last executing test programs: 6.459274841s ago: executing program 0 (id=1903): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b70800000000000e7b8af0ff0000", @ANYBLOB="0000000000000000b70500000800000085000000c5000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000850000002300000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r0, 0x0, 0x0) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) bind$l2tp6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x6, @mcast2, 0x3, 0x2}, 0x20) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000000c0), 0x4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x44, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params, @NL80211_ATTR_CSA_IES={0x28, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x8, 0x1, 0x8, 0x7, 0x2, 0x7fd]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0x200, 0x1000]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x48, 0x7, 0x8, 0xf7]}]}]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000ec0)={0x58, 0x0, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x32, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x6}, @device_b, @device_a, @from_mac=@broadcast, {0x9, 0xc4d}, @value=@ver_80211n={0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1}}, 0x10, 0x9, @device_a, {0x0, 0x6, @default_ap_ssid}, @void, @void}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}]}, 0x58}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008084) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x20000, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000100)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000000000054d0900ac42002f1b33da0000000000"]) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) pwrite64(r4, &(0x7f00000000c0)="97", 0x1, 0x0) lseek(r4, 0xfb, 0x3) chdir(&(0x7f0000000000)='./bus\x00') copy_file_range(r4, 0x0, r4, &(0x7f0000000080)=0x32, 0x1, 0x0) 6.079699585s ago: executing program 0 (id=1908): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x8241, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x18, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000580), 0x0, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f00000000c0)={'#! ', './file0'}, 0xb) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0) r7 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe) r8 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) r9 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x3}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d", 0x86, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000100)={r7, r8, r9}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r3, 0x0) io_uring_setup(0x679e, &(0x7f0000000300)={0x0, 0x8219, 0x20000, 0x2, 0x159, 0x0, r3}) r10 = syz_usb_connect$printer(0x1, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7, 0x0, 0x59, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x7, 0x1, 0x2, 0x1, "", {{{0x9, 0x5, 0x1, 0x2, 0x8, 0x6, 0x9, 0xee}}, [{{0x9, 0x5, 0x82, 0x2, 0x8, 0x5, 0x1, 0x87}}]}}}]}}]}}, &(0x7f0000000700)={0xa, &(0x7f0000000400)={0xa, 0x6, 0x0, 0x6, 0x8a, 0xf, 0x8, 0x9}, 0x10, &(0x7f0000000440)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x0, 0x4, 0x2, 0xc}]}, 0x3, [{0xb3, &(0x7f0000000480)=@string={0xb3, 0x3, "34a810b073ac636a3d1e815245cfba5ecb68daac8d1e1ea7feb46471e4d8e85ef37427f037bf6fc2fbfbe3f1b96767d6151a765556618dc535d7cd422f50a16efa1e06c1c433dd75b931c55acb867e5a9c69d7a7c860a82d8a27f638ff50aba910fab0d825384b7c42129c5d9aff70e08ba6365c9cbf0bfd070d218cc158919674092f8ce49ab61c95a896db00c0efc80b31a9d5babf4b8365c13dfcfec36b61eb588ce28096659d50faccf3b1462efefc"}}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x3409}}, {0xdc, &(0x7f0000000600)=@string={0xdc, 0x3, "3a38b95bdcf73971485f370ea2d48d9148e2471b4160846efef7fc895f32e91a147f742bfa2df63e189367a016b71ffa9955e10593a6636344215b1291d63b970fe57af1c98cd41d5161d3c697429ae77b46816d698d1e437db4ff1e8729f8d8b0d1e9ddbe0cad9f58c161bc71740040fbfff22cfa1443742275f2eca561ea256e8d41e64bf359a018c580ecda3660e49631409b9addc668c09f9db144d10d2c3debb2b73a264d2908199332ddccde5c8d0000c684984955e6a2c5c83e98f7bbdc79f282b166fcba1b507905ea0d76e04c5b432eb86b95f37328"}}]}) syz_usb_control_io$printer(r10, &(0x7f0000000800)={0xc, &(0x7f0000000740)={0x20, 0x22, 0x73, {0x73, 0xa, "1d9ec834dda3c78cae4de514c7511214044c6bf556e83bb64ff2ba62d807b39ab197b2cc652bf4c51c55187e6813d64eee521a9ccc4035f3b7ed4a21f9cb95b88b5153eb11798f987c37cdcbc4cb1674be0fb7b220694d56d83d5698d5fbb07ba918563d5a2f7106a442197fa09eb2c5fa"}}, &(0x7f00000007c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x813}}}, &(0x7f0000000b40)={0x1c, &(0x7f0000000840)={0x0, 0xb, 0xba, "b41a228537896cd7fb34edf9dc8bf0798a471173852bce8534cfce592c3134b603b19e8ceb1463d5f4930b86fc0fd26f8c8de82040cf85d619334c001c82ef8f7e82ba6c15058f28d69537b1d9db8142cd71d9e925780c70451e61358a3994daad95e05a59c780730f71b207ca20e443237cace49db38a9bb4375c9d3342ba0dc328b832cd3980a8ff91ff84eaa8c6bf6dddf37235bf4796ecec8a5d90465f0753f0e8ab96db99f1be74c7be97b9a4d3592783865c915f480a4c"}, &(0x7f0000000900)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000940)={0x0, 0x8, 0x1, 0xf7}, &(0x7f0000000980)={0x20, 0x0, 0xff, {0xfd, "b38ae13cf01291e8103cfafa68905aad44617b120f0984a5d2b07b55d46f9a969b0465b396929076138b4dfddeb462ded7ac5499875e0d46e5aa134e448323a9570c034a6baaaaaa29461db32ec7846b63d404b0fc8689ce6c4da519e88f13a690e1603068c8439b7ea26718c032b536c859a2c896f74eb60efb51ad5f12038b1952d32a155b9f6067607979c3a5e7e93752a926da1b7c41c09ed4fe69ed2fe6370a0696745f0267ef7b2b4eb2679838905e8d3d2a047b75641746c1631c4a3b52e9a06f406ef7f975dff3591b6389c192c3dc51c80453bf6ea4780b7e142e38b2b4c9f588023b81467399119395b542387ab2cc0e9af12f9c563cf1f1"}}, &(0x7f0000000ac0)={0x20, 0x1, 0x1, 0x9}, &(0x7f0000000b00)={0x20, 0x0, 0x1, 0x10}}) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000000)={0x1}) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, &(0x7f00000001c0)={0x1, 0xffffffff, 0x3c, 0x0, 0x0, 0x2}) 3.26734409s ago: executing program 1 (id=1927): r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x141a82, 0x12) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000600)={&(0x7f0000000340)="6b15f2d19dfdca9bb2807409612dcc1224e16ac519b6d738430a6d91ffa6c025536409376f20550940f06d63baa85cb72eafaf0113d708d11ad62a20590cba6ed0c2d928b6809c26146fb72613d1c02ba40d3f72ce8a62903468bb7e213e224cdb1728a2b7df495281a692c816c3e800e2d284abdd2de98117fd0dc742d78c2716f985dcf5d75ad5e4d9bdb3808449dfce94c4a3e14f0657a33c4a7c91c6e8606429e88ca686771efc7216e7c7bef3fa92ccee9072d6cd5de65a76b3eefce2777b127ddd91aad81ca8d59bedd2262e246b1e418f12ad56e18310107cd7f1ff748e634c8f406527e0d7a201275387b6d3e4864ed841afc3477914", &(0x7f0000000480)=""/51, &(0x7f00000004c0)="bb7a33a8a55f93c26d01eafed387db1064913b766d72a0b0064911011fdcfb5623cd897600d6b00a45b5b9e92e9b27e801fb91b1700e383aa8bef86e91e74db5e9b2f553db15bf0327df29218d7702dd413df0494b1a0f81e453ec309c928f223e791002025bfd8e92f11009e913e8ed46febf86c4fdb427b38e1a00ff26c79b16a3", &(0x7f0000000580)="6e06f327949d5e16a420e53ea8f03fc4ff1ac467d344d22cc73bde533e760e5dd846c94704457fdf479587a1c9b1e433e15f92643d61c41a693029cc8cc5c9e7dd80b5c1ca98850b4b", 0x6, r0, 0x4}, 0x38) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) times(&(0x7f0000000280)) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x8, 0x1) r3 = socket$kcm(0x2, 0x200000000000001, 0x106) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c0001800600060088480000040502"], 0x528}}, 0xc000) sendmsg$inet(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000300)={0x100, 0xa, 0x7fffffff, 0xfffffff7, 0xc, "2de88538a263acf45268a19c07751db1f1f52e"}) close(r3) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r5, 0x401c5504, &(0x7f0000000000)={0x2, {0xb4, 0xef, 0x31c, 0x1ff, 0x7, 0x80000001}}) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x3) write$uinput_user_dev(r5, &(0x7f0000000800)={'syz1\x00', {}, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8000, 0x80000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x200], [0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x45c) ioctl$UI_DEV_CREATE(r5, 0x5501) r6 = socket$unix(0x1, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f00000000c0)=0x1df, 0x4) 2.659667128s ago: executing program 2 (id=1928): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b70800000000000e7b8af0ff00000000bfa10000000000000701000000feffffbfa4000000", @ANYBLOB="0000000000000000b70500000800000085000000c5000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000850000002300000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r0, 0x0, 0x0) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) bind$l2tp6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x6, @mcast2, 0x3, 0x2}, 0x20) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000000c0), 0x4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x44, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params, @NL80211_ATTR_CSA_IES={0x28, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x8, 0x1, 0x8, 0x7, 0x2, 0x7fd]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0x200, 0x1000]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x48, 0x7, 0x8, 0xf7]}]}]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000ec0)={0x58, 0x0, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x32, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x6}, @device_b, @device_a, @from_mac=@broadcast, {0x9, 0xc4d}, @value=@ver_80211n={0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1}}, 0x10, 0x9, @device_a, {0x0, 0x6, @default_ap_ssid}, @void, @void}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}]}, 0x58}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008084) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x20000, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000100)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000000000054d0900ac42002f1b33da0000000000"]) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) pwrite64(r4, &(0x7f00000000c0)="97", 0x1, 0x0) lseek(r4, 0xfb, 0x3) chdir(&(0x7f0000000000)='./bus\x00') copy_file_range(r4, 0x0, r4, &(0x7f0000000080)=0x32, 0x1, 0x0) 2.349630347s ago: executing program 2 (id=1929): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000500)=ANY=[@ANYRES64=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000340)=ANY=[@ANYRES8=r0], &(0x7f0000000380)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x2, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = fsopen(&(0x7f0000000040)='hfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x8, 0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) chdir(0x0) syz_clone3(&(0x7f0000000680)={0xa000, &(0x7f00000000c0), 0x0, 0x0, {0x4}, &(0x7f00000002c0)=""/32, 0x20, 0x0, 0x0}, 0x58) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r4, 0x0) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) r5 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000980)='#\n$)-.\x02\xcc\xd7\xb2f\xcdY\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112s\x88\n\x13:\xd6\xfa\xd5?\xc7\xfd&\x8d*\xbb|&#\xe9\xa3\'\x91>C\x1bV\x87\xeb\xfe\xda\x89\xb7}@\xab\x16\x9c{\x8c\x97\xcc\xe7\xa5\xf5\xeb2\x9a\xed%\xf2\x8f\x97\x18\xce\x92\xc9\xa8\x1c\x9d\\C\xfeI%\xae\x8fKHq\x89\x83\xbb\x9dC\xd6H\x80s\xd66y\xfao\x04\xa4\xb6\x88\xdb\xa1b\xae\xa7\x87\xcc\xc7\xa4\xdc\n=/o\xf3\x96\xaf\b1\x1b48\bu\x01\xab\x90Q\xe8r\xe7\r\'-06,\xff\x84x\'+\xd5\xd4?[e\x19\xa3\\J\xe9\x8a\xb9\xe495\x12B\x06\xe5\x8f\x83Vb\xf1\xbc\xb9E\x1a\x9bH$\x1f^\x9dX\xd0\xca\xcc\xc9\x86\xaa\xd0\x9c\xc0\x82\xabE\xcc{\xcd\xd3\xdb\x97\x1e.y\xb0\x9f\x8f\xefv\x9c\xbd%\x84\xbf\"\xd9\xb4Vm\t.\x15\xf1)\xd6\xd8\x1cb\xc5\xd9=c\xb5<|+K*\x9f\x01u', 0xfeffffff00000000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r6, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000}) close_range(r7, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.events\x00', 0x275a, 0x0) 2.089441977s ago: executing program 1 (id=1932): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) tkill(0x0, 0x4000012) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r2) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) ptrace(0x10, r1) r3 = syz_open_procfs(r1, &(0x7f0000000040)='status\x00') preadv(r3, &(0x7f0000000680)=[{&(0x7f0000000400)=""/121, 0x79}], 0x1, 0xffffffff, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x10000000, @void, @value}, 0x94) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x4000000000000, &(0x7f0000000140)=@base={0x5, 0x1, 0x6c02, 0x41, 0x111, 0xffffffffffffffff, 0x3f00, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000200000000050005000000cc580a"], 0x80}}, 0x0) sendmmsg(r7, &(0x7f0000000180), 0x400008a, 0x0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) 2.017253341s ago: executing program 3 (id=1935): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x20, 0xe, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x68}, 0x1, 0x0, 0x0, 0x44000}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) sendmsg$nl_route_sched_retired(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000013c0), 0x43c}}, 0x0) recvmmsg(r4, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000080)=""/110, 0x6e}, {&(0x7f0000000280)=""/195, 0xc3}], 0x2}}], 0x1, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x1, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x10b85}, [@IFLA_IFNAME={0x14, 0x3, 'macsec0\x00'}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x40}, 0x1, 0x0, 0x0, 0x90}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000040)={'tunl0\x00', &(0x7f0000000440)={'syztnl2\x00', 0x0, 0x80, 0x20, 0x3, 0x101, {{0x19, 0x4, 0x0, 0x20, 0x64, 0x66, 0x0, 0xfc, 0x2f, 0x0, @rand_addr=0x64010102, @broadcast, {[@timestamp_addr={0x44, 0x2c, 0xcb, 0x1, 0xe, [{@loopback}, {@loopback, 0x1}, {@broadcast, 0x59}, {@rand_addr=0x64010100, 0x3ff}, {@loopback, 0x4}]}, @timestamp_prespec={0x44, 0x24, 0x5a, 0x3, 0xb, [{@dev={0xac, 0x14, 0x14, 0xd}, 0x7}, {@remote, 0x9}, {@loopback, 0x2}, {@rand_addr=0x64010100, 0x3}]}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000100)={'tunl0\x00', &(0x7f0000000500)={'syztnl1\x00', r6, 0x1, 0x40, 0x1, 0x400, {{0x1b, 0x4, 0x1, 0xa, 0x6c, 0x64, 0x0, 0x4, 0x2f, 0x0, @remote, @remote, {[@lsrr={0x83, 0xf, 0xe, [@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1]}, @cipso={0x86, 0x30, 0x3, [{0x6, 0xf, "15e68e9b2028b8e4fc7baca4c5"}, {0x1, 0x6, "f8ec65bd"}, {0x0, 0x3, "dd"}, {0x5, 0xe, "243badf88fa2bd00b8188f37"}, {0x5, 0x4, "bebb"}]}, @generic={0x81, 0xf, "5ad925b1a2b6ff35aa2219c4a5"}, @ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0x3, 0x5c}]}}}}}) write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 1.930055339s ago: executing program 3 (id=1936): socket$pppl2tp(0x18, 0x1, 0x1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) epoll_create(0x3) socket(0x10, 0x3, 0x0) socket(0x1e, 0x805, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) socket$key(0xf, 0x3, 0x2) socket$inet6_sctp(0xa, 0x5, 0x84) socket$packet(0x11, 0x3, 0x300) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f0000800000e0140012800a00010076786c616e0000000400028008000a00", @ANYRES64=r0], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) 1.739677113s ago: executing program 3 (id=1937): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b70800000000000e7b8af0ff00000000bfa10000000000000701000000feffffbfa4000000", @ANYBLOB="0000000000000000b70500000800000085000000c5000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000850000002300000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r0, 0x0, 0x0) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) bind$l2tp6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x6, @mcast2, 0x3, 0x2}, 0x20) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000000c0), 0x4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x44, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params, @NL80211_ATTR_CSA_IES={0x28, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x8, 0x1, 0x8, 0x7, 0x2, 0x7fd]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0x200, 0x1000]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x48, 0x7, 0x8, 0xf7]}]}]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000ec0)={0x58, 0x0, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x32, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x6}, @device_b, @device_a, @from_mac=@broadcast, {0x9, 0xc4d}, @value=@ver_80211n={0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1}}, 0x10, 0x9, @device_a, {0x0, 0x6, @default_ap_ssid}, @void, @void}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}]}, 0x58}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008084) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x20000, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000100)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000000000054d0900ac42002f1b33da0000000000"]) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) pwrite64(r4, &(0x7f00000000c0)="97", 0x1, 0x0) lseek(r4, 0xfb, 0x3) chdir(&(0x7f0000000000)='./bus\x00') copy_file_range(r4, 0x0, r4, &(0x7f0000000080)=0x32, 0x1, 0x0) 1.371647006s ago: executing program 2 (id=1938): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r4) setuid(0xee01) keyctl$clear(0x7, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) 1.365557085s ago: executing program 0 (id=1939): setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) r0 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_opts(r1, 0x0, 0x0, &(0x7f0000000000)="714bb498ea3437756cc367c39fd66c2896735216e2216e6bbd3b19361c3b1d9e0326e5224e6f24d98f7d72e61e2a7e8c9be09e70cd14f0ae9fbf6fafebeb997513db2b9bad2f1943bb402a08086d291e6ce29b46300ba65917a45767c9e680d311aaf6a42964e72f777274d325bf8854cc9c94408cd101d6dff154", 0x7b) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x9, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@RTA_GATEWAY={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0xff}}]}, 0x24}}, 0x0) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg$inet(r4, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000100)="8fc51ea43bc38fdc672ff8a38c366bb16b506f6b0a9054452a7000538d993be36813c4d7ed5cf342504aab2192e5e9ede74ddeb93cc59ec6ff6fce6466a68433b79ac0c778d805cfff9bc09c7d7b7cbc7c77db378a8b572e53", 0x59}], 0x1}}], 0x1, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240), 0x208e24b) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"}) r7 = syz_open_dev$tty20(0xc, 0x4, 0x0) r8 = syz_open_pts(r7, 0x400) fcntl$setstatus(r8, 0x4, 0x102800) write(r8, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000040)=0xe) syz_open_dev$media(&(0x7f0000000000), 0x7, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) bind$bt_hci(r4, &(0x7f0000000340)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) close_range(r5, 0xffffffffffffffff, 0x0) 1.289501166s ago: executing program 0 (id=1940): mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000005, 0x6031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000280)={{0xfdfe, 0x7, 0x24, 0xfffe}, 'syz0\x00', 0x22}) ioctl$UI_DEV_DESTROY(r1, 0x5502) openat$procfs(0xffffff9c, &(0x7f0000000900)='/proc/tty/ldiscs\x00', 0x0, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x224, 0xd8, 0xffffffff, 0xffffffff, 0xd8, 0xffffffff, 0x204, 0xffffffff, 0xffffffff, 0x204, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x98, 0xd8, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "9b6c6be8536e2d1da2a5f10aa1d49e77525e9a00f298611f5c9a3d60d091"}}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'ip6erspan0\x00', 'team0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x280) ptrace(0x10, r2) ptrace$getregset(0x4205, r2, 0x200, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000300)={{0x1, 0x1, 0x18, r1, {0x2}}, './file0\x00'}) ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0) clock_gettime(0x0, &(0x7f0000005b40)={0x0, 0x0}) recvmmsg(r3, &(0x7f0000005a00)=[{{&(0x7f0000000340)=@ax25={{0x3, @netrom}, [@remote, @bcast, @netrom, @netrom, @null, @bcast, @rose, @null]}, 0x80, &(0x7f0000000580)=[{&(0x7f00000003c0)=""/71, 0x47}, {&(0x7f0000000440)=""/115, 0x73}, {&(0x7f00000004c0)=""/27, 0x1b}, {&(0x7f0000000500)=""/122, 0x7a}], 0x4, &(0x7f00000005c0)=""/231, 0xe7}, 0x2}, {{&(0x7f00000006c0)=@isdn, 0x80, &(0x7f0000000840)=[{&(0x7f0000000740)=""/250, 0xfa}], 0x1}, 0x1}, {{&(0x7f0000000880)=@nfc_llcp, 0x80, &(0x7f0000000a40)=[{&(0x7f0000000900)}, {&(0x7f0000000940)=""/41, 0x29}, {&(0x7f0000000980)=""/189, 0xbd}], 0x3, &(0x7f0000000a80)=""/54, 0x36}, 0x96}, {{0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000001b00)=""/250, 0xfa}, 0x2}, {{&(0x7f0000001c00)=@ax25={{0x3, @rose}, [@netrom, @netrom, @remote, @bcast, @default, @null, @null, @bcast]}, 0x80, &(0x7f0000002e00)=[{&(0x7f0000001c80)=""/114, 0x72}, {&(0x7f0000001d00)=""/4096, 0x1000}, {&(0x7f0000002d00)=""/195, 0xc3}], 0x3, &(0x7f0000002e40)=""/85, 0x55}, 0x6}, {{&(0x7f0000002ec0)=@nfc, 0x80, &(0x7f0000003200)=[{&(0x7f0000002f40)=""/97, 0x61}, {&(0x7f0000002fc0)=""/197, 0xc5}, {&(0x7f00000030c0)=""/143, 0x8f}, {&(0x7f0000003180)=""/48, 0x30}, {&(0x7f00000031c0)=""/38, 0x26}], 0x5, &(0x7f0000003240)=""/220, 0xdc}, 0x8000}, {{&(0x7f0000003340)=@can, 0x80, &(0x7f0000003500)=[{&(0x7f00000033c0)=""/128, 0x80}, {&(0x7f0000003440)=""/104, 0x68}, {&(0x7f00000034c0)}], 0x3}, 0x2}, {{&(0x7f0000003540)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000004700)=[{&(0x7f00000035c0)}, {&(0x7f0000003600)=""/4096, 0x1000}, {&(0x7f0000004600)=""/233, 0xe9}], 0x3, &(0x7f0000004740)=""/51, 0x33}, 0x5}, {{&(0x7f0000004780)=@isdn, 0x80, &(0x7f0000005900)=[{&(0x7f0000004800)=""/4096, 0x1000}, {&(0x7f0000005800)=""/27, 0x1b}, {&(0x7f0000005840)=""/17, 0x11}, {&(0x7f0000005880)=""/125, 0x7d}], 0x4, &(0x7f0000005940)=""/172, 0xac}, 0x4}], 0x9, 0x2021, &(0x7f0000005b80)={r4, r5+60000000}) ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x4008556c, 0x37) 1.288986442s ago: executing program 3 (id=1941): r0 = socket$inet6(0xa, 0x3, 0xff) init_module(&(0x7f0000000100)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0xff, 0x4, 0xfc, 0xffffffffffffffff, 0x3, 0x6, 0x8, 0x190, 0x40, 0x278, 0x10, 0x4, 0x38, 0x2, 0xe9, 0x8, 0xc}, [], "8202bdbe1aeb0f28648055f1d5740d47"}, 0xfffd8, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffd2f, 0x300, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x4b) 1.239863669s ago: executing program 0 (id=1942): unshare(0x2c060000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a80)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) sched_setscheduler(r0, 0x7, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_io_uring_setup(0x7791, &(0x7f0000000a00)={0x0, 0x4136, 0x400, 0x1, 0x15c}, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000bdb000/0x3000)=nil, 0x3000, 0x0) r4 = socket(0x15, 0x5, 0x0) getsockopt(r4, 0x200000000114, 0x2711, 0x0, &(0x7f0000000000)) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') preadv(r5, &(0x7f0000000240), 0x0, 0x0, 0x0) 1.239427205s ago: executing program 3 (id=1943): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000007c0)=@deltaction={0x1b4, 0x31, 0x20, 0x70bd25, 0x25dfdbfc, {}, [@TCA_ACT_TAB={0x90, 0x1, [{0x10, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3ff}}, {0x10, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x12, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0x14, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0xc, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}]}, @TCA_ACT_TAB={0x50, 0x1, [{0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x10, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0x10, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0x10, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0x1b, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}]}, @TCA_ACT_TAB={0x88, 0x1, [{0x14, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x10, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0x10, 0x3, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3d}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7fff}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0x10, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}, @TCA_ACT_TAB={0x38, 0x1, [{0xc, 0x97, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x10}}]}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="500000004e000104"], 0x50}}, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = syz_open_dev$sg(&(0x7f0000001600), 0x1, 0x800) read(r5, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) unshare(0x22020600) r7 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) r8 = fsmount(r7, 0x0, 0x0) r9 = openat$cgroup_pressure(r8, &(0x7f0000001840)='cpu.pressure\x00', 0x2, 0x0) io_setup(0x5, &(0x7f0000000480)=0x0) io_submit(r10, 0x1, &(0x7f0000000780)=[&(0x7f00000005c0)={0x0, 0x0, 0x0, 0x1, 0x0, r9, &(0x7f00000004c0)=')', 0x1}]) syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 1.214573517s ago: executing program 1 (id=1944): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000}) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000801, 0x0, &(0x7f00000000c0)={0xb, 0x0, 0x4, 0x40000000089, 0x1, 0x0, 0x0, 0x80000001, 0x7ffffffb}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000240), 0x3af4701e) r2 = fanotify_init(0x0, 0x1) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x001'], 0x20) 1.009734198s ago: executing program 1 (id=1945): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r1}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000640)={{{@in=@loopback, @in=@private=0xa010102, 0x4e24, 0x1, 0x4e20, 0x9, 0xa, 0x80, 0xa0, 0x67}, {0xf, 0x0, 0x52a00, 0x7, 0x1, 0x4, 0x8, 0x100}, {0xff, 0xb, 0x0, 0x3000}, 0x45d, 0x0, 0x0, 0x0, 0x2}, {{@in6=@private2, 0x4d6, 0x6c}, 0xa, @in6=@empty, 0x3501, 0x1, 0x3, 0x40, 0x0, 0x8}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x24000000, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x8}, 0x1c) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="fa", 0x1}], 0x1) 839.644571ms ago: executing program 1 (id=1946): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000500)=ANY=[@ANYRES64=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000340)=ANY=[@ANYRES8=r0], &(0x7f0000000380)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x2, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = fsopen(&(0x7f0000000040)='hfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x8, 0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) chdir(0x0) syz_clone3(&(0x7f0000000680)={0xa000, &(0x7f00000000c0), 0x0, 0x0, {0x4}, &(0x7f00000002c0)=""/32, 0x20, 0x0, 0x0}, 0x58) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r4, 0x0) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) r5 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000980)='#\n$)-.\x02\xcc\xd7\xb2f\xcdY\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112s\x88\n\x13:\xd6\xfa\xd5?\xc7\xfd&\x8d*\xbb|&#\xe9\xa3\'\x91>C\x1bV\x87\xeb\xfe\xda\x89\xb7}@\xab\x16\x9c{\x8c\x97\xcc\xe7\xa5\xf5\xeb2\x9a\xed%\xf2\x8f\x97\x18\xce\x92\xc9\xa8\x1c\x9d\\C\xfeI%\xae\x8fKHq\x89\x83\xbb\x9dC\xd6H\x80s\xd66y\xfao\x04\xa4\xb6\x88\xdb\xa1b\xae\xa7\x87\xcc\xc7\xa4\xdc\n=/o\xf3\x96\xaf\b1\x1b48\bu\x01\xab\x90Q\xe8r\xe7\r\'-06,\xff\x84x\'+\xd5\xd4?[e\x19\xa3\\J\xe9\x8a\xb9\xe495\x12B\x06\xe5\x8f\x83Vb\xf1\xbc\xb9E\x1a\x9bH$\x1f^\x9dX\xd0\xca\xcc\xc9\x86\xaa\xd0\x9c\xc0\x82\xabE\xcc{\xcd\xd3\xdb\x97\x1e.y\xb0\x9f\x8f\xefv\x9c\xbd%\x84\xbf\"\xd9\xb4Vm\t.\x15\xf1)\xd6\xd8\x1cb\xc5\xd9=c\xb5<|+K*\x9f\x01u', 0xfeffffff00000000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r6, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000}) close_range(r7, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.events\x00', 0x275a, 0x0) 168.359623ms ago: executing program 0 (id=1947): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000200)=@userptr={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, "b1cc37e0"}, 0x0, 0x2, {0x0}}) ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000280)=@mmap={0x0, 0x1, 0x4, 0x100004, 0x0, {0x0, 0xea60}, {0x0, 0xc, 0x0, 0x0, 0x0, 0x3, "37bb54f0"}, 0x80}) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0a00000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="0000000000c2098cceeb98b1d8dd000000010de7c4249db18532fa000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21, @ANYRES64=r2], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r4}, 0x10) setresuid(0xee01, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000700)={'#! ', './file0', [{0x20, '%'}, {0x20, '\xb9'}, {0x20, '/dev/video#\x00\xb4\xdf\xca\xa7U\x9a\xed\x17\x9d\x19\x18\xa3\x06\xf7\xa2\xdc\xd8}=\xc6=|k\xeawu5\xb3\xa5\xa1{\xf2\x1a\xdc\xdau\x97O\xfb\x989\x87\xbcW\xdb\xc73\xdb\xd2\xc31\x9c\xd9\xa3A\x8b\xb2\x02\xcbvL\xb7zo\x87\xfb%\xa4B\xe8\xb2\xb5:pk\x15\x1bH\xbf\xe8!Q\x82\x15enWb\x1d\xb2h\x9d\xd3{.\xc1n\xcf\x83\xa1\xb9X\x93U\xde\xb3a\xc8\xee\x90]v\xb2\xf4\x00\x16!\xa9)\xa6#\x8c6\x95\xf7\xad\xcaH\xb3\xc1'}, {0x20, '/dev/video#\x00'}, {}, {0x20, '\\/!['}], 0xa, "3aec5311b6508f839fc4fa0d145fe190c3588ee0874e5615e5440660c12db1a95998279fc48da987bf071ad325d2b3bd3d428748ceae07000000000000003587aac5ec6f270167a69404bd6aa4bbfef5fe923316377291f7b00179abe5406dd900229f5ebf14dd48f1b4eec0eea55e931d21878ebd5b9f78429aabb271b2d6660d94f2a2000000"}, 0x138) mbind(&(0x7f0000601000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x2) write$binfmt_script(r2, &(0x7f0000000000), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) fspick(r2, &(0x7f0000000380)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000c319b2afffba969b38cf4de343a00d1d011b97d0cb91b70fcb0f374ca29506a7ba68bbd0fc635434ec92e2e725028fc0e886fd8b49765629039740b70ff58edde9d0bd920be2648b33a3a53724d7a4fd1cc896f8a7bbfe55dd39e358d4401e4a86d2661bdc5cb5ff3881ced037b6cc0f0d9b5bc650b6b03f86dfc3e3e87b94abf06de190ee6800b18be11eaa2caa8d693f4850697195a482277f4702ed368f320c72c8d29385b526efc0763aae61c145cd34289cdfddd2deddbc77de3c1372787d82a2bb00df"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6d) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x200000000000030e}) r6 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000040)="27031c00160014000000002f1eafbcf706e105000000894f000f1102ee1680ca82973d2bd4b8bf4a8291a14b8a34f90186cee84400", 0x35}], 0x1}, 0x0) fsync(r6) close_range(r5, 0xffffffffffffffff, 0x0) 168.03292ms ago: executing program 2 (id=1948): chdir(&(0x7f0000000540)='./cgroup\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="08000000020000000b"], 0x4d0080) r1 = syz_open_dev$cec(&(0x7f00000004c0), 0xffffffffffffffff, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000000)={"c1396d54", 0x0, 0x9, 0x3, 0x7fffffff, 0x10000, "9ee1e29820a72cee44dcc39e7f01a5", "4ce9be73", "9d308c40", "5d3c1e5c", ["f07a28d6bc3df39686073b90", "465bbb869f1ecdeeec20b4a8", "77f36ac702281b5de3fd1885", "8f87091197fdc7604bb33c25"]}) 89.408108ms ago: executing program 2 (id=1949): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x38, r1, 0x1, 0x70bd2a, 0x0, {{0x39, 0x0, 0x1f}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x2, 0x9b1, 0x7, 0x3, 0x400, 0x8, 0x5, 0x5a8]}}]}]}]}, 0x38}, 0x1, 0x0, 0x1f000000, 0x2048080}, 0x0) 88.89893ms ago: executing program 2 (id=1950): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b70800000000000e7b8af0ff00000000bfa10000000000000701", @ANYBLOB="0000000000000000b70500000800000085000000c5000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000850000002300000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r0, 0x0, 0x0) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) bind$l2tp6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x6, @mcast2, 0x3, 0x2}, 0x20) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000000c0), 0x4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x44, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params, @NL80211_ATTR_CSA_IES={0x28, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x8, 0x1, 0x8, 0x7, 0x2, 0x7fd]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0x200, 0x1000]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x48, 0x7, 0x8, 0xf7]}]}]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000ec0)={0x58, 0x0, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x32, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x6}, @device_b, @device_a, @from_mac=@broadcast, {0x9, 0xc4d}, @value=@ver_80211n={0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1}}, 0x10, 0x9, @device_a, {0x0, 0x6, @default_ap_ssid}, @void, @void}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}]}, 0x58}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008084) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x20000, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000100)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000000000054d0900ac42002f1b33da0000000000"]) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) pwrite64(r4, &(0x7f00000000c0)="97", 0x1, 0x0) lseek(r4, 0xfb, 0x3) chdir(&(0x7f0000000000)='./bus\x00') copy_file_range(r4, 0x0, r4, &(0x7f0000000080)=0x32, 0x1, 0x0) 88.387725ms ago: executing program 3 (id=1951): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000002c0), r2) sendmsg$IEEE802154_LLSEC_LIST_DEV(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r3, 0x701}, 0x14}}, 0x0) openat$tun(0xffffff9c, &(0x7f0000000080), 0x8000, 0x0) r4 = syz_io_uring_setup(0x4e1, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100, 0x3, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) r7 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x80d01, 0x0) ioctl$BLKPG(r7, 0x1269, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r9 = epoll_create1(0x80000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r10 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r10, &(0x7f0000000480)=[{&(0x7f0000000080)='4', 0x1}], 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) r11 = fcntl$dupfd(r9, 0x2, 0xffffffffffffffff) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000200)=ANY=[@ANYRES32=r11, @ANYRES32=r8, @ANYBLOB="1100000000000000", @ANYBLOB="8c8709f1"], 0x14) io_uring_enter(r4, 0x708, 0x41e3, 0x0, 0x0, 0x0) r12 = socket(0x40000000015, 0x5, 0x0) connect$inet(r12, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000013c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300007e000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1a, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2600, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r13, 0x0, 0x14, 0xe80, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) readv(r12, &(0x7f0000000880)=[{&(0x7f0000000400)=""/50, 0x32}], 0x1) bind$inet(r12, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) 0s ago: executing program 1 (id=1952): openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0xc0, 0x61) r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) r1 = socket(0x2, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r2, 0xab03) ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x200000a) mount(&(0x7f0000000500)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0) (fail_nth: 27) kernel console output (not intermixed with test programs): ounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 224.066736][ T9897] lowmem_reserve[]: 0 294 0 0 0 [ 224.068321][ T9897] Node 0 DMA32 free:27372kB boost:6144kB min:19704kB low:23092kB high:26480kB reserved_highatomic:2048KB active_anon:1312kB inactive_anon:304kB active_file:0kB inactive_file:1284kB unevictable:3520kB writepending:12kB present:1032196kB managed:301748kB mlocked:0kB bounce:0kB free_pcp:5072kB local_pcp:4156kB free_cma:0kB [ 224.076704][ T9897] lowmem_reserve[]: 0 0 0 0 0 [ 224.078221][ T9897] Node 1 DMA32 free:195208kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:10240KB active_anon:42016kB inactive_anon:80kB active_file:34800kB inactive_file:105804kB unevictable:3536kB writepending:1120kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:16124kB local_pcp:9048kB free_cma:0kB [ 224.086843][ T9897] lowmem_reserve[]: 0 0 0 0 0 [ 224.088357][ T9897] Node 0 DMA: 41*4kB (U) 20*8kB (U) 9*16kB (U) 19*32kB (U) 7*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 1524kB [ 224.092176][ T9897] Node 0 DMA32: 160*4kB (UMEH) 90*8kB (UMEH) 77*16kB (UMEH) 158*32kB (UMEH) 59*64kB (UMEH) 22*128kB (UMEH) 9*256kB (UMH) 9*512kB (UMH) 2*1024kB (U) 2*2048kB (UM) 0*4096kB = 27296kB [ 224.098068][ T9897] Node 1 DMA32: 38*4kB (UMEH) 67*8kB (UMEH) 256*16kB (UMEH) 670*32kB (UMEH) 293*64kB (UMEH) 138*128kB (UMEH) 74*256kB (UMEH) 28*512kB (UMH) 17*1024kB (UH) 8*2048kB (U) 16*4096kB (UM) = 195248kB [ 224.104599][ T9897] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 224.107338][ T9897] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 224.109978][ T9897] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 224.112649][ T9897] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB [ 224.115359][ T9897] 43636 total pagecache pages [ 224.116726][ T9897] 72 pages in swap cache [ 224.119716][ T9897] Free swap = 121912kB [ 224.121004][ T9897] Total swap = 124996kB [ 224.122677][ T9897] 524155 pages RAM [ 224.123873][ T9897] 0 pages HighMem/MovableOnly [ 224.125226][ T9897] 207815 pages reserved [ 224.126412][ T9897] 0 pages cma reserved [ 224.302782][ T39] audit: type=1804 audit(1740063381.369:939): pid=9905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1044" name="/newroot/254/file0" dev="tmpfs" ino=1427 res=1 errno=0 [ 224.315944][ T9905] ref_ctr_offset mismatch. inode: 0x593 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 224.742726][ T9914] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1047'. [ 225.532510][ T9935] XFS (nullb0): Invalid superblock magic number [ 227.425925][ T9982] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1066'. [ 228.797339][ T6108] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 228.892879][T10019] XFS (nullb0): Invalid superblock magic number [ 228.977319][ T6108] usb 7-1: Using ep0 maxpacket: 32 [ 228.982516][ T6108] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 228.985105][ T6108] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 228.988414][ T6108] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 228.990925][ T6108] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 228.993724][ T6108] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 228.996361][ T6108] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 229.002060][ T6108] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 229.005127][ T6108] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.012798][ T6108] usb 7-1: config 0 descriptor?? [ 229.286643][T10029] ipvlan1: entered allmulticast mode [ 229.288341][T10029] veth0_vlan: entered allmulticast mode [ 229.333360][ T6108] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 27 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 229.604386][ C3] usblp0: nonzero read bulk status received: -71 [ 229.604536][ T2297] usb 7-1: USB disconnect, device number 27 [ 229.830193][T10032] usblp0: removed [ 230.487532][T10041] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1083'. [ 230.745190][T10046] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1085'. [ 231.031173][T10056] FAULT_INJECTION: forcing a failure. [ 231.031173][T10056] name failslab, interval 1, probability 0, space 0, times 0 [ 231.034815][T10056] CPU: 2 UID: 0 PID: 10056 Comm: syz.0.1089 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 231.034831][T10056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 231.034839][T10056] Call Trace: [ 231.034842][T10056] [ 231.034848][T10056] dump_stack_lvl+0x16c/0x1f0 [ 231.034869][T10056] should_fail_ex+0x50a/0x650 [ 231.034889][T10056] ? fs_reclaim_acquire+0xae/0x150 [ 231.034906][T10056] ? tomoyo_encode2+0x100/0x3e0 [ 231.034921][T10056] should_failslab+0xc2/0x120 [ 231.034932][T10056] __kmalloc_noprof+0xcb/0x510 [ 231.034952][T10056] tomoyo_encode2+0x100/0x3e0 [ 231.034968][T10056] tomoyo_encode+0x29/0x50 [ 231.034982][T10056] tomoyo_realpath_from_path+0x19d/0x720 [ 231.034998][T10056] ? tomoyo_fill_path_info+0x233/0x420 [ 231.035011][T10056] tomoyo_mount_acl+0x1af/0x880 [ 231.035025][T10056] ? hlock_class+0x4e/0x130 [ 231.035038][T10056] ? __lock_acquire+0x15a9/0x3c40 [ 231.035056][T10056] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 231.035072][T10056] ? __pfx___lock_acquire+0x10/0x10 [ 231.035086][T10056] ? stack_trace_save+0x95/0xd0 [ 231.035133][T10056] ? __pfx_lock_release+0x10/0x10 [ 231.035159][T10056] ? trace_lock_acquire+0x14e/0x1f0 [ 231.035171][T10056] ? tomoyo_mount_permission+0x149/0x420 [ 231.035186][T10056] ? lock_acquire+0x2f/0xb0 [ 231.035199][T10056] ? tomoyo_mount_permission+0x149/0x420 [ 231.035214][T10056] tomoyo_mount_permission+0x16e/0x420 [ 231.035227][T10056] ? tomoyo_mount_permission+0x149/0x420 [ 231.035242][T10056] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 231.035261][T10056] ? get_current_fs_domain+0x184/0x1f0 [ 231.035275][T10056] security_sb_mount+0x9b/0x260 [ 231.035289][T10056] path_mount+0x129/0x1f10 [ 231.035307][T10056] ? kmem_cache_free+0x2e2/0x4d0 [ 231.035323][T10056] ? __pfx_path_mount+0x10/0x10 [ 231.035341][T10056] ? putname+0x13c/0x180 [ 231.035355][T10056] __ia32_sys_mount+0x28d/0x310 [ 231.035372][T10056] ? __pfx___ia32_sys_mount+0x10/0x10 [ 231.035393][T10056] __do_fast_syscall_32+0x73/0x120 [ 231.035409][T10056] do_fast_syscall_32+0x32/0x80 [ 231.035423][T10056] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 231.035442][T10056] RIP: 0023:0xf7f85579 [ 231.035451][T10056] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 231.035463][T10056] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 231.035473][T10056] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000080 [ 231.035480][T10056] RDX: 0000000000000000 RSI: 0000000000201028 RDI: 0000000000000000 [ 231.035486][T10056] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 231.035492][T10056] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 231.035498][T10056] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 231.035510][T10056] [ 231.035520][T10056] ERROR: Out of memory at tomoyo_realpath_from_path. [ 231.437303][ T6108] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 231.537273][ T35] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 231.587203][ T6108] usb 5-1: Using ep0 maxpacket: 8 [ 231.589964][ T6108] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 231.592680][ T6108] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 231.595827][ T6108] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 231.600259][ T6108] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 231.605246][ T6108] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 231.609502][ T6108] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.688761][ T35] usb 6-1: Using ep0 maxpacket: 32 [ 231.699502][ T35] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 231.701934][ T35] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 231.704378][ T35] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 231.706884][ T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 231.710274][ T35] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 231.712988][ T35] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 231.716575][ T35] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 231.719212][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.727690][ T35] usb 6-1: config 0 descriptor?? [ 231.824154][ T6108] usb 5-1: usb_control_msg returned -32 [ 231.825886][ T6108] usbtmc 5-1:16.0: can't read capabilities [ 231.837573][ T76] usb 5-1: USB disconnect, device number 23 [ 232.041184][ T35] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 15 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 232.312455][ C1] usblp0: nonzero read bulk status received: -71 [ 232.312605][ T76] usb 6-1: USB disconnect, device number 15 [ 232.480417][T10079] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1097'. [ 232.517507][T10060] usblp0: removed [ 232.642766][T10082] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1098'. [ 233.781129][T10112] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1107'. [ 234.337401][ T5954] Bluetooth: hci4: command 0x1003 tx timeout [ 234.340497][ T5953] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 234.713558][T10138] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1116'. [ 235.977244][ T2297] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 236.138753][ T2297] usb 5-1: config index 0 descriptor too short (expected 65355, got 72) [ 236.142744][ T2297] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 236.145293][ T2297] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.147778][ T2297] usb 5-1: Product: syz [ 236.149200][ T2297] usb 5-1: Manufacturer: syz [ 236.150799][ T2297] usb 5-1: SerialNumber: syz [ 236.156658][ T2297] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 236.182196][ T2297] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 236.385498][T10151] FAULT_INJECTION: forcing a failure. [ 236.385498][T10151] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 236.393429][T10151] CPU: 0 UID: 0 PID: 10151 Comm: syz.0.1120 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 236.393450][T10151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 236.393457][T10151] Call Trace: [ 236.393461][T10151] [ 236.393466][T10151] dump_stack_lvl+0x16c/0x1f0 [ 236.393489][T10151] should_fail_ex+0x50a/0x650 [ 236.393510][T10151] _copy_to_user+0x32/0xd0 [ 236.393524][T10151] simple_read_from_buffer+0xd0/0x160 [ 236.393541][T10151] proc_fail_nth_read+0x198/0x270 [ 236.393587][T10151] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 236.393601][T10151] ? rw_verify_area+0xcf/0x680 [ 236.393616][T10151] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 236.393628][T10151] vfs_read+0x1df/0xbf0 [ 236.393644][T10151] ? __fget_files+0x1fc/0x3a0 [ 236.393661][T10151] ? __pfx___mutex_lock+0x10/0x10 [ 236.393676][T10151] ? __pfx_vfs_read+0x10/0x10 [ 236.393701][T10151] ? __fget_files+0x206/0x3a0 [ 236.393727][T10151] ksys_read+0x12b/0x250 [ 236.393746][T10151] ? __pfx_ksys_read+0x10/0x10 [ 236.393769][T10151] __do_fast_syscall_32+0x73/0x120 [ 236.393790][T10151] do_fast_syscall_32+0x32/0x80 [ 236.393809][T10151] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 236.393833][T10151] RIP: 0023:0xf7f85579 [ 236.393847][T10151] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 236.393862][T10151] RSP: 002b:00000000f50a6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 236.393878][T10151] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f50a6620 [ 236.393888][T10151] RDX: 000000000000000f RSI: 00000000f740cff4 RDI: 0000000000000000 [ 236.393898][T10151] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 236.393907][T10151] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 236.393916][T10151] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 236.393935][T10151] [ 236.454685][ T35] usb 5-1: USB disconnect, device number 24 [ 236.514324][T10164] /dev/nullb0: Can't lookup blockdev [ 237.217289][ T2297] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 237.219796][ T2297] ath9k_htc: Failed to initialize the device [ 237.232534][ T35] usb 5-1: ath9k_htc: USB layer deinitialized [ 237.245729][ T5953] Bluetooth: hci0: unexpected event for opcode 0x1003 [ 237.557265][ T35] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 237.707245][ T35] usb 5-1: Using ep0 maxpacket: 32 [ 237.710272][ T35] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 237.713024][ T35] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 237.715430][ T35] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 237.719366][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 237.722509][ T35] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 237.725750][ T35] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 237.730485][ T35] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 237.733656][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.737279][ T35] usb 5-1: config 0 descriptor?? [ 238.044916][T10184] ipvlan1: entered allmulticast mode [ 238.046623][T10184] veth0_vlan: entered allmulticast mode [ 238.090547][ T35] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 25 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 238.193684][T10187] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1132'. [ 238.501025][ C0] usblp0: nonzero read bulk status received: -71 [ 238.503083][ T2297] usb 5-1: USB disconnect, device number 25 [ 238.607250][ T6006] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 238.735261][T10163] usblp0: removed [ 238.747272][ T6006] usb 6-1: device descriptor read/64, error -71 [ 238.997237][ T6006] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 239.120183][ T5953] Bluetooth: hci0: unexpected event for opcode 0x1003 [ 239.127303][ T6006] usb 6-1: device descriptor read/64, error -71 [ 239.237488][ T6006] usb usb6-port1: attempt power cycle [ 239.769395][ T6006] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 239.787714][ T6006] usb 6-1: device descriptor read/8, error -71 [ 240.087287][ T6006] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 240.107856][ T6006] usb 6-1: device descriptor read/8, error -71 [ 240.217629][ T6006] usb usb6-port1: unable to enumerate USB device [ 240.641646][T10232] block nbd0: NBD_DISCONNECT [ 240.645183][ T5953] Bluetooth: hci3: unexpected event for opcode 0x1003 [ 241.583697][T10251] XFS (nullb0): Invalid superblock magic number [ 242.501807][T10280] ipvlan1: entered allmulticast mode [ 242.503417][T10280] veth0_vlan: entered allmulticast mode [ 243.075498][T10282] FAULT_INJECTION: forcing a failure. [ 243.075498][T10282] name (null), interval 1, probability 0, space 0, times 1 [ 243.079713][T10282] CPU: 0 UID: 0 PID: 10282 Comm: syz.1.1158 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 243.079728][T10282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 243.079744][T10282] Call Trace: [ 243.079749][T10282] [ 243.079754][T10282] dump_stack_lvl+0x16c/0x1f0 [ 243.079778][T10282] should_fail_ex+0x50a/0x650 [ 243.079799][T10282] null_queue_rq+0x2f1/0x1010 [ 243.079943][T10282] null_queue_rqs+0xe9/0x2f0 [ 243.079954][T10282] ? __pfx_null_queue_rqs+0x10/0x10 [ 243.079966][T10282] ? blk_mq_flush_plug_list+0x169b/0x1c60 [ 243.079983][T10282] __blk_mq_flush_plug_list+0x97/0xc0 [ 243.079999][T10282] blk_mq_flush_plug_list+0x16ce/0x1c60 [ 243.080012][T10282] ? rcu_is_watching+0x12/0xc0 [ 243.080026][T10282] ? trace_block_plug+0x196/0x220 [ 243.080044][T10282] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 243.080085][T10282] ? blk_mq_submit_bio+0x113a/0x25f0 [ 243.080108][T10282] __blk_flush_plug+0x2c5/0x4b0 [ 243.080124][T10282] ? __pfx___blk_flush_plug+0x10/0x10 [ 243.080140][T10282] __submit_bio+0x547/0x690 [ 243.080152][T10282] ? __pfx___submit_bio+0x10/0x10 [ 243.080168][T10282] ? ktime_get+0x200/0x310 [ 243.080182][T10282] ? lockdep_hardirqs_on+0x7c/0x110 [ 243.080199][T10282] ? submit_bio_noacct_nocheck+0x698/0xd70 [ 243.080211][T10282] submit_bio_noacct_nocheck+0x698/0xd70 [ 243.080224][T10282] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 243.080238][T10282] ? __pfx___might_resched+0x10/0x10 [ 243.080260][T10282] submit_bio_noacct+0x50d/0x1ec0 [ 243.080275][T10282] __bread_gfp+0x189/0x340 [ 243.080296][T10282] isofs_fill_super+0x559/0x2b40 [ 243.080382][T10282] ? __pfx_isofs_fill_super+0x10/0x10 [ 243.080394][T10282] ? set_blocksize+0x2a8/0x360 [ 243.080407][T10282] ? sb_set_blocksize+0xf6/0x120 [ 243.080419][T10282] ? setup_bdev_super+0x369/0x730 [ 243.080436][T10282] get_tree_bdev_flags+0x38b/0x620 [ 243.080451][T10282] ? __pfx_isofs_fill_super+0x10/0x10 [ 243.080463][T10282] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 243.080479][T10282] ? apparmor_capable+0x114/0x1d0 [ 243.080492][T10282] ? bpf_lsm_capable+0x9/0x10 [ 243.080504][T10282] ? security_capable+0x7e/0x260 [ 243.080523][T10282] vfs_get_tree+0x8b/0x340 [ 243.080536][T10282] path_mount+0x14e6/0x1f10 [ 243.080554][T10282] ? kmem_cache_free+0x2e2/0x4d0 [ 243.080571][T10282] ? __pfx_path_mount+0x10/0x10 [ 243.080590][T10282] ? putname+0x13c/0x180 [ 243.080603][T10282] __ia32_sys_mount+0x28d/0x310 [ 243.080620][T10282] ? __pfx___ia32_sys_mount+0x10/0x10 [ 243.080642][T10282] __do_fast_syscall_32+0x73/0x120 [ 243.080657][T10282] do_fast_syscall_32+0x32/0x80 [ 243.080671][T10282] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 243.080689][T10282] RIP: 0023:0xf73ee579 [ 243.080699][T10282] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 243.080711][T10282] RSP: 002b:00000000f505555c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 243.080721][T10282] RAX: ffffffffffffffda RBX: 0000000080000100 RCX: 00000000800002c0 [ 243.080728][T10282] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 243.080734][T10282] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 243.080740][T10282] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 243.080746][T10282] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 243.080759][T10282] [ 243.084296][T10282] ISOFS: Unable to identify CD-ROM format. [ 243.327285][ T6108] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 243.394740][T10292] bond0: entered promiscuous mode [ 243.396305][T10292] bond_slave_0: entered promiscuous mode [ 243.398762][T10292] bond_slave_1: entered promiscuous mode [ 243.401089][T10292] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 243.404692][T10292] bond0: left promiscuous mode [ 243.406043][T10292] bond_slave_0: left promiscuous mode [ 243.407720][T10292] bond_slave_1: left promiscuous mode [ 243.427353][ T35] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 243.457362][ T6108] usb 5-1: device descriptor read/64, error -71 [ 243.587245][ T35] usb 7-1: Using ep0 maxpacket: 32 [ 243.590373][ T35] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 243.592768][ T35] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 243.595185][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 243.597852][ T35] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 243.600584][ T35] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 243.603240][ T35] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 243.606836][ T35] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 243.609545][ T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.612747][ T35] usb 7-1: config 0 descriptor?? [ 243.697300][ T6108] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 243.827368][ T6108] usb 5-1: device descriptor read/64, error -71 [ 243.937566][ T6108] usb usb5-port1: attempt power cycle [ 243.961803][ T35] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 28 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 244.232473][ C2] usblp0: nonzero read bulk status received: -71 [ 244.234802][ T57] usb 7-1: USB disconnect, device number 28 [ 244.277290][ T6108] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 244.465118][T10288] usblp0: removed [ 244.579888][ T6108] usb 5-1: device descriptor read/8, error -71 [ 244.817509][ T6108] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 244.849427][ T6108] usb 5-1: device descriptor read/8, error -71 [ 244.957740][ T6108] usb usb5-port1: unable to enumerate USB device [ 246.317272][ T2297] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 246.477338][ T2297] usb 5-1: Using ep0 maxpacket: 32 [ 246.480307][ T2297] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 246.482547][ T2297] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 246.485177][ T2297] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 246.488676][ T2297] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 246.491679][ T2297] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 246.494682][ T2297] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 246.500638][ T2297] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 246.503258][ T2297] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.506399][ T2297] usb 5-1: config 0 descriptor?? [ 246.591486][T10347] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 246.831293][ T2297] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 30 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 247.088132][ C3] usblp0: nonzero read bulk status received: -71 [ 247.089563][ T2297] usb 5-1: USB disconnect, device number 30 [ 247.099433][T10360] /dev/nullb0: Can't open blockdev [ 247.311113][T10335] usblp0: removed [ 248.979242][T10401] FAULT_INJECTION: forcing a failure. [ 248.979242][T10401] name failslab, interval 1, probability 0, space 0, times 0 [ 248.983854][T10401] CPU: 3 UID: 0 PID: 10401 Comm: syz.1.1192 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 248.983875][T10401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 248.983886][T10401] Call Trace: [ 248.983892][T10401] [ 248.983899][T10401] dump_stack_lvl+0x16c/0x1f0 [ 248.983926][T10401] should_fail_ex+0x50a/0x650 [ 248.983951][T10401] ? fs_reclaim_acquire+0xae/0x150 [ 248.983973][T10401] ? bpf_test_init.isra.0+0xa5/0x150 [ 248.984186][T10401] should_failslab+0xc2/0x120 [ 248.984202][T10401] __kmalloc_noprof+0xcb/0x510 [ 248.984236][T10401] bpf_test_init.isra.0+0xa5/0x150 [ 248.984255][T10401] bpf_prog_test_run_xdp+0x4f0/0x1560 [ 248.984278][T10401] ? lock_acquire+0x2f/0xb0 [ 248.984299][T10401] ? __fget_files+0x40/0x3a0 [ 248.984321][T10401] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 248.984340][T10401] ? __fget_files+0x206/0x3a0 [ 248.984363][T10401] ? fput+0x67/0x440 [ 248.984379][T10401] ? __bpf_prog_get+0xa0/0x290 [ 248.984424][T10401] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 248.984442][T10401] __sys_bpf+0xfc6/0x49c0 [ 248.984464][T10401] ? __pfx_lock_release+0x10/0x10 [ 248.984485][T10401] ? __pfx___sys_bpf+0x10/0x10 [ 248.984505][T10401] ? vfs_write+0x306/0x1150 [ 248.984530][T10401] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 248.984561][T10401] ? fput+0x67/0x440 [ 248.984576][T10401] ? ksys_write+0x1ba/0x250 [ 248.984595][T10401] ? __pfx_ksys_write+0x10/0x10 [ 248.984618][T10401] __ia32_sys_bpf+0x76/0xe0 [ 248.984633][T10401] __do_fast_syscall_32+0x73/0x120 [ 248.984654][T10401] do_fast_syscall_32+0x32/0x80 [ 248.984672][T10401] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 248.984695][T10401] RIP: 0023:0xf73ee579 [ 248.984707][T10401] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 248.984722][T10401] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 248.984738][T10401] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000600 [ 248.984747][T10401] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 248.984756][T10401] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 248.984764][T10401] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 248.984773][T10401] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 248.984791][T10401] [ 249.402773][T10410] XFS (nullb0): Invalid superblock magic number [ 249.597372][ T2297] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 249.747272][ T2297] usb 7-1: Using ep0 maxpacket: 32 [ 249.750345][ T2297] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 249.752804][ T2297] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 249.755904][ T2297] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 249.760144][ T2297] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 249.763013][ T2297] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 249.765674][ T2297] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 249.769400][ T2297] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 249.772030][ T2297] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.775575][ T2297] usb 7-1: config 0 descriptor?? [ 250.089075][ T2297] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 29 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 250.325212][T10433] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 250.345347][ C3] usblp0: nonzero read bulk status received: -71 [ 250.347787][ T6108] usb 7-1: USB disconnect, device number 29 [ 250.552114][T10414] usblp0: removed [ 251.502742][T10455] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1208'. [ 251.515720][T10455] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1208'. [ 251.713347][T10461] XFS (nullb0): Invalid superblock magic number [ 251.930550][T10477] FAULT_INJECTION: forcing a failure. [ 251.930550][T10477] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 251.935023][T10477] CPU: 0 UID: 0 PID: 10477 Comm: syz.0.1211 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 251.935038][T10477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 251.935045][T10477] Call Trace: [ 251.935050][T10477] [ 251.935060][T10477] dump_stack_lvl+0x16c/0x1f0 [ 251.935084][T10477] should_fail_ex+0x50a/0x650 [ 251.935106][T10477] _copy_from_user+0x2e/0xd0 [ 251.935119][T10477] __do_compat_sys_socketcall+0x14f/0x700 [ 251.935164][T10477] ? __fget_files+0x206/0x3a0 [ 251.935182][T10477] ? __pfx___do_compat_sys_socketcall+0x10/0x10 [ 251.935196][T10477] ? fput+0x67/0x440 [ 251.935208][T10477] ? ksys_write+0x1ba/0x250 [ 251.935225][T10477] ? __pfx_ksys_write+0x10/0x10 [ 251.935243][T10477] __do_fast_syscall_32+0x73/0x120 [ 251.935260][T10477] do_fast_syscall_32+0x32/0x80 [ 251.935274][T10477] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 251.935293][T10477] RIP: 0023:0xf7f85579 [ 251.935302][T10477] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 251.935314][T10477] RSP: 002b:00000000f50844f0 EFLAGS: 00000286 ORIG_RAX: 0000000000000066 [ 251.935326][T10477] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000f5084500 [ 251.935332][T10477] RDX: 00000000f740cff4 RSI: 0000000000000000 RDI: 00000000f740cff4 [ 251.935339][T10477] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 251.935345][T10477] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 251.935351][T10477] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 251.935364][T10477] [ 252.234822][T10488] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 252.447405][ T6108] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 252.597234][ T6108] usb 6-1: Using ep0 maxpacket: 32 [ 252.601117][ T6108] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 252.604418][ T6108] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 252.608349][ T6108] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 252.612059][ T6108] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 252.615820][ T6108] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 252.619435][ T6108] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 252.624548][ T6108] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 252.628301][ T6108] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.634082][ T6108] usb 6-1: config 0 descriptor?? [ 252.960919][ T6108] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 20 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 253.216349][ C2] usblp0: nonzero read bulk status received: -71 [ 253.217438][ T8] usb 6-1: USB disconnect, device number 20 [ 253.421345][T10487] usblp0: removed [ 254.254200][T10521] block nbd1: NBD_DISCONNECT [ 254.297003][T10524] random: crng reseeded on system resumption [ 254.313390][ T39] audit: type=1326 audit(1740063411.379:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10523 comm="syz.1.1225" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x0 [ 255.189351][T10541] /dev/nullb0: Can't lookup blockdev [ 255.390142][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.392107][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.733464][T10553] FAULT_INJECTION: forcing a failure. [ 255.733464][T10553] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 255.738460][T10553] CPU: 0 UID: 0 PID: 10553 Comm: syz.2.1232 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 255.738484][T10553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 255.738494][T10553] Call Trace: [ 255.738499][T10553] [ 255.738506][T10553] dump_stack_lvl+0x16c/0x1f0 [ 255.738535][T10553] should_fail_ex+0x50a/0x650 [ 255.738565][T10553] _copy_to_user+0x32/0xd0 [ 255.738585][T10553] simple_read_from_buffer+0xd0/0x160 [ 255.738609][T10553] proc_fail_nth_read+0x198/0x270 [ 255.738630][T10553] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 255.738650][T10553] ? rw_verify_area+0xcf/0x680 [ 255.738669][T10553] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 255.738688][T10553] vfs_read+0x1df/0xbf0 [ 255.738708][T10553] ? __fget_files+0x1fc/0x3a0 [ 255.738731][T10553] ? __pfx___mutex_lock+0x10/0x10 [ 255.738751][T10553] ? __pfx_vfs_read+0x10/0x10 [ 255.738785][T10553] ? __fget_files+0x206/0x3a0 [ 255.738812][T10553] ksys_read+0x12b/0x250 [ 255.738831][T10553] ? __pfx_ksys_read+0x10/0x10 [ 255.738858][T10553] __do_fast_syscall_32+0x73/0x120 [ 255.738879][T10553] do_fast_syscall_32+0x32/0x80 [ 255.738898][T10553] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 255.738922][T10553] RIP: 0023:0xf7fc1579 [ 255.738936][T10553] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 255.738951][T10553] RSP: 002b:00000000f50e6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 255.738967][T10553] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50e6620 [ 255.738976][T10553] RDX: 000000000000000f RSI: 00000000f744cff4 RDI: 0000000000000000 [ 255.738985][T10553] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 255.738994][T10553] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 255.739003][T10553] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 255.739023][T10553] [ 255.951618][ T5953] Bluetooth: hci0: unexpected event for opcode 0x1003 [ 256.071454][T10551] XFS (nullb0): Invalid superblock magic number [ 256.913716][ T39] audit: type=1804 audit(1740063413.979:941): pid=10584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1239" name="/newroot/295/file0/file0" dev="9p" ino=36837569 res=1 errno=0 [ 257.616449][ T76] libceph: connect (1)[c::]:6789 error -101 [ 257.619575][ T76] libceph: mon0 (1)[c::]:6789 connect error [ 257.792119][T10602] block nbd0: NBD_DISCONNECT [ 257.794434][ T5953] Bluetooth: hci3: unexpected event for opcode 0x1003 [ 257.849797][T10597] ceph: No mds server is up or the cluster is laggy [ 258.222886][T10621] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1250'. [ 258.444927][T10626] XFS (nullb0): Invalid superblock magic number [ 258.638746][T10633] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1251'. [ 258.644219][T10633] netlink: 177 bytes leftover after parsing attributes in process `syz.3.1251'. [ 259.159011][ T76] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 259.194262][ T39] audit: type=1326 audit(1740063416.259:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10645 comm="syz.3.1256" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x0 [ 259.308523][ T76] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 259.311430][ T76] usb 6-1: config 0 has no interfaces? [ 259.313015][ T76] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 259.315518][ T76] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.320194][ T76] usb 6-1: config 0 descriptor?? [ 259.528120][ T8] usb 6-1: USB disconnect, device number 21 [ 259.597308][ T76] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 259.748899][ T76] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 259.751073][ T76] usb 7-1: can't read configurations, error -61 [ 259.882393][ T76] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 259.982399][ T39] audit: type=1326 audit(1740063417.049:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10654 comm="syz.0.1258" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f85579 code=0x0 [ 260.029656][ T76] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 260.032728][ T76] usb 7-1: can't read configurations, error -61 [ 260.036387][ T76] usb usb7-port1: attempt power cycle [ 260.038267][T10656] overlayfs: workdir and upperdir must be separate subtrees [ 260.078384][ T39] audit: type=1326 audit(1740063417.149:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10657 comm="syz.1.1259" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x0 [ 260.387485][ T76] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 260.420457][ T76] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 260.422661][ T76] usb 7-1: can't read configurations, error -61 [ 260.557384][ T76] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 260.590114][ T76] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 260.593257][ T76] usb 7-1: can't read configurations, error -61 [ 260.596064][ T76] usb usb7-port1: unable to enumerate USB device [ 261.638349][T10674] XFS (nullb0): Invalid superblock magic number [ 262.513909][T10707] usb 2-1: USB disconnect, device number 2 [ 262.614749][T10708] hub 2-0:1.0: USB hub found [ 262.616531][T10708] hub 2-0:1.0: 6 ports detected [ 262.807333][ T57] usb 2-1: new high-speed USB device number 3 using ehci-pci [ 262.993822][T10716] loop7: detected capacity change from 0 to 16384 [ 263.002079][ T57] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 263.004303][ T57] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 263.006256][ T57] usb 2-1: Product: QEMU USB Tablet [ 263.058570][ T57] usb 2-1: Manufacturer: QEMU [ 263.060491][ T57] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 263.095068][ T57] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0002/input/input12 [ 263.177247][ T57] hid-generic 0003:0627:0001.0002: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 263.188378][T10717] loop7: detected capacity change from 16384 to 16383 [ 263.599069][ T5953] Bluetooth: hci0: unexpected event for opcode 0x1003 [ 263.641760][T10727] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1276'. [ 264.959911][ T39] audit: type=1800 audit(1740063422.029:945): pid=10763 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.1.1289" name="/newroot/287/bus" dev="tmpfs" ino=1601 res=0 errno=0 [ 265.426813][T10767] XFS (nullb0): Invalid superblock magic number [ 265.480603][T10783] dvmrp0: entered allmulticast mode [ 265.543924][T10786] 9pnet_fd: Insufficient options for proto=fd [ 265.864876][T10795] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1296'. [ 266.362360][T10805] netlink: 'syz.2.1300': attribute type 1 has an invalid length. [ 267.038771][T10823] XFS (nullb0): Invalid superblock magic number [ 267.285534][T10832] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1306'. [ 267.577232][ T35] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 267.738507][ T35] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 267.747187][ T35] usb 6-1: config 0 has no interfaces? [ 267.748852][ T35] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 267.751326][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.754556][ T35] usb 6-1: config 0 descriptor?? [ 267.963802][ T2297] usb 6-1: USB disconnect, device number 22 [ 268.184772][T10861] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 268.252793][ T5953] Bluetooth: hci0: unexpected cc 0x203e length: 2 > 1 [ 268.254818][ T5953] Bluetooth: hci0: unexpected event for opcode 0x203e [ 268.638443][T10875] program syz.2.1319 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 269.567264][ T2297] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 269.729414][ T2297] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 269.732215][ T2297] usb 5-1: config 0 has no interfaces? [ 269.733786][ T2297] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 269.736364][ T2297] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.743440][ T2297] usb 5-1: config 0 descriptor?? [ 269.960485][ T56] usb 5-1: USB disconnect, device number 31 [ 271.617376][ T57] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 271.634152][T10939] FAULT_INJECTION: forcing a failure. [ 271.634152][T10939] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 271.638098][T10939] CPU: 3 UID: 0 PID: 10939 Comm: syz.1.1338 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 271.638113][T10939] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 271.638120][T10939] Call Trace: [ 271.638124][T10939] [ 271.638128][T10939] dump_stack_lvl+0x16c/0x1f0 [ 271.638151][T10939] should_fail_ex+0x50a/0x650 [ 271.638172][T10939] _copy_from_iter+0x2a1/0x1560 [ 271.638184][T10939] ? trace_lock_acquire+0x14e/0x1f0 [ 271.638199][T10939] ? __alloc_skb+0x1fe/0x380 [ 271.638246][T10939] ? __pfx__copy_from_iter+0x10/0x10 [ 271.638257][T10939] ? __virt_addr_valid+0x1a4/0x590 [ 271.638298][T10939] ? __virt_addr_valid+0x5e/0x590 [ 271.638309][T10939] ? __phys_addr_symbol+0x30/0x80 [ 271.638319][T10939] ? __check_object_size+0x488/0x710 [ 271.638353][T10939] netlink_sendmsg+0x813/0xd70 [ 271.638372][T10939] ? __pfx_netlink_sendmsg+0x10/0x10 [ 271.638390][T10939] ____sys_sendmsg+0xaaf/0xc90 [ 271.638404][T10939] ? __pfx_____sys_sendmsg+0x10/0x10 [ 271.638415][T10939] ? get_compat_msghdr+0x11b/0x170 [ 271.638435][T10939] ___sys_sendmsg+0x135/0x1e0 [ 271.638452][T10939] ? __pfx____sys_sendmsg+0x10/0x10 [ 271.638472][T10939] ? __pfx_lock_release+0x10/0x10 [ 271.638487][T10939] ? trace_lock_acquire+0x14e/0x1f0 [ 271.638503][T10939] ? __fget_files+0x206/0x3a0 [ 271.638524][T10939] __sys_sendmsg+0x16e/0x220 [ 271.638539][T10939] ? __pfx___sys_sendmsg+0x10/0x10 [ 271.638562][T10939] __do_fast_syscall_32+0x73/0x120 [ 271.638579][T10939] do_fast_syscall_32+0x32/0x80 [ 271.638592][T10939] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 271.638610][T10939] RIP: 0023:0xf73ee579 [ 271.638619][T10939] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 271.638631][T10939] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 271.638642][T10939] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 271.638648][T10939] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 271.638654][T10939] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 271.638660][T10939] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 271.638691][T10939] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 271.638705][T10939] [ 271.797222][ T57] usb 5-1: Using ep0 maxpacket: 32 [ 271.800370][ T57] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 271.802695][ T57] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 271.805085][ T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 271.809108][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 271.811683][ T57] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 271.814258][ T57] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 271.818085][ T57] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 271.820742][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.824027][ T57] usb 5-1: config 0 descriptor?? [ 272.007252][ T2297] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 272.160311][ T2297] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 272.163373][ T2297] usb 6-1: config 0 has no interfaces? [ 272.165009][ T2297] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 272.168124][ T57] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 32 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 272.171194][ T2297] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.178703][ T2297] usb 6-1: config 0 descriptor?? [ 272.388711][ T2297] usb 6-1: USB disconnect, device number 23 [ 272.419466][ C3] usblp0: nonzero read bulk status received: -71 [ 272.419676][ T57] usb 5-1: USB disconnect, device number 32 [ 272.631841][T10934] usblp0: removed [ 273.339885][T10979] random: crng reseeded on system resumption [ 273.348922][ T39] audit: type=1326 audit(1740063430.419:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10978 comm="syz.0.1351" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x0 [ 273.349088][T10979] Unrecognized hibernate image header format! [ 273.358973][T10979] PM: hibernation: Image mismatch: architecture specific data [ 273.706443][T10985] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1352'. [ 274.594891][T10996] program syz.2.1356 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 274.864318][T11001] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1357'. [ 274.878250][T11001] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1357'. [ 275.336068][T11010] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 275.339951][T11010] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 275.468952][T11018] XFS (nullb0): Invalid superblock magic number [ 275.838010][T11031] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 275.840618][T11031] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 275.842770][T11031] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 275.844970][T11031] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 275.847290][T11031] vxlan0: entered promiscuous mode [ 275.848844][T11031] vxlan0: entered allmulticast mode [ 275.857962][T11031] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 275.860371][T11031] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 275.862593][T11031] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 275.865031][T11031] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 275.971853][T11034] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 275.973696][T11034] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 276.317568][ T2297] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 276.467797][ T2297] usb 7-1: Using ep0 maxpacket: 32 [ 276.480945][ T2297] usb 7-1: config 0 has no interfaces? [ 276.482563][ T2297] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 276.487403][ T2297] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.492041][ T2297] usb 7-1: config 0 descriptor?? [ 276.664453][T11044] IPVS: set_ctl: invalid protocol: 2 172.20.20.187:20000 [ 276.855335][ T2297] usb 7-1: USB disconnect, device number 34 [ 278.169495][T11070] /dev/nullb0: Can't lookup blockdev [ 278.347236][ T64] usb 7-1: new high-speed USB device number 35 using dummy_hcd [ 278.507252][ T64] usb 7-1: Using ep0 maxpacket: 32 [ 278.510132][ T64] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 278.512495][ T64] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 278.514901][ T64] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 278.517580][ T64] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 278.520338][ T64] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 278.523074][ T64] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 278.526665][ T64] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 278.529280][ T64] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.532565][ T64] usb 7-1: config 0 descriptor?? [ 278.851587][ T64] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 35 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 279.107568][ C0] usblp0: nonzero read bulk status received: -71 [ 279.108174][ T64] usb 7-1: USB disconnect, device number 35 [ 279.323452][T11069] usblp0: removed [ 280.491390][T11110] loop2: detected capacity change from 0 to 7 [ 280.493738][T11110] Dev loop2: unable to read RDB block 7 [ 280.495906][T11110] loop2: AHDI p1 p3 [ 280.499680][T11110] loop2: partition table partially beyond EOD, truncated [ 280.502240][T11110] loop2: p1 start 4191936293 is beyond EOD, truncated [ 280.533083][T11114] FAULT_INJECTION: forcing a failure. [ 280.533083][T11114] name failslab, interval 1, probability 0, space 0, times 0 [ 280.537873][T11114] CPU: 0 UID: 0 PID: 11114 Comm: syz.1.1388 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 280.537889][T11114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 280.537897][T11114] Call Trace: [ 280.537901][T11114] [ 280.537906][T11114] dump_stack_lvl+0x16c/0x1f0 [ 280.537927][T11114] should_fail_ex+0x50a/0x650 [ 280.537947][T11114] ? fs_reclaim_acquire+0xae/0x150 [ 280.537966][T11114] should_failslab+0xc2/0x120 [ 280.537979][T11114] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 280.537998][T11114] ? __alloc_skb+0x2b1/0x380 [ 280.538016][T11114] __alloc_skb+0x2b1/0x380 [ 280.538030][T11114] ? __pfx___alloc_skb+0x10/0x10 [ 280.538045][T11114] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 280.538064][T11114] netlink_alloc_large_skb+0x69/0x130 [ 280.538079][T11114] netlink_sendmsg+0x689/0xd70 [ 280.538095][T11114] ? __pfx_netlink_sendmsg+0x10/0x10 [ 280.538114][T11114] ____sys_sendmsg+0xaaf/0xc90 [ 280.538127][T11114] ? __pfx_____sys_sendmsg+0x10/0x10 [ 280.538138][T11114] ? get_compat_msghdr+0x11b/0x170 [ 280.538157][T11114] ___sys_sendmsg+0x135/0x1e0 [ 280.538173][T11114] ? __pfx____sys_sendmsg+0x10/0x10 [ 280.538193][T11114] ? __pfx_lock_release+0x10/0x10 [ 280.538212][T11114] ? trace_lock_acquire+0x14e/0x1f0 [ 280.538228][T11114] ? __fget_files+0x206/0x3a0 [ 280.538248][T11114] __sys_sendmsg+0x16e/0x220 [ 280.538264][T11114] ? __pfx___sys_sendmsg+0x10/0x10 [ 280.538286][T11114] __do_fast_syscall_32+0x73/0x120 [ 280.538302][T11114] do_fast_syscall_32+0x32/0x80 [ 280.538316][T11114] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 280.538336][T11114] RIP: 0023:0xf73ee579 [ 280.538346][T11114] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 280.538357][T11114] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 280.538367][T11114] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 280.538374][T11114] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 280.538380][T11114] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 280.538385][T11114] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 280.538391][T11114] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 280.538404][T11114] [ 280.623226][ C0] vkms_vblank_simulate: vblank timer overrun [ 281.568184][ T8] usb 7-1: new full-speed USB device number 36 using dummy_hcd [ 281.727773][ T8] usb 7-1: device descriptor read/64, error -71 [ 281.987296][ T8] usb 7-1: new full-speed USB device number 37 using dummy_hcd [ 282.117244][ T8] usb 7-1: device descriptor read/64, error -71 [ 282.238752][ T8] usb usb7-port1: attempt power cycle [ 282.477203][ T76] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 282.574119][T11140] fuse: Unknown parameter '0x00000000000000030x0000000000000005' [ 282.587276][ T8] usb 7-1: new full-speed USB device number 38 using dummy_hcd [ 282.608910][ T8] usb 7-1: device descriptor read/8, error -71 [ 282.627209][ T76] usb 5-1: Using ep0 maxpacket: 32 [ 282.630596][ T76] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 282.637195][ T76] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 282.639558][ T76] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 282.642043][ T76] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 282.647238][ T76] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 282.649979][ T76] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 282.653533][ T76] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 282.667301][ T76] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.672203][ T76] usb 5-1: config 0 descriptor?? [ 282.867254][ T8] usb 7-1: new full-speed USB device number 39 using dummy_hcd [ 282.889101][ T8] usb 7-1: device descriptor read/8, error -71 [ 283.007760][ T8] usb usb7-port1: unable to enumerate USB device [ 283.032390][ T76] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 33 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 283.846980][ C2] usblp0: nonzero read bulk status received: -71 [ 283.848863][ T6006] usb 5-1: USB disconnect, device number 33 [ 284.072634][T11136] usblp0: removed [ 284.328460][T11166] program syz.2.1404 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 284.471634][T11169] IPVS: set_ctl: invalid protocol: 2 172.20.20.187:20000 [ 284.750562][T11174] syzkaller1: entered promiscuous mode [ 284.752236][T11174] syzkaller1: entered allmulticast mode [ 285.262024][T11185] can: request_module (can-proto-3) failed. [ 285.438783][T11195] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1412'. [ 288.136631][T11253] XFS (nullb0): Invalid superblock magic number [ 288.538718][ T5953] Bluetooth: hci3: unexpected event for opcode 0x1003 [ 289.037593][ T2297] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 289.187203][ T2297] usb 5-1: Using ep0 maxpacket: 32 [ 289.190081][ T2297] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 289.192433][ T2297] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 289.194932][ T2297] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 289.197718][ T2297] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 289.200413][ T2297] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 289.203047][ T2297] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 289.206854][ T2297] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 289.210360][ T2297] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.214353][ T2297] usb 5-1: config 0 descriptor?? [ 289.356671][T11283] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1440'. [ 289.412813][ T5953] Bluetooth: hci0: unexpected event for opcode 0x0003 [ 289.538086][ T2297] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 34 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 289.791596][ C3] usblp0: nonzero read bulk status received: -71 [ 289.797392][ T35] usb 5-1: USB disconnect, device number 34 [ 289.872010][T11299] /dev/nullb0: Can't open blockdev [ 290.007219][T11266] usblp0: removed [ 291.312748][ T5953] Bluetooth: hci0: unexpected event for opcode 0x202d [ 291.557736][T11335] /dev/nullb0: Can't lookup blockdev [ 291.607230][ T35] usb 7-1: new high-speed USB device number 40 using dummy_hcd [ 291.632208][T11339] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1458'. [ 291.635553][T11339] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1458'. [ 291.757174][ T35] usb 7-1: Using ep0 maxpacket: 32 [ 291.764981][ T35] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 291.769034][ T35] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 291.771523][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 291.774088][ T35] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 291.776787][ T35] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 291.780508][ T35] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 291.784219][ T35] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 291.786777][ T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.790035][ T35] usb 7-1: config 0 descriptor?? [ 292.120706][ T35] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 40 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 292.391216][ C0] usblp0: nonzero read bulk status received: -71 [ 292.394736][ T8] usb 7-1: USB disconnect, device number 40 [ 292.601368][T11333] usblp0: removed [ 294.477289][T11378] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1468'. [ 294.517981][T11380] overlay: Unknown parameter 'appraise_type' [ 294.737221][T11388] /dev/nullb0: Can't lookup blockdev [ 295.147281][ T35] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 295.307317][ T35] usb 5-1: Using ep0 maxpacket: 32 [ 295.310144][ T35] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 295.312630][ T35] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 295.315033][ T35] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 295.317746][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 295.320432][ T35] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 295.323152][ T35] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 295.326706][ T35] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 295.329431][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.332674][ T35] usb 5-1: config 0 descriptor?? [ 295.652451][ T35] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 35 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 295.828556][T11404] tipc: Started in network mode [ 295.830038][T11404] tipc: Node identity 7f000001, cluster identity 4711 [ 295.831992][T11404] tipc: Enabling of bearer rejected, failed to enable media [ 295.916289][ C3] usblp0: nonzero read bulk status received: -71 [ 295.919918][ T35] usb 5-1: USB disconnect, device number 35 [ 296.127525][T11390] usblp0: removed [ 297.009473][T11424] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1484'. [ 297.773534][T11458] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1494'. [ 297.777285][T11458] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 297.779394][T11458] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 297.789740][T11458] team0: No ports can be present during mode change [ 297.854673][T11463] IPVS: Error connecting to the multicast addr [ 298.315771][T11473] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1497'. [ 299.011909][T11502] program syz.0.1507 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 299.258937][ T5953] Bluetooth: hci0: unexpected event for opcode 0x1003 [ 299.839859][T11520] ieee802154 phy0 wpan0: encryption failed: -22 [ 299.841725][T11520] FAULT_INJECTION: forcing a failure. [ 299.841725][T11520] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 299.846698][T11520] CPU: 3 UID: 0 PID: 11520 Comm: syz.0.1511 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 299.846717][T11520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 299.846725][T11520] Call Trace: [ 299.846729][T11520] [ 299.846735][T11520] dump_stack_lvl+0x16c/0x1f0 [ 299.846757][T11520] should_fail_ex+0x50a/0x650 [ 299.846781][T11520] _copy_to_user+0x32/0xd0 [ 299.846794][T11520] simple_read_from_buffer+0xd0/0x160 [ 299.846813][T11520] proc_fail_nth_read+0x198/0x270 [ 299.846829][T11520] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 299.846842][T11520] ? rw_verify_area+0xcf/0x680 [ 299.846858][T11520] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 299.846871][T11520] vfs_read+0x1df/0xbf0 [ 299.846886][T11520] ? __fget_files+0x1fc/0x3a0 [ 299.846903][T11520] ? __pfx___mutex_lock+0x10/0x10 [ 299.846917][T11520] ? __pfx_vfs_read+0x10/0x10 [ 299.846936][T11520] ? __fget_files+0x206/0x3a0 [ 299.846954][T11520] ksys_read+0x12b/0x250 [ 299.846968][T11520] ? __pfx_ksys_read+0x10/0x10 [ 299.846986][T11520] __do_fast_syscall_32+0x73/0x120 [ 299.847002][T11520] do_fast_syscall_32+0x32/0x80 [ 299.847015][T11520] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 299.847035][T11520] RIP: 0023:0xf7f85579 [ 299.847044][T11520] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 299.847055][T11520] RSP: 002b:00000000f50a6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 299.847066][T11520] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f50a6620 [ 299.847072][T11520] RDX: 000000000000000f RSI: 00000000f740cff4 RDI: 0000000000000000 [ 299.847079][T11520] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 299.847085][T11520] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 299.847091][T11520] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 299.847112][T11520] [ 300.853248][T11549] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1523'. [ 300.975894][T11555] program syz.0.1526 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 301.851392][T11565] FAULT_INJECTION: forcing a failure. [ 301.851392][T11565] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 301.855108][T11565] CPU: 3 UID: 0 PID: 11565 Comm: syz.2.1529 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 301.855123][T11565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 301.855130][T11565] Call Trace: [ 301.855134][T11565] [ 301.855140][T11565] dump_stack_lvl+0x16c/0x1f0 [ 301.855162][T11565] should_fail_ex+0x50a/0x650 [ 301.855185][T11565] _copy_from_user+0x2e/0xd0 [ 301.855198][T11565] __do_compat_sys_socketcall+0x14f/0x700 [ 301.855215][T11565] ? __fget_files+0x206/0x3a0 [ 301.855232][T11565] ? __pfx___do_compat_sys_socketcall+0x10/0x10 [ 301.855246][T11565] ? fput+0x67/0x440 [ 301.855257][T11565] ? ksys_write+0x1ba/0x250 [ 301.855273][T11565] ? __pfx_ksys_write+0x10/0x10 [ 301.855291][T11565] __do_fast_syscall_32+0x73/0x120 [ 301.855307][T11565] do_fast_syscall_32+0x32/0x80 [ 301.855321][T11565] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 301.855341][T11565] RIP: 0023:0xf7fc1579 [ 301.855350][T11565] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 301.855362][T11565] RSP: 002b:00000000f50e5430 EFLAGS: 00000293 ORIG_RAX: 0000000000000066 [ 301.855372][T11565] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f50e5444 [ 301.855379][T11565] RDX: 0000000000000000 RSI: 00000000f50e5560 RDI: 00000000f744cff4 [ 301.855385][T11565] RBP: 00000000f50e5560 R08: 0000000000000000 R09: 0000000000000000 [ 301.855391][T11565] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 301.855397][T11565] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 301.855410][T11565] [ 301.932981][T11570] ieee802154 phy0 wpan0: encryption failed: -22 [ 301.991229][T11575] Invalid option length (1025206) for dns_resolver key [ 302.145464][T11579] program syz.1.1535 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 302.202211][T11575] dummy0 speed is unknown, defaulting to 1000 [ 302.207625][T11575] lo speed is unknown, defaulting to 1000 [ 302.255339][T11587] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1534'. [ 302.938698][T11593] /dev/nullb0: Can't lookup blockdev [ 304.320757][T11632] kAFS: unparsable volume name [ 304.658302][T11645] XFS (nullb0): Invalid superblock magic number [ 305.507294][ T35] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 305.637273][ T35] usb 6-1: device descriptor read/64, error -71 [ 305.843609][T11685] FAULT_INJECTION: forcing a failure. [ 305.843609][T11685] name failslab, interval 1, probability 0, space 0, times 0 [ 305.847688][T11685] CPU: 3 UID: 0 PID: 11685 Comm: syz.2.1565 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 305.847707][T11685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 305.847715][T11685] Call Trace: [ 305.847720][T11685] [ 305.847726][T11685] dump_stack_lvl+0x16c/0x1f0 [ 305.847751][T11685] should_fail_ex+0x50a/0x650 [ 305.847771][T11685] ? fs_reclaim_acquire+0xae/0x150 [ 305.847789][T11685] should_failslab+0xc2/0x120 [ 305.847802][T11685] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 305.847819][T11685] ? __pfx___might_resched+0x10/0x10 [ 305.847839][T11685] ? alloc_vmap_area+0x636/0x2a60 [ 305.847855][T11685] alloc_vmap_area+0x636/0x2a60 [ 305.847873][T11685] ? __pfx_alloc_vmap_area+0x10/0x10 [ 305.847890][T11685] __get_vm_area_node+0x19e/0x2f0 [ 305.847906][T11685] __vmalloc_node_range_noprof+0x26a/0x1530 [ 305.847921][T11685] ? xt_compat_init_offsets+0xe1/0x1f0 [ 305.847972][T11685] ? xt_find_table_lock+0x59/0x520 [ 305.847992][T11685] ? xt_compat_init_offsets+0xe1/0x1f0 [ 305.848009][T11685] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 305.848024][T11685] ? net_generic+0xea/0x2a0 [ 305.848037][T11685] ? __pfx_lock_release+0x10/0x10 [ 305.848057][T11685] ? xt_compat_init_offsets+0xe1/0x1f0 [ 305.848072][T11685] vmalloc_noprof+0x6b/0x90 [ 305.848086][T11685] ? xt_compat_init_offsets+0xe1/0x1f0 [ 305.848100][T11685] xt_compat_init_offsets+0xe1/0x1f0 [ 305.848114][T11685] ? __asan_memcpy+0x3c/0x60 [ 305.848130][T11685] compat_table_info+0xb8/0x510 [ 305.848231][T11685] get_info+0x2f4/0x7c0 [ 305.848242][T11685] ? __pfx_get_info+0x10/0x10 [ 305.848252][T11685] ? lock_acquire.part.0+0x11b/0x380 [ 305.848270][T11685] ? __pfx_aa_get_newest_label+0x10/0x10 [ 305.848289][T11685] ? bpf_lsm_capable+0x9/0x10 [ 305.848302][T11685] ? security_capable+0x7e/0x260 [ 305.848322][T11685] do_arpt_get_ctl+0x4ae/0x9a0 [ 305.848334][T11685] ? __pfx_do_arpt_get_ctl+0x10/0x10 [ 305.848344][T11685] ? find_held_lock+0x2d/0x110 [ 305.848359][T11685] ? __pfx_lock_release+0x10/0x10 [ 305.848376][T11685] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 305.848414][T11685] nf_getsockopt+0x79/0xe0 [ 305.848428][T11685] ip_getsockopt+0x18e/0x1e0 [ 305.848468][T11685] ? __pfx_ip_getsockopt+0x10/0x10 [ 305.848486][T11685] ? aa_sk_perm+0x2f5/0xb20 [ 305.848504][T11685] dccp_getsockopt+0xe4/0x990 [ 305.848568][T11685] ? __pfx_dccp_getsockopt+0x10/0x10 [ 305.848585][T11685] ? find_held_lock+0x2d/0x110 [ 305.848598][T11685] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 305.848619][T11685] do_sock_getsockopt+0x3fe/0x800 [ 305.848632][T11685] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 305.848643][T11685] ? lock_acquire+0x2f/0xb0 [ 305.848657][T11685] ? __fget_files+0x40/0x3a0 [ 305.848675][T11685] ? __fget_files+0x206/0x3a0 [ 305.848694][T11685] __sys_getsockopt+0x12f/0x260 [ 305.848712][T11685] __ia32_sys_getsockopt+0xbc/0x160 [ 305.848726][T11685] ? lockdep_hardirqs_on+0x7c/0x110 [ 305.848740][T11685] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 305.848753][T11685] __do_fast_syscall_32+0x73/0x120 [ 305.848769][T11685] do_fast_syscall_32+0x32/0x80 [ 305.848782][T11685] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 305.848802][T11685] RIP: 0023:0xf7fc1579 [ 305.848811][T11685] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 305.848822][T11685] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 000000000000016d [ 305.848833][T11685] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000 [ 305.848840][T11685] RDX: 0000000000000060 RSI: 0000000080000000 RDI: 0000000080000080 [ 305.848846][T11685] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 305.848852][T11685] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 305.848858][T11685] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 305.848871][T11685] [ 305.848887][T11685] syz.2.1565: vmalloc error: size 32, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset= [ 305.965822][ T35] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 305.972947][T11685] /,mems_allowed=0-1 [ 305.974233][T11685] CPU: 3 UID: 0 PID: 11685 Comm: syz.2.1565 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 305.974247][T11685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 305.974254][T11685] Call Trace: [ 305.974258][T11685] [ 305.974263][T11685] dump_stack_lvl+0x16c/0x1f0 [ 305.974284][T11685] warn_alloc+0x24d/0x3a0 [ 305.974305][T11685] ? __pfx_warn_alloc+0x10/0x10 [ 305.974323][T11685] ? kfree+0x2c4/0x4d0 [ 305.974341][T11685] ? __get_vm_area_node+0x1dc/0x2f0 [ 305.974398][T11685] __vmalloc_node_range_noprof+0xd24/0x1530 [ 305.974412][T11685] ? xt_find_table_lock+0x59/0x520 [ 305.974435][T11685] ? xt_compat_init_offsets+0xe1/0x1f0 [ 305.974486][T11685] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 305.974510][T11685] ? net_generic+0xea/0x2a0 [ 305.974525][T11685] ? __pfx_lock_release+0x10/0x10 [ 305.974545][T11685] ? xt_compat_init_offsets+0xe1/0x1f0 [ 305.974560][T11685] vmalloc_noprof+0x6b/0x90 [ 305.974576][T11685] ? xt_compat_init_offsets+0xe1/0x1f0 [ 305.974589][T11685] xt_compat_init_offsets+0xe1/0x1f0 [ 305.974603][T11685] ? __asan_memcpy+0x3c/0x60 [ 305.974619][T11685] compat_table_info+0xb8/0x510 [ 305.974642][T11685] get_info+0x2f4/0x7c0 [ 305.974653][T11685] ? __pfx_get_info+0x10/0x10 [ 305.974663][T11685] ? lock_acquire.part.0+0x11b/0x380 [ 305.974681][T11685] ? __pfx_aa_get_newest_label+0x10/0x10 [ 305.974703][T11685] ? bpf_lsm_capable+0x9/0x10 [ 305.974715][T11685] ? security_capable+0x7e/0x260 [ 305.974735][T11685] do_arpt_get_ctl+0x4ae/0x9a0 [ 305.974747][T11685] ? __pfx_do_arpt_get_ctl+0x10/0x10 [ 305.974757][T11685] ? find_held_lock+0x2d/0x110 [ 305.974772][T11685] ? __pfx_lock_release+0x10/0x10 [ 305.974789][T11685] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 305.974807][T11685] nf_getsockopt+0x79/0xe0 [ 305.974821][T11685] ip_getsockopt+0x18e/0x1e0 [ 305.974840][T11685] ? __pfx_ip_getsockopt+0x10/0x10 [ 305.974858][T11685] ? aa_sk_perm+0x2f5/0xb20 [ 305.974872][T11685] dccp_getsockopt+0xe4/0x990 [ 305.974892][T11685] ? __pfx_dccp_getsockopt+0x10/0x10 [ 305.974910][T11685] ? find_held_lock+0x2d/0x110 [ 305.974923][T11685] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 305.974944][T11685] do_sock_getsockopt+0x3fe/0x800 [ 305.974956][T11685] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 305.974967][T11685] ? lock_acquire+0x2f/0xb0 [ 305.974980][T11685] ? __fget_files+0x40/0x3a0 [ 305.974999][T11685] ? __fget_files+0x206/0x3a0 [ 305.975017][T11685] __sys_getsockopt+0x12f/0x260 [ 305.975035][T11685] __ia32_sys_getsockopt+0xbc/0x160 [ 305.975049][T11685] ? lockdep_hardirqs_on+0x7c/0x110 [ 305.975064][T11685] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 305.975077][T11685] __do_fast_syscall_32+0x73/0x120 [ 305.975093][T11685] do_fast_syscall_32+0x32/0x80 [ 305.975107][T11685] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 305.975126][T11685] RIP: 0023:0xf7fc1579 [ 305.975135][T11685] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 305.975146][T11685] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 000000000000016d [ 305.975157][T11685] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000 [ 305.975164][T11685] RDX: 0000000000000060 RSI: 0000000080000000 RDI: 0000000080000080 [ 305.975170][T11685] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 305.975176][T11685] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 305.975183][T11685] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 305.975195][T11685] [ 305.975200][T11685] Mem-Info: [ 306.030586][T11686] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1561'. [ 306.032110][T11685] active_anon:8370 inactive_anon:15881 isolated_anon:0 [ 306.032110][T11685] active_file:3671 inactive_file:11837 isolated_file:0 [ 306.032110][T11685] unevictable:19109 dirty:175 writeback:0 [ 306.032110][T11685] slab_reclaimable:6214 slab_unreclaimable:58381 [ 306.032110][T11685] mapped:28814 shmem:25057 pagetables:836 [ 306.032110][T11685] sec_pagetables:309 bounce:0 [ 306.032110][T11685] kernel_misc_reclaimable:0 [ 306.032110][T11685] free:48128 free_pcp:3359 free_cma:0 [ 306.089826][ T35] usb 6-1: device descriptor read/64, error -71 [ 306.091674][T11685] Node 0 active_anon:6340kB inactive_anon:0kB active_file:2276kB inactive_file:52kB unevictable:4556kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:12kB writeback:0kB shmem:9392kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8784kB pagetables:692kB sec_pagetables:1144kB all_unreclaimable? yes [ 306.100246][T11685] Node 1 active_anon:27140kB inactive_anon:63524kB active_file:12408kB inactive_file:47296kB unevictable:71880kB isolated(anon):0kB isolated(file):0kB mapped:115220kB dirty:688kB writeback:0kB shmem:90836kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3612kB pagetables:2652kB sec_pagetables:92kB all_unreclaimable? no [ 306.109280][T11685] Node 0 DMA free:1380kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 306.116801][T11685] lowmem_reserve[]: 0 294 0 0 0 [ 306.118218][T11685] Node 0 DMA32 free:22940kB boost:6144kB min:19704kB low:23092kB high:26480kB reserved_highatomic:0KB active_anon:6340kB inactive_anon:0kB active_file:2276kB inactive_file:52kB unevictable:4556kB writepending:12kB present:1032196kB managed:301748kB mlocked:808kB bounce:0kB free_pcp:3096kB local_pcp:1188kB free_cma:0kB [ 306.128717][T11685] lowmem_reserve[]: 0 0 0 0 0 [ 306.130075][T11685] Node 1 DMA32 free:168192kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:27140kB inactive_anon:63524kB active_file:12408kB inactive_file:47296kB unevictable:71880kB writepending:688kB present:1048432kB managed:948252kB mlocked:7384kB bounce:0kB free_pcp:10296kB local_pcp:988kB free_cma:0kB [ 306.138571][T11685] lowmem_reserve[]: 0 0 0 0 0 [ 306.140004][T11685] Node 0 DMA: 17*4kB (U) 18*8kB (U) 7*16kB (U) 19*32kB (U) 7*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 1380kB [ 306.143795][T11685] Node 0 DMA32: 113*4kB (UE) 121*8kB (UME) 61*16kB (U) 180*32kB (UME) 73*64kB (UME) 31*128kB (UME) 12*256kB (UM) 6*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 22940kB [ 306.148697][T11685] Node 1 DMA32: 470*4kB (ME) 228*8kB (UME) 711*16kB (UME) 467*32kB (UME) 256*64kB (UME) 163*128kB (UME) 102*256kB (UME) 56*512kB (U) 41*1024kB (UM) 2*2048kB (M) 0*4096kB = 168136kB [ 306.153693][T11685] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 306.156275][T11685] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 306.158860][T11685] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 306.161491][T11685] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 306.164091][T11685] 56124 total pagecache pages [ 306.165413][T11685] 258 pages in swap cache [ 306.166640][T11685] Free swap = 97856kB [ 306.167902][T11685] Total swap = 124996kB [ 306.169101][T11685] 524155 pages RAM [ 306.170152][T11685] 0 pages HighMem/MovableOnly [ 306.171488][T11685] 207815 pages reserved [ 306.172651][T11685] 0 pages cma reserved [ 306.197823][ T35] usb usb6-port1: attempt power cycle [ 306.547290][ T35] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 306.567814][ T35] usb 6-1: device descriptor read/8, error -71 [ 306.643637][T11693] XFS (nullb0): Invalid superblock magic number [ 306.807408][ T35] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 306.827668][ T35] usb 6-1: device descriptor read/8, error -71 [ 306.937586][ T35] usb usb6-port1: unable to enumerate USB device [ 308.231427][T11727] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1576'. [ 308.505731][T11735] netlink: 'syz.3.1579': attribute type 1 has an invalid length. [ 308.530897][T11735] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1579'. [ 308.537856][T11735] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 308.542037][T11735] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 308.556316][T11735] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 308.560719][T11735] bond1 (unregistering): Released all slaves [ 308.606177][T11738] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1579'. [ 308.701045][T11740] XFS (nullb0): Invalid superblock magic number [ 308.717773][ T35] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 308.877261][ T35] usb 6-1: Using ep0 maxpacket: 32 [ 308.880527][ T35] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 308.882825][ T35] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 308.885278][ T35] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 308.888154][ T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 308.890942][ T35] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 308.893634][ T35] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 308.897486][ T35] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 308.900442][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.903773][ T35] usb 6-1: config 0 descriptor?? [ 309.279162][ T35] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 28 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 309.401351][ T2297] lo speed is unknown, defaulting to 1000 [ 309.541374][ C0] usblp0: nonzero read bulk status received: -71 [ 309.548538][ T76] usb 6-1: USB disconnect, device number 28 [ 309.791627][T11731] usblp0: removed [ 310.248341][T11776] program syz.2.1589 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 310.496591][T11792] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1591'. [ 310.986492][T11807] XFS (nullb0): Invalid superblock magic number [ 311.834301][T11829] dvmrp9: entered allmulticast mode [ 312.607441][ T76] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 312.757286][ T76] usb 5-1: Using ep0 maxpacket: 32 [ 312.760278][ T76] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 312.762618][ T76] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 312.764923][ T76] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 312.767673][ T76] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 312.770260][ T76] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 312.772826][ T76] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 312.776367][ T76] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 312.779275][ T76] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.782950][ T76] usb 5-1: config 0 descriptor?? [ 312.824216][T11857] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1608'. [ 312.826642][T11857] tipc: Cannot configure node identity twice [ 313.129545][T11864] /dev/nullb0: Can't open blockdev [ 313.155147][ T76] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 36 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 313.434773][ C0] usblp0: nonzero read bulk status received: -71 [ 313.436471][ T6297] usb 5-1: USB disconnect, device number 36 [ 313.665307][T11851] usblp0: removed [ 316.563505][T11931] /dev/nullb0: Can't lookup blockdev [ 316.750654][T11939] netlink: zone id is out of range [ 316.828472][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.830256][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.990038][T11939] netlink: set zone limit has 4 unknown bytes [ 317.215985][T11947] netlink: zone id is out of range [ 317.219541][T11947] netlink: zone id is out of range [ 317.239169][T11947] netlink: zone id is out of range [ 317.267480][T11947] netlink: zone id is out of range [ 317.297687][T11947] netlink: zone id is out of range [ 317.359492][T11947] netlink: zone id is out of range [ 317.410696][T11947] netlink: zone id is out of range [ 317.513313][T11947] netlink: set zone limit has 4 unknown bytes [ 318.969283][T11982] XFS (nullb0): Invalid superblock magic number [ 319.203148][T11992] syzkaller0: entered allmulticast mode [ 319.900489][ T5953] Bluetooth: unknown link type 108 [ 319.902433][ T5953] Bluetooth: hci0: connection err: -111 [ 320.140834][T12006] netlink: 'syz.3.1645': attribute type 1 has an invalid length. [ 320.994625][T12011] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 320.996910][T12011] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 320.999199][T12011] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 321.001382][T12011] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 321.007041][T12011] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 321.009915][T12011] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 321.012231][T12011] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 321.014517][T12011] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 321.243594][T12032] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1653'. [ 321.675900][T12038] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1655'. [ 321.679094][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.681493][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.684671][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.687420][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.690701][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.693997][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.696359][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.702811][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.704648][T12026] /dev/nullb0: Can't lookup blockdev [ 321.710675][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.727647][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.731939][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.745067][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.747946][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.750789][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.753885][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.760054][T12040] vlan0: entered promiscuous mode [ 321.783260][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.793598][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.805090][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.813639][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.822201][T12040] team0: Port device vlan0 added [ 321.824459][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.828533][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.831434][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.834300][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.838339][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.841230][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.844096][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.851608][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.854692][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.858162][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.861399][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.864428][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.866609][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.869666][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.872222][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.874478][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.876801][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.879406][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.881903][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.884311][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.886692][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.889348][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.891821][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.894022][ T76] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 321.909411][ T76] hid-generic 0000:0000:0000.0003: hidraw1: HID v0.00 Device [syz0] on syz1 [ 323.019457][T12062] syzkaller0: entered allmulticast mode [ 324.605127][T12091] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1670'. [ 324.734977][T12100] FAULT_INJECTION: forcing a failure. [ 324.734977][T12100] name failslab, interval 1, probability 0, space 0, times 0 [ 324.740772][T12100] CPU: 2 UID: 0 PID: 12100 Comm: syz.2.1671 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 324.740800][T12100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 324.740807][T12100] Call Trace: [ 324.740812][T12100] [ 324.740817][T12100] dump_stack_lvl+0x16c/0x1f0 [ 324.740841][T12100] should_fail_ex+0x50a/0x650 [ 324.740860][T12100] ? fs_reclaim_acquire+0xae/0x150 [ 324.740877][T12100] ? p9_fcall_init+0x97/0x260 [ 324.740916][T12100] should_failslab+0xc2/0x120 [ 324.740929][T12100] __kmalloc_noprof+0xcb/0x510 [ 324.740946][T12100] ? rcu_is_watching+0x12/0xc0 [ 324.740962][T12100] p9_fcall_init+0x97/0x260 [ 324.740974][T12100] p9_tag_alloc+0x17a/0x660 [ 324.740986][T12100] ? __pfx_p9_tag_alloc+0x10/0x10 [ 324.740999][T12100] ? __lock_acquire+0x15a9/0x3c40 [ 324.741019][T12100] p9_client_prepare_req+0x19f/0x4d0 [ 324.741032][T12100] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 324.741046][T12100] ? hlock_class+0x4e/0x130 [ 324.741057][T12100] ? mark_lock+0xb5/0xc60 [ 324.741073][T12100] p9_client_rpc+0x1c3/0xc10 [ 324.741085][T12100] ? node_tag_clear+0x106/0x290 [ 324.741097][T12100] ? __pfx_p9_client_rpc+0x10/0x10 [ 324.741110][T12100] ? idr_preload_end+0xc2/0x230 [ 324.741121][T12100] ? __pfx_lock_release+0x10/0x10 [ 324.741138][T12100] ? mark_held_locks+0x9f/0xe0 [ 324.741152][T12100] ? rcu_is_watching+0x12/0xc0 [ 324.741166][T12100] p9_client_attach+0x157/0x2b0 [ 324.741180][T12100] ? __pfx_p9_client_attach+0x10/0x10 [ 324.741197][T12100] v9fs_fid_lookup+0x97d/0xec0 [ 324.741283][T12100] ? d_alloc+0x176/0x1e0 [ 324.741295][T12100] v9fs_vfs_lookup+0x1a3/0x5c0 [ 324.741313][T12100] ? __pfx_v9fs_vfs_lookup+0x10/0x10 [ 324.741333][T12100] ? lock_acquire+0x2f/0xb0 [ 324.741348][T12100] ? do_raw_spin_unlock+0x172/0x230 [ 324.741359][T12100] ? _raw_spin_unlock+0x28/0x50 [ 324.741374][T12100] lookup_one_qstr_excl+0x11d/0x190 [ 324.741387][T12100] ? mnt_want_write+0x161/0x450 [ 324.741402][T12100] filename_create+0x1ed/0x530 [ 324.741417][T12100] ? __pfx_filename_create+0x10/0x10 [ 324.741434][T12100] ? __phys_addr_symbol+0x30/0x80 [ 324.741449][T12100] ? __check_object_size+0x488/0x710 [ 324.741462][T12100] do_mkdirat+0xab/0x3a0 [ 324.741478][T12100] ? __pfx_do_mkdirat+0x10/0x10 [ 324.741494][T12100] ? getname_flags.part.0+0x1c5/0x550 [ 324.741509][T12100] __ia32_sys_mkdir+0x61/0x80 [ 324.741525][T12100] __do_fast_syscall_32+0x73/0x120 [ 324.741540][T12100] do_fast_syscall_32+0x32/0x80 [ 324.741554][T12100] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 324.741573][T12100] RIP: 0023:0xf7fc1579 [ 324.741582][T12100] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 324.741593][T12100] RSP: 002b:00000000f50c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000027 [ 324.741605][T12100] RAX: ffffffffffffffda RBX: 0000000080000100 RCX: 0000000000000000 [ 324.741611][T12100] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 324.741617][T12100] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 324.741623][T12100] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 324.741629][T12100] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 324.741642][T12100] [ 327.186534][T12195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1691'. [ 327.254289][T12199] 8021q: adding VLAN 0 to HW filter on device bond2 [ 327.257624][T12199] bond0: (slave bond2): Enslaving as an active interface with an up link [ 327.322783][T12206] netlink: 'syz.0.1695': attribute type 1 has an invalid length. [ 327.325046][T12206] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1695'. [ 327.415054][T12209] /dev/nullb0: Can't open blockdev [ 327.527468][ T835] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 327.677178][ T835] usb 6-1: Using ep0 maxpacket: 32 [ 327.679991][ T835] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 327.682337][ T835] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 327.684717][ T835] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 327.687704][ T835] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 327.690484][ T835] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 327.693167][ T835] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 327.696698][ T835] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 327.699663][ T835] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.704289][ T835] usb 6-1: config 0 descriptor?? [ 328.028035][ T835] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 29 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 328.287560][ C2] usblp0: nonzero read bulk status received: -71 [ 328.287747][ T76] usb 6-1: USB disconnect, device number 29 [ 328.503164][T12203] usblp0: removed [ 328.531636][T12232] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1700'. [ 329.349358][T12263] program syz.0.1711 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 330.135360][T12280] smc: net device bond0 applied user defined pnetid SYZ2 [ 330.137791][T12281] overlayfs: failed to resolve './file0': -2 [ 330.195189][T12283] tracefs: Unknown parameter 'fd' [ 330.839401][T12304] capability: warning: `syz.2.1725' uses 32-bit capabilities (legacy support in use) [ 331.082878][ T39] audit: type=1326 audit(1740063488.149:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12305 comm="syz.2.1726" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffe0000 [ 331.115375][T12312] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1727'. [ 331.757334][ T835] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 331.927757][ T835] usb 5-1: no configurations [ 331.929588][ T835] usb 5-1: can't read configurations, error -22 [ 332.057360][ T835] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 332.208405][ T835] usb 5-1: no configurations [ 332.209735][ T835] usb 5-1: can't read configurations, error -22 [ 332.211625][ T835] usb usb5-port1: attempt power cycle [ 332.358449][T12305] Process accounting resumed [ 332.569176][ T835] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 332.592300][ T835] usb 5-1: no configurations [ 332.593668][ T835] usb 5-1: can't read configurations, error -22 [ 332.654892][T12355] netlink: 'syz.2.1739': attribute type 12 has an invalid length. [ 332.657771][ T5954] Bluetooth: hci3: command 0x0405 tx timeout [ 332.728136][ T835] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 332.758459][ T835] usb 5-1: no configurations [ 332.760309][ T835] usb 5-1: can't read configurations, error -22 [ 332.767525][ T835] usb usb5-port1: unable to enumerate USB device [ 333.892198][T12408] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1745'. [ 336.019971][T12454] bond1: entered promiscuous mode [ 336.027233][T12454] bond1: entered allmulticast mode [ 336.029092][T12454] 8021q: adding VLAN 0 to HW filter on device bond1 [ 336.139934][T12454] bond1 (unregistering): Released all slaves [ 336.323969][T12466] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1758'. [ 337.291842][T12484] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 337.293763][T12484] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 337.498285][T12484] vhci_hcd vhci_hcd.0: Device attached [ 337.747312][ T56] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 337.981137][T12485] vhci_hcd: connection reset by peer [ 337.982812][ T63] vhci_hcd: stop threads [ 337.984267][ T63] vhci_hcd: release socket [ 337.985970][ T63] vhci_hcd: disconnect device [ 338.519485][ T76] usb 7-1: new high-speed USB device number 41 using dummy_hcd [ 338.678925][ T76] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 338.683250][ T76] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 338.685814][ T76] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.689422][ T76] usb 7-1: config 0 descriptor?? [ 338.899693][ T76] usbhid 7-1:0.0: can't add hid device: -71 [ 338.902246][ T76] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 338.907363][ T76] usb 7-1: USB disconnect, device number 41 [ 339.917339][ T6297] usb 7-1: new high-speed USB device number 42 using dummy_hcd [ 340.097441][ T6297] usb 7-1: Using ep0 maxpacket: 32 [ 340.104881][ T6297] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 340.108121][ T6297] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 340.110910][ T6297] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 340.113407][ T6297] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 340.116072][ T6297] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 340.127414][ T6297] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 340.137476][ T6297] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 340.140366][ T6297] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.149031][ T6297] usb 7-1: config 0 descriptor?? [ 340.377888][T12553] netlink: 'syz.0.1786': attribute type 11 has an invalid length. [ 340.380310][T12554] netlink: 'syz.0.1786': attribute type 11 has an invalid length. [ 340.545109][ T6297] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 42 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 340.747289][ T5953] Bluetooth: hci0: command 0x0406 tx timeout [ 340.796206][ T39] audit: type=1326 audit(1740063497.859:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12564 comm="syz.0.1790" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffe0000 [ 340.820852][ C3] usblp0: nonzero read bulk status received: -71 [ 340.821082][ T6297] usb 7-1: USB disconnect, device number 42 [ 341.068118][T12544] usblp0: removed [ 341.440303][T12582] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1792'. [ 341.723675][T12593] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1795'. [ 341.754943][T12595] random: crng reseeded on system resumption [ 342.907714][ T56] vhci_hcd: vhci_device speed not set [ 343.334454][T12564] Process accounting resumed [ 343.445665][T12618] program syz.2.1803 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 343.639804][ T39] audit: type=1804 audit(1740063500.709:949): pid=12626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1802" name="/newroot/433/file0" dev="tmpfs" ino=2390 res=1 errno=0 [ 343.650031][T12626] ref_ctr_offset mismatch. inode: 0x956 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 344.017296][ T6297] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 344.173196][ T6297] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 344.175658][ T6297] usb 5-1: can't read configurations, error -61 [ 344.196441][T12632] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1808'. [ 344.307341][ T6297] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 344.353626][T12642] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 344.359447][T12642] FAULT_INJECTION: forcing a failure. [ 344.359447][T12642] name failslab, interval 1, probability 0, space 0, times 0 [ 344.362905][T12642] CPU: 1 UID: 0 PID: 12642 Comm: syz.2.1806 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 344.362933][T12642] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 344.362941][T12642] Call Trace: [ 344.362980][T12642] [ 344.362986][T12642] dump_stack_lvl+0x16c/0x1f0 [ 344.363225][T12642] should_fail_ex+0x50a/0x650 [ 344.363376][T12642] ? fs_reclaim_acquire+0xae/0x150 [ 344.363487][T12642] should_failslab+0xc2/0x120 [ 344.363517][T12642] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 344.363536][T12642] ? ovl_alloc_inode+0x25/0x190 [ 344.363612][T12642] ? __pfx_ovl_inode_test+0x10/0x10 [ 344.363629][T12642] ? __pfx_ovl_inode_set+0x10/0x10 [ 344.363644][T12642] ? __pfx_ovl_alloc_inode+0x10/0x10 [ 344.363660][T12642] ovl_alloc_inode+0x25/0x190 [ 344.363675][T12642] alloc_inode+0x5d/0x230 [ 344.363706][T12642] iget5_locked+0x33b/0x3d0 [ 344.363719][T12642] ? __pfx_ovl_inode_test+0x10/0x10 [ 344.363735][T12642] ? __pfx_ovl_inode_set+0x10/0x10 [ 344.363752][T12642] ? __pfx_iget5_locked+0x10/0x10 [ 344.363767][T12642] ? lock_acquire.part.0+0x11b/0x380 [ 344.363868][T12642] ovl_get_inode+0xceb/0x13c0 [ 344.363889][T12642] ? __pfx_ovl_get_inode+0x10/0x10 [ 344.363906][T12642] ? lockref_get+0x15/0x50 [ 344.363918][T12642] ? do_raw_spin_unlock+0x172/0x230 [ 344.363929][T12642] ? _raw_spin_unlock+0x28/0x50 [ 344.363969][T12642] ovl_lookup+0xd4f/0x21f0 [ 344.363991][T12642] ? __pfx_ovl_lookup+0x10/0x10 [ 344.364021][T12642] ? mark_held_locks+0x9f/0xe0 [ 344.364051][T12642] ? __pfx_ovl_lookup+0x10/0x10 [ 344.364080][T12642] lookup_one_qstr_excl+0x11d/0x190 [ 344.364118][T12642] ? mnt_want_write+0x161/0x450 [ 344.364169][T12642] do_rmdir+0x247/0x410 [ 344.364189][T12642] ? __pfx_do_rmdir+0x10/0x10 [ 344.364209][T12642] ? getname_flags.part.0+0x1c5/0x550 [ 344.364223][T12642] __ia32_sys_rmdir+0xc4/0x110 [ 344.364240][T12642] __do_fast_syscall_32+0x73/0x120 [ 344.364257][T12642] do_fast_syscall_32+0x32/0x80 [ 344.364271][T12642] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 344.364314][T12642] RIP: 0023:0xf7fc1579 [ 344.364345][T12642] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 344.364357][T12642] RSP: 002b:00000000f50a455c EFLAGS: 00000296 ORIG_RAX: 0000000000000028 [ 344.364368][T12642] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000000000 [ 344.364375][T12642] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 344.364381][T12642] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 344.364388][T12642] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 344.364394][T12642] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 344.364407][T12642] [ 344.364740][T12642] overlayfs: failed to get inode (-12) [ 344.448173][T12645] /dev/nullb0: Can't lookup blockdev [ 344.459364][ T6297] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 344.462490][ T6297] usb 5-1: can't read configurations, error -61 [ 344.466431][ T6297] usb usb5-port1: attempt power cycle [ 344.479110][T12644] block nbd1: NBD_DISCONNECT [ 344.737374][ T57] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 344.805766][T12654] netlink: 'syz.3.1812': attribute type 4 has an invalid length. [ 344.807337][ T6297] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 344.839475][ T6297] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 344.841935][ T6297] usb 5-1: can't read configurations, error -61 [ 344.887516][ T57] usb 6-1: Using ep0 maxpacket: 16 [ 344.890714][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 344.893949][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 344.896879][ T57] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 344.900147][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.903594][ T57] usb 6-1: config 0 descriptor?? [ 344.967285][ T6297] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 344.989505][ T6297] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 344.991886][ T6297] usb 5-1: can't read configurations, error -61 [ 344.993989][ T6297] usb usb5-port1: unable to enumerate USB device [ 345.315432][ T57] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 345.317524][ T57] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 345.319437][ T57] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 345.321317][ T57] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 345.323223][ T57] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 345.325478][ T57] appleir 0003:05AC:8241.0004: No inputs registered, leaving [ 345.338200][ T57] appleir 0003:05AC:8241.0004: hiddev0,hidraw1: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.1-1/input0 [ 345.919413][T12669] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 345.922255][T12669] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 346.748048][ T57] usb 6-1: reset high-speed USB device number 30 using dummy_hcd [ 347.013149][T12687] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1820'. [ 347.040574][T12690] MTD: Attempt to mount non-MTD device "/dev/sr0" [ 347.101016][T12691] FAULT_INJECTION: forcing a failure. [ 347.101016][T12691] name failslab, interval 1, probability 0, space 0, times 0 [ 347.107753][T12691] CPU: 3 UID: 0 PID: 12691 Comm: syz.2.1821 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 347.107772][T12691] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 347.107779][T12691] Call Trace: [ 347.107784][T12691] [ 347.107790][T12691] dump_stack_lvl+0x16c/0x1f0 [ 347.107811][T12691] should_fail_ex+0x50a/0x650 [ 347.107830][T12691] ? fs_reclaim_acquire+0xae/0x150 [ 347.107847][T12691] ? lsm_blob_alloc+0x68/0x90 [ 347.107903][T12691] should_failslab+0xc2/0x120 [ 347.107916][T12691] __kmalloc_noprof+0xcb/0x510 [ 347.107937][T12691] lsm_blob_alloc+0x68/0x90 [ 347.107953][T12691] security_sb_alloc+0x28/0x230 [ 347.107964][T12691] alloc_super+0x245/0xbd0 [ 347.107980][T12691] ? lock_acquire+0x2f/0xb0 [ 347.107999][T12691] ? __pfx_super_s_dev_test+0x10/0x10 [ 347.108011][T12691] sget_fc+0x116/0xc20 [ 347.108026][T12691] ? __pfx_super_s_dev_set+0x10/0x10 [ 347.108039][T12691] get_tree_bdev_flags+0x1bc/0x620 [ 347.108053][T12691] ? __pfx_ntfs_fill_super+0x10/0x10 [ 347.108076][T12691] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 347.108091][T12691] ? apparmor_capable+0x114/0x1d0 [ 347.108104][T12691] ? bpf_lsm_capable+0x9/0x10 [ 347.108145][T12691] ? security_capable+0x7e/0x260 [ 347.108163][T12691] vfs_get_tree+0x8b/0x340 [ 347.108176][T12691] path_mount+0x14e6/0x1f10 [ 347.108195][T12691] ? kmem_cache_free+0x2e2/0x4d0 [ 347.108211][T12691] ? __pfx_path_mount+0x10/0x10 [ 347.108230][T12691] ? putname+0x13c/0x180 [ 347.108242][T12691] __ia32_sys_mount+0x28d/0x310 [ 347.108260][T12691] ? __pfx___ia32_sys_mount+0x10/0x10 [ 347.108281][T12691] __do_fast_syscall_32+0x73/0x120 [ 347.108298][T12691] do_fast_syscall_32+0x32/0x80 [ 347.108312][T12691] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 347.108332][T12691] RIP: 0023:0xf7fc1579 [ 347.108341][T12691] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 347.108354][T12691] RSP: 002b:00000000f50c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 347.108365][T12691] RAX: ffffffffffffffda RBX: 0000000080000040 RCX: 0000000080002340 [ 347.108372][T12691] RDX: 0000000080000180 RSI: 0000000000000008 RDI: 0000000000000000 [ 347.108378][T12691] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 347.108384][T12691] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 347.108390][T12691] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 347.108403][T12691] [ 347.290238][T12690] /dev/sr0: Can't open blockdev [ 348.191840][T12708] program syz.1.1827 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 348.452081][T12709] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 348.454710][T12709] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 348.457053][T12709] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 348.485740][ T6297] usb 6-1: USB disconnect, device number 30 [ 348.547471][ T5953] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 348.966828][T12705] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 350.569087][T12784] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1856'. [ 352.099278][T12820] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1866'. [ 352.729330][T12839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1870'. [ 353.032400][T12841] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 353.035664][T12841] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 353.114130][T12841] FAULT_INJECTION: forcing a failure. [ 353.114130][T12841] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 353.117915][T12841] CPU: 1 UID: 0 PID: 12841 Comm: syz.1.1873 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 353.117940][T12841] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 353.117947][T12841] Call Trace: [ 353.117951][T12841] [ 353.117958][T12841] dump_stack_lvl+0x16c/0x1f0 [ 353.117980][T12841] should_fail_ex+0x50a/0x650 [ 353.118001][T12841] _copy_from_user+0x2e/0xd0 [ 353.118015][T12841] do_compat_sigaltstack+0xf7/0x310 [ 353.118066][T12841] ? __pfx_do_compat_sigaltstack+0x10/0x10 [ 353.118078][T12841] ? ia32_restore_sigcontext+0x416/0x5d0 [ 353.118150][T12841] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 353.118170][T12841] ? _raw_spin_unlock_irq+0x23/0x50 [ 353.118183][T12841] ? lockdep_hardirqs_on+0x7c/0x110 [ 353.118197][T12841] compat_restore_altstack+0x17/0x40 [ 353.118211][T12841] __do_compat_sys_rt_sigreturn+0x197/0x1f0 [ 353.118229][T12841] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 353.118250][T12841] do_int80_emulation+0x104/0x200 [ 353.118265][T12841] asm_int80_emulation+0x1a/0x20 [ 353.118281][T12841] RIP: 0023:0xf73ee577 [ 353.118290][T12841] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 [ 353.118301][T12841] RSP: 002b:00000000f507655c EFLAGS: 00000296 [ 353.118311][T12841] RAX: 0000000000000091 RBX: 0000000000000003 RCX: 0000000080000240 [ 353.118317][T12841] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 353.118326][T12841] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 353.118332][T12841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 353.118339][T12841] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 353.118351][T12841] [ 353.417399][ T30] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 353.525516][T12852] dummy0 speed is unknown, defaulting to 1000 [ 353.527823][T12852] lo speed is unknown, defaulting to 1000 [ 353.588402][ T30] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 353.591512][ T30] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 353.594272][ T30] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 353.596771][ T30] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.602816][T12844] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 353.610424][ T30] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 354.733327][T12878] dummy0 speed is unknown, defaulting to 1000 [ 354.735857][T12878] lo speed is unknown, defaulting to 1000 [ 354.877013][T12886] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1882'. [ 354.973973][T12888] program syz.1.1885 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 355.191108][T12894] FAULT_INJECTION: forcing a failure. [ 355.191108][T12894] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 355.194786][T12894] CPU: 0 UID: 0 PID: 12894 Comm: syz.2.1888 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 355.194801][T12894] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 355.194808][T12894] Call Trace: [ 355.194812][T12894] [ 355.194816][T12894] dump_stack_lvl+0x16c/0x1f0 [ 355.194838][T12894] should_fail_ex+0x50a/0x650 [ 355.194860][T12894] _copy_from_iter+0x2a1/0x1560 [ 355.194875][T12894] ? __pfx__copy_from_iter+0x10/0x10 [ 355.194887][T12894] ? hlock_class+0x4e/0x130 [ 355.194901][T12894] ? __lock_acquire+0xcc5/0x3c40 [ 355.194920][T12894] tun_get_user+0x34e/0x3e50 [ 355.195078][T12894] ? find_held_lock+0x2d/0x110 [ 355.195090][T12894] ? __pfx_tun_get_user+0x10/0x10 [ 355.195111][T12894] ? find_held_lock+0x2d/0x110 [ 355.195125][T12894] ? __pfx_lock_release+0x10/0x10 [ 355.195146][T12894] tun_chr_write_iter+0xdc/0x210 [ 355.195164][T12894] vfs_write+0x5ae/0x1150 [ 355.195182][T12894] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 355.195201][T12894] ? __pfx_vfs_write+0x10/0x10 [ 355.195216][T12894] ? __fget_files+0x40/0x3a0 [ 355.195238][T12894] ksys_write+0x12b/0x250 [ 355.195253][T12894] ? __pfx_ksys_write+0x10/0x10 [ 355.195271][T12894] __do_fast_syscall_32+0x73/0x120 [ 355.195287][T12894] do_fast_syscall_32+0x32/0x80 [ 355.195301][T12894] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 355.195320][T12894] RIP: 0023:0xf7fc1579 [ 355.195329][T12894] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 355.195340][T12894] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 355.195351][T12894] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 355.195357][T12894] RDX: 000000000000004e RSI: 0000000000000000 RDI: 0000000000000000 [ 355.195363][T12894] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 355.195369][T12894] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 355.195375][T12894] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 355.195387][T12894] [ 355.287220][ T30] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 355.402449][T12897] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1889'. [ 355.439273][ T30] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 355.441798][ T30] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 355.445597][ T30] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 355.448425][ T30] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 355.450706][ T30] usb 6-1: Manufacturer: syz [ 355.453103][ T30] usb 6-1: config 0 descriptor?? [ 355.497190][ T30] rc_core: IR keymap rc-hauppauge not found [ 355.499007][ T30] Registered IR keymap rc-empty [ 355.504542][ T30] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 355.510072][ T30] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input13 [ 355.732364][ T30] usb 5-1: USB disconnect, device number 45 [ 357.317509][T12933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1898'. [ 358.064809][ T30] usb 6-1: USB disconnect, device number 31 [ 358.135576][T12948] program syz.1.1904 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 358.340035][T12960] Trying to write to read-only block-device nullb0 [ 358.370115][T12940] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 358.392176][T12962] dvmrp0: entered allmulticast mode [ 358.789559][T12968] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1910'. [ 359.016346][T12961] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 359.018541][T12961] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 359.025223][T12961] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 359.097692][T12972] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 359.100240][T12972] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 359.287353][ T835] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 359.300294][T12975] /dev/nullb0: Can't lookup blockdev [ 359.447293][ T835] usb 5-1: Using ep0 maxpacket: 16 [ 359.450872][T12979] FAULT_INJECTION: forcing a failure. [ 359.450872][T12979] name failslab, interval 1, probability 0, space 0, times 0 [ 359.453488][ T835] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 359.454469][T12979] CPU: 0 UID: 0 PID: 12979 Comm: syz.1.1914 Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 359.454486][T12979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 359.454493][T12979] Call Trace: [ 359.454497][T12979] [ 359.454503][T12979] dump_stack_lvl+0x16c/0x1f0 [ 359.454525][T12979] should_fail_ex+0x50a/0x650 [ 359.454545][T12979] ? fs_reclaim_acquire+0xae/0x150 [ 359.454562][T12979] should_failslab+0xc2/0x120 [ 359.454574][T12979] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 359.454592][T12979] ? getname_flags.part.0+0x4c/0x550 [ 359.454608][T12979] getname_flags.part.0+0x4c/0x550 [ 359.454622][T12979] getname+0x8d/0xe0 [ 359.454636][T12979] path_setxattrat+0x261/0x290 [ 359.454654][T12979] ? __pfx_path_setxattrat+0x10/0x10 [ 359.454682][T12979] ? fput+0x67/0x440 [ 359.454693][T12979] ? ksys_write+0x1ba/0x250 [ 359.454709][T12979] ? __pfx_ksys_write+0x10/0x10 [ 359.454725][T12979] __ia32_sys_lsetxattr+0xc7/0x140 [ 359.454741][T12979] ? lockdep_hardirqs_on+0x7c/0x110 [ 359.454755][T12979] __do_fast_syscall_32+0x73/0x120 [ 359.454771][T12979] do_fast_syscall_32+0x32/0x80 [ 359.454784][T12979] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 359.454805][T12979] RIP: 0023:0xf73ee579 [ 359.454813][T12979] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 359.454824][T12979] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 00000000000000e3 [ 359.454835][T12979] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000080000340 [ 359.454842][T12979] RDX: 0000000080000300 RSI: 0000000000000024 RDI: 0000000000000000 [ 359.454848][T12979] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 359.454854][T12979] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 359.454860][T12979] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 359.454873][T12979] [ 359.529334][ T835] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 359.532021][ T835] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 359.534766][ T835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.549674][ T835] usb 5-1: config 0 descriptor?? [ 359.559036][T12983] program syz.2.1916 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 359.988488][ T835] appleir 0003:05AC:8241.0005: unknown main item tag 0x0 [ 359.990556][ T835] appleir 0003:05AC:8241.0005: unknown main item tag 0x0 [ 359.992559][ T835] appleir 0003:05AC:8241.0005: unknown main item tag 0x0 [ 359.994492][ T835] appleir 0003:05AC:8241.0005: unknown main item tag 0x0 [ 359.996885][ T835] appleir 0003:05AC:8241.0005: unknown main item tag 0x0 [ 359.999281][ T835] appleir 0003:05AC:8241.0005: No inputs registered, leaving [ 360.008999][ T835] appleir 0003:05AC:8241.0005: hiddev0,hidraw1: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.0-1/input0 [ 360.181487][T12990] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1919'. [ 360.498611][ T5954] Bluetooth: hci0: command 0x0406 tx timeout [ 361.042413][T13003] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 361.057327][ T5954] Bluetooth: hci3: command 0x0405 tx timeout [ 361.203316][ T5954] Bluetooth: hci0: unexpected event for opcode 0x0c26 [ 361.407428][ T835] usb 5-1: reset high-speed USB device number 46 using dummy_hcd [ 361.447793][T13019] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 361.457442][T13019] input: syz1 as /devices/virtual/input/input14 [ 361.554219][T13021] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 361.557488][T13021] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 362.506116][T13045] wg1: entered promiscuous mode [ 362.509139][T13045] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 362.643879][T13051] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 362.646231][T13051] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 362.648647][T13051] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 362.651092][T13051] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 362.660890][T13051] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 362.663278][T13051] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 362.665899][T13051] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 362.669191][T13051] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 363.281037][T13066] Invalid ELF header type: 3 != 1 [ 363.563666][T13075] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1943'. [ 363.909356][ T64] usb 5-1: USB disconnect, device number 46 [ 364.657435][T13101] syz.1.1952: attempt to access beyond end of device [ 364.657435][T13101] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 364.661441][T13101] syz.1.1952: attempt to access beyond end of device [ 364.661441][T13101] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 364.666658][T13101] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 364.670837][T13101] syz.1.1952: attempt to access beyond end of device [ 364.670837][T13101] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 364.674515][T13101] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 364.677665][T13101] syz.1.1952: attempt to access beyond end of device [ 364.677665][T13101] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 364.683367][T13101] syz.1.1952: attempt to access beyond end of device [ 364.683367][T13101] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 364.687043][T13101] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 364.690517][T13101] syz.1.1952: attempt to access beyond end of device [ 364.690517][T13101] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 364.694242][T13101] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 364.697067][T13101] syz.1.1952: attempt to access beyond end of device [ 364.697067][T13101] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 364.700955][T13101] syz.1.1952: attempt to access beyond end of device [ 364.700955][T13101] nbd1: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 364.704630][T13101] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 364.707434][T13101] syz.1.1952: attempt to access beyond end of device [ 364.707434][T13101] nbd1: rw=0, sector=4096, nr_sectors = 8 limit=0 [ 364.711127][T13101] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 364.713845][T13101] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 364.717200][T13098] nbd1: detected capacity change from 0 to 67108884 [ 364.722459][T12039] block nbd1: Send control failed (result -89) [ 364.724556][T12039] block nbd1: Request send failed, requeueing [ 364.729037][ T5954] block nbd1: Receive control failed (result -32) [ 364.730629][ T70] block nbd1: Dead connection, failed to find a fallback [ 364.734048][ T70] block nbd1: shutting down sockets [ 364.735736][ T70] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 364.738669][ T70] Buffer I/O error on dev nbd1, logical block 0, async page read [ 364.741852][T12039] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 364.744519][T12039] Buffer I/O error on dev nbd1, logical block 0, async page read [ 364.747036][T12039] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 364.749656][T12039] Buffer I/O error on dev nbd1, logical block 0, async page read [ 364.751876][T12039] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 364.754351][T12039] Buffer I/O error on dev nbd1, logical block 0, async page read [ 364.756545][T12039] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 364.759190][T12039] Buffer I/O error on dev nbd1, logical block 0, async page read [ 364.761408][T12039] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 364.763906][T12039] Buffer I/O error on dev nbd1, logical block 0, async page read [ 364.766157][T12039] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 364.768823][T12039] Buffer I/O error on dev nbd1, logical block 0, async page read [ 364.773211][T12039] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 364.775721][T12039] Buffer I/O error on dev nbd1, logical block 0, async page read [ 364.777997][T12039] ldm_validate_partition_table(): Disk read failed. [ 364.780001][T12039] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 364.782477][T12039] Buffer I/O error on dev nbd1, logical block 0, async page read [ 364.784724][T12039] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 364.787427][T12039] Buffer I/O error on dev nbd1, logical block 0, async page read [ 364.789683][T12039] Dev nbd1: unable to read RDB block 0 [ 364.793252][T12039] nbd1: unable to read partition table [ 364.796308][T12039] ldm_validate_partition_table(): Disk read failed. [ 364.798701][T12039] Dev nbd1: unable to read RDB block 0 [ 364.800448][T12039] nbd1: unable to read partition table [ 364.803148][T12039] [ 364.803862][T12039] ====================================================== [ 364.805834][T12039] WARNING: possible circular locking dependency detected [ 364.807782][T12039] 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 Not tainted [ 364.810012][T12039] ------------------------------------------------------ [ 364.813786][T12039] udevd/12039 is trying to acquire lock: [ 364.815346][T12039] ffff88801fecb7c8 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: __submit_bio+0x3d1/0x690 [ 364.818079][T12039] [ 364.818079][T12039] but task is already holding lock: [ 364.820137][T12039] ffff88801dbd0940 (mapping.invalidate_lock#2){++++}-{4:4}, at: page_cache_ra_unbounded+0x173/0x7d0 [ 364.823120][T12039] [ 364.823120][T12039] which lock already depends on the new lock. [ 364.823120][T12039] [ 364.825979][T12039] [ 364.825979][T12039] the existing dependency chain (in reverse order) is: [ 364.828493][T12039] [ 364.828493][T12039] -> #6 (mapping.invalidate_lock#2){++++}-{4:4}: [ 364.830814][T12039] down_read+0x9a/0x330 [ 364.832143][T12039] filemap_fault+0x1845/0x2ca0 [ 364.833615][T12039] __do_fault+0x10a/0x490 [ 364.834977][T12039] do_pte_missing+0xecf/0x3e10 [ 364.836448][T12039] __handle_mm_fault+0x1166/0x2c60 [ 364.838036][T12039] handle_mm_fault+0x3fa/0xaa0 [ 364.839498][T12039] do_user_addr_fault+0x7a3/0x13f0 [ 364.841081][T12039] exc_page_fault+0x5c/0xc0 [ 364.842477][T12039] asm_exc_page_fault+0x26/0x30 [ 364.843974][T12039] _copy_from_iter+0x380/0x1560 [ 364.845460][T12039] tipc_msg_build+0x308/0x1120 [ 364.847082][T12039] __tipc_sendstream+0x6fa/0x1190 [ 364.848654][T12039] tipc_sendstream+0x4f/0x70 [ 364.850073][T12039] sock_write_iter+0x4fe/0x5b0 [ 364.851684][T12039] vfs_write+0x5ae/0x1150 [ 364.853042][T12039] ksys_write+0x207/0x250 [ 364.854395][T12039] __do_fast_syscall_32+0x73/0x120 [ 364.856063][T12039] do_fast_syscall_32+0x32/0x80 [ 364.857886][T12039] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 364.859773][T12039] [ 364.859773][T12039] -> #5 (sk_lock-AF_TIPC){+.+.}-{0:0}: [ 364.861860][T12039] lock_sock_nested+0x3a/0xf0 [ 364.863314][T12039] tipc_shutdown+0x65/0x580 [ 364.864711][T12039] nbd_mark_nsock_dead+0xae/0x5d0 [ 364.866370][T12039] sock_shutdown+0x17c/0x280 [ 364.867781][T12039] nbd_ioctl+0x49b/0xd60 [ 364.869147][T12039] compat_blkdev_ioctl+0x2f4/0x7b0 [ 364.870698][T12039] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 364.872337][T12039] __do_fast_syscall_32+0x73/0x120 [ 364.873905][T12039] do_fast_syscall_32+0x32/0x80 [ 364.875415][T12039] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 364.877295][T12039] [ 364.877295][T12039] -> #4 (&nsock->tx_lock){+.+.}-{4:4}: [ 364.879426][T12039] __mutex_lock+0x19b/0xb10 [ 364.880823][T12039] nbd_queue_rq+0x424/0x1220 [ 364.882249][T12039] blk_mq_dispatch_rq_list+0x443/0x1dc0 [ 364.883942][T12039] __blk_mq_sched_dispatch_requests+0xcdf/0x1620 [ 364.885863][T12039] blk_mq_sched_dispatch_requests+0xd8/0x1b0 [ 364.887664][T12039] blk_mq_run_hw_queue+0x239/0x670 [ 364.889267][T12039] blk_mq_flush_plug_list+0x673/0x1c60 [ 364.890927][T12039] __blk_flush_plug+0x2c5/0x4b0 [ 364.892428][T12039] __submit_bio+0x547/0x690 [ 364.893812][T12039] submit_bio_noacct_nocheck+0x698/0xd70 [ 364.895506][T12039] submit_bio_noacct+0x50d/0x1ec0 [ 364.897029][T12039] block_read_full_folio+0x812/0xa50 [ 364.898684][T12039] filemap_read_folio+0xc6/0x2a0 [ 364.900205][T12039] do_read_cache_folio+0x263/0x5c0 [ 364.901768][T12039] read_part_sector+0xd4/0x310 [ 364.903257][T12039] adfspart_check_ICS+0x94/0x940 [ 364.904765][T12039] bdev_disk_changed+0x71f/0x1520 [ 364.906243][T12039] blkdev_get_whole+0x187/0x290 [ 364.907727][T12039] bdev_open+0x2c7/0xe20 [ 364.909092][T12039] blkdev_open+0x272/0x3f0 [ 364.910464][T12039] do_dentry_open+0x735/0x1c40 [ 364.911946][T12039] vfs_open+0x82/0x3f0 [ 364.913231][T12039] path_openat+0x1e88/0x2d80 [ 364.914651][T12039] do_filp_open+0x20c/0x470 [ 364.916053][T12039] do_sys_openat2+0x17a/0x1e0 [ 364.917484][T12039] __x64_sys_openat+0x175/0x210 [ 364.919072][T12039] do_syscall_64+0xcd/0x250 [ 364.920471][T12039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.922234][T12039] [ 364.922234][T12039] -> #3 (&cmd->lock){+.+.}-{4:4}: [ 364.924224][T12039] __mutex_lock+0x19b/0xb10 [ 364.925634][T12039] nbd_queue_rq+0xbe/0x1220 [ 364.927067][T12039] blk_mq_dispatch_rq_list+0x443/0x1dc0 [ 364.928784][T12039] __blk_mq_sched_dispatch_requests+0xcdf/0x1620 [ 364.930665][T12039] blk_mq_sched_dispatch_requests+0xd8/0x1b0 [ 364.932472][T12039] blk_mq_run_hw_queue+0x239/0x670 [ 364.934015][T12039] blk_mq_flush_plug_list+0x673/0x1c60 [ 364.935697][T12039] __blk_flush_plug+0x2c5/0x4b0 [ 364.937213][T12039] __submit_bio+0x547/0x690 [ 364.938648][T12039] submit_bio_noacct_nocheck+0x698/0xd70 [ 364.940353][T12039] submit_bio_noacct+0x50d/0x1ec0 [ 364.941890][T12039] block_read_full_folio+0x812/0xa50 [ 364.943522][T12039] filemap_read_folio+0xc6/0x2a0 [ 364.945039][T12039] do_read_cache_folio+0x263/0x5c0 [ 364.946638][T12039] read_part_sector+0xd4/0x310 [ 364.948143][T12039] adfspart_check_ICS+0x94/0x940 [ 364.949656][T12039] bdev_disk_changed+0x71f/0x1520 [ 364.951168][T12039] blkdev_get_whole+0x187/0x290 [ 364.952579][T12039] bdev_open+0x2c7/0xe20 [ 364.953905][T12039] blkdev_open+0x272/0x3f0 [ 364.955286][T12039] do_dentry_open+0x735/0x1c40 [ 364.956748][T12039] vfs_open+0x82/0x3f0 [ 364.958077][T12039] path_openat+0x1e88/0x2d80 [ 364.959501][T12039] do_filp_open+0x20c/0x470 [ 364.960890][T12039] do_sys_openat2+0x17a/0x1e0 [ 364.962324][T12039] __x64_sys_openat+0x175/0x210 [ 364.963812][T12039] do_syscall_64+0xcd/0x250 [ 364.965215][T12039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.966985][T12039] [ 364.966985][T12039] -> #2 (set->srcu){.+.+}-{0:0}: [ 364.968906][T12039] __synchronize_srcu+0xa9/0x2a0 [ 364.970403][T12039] blk_mq_quiesce_queue+0x149/0x1b0 [ 364.971997][T12039] elevator_disable+0xe9/0x570 [ 364.973450][T12039] blk_mq_update_nr_hw_queues+0x41c/0x1360 [ 364.975197][T12039] nbd_start_device+0x172/0xcd0 [ 364.976684][T12039] nbd_ioctl+0x21a/0xd60 [ 364.978027][T12039] compat_blkdev_ioctl+0x2f4/0x7b0 [ 364.979594][T12039] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 364.981207][T12039] __do_fast_syscall_32+0x73/0x120 [ 364.982754][T12039] do_fast_syscall_32+0x32/0x80 [ 364.984249][T12039] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 364.986161][T12039] [ 364.986161][T12039] -> #1 (&q->sysfs_lock){+.+.}-{4:4}: [ 364.988276][T12039] __mutex_lock+0x19b/0xb10 [ 364.989655][T12039] blk_mq_update_nr_hw_queues+0x4a7/0x1360 [ 364.991396][T12039] nbd_start_device+0x172/0xcd0 [ 364.992869][T12039] nbd_ioctl+0x21a/0xd60 [ 364.994236][T12039] compat_blkdev_ioctl+0x2f4/0x7b0 [ 364.995787][T12039] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 364.997389][T12039] __do_fast_syscall_32+0x73/0x120 [ 364.998964][T12039] do_fast_syscall_32+0x32/0x80 [ 365.000445][T12039] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 365.002301][T12039] [ 365.002301][T12039] -> #0 (&q->q_usage_counter(io)#50){++++}-{0:0}: [ 365.004650][T12039] __lock_acquire+0x249e/0x3c40 [ 365.006200][T12039] lock_acquire.part.0+0x11b/0x380 [ 365.007764][T12039] blk_mq_submit_bio+0x20db/0x25f0 [ 365.009322][T12039] __submit_bio+0x3d1/0x690 [ 365.010706][T12039] submit_bio_noacct_nocheck+0x698/0xd70 [ 365.012425][T12039] submit_bio_noacct+0x50d/0x1ec0 [ 365.013947][T12039] mpage_readahead+0x41d/0x590 [ 365.015418][T12039] read_pages+0x1a7/0xc60 [ 365.016774][T12039] page_cache_ra_unbounded+0x426/0x7d0 [ 365.017005][T13106] veth1_to_batadv: entered promiscuous mode [ 365.018402][T12039] force_page_cache_ra+0x24b/0x340 [ 365.018427][T12039] page_cache_sync_ra+0x158/0xa30 [ 365.018439][T12039] filemap_get_pages+0xb62/0x1c30 [ 365.018453][T12039] filemap_read+0x3c5/0xe70 [ 365.018466][T12039] blkdev_read_iter+0x187/0x4b0 [ 365.027715][T12039] vfs_read+0x886/0xbf0 [ 365.029061][T12039] ksys_read+0x12b/0x250 [ 365.030400][T12039] do_syscall_64+0xcd/0x250 [ 365.031815][T12039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.033582][T12039] [ 365.033582][T12039] other info that might help us debug this: [ 365.033582][T12039] [ 365.036366][T12039] Chain exists of: [ 365.036366][T12039] &q->q_usage_counter(io)#50 --> sk_lock-AF_TIPC --> mapping.invalidate_lock#2 [ 365.036366][T12039] [ 365.040345][T12039] Possible unsafe locking scenario: [ 365.040345][T12039] [ 365.042370][T12039] CPU0 CPU1 [ 365.043850][T12039] ---- ---- [ 365.045318][T12039] rlock(mapping.invalidate_lock#2); [ 365.046881][T12039] lock(sk_lock-AF_TIPC); [ 365.048821][T12039] lock(mapping.invalidate_lock#2); [ 365.050959][T12039] rlock(&q->q_usage_counter(io)#50); [ 365.052479][T12039] [ 365.052479][T12039] *** DEADLOCK *** [ 365.052479][T12039] [ 365.054691][T12039] 1 lock held by udevd/12039: [ 365.056005][T12039] #0: ffff88801dbd0940 (mapping.invalidate_lock#2){++++}-{4:4}, at: page_cache_ra_unbounded+0x173/0x7d0 [ 365.059130][T12039] [ 365.059130][T12039] stack backtrace: [ 365.060759][T12039] CPU: 1 UID: 0 PID: 12039 Comm: udevd Not tainted 6.14.0-rc3-syzkaller-00079-g87a132e73910 #0 [ 365.060773][T12039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 365.060780][T12039] Call Trace: [ 365.060784][T12039] [ 365.060789][T12039] dump_stack_lvl+0x116/0x1f0 [ 365.060807][T12039] print_circular_bug+0x490/0x760 [ 365.060825][T12039] check_noncircular+0x31a/0x400 [ 365.060839][T12039] ? __pfx_check_noncircular+0x10/0x10 [ 365.060854][T12039] ? __kernel_text_address+0xd/0x40 [ 365.060870][T12039] ? unwind_get_return_address+0x59/0xa0 [ 365.060890][T12039] ? lockdep_lock+0xc6/0x200 [ 365.060901][T12039] ? __pfx_lockdep_lock+0x10/0x10 [ 365.060914][T12039] __lock_acquire+0x249e/0x3c40 [ 365.060931][T12039] ? __pfx___lock_acquire+0x10/0x10 [ 365.060945][T12039] ? hlock_class+0x4e/0x130 [ 365.060956][T12039] ? mark_lock+0xb5/0xc60 [ 365.060969][T12039] ? mark_lock+0xb5/0xc60 [ 365.060982][T12039] ? page_cache_ra_unbounded+0x426/0x7d0 [ 365.060994][T12039] ? page_cache_sync_ra+0x158/0xa30 [ 365.061007][T12039] lock_acquire.part.0+0x11b/0x380 [ 365.061022][T12039] ? __submit_bio+0x3d1/0x690 [ 365.061035][T12039] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 365.061050][T12039] ? rcu_is_watching+0x12/0xc0 [ 365.061062][T12039] ? trace_lock_acquire+0x14e/0x1f0 [ 365.061073][T12039] ? __submit_bio+0x3d1/0x690 [ 365.061084][T12039] ? lock_acquire+0x2f/0xb0 [ 365.061098][T12039] ? __submit_bio+0x3d1/0x690 [ 365.061109][T12039] blk_mq_submit_bio+0x20db/0x25f0 [ 365.061122][T12039] ? __submit_bio+0x3d1/0x690 [ 365.061134][T12039] ? __pfx_blk_mq_submit_bio+0x10/0x10 [ 365.061146][T12039] ? mark_lock+0xb5/0xc60 [ 365.061159][T12039] ? __pfx___lock_acquire+0x10/0x10 [ 365.061173][T12039] ? __pfx___lock_acquire+0x10/0x10 [ 365.061187][T12039] ? trace_lock_acquire+0x14e/0x1f0 [ 365.061199][T12039] ? __pfx_mark_lock+0x10/0x10 [ 365.061214][T12039] __submit_bio+0x3d1/0x690 [ 365.061225][T12039] ? __pfx___submit_bio+0x10/0x10 [ 365.061236][T12039] ? trace_lock_acquire+0x14e/0x1f0 [ 365.061251][T12039] ? submit_bio_noacct_nocheck+0x698/0xd70 [ 365.061267][T12039] submit_bio_noacct_nocheck+0x698/0xd70 [ 365.061279][T12039] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 365.061292][T12039] ? __pfx___might_resched+0x10/0x10 [ 365.061344][T12039] submit_bio_noacct+0x50d/0x1ec0 [ 365.061357][T12039] mpage_readahead+0x41d/0x590 [ 365.061370][T12039] ? __pfx_mpage_readahead+0x10/0x10 [ 365.061384][T12039] ? __pfx_blkdev_get_block+0x10/0x10 [ 365.061398][T12039] ? __folio_batch_add_and_move+0x5f3/0xc60 [ 365.061413][T12039] ? __pfx_lock_release+0x10/0x10 [ 365.061427][T12039] ? trace_lock_acquire+0x14e/0x1f0 [ 365.061438][T12039] ? __pfx_blkdev_readahead+0x10/0x10 [ 365.061451][T12039] read_pages+0x1a7/0xc60 [ 365.061462][T12039] ? __folio_batch_add_and_move+0x689/0xc60 [ 365.061478][T12039] ? __pfx_read_pages+0x10/0x10 [ 365.061492][T12039] page_cache_ra_unbounded+0x426/0x7d0 [ 365.061507][T12039] force_page_cache_ra+0x24b/0x340 [ 365.061520][T12039] page_cache_sync_ra+0x158/0xa30 [ 365.061531][T12039] ? __lock_acquire+0xcc5/0x3c40 [ 365.061546][T12039] filemap_get_pages+0xb62/0x1c30 [ 365.061564][T12039] ? __pfx_filemap_get_pages+0x10/0x10 [ 365.061579][T12039] ? __pfx___might_resched+0x10/0x10 [ 365.061597][T12039] filemap_read+0x3c5/0xe70 [ 365.061610][T12039] ? trace_lock_acquire+0x14e/0x1f0 [ 365.061625][T12039] ? __pfx_filemap_read+0x10/0x10 [ 365.061644][T12039] ? apparmor_file_permission+0x251/0x400 [ 365.061658][T12039] blkdev_read_iter+0x187/0x4b0 [ 365.061672][T12039] vfs_read+0x886/0xbf0 [ 365.061688][T12039] ? __pfx_vfs_read+0x10/0x10 [ 365.061702][T12039] ? blkdev_llseek+0x9b/0xd0 [ 365.061714][T12039] ? __pfx_lock_release+0x10/0x10 [ 365.061729][T12039] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 365.061774][T12039] ksys_read+0x12b/0x250 [ 365.061787][T12039] ? __pfx_ksys_read+0x10/0x10 [ 365.061803][T12039] do_syscall_64+0xcd/0x250 [ 365.061818][T12039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.061834][T12039] RIP: 0033:0x7f6027b70b6a [ 365.061843][T12039] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 365.061855][T12039] RSP: 002b:00007ffe19215088 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 365.061865][T12039] RAX: ffffffffffffffda RBX: 00000007ffff0000 RCX: 00007f6027b70b6a [ 365.061872][T12039] RDX: 0000000000000040 RSI: 00005618f3de3048 RDI: 0000000000000009 [ 365.061904][T12039] RBP: 0000000000000040 R08: 00005618f3de3020 R09: 00007f6027c4bb60 [ 365.061911][T12039] R10: 0000000000000003 R11: 0000000000000246 R12: 00005618f3de3020 [ 365.061917][T12039] R13: 00005618f3de3038 R14: 00005618f3de7908 R15: 00005618f3de78b0 [ 365.061926][T12039] [ 365.257311][ T6297] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 365.417291][ T6297] usb 6-1: Using ep0 maxpacket: 32 [ 365.419387][ T6297] usb 6-1: no configurations [ 365.420739][ T6297] usb 6-1: can't read configurations, error -22 [ 365.557184][ T6297] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 365.717290][ T6297] usb 6-1: Using ep0 maxpacket: 32 [ 365.719686][ T6297] usb 6-1: no configurations [ 365.721096][ T6297] usb 6-1: can't read configurations, error -22 [ 365.723458][ T6297] usb usb6-port1: attempt power cycle [ 366.057273][ T6297] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 366.077627][ T6297] usb 6-1: Using ep0 maxpacket: 32 [ 366.079661][ T6297] usb 6-1: no configurations [ 366.080984][ T6297] usb 6-1: can't read configurations, error -22 [ 366.207398][ T6297] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 366.228297][ T6297] usb 6-1: Using ep0 maxpacket: 32 [ 366.230187][ T6297] usb 6-1: no configurations [ 366.231551][ T6297] usb 6-1: can't read configurations, error -22 [ 366.233492][ T6297] usb usb6-port1: unable to enumerate USB device [ 367.829343][T13105] veth1_to_batadv: left promiscuous mode VM DIAGNOSIS: 14:58:42 Registers: info registers vcpu 0 CPU#0 RAX=000000000096acd4 RBX=0000000000000000 RCX=ffffffff8b550469 RDX=ffffed1005686f86 RSI=ffffffff8bd343c0 RDI=ffffffff81907289 RBP=fffffbfff1bd2ee8 RSP=ffffffff8de07e20 R8 =0000000000000000 R9 =ffffed1005686f85 R10=ffff88802b437c2b R11=0000000000000001 R12=0000000000000000 R13=ffffffff8de97740 R14=ffffffff90627110 R15=0000000000000000 RIP=ffffffff8b55184f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f50e5528 CR3=000000005069e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff853e50d0 RDI=ffffffff9ab6ce20 RBP=ffffffff9ab6cde0 RSP=ffffc9000e4d6870 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000020 R14=fffffbfff356da16 R15=dffffc0000000000 RIP=ffffffff853e50f7 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f6027a9d280 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f6027cf83b0 CR3=0000000068b92000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000030300000 Opmask01=0000000000000000 Opmask02=00000000ffffbdff Opmask03=2040000404420020 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe19214020 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a2a2a2a2a2a2a2a 2a2a2a2a2a2a2a2a ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffff0000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffff0000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ff0000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8c430791b019720e 7373256ee121ad31 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737373e2 7373737373737373 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20676e6964616572 004b4f2034366f66 6e695f706f6f6c20 676e696461657200 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 05424b4c41444057 004b4f0511134a43 4b4c5f554a4a4905 424b4c4144405700 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000302e3000312d 352f356273752f30 2e6463685f796d6d 75642f6d726f6674 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005618f3de64f0 00005618f3de57a0 0000000000000041 000000000000302e ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff3074e2c36a017d 0000561d9251a5c3 0000000000000251 0032003177617264 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005618f3df7740 00005618f3e01610 00005618f3de7650 00005618f3dd4350 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 383a3a263d383a3a 263c383a3a263f38 3a3a263e383a3a26 39383a3a2638383a ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000541d00564544 0000000000000021 00004e1853414552 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00004c1d004b4541 0000000000000021 0000000000000020 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88804c704380 RCX=0000000000001000 RDX=0000000026c3a000 RSI=00000000be220000 RDI=ffff8880404a7188 RBP=0000000000000001 RSP=ffffc90003726f50 R8 =0000000000000006 R9 =0000000000000820 R10=000000002b8fb000 R11=0000000000000000 R12=000000002b8fb000 R13=dffffc0000000000 R14=0000000000001000 R15=0000000026c3b000 RIP=ffffffff85511692 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f425eeccd00 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055dc152c2e95 CR3=000000004ce06000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffff34a1020 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=cd4421f5cd4421f5 cd4421f5cd4421f5 cd4421f5cd4421f5 cd4421f5cd4421f5 cd4421f5cd4421f5 cd4421f5cd4421f5 cd4421f5cd4421f5 cd4421f5cd4421f5 ZMM22=d00b5e37d00b5e37 d00b5e37d00b5e37 d00b5e37d00b5e37 d00b5e37d00b5e37 d00b5e37d00b5e37 d00b5e37d00b5e37 d00b5e37d00b5e37 d00b5e37d00b5e37 ZMM23=b900bdd6b900bdd6 b900bdd6b900bdd6 b900bdd6b900bdd6 b900bdd6b900bdd6 b900bdd6b900bdd6 b900bdd6b900bdd6 b900bdd6b900bdd6 b900bdd6b900bdd6 ZMM24=8f99705e8f99705e 8f99705e8f99705e 8f99705e8f99705e 8f99705e8f99705e 8f99705e8f99705e 8f99705e8f99705e 8f99705e8f99705e 8f99705e8f99705e ZMM25=74293bca74293bca 74293bca74293bca 74293bca74293bca 74293bca74293bca 74293bca74293bca 74293bca74293bca 74293bca74293bca 74293bca74293bca ZMM26=990e2e04990e2e04 990e2e04990e2e04 990e2e04990e2e04 990e2e04990e2e04 990e2e04990e2e04 990e2e04990e2e04 990e2e04990e2e04 990e2e04990e2e04 ZMM27=b021732db021732d b021732db021732d b021732db021732d b021732db021732d b021732db021732d b021732db021732d b021732db021732d b021732db021732d ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0d1300000d130000 0d1300000d130000 0d1300000d130000 0d1300000d130000 0d1300000d130000 0d1300000d130000 0d1300000d130000 0d1300000d130000 info registers vcpu 3 CPU#3 RAX=ffffc90000405000 RBX=ffff888024dab800 RCX=ffffffff819adcc7 RDX=1ffff110049b5686 RSI=ffffffff864078a4 RDI=ffff888024dab430 RBP=0000000000000001 RSP=ffffc900005f8ea8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=ffffc900005f8ff8 R12=ffffc90000405008 R13=ffff888024dab428 R14=ffff888045776000 R15=0000000000000000 RIP=ffffffff864078f2 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f455c0 CR3=000000004c1da000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000