.666209][T10291] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 592.670588][T10291] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 592.680766][T10291] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 592.701959][T10291] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 592.711851][T10291] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 592.717623][T10291] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 592.719420][T14162] veth0_macvtap: entered promiscuous mode [ 592.725140][T10291] hub 8-1:1.0: bad descriptor, ignoring hub [ 592.735252][T14162] veth1_macvtap: entered promiscuous mode [ 592.747470][T10291] hub 8-1:1.0: probe with driver hub failed with error -5 [ 592.757283][T10291] cdc_wdm 8-1:1.0: skipping garbage [ 592.768078][T10291] cdc_wdm 8-1:1.0: skipping garbage [ 592.776749][T14162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 592.778425][T10291] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 592.787415][T10291] cdc_wdm 8-1:1.0: Unknown control protocol [ 592.802075][T14162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.806955][T14162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 592.811257][T14162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.822566][T14162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 592.831638][T14162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.835738][T14162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 592.852327][T14162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.856281][T14162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 592.861808][T14162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.870960][T14162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 592.875672][T14162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.902034][T14162] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 592.918659][T14162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 592.934728][T14162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.939655][T14162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 592.945938][T14162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.950081][T14162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 592.957690][T14162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.961476][T14162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 592.966207][T14162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.970320][T14162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 592.974242][T14162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.978487][T14162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 592.982367][T14162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.993038][T14162] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 593.000337][T14162] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.013766][T14162] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.018329][T14162] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.023016][T14162] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.148437][ T105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 593.155156][ T105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 593.193102][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 593.196445][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 593.332325][T14230] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2385'. [ 593.423508][T10291] usb 8-1: USB disconnect, device number 45 [ 593.443517][ T5363] Bluetooth: hci3: command tx timeout [ 594.645081][T14248] FAULT_INJECTION: forcing a failure. [ 594.645081][T14248] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 594.651332][T14248] CPU: 3 UID: 0 PID: 14248 Comm: syz.1.2402 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 594.655774][T14248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 594.660231][T14248] Call Trace: [ 594.661720][T14248] [ 594.663044][T14248] dump_stack_lvl+0x16c/0x1f0 [ 594.664797][T14248] should_fail_ex+0x497/0x5b0 [ 594.666780][T14248] _copy_to_user+0x30/0xc0 [ 594.668700][T14248] simple_read_from_buffer+0xd0/0x160 [ 594.671040][T14248] proc_fail_nth_read+0x19e/0x280 [ 594.673120][T14248] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 594.675002][T14248] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 594.676836][T14248] vfs_read+0x1d4/0xbd0 [ 594.678523][T14248] ? __fdget_pos+0xeb/0x180 [ 594.680478][T14248] ? __pfx_vfs_read+0x10/0x10 [ 594.682473][T14248] ? __pfx___mutex_lock+0x10/0x10 [ 594.684370][T14248] ? __fget_files+0x256/0x400 [ 594.686064][T14248] ksys_read+0x12f/0x260 [ 594.687727][T14248] ? __pfx_ksys_read+0x10/0x10 [ 594.689668][T14248] __do_fast_syscall_32+0x73/0x120 [ 594.691845][T14248] do_fast_syscall_32+0x32/0x80 [ 594.693909][T14248] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 594.696572][T14248] RIP: 0023:0xf7f53579 [ 594.698302][T14248] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 594.706387][T14248] RSP: 002b:00000000f56e65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 594.709972][T14248] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f56e6620 [ 594.713339][T14248] RDX: 000000000000000f RSI: 00000000f73dfff4 RDI: 0000000000000000 [ 594.716708][T14248] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 594.720048][T14248] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 594.723417][T14248] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 594.726842][T14248] [ 595.521740][ T5363] Bluetooth: hci3: command tx timeout [ 595.639962][T14261] autofs: Bad value for 'fd' [ 596.350506][T14268] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2407'. [ 596.358374][T14268] netlink: 'syz.2.2407': attribute type 9 has an invalid length. [ 596.361835][T14268] netlink: 399 bytes leftover after parsing attributes in process `syz.2.2407'. [ 596.569889][T14275] netlink: 'syz.0.2410': attribute type 7 has an invalid length. [ 596.573610][T14275] netlink: 15 bytes leftover after parsing attributes in process `syz.0.2410'. [ 596.577389][T14275] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2410'. [ 596.580744][T14275] netlink: 872 bytes leftover after parsing attributes in process `syz.0.2410'. [ 596.591103][T14275] netlink: 'syz.0.2410': attribute type 7 has an invalid length. [ 596.601159][T14275] netlink: 15 bytes leftover after parsing attributes in process `syz.0.2410'. [ 597.106365][T14284] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3602751755 (461152224640 ns) > initial count (197015925504 ns). Using initial count to start timer. [ 597.601877][ T5363] Bluetooth: hci3: command tx timeout [ 598.778172][T14308] autofs: Bad value for 'fd' [ 598.797881][T14310] netlink: 'syz.1.2417': attribute type 9 has an invalid length. [ 598.801288][T14310] netlink: 399 bytes leftover after parsing attributes in process `syz.1.2417'. [ 598.850108][T14312] dns_resolver: Unsupported server list version (0) [ 600.970357][T14334] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2424'. [ 600.976228][T14334] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2424'. [ 600.980293][T14334] FAULT_INJECTION: forcing a failure. [ 600.980293][T14334] name failslab, interval 1, probability 0, space 0, times 0 [ 600.985983][T14334] CPU: 1 UID: 0 PID: 14334 Comm: syz.2.2424 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 600.990928][T14334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 600.996072][T14334] Call Trace: [ 600.997525][T14334] [ 600.998990][T14334] dump_stack_lvl+0x16c/0x1f0 [ 601.001005][T14334] should_fail_ex+0x497/0x5b0 [ 601.003033][T14334] ? fs_reclaim_acquire+0xae/0x160 [ 601.005523][T14334] should_failslab+0xc2/0x120 [ 601.007801][T14334] __kmalloc_node_noprof+0xd1/0x440 [ 601.010606][T14334] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 601.012974][T14334] __kvmalloc_node_noprof+0x9d/0x1a0 [ 601.015271][T14334] alloc_netdev_mqs+0xc9/0x1290 [ 601.017377][T14334] ? __pfx_vlan_setup+0x10/0x10 [ 601.019497][T14334] rtnl_create_link+0xbed/0xf10 [ 601.021642][T14334] __rtnl_newlink+0x10b3/0x1920 [ 601.023773][T14334] ? __pfx___rtnl_newlink+0x10/0x10 [ 601.026079][T14334] rtnl_newlink+0x67/0xa0 [ 601.028100][T14334] ? __pfx_rtnl_newlink+0x10/0x10 [ 601.030273][T14334] rtnetlink_rcv_msg+0x3c7/0xea0 [ 601.032364][T14334] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 601.034647][T14334] ? __pfx___lock_acquire+0x10/0x10 [ 601.036830][T14334] ? __pfx___dev_queue_xmit+0x10/0x10 [ 601.039118][T14334] netlink_rcv_skb+0x165/0x410 [ 601.041084][T14334] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 601.042974][T14334] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 601.045139][T14334] ? rcu_is_watching+0x12/0xc0 [ 601.047216][T14334] netlink_unicast+0x53c/0x7f0 [ 601.049380][T14334] ? __pfx_netlink_unicast+0x10/0x10 [ 601.051582][T14334] ? __phys_addr_symbol+0x30/0x80 [ 601.053733][T14334] ? __check_object_size+0x497/0x720 [ 601.055882][T14334] netlink_sendmsg+0x8b8/0xd70 [ 601.058201][T14334] ? __pfx_netlink_sendmsg+0x10/0x10 [ 601.060909][T14334] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 601.063244][T14334] ____sys_sendmsg+0x9b4/0xb50 [ 601.065401][T14334] ? __pfx_____sys_sendmsg+0x10/0x10 [ 601.071005][T14334] ? get_compat_msghdr+0x11b/0x170 [ 601.073624][T14334] ? __pfx___lock_acquire+0x10/0x10 [ 601.075647][T14334] ? finish_task_switch.isra.0+0x217/0xcc0 [ 601.078827][T14334] ? lockdep_hardirqs_on+0x7c/0x110 [ 601.082000][T14334] ___sys_sendmsg+0x135/0x1e0 [ 601.084654][T14334] ? __pfx____sys_sendmsg+0x10/0x10 [ 601.087718][T14334] ? ksys_write+0x21c/0x260 [ 601.090370][T14334] ? __fget_light+0x173/0x210 [ 601.092516][T14334] __sys_sendmsg+0x117/0x1f0 [ 601.094601][T14334] ? __pfx___sys_sendmsg+0x10/0x10 [ 601.096916][T14334] __do_fast_syscall_32+0x73/0x120 [ 601.099471][T14334] do_fast_syscall_32+0x32/0x80 [ 601.102007][T14334] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 601.105248][T14334] RIP: 0023:0xf7fc0579 [ 601.107168][T14334] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 601.116485][T14334] RSP: 002b:00000000f575656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 601.120014][T14334] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000280 [ 601.123483][T14334] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 601.126652][T14334] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 601.129389][T14334] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 601.132213][T14334] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 601.135184][T14334] [ 601.293851][T14339] netlink: 'syz.0.2426': attribute type 9 has an invalid length. [ 601.297348][T14339] netlink: 399 bytes leftover after parsing attributes in process `syz.0.2426'. [ 601.400514][T14341] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2427'. [ 601.432911][T14341] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2427'. [ 601.586400][T14354] dns_resolver: Unsupported server list version (0) [ 602.681734][ T58] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 602.871716][ T58] usb 6-1: Using ep0 maxpacket: 8 [ 602.876991][ T58] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 602.881208][ T58] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 602.885746][ T58] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 602.890275][ T58] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 602.895109][ T58] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 602.898916][ T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.911841][ T58] hub 6-1:1.0: bad descriptor, ignoring hub [ 602.913990][ T58] hub 6-1:1.0: probe with driver hub failed with error -5 [ 602.917381][ T58] cdc_wdm 6-1:1.0: skipping garbage [ 602.919520][ T58] cdc_wdm 6-1:1.0: skipping garbage [ 602.935542][ T58] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 602.947321][ T58] cdc_wdm 6-1:1.0: Unknown control protocol [ 603.468723][T14369] netlink: 'syz.0.2436': attribute type 9 has an invalid length. [ 603.476741][T14369] netlink: 399 bytes leftover after parsing attributes in process `syz.0.2436'. [ 603.582183][ T5355] usb 6-1: USB disconnect, device number 37 [ 603.745010][T14373] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2437'. [ 603.748435][T14373] netlink: 'syz.0.2437': attribute type 13 has an invalid length. [ 603.751778][T14373] netlink: 'syz.0.2437': attribute type 12 has an invalid length. [ 603.760305][T14373] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 603.764305][T14373] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 603.767600][T14373] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 603.771194][T14373] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 603.774848][T14373] vxlan0: entered promiscuous mode [ 603.902235][T14382] netlink: 'syz.2.2439': attribute type 1 has an invalid length. [ 603.906241][T14382] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2439'. [ 603.910343][T14382] FAULT_INJECTION: forcing a failure. [ 603.910343][T14382] name failslab, interval 1, probability 0, space 0, times 0 [ 603.916378][T14382] CPU: 0 UID: 0 PID: 14382 Comm: syz.2.2439 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 603.920769][T14382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 603.925256][T14382] Call Trace: [ 603.926669][T14382] [ 603.927927][T14382] dump_stack_lvl+0x16c/0x1f0 [ 603.929900][T14382] should_fail_ex+0x497/0x5b0 [ 603.931902][T14382] should_failslab+0xc2/0x120 [ 603.933939][T14382] __kmalloc_cache_noprof+0x6b/0x310 [ 603.936176][T14382] ? __hw_addr_add_ex+0x310/0x700 [ 603.938310][T14382] __hw_addr_add_ex+0x310/0x700 [ 603.940387][T14382] __hw_addr_sync+0x15b/0x310 [ 603.942402][T14382] dev_mc_sync+0x105/0x180 [ 603.944282][T14382] ipvlan_set_multicast_mac_filter+0x13a/0x2a0 [ 603.946927][T14382] ? __pfx_ipvlan_set_multicast_mac_filter+0x10/0x10 [ 603.949756][T14382] ? do_raw_spin_lock+0x12d/0x2c0 [ 603.951916][T14382] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 603.954190][T14382] ? __pfx_ipvlan_set_multicast_mac_filter+0x10/0x10 [ 603.956738][T14382] __dev_set_rx_mode+0x1d0/0x2e0 [ 603.958841][T14382] __dev_open+0x386/0x4e0 [ 603.960713][T14382] ? __pfx___dev_open+0x10/0x10 [ 603.962813][T14382] ? __local_bh_enable_ip+0xa4/0x120 [ 603.965037][T14382] __dev_change_flags+0x561/0x720 [ 603.966920][T14382] ? __pfx___dev_change_flags+0x10/0x10 [ 603.969624][T14382] ? __pfx_llist_add_batch+0x10/0x10 [ 603.971865][T14382] ? console_unlock+0x248/0x290 [ 603.973916][T14382] dev_change_flags+0x8f/0x160 [ 603.975995][T14382] do_setlink+0x19dd/0x3ec0 [ 603.977869][T14382] ? __wake_up_klogd.part.0+0x99/0xf0 [ 603.980193][T14382] ? vprintk_emit+0x1a2/0x600 [ 603.982182][T14382] ? __pfx_do_setlink+0x10/0x10 [ 603.984085][T14382] ? vprintk+0x86/0xa0 [ 603.985848][T14382] ? _printk+0xc8/0x100 [ 603.987647][T14382] ? __pfx__printk+0x10/0x10 [ 603.989606][T14382] ? ___ratelimit+0x24c/0x580 [ 603.991629][T14382] ? __pfx____ratelimit+0x10/0x10 [ 603.993754][T14382] ? __kernel_text_address+0xd/0x40 [ 603.995937][T14382] ? rcu_is_watching+0x12/0xc0 [ 603.997940][T14382] ? do_trace_netlink_extack+0x16d/0x1e0 [ 604.000310][T14382] ? __nla_validate_parse+0x605/0x2b10 [ 604.002655][T14382] ? __pfx___nla_validate_parse+0x10/0x10 [ 604.005079][T14382] ? stack_trace_save+0x95/0xd0 [ 604.007154][T14382] ? __pfx_stack_trace_save+0x10/0x10 [ 604.009477][T14382] ? stack_depot_save_flags+0x28/0x900 [ 604.011783][T14382] ? find_held_lock+0x2d/0x110 [ 604.013772][T14382] ? __nla_parse+0x40/0x60 [ 604.015433][T14382] __rtnl_newlink+0xc3a/0x1920 [ 604.017333][T14382] ? __pfx___rtnl_newlink+0x10/0x10 [ 604.019582][T14382] rtnl_newlink+0x67/0xa0 [ 604.021396][T14382] ? __pfx_rtnl_newlink+0x10/0x10 [ 604.023532][T14382] rtnetlink_rcv_msg+0x3c7/0xea0 [ 604.025605][T14382] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 604.027862][T14382] ? __pfx___dev_queue_xmit+0x10/0x10 [ 604.030101][T14382] netlink_rcv_skb+0x165/0x410 [ 604.032152][T14382] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 604.034434][T14382] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 604.036683][T14382] ? netlink_deliver_tap+0x1ae/0xcf0 [ 604.038898][T14382] netlink_unicast+0x53c/0x7f0 [ 604.040929][T14382] ? __pfx_netlink_unicast+0x10/0x10 [ 604.043168][T14382] ? __phys_addr_symbol+0x30/0x80 [ 604.045294][T14382] ? __check_object_size+0x497/0x720 [ 604.047545][T14382] netlink_sendmsg+0x8b8/0xd70 [ 604.049556][T14382] ? __pfx_netlink_sendmsg+0x10/0x10 [ 604.051792][T14382] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 604.053992][T14382] ____sys_sendmsg+0x9b4/0xb50 [ 604.055912][T14382] ? __pfx_____sys_sendmsg+0x10/0x10 [ 604.058085][T14382] ? get_compat_msghdr+0x11b/0x170 [ 604.060202][T14382] ? __pfx___lock_acquire+0x10/0x10 [ 604.062351][T14382] ___sys_sendmsg+0x135/0x1e0 [ 604.064357][T14382] ? __pfx____sys_sendmsg+0x10/0x10 [ 604.066533][T14382] ? ksys_write+0x21c/0x260 [ 604.068361][T14382] ? __fget_light+0x173/0x210 [ 604.070264][T14382] __sys_sendmsg+0x117/0x1f0 [ 604.072192][T14382] ? __pfx___sys_sendmsg+0x10/0x10 [ 604.074213][T14382] __do_fast_syscall_32+0x73/0x120 [ 604.076416][T14382] do_fast_syscall_32+0x32/0x80 [ 604.078439][T14382] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 604.080910][T14382] RIP: 0023:0xf7fc0579 [ 604.082461][T14382] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 604.089758][T14382] RSP: 002b:00000000f575656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 604.093179][T14382] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000080 [ 604.096337][T14382] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 604.099288][T14382] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 604.102198][T14382] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 604.105385][T14382] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 604.108524][T14382] [ 604.126738][T14382] ipvlan1: entered promiscuous mode [ 604.441842][T14371] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 604.445834][T14371] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 604.457519][T14371] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 604.460169][T14371] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 604.470371][T14371] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 604.475606][T14371] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 604.478017][T14371] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 604.486267][T14371] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 604.491061][T14371] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 604.494540][T14371] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 604.499574][T14371] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 604.742703][T14402] netlink: 'syz.2.2445': attribute type 9 has an invalid length. [ 604.745581][T14402] netlink: 399 bytes leftover after parsing attributes in process `syz.2.2445'. [ 605.145992][T14410] autofs: Bad value for 'fd' [ 605.681803][ T5363] Bluetooth: hci1: command 0x0406 tx timeout [ 606.491886][ T5363] Bluetooth: hci0: command 0x0c1a tx timeout [ 606.494594][ T5366] Bluetooth: hci4: command 0x0c1a tx timeout [ 606.563474][ T5363] Bluetooth: hci3: command 0x0c1a tx timeout [ 606.623355][T14446] netlink: 'syz.0.2454': attribute type 9 has an invalid length. [ 606.632360][T14446] netlink: 399 bytes leftover after parsing attributes in process `syz.0.2454'. [ 606.689544][T14448] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2456'. [ 607.616549][T14463] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3602751755 (461152224640 ns) > initial count (197015925504 ns). Using initial count to start timer. [ 607.773519][ T5363] Bluetooth: hci1: command 0x0406 tx timeout [ 607.878715][T14469] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3602751755 (461152224640 ns) > initial count (197015925504 ns). Using initial count to start timer. [ 608.027055][T14474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2461'. [ 608.367046][T14480] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2462'. [ 608.561786][ T5363] Bluetooth: hci0: command 0x0c1a tx timeout [ 608.565668][ T5363] Bluetooth: hci4: command 0x0c1a tx timeout [ 608.642939][ T5363] Bluetooth: hci3: command 0x0c1a tx timeout [ 609.086685][ T5363] Bluetooth: hci0: hardware error 0x00 [ 609.271656][T13457] usb 8-1: new high-speed USB device number 46 using dummy_hcd [ 609.454538][T13457] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 609.459159][T13457] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 609.468747][T13457] usb 8-1: New USB device found, idVendor=056a, idProduct=0031, bcdDevice= 0.00 [ 609.472995][T13457] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.480400][T13457] usb 8-1: config 0 descriptor?? [ 609.692517][T14490] autofs: Bad value for 'fd' [ 609.723784][T13457] usbhid 8-1:0.0: can't add hid device: -71 [ 609.731964][T13457] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 609.743373][T13457] usb 8-1: USB disconnect, device number 46 [ 609.772428][T14490] overlayfs: missing 'lowerdir' [ 610.127885][T14493] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2466'. [ 610.481725][ T1286] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 610.564984][T14503] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3602751755 (461152224640 ns) > initial count (197015925504 ns). Using initial count to start timer. [ 610.651767][ T5366] Bluetooth: hci4: command 0x0c1a tx timeout [ 610.677363][ T1286] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 610.691998][ T1286] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 610.696396][ T1286] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 610.700405][ T1286] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.725697][T14495] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 610.732915][ T5366] Bluetooth: hci3: command 0x0c1a tx timeout [ 610.732987][ T1286] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 611.022949][T10715] usb 5-1: USB disconnect, device number 32 [ 611.132008][ T5363] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 611.491661][ T1707] usb 8-1: new high-speed USB device number 47 using dummy_hcd [ 611.667980][T14525] dlm: no local IP address has been set [ 611.670747][T14525] dlm: cannot start dlm midcomms -107 [ 611.674713][T14525] FAULT_INJECTION: forcing a failure. [ 611.674713][T14525] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 611.680115][T14525] CPU: 3 UID: 0 PID: 14525 Comm: syz.2.2475 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 611.684559][T14525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 611.689076][T14525] Call Trace: [ 611.690511][T14525] [ 611.691790][T14525] dump_stack_lvl+0x16c/0x1f0 [ 611.694051][T14525] should_fail_ex+0x497/0x5b0 [ 611.695902][T14525] _copy_to_user+0x30/0xc0 [ 611.697772][T14525] simple_read_from_buffer+0xd0/0x160 [ 611.700050][T14525] proc_fail_nth_read+0x19e/0x280 [ 611.702217][T14525] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 611.704800][T14525] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 611.707166][T14525] vfs_read+0x1d4/0xbd0 [ 611.708947][T14525] ? __fdget_pos+0xeb/0x180 [ 611.710948][T14525] ? __pfx_vfs_read+0x10/0x10 [ 611.712931][T14525] ? __pfx___mutex_lock+0x10/0x10 [ 611.714995][T14525] ? __fget_files+0x256/0x400 [ 611.717021][T14525] ksys_read+0x12f/0x260 [ 611.718817][T14525] ? __pfx_ksys_read+0x10/0x10 [ 611.720634][T14525] __do_fast_syscall_32+0x73/0x120 [ 611.722803][T14525] do_fast_syscall_32+0x32/0x80 [ 611.724887][T14525] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 611.728028][T14525] RIP: 0023:0xf7fc0579 [ 611.729797][T14525] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 611.738027][T14525] RSP: 002b:00000000f57565a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 611.741657][T14525] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5756620 [ 611.745083][T14525] RDX: 000000000000000f RSI: 00000000f744fff4 RDI: 0000000000000000 [ 611.748601][T14525] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 611.751933][T14525] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 611.755233][T14525] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 611.758516][T14525] [ 611.764529][ T1707] usb 8-1: Using ep0 maxpacket: 8 [ 611.769384][ T1707] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 611.774695][ T1707] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 611.777666][ T1707] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 611.782258][ T1707] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 611.786894][ T1707] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 611.790607][ T1707] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.801408][ T1707] hub 8-1:1.0: bad descriptor, ignoring hub [ 611.809158][ T1707] hub 8-1:1.0: probe with driver hub failed with error -5 [ 611.817440][ T1707] cdc_wdm 8-1:1.0: skipping garbage [ 611.819233][ T1707] cdc_wdm 8-1:1.0: skipping garbage [ 611.822017][ T1707] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 611.824167][ T1707] cdc_wdm 8-1:1.0: Unknown control protocol [ 611.874460][T14529] Bluetooth: MGMT ver 1.23 [ 611.888268][T14531] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2477'. [ 614.501940][T14555] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3602751755 (461152224640 ns) > initial count (197015925504 ns). Using initial count to start timer. [ 614.563409][T13457] usb 8-1: USB disconnect, device number 47 [ 615.640689][T14571] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2486'. [ 615.817502][T14581] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2488'. [ 615.821387][T14581] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2488'. [ 615.835097][T14581] vlan2: entered promiscuous mode [ 615.855592][T14577] autofs: Bad value for 'fd' [ 615.938853][T14577] overlayfs: missing 'lowerdir' [ 616.568421][T14587] syzkaller0: entered promiscuous mode [ 616.570792][T14587] syzkaller0: entered allmulticast mode [ 616.770407][T14596] ieee802154 phy0 wpan0: encryption failed: -22 [ 619.605462][T14624] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2498'. [ 620.019495][T14639] netlink: 'syz.0.2503': attribute type 9 has an invalid length. [ 620.022940][T14639] netlink: 399 bytes leftover after parsing attributes in process `syz.0.2503'. [ 620.878843][ T5366] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 620.884567][ T5366] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 620.888752][ T5366] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 620.899156][ T5366] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 620.904618][ T5366] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 620.908098][ T5366] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 621.250204][T14652] chnl_net:caif_netlink_parms(): no params data found [ 621.427903][T14652] bridge0: port 1(bridge_slave_0) entered blocking state [ 621.430528][T14652] bridge0: port 1(bridge_slave_0) entered disabled state [ 621.434126][T14652] bridge_slave_0: entered allmulticast mode [ 621.439513][T14652] bridge_slave_0: entered promiscuous mode [ 621.446226][T14652] bridge0: port 2(bridge_slave_1) entered blocking state [ 621.449676][T14652] bridge0: port 2(bridge_slave_1) entered disabled state [ 621.453190][T14652] bridge_slave_1: entered allmulticast mode [ 621.459521][T14652] bridge_slave_1: entered promiscuous mode [ 621.515672][T14652] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 621.524888][T14652] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 621.595450][T14652] team0: Port device team_slave_0 added [ 621.607126][T14652] team0: Port device team_slave_1 added [ 621.645100][T10291] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 621.719680][T14652] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 621.722704][T14652] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 621.733305][T14652] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 621.739501][T14652] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 621.742523][T14652] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 621.752652][T14652] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 621.805811][T14652] hsr_slave_0: entered promiscuous mode [ 621.809050][T14652] hsr_slave_1: entered promiscuous mode [ 621.812180][T14652] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 621.817117][T14652] Cannot create hsr debugfs directory [ 621.851886][T10291] usb 5-1: Using ep0 maxpacket: 8 [ 621.858595][T10291] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 621.862992][T10291] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 621.866361][T10291] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 621.870285][T10291] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 621.880211][T10291] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 621.884047][T10291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.895095][T10291] hub 5-1:1.0: bad descriptor, ignoring hub [ 621.897522][T10291] hub 5-1:1.0: probe with driver hub failed with error -5 [ 621.909320][T10291] cdc_wdm 5-1:1.0: skipping garbage [ 621.911500][T10291] cdc_wdm 5-1:1.0: skipping garbage [ 621.919434][T10291] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 621.925615][T10291] cdc_wdm 5-1:1.0: Unknown control protocol [ 622.022468][T14652] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 622.026893][T14652] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.121699][ T1707] usb 7-1: new high-speed USB device number 50 using dummy_hcd [ 622.130482][T14652] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 622.134609][T14652] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.256938][T14652] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 622.262062][T14652] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.321718][ T1707] usb 7-1: Using ep0 maxpacket: 8 [ 622.332815][ T1707] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 622.340632][ T1707] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 622.344824][ T1707] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 622.349679][ T1707] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 622.352910][T14652] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 622.354961][ T1707] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 622.362879][ T1707] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 622.364109][T14652] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.378762][ T1707] hub 7-1:1.0: bad descriptor, ignoring hub [ 622.382354][ T1707] hub 7-1:1.0: probe with driver hub failed with error -5 [ 622.401978][ T1707] cdc_wdm 7-1:1.0: skipping garbage [ 622.404213][ T1707] cdc_wdm 7-1:1.0: skipping garbage [ 622.414102][ T1707] cdc_wdm 7-1:1.0: cdc-wdm1: USB WDM device [ 622.416888][ T1707] cdc_wdm 7-1:1.0: Unknown control protocol [ 622.551102][T14652] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 622.563310][T14652] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 622.571843][T14652] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 622.580882][T14652] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 622.684056][T14652] 8021q: adding VLAN 0 to HW filter on device bond0 [ 622.705829][T14652] 8021q: adding VLAN 0 to HW filter on device team0 [ 622.716596][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state [ 622.719697][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 622.731624][T11535] bridge0: port 2(bridge_slave_1) entered blocking state [ 622.734768][T11535] bridge0: port 2(bridge_slave_1) entered forwarding state [ 622.794473][T14652] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 622.948006][T14652] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 622.972316][ T5366] Bluetooth: hci1: command tx timeout [ 623.018429][T14652] veth0_vlan: entered promiscuous mode [ 623.029995][T14652] veth1_vlan: entered promiscuous mode [ 623.059392][T14652] veth0_macvtap: entered promiscuous mode [ 623.065887][T14652] veth1_macvtap: entered promiscuous mode [ 623.089131][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.096463][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.100695][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.105303][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.109181][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.118535][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.122672][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.127058][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.131332][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.140107][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.143943][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.148382][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.152622][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.156651][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.166352][T14652] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 623.176413][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.181055][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.186408][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.191484][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.196034][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.200538][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.205024][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.208895][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.219033][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.224464][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.228406][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.233432][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.237761][T14652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.242442][T14652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.248176][T14652] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 623.255704][T14652] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.260296][T14652] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.264637][T14652] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.268455][T14652] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.330047][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.339847][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 623.357106][ T105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.360585][ T105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 623.554742][T14689] dns_resolver: Unsupported server list version (0) [ 624.166535][ T1378] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.171746][ T1378] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.234670][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 624.237524][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 624.240351][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 624.243020][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 624.245810][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 624.248566][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 624.251297][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 624.254054][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 624.256859][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 624.259655][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 624.262598][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 624.265437][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 624.268118][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 624.270632][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 624.272711][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 624.274821][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 624.278328][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 624.281688][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 624.284492][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 624.287391][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 624.319314][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 624.323123][T10715] usb 5-1: USB disconnect, device number 33 [ 624.491984][ T5355] usb 7-1: USB disconnect, device number 50 [ 625.051707][ T5366] Bluetooth: hci1: command tx timeout [ 625.529505][T14705] autofs: Bad value for 'fd' [ 625.600269][T14705] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 625.607667][T14705] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 626.562206][T14712] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.2518' sets config #256 [ 626.714374][T14723] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2522'. [ 626.881104][T14729] dns_resolver: Unsupported server list version (0) [ 627.121791][ T5366] Bluetooth: hci1: command tx timeout [ 627.615685][T14737] autofs: Bad value for 'fd' [ 627.684964][T14737] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 627.688003][T14737] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 628.558341][T14745] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2529'. [ 629.201899][ T5366] Bluetooth: hci1: command tx timeout [ 629.257334][T14759] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 629.593995][T14769] autofs: Bad value for 'fd' [ 629.810221][T14769] overlayfs: missing 'lowerdir' [ 629.928813][T14778] autofs: Bad value for 'fd' [ 629.966240][T14778] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 629.969842][T14778] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 630.608469][T14787] dns_resolver: Unsupported server list version (0) [ 631.999903][T14799] FAULT_INJECTION: forcing a failure. [ 631.999903][T14799] name failslab, interval 1, probability 0, space 0, times 0 [ 632.015445][T14799] CPU: 2 UID: 0 PID: 14799 Comm: syz.3.2543 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 632.020252][T14799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 632.024199][T14799] Call Trace: [ 632.025624][T14799] [ 632.026892][T14799] dump_stack_lvl+0x16c/0x1f0 [ 632.028910][T14799] should_fail_ex+0x497/0x5b0 [ 632.031009][T14799] ? fs_reclaim_acquire+0xae/0x160 [ 632.033376][T14799] should_failslab+0xc2/0x120 [ 632.035405][T14799] __kmalloc_cache_noprof+0x6b/0x310 [ 632.037577][T14799] ? __sta_info_destroy_part2+0x2bd/0x540 [ 632.039959][T14799] __sta_info_destroy_part2+0x2bd/0x540 [ 632.042288][T14799] __sta_info_flush+0x50a/0x730 [ 632.044334][T14799] ? __pfx___sta_info_flush+0x10/0x10 [ 632.046539][T14799] ? lockdep_hardirqs_on+0x7c/0x110 [ 632.048732][T14799] ? cfg80211_put_bss+0x1b4/0x280 [ 632.050833][T14799] ? __local_bh_enable_ip+0xa4/0x120 [ 632.053033][T14799] ieee80211_ibss_disconnect+0x15c/0x8f0 [ 632.055288][T14799] ieee80211_ibss_leave+0x16/0x160 [ 632.057265][T14799] cfg80211_leave_ibss+0x1b4/0x490 [ 632.059401][T14799] cfg80211_change_iface+0x422/0xda0 [ 632.061586][T14799] nl80211_set_interface+0x62f/0x8c0 [ 632.063834][T14799] ? __pfx_nl80211_set_interface+0x10/0x10 [ 632.066252][T14799] ? nl80211_pre_doit+0x71e/0xb10 [ 632.068362][T14799] ? nl80211_pre_doit+0x1b0/0xb10 [ 632.070518][T14799] genl_family_rcv_msg_doit+0x202/0x2f0 [ 632.072901][T14799] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 632.075500][T14799] ? ns_capable+0xd7/0x110 [ 632.077328][T14799] genl_rcv_msg+0x565/0x800 [ 632.079235][T14799] ? __pfx_genl_rcv_msg+0x10/0x10 [ 632.081317][T14799] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 632.083537][T14799] ? __pfx_nl80211_set_interface+0x10/0x10 [ 632.085956][T14799] ? __pfx_nl80211_post_doit+0x10/0x10 [ 632.088279][T14799] netlink_rcv_skb+0x165/0x410 [ 632.090370][T14799] ? __pfx_genl_rcv_msg+0x10/0x10 [ 632.092521][T14799] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 632.094755][T14799] ? down_read+0xc9/0x330 [ 632.096571][T14799] ? __pfx_down_read+0x10/0x10 [ 632.098599][T14799] ? netlink_deliver_tap+0x1ae/0xcf0 [ 632.100818][T14799] genl_rcv+0x28/0x40 [ 632.102534][T14799] netlink_unicast+0x53c/0x7f0 [ 632.104652][T14799] ? __pfx_netlink_unicast+0x10/0x10 [ 632.106951][T14799] ? __phys_addr_symbol+0x30/0x80 [ 632.109064][T14799] ? __check_object_size+0x497/0x720 [ 632.111258][T14799] netlink_sendmsg+0x8b8/0xd70 [ 632.113294][T14799] ? __pfx_netlink_sendmsg+0x10/0x10 [ 632.115561][T14799] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 632.117837][T14799] ____sys_sendmsg+0x9b4/0xb50 [ 632.119912][T14799] ? __pfx_____sys_sendmsg+0x10/0x10 [ 632.122172][T14799] ? get_compat_msghdr+0x11b/0x170 [ 632.124325][T14799] ? __pfx___lock_acquire+0x10/0x10 [ 632.126570][T14799] ___sys_sendmsg+0x135/0x1e0 [ 632.128582][T14799] ? __pfx____sys_sendmsg+0x10/0x10 [ 632.130762][T14799] ? ksys_write+0x21c/0x260 [ 632.132658][T14799] ? __fget_light+0x173/0x210 [ 632.134629][T14799] __sys_sendmsg+0x117/0x1f0 [ 632.136551][T14799] ? __pfx___sys_sendmsg+0x10/0x10 [ 632.138737][T14799] __do_fast_syscall_32+0x73/0x120 [ 632.140879][T14799] do_fast_syscall_32+0x32/0x80 [ 632.142984][T14799] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 632.145520][T14799] RIP: 0023:0xf7fdf579 [ 632.147055][T14799] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 632.154154][T14799] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 632.157356][T14799] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000100 [ 632.160254][T14799] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 632.163111][T14799] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 632.165971][T14799] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 632.168888][T14799] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 632.172198][T14799] [ 632.255781][T14801] mac80211_hwsim hwsim15 ÿÿÿÿÿÿ: renamed from wlan1 (while UP) [ 632.282863][T14801] SET target dimension over the limit! [ 632.833177][ T5355] usb 8-1: new high-speed USB device number 48 using dummy_hcd [ 633.021641][ T5355] usb 8-1: Using ep0 maxpacket: 8 [ 633.030101][ T5355] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 633.035966][ T5355] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 633.039611][ T5355] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 633.058306][ T5355] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 633.063264][ T5355] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 633.066920][ T5355] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 633.083785][ T5355] hub 8-1:1.0: bad descriptor, ignoring hub [ 633.092149][ T5355] hub 8-1:1.0: probe with driver hub failed with error -5 [ 633.104231][ T5355] cdc_wdm 8-1:1.0: skipping garbage [ 633.109937][ T5355] cdc_wdm 8-1:1.0: skipping garbage [ 633.119186][ T5355] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 633.122877][ T5355] cdc_wdm 8-1:1.0: Unknown control protocol [ 633.752074][T12146] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 633.780670][T12146] hid-generic 0000:0000:0000.0008: hidraw1: HID v0.00 Device [syz0] on syz1 [ 633.803508][ T5414] usb 8-1: USB disconnect, device number 48 [ 635.015816][T14852] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.2556' sets config #256 [ 637.851790][ T5355] usb 7-1: new high-speed USB device number 51 using dummy_hcd [ 638.041613][ T5355] usb 7-1: Using ep0 maxpacket: 8 [ 638.049418][ T5355] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 638.061487][ T5355] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 638.069696][ T5355] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 638.092111][ T5355] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 638.097409][ T5355] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 638.103715][ T5355] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.110512][ T5355] hub 7-1:1.0: bad descriptor, ignoring hub [ 638.114536][ T5355] hub 7-1:1.0: probe with driver hub failed with error -5 [ 638.118226][ T5355] cdc_wdm 7-1:1.0: skipping garbage [ 638.121136][ T5355] cdc_wdm 7-1:1.0: skipping garbage [ 638.125180][ T5355] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 638.127460][ T5355] cdc_wdm 7-1:1.0: Unknown control protocol [ 638.902754][ T5355] usb 8-1: new high-speed USB device number 49 using dummy_hcd [ 639.101633][ T5355] usb 8-1: Using ep0 maxpacket: 32 [ 639.130626][ T5355] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 639.145793][ T5355] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 639.161603][ T5355] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 639.165063][ T5355] usb 8-1: Product: syz [ 639.166814][ T5355] usb 8-1: Manufacturer: syz [ 639.168736][ T5355] usb 8-1: SerialNumber: syz [ 639.179229][ T5355] usb 8-1: config 0 descriptor?? [ 639.187667][T14875] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 639.411390][T14883] binder: 14882:14883 ioctl 40046205 0 returned -22 [ 639.537940][ T25] usb 8-1: USB disconnect, device number 49 [ 640.131868][ T10] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 640.294535][T14898] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2569'. [ 640.311685][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 640.315947][ T10] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 640.319828][ T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 640.324569][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 640.329104][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 640.333149][ T10] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 640.336623][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 640.349013][ T10] hub 5-1:1.0: bad descriptor, ignoring hub [ 640.351636][ T10] hub 5-1:1.0: probe with driver hub failed with error -5 [ 640.354337][ T10] cdc_wdm 5-1:1.0: skipping garbage [ 640.356515][ T10] cdc_wdm 5-1:1.0: skipping garbage [ 640.359204][ T10] cdc_wdm 5-1:1.0: cdc-wdm1: USB WDM device [ 640.361361][ T10] cdc_wdm 5-1:1.0: Unknown control protocol [ 640.466358][ C2] wdm_int_callback: 168 callbacks suppressed [ 640.466372][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 640.466789][T10291] usb 7-1: USB disconnect, device number 51 [ 640.468512][ C2] wdm_int_callback: 168 callbacks suppressed [ 640.468521][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 640.478374][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 640.792117][ T5355] usb 5-1: USB disconnect, device number 34 [ 641.851800][ T5414] usb 8-1: new high-speed USB device number 50 using dummy_hcd [ 642.041600][ T5414] usb 8-1: Using ep0 maxpacket: 8 [ 642.045506][ T5414] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 642.049589][ T5414] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 642.055944][ T5414] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 642.061455][ T5414] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 642.066437][ T5414] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 642.070560][ T5414] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.084363][ T5414] hub 8-1:1.0: bad descriptor, ignoring hub [ 642.088545][ T5414] hub 8-1:1.0: probe with driver hub failed with error -5 [ 642.093875][ T5414] cdc_wdm 8-1:1.0: skipping garbage [ 642.096293][ T5414] cdc_wdm 8-1:1.0: skipping garbage [ 642.106252][ T5414] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 642.109138][ T5414] cdc_wdm 8-1:1.0: Unknown control protocol [ 642.745533][T13457] usb 8-1: USB disconnect, device number 50 [ 644.191359][T14967] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2586'. [ 644.223261][T14967] netlink: 'syz.0.2586': attribute type 9 has an invalid length. [ 644.226206][T14967] netlink: 399 bytes leftover after parsing attributes in process `syz.0.2586'. [ 644.396423][T14971] FAULT_INJECTION: forcing a failure. [ 644.396423][T14971] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 644.407698][T14971] CPU: 0 UID: 0 PID: 14971 Comm: syz.1.2589 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 644.412368][T14971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 644.416948][T14971] Call Trace: [ 644.418405][T14971] [ 644.419722][T14971] dump_stack_lvl+0x16c/0x1f0 [ 644.421813][T14971] should_fail_ex+0x497/0x5b0 [ 644.423916][T14971] _copy_from_iter+0x27a/0xfc0 [ 644.426032][T14971] ? __alloc_skb+0x200/0x380 [ 644.428129][T14971] ? __pfx__copy_from_iter+0x10/0x10 [ 644.430374][T14971] ? __virt_addr_valid+0x5e/0x590 [ 644.432550][T14971] ? __phys_addr_symbol+0x30/0x80 [ 644.434684][T14971] ? __check_object_size+0x497/0x720 [ 644.437029][T14971] netlink_sendmsg+0x813/0xd70 [ 644.439143][T14971] ? __pfx_netlink_sendmsg+0x10/0x10 [ 644.441458][T14971] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 644.443838][T14971] ____sys_sendmsg+0x9b4/0xb50 [ 644.445938][T14971] ? __pfx_____sys_sendmsg+0x10/0x10 [ 644.448254][T14971] ? get_compat_msghdr+0x11b/0x170 [ 644.450574][T14971] ? __pfx___lock_acquire+0x10/0x10 [ 644.452965][T14971] ___sys_sendmsg+0x135/0x1e0 [ 644.453163][T14975] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2588'. [ 644.455103][T14971] ? __pfx____sys_sendmsg+0x10/0x10 [ 644.460708][T14971] ? ksys_write+0x21c/0x260 [ 644.462515][T14971] ? __fget_light+0x173/0x210 [ 644.464527][T14971] __sys_sendmsg+0x117/0x1f0 [ 644.466541][T14971] ? __pfx___sys_sendmsg+0x10/0x10 [ 644.467138][T14975] netlink: 'syz.3.2588': attribute type 9 has an invalid length. [ 644.468360][T14971] __do_fast_syscall_32+0x73/0x120 [ 644.471196][T14975] netlink: 399 bytes leftover after parsing attributes in process `syz.3.2588'. [ 644.473200][T14971] do_fast_syscall_32+0x32/0x80 [ 644.473219][T14971] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 644.473231][T14971] RIP: 0023:0xf7f53579 [ 644.473241][T14971] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 644.473250][T14971] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 644.473261][T14971] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 644.473267][T14971] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 644.473273][T14971] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 644.473279][T14971] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 644.473284][T14971] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 644.473296][T14971] [ 644.484115][T14976] loop0: detected capacity change from 0 to 6 [ 644.527373][T14976] Dev loop0: unable to read RDB block 6 [ 644.529702][T14976] loop0: unable to read partition table [ 644.532408][T14976] loop0: partition table beyond EOD, truncated [ 644.534920][T14976] loop_reread_partitions: partition scan of loop0 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨â·û [ 644.534920][T14976] ) failed (rc=-5) [ 644.627670][T14977] autofs: Bad value for 'fd' [ 644.808857][T14977] overlayfs: missing 'lowerdir' [ 645.051659][T10715] usb 8-1: new high-speed USB device number 51 using dummy_hcd [ 645.170315][T14991] ieee802154 phy0 wpan0: encryption failed: -22 [ 645.241666][T10715] usb 8-1: Using ep0 maxpacket: 8 [ 645.246216][T10715] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 645.250848][T10715] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 645.264486][T10715] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 645.269230][T10715] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 645.288934][T10715] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 645.293682][T10715] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 645.324358][T10715] hub 8-1:1.0: bad descriptor, ignoring hub [ 645.328632][T10715] hub 8-1:1.0: probe with driver hub failed with error -5 [ 645.333783][T10715] cdc_wdm 8-1:1.0: skipping garbage [ 645.335987][T10715] cdc_wdm 8-1:1.0: skipping garbage [ 645.339952][T10715] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 645.343125][T10715] cdc_wdm 8-1:1.0: Unknown control protocol [ 645.457030][T14996] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 645.469968][T14997] autofs: Bad value for 'fd' [ 645.577347][T14997] overlayfs: missing 'lowerdir' [ 647.495493][T15044] FAULT_INJECTION: forcing a failure. [ 647.495493][T15044] name failslab, interval 1, probability 0, space 0, times 0 [ 647.499903][T15044] CPU: 3 UID: 0 PID: 15044 Comm: syz.2.2605 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 647.503461][T15044] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 647.507056][T15044] Call Trace: [ 647.508193][T15044] [ 647.509411][T15044] dump_stack_lvl+0x16c/0x1f0 [ 647.511288][T15044] should_fail_ex+0x497/0x5b0 [ 647.513042][T15044] ? fs_reclaim_acquire+0xae/0x160 [ 647.515213][T15044] should_failslab+0xc2/0x120 [ 647.517200][T15044] kmem_cache_alloc_node_noprof+0x71/0x310 [ 647.519638][T15044] ? __alloc_skb+0x2b3/0x380 [ 647.521559][T15044] __alloc_skb+0x2b3/0x380 [ 647.523328][T15044] ? __pfx___alloc_skb+0x10/0x10 [ 647.525415][T15044] ? nl80211_parse_counter_offsets+0x249/0x2d0 [ 647.527567][T15044] nl80211_tx_mgmt+0x742/0xd40 [ 647.529547][T15044] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 647.532398][T15044] ? __pfx___mutex_lock+0x10/0x10 [ 647.534513][T15044] ? nl80211_pre_doit+0x1b0/0xb10 [ 647.536582][T15044] genl_family_rcv_msg_doit+0x202/0x2f0 [ 647.538859][T15044] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 647.541352][T15044] ? ns_capable+0xd7/0x110 [ 647.543211][T15044] genl_rcv_msg+0x565/0x800 [ 647.545096][T15044] ? __pfx_genl_rcv_msg+0x10/0x10 [ 647.547160][T15044] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 647.549353][T15044] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 647.551522][T15044] ? __pfx_nl80211_post_doit+0x10/0x10 [ 647.553762][T15044] netlink_rcv_skb+0x165/0x410 [ 647.555748][T15044] ? __pfx_genl_rcv_msg+0x10/0x10 [ 647.557630][T15044] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 647.559418][T15044] ? down_read+0xc9/0x330 [ 647.560850][T15044] ? __pfx_down_read+0x10/0x10 [ 647.562468][T15044] ? netlink_deliver_tap+0x1ae/0xcf0 [ 647.564270][T15044] genl_rcv+0x28/0x40 [ 647.565602][T15044] netlink_unicast+0x53c/0x7f0 [ 647.567213][T15044] ? __pfx_netlink_unicast+0x10/0x10 [ 647.569323][T15044] ? __phys_addr_symbol+0x30/0x80 [ 647.571417][T15044] ? __check_object_size+0x497/0x720 [ 647.573594][T15044] netlink_sendmsg+0x8b8/0xd70 [ 647.575590][T15044] ? __pfx_netlink_sendmsg+0x10/0x10 [ 647.577487][T15044] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 647.579250][T15044] ____sys_sendmsg+0x9b4/0xb50 [ 647.580824][T15044] ? __pfx_____sys_sendmsg+0x10/0x10 [ 647.583116][T15044] ? get_compat_msghdr+0x11b/0x170 [ 647.584954][T15044] ? __pfx___lock_acquire+0x10/0x10 [ 647.587130][T15044] ___sys_sendmsg+0x135/0x1e0 [ 647.589049][T15044] ? __pfx____sys_sendmsg+0x10/0x10 [ 647.590773][T15044] ? ksys_write+0x21c/0x260 [ 647.592394][T15044] ? __fget_light+0x173/0x210 [ 647.593918][T15044] __sys_sendmsg+0x117/0x1f0 [ 647.595479][T15044] ? __pfx___sys_sendmsg+0x10/0x10 [ 647.598267][T15044] __do_fast_syscall_32+0x73/0x120 [ 647.600418][T15044] do_fast_syscall_32+0x32/0x80 [ 647.602408][T15044] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 647.604833][T15044] RIP: 0023:0xf7fc0579 [ 647.606281][T15044] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 647.613668][T15044] RSP: 002b:00000000f575656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 647.616974][T15044] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000240 [ 647.620393][T15044] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 647.623810][T15044] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 647.627184][T15044] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 647.630416][T15044] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 647.633795][T15044] [ 647.753041][ T5414] usb 8-1: USB disconnect, device number 51 [ 649.132828][T15070] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2611'. [ 649.356005][T15076] FAULT_INJECTION: forcing a failure. [ 649.356005][T15076] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 649.376727][T15076] CPU: 1 UID: 0 PID: 15076 Comm: syz.2.2613 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 649.381435][T15076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 649.385980][T15076] Call Trace: [ 649.387434][T15076] [ 649.388727][T15076] dump_stack_lvl+0x16c/0x1f0 [ 649.390792][T15076] should_fail_ex+0x497/0x5b0 [ 649.392833][T15076] _copy_from_user+0x30/0xf0 [ 649.394838][T15076] memdup_user+0x71/0xd0 [ 649.396677][T15076] strndup_user+0x78/0xe0 [ 649.398543][T15076] __ia32_sys_mount+0x138/0x310 [ 649.400635][T15076] ? __pfx___ia32_sys_mount+0x10/0x10 [ 649.402968][T15076] __do_fast_syscall_32+0x73/0x120 [ 649.405190][T15076] do_fast_syscall_32+0x32/0x80 [ 649.407548][T15076] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 649.409730][T15076] RIP: 0023:0xf7fc0579 [ 649.411256][T15076] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 649.418952][T15076] RSP: 002b:00000000f573556c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 649.422508][T15076] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 649.425869][T15076] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 649.429282][T15076] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 649.432383][T15076] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 649.435053][T15076] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 649.438009][T15076] [ 649.548406][T15077] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 649.558252][T15077] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 649.566031][T15077] vhci_hcd vhci_hcd.0: Device attached [ 649.575351][T15078] vhci_hcd: connection closed [ 649.577437][T11537] vhci_hcd: stop threads [ 649.581294][T11537] vhci_hcd: release socket [ 649.583529][T11537] vhci_hcd: disconnect device [ 650.721844][ T5414] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 650.901759][ T5414] usb 6-1: Using ep0 maxpacket: 8 [ 650.916494][ T5414] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 650.921780][ T5414] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 650.925354][ T5414] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 650.929834][ T5414] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 650.934194][ T5414] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 650.937923][ T5414] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.955220][ T5414] hub 6-1:1.0: bad descriptor, ignoring hub [ 650.957251][ T5414] hub 6-1:1.0: probe with driver hub failed with error -5 [ 650.960370][ T5414] cdc_wdm 6-1:1.0: skipping garbage [ 650.963123][ T5414] cdc_wdm 6-1:1.0: skipping garbage [ 650.971367][ T5414] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 650.973986][ T5414] cdc_wdm 6-1:1.0: Unknown control protocol [ 652.253117][T15092] autofs: Bad value for 'fd' [ 652.346894][T15092] overlayfs: missing 'lowerdir' [ 652.410357][T15103] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2619'. [ 652.530860][T15106] virtio-fs: tag <(null)> not found [ 652.539286][T15106] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 652.542105][T15106] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 652.547679][T15106] vhci_hcd vhci_hcd.0: Device attached [ 652.560322][T15107] vhci_hcd: connection closed [ 652.561778][ T1163] vhci_hcd: stop threads [ 652.565659][ T1163] vhci_hcd: release socket [ 652.567410][ T1163] vhci_hcd: disconnect device [ 652.662244][ T1707] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 652.844003][ T1707] usb 5-1: Using ep0 maxpacket: 8 [ 652.848418][ T1707] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 652.854145][ T1707] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 652.855794][T15110] 9p: Unknown Cache mode or invalid value fscaJhexC¸|r÷Ô¶ì”5᎓f [ 652.858227][ T1707] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 652.866559][ T1707] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 652.871946][ T1707] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 652.875939][ T1707] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 652.890177][ T1707] hub 5-1:1.0: bad descriptor, ignoring hub [ 652.894518][ T1707] hub 5-1:1.0: probe with driver hub failed with error -5 [ 652.898023][ T1707] cdc_wdm 5-1:1.0: skipping garbage [ 652.900348][ T1707] cdc_wdm 5-1:1.0: skipping garbage [ 652.904543][ T1707] cdc_wdm 5-1:1.0: cdc-wdm1: USB WDM device [ 652.907240][ T1707] cdc_wdm 5-1:1.0: Unknown control protocol [ 653.121943][ T5366] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 653.127524][ T5366] Bluetooth: hci1: Injecting HCI hardware error event [ 653.133104][ T5363] Bluetooth: hci1: hardware error 0x00 [ 653.302803][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 653.306453][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 653.309429][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 653.312363][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 653.315291][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 653.318223][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 653.321116][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 653.324076][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 653.326986][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 653.329912][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 653.332841][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 653.335776][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 653.338663][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 653.341587][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 653.344498][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 653.347427][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 653.350302][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 653.353022][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 653.355701][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 653.358644][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 653.361576][ T5355] usb 6-1: USB disconnect, device number 38 [ 653.364158][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 653.562737][ T5414] usb 5-1: USB disconnect, device number 35 [ 653.595075][T15121] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 653.661757][T15122] iou-wrk-15121 (15122): drop_caches: 0 [ 655.207302][ T5363] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 655.459577][T15147] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.2628' sets config #256 [ 655.581761][T10715] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 655.781673][T10715] usb 6-1: Using ep0 maxpacket: 8 [ 655.793461][T10715] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 655.804400][T10715] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 655.813392][T10715] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 655.826143][T10715] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 655.837152][T10715] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 655.842415][T10715] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 655.854722][T10715] hub 6-1:1.0: bad descriptor, ignoring hub [ 655.860436][T10715] hub 6-1:1.0: probe with driver hub failed with error -5 [ 655.878138][T10715] cdc_wdm 6-1:1.0: skipping garbage [ 655.880353][T10715] cdc_wdm 6-1:1.0: skipping garbage [ 655.895255][T10715] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 655.897792][T10715] cdc_wdm 6-1:1.0: Unknown control protocol [ 658.268297][T15167] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.2633' sets config #256 [ 658.342779][ T8] usb 6-1: USB disconnect, device number 39 [ 660.495345][T15200] autofs: Bad value for 'fd' [ 660.727394][T15198] overlayfs: missing 'workdir' [ 660.779985][T15205] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.2641' sets config #256 [ 661.877774][T15219] No control pipe specified [ 662.103965][T15228] autofs: Bad value for 'fd' [ 663.456505][T15240] FAULT_INJECTION: forcing a failure. [ 663.456505][T15240] name failslab, interval 1, probability 0, space 0, times 0 [ 663.462131][T15240] CPU: 3 UID: 0 PID: 15240 Comm: syz.3.2650 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 663.466722][T15240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 663.471428][T15240] Call Trace: [ 663.472892][T15240] [ 663.473944][T15240] dump_stack_lvl+0x16c/0x1f0 [ 663.475649][T15240] should_fail_ex+0x497/0x5b0 [ 663.477689][T15240] ? fs_reclaim_acquire+0xae/0x160 [ 663.479943][T15240] should_failslab+0xc2/0x120 [ 663.481983][T15240] __kmalloc_cache_noprof+0x6b/0x310 [ 663.484114][T15240] ? sctp_datamsg_from_user+0x8d/0x1320 [ 663.486153][T15240] sctp_datamsg_from_user+0x8d/0x1320 [ 663.488512][T15240] ? __sk_mem_raise_allocated+0x8a0/0x1740 [ 663.491073][T15240] ? __sk_mem_schedule+0xd0/0x100 [ 663.493288][T15240] sctp_sendmsg_to_asoc+0xafd/0x1ad0 [ 663.495479][T15240] ? print_usage_bug.part.0+0x4d0/0x560 [ 663.497812][T15240] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 663.500235][T15240] ? sctp_sendmsg+0x575/0x1f10 [ 663.502301][T15240] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 663.504583][T15240] ? mark_held_locks+0x9f/0xe0 [ 663.506647][T15240] ? sctp_sendmsg+0x575/0x1f10 [ 663.508684][T15240] ? sctp_sendmsg_check_sflags+0x176/0x320 [ 663.511007][T15240] sctp_sendmsg+0x129c/0x1f10 [ 663.512671][T15240] ? __pfx_sctp_sendmsg+0x10/0x10 [ 663.514613][T15240] ? __fget_files+0x24c/0x400 [ 663.516646][T15240] ? __pfx___might_resched+0x10/0x10 [ 663.518965][T15240] ? __pfx_aa_sk_perm+0x10/0x10 [ 663.520963][T15240] ? __pfx_sctp_sendmsg+0x10/0x10 [ 663.522873][T15240] inet_sendmsg+0x119/0x140 [ 663.524530][T15240] __sys_sendto+0x42c/0x4e0 [ 663.526045][T15240] ? __pfx___sys_sendto+0x10/0x10 [ 663.527720][T15240] ? ksys_write+0x1ab/0x260 [ 663.529155][T15240] ? __pfx_ksys_write+0x10/0x10 [ 663.530848][T15240] __ia32_sys_sendto+0xdd/0x1b0 [ 663.532649][T15240] ? lockdep_hardirqs_on+0x7c/0x110 [ 663.534670][T15240] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 663.537251][T15240] __do_fast_syscall_32+0x73/0x120 [ 663.539219][T15240] do_fast_syscall_32+0x32/0x80 [ 663.541087][T15240] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 663.543400][T15240] RIP: 0023:0xf7fdf579 [ 663.544879][T15240] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 663.552058][T15240] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 663.555408][T15240] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 663.558418][T15240] RDX: 0000000000034000 RSI: 0000000000000000 RDI: 0000000000000000 [ 663.561297][T15240] RBP: 0000000000000044 R08: 0000000000000000 R09: 0000000000000000 [ 663.564311][T15240] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 663.567094][T15240] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 663.570198][T15240] [ 664.240921][T15248] autofs: Bad value for 'fd' [ 665.084172][T15252] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2653'. [ 665.431693][ T8] usb 8-1: new high-speed USB device number 52 using dummy_hcd [ 665.631224][ T8] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 665.651898][ T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 665.656400][ T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 665.678971][ T8] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 665.685868][ T8] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 665.689384][ T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.697454][ T8] usb 8-1: config 0 descriptor?? [ 665.699782][T15252] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 666.133729][ T8] usbhid 8-1:0.0: can't add hid device: -71 [ 666.136681][ T8] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 666.163691][ T8] usb 8-1: USB disconnect, device number 52 [ 666.781655][T13457] usb 7-1: new high-speed USB device number 52 using dummy_hcd [ 666.971737][T13457] usb 7-1: Using ep0 maxpacket: 8 [ 666.981466][T13457] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 666.988013][T13457] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 667.000118][T13457] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 667.009944][T13457] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 667.016846][T13457] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 667.030297][T13457] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 667.044614][T13457] hub 7-1:1.0: bad descriptor, ignoring hub [ 667.050655][T13457] hub 7-1:1.0: probe with driver hub failed with error -5 [ 667.057465][T13457] cdc_wdm 7-1:1.0: skipping garbage [ 667.059735][T13457] cdc_wdm 7-1:1.0: skipping garbage [ 667.073147][T13457] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 667.076110][T13457] cdc_wdm 7-1:1.0: Unknown control protocol [ 667.128324][T15291] dns_resolver: Unsupported server list version (0) [ 667.834839][ T8] usb 7-1: USB disconnect, device number 52 [ 668.583180][T15300] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.2665' sets config #256 [ 669.491701][ T25] usb 7-1: new high-speed USB device number 53 using dummy_hcd [ 669.671685][ T25] usb 7-1: Using ep0 maxpacket: 8 [ 669.676710][ T25] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 669.680991][ T25] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 669.684903][ T25] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 669.689707][ T25] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 669.710797][ T25] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 669.719401][ T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.727178][ T25] hub 7-1:1.0: bad descriptor, ignoring hub [ 669.729697][ T25] hub 7-1:1.0: probe with driver hub failed with error -5 [ 669.740689][ T25] cdc_wdm 7-1:1.0: skipping garbage [ 669.743249][ T25] cdc_wdm 7-1:1.0: skipping garbage [ 669.752480][ T25] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 669.755045][ T25] cdc_wdm 7-1:1.0: Unknown control protocol [ 670.355073][ T8] usb 7-1: USB disconnect, device number 53 [ 671.646860][T15343] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2676'. [ 671.656238][T15343] netlink: 'syz.0.2676': attribute type 9 has an invalid length. [ 671.659959][T15343] netlink: 399 bytes leftover after parsing attributes in process `syz.0.2676'. [ 673.378815][T15375] FAULT_INJECTION: forcing a failure. [ 673.378815][T15375] name failslab, interval 1, probability 0, space 0, times 0 [ 673.389998][T15376] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2686'. [ 673.391305][T15375] CPU: 2 UID: 0 PID: 15375 Comm: syz.1.2687 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 673.396471][T15376] netlink: 'syz.3.2686': attribute type 9 has an invalid length. [ 673.398074][T15375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 673.398087][T15375] Call Trace: [ 673.398095][T15375] [ 673.398102][T15375] dump_stack_lvl+0x16c/0x1f0 [ 673.400851][T15376] netlink: 399 bytes leftover after parsing attributes in process `syz.3.2686'. [ 673.405326][T15375] should_fail_ex+0x497/0x5b0 [ 673.405350][T15375] ? fs_reclaim_acquire+0xae/0x160 [ 673.405377][T15375] should_failslab+0xc2/0x120 [ 673.405396][T15375] __kmalloc_noprof+0xcb/0x410 [ 673.405419][T15375] tomoyo_encode2+0x100/0x3e0 [ 673.405453][T15375] tomoyo_encode+0x2c/0x40 [ 673.405471][T15375] tomoyo_mount_acl+0x145/0x880 [ 673.428219][T15375] ? hlock_class+0x4e/0x130 [ 673.430189][T15375] ? __lock_acquire+0x1620/0x3cb0 [ 673.432617][T15375] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 673.434918][T15375] ? __pfx___lock_acquire+0x10/0x10 [ 673.437130][T15375] ? do_fast_syscall_32+0x32/0x80 [ 673.439283][T15375] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 673.442010][T15375] ? tomoyo_domain+0xbb/0x150 [ 673.444064][T15375] ? tomoyo_profile+0x47/0x60 [ 673.446074][T15375] tomoyo_mount_permission+0x16b/0x410 [ 673.448387][T15375] ? tomoyo_mount_permission+0x146/0x410 [ 673.450610][T15375] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 673.453069][T15375] ? get_current_fs_domain+0x188/0x1f0 [ 673.455376][T15375] security_sb_mount+0x8d/0xe0 [ 673.457425][T15375] path_mount+0x129/0x1f10 [ 673.459367][T15375] ? __pfx_path_mount+0x10/0x10 [ 673.461461][T15375] ? putname+0x12e/0x170 [ 673.463299][T15375] ? putname+0x12e/0x170 [ 673.465152][T15375] __ia32_sys_mount+0x292/0x310 [ 673.467235][T15375] ? __pfx___ia32_sys_mount+0x10/0x10 [ 673.469533][T15375] __do_fast_syscall_32+0x73/0x120 [ 673.471734][T15375] do_fast_syscall_32+0x32/0x80 [ 673.473820][T15375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 673.476507][T15375] RIP: 0023:0xf7f53579 [ 673.478252][T15375] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 673.486388][T15375] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 673.489912][T15375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 673.493267][T15375] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000020000400 [ 673.496657][T15375] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 673.500042][T15375] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 673.503404][T15375] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 673.506749][T15375] [ 673.511659][ T8] usb 7-1: new high-speed USB device number 54 using dummy_hcd [ 673.613211][T15381] netlink: 'syz.1.2689': attribute type 16 has an invalid length. [ 673.720104][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 673.731179][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 673.735299][ T8] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 673.747640][ T8] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 673.748475][T15381] netlink: 'syz.1.2689': attribute type 10 has an invalid length. [ 673.751982][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 673.762262][ T8] usb 7-1: config 0 descriptor?? [ 673.832301][T15381] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 673.832451][T15379] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.2688' sets config #256 [ 674.220959][ T8] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 674.232214][ T8] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 674.247378][ T8] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 674.275459][T15386] autofs: Bad value for 'fd' [ 676.062717][T10715] usb 8-1: new high-speed USB device number 53 using dummy_hcd [ 676.261653][T10715] usb 8-1: Using ep0 maxpacket: 8 [ 676.265789][T10715] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 676.269174][T10715] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 676.273303][T10715] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 676.277502][T10715] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 676.281789][T10715] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 676.285520][T10715] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 676.292012][T10715] hub 8-1:1.0: bad descriptor, ignoring hub [ 676.295040][T10715] hub 8-1:1.0: probe with driver hub failed with error -5 [ 676.298616][T10715] cdc_wdm 8-1:1.0: skipping garbage [ 676.301115][T10715] cdc_wdm 8-1:1.0: skipping garbage [ 676.306059][T10715] cdc_wdm 8-1:1.0: cdc-wdm1: USB WDM device [ 676.308360][T10715] cdc_wdm 8-1:1.0: Unknown control protocol [ 676.350828][T15423] autofs: Bad value for 'fd' [ 676.353628][ T8] usb 7-1: USB disconnect, device number 54 [ 676.723769][T13457] usb 8-1: USB disconnect, device number 53 [ 677.048225][T15433] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2701'. [ 677.053044][T15433] netlink: 'syz.2.2701': attribute type 9 has an invalid length. [ 677.056423][T15433] netlink: 399 bytes leftover after parsing attributes in process `syz.2.2701'. [ 677.355247][T15444] FAULT_INJECTION: forcing a failure. [ 677.355247][T15444] name failslab, interval 1, probability 0, space 0, times 0 [ 677.361053][T15444] CPU: 3 UID: 0 PID: 15444 Comm: syz.1.2705 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 677.365583][T15444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 677.370245][T15444] Call Trace: [ 677.371708][T15444] [ 677.373007][T15444] dump_stack_lvl+0x16c/0x1f0 [ 677.375069][T15444] should_fail_ex+0x497/0x5b0 [ 677.377071][T15444] ? fs_reclaim_acquire+0xae/0x160 [ 677.379341][T15444] should_failslab+0xc2/0x120 [ 677.381386][T15444] kmem_cache_alloc_node_noprof+0x71/0x310 [ 677.383959][T15444] ? __alloc_skb+0x2b3/0x380 [ 677.385855][T15444] __alloc_skb+0x2b3/0x380 [ 677.387806][T15444] ? __pfx___alloc_skb+0x10/0x10 [ 677.389911][T15444] ? genl_rcv_msg+0x4b0/0x800 [ 677.391930][T15444] ? genl_rcv_msg+0x4bd/0x800 [ 677.393947][T15444] netlink_ack+0x164/0xb20 [ 677.395947][T15444] netlink_rcv_skb+0x327/0x410 [ 677.398028][T15444] ? __pfx_genl_rcv_msg+0x10/0x10 [ 677.400196][T15444] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 677.402141][T15444] ? down_read+0xc9/0x330 [ 677.403881][T15444] ? __pfx_down_read+0x10/0x10 [ 677.405884][T15444] ? netlink_deliver_tap+0x1ae/0xcf0 [ 677.408117][T15444] genl_rcv+0x28/0x40 [ 677.409747][T15444] netlink_unicast+0x53c/0x7f0 [ 677.411507][T15444] ? __pfx_netlink_unicast+0x10/0x10 [ 677.413692][T15444] ? __phys_addr_symbol+0x30/0x80 [ 677.415589][T15444] ? __check_object_size+0x497/0x720 [ 677.417751][T15444] netlink_sendmsg+0x8b8/0xd70 [ 677.419856][T15444] ? __pfx_netlink_sendmsg+0x10/0x10 [ 677.422030][T15444] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 677.424122][T15444] ____sys_sendmsg+0x9b4/0xb50 [ 677.426063][T15444] ? __pfx_____sys_sendmsg+0x10/0x10 [ 677.428339][T15444] ? get_compat_msghdr+0x11b/0x170 [ 677.430433][T15444] ? __pfx___lock_acquire+0x10/0x10 [ 677.432589][T15444] ___sys_sendmsg+0x135/0x1e0 [ 677.434484][T15444] ? __pfx____sys_sendmsg+0x10/0x10 [ 677.436561][T15444] ? ksys_write+0x21c/0x260 [ 677.438479][T15444] ? __fget_light+0x173/0x210 [ 677.440425][T15444] __sys_sendmsg+0x117/0x1f0 [ 677.442203][T15444] ? __pfx___sys_sendmsg+0x10/0x10 [ 677.444228][T15444] __do_fast_syscall_32+0x73/0x120 [ 677.446219][T15444] do_fast_syscall_32+0x32/0x80 [ 677.448378][T15444] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 677.451044][T15444] RIP: 0023:0xf7f53579 [ 677.452438][T15444] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 677.460037][T15444] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 677.463794][T15444] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200003c0 [ 677.466647][T15444] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 677.469779][T15444] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 677.473035][T15444] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 677.476478][T15444] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 677.479657][T15444] [ 677.550790][ T39] kauditd_printk_skb: 861 callbacks suppressed [ 677.550805][ T39] audit: type=1326 audit(1725853506.811:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15446 comm="syz.3.2707" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fdf579 code=0x0 [ 677.573383][ T39] audit: type=1326 audit(1725853506.841:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15446 comm="syz.3.2707" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fdf579 code=0x0 [ 677.667138][T15454] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2710'. [ 677.674815][T15454] netlink: 'syz.1.2710': attribute type 9 has an invalid length. [ 677.678466][T15454] netlink: 399 bytes leftover after parsing attributes in process `syz.1.2710'. [ 678.201941][ T8] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 678.391808][ T8] usb 6-1: Using ep0 maxpacket: 8 [ 678.393137][T15460] autofs: Bad value for 'fd' [ 678.403096][ T8] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 678.419747][ T8] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 678.424598][ T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 678.429308][ T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 678.439801][ T8] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 678.444478][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.453189][ T8] hub 6-1:1.0: bad descriptor, ignoring hub [ 678.455477][ T8] hub 6-1:1.0: probe with driver hub failed with error -5 [ 678.470415][ T8] cdc_wdm 6-1:1.0: skipping garbage [ 678.478041][ T8] cdc_wdm 6-1:1.0: skipping garbage [ 678.481688][ T39] audit: type=1804 audit(1725853507.741:1101): pid=15460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2712" name="/newroot/80/bus/bus" dev="overlay" ino=460 res=1 errno=0 [ 678.492237][ T8] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 678.494822][ T8] cdc_wdm 6-1:1.0: Unknown control protocol [ 679.152031][ T5414] usb 6-1: USB disconnect, device number 40 [ 679.293892][T15476] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2715'. [ 679.303535][T15476] gretap0: entered promiscuous mode [ 679.371866][T15471] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2715'. [ 679.376168][T15471] 0ªX¹¦D: renamed from gretap0 [ 679.381024][T15471] 0ªX¹¦D: left promiscuous mode [ 679.383886][T15471] 0ªX¹¦D: entered allmulticast mode [ 679.388382][T15471] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 679.478965][T15480] FAULT_INJECTION: forcing a failure. [ 679.478965][T15480] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 679.484660][T15480] CPU: 3 UID: 0 PID: 15480 Comm: syz.2.2716 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 679.489116][T15480] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 679.498436][T15480] Call Trace: [ 679.499636][T15480] [ 679.500701][T15480] dump_stack_lvl+0x16c/0x1f0 [ 679.502793][T15480] should_fail_ex+0x497/0x5b0 [ 679.504850][T15480] _copy_to_user+0x30/0xc0 [ 679.506830][T15480] simple_read_from_buffer+0xd0/0x160 [ 679.508991][T15480] proc_fail_nth_read+0x19e/0x280 [ 679.510951][T15480] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 679.513108][T15480] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 679.515353][T15480] vfs_read+0x1d4/0xbd0 [ 679.517224][T15480] ? __fdget_pos+0xeb/0x180 [ 679.519222][T15480] ? __pfx_vfs_read+0x10/0x10 [ 679.521252][T15480] ? __pfx___mutex_lock+0x10/0x10 [ 679.523537][T15480] ? __fget_files+0x256/0x400 [ 679.525567][T15480] ksys_read+0x12f/0x260 [ 679.527316][T15480] ? __pfx_ksys_read+0x10/0x10 [ 679.529013][T15480] __do_fast_syscall_32+0x73/0x120 [ 679.531179][T15480] do_fast_syscall_32+0x32/0x80 [ 679.533217][T15480] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 679.535775][T15480] RIP: 0023:0xf7fc0579 [ 679.537333][T15480] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 679.544861][T15480] RSP: 002b:00000000f57565a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 679.548269][T15480] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5756620 [ 679.551677][T15480] RDX: 000000000000000f RSI: 00000000f744fff4 RDI: 0000000000000000 [ 679.555089][T15480] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 679.558440][T15480] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 679.561803][T15480] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 679.565007][T15480] [ 680.260416][T15489] ieee802154 phy0 wpan0: encryption failed: -22 [ 680.849808][T15501] autofs: Bad value for 'fd' [ 680.937303][ T39] audit: type=1804 audit(1725853510.201:1102): pid=15501 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2722" name="/newroot/91/bus/bus" dev="overlay" ino=538 res=1 errno=0 [ 683.150872][T15523] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 683.156700][T15523] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 683.375234][T15531] ieee802154 phy0 wpan0: encryption failed: -22 [ 684.215180][T15554] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2734'. [ 684.269023][T15556] autofs: Bad value for 'fd' [ 684.289845][T15554] netlink: 'syz.2.2734': attribute type 9 has an invalid length. [ 684.299528][T15554] netlink: 399 bytes leftover after parsing attributes in process `syz.2.2734'. [ 684.407749][ T39] audit: type=1804 audit(1725853513.671:1103): pid=15556 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2733" name="/newroot/96/bus/bus" dev="overlay" ino=563 res=1 errno=0 [ 684.460415][T15560] FAULT_INJECTION: forcing a failure. [ 684.460415][T15560] name failslab, interval 1, probability 0, space 0, times 0 [ 684.466086][T15560] CPU: 3 UID: 0 PID: 15560 Comm: syz.2.2735 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 684.470799][T15560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 684.475517][T15560] Call Trace: [ 684.477032][T15560] [ 684.478363][T15560] dump_stack_lvl+0x16c/0x1f0 [ 684.480470][T15560] should_fail_ex+0x497/0x5b0 [ 684.482584][T15560] ? fs_reclaim_acquire+0xae/0x160 [ 684.484873][T15560] should_failslab+0xc2/0x120 [ 684.486970][T15560] __kmalloc_noprof+0xcb/0x410 [ 684.489117][T15560] tomoyo_encode2+0x100/0x3e0 [ 684.491256][T15560] tomoyo_realpath_from_path+0x1a7/0x710 [ 684.493810][T15560] ? tomoyo_profile+0x47/0x60 [ 684.495911][T15560] tomoyo_path_number_perm+0x245/0x5b0 [ 684.498336][T15560] ? tomoyo_path_number_perm+0x232/0x5b0 [ 684.500834][T15560] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 684.503581][T15560] ? __pfx_lock_release+0x10/0x10 [ 684.505895][T15560] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 684.508565][T15560] ? __fget_files+0x256/0x400 [ 684.510699][T15560] security_file_ioctl_compat+0x75/0xc0 [ 684.513161][T15560] __do_compat_sys_ioctl+0x5d/0x330 [ 684.515413][T15560] __do_fast_syscall_32+0x73/0x120 [ 684.517436][T15560] do_fast_syscall_32+0x32/0x80 [ 684.519391][T15560] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 684.521880][T15560] RIP: 0023:0xf7fc0579 [ 684.523688][T15560] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 684.531564][T15560] RSP: 002b:00000000f575656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 684.535199][T15560] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000004008ae6a [ 684.538685][T15560] RDX: 0000000020000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 684.542166][T15560] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 684.545651][T15560] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 684.549106][T15560] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 684.552592][T15560] [ 684.555409][T15560] ERROR: Out of memory at tomoyo_realpath_from_path. [ 684.794490][T15570] fuseblk: Bad value for 'fd' [ 684.871006][T15572] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.081459][T15587] autofs: Bad value for 'fd' [ 685.604851][ T1378] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.607326][ T1378] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.229106][T15613] autofs: Bad value for 'fd' [ 686.386115][ T39] audit: type=1804 audit(1725853515.651:1104): pid=15613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2750" name="/newroot/100/bus/bus" dev="overlay" ino=602 res=1 errno=0 [ 687.740471][T15648] FAULT_INJECTION: forcing a failure. [ 687.740471][T15648] name failslab, interval 1, probability 0, space 0, times 0 [ 687.747789][T15648] CPU: 1 UID: 0 PID: 15648 Comm: syz.0.2761 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 687.752756][T15648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 687.757662][T15648] Call Trace: [ 687.759166][T15648] [ 687.760418][T15648] dump_stack_lvl+0x16c/0x1f0 [ 687.762672][T15648] should_fail_ex+0x497/0x5b0 [ 687.764961][T15648] ? fs_reclaim_acquire+0xae/0x160 [ 687.767338][T15648] should_failslab+0xc2/0x120 [ 687.769372][T15648] __kmalloc_cache_noprof+0x6b/0x310 [ 687.771281][T15648] ? snd_pcm_hw_param_near.constprop.0+0xbe/0x8f0 [ 687.774294][T15648] snd_pcm_hw_param_near.constprop.0+0xbe/0x8f0 [ 687.776915][T15648] ? lockdep_hardirqs_on+0x7c/0x110 [ 687.778912][T15648] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 687.781955][T15648] ? kfree+0x12a/0x3b0 [ 687.783849][T15648] ? snd_pcm_oss_change_params_locked+0x947/0x3a50 [ 687.786772][T15648] snd_pcm_oss_change_params_locked+0x9b9/0x3a50 [ 687.789598][T15648] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 687.792649][T15648] ? __mutex_lock+0x1a6/0x9c0 [ 687.794738][T15648] ? __pfx_aa_file_perm+0x10/0x10 [ 687.797013][T15648] ? snd_pcm_oss_read+0x380/0x760 [ 687.799277][T15648] ? __pfx___mutex_lock+0x10/0x10 [ 687.801587][T15648] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 687.804328][T15648] snd_pcm_oss_read+0x3a2/0x760 [ 687.806579][T15648] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 687.808922][T15648] vfs_read+0x1d4/0xbd0 [ 687.810850][T15648] ? __pfx_vfs_read+0x10/0x10 [ 687.812838][T15648] ? __fget_files+0x256/0x400 [ 687.814996][T15648] ? __fget_light+0x173/0x210 [ 687.817037][T15648] ksys_read+0x12f/0x260 [ 687.818949][T15648] ? __pfx_ksys_read+0x10/0x10 [ 687.821029][T15648] __do_fast_syscall_32+0x73/0x120 [ 687.823368][T15648] do_fast_syscall_32+0x32/0x80 [ 687.825498][T15648] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 687.828293][T15648] RIP: 0023:0xf7f33579 [ 687.830261][T15648] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 687.838912][T15648] RSP: 002b:00000000f56a556c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 687.842621][T15648] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000200023c0 [ 687.846170][T15648] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000 [ 687.849686][T15648] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 687.853181][T15648] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 687.856760][T15648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 687.860227][T15648] [ 688.210465][T15657] cdrom: dropping to single frame dma [ 689.852097][T15649] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2760'. [ 690.216682][T15668] FAULT_INJECTION: forcing a failure. [ 690.216682][T15668] name failslab, interval 1, probability 0, space 0, times 0 [ 690.222759][T15668] CPU: 2 UID: 0 PID: 15668 Comm: syz.1.2764 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 690.226959][T15668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 690.231267][T15668] Call Trace: [ 690.232749][T15668] [ 690.234206][T15668] dump_stack_lvl+0x16c/0x1f0 [ 690.236263][T15668] should_fail_ex+0x497/0x5b0 [ 690.238188][T15668] ? fs_reclaim_acquire+0xae/0x160 [ 690.240124][T15668] should_failslab+0xc2/0x120 [ 690.242054][T15668] __kmalloc_cache_noprof+0x6b/0x310 [ 690.244220][T15668] ? sctp_auth_shkey_create+0x87/0x1f0 [ 690.246439][T15668] sctp_auth_shkey_create+0x87/0x1f0 [ 690.248708][T15668] sctp_auth_asoc_copy_shkeys+0x1f4/0x360 [ 690.251117][T15668] sctp_association_new+0x1978/0x28b0 [ 690.253409][T15668] sctp_connect_new_asoc+0x1b7/0x790 [ 690.255335][T15668] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 690.257546][T15668] ? sctp_get_af_specific+0x62/0x70 [ 690.259789][T15668] ? sctp_sockaddr_af+0x2a3/0x340 [ 690.261868][T15668] __sctp_connect+0x3f5/0xc60 [ 690.263919][T15668] ? __pfx___sctp_connect+0x10/0x10 [ 690.266140][T15668] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 690.268244][T15668] ? security_sctp_bind_connect+0x98/0xd0 [ 690.270634][T15668] __sctp_setsockopt_connectx+0x102/0x170 [ 690.273080][T15668] sctp_setsockopt+0x1703/0xb880 [ 690.275198][T15668] ? aa_sk_perm+0x2f5/0xb20 [ 690.277146][T15668] ? __pfx_sctp_setsockopt+0x10/0x10 [ 690.279417][T15668] ? __pfx_aa_sk_perm+0x10/0x10 [ 690.281522][T15668] ? sock_common_setsockopt+0x2e/0xf0 [ 690.283855][T15668] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 690.286420][T15668] do_sock_setsockopt+0x222/0x480 [ 690.288605][T15668] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 690.290836][T15668] ? __fget_light+0x173/0x210 [ 690.292665][T15668] __sys_setsockopt+0x1a4/0x270 [ 690.294476][T15668] ? __pfx___sys_setsockopt+0x10/0x10 [ 690.296279][T15668] ? fput+0x32/0x390 [ 690.297604][T15668] ? ksys_write+0x1ab/0x260 [ 690.299224][T15668] ? __pfx_ksys_write+0x10/0x10 [ 690.301167][T15668] __ia32_sys_setsockopt+0xbc/0x160 [ 690.303423][T15668] ? lockdep_hardirqs_on+0x7c/0x110 [ 690.305708][T15668] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 690.308149][T15668] __do_fast_syscall_32+0x73/0x120 [ 690.309850][T15668] do_fast_syscall_32+0x32/0x80 [ 690.311496][T15668] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 690.314173][T15668] RIP: 0023:0xf7f53579 [ 690.315982][T15668] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 690.324271][T15668] RSP: 002b:00000000f56c556c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 690.327761][T15668] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000084 [ 690.330915][T15668] RDX: 000000000000006b RSI: 0000000020000340 RDI: 0000000000000088 [ 690.334194][T15668] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 690.337463][T15668] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 690.340978][T15668] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 690.344529][T15668] [ 690.469295][T15674] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.744771][T15679] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.814004][T15683] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2769'. [ 691.128044][T15692] autofs: Bad value for 'fd' [ 691.399916][ T39] audit: type=1804 audit(1725853520.661:1105): pid=15692 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2773" name="/newroot/103/bus/bus" dev="overlay" ino=626 res=1 errno=0 [ 691.756574][T15702] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.910139][T15700] FAULT_INJECTION: forcing a failure. [ 691.910139][T15700] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 691.910192][T15700] [ 691.910195][T15700] ====================================================== [ 691.910198][T15700] WARNING: possible circular locking dependency detected [ 691.910201][T15700] 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 Not tainted [ 691.910206][T15700] ------------------------------------------------------ [ 691.910209][T15700] syz.1.2775/15700 is trying to acquire lock: [ 691.910214][T15700] ffffffff8dda75d8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0x12/0x70 [ 691.910239][T15700] [ 691.910239][T15700] but task is already holding lock: [ 691.910241][T15700] ffff88802b73edd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 691.910263][T15700] [ 691.910263][T15700] which lock already depends on the new lock. [ 691.910263][T15700] [ 691.910266][T15700] [ 691.910266][T15700] the existing dependency chain (in reverse order) is: [ 691.910268][T15700] [ 691.910268][T15700] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 691.910278][T15700] _raw_spin_lock_nested+0x31/0x40 [ 691.910288][T15700] raw_spin_rq_lock_nested+0x29/0x130 [ 691.910300][T15700] task_fork_fair+0x73/0x250 [ 691.910309][T15700] sched_cgroup_fork+0x3cf/0x510 [ 691.910317][T15700] copy_process+0x4710/0x6f50 [ 691.910326][T15700] kernel_clone+0xfd/0x960 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 691.910335][T15700] user_mode_thread+0xb4/0xf0 [ 691.910344][T15700] rest_init+0x23/0x2b0 [ 691.910350][T15700] start_kernel+0x3df/0x4c0 [ 691.910362][T15700] x86_64_start_reservations+0x18/0x30 [ 691.910373][T15700] x86_64_start_kernel+0xb2/0xc0 [ 691.910383][T15700] common_startup_64+0x13e/0x148 [ 691.910392][T15700] [ 691.910392][T15700] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 691.910402][T15700] _raw_spin_lock_irqsave+0x3a/0x60 [ 691.910412][T15700] try_to_wake_up+0x9a/0x13e0 [ 691.910422][T15700] up+0x79/0xb0 [ 691.910432][T15700] console_unlock+0x23e/0x290 [ 691.910445][T15700] vga_remove_vgacon+0x90/0xd0 [ 691.910455][T15700] aperture_remove_conflicting_pci_devices+0x16a/0x1e0 [ 691.910469][T15700] bochs_pci_probe+0x101/0x1150 [ 691.910481][T15700] local_pci_probe+0xde/0x1b0 [ 691.910492][T15700] pci_device_probe+0x29d/0x7b0 [ 691.910504][T15700] really_probe+0x23e/0xa90 [ 691.910516][T15700] __driver_probe_device+0x1de/0x440 [ 691.910524][T15700] driver_probe_device+0x4c/0x1b0 [ 691.910531][T15700] __driver_attach+0x283/0x580 [ 691.910537][T15700] bus_for_each_dev+0x13c/0x1d0 [ 691.910553][T15700] bus_add_driver+0x2e9/0x690 [ 691.910564][T15700] driver_register+0x15c/0x4b0 [ 691.910573][T15700] bochs_pci_driver_init+0x67/0x80 [ 691.910584][T15700] do_one_initcall+0x128/0x630 [ 691.910596][T15700] kernel_init_freeable+0x660/0xc50 [ 691.910606][T15700] kernel_init+0x1c/0x2b0 [ 691.910613][T15700] ret_from_fork+0x45/0x80 [ 691.910625][T15700] ret_from_fork_asm+0x1a/0x30 [ 691.910636][T15700] [ 691.910636][T15700] -> #0 ((console_sem).lock){-.-.}-{2:2}: [ 691.910646][T15700] __lock_acquire+0x24ed/0x3cb0 [ 691.910656][T15700] lock_acquire+0x1b1/0x560 [ 691.910667][T15700] _raw_spin_lock_irqsave+0x3a/0x60 [ 691.910676][T15700] down_trylock+0x12/0x70 [ 691.910687][T15700] __down_trylock_console_sem+0x40/0x140 [ 691.910698][T15700] vprintk_emit+0x3d3/0x600 [ 691.910705][T15700] vprintk+0x7f/0xa0 [ 691.910712][T15700] _printk+0xc8/0x100 [ 691.910722][T15700] should_fail_ex+0x46c/0x5b0 [ 691.910732][T15700] strncpy_from_user+0x38/0x320 [ 691.910739][T15700] strncpy_from_user_nofault+0x7f/0x180 [ 691.910750][T15700] bpf_probe_read_compat_str+0x131/0x170 [ 691.910760][T15700] bpf_prog_1ccb8ba97563bf77+0x40/0x63 [ 691.910766][T15700] bpf_trace_run2+0x231/0x590 [ 691.910775][T15700] trace_tlb_flush+0xf3/0x170 [ 691.910784][T15700] switch_mm_irqs_off+0x697/0xbb0 [ 691.910793][T15700] __schedule+0xc4d/0x5490 [ 691.910802][T15700] schedule+0xe7/0x350 [ 691.910811][T15700] schedule_timeout+0x258/0x2a0 [ 691.910819][T15700] __wait_for_common+0x3de/0x5f0 [ 691.910830][T15700] __flush_work+0x776/0xc30 [ 691.910842][T15700] __lru_add_drain_all+0x52c/0x740 [ 691.910851][T15700] madvise_collapse+0x227/0xac0 [ 691.910862][T15700] madvise_vma_behavior+0x349/0x18e0 [ 691.910873][T15700] madvise_walk_vmas+0x1cf/0x2c0 [ 691.910882][T15700] do_madvise+0x310/0x7a0 [ 691.910891][T15700] __ia32_sys_madvise+0xa7/0x110 [ 691.910901][T15700] __do_fast_syscall_32+0x73/0x120 [ 691.910912][T15700] do_fast_syscall_32+0x32/0x80 [ 691.910923][T15700] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 691.910933][T15700] [ 691.910933][T15700] other info that might help us debug this: [ 691.910933][T15700] [ 691.910935][T15700] Chain exists of: [ 691.910935][T15700] (console_sem).lock --> &p->pi_lock --> &rq->__lock [ 691.910935][T15700] [ 691.910946][T15700] Possible unsafe locking scenario: [ 691.910946][T15700] [ 691.910948][T15700] CPU0 CPU1 [ 691.910950][T15700] ---- ---- [ 691.910952][T15700] lock(&rq->__lock); [ 691.910957][T15700] lock(&p->pi_lock); [ 691.910962][T15700] lock(&rq->__lock); [ 691.910967][T15700] lock((console_sem).lock); [ 691.910971][T15700] [ 691.910971][T15700] *** DEADLOCK *** [ 691.910971][T15700] [ 691.910973][T15700] 4 locks held by syz.1.2775/15700: [ 691.910978][T15700] #0: ffff88802343cd98 (&mm->mmap_lock){++++}-{3:3}, at: do_madvise+0x44e/0x7a0 [ 691.910998][T15700] #1: ffffffff8dedbd88 (lock#3){+.+.}-{3:3}, at: __lru_add_drain_all+0x69/0x740 [ 691.911019][T15700] #2: ffff88802b73edd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 691.911040][T15700] #3: ffffffff8ddb94a0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1c2/0x590 [ 691.911059][T15700] [ 691.911059][T15700] stack backtrace: [ 691.911061][T15700] CPU: 1 UID: 0 PID: 15700 Comm: syz.1.2775 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 691.911071][T15700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 691.911076][T15700] Call Trace: [ 691.911080][T15700] [ 691.911083][T15700] dump_stack_lvl+0x116/0x1f0 [ 691.911094][T15700] check_noncircular+0x31a/0x400 [ 691.911106][T15700] ? __pfx_check_noncircular+0x10/0x10 [ 691.911116][T15700] ? __pfx__prb_read_valid+0x10/0x10 [ 691.911126][T15700] ? __pfx_format_decode+0x10/0x10 [ 691.911139][T15700] ? lockdep_lock+0xc6/0x200 [ 691.911148][T15700] ? __pfx_lockdep_lock+0x10/0x10 [ 691.911158][T15700] __lock_acquire+0x24ed/0x3cb0 [ 691.911172][T15700] ? __pfx___lock_acquire+0x10/0x10 [ 691.911184][T15700] ? vprintk_store+0x222/0xbb0 [ 691.911197][T15700] lock_acquire+0x1b1/0x560 [ 691.911208][T15700] ? down_trylock+0x12/0x70 [ 691.911221][T15700] ? __pfx_lock_acquire+0x10/0x10 [ 691.911232][T15700] ? __pfx_mark_lock+0x10/0x10 [ 691.911242][T15700] ? hlock_class+0x4e/0x130 [ 691.911250][T15700] ? mark_lock+0xb5/0xc60 [ 691.911262][T15700] ? __pfx_mark_lock+0x10/0x10 [ 691.911273][T15700] ? vprintk+0x7f/0xa0 [ 691.911281][T15700] _raw_spin_lock_irqsave+0x3a/0x60 [ 691.911291][T15700] ? down_trylock+0x12/0x70 [ 691.911303][T15700] down_trylock+0x12/0x70 [ 691.911315][T15700] __down_trylock_console_sem+0x40/0x140 [ 691.911327][T15700] vprintk_emit+0x3d3/0x600 [ 691.911336][T15700] vprintk+0x7f/0xa0 [ 691.911345][T15700] _printk+0xc8/0x100 [ 691.911355][T15700] ? __pfx__printk+0x10/0x10 [ 691.911366][T15700] ? ___ratelimit+0x24c/0x580 [ 691.911380][T15700] ? __pfx____ratelimit+0x10/0x10 [ 691.911395][T15700] should_fail_ex+0x46c/0x5b0 [ 691.911405][T15700] strncpy_from_user+0x38/0x320 [ 691.911414][T15700] strncpy_from_user_nofault+0x7f/0x180 [ 691.911426][T15700] bpf_probe_read_compat_str+0x131/0x170 [ 691.911436][T15700] bpf_prog_1ccb8ba97563bf77+0x40/0x63 [ 691.911443][T15700] bpf_trace_run2+0x231/0x590 [ 691.911453][T15700] ? __pfx_bpf_trace_run2+0x10/0x10 [ 691.911465][T15700] ? psi_group_change+0x6ec/0xde0 [ 691.911478][T15700] trace_tlb_flush+0xf3/0x170 [ 691.911488][T15700] switch_mm_irqs_off+0x697/0xbb0 [ 691.911500][T15700] __schedule+0xc4d/0x5490 [ 691.911510][T15700] ? __pfx___lock_acquire+0x10/0x10 [ 691.911521][T15700] ? hlock_class+0x4e/0x130 [ 691.911543][T15700] ? __pfx___schedule+0x10/0x10 [ 691.911559][T15700] ? schedule+0x298/0x350 [ 691.911569][T15700] ? __pfx_lock_release+0x10/0x10 [ 691.911580][T15700] ? mark_lock+0xb5/0xc60 [ 691.911591][T15700] ? hlock_class+0x4e/0x130 [ 691.911599][T15700] ? __pfx_mark_lock+0x10/0x10 [ 691.911611][T15700] schedule+0xe7/0x350 [ 691.911622][T15700] schedule_timeout+0x258/0x2a0 [ 691.911631][T15700] ? __pfx_schedule_timeout+0x10/0x10 [ 691.911642][T15700] ? mark_held_locks+0x9f/0xe0 [ 691.911653][T15700] ? _raw_spin_unlock_irq+0x23/0x50 [ 691.911664][T15700] __wait_for_common+0x3de/0x5f0 [ 691.911675][T15700] ? __pfx_schedule_timeout+0x10/0x10 [ 691.911685][T15700] ? __pfx___wait_for_common+0x10/0x10 [ 691.911698][T15700] ? touch_wq_lockdep_map+0x6e/0x120 [ 691.911709][T15700] __flush_work+0x776/0xc30 [ 691.911723][T15700] ? __pfx___flush_work+0x10/0x10 [ 691.911736][T15700] ? __pfx_lock_release+0x10/0x10 [ 691.911747][T15700] ? __pfx_wq_barrier_func+0x10/0x10 [ 691.911759][T15700] ? mark_held_locks+0x9f/0xe0 [ 691.911769][T15700] ? __pfx___might_resched+0x10/0x10 [ 691.911783][T15700] ? queue_work_on+0xc6/0x140 [ 691.911794][T15700] ? lockdep_hardirqs_on+0x7c/0x110 [ 691.911807][T15700] __lru_add_drain_all+0x52c/0x740 [ 691.911817][T15700] ? __pfx_kasan_save_track+0x10/0x10 [ 691.911827][T15700] madvise_collapse+0x227/0xac0 [ 691.911839][T15700] ? mas_prev_slot+0x477/0xf60 [ 691.911848][T15700] ? __pfx_madvise_collapse+0x10/0x10 [ 691.911862][T15700] madvise_vma_behavior+0x349/0x18e0 [ 691.911874][T15700] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 691.911890][T15700] ? find_vma_prev+0xcd/0x150 [ 691.911908][T15700] ? __pfx_find_vma_prev+0x10/0x10 [ 691.911926][T15700] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 691.911950][T15700] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 691.911968][T15700] madvise_walk_vmas+0x1cf/0x2c0 [ 691.911987][T15700] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 691.912007][T15700] do_madvise+0x310/0x7a0 [ 691.912028][T15700] ? __pfx_do_madvise+0x10/0x10 [ 691.912048][T15700] ? ksys_write+0x1ab/0x260 [ 691.912066][T15700] ? __pfx_ksys_write+0x10/0x10 [ 691.912085][T15700] __ia32_sys_madvise+0xa7/0x110 [ 691.912104][T15700] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 691.912123][T15700] __do_fast_syscall_32+0x73/0x120 [ 691.912144][T15700] do_fast_syscall_32+0x32/0x80 [ 691.912164][T15700] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 691.912181][T15700] RIP: 0023:0xf7f53579 [ 691.912192][T15700] Code: Unable to access opcode bytes at 0xf7f5354f. [ 691.912199][T15700] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 00000000000000db [ 691.912213][T15700] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000600003 [ 691.912223][T15700] RDX: 0000000000000019 RSI: 0000000000000000 RDI: 0000000000000000 [ 691.912233][T15700] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 691.912242][T15700] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 691.912250][T15700] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 691.912278][T15700] [ 692.363263][T15700] CPU: 1 UID: 0 PID: 15700 Comm: syz.1.2775 Not tainted 6.11.0-rc6-syzkaller-00355-g5dadc1be8fc5 #0 [ 692.367983][T15700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 692.372454][T15700] Call Trace: [ 692.373835][T15700] [ 692.375052][T15700] dump_stack_lvl+0x116/0x1f0 [ 692.376961][T15700] should_fail_ex+0x497/0x5b0 [ 692.378829][T15700] strncpy_from_user+0x38/0x320 [ 692.380879][T15700] strncpy_from_user_nofault+0x7f/0x180 [ 692.383123][T15700] bpf_probe_read_compat_str+0x131/0x170 [ 692.385381][T15700] bpf_prog_1ccb8ba97563bf77+0x40/0x63 [ 692.387684][T15700] bpf_trace_run2+0x231/0x590 [ 692.389672][T15700] ? __pfx_bpf_trace_run2+0x10/0x10 [ 692.391716][T15700] ? psi_group_change+0x6ec/0xde0 [ 692.393643][T15700] trace_tlb_flush+0xf3/0x170 [ 692.395720][T15700] switch_mm_irqs_off+0x697/0xbb0 [ 692.397835][T15700] __schedule+0xc4d/0x5490 [ 692.400036][T15700] ? __pfx___lock_acquire+0x10/0x10 [ 692.402132][T15700] ? hlock_class+0x4e/0x130 [ 692.403927][T15700] ? __pfx___schedule+0x10/0x10 [ 692.405885][T15700] ? schedule+0x298/0x350 [ 692.407652][T15700] ? __pfx_lock_release+0x10/0x10 [ 692.409680][T15700] ? mark_lock+0xb5/0xc60 [ 692.411425][T15700] ? hlock_class+0x4e/0x130 [ 692.413264][T15700] ? __pfx_mark_lock+0x10/0x10 [ 692.415343][T15700] schedule+0xe7/0x350 [ 692.417126][T15700] schedule_timeout+0x258/0x2a0 [ 692.419150][T15700] ? __pfx_schedule_timeout+0x10/0x10 [ 692.421306][T15700] ? mark_held_locks+0x9f/0xe0 [ 692.423121][T15700] ? _raw_spin_unlock_irq+0x23/0x50 [ 692.425017][T15700] __wait_for_common+0x3de/0x5f0 [ 692.427087][T15700] ? __pfx_schedule_timeout+0x10/0x10 [ 692.429376][T15700] ? __pfx___wait_for_common+0x10/0x10 [ 692.431712][T15700] ? touch_wq_lockdep_map+0x6e/0x120 [ 692.433769][T15700] __flush_work+0x776/0xc30 [ 692.435359][T15700] ? __pfx___flush_work+0x10/0x10 [ 692.437068][T15700] ? __pfx_lock_release+0x10/0x10 [ 692.438770][T15700] ? __pfx_wq_barrier_func+0x10/0x10 [ 692.440910][T15700] ? mark_held_locks+0x9f/0xe0 [ 692.442902][T15700] ? __pfx___might_resched+0x10/0x10 [ 692.444800][T15700] ? queue_work_on+0xc6/0x140 [ 692.446637][T15700] ? lockdep_hardirqs_on+0x7c/0x110 [ 692.448817][T15700] __lru_add_drain_all+0x52c/0x740 [ 692.450994][T15700] ? __pfx_kasan_save_track+0x10/0x10 [ 692.453271][T15700] madvise_collapse+0x227/0xac0 [ 692.455155][T15700] ? mas_prev_slot+0x477/0xf60 [ 692.457222][T15700] ? __pfx_madvise_collapse+0x10/0x10 [ 692.459512][T15700] madvise_vma_behavior+0x349/0x18e0 [ 692.461771][T15700] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 692.464028][T15700] ? find_vma_prev+0xcd/0x150 [ 692.465646][T15700] ? __pfx_find_vma_prev+0x10/0x10 [ 692.468101][T15700] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 692.470602][T15700] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 692.473019][T15700] madvise_walk_vmas+0x1cf/0x2c0 [ 692.474917][T15700] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 692.477217][T15700] do_madvise+0x310/0x7a0 [ 692.478964][T15700] ? __pfx_do_madvise+0x10/0x10 [ 692.481025][T15700] ? ksys_write+0x1ab/0x260 [ 692.482956][T15700] ? __pfx_ksys_write+0x10/0x10 [ 692.484903][T15700] __ia32_sys_madvise+0xa7/0x110 [ 692.486988][T15700] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 692.489504][T15700] __do_fast_syscall_32+0x73/0x120 [ 692.491682][T15700] do_fast_syscall_32+0x32/0x80 [ 692.493698][T15700] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 692.496276][T15700] RIP: 0023:0xf7f53579 [ 692.498026][T15700] Code: Unable to access opcode bytes at 0xf7f5354f. [ 692.500771][T15700] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 00000000000000db [ 692.504683][T15700] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000600003 [ 692.507848][T15700] RDX: 0000000000000019 RSI: 0000000000000000 RDI: 0000000000000000 [ 692.511156][T15700] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 692.514444][T15700] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 692.517605][T15700] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 692.520930][T15700] [ 692.522412][ C3] vkms_vblank_simulate: vblank timer overrun [ 692.676583][ T5355] usb 7-1: new high-speed USB device number 55 using dummy_hcd [ 692.680132][T10715] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 693.094418][T11535] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.271214][T11535] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.347190][T11535] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.404102][T11535] bond0: (slave netdevsim0): Releasing backup interface [ 693.407643][T11535] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.514041][T11535] bridge_slave_1: left allmulticast mode [ 693.516342][T11535] bridge_slave_1: left promiscuous mode [ 693.518825][T11535] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.524880][T11535] bridge_slave_0: left allmulticast mode [ 693.527292][T11535] bridge_slave_0: left promiscuous mode [ 693.529653][T11535] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.694594][T11535] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 693.699848][T11535] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 693.704423][T11535] bond0 (unregistering): Released all slaves [ 694.159374][T11535] hsr_slave_0: left promiscuous mode [ 694.163202][T11535] hsr_slave_1: left promiscuous mode [ 694.167599][T11535] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 694.170457][T11535] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 694.174890][T11535] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 694.178076][T11535] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 694.184070][T11535] veth1_macvtap: left promiscuous mode [ 694.186554][T11535] veth0_macvtap: left promiscuous mode [ 694.189063][T11535] veth1_vlan: left promiscuous mode [ 694.191449][T11535] veth0_vlan: left promiscuous mode [ 694.603653][T11535] team0 (unregistering): Port device team_slave_1 removed [ 694.657730][T11535] team0 (unregistering): Port device team_slave_0 removed [ 695.428842][T11535] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 695.435400][T11535] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.507788][T11535] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 695.512413][T11535] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.638030][T11535] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 695.643430][T11535] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.689542][T11535] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 695.694954][T11535] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.834624][T11535] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.899715][T11535] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.958555][T11535] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.016763][T11535] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.177839][T11535] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.247043][T11535] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.338708][T11535] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.487683][T11535] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.641043][T11535] bridge_slave_1: left allmulticast mode [ 696.645505][T11535] bridge_slave_1: left promiscuous mode [ 696.648074][T11535] bridge0: port 2(bridge_slave_1) entered disabled state [ 696.654411][T11535] bridge_slave_0: left allmulticast mode [ 696.656893][T11535] bridge_slave_0: left promiscuous mode [ 696.659459][T11535] bridge0: port 1(bridge_slave_0) entered disabled state [ 696.666064][T11535] bridge_slave_1: left allmulticast mode [ 696.668292][T11535] bridge_slave_1: left promiscuous mode [ 696.670564][T11535] bridge0: port 2(bridge_slave_1) entered disabled state [ 696.675406][T11535] bridge_slave_0: left allmulticast mode [ 696.677890][T11535] bridge_slave_0: left promiscuous mode [ 696.680439][T11535] bridge0: port 1(bridge_slave_0) entered disabled state [ 696.687239][T11535] bridge_slave_1: left allmulticast mode [ 696.689728][T11535] bridge_slave_1: left promiscuous mode [ 696.692602][T11535] bridge0: port 2(bridge_slave_1) entered disabled state [ 696.697836][T11535] bridge_slave_0: left allmulticast mode [ 696.700328][T11535] bridge_slave_0: left promiscuous mode [ 696.703768][T11535] bridge0: port 1(bridge_slave_0) entered disabled state [ 697.177559][T11535] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 697.184678][T11535] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 697.190169][T11535] bond0 (unregistering): Released all slaves [ 697.202675][T11535] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 697.208805][T11535] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 697.215790][T11535] bond0 (unregistering): Released all slaves [ 697.226282][T11535] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 697.232985][T11535] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 697.238336][T11535] bond0 (unregistering): Released all slaves [ 698.278639][T11535] hsr_slave_0: left promiscuous mode [ 698.284724][T11535] hsr_slave_1: left promiscuous mode [ 698.291204][T11535] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 698.294762][T11535] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 698.301054][T11535] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 698.304374][T11535] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 698.329864][T11535] hsr_slave_0: left promiscuous mode [ 698.341968][T11535] hsr_slave_1: left promiscuous mode [ 698.345476][T11535] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 698.348680][T11535] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 698.353041][T11535] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 698.355670][T11535] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 698.363924][T11535] hsr_slave_0: left promiscuous mode [ 698.367053][T11535] hsr_slave_1: left promiscuous mode [ 698.369634][T11535] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 698.372668][T11535] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 698.376348][T11535] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 698.379511][T11535] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 698.388675][T11535] veth1_macvtap: left promiscuous mode [ 698.390780][T11535] veth0_macvtap: left promiscuous mode [ 698.393623][T11535] veth1_vlan: left promiscuous mode [ 698.395700][T11535] veth0_vlan: left promiscuous mode [ 698.400170][T11535] veth1_macvtap: left promiscuous mode [ 698.402442][T11535] veth0_macvtap: left promiscuous mode [ 698.404563][T11535] veth1_vlan: left promiscuous mode [ 698.406792][T11535] veth0_vlan: left promiscuous mode [ 698.410008][T11535] veth1_macvtap: left promiscuous mode [ 698.412859][T11535] veth0_macvtap: left promiscuous mode [ 698.414855][T11535] veth1_vlan: left promiscuous mode [ 698.417072][T11535] veth0_vlan: left promiscuous mode [ 698.879853][T11535] team0 (unregistering): Port device team_slave_1 removed [ 698.941882][T11535] team0 (unregistering): Port device team_slave_0 removed [ 699.414419][T11535] team0 (unregistering): Port device team_slave_1 removed [ 699.425779][T11535] team0 (unregistering): Port device team_slave_0 removed [ 699.837203][T11535] team0 (unregistering): Port device team_slave_1 removed [ 699.895263][T11535] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 03:36:49 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000001 RBX=ffff88802b744b80 RCX=ffffffff817ef3ab RDX=ffff888025ac8000 RSI=ffffffff817ef385 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900042574d8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=1ffffffff1bb88b1 R12=ffffed10056e8971 R13=0000000000000001 R14=ffff88802b744b88 R15=ffff88802b63ffc0 RIP=ffffffff818b1a5b RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020000000 CR3=000000005a8ec000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000063 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fc2445 RDI=ffffffff9a516640 RBP=ffffffff9a516600 RSP=ffffc900040d6ec0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e31312e36 R12=0000000000000000 R13=0000000000000063 R14=ffffffff84fc23e0 R15=0000000000000000 RIP=ffffffff84fc246f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f56e5fbc CR3=000000005330c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000009 RCX=0000000000000003 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000001 RBP=ffffc900031a7508 RSP=ffffc900031a7298 R8 =0000000000000001 R9 =0000000000000010 R10=000000000000000d R11=dffffc0000000000 R12=00000000000011f7 R13=ffffc900031a7350 R14=ffff888022899fbd R15=ffffc900031a7510 RIP=ffffffff818b1a20 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fcfb0896d00 ffffffff 00c00000 GS =0000 ffff88802b800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000558836bae000 CR3=0000000029d00000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=c54e8071c54e8071 c54e8071c54e8071 c54e8071c54e8071 c54e8071c54e8071 c54e8071c54e8071 c54e8071c54e8071 c54e8071c54e8071 c54e8071c54e8071 ZMM22=547d60a0547d60a0 547d60a0547d60a0 547d60a0547d60a0 547d60a0547d60a0 547d60a0547d60a0 547d60a0547d60a0 547d60a0547d60a0 547d60a0547d60a0 ZMM23=f5747056f5747056 f5747056f5747056 f5747056f5747056 f5747056f5747056 f5747056f5747056 f5747056f5747056 f5747056f5747056 f5747056f5747056 ZMM24=420d7ca7420d7ca7 420d7ca7420d7ca7 420d7ca7420d7ca7 420d7ca7420d7ca7 420d7ca7420d7ca7 420d7ca7420d7ca7 420d7ca7420d7ca7 420d7ca7420d7ca7 ZMM25=b332e826b332e826 b332e826b332e826 b332e826b332e826 b332e826b332e826 b332e826b332e826 b332e826b332e826 b332e826b332e826 b332e826b332e826 ZMM26=7ab8484e7ab8484e 7ab8484e7ab8484e 7ab8484e7ab8484e 7ab8484e7ab8484e 7ab8484e7ab8484e 7ab8484e7ab8484e 7ab8484e7ab8484e 7ab8484e7ab8484e ZMM27=92f5b29992f5b299 92f5b29992f5b299 92f5b29992f5b299 92f5b29992f5b299 92f5b29992f5b299 92f5b29992f5b299 92f5b29992f5b299 92f5b29992f5b299 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=f3150000f3150000 f3150000f3150000 f3150000f3150000 f3150000f3150000 f3150000f3150000 f3150000f3150000 f3150000f3150000 f3150000f3150000 info registers vcpu 3 CPU#3 RAX=0000000000000001 RBX=1ffff9200189df80 RCX=1ffff110056e7dc0 RDX=ffffed1004bb3006 RSI=ffffffff8bb07f60 RDI=ffff88802b73ee00 RBP=ffff888025d98000 RSP=ffffc9000c4efbd8 R8 =0000000000000000 R9 =ffffed1004bb3086 R10=ffff888025d98437 R11=0000000000000000 R12=0000000000000007 R13=ffff888025d98014 R14=ffff888025d98a00 R15=ffff888025d98034 RIP=ffffffff815d602c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020000000 CR3=000000005aa3c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000