last executing test programs: 13.590455933s ago: executing program 0 (id=856): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000a00), &(0x7f0000000a40)=0x8) 13.590041929s ago: executing program 0 (id=857): syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x1a1281) syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x105, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x24}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, 0x0, 0x0, 0x0, 0xfffffdcc, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x80000) accept4$inet(r3, 0x0, &(0x7f0000000300), 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r4 = getpid() sched_setscheduler(r4, 0x0, &(0x7f0000000100)) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RGETLOCK(r6, &(0x7f0000000040)=ANY=[], 0xffffff6a) tee(r5, 0xffffffffffffffff, 0xfffffffffffffc01, 0x0) splice(r5, 0x0, 0xffffffffffffffff, 0x0, 0x9aa7, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000001c40)={0x2020}, 0x2020) getdents(0xffffffffffffffff, 0x0, 0x0) 10.519958683s ago: executing program 0 (id=871): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000380)=@generic={&(0x7f0000000280)='./file0\x00', 0x0, 0x20}, 0x14) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300006773da2085000000040000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0xe1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_split\x00', r1}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f00000002c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kvm_userspace_exit\x00', r4}, 0x10) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x1c, 0x2, 0x1, 0x101, 0x0, 0x0, {}, [@CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x2}]}, 0x1c}}, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) dup(r7) fsopen(&(0x7f00000001c0)='qnx4\x00', 0x1) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0x40, 0x0, 0x8, 0x201, 0x0, 0x0, {0x3, 0x0, 0xa}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x404d}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x48844}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='block_split\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r8 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r8, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000000040)={0x28, 0x140e, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_PDN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x28}}, 0x0) 10.390180487s ago: executing program 0 (id=872): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) (async) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) (async) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{0x0, 0xfffffff6, &(0x7f0000003840)=[{&(0x7f0000000180)="4f657f07da674c79be900dd4b36b03ca3513a320ebab75751d7d7e40d6ede2dcec43dc605632fa0df345f1fe1fd7e8e5d0da647d921b0f102b0b2fa24e5cef12d89e0db21f0cb28f5588c4b231abad294f049cbfa56b7402fa06d644b298a4922e5a0b0f2de53fca098c15a02df417cf592b8bf00ac06d56a3a286048ba59dc0fd69debc9d0f024476d9345c2b008df031d796e5581b0318fe281599f8b39d447257422eb55f1c87406e20b2f16d946f0ab156903d46d6ab54d6656307a0de7b83d35e818d8d048f784a9c87076fa4c6e9cfe38f88a77e789c9d4bea96f7b072d754fd17da475552965113151882c6dd91d1394342b8b3e4e74a82c2412507b0793cdb9656150e8b1e134ab1dd7888f6039f8de7056990800d9b9eab54171ad9879ee00fd157b3e54527f2a2356008cf524e72cf74fe0c307a920dd67d12a0846e921a88aead6edd3a5bd3da023856de8338adfa26345f5403319d336dd45efe3e407cc35b0e022f3e81de786ea6a3917a07e2f6fbe73adfd975c2236b937fda47b6c89cd0f4f64f8b93d73ce3d32b5162c7a318ee6e9bc08b32743c7b9e66fe6a1014836526ed55cca4d679ec24321ea888e61de0bea104b0a8edfcb5d18df2190b8a9113118acda5bdfadf7f404df0fbd39dd3fec06c4449fbde4ea7ccde27c44c63633c06e4559857637d037cad122a9fda4509805092ca0350d9f73b061eb153026730bda9ecc461473230438f135091a521240b6b4273b230af2057bb27f56b7851e13fb4d9c27d757bff9d8281fc9990afc8861356998c77560850828d7c6537faf470ca94889c14e28e1e8c6c73b6756ae380f8c15dded00616cc66a5440240876173ae1ee41005519e709f9412e260686ed18320acbdc2b465508390d456683928f5f42e25cb73e1fb53794fb4ab345bb8df04225bba362598d3e603f06f7ac324a0fef1494fe4a5e829c8b50207cfbaef7d29e85ca3e9891291b66179b39713032089ab90c6481bf0cca0e61da5fc955280682e702bc186851d014a59d9903be30104e31d7d57094e34bd10fe5b31bb7f3f1fe37eaef05b31a1c1206a6cce8fa425089001eab642478caa11cf08e43fad0668fdc22ac54ed30fbf13e6af1232af289ae48c0f3a371ec41ea5f7d9fb01f860b751760d680c72af1059d5fab16bf61dd8aaa7ada290d8cf2d135eb5a879b3a754b1de0a5e550895ce05a84f4dcc80f10b16d5a78fad7f9ec36945d1e946f1f1f3bbb983bc5a68b94a2633f3f232bf22b6c9479f60f7146e20d5df4726dc3835266fc132a1f0f49bd8e8e1cf34e20826bc3e7e2e95385eeeb2693b9d69a0f884f50122e783517a462707f67fca2ac8f2ac68693a1b5730b52231685caa92fb3e00622052eab3af70a6e89de641cc8949cff3c14767a55ab06f6312fdf27eaa7ec28f1591bad3a7b433272013de3ae26c95eb885528dd7f64bf69a8508aaf4d4629b838efe76c13d47ec31c5a9af75138d40ebabd09448e20ffbae7848211f31b6ce4df6b5ee103fdece3f15a3c3708ddb550a8d98b6b8920c23af9af40baeb47b0a2adf78699cbdfeddf67611dd9365c941913263d8f9998a81f964d7071d7eb347ec90556af053ac6b9d5be23cb85a5cab6392fffbbf8ea3a47c0c3a2bab8d3785055bff6694897fb9d3a16421a4d02caae0bd5152f0e80074b9f573a176200e81a1c4e35ab05c493f66b7c25ca13a6a3da12283821c119db39e957e739fb4c1259252cef81a8b346f787d195d388f06d252e9433e50728bf5b94d141f9ac8e6b2aaef86d007940b45fd28cc0171fa8700bdff936a2fc706a352ff0ceceb70c54f18f71de3a6e36c5391d3f648dd0d6f1b97f810ad838b4bb9c6919f0ec78b96644397c448f628f6b589477bf6512f7fe8a623674ac16c00deb3e2316bb7727c034fe9935bc0d4a402ca7c83fe4dff3d7b18d6439cd2576f0bde84ba1cbdf9f5a5743d874119e59ab8fcfa9801f9972cfc18e033c757423dfbd92d1bf1b2b3cf741c4a13b726b08441041712f98d8917d20fef74fcf3876ab5953e38ff6c2a2b3a8b96a2b1ec4dd86b09aec23ba096d16bdc1acfcb44ac82ed8c855c217bc07625c5dce82a0db0b400e2cdb89a75bb2155af9862304efc989253eadadcd08ae5f2e58cf842880df11a12ac8b3492069ccea594430ccee2baaf0fc3b2db99c14aa93f2624ab0e9237760b5fa1a96c16474be2cabc90ff091672e95c8d25fccd039110c6934b948de9c5983aae57a3547ad288ca1219e3fd1f27d5687f66ae4d487141b1d091c6049e72eff1d5df8280c1248892677b520cdb4e97c31778c2b09ac10a174d04da2a43a0d178242f203b3ae14154d1d03319d14921352ba733b0656ae2cece53f736006d117cf08c7f9e18d9f1b500dc5922d423dbf822c1ae089332b1884901aae255612bb70bcc65257bbc6cef6f9c5b76dfd1dfd0b5dfba63eece0c2185c01ef11810497eb2047bc87be9b8b5c897b8a155200d2ce96427bd4036b19f0ef6c9cea67c43b80c8fbd0d25d6b046efe93a9872bb0f964e016490883e9388ef035908221166c2206415f3feebdbc2a830ccac55d61b79d3316e2d3be9aea1c2c72c23688efff2b9b5a4f39f667a5404e3ce2083a302bc4a49208a0725c20f9a19adff430c50a169f151355df660d52c0068cca7f171ecdec15047dfea2ba6861e5ece606d228e0bf47631cc32b91ab4c09015d40a326086ebaac6af8e79059dc7f929cf6a80ad3b8cd6b3a91b8e5a199fb00814b45f42e8b7feeb9158c39510c1a10d35aea06fe660b0eb73bc0905252b6919fe23e5d5c3c9c66adaefe9e4307981e63fdcdc67e2bf76d75ff7be4fe8dd025cece14d556074c84b3c8833dc7cff583ce25947101676fd3f8f4016368bf27e24744bba7cb768b9d837b16d5308dc3712f37c69d1d1ee98360c6449634433afebe5bea6b2e39c249c29c4c8c3fca5f180ad4893c41458fc9f82db8200e201b3c4b5cc69dadf9a409af684f372a68cf1cf3aa64f9de0ec5fcd58acca051c590c689e42d0037cf3b2abee9d2c85803a929032b35113963ad79793b2a4d8377517654149b9afb408b189d2ecf95c66594e79db6c34e0c82a30259938589b2f81c50851a4d30013d9da1f24eacd5efbdf945e8af4a625126b38c01029fb2b0062de8c4bcd61c7d8b9215bac8dc35609ff45acbadfac0a04e3f5014c1c34cbb46393633f6102080f266fec4242c67c93e01312ba0e6e3dd1e002d1253e4d34a8d6122c60ce5169d1c47f807230d86f4836e4c385aff2c6492c9e2584a4a0dcff544316f4c35d1fb19c4277041885df236324b80c3f2d58c76f64a075d27a916ba55746b0aa758d383c063cd6447a80f7abd06a310974765a8c977671a6dbe35be115747a4a3c9d9f558ce7fbfc35b91875612e89f505007792f7b197ba5fc4c65cd6f8765e2d2454f4681381325477af63a88fe4313c7365690c50f05d40fe302479d21cee188f29f8b4475b6b37e2a4dd710814a2463cf1650f281595cff95f549c4c4ffcd184e672b308aa4bc071395f214ee97e5b7dbc5efaed8e65a878169a0529b6ed4022e5bfaaa49fc521c283bd9d62ddc00e4d84d5da18f7c0acd00c53e827c7194146e5d0cb9439e8c35e0659d347cb012e47da92aff33c8b45fd9aa140d2f76b75c6800f8769057e88d156714a82e3d12b4fdf2863a27eb2587ebc25b011a949849dcd9faaa128b9bef780b3d239a007ca9c04256b858cfc7b068365c044a5eb863bdf0454cf37df09d4cf930408f0d41c1e8c278b994c455f89ecb85156ed20b7f89c9c2f1176508e4c7ab7ed74311a12317d4193eaef0333368963286e4c5e0c0c0db5f3f2d5e3cff77b21e3b4786c8c096b89b60cf41560544ba1361f4af4b5b330b410edc5421b5023f1f4df0f910067bfbe0a46cb5f1407f650c47288a31e0f767de8ddca77b20ed16513e095fbce085d25d543dce850515458c5ef07a0c012175ef50ef3c52f98afa0b2631c7d3e63b22e90ebce2513d3b0d4d62f153cc90700fbee5c80ffd14fece05e0ba293758aaa7510d3853a4a4d44e9e479e3f5d92a663f14b5f5452efc6ecf387a100787667dd060cfdf75ee57dda2e042f7f171ac5083a5ddc6656bb34d683955f4a8a1cf687d29e963d8abf93912aa08dc4df3cdaaceae9fa1d21472ed01705d861a798f57f14ca4f3f0e1e9f1c20e9e2eb6974a7d838e7a2f69943ad259cd6967c0c46698952c65a9a1d72be890a66dfea4fa1b5ee861b1f929ce78c9bcdfb0145ff52d462865a8a81506e1bd0afa6b2d3cc5556c17c19b891fc6c36b9ed0b8b3c516836872ced92b1b65e2334b3730deae7af801016d30af14daf53ec550da914dedc18726871a94c3ce8efd4bfcf25ffdf224d665374b279ea65d32e213bfad60aa8555fbe97cb22977f7e9f20a04e8e2c65b3a5519a098b70cce0ad25cb239e2335e0040481c86a2153b5056e70f83515e7d3739749ab8a2c3e4a1b0faab4426495c4f0076d2590c52f6548e3b20b17a6f21deefe63f67fcba027a83959dd9f79dc2f61e712d41fa50c0a89d1329a70aa8471f02a2755ea2f872adc3fbaea5e017a0a2ae7344ee0ca36afd646444a38696ceeca997321ab37642ea71be0758b3bb311b13cce0cc5881c97549ebf9366171a99a8f3b754f6e42970002b09ebc56402693fd2d06bfc114396c75a4bcfb02e114170fafad5ab7e671b70e51461f6916a674d4abcf47011e8598144c5cb013f280e21afc936055b1d2e0bbf29a4b969cadf754ac62bb6020f33ed9b3e46428496d0de29ff0b6fb13710f98f688e9185126c0b154530a045abcf54f4be1a63ac4ec02ba038cb1b510abd82532cfcc7684c977e00fe81d2d4a483d5cf7d23a5c4fd6a299edb436f519a6efc37b79b249feec6f0d7983a321f4021ac4766270f6bf9fe10733313e6116178fd271eb4d0ac6158e16f3a01795932f15b6df70c25dad7fd9f8932bf6bd651094d6c83cf0accfa978f575e535e86e44f17a23802bdba0bcb17899d76a5bb083061a4ddceb105333a828ade21c99dbc6257a322a22f73899f3fd64eddb1669b965d21f468416eb81ca750e54976616ced379078b149822d38634f90bb4644746eb40cc6153a1c0fd7b4d482958c5c1d9a47c3512510f022b8eb00861794ed8a3c207f4cf5a565b94a44eb14e6baefc24ee30380b53ee4726779b429240cb8b71340fd41fa0352810d90519f18ee69b85d3134cc16619a966ed378d608292834631aa1f215a324641d0b772d08a822f6ec0905c22768044c13911476bc70122345a274b1887ac471676f09a849faba85f9c2a8b24af21ac7700395b29f963d493a5f81febc3b8a23bbafaba0d9b288c5506c44ec4f6f327433f06cf6d72f8de7cc61ecc1de0fc743ddfeb2fa47fa17ab3257b68e0c56dce273f56de9724b809b4df30d0dc8a4a97db38674242ea7e81571dda16c2dd2ae5d82b51b719181db901409170504ecfd94de74315c554462dbc90d749f2d2d54b6b7ca6c287979b5cc1ec651af17891359628abc6c8329d88351966c4ffd23b7a729453ec0c064210b3234f8657747a84bc0b236a89a35f412395805c942392b61a2bd5a88a5740b97c31d5bd8857f2b7a0cb999a48d0b395c21ff58e7349939f542470a829db9e033ef7b719453ad7a705829d74416011ce17839618f1534c9859c08a8d5c49a0478074ceea47ab23fb24570011684733bc01f0adca5a48139f54c598bee0f2a704b5fbc10c209121c675aa7f40981236948e61890023d50fcb67d8be7e71f000000000000000000", 0xfe7c}, {&(0x7f00000011c0)="010081a11f176468b7737c66f4b8a055e35cb6fcaecfeedd25629949468a4adb4e8a12163e7cbe12a7ddd3a0471c6013065050ee2043ab896bf576a6c3be0f7fd4b0119b2b44899b996df7f6", 0x1}, {&(0x7f0000003300)="9a", 0x1}], 0x3}}], 0x4000000000002e4, 0x4000000) 10.38958855s ago: executing program 0 (id=873): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) madvise(&(0x7f0000bdc000/0x13000)=nil, 0x13000, 0x16) r2 = syz_clone(0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x22, &(0x7f00000018c0), 0x4) r3 = socket$inet(0x2, 0x6, 0x0) prlimit64(r2, 0x0, &(0x7f0000000200)={0x1}, &(0x7f0000000240)) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) r4 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) close(r4) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r5, &(0x7f00000004c0)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x44}}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f0000000380)=0x3, 0x4) sendto(0xffffffffffffffff, &(0x7f0000000180)='%', 0x300000, 0x840, 0x0, 0x60) mount$9p_fd(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f00000003c0), 0xb68e2a9771539e86, &(0x7f0000000100)=ANY=[]) connect$inet(r3, 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000000280), 0x0, 0x0) r6 = syz_open_dev$hidraw(&(0x7f0000000140), 0x0, 0x8a00) read$hidraw(r6, 0x0, 0x0) recvmsg(r1, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/96, 0x60}, 0x10000) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000400000000000000000000000009500"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000540)='cachefiles_read\x00', r7}, 0x10) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, 0x0, 0x0) r9 = accept4(r8, 0x0, 0x0, 0xa3476183b88aab85) sendmsg$tipc(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000001c0)='I', 0x1}, {&(0x7f00000002c0)='Z', 0x1}], 0x2}, 0x0) r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) write(r10, &(0x7f0000000080)="29000000140005b7ff000000040860eb01cb02fcb2e4e6589b3e0ed7283f14b912685e684c42b9eeb9", 0x29) 10.207417559s ago: executing program 0 (id=874): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001808ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) socketpair(0x0, 0x1, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000600)='kfree\x00', r1}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000600)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x16, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e03010000000000640500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000070600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000340)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0xff}, 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000001c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x1}]}]}}, 0x0, 0x5a}, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00'}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffe}}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001200000000000000000000000000000120a01040000000020000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000007140000001100010000000000000000000000000a"], 0x64}}, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) (async) r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, 0x0) r6 = socket(0x10, 0x3, 0x0) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) socket$can_j1939(0x1d, 0x2, 0x7) (async) r7 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r7, &(0x7f0000000040)={0x1d, r8}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, r8}, 0x18) (async) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, r8}, 0x18) r9 = dup(r7) sendmsg$nl_generic(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="c000bc9af800"], 0x33fe0}}, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) (async) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) connect$can_j1939(r7, &(0x7f0000000000)={0x1d, r8, 0x2, {}, 0xfd}, 0x18) write(r6, &(0x7f0000000000)="2400000011005f0414f9f4070009040081000000160000000000000008000f0001000000", 0x24) (async) write(r6, &(0x7f0000000000)="2400000011005f0414f9f4070009040081000000160000000000000008000f0001000000", 0x24) ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000140)={@my=0x1}) (async) ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000140)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f00000000c0)={{@my=0x1, 0x4}, @local, 0x0, 0x0, 0x8001, 0x0, 0xfffffffffffffffc}) (async) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f00000000c0)={{@my=0x1, 0x4}, @local, 0x0, 0x0, 0x8001, 0x0, 0xfffffffffffffffc}) 2.801346556s ago: executing program 3 (id=928): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$phonet_pipe(0x23, 0x5, 0x2) r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000140)={0x0, 0x0, 0x200a}) write$binfmt_elf64(r0, 0x0, 0x18) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wg2\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x2, 0xfffffffd, 0xfffffffe, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x1}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) setsockopt$MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000180)={{0xa, 0x4e22, 0x0, @private1}, {0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x24010102}}}, 0x5c) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r7, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r8, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x4, 0x7ff, 0xa}, &(0x7f0000000040)=0x14) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x6, 0x7fff, 0xc9}, 0xffffffffffffffae) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="540100001000130700000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1914aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000d00000000000000000000000000000000000000000000000000000000000000000000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ccd700000000001c000400070000000000000000000000000000000000000000000000e7662d7b88fed7249af44effb0603567d6e23ea3c2029caaeaa6bd9d19ef13c97951b17eba9d83573373ae652af51796b8a5f4a516763f46724d6bd30f6617168522052e1426e73091bad271c5f78e474d0dd6eff879f6d14623a389e799c64b34546bb7e7966305a5e737b7f7d68640199fb29e51e9b0bc25ea676d850f82ffec51"], 0x154}}, 0x0) r10 = syz_usbip_server_init(0x3) r11 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) connect$llc(r11, &(0x7f00000000c0)={0x1a, 0x309, 0x0, 0x5, 0x0, 0x0, @remote}, 0x10) write$usbip_server(r10, &(0x7f0000000980)=@ret_unlink={{0x4, 0x4, 0x0, 0x0, 0x1}, {0x3}}, 0x30) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000011c0)={0x18, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_init_net_socket$nfc_raw(0x27, 0x0, 0x0) r12 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r12, 0x0, &(0x7f00000000c0)) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffdfffff}) 2.77518651s ago: executing program 2 (id=929): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x10, r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000a00), &(0x7f0000000a40)=0x8) 2.704008615s ago: executing program 2 (id=930): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000"], 0x34}}, 0x0) 2.628464194s ago: executing program 2 (id=931): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) msync(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000280)=ANY=[]) 2.483442393s ago: executing program 2 (id=933): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000240)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000780)={0x0, 0x10, &(0x7f0000000300)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f00000007c0)=0x10) shutdown(r0, 0x1) ioctl$BTRFS_IOC_SUBVOL_CREATE(0xffffffffffffffff, 0x50009401, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000702030000000000000000000000000000695431b012a9407a989ac03b1348ddfbf6a8b39c7316bf5c"], 0x14}}, 0x0) syz_io_uring_setup(0x5b49, &(0x7f0000000140)={0x0, 0x0, 0x8}, &(0x7f00000001c0), &(0x7f0000000200)) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000d40)='./file0\x00', 0x20) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r4 = socket$unix(0x1, 0x5, 0x0) r5 = dup2(r4, r3) landlock_create_ruleset(0x0, 0x0, 0x0) pidfd_send_signal(r5, 0x0, 0x0, 0x2) r6 = socket$netlink(0x10, 0x3, 0x0) writev(r6, &(0x7f0000000140)=[{0x0}], 0x1) r7 = inotify_init1(0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, 0x0, 0x0) r9 = syz_open_dev$video4linux(&(0x7f0000001380), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r9, 0xc0405626, &(0x7f0000000000)) inotify_add_watch(r7, &(0x7f0000000040)='.\x00', 0xa) r10 = openat$dir(0xffffffffffffff9c, &(0x7f00000026c0)='./file0\x00', 0x0, 0x1bd) preadv2(r10, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r11, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.088955169s ago: executing program 3 (id=934): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000240)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000780)={0x0, 0x10, &(0x7f0000000300)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f00000007c0)=0x10) shutdown(r0, 0x1) ioctl$BTRFS_IOC_SUBVOL_CREATE(0xffffffffffffffff, 0x50009401, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000702030000000000000000000000000000695431b012a9407a989ac03b1348ddfbf6a8"], 0x14}}, 0x0) syz_io_uring_setup(0x5b49, &(0x7f0000000140)={0x0, 0x0, 0x8}, &(0x7f00000001c0), &(0x7f0000000200)) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000d40)='./file0\x00', 0x20) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r4 = socket$unix(0x1, 0x5, 0x0) r5 = dup2(r4, r3) landlock_create_ruleset(0x0, 0x0, 0x0) pidfd_send_signal(r5, 0x0, 0x0, 0x2) r6 = socket$netlink(0x10, 0x3, 0x0) writev(r6, &(0x7f0000000140)=[{0x0}], 0x1) r7 = inotify_init1(0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, 0x0, 0x0) r9 = syz_open_dev$video4linux(&(0x7f0000001380), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r9, 0xc0405626, &(0x7f0000000000)) inotify_add_watch(r7, &(0x7f0000000040)='.\x00', 0xa) r10 = openat$dir(0xffffffffffffff9c, &(0x7f00000026c0)='./file0\x00', 0x0, 0x1bd) preadv2(r10, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r11, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.569990001s ago: executing program 2 (id=935): ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r2, &(0x7f0000004200)={0x2020}, 0x2020) chroot(&(0x7f0000000040)='./file0/file0/file0/file0/file0\x00') r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$SEG6_CMD_GET_TUNSRC(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x14, 0x0, 0x223, 0x0, 0x0, {0x3}}, 0x14}}, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000300)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0xc000}}) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0) read$FUSE(r3, &(0x7f00000021c0)={0x2020}, 0x2020) move_mount(r5, &(0x7f0000000000)='./file0/file0/file0/file0/file0\x00', 0xffffffffffffffff, 0x0, 0x0) memfd_create(&(0x7f00000001c0)='\x00', 0x2) write$FUSE_INIT(r2, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r6, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d56549b}) ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000040)={0x8f, 0x0, 0xa}) 1.479937541s ago: executing program 1 (id=936): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x0, 0x0, @dev}}}, 0x9c) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000300)={0x1, {{0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xffffffff}}, 0x1, 0x6, [{{0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x2}}, {{0xa, 0x5, 0x1, @local, 0x4}}, {{0xa, 0x4e24, 0x1, @ipv4={'\x00', '\xff\xff', @remote}, 0x3}}, {{0xa, 0x4e20, 0x5, @dev={0xfe, 0x80, '\x00', 0x3f}, 0x1}}, {{0xa, 0x4e20, 0x4, @remote, 0xfffffffa}}, {{0xa, 0x4e24, 0x7fff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x5}}]}, 0x38c) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="60000000100001040100"/20, @ANYRES32=0x0, @ANYBLOB="7b130000000000003800128008000100677470002c00028008000100", @ANYRES32, @ANYBLOB="08000200", @ANYRES32, @ANYBLOB="08000200", @ANYRES64=r0], 0x60}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = socket(0x2, 0x2, 0x1) bind$unix(r6, &(0x7f0000000000)=@abs, 0x6e) r7 = socket(0x2, 0x2, 0x1) bind$unix(r7, &(0x7f0000000000)=@abs, 0x6e) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) r9 = memfd_create(&(0x7f00000002c0)='system.skckpr\x02\x13otonam', 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x4000051, r9, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58) remap_file_pages(&(0x7f0000491000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) preadv(r8, &(0x7f00000001c0)=[{&(0x7f0000000700)=""/201, 0xc9}], 0x1, 0x10000000, 0x0) close_range(r4, r5, 0x0) 1.177961808s ago: executing program 3 (id=937): syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x1a1281) syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RGETLOCK(r1, &(0x7f0000000040)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r0, r3, 0xfffffffffffffc01, 0x0) splice(r0, 0x0, r3, 0x0, 0x9aa7, 0x0) read$FUSE(r2, &(0x7f0000001c40)={0x2020}, 0x2020) 1.014336138s ago: executing program 1 (id=938): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x10, r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000a00), &(0x7f0000000a40)=0x8) 938.70098ms ago: executing program 1 (id=939): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000"], 0x34}}, 0x0) 936.940357ms ago: executing program 1 (id=940): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000001dc0)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-clmulni\x00'}, 0x58) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_oob_data_request={{0x35, 0x6}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_hardware_error={{0x10, 0x1}, {0x20}}}, 0x4) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}}) syz_io_uring_setup(0x0, &(0x7f0000000000), &(0x7f0000c57000), 0x0) r3 = syz_io_uring_setup(0x4da9, &(0x7f0000001280)={0x0, 0xe84a, 0x10100, 0x2}, &(0x7f0000002000), &(0x7f0000000180)=0x0) syz_io_uring_setup(0xa94, &(0x7f0000000280), &(0x7f0000000040)=0x0, &(0x7f00000003c0)) syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r3, 0x48e9, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_ZEROPAGE(r2, 0xc018aa06, &(0x7f0000000380)={{&(0x7f00007db000/0x2000)=nil, 0x2000}}) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r6 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r6, 0x0, 0x48c, &(0x7f0000000000)={0x1, 'veth0_to_bridge\x00', 0x1}, 0x18) sendmmsg$inet6(r6, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000040)='D', 0x1}, {&(0x7f00000000c0)="d711eccf81", 0x7fffefff}], 0x2}}], 0x1, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r7, 0xc02064b6, &(0x7f00000001c0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) gettid() r10 = getpid() syz_pidfd_open(r10, 0x0) r11 = syz_open_procfs(r10, &(0x7f0000000040)='net/rt_cache\x00') preadv(r11, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r11, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000001200), &(0x7f0000000280), 0x0, r9, 0xeeeeeeee}) 887.681457ms ago: executing program 3 (id=941): r0 = socket(0x11, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) mkdir(0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000000)=0x20) mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x200000f, 0x40a2012, r2, 0x0) ioctl$SNDCTL_DSP_GETFMTS(r2, 0x8004500b, &(0x7f0000000080)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/anycast6\x00') preadv(r4, &(0x7f00000006c0)=[{&(0x7f0000000500)=""/189, 0xbd}, {&(0x7f00000005c0)=""/255, 0xff}, {0x0}, {&(0x7f0000000340)=""/109, 0x6d}], 0x4, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f00000000c0)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 608.126848ms ago: executing program 1 (id=942): r0 = socket$netlink(0x10, 0x3, 0x9) bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x1, 0x200000}, 0xc) 546.841414ms ago: executing program 1 (id=943): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000240)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000780)={0x0, 0x10, &(0x7f0000000300)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f00000007c0)=0x10) shutdown(r0, 0x1) ioctl$BTRFS_IOC_SUBVOL_CREATE(0xffffffffffffffff, 0x50009401, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000702030000000000000000000000000000695431b012a9407a989ac03b1348ddfbf6a8b39c7316bf5c"], 0x14}}, 0x0) syz_io_uring_setup(0x5b49, &(0x7f0000000140)={0x0, 0x0, 0x8}, &(0x7f00000001c0), &(0x7f0000000200)) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000d40)='./file0\x00', 0x20) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r4 = socket$unix(0x1, 0x5, 0x0) r5 = dup2(r4, r3) landlock_create_ruleset(0x0, 0x0, 0x0) pidfd_send_signal(r5, 0x0, 0x0, 0x2) r6 = socket$netlink(0x10, 0x3, 0x0) writev(r6, &(0x7f0000000140)=[{0x0}], 0x1) r7 = inotify_init1(0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, 0x0, 0x0) r9 = syz_open_dev$video4linux(&(0x7f0000001380), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r9, 0xc0405626, &(0x7f0000000000)) inotify_add_watch(r7, &(0x7f0000000040)='.\x00', 0xa) r10 = openat$dir(0xffffffffffffff9c, &(0x7f00000026c0)='./file0\x00', 0x0, 0x1bd) preadv2(r10, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r11, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 546.116171ms ago: executing program 2 (id=944): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$phonet_pipe(0x23, 0x5, 0x2) r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000140)={0x0, 0x0, 0x200a}) write$binfmt_elf64(r0, 0x0, 0x18) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wg2\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x2, 0xfffffffd, 0xfffffffe, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x1}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) setsockopt$MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000180)={{0xa, 0x4e22, 0x0, @private1}, {0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x24010102}}}, 0x5c) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r7, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r8, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x4, 0x7ff, 0xa}, &(0x7f0000000040)=0x14) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x6, 0x7fff, 0xc9}, 0xffffffffffffffae) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="540100001000130700000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1914aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000d00000000000000000000000000000000000000000000000000000000000000000000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ccd700000000001c000400070000000000000000000000000000000000000000000000e7662d7b88fed7249af44effb0603567d6e23ea3c2029caaeaa6bd9d19ef13c97951b17eba9d83573373ae652af51796b8a5f4a516763f46724d6bd30f6617168522052e1426e73091bad271c5f78e474d0dd6eff879f6d14623a389e799c64b34546bb7e7966305a5e737b7f7d68640199fb29e51e9b0bc25ea676d850f82ffec51"], 0x154}}, 0x0) r10 = syz_usbip_server_init(0x3) r11 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) connect$llc(r11, &(0x7f00000000c0)={0x1a, 0x309, 0x0, 0x5, 0x0, 0x0, @remote}, 0x10) write$usbip_server(r10, &(0x7f0000000980)=@ret_unlink={{0x4, 0x4, 0x0, 0x0, 0x1}, {0x3}}, 0x30) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000011c0)={0x18, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_init_net_socket$nfc_raw(0x27, 0x0, 0x0) r12 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r12, 0x0, &(0x7f00000000c0)) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffdfffff}) 105.494928ms ago: executing program 3 (id=946): bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad98a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557343c5ca683a4b6fc89398f2b0000f224ab1bf906536e11d3f38e5c27891060017cfa6fa26fa7a347003900beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc715f9fa75b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@map, r1, 0x4}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_XFRM_KEY={0x8}]}}}]}]}], {0x14}}, 0x74}}, 0x0) r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r3 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r2) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000140)='asymmetric\x00', &(0x7f00000001c0)=@keyring={'key_or_keyring:', r2}) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000040)='asymmetric\x00', &(0x7f0000000100)=@keyring={'key_or_keyring:', r3}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e1301"], 0x16) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000080)={'veth0_to_bond\x00', @remote}) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1808000000000000000000000300000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000002f000000b70900000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000000)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_link_settings={0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}) r6 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x129002) dup(r6) 0s ago: executing program 3 (id=947): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000001dc0)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-clmulni\x00'}, 0x58) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_hardware_error={{0x10, 0x1}, {0x20}}}, 0x4) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x0) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}}) syz_io_uring_setup(0x0, &(0x7f0000000000), &(0x7f0000c57000), 0x0) r3 = syz_io_uring_setup(0x4da9, &(0x7f0000001280)={0x0, 0xe84a, 0x10100, 0x2}, &(0x7f0000002000), &(0x7f0000000180)=0x0) syz_io_uring_setup(0xa94, &(0x7f0000000280), &(0x7f0000000040)=0x0, &(0x7f00000003c0)) syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r3, 0x48e9, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_ZEROPAGE(r2, 0xc018aa06, &(0x7f0000000380)={{&(0x7f00007db000/0x2000)=nil, 0x2000}}) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r6 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r6, 0x0, 0x48c, &(0x7f0000000000)={0x1, 'veth0_to_bridge\x00', 0x1}, 0x18) sendmmsg$inet6(r6, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000040)='D', 0x1}, {&(0x7f00000000c0)="d711eccf81", 0x7fffefff}], 0x2}}], 0x1, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r7, 0xc02064b6, &(0x7f00000001c0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) gettid() r10 = getpid() syz_pidfd_open(r10, 0x0) r11 = syz_open_procfs(r10, &(0x7f0000000040)='net/rt_cache\x00') preadv(r11, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r11, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000001200), &(0x7f0000000280), 0x0, r9, 0xeeeeeeee}) kernel console output (not intermixed with test programs): 119.079412][ T6784] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 119.082926][ T6784] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 119.086357][ T6784] [ 119.089384][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.092681][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.095838][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.098764][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x1 [ 119.101764][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.105044][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.108223][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.111102][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.114076][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.117135][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.120222][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.123497][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.126977][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.130451][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.133875][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.139355][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.142827][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.148423][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.152481][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.156165][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.159514][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.162769][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.166197][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.169192][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.172273][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.175539][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.183983][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.188885][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.192036][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.196325][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.199729][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.202999][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.208204][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.211513][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.216556][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.219479][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.222135][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.226707][ T5246] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.233418][ T5246] hid-generic 0000:0000:0000.0003: hidraw1: HID v0.00 Device [syz0] on syz0 [ 119.787228][ T6793] netlink: 'syz.0.407': attribute type 1 has an invalid length. [ 120.177553][ T55] usb 7-1: USB disconnect, device number 12 [ 120.194834][ T55] usblp0: removed [ 120.512734][ T6816] netlink: 'syz.0.416': attribute type 4 has an invalid length. [ 120.761811][ T6829] binder_alloc: 6825: binder_install_single_page failed to insert page at offset 0 with -14 [ 120.897185][ T5246] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 121.087008][ T5246] usb 5-1: Using ep0 maxpacket: 8 [ 121.091780][ T5246] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 121.095530][ T5246] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 121.103806][ T5246] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 121.112957][ T5246] usb 5-1: config 250 has no interface number 0 [ 121.122356][ T5246] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 121.135943][ T5246] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 121.146828][ T5246] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 121.152910][ T5246] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 121.157635][ T5246] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 121.163041][ T5246] usb 5-1: config 250 interface 228 has no altsetting 0 [ 121.171461][ T5246] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 121.176995][ T5246] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 121.180374][ T5246] usb 5-1: Product: syz [ 121.182055][ T5246] usb 5-1: SerialNumber: syz [ 121.191622][ T5246] hub 5-1:250.228: bad descriptor, ignoring hub [ 121.194878][ T5246] hub 5-1:250.228: probe with driver hub failed with error -5 [ 121.408846][ T5246] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 5 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 121.447597][ T6848] FAULT_INJECTION: forcing a failure. [ 121.447597][ T6848] name failslab, interval 1, probability 0, space 0, times 0 [ 121.453625][ T6848] CPU: 2 PID: 6848 Comm: syz.3.425 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 121.458270][ T6848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 121.463563][ T6848] Call Trace: [ 121.465113][ T6848] [ 121.466472][ T6848] dump_stack_lvl+0x16c/0x1f0 [ 121.468674][ T6848] should_fail_ex+0x497/0x5b0 [ 121.470703][ T6848] should_failslab+0x9/0x20 [ 121.473128][ T6848] kmem_cache_alloc_node_noprof+0x71/0x310 [ 121.476045][ T6848] ? __alloc_skb+0x2b3/0x380 [ 121.478115][ T6848] __alloc_skb+0x2b3/0x380 [ 121.480157][ T6848] ? __pfx___alloc_skb+0x10/0x10 [ 121.482373][ T6848] ? __pfx___might_resched+0x10/0x10 [ 121.484787][ T6848] netlink_alloc_large_skb+0x69/0x130 [ 121.487485][ T6848] netlink_sendmsg+0x689/0xd70 [ 121.489625][ T6848] ? __pfx_netlink_sendmsg+0x10/0x10 [ 121.491935][ T6848] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 121.494200][ T6848] ____sys_sendmsg+0x9b4/0xb50 [ 121.496415][ T6848] ? __pfx_____sys_sendmsg+0x10/0x10 [ 121.498728][ T6848] ? get_compat_msghdr+0x11b/0x170 [ 121.501159][ T6848] ? __pfx___lock_acquire+0x10/0x10 [ 121.503397][ T6848] ___sys_sendmsg+0x135/0x1e0 [ 121.505427][ T6848] ? __pfx____sys_sendmsg+0x10/0x10 [ 121.507648][ T6848] ? ksys_write+0x21c/0x260 [ 121.509797][ T6848] ? __fget_light+0x173/0x210 [ 121.511846][ T6848] __sys_sendmsg+0x117/0x1f0 [ 121.514032][ T6848] ? __pfx___sys_sendmsg+0x10/0x10 [ 121.516183][ T6848] __do_fast_syscall_32+0x73/0x120 [ 121.518145][ T6848] do_fast_syscall_32+0x32/0x80 [ 121.520167][ T6848] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 121.522880][ T6848] RIP: 0023:0xf745e579 [ 121.524635][ T6848] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 121.534006][ T6848] RSP: 002b:00000000f5d7657c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 121.537768][ T6848] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 121.540867][ T6848] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 121.543760][ T6848] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 121.546728][ T6848] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 121.550298][ T6848] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 121.553673][ T6848] [ 121.756445][ T55] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 121.956656][ T55] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 121.960108][ T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.964833][ T55] usb 7-1: config 0 descriptor?? [ 121.970446][ T55] cp210x 7-1:0.0: cp210x converter detected [ 122.506007][ T55] cp210x 7-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 122.509386][ T55] cp210x 7-1:0.0: querying part number failed [ 122.521329][ T55] usb 7-1: cp210x converter now attached to ttyUSB0 [ 122.527897][ T55] usb 7-1: USB disconnect, device number 13 [ 122.535683][ T55] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 122.541827][ T55] cp210x 7-1:0.0: device disconnected [ 122.787482][ T65] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 122.791400][ T65] Bluetooth: hci1: Injecting HCI hardware error event [ 122.795210][ T5202] Bluetooth: hci1: hardware error 0x00 [ 123.379034][ T5214] Bluetooth: hci0: hardware error 0x20 [ 123.496578][ T5246] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 123.678223][ T6890] binder_alloc: 6888: binder_install_single_page failed to insert page at offset 0 with -14 [ 123.695982][ T5246] usb 7-1: Using ep0 maxpacket: 8 [ 123.700632][ T5246] usb 7-1: config index 0 descriptor too short (expected 5924, got 36) [ 123.704360][ T5246] usb 7-1: config 250 has an invalid interface number: 228 but max is -1 [ 123.708986][ T5246] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 123.712920][ T5246] usb 7-1: config 250 has no interface number 0 [ 123.715607][ T5246] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 123.721362][ T5246] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 123.725985][ T5246] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 123.730936][ T5246] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 123.735351][ T5246] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 123.741970][ T5246] usb 7-1: config 250 interface 228 has no altsetting 0 [ 123.751979][ T5246] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 123.757296][ T5236] usb 5-1: USB disconnect, device number 5 [ 123.762281][ T5246] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 123.765724][ T5246] usb 7-1: Product: syz [ 123.769443][ T5236] usblp0: removed [ 123.777662][ T5246] usb 7-1: SerialNumber: syz [ 123.792030][ T5246] hub 7-1:250.228: bad descriptor, ignoring hub [ 123.795496][ T5246] hub 7-1:250.228: probe with driver hub failed with error -5 [ 123.996491][ T5246] usblp 7-1:250.228: usblp0: USB Bidirectional printer dev 14 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 124.160335][ T6884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 124.177280][ T6884] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 124.465972][ T5246] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 124.656229][ T5246] usb 5-1: Invalid ep0 maxpacket: 16 [ 124.806023][ T5246] usb 5-1: new low-speed USB device number 7 using dummy_hcd [ 124.857964][ T5202] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 124.996006][ T5246] usb 5-1: Invalid ep0 maxpacket: 16 [ 124.999257][ T5246] usb usb5-port1: attempt power cycle [ 125.416247][ T5214] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 125.470054][ T5246] usb 5-1: new low-speed USB device number 8 using dummy_hcd [ 125.540612][ T5246] usb 5-1: Invalid ep0 maxpacket: 16 [ 125.707775][ T5246] usb 5-1: new low-speed USB device number 9 using dummy_hcd [ 125.736652][ T5246] usb 5-1: Invalid ep0 maxpacket: 16 [ 125.739220][ T5246] usb usb5-port1: unable to enumerate USB device [ 125.755313][ T5202] Bluetooth: hci3: hardware error 0x20 [ 126.098256][ T6929] vcan0: entered allmulticast mode [ 126.296250][ T5244] usb 7-1: USB disconnect, device number 14 [ 126.301715][ T5244] usblp0: removed [ 126.370023][ T6944] netlink: 12 bytes leftover after parsing attributes in process `syz.1.453'. [ 126.491769][ T5214] Bluetooth: hci3: unexpected event for opcode 0x2036 [ 126.965962][ T5246] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 127.155980][ T5246] usb 6-1: Using ep0 maxpacket: 8 [ 127.168827][ T5246] usb 6-1: config index 0 descriptor too short (expected 5924, got 36) [ 127.173335][ T5246] usb 6-1: config 250 has an invalid interface number: 228 but max is -1 [ 127.178692][ T5246] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 127.184169][ T5246] usb 6-1: config 250 has no interface number 0 [ 127.187008][ T5246] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 127.198874][ T5246] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 127.204804][ T5246] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 127.218412][ T5246] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 127.235980][ T5246] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 127.241787][ T5246] usb 6-1: config 250 interface 228 has no altsetting 0 [ 127.257109][ T5246] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 127.260981][ T5246] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 127.264778][ T5246] usb 6-1: Product: syz [ 127.280628][ T5246] usb 6-1: SerialNumber: syz [ 127.296202][ T5246] hub 6-1:250.228: bad descriptor, ignoring hub [ 127.299144][ T5246] hub 6-1:250.228: probe with driver hub failed with error -5 [ 127.512911][ T5246] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 4 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 127.690639][ T6975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.696960][ T6975] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 127.819343][ T5202] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 127.822495][ T5202] Bluetooth: hci3: hardware error 0x20 [ 129.089275][ T6989] syzkaller0: entered promiscuous mode [ 129.094498][ T6989] syzkaller0: entered allmulticast mode [ 129.779032][ T5251] usb 6-1: USB disconnect, device number 4 [ 129.784116][ T5251] usblp0: removed [ 129.795465][ T7009] FAULT_INJECTION: forcing a failure. [ 129.795465][ T7009] name failslab, interval 1, probability 0, space 0, times 0 [ 129.805986][ T7009] CPU: 2 PID: 7009 Comm: syz.1.468 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 129.810307][ T7009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 129.814935][ T7009] Call Trace: [ 129.816444][ T7009] [ 129.817755][ T7009] dump_stack_lvl+0x16c/0x1f0 [ 129.819945][ T7009] should_fail_ex+0x497/0x5b0 [ 129.822058][ T7009] should_failslab+0x9/0x20 [ 129.824044][ T7009] kmalloc_trace_noprof+0x6b/0x310 [ 129.826310][ T7009] ? vcs_poll_data_get.part.0+0x43/0x280 [ 129.828765][ T7009] vcs_poll_data_get.part.0+0x43/0x280 [ 129.831158][ T7009] vcs_poll+0x123/0x150 [ 129.832981][ T7009] do_select+0xca0/0x17b0 [ 129.834892][ T7009] ? __pfx_lock_release+0x10/0x10 [ 129.837127][ T7009] ? __pfx_vcs_poll+0x10/0x10 [ 129.839213][ T7009] ? __pfx_do_select+0x10/0x10 [ 129.841301][ T7009] ? mark_lock+0xb5/0xc60 [ 129.843227][ T7009] ? __pfx_mark_lock+0x10/0x10 [ 129.845325][ T7009] ? __pfx___pollwait+0x10/0x10 [ 129.847514][ T7009] ? __pfx_pollwake+0x10/0x10 [ 129.849577][ T7009] ? __pfx_pollwake+0x10/0x10 [ 129.851658][ T7009] ? __pfx_pollwake+0x10/0x10 [ 129.853721][ T7009] ? __pfx_pollwake+0x10/0x10 [ 129.855816][ T7009] ? __pfx_pollwake+0x10/0x10 [ 129.857899][ T7009] ? __pfx_pollwake+0x10/0x10 [ 129.859966][ T7009] ? __pfx_pollwake+0x10/0x10 [ 129.862057][ T7009] ? __pfx_pollwake+0x10/0x10 [ 129.864136][ T7009] ? __pfx_pollwake+0x10/0x10 [ 129.866221][ T7009] ? compat_core_sys_select+0x1de/0x880 [ 129.868640][ T7009] ? __pfx_lock_release+0x10/0x10 [ 129.870847][ T7009] ? compat_core_sys_select+0x687/0x880 [ 129.873268][ T7009] compat_core_sys_select+0x687/0x880 [ 129.875625][ T7009] ? __pfx_compat_core_sys_select+0x10/0x10 [ 129.878192][ T7009] ? ksys_write+0x12f/0x260 [ 129.880179][ T7009] ? set_compat_user_sigmask+0x20f/0x2a0 [ 129.882619][ T7009] ? __pfx_set_compat_user_sigmask+0x10/0x10 [ 129.885238][ T7009] do_compat_pselect+0x202/0x240 [ 129.887424][ T7009] ? __pfx_do_compat_pselect+0x10/0x10 [ 129.889733][ T7009] ? ksys_write+0x1ab/0x260 [ 129.891761][ T7009] __ia32_compat_sys_pselect6_time32+0x141/0x1c0 [ 129.894536][ T7009] __do_fast_syscall_32+0x73/0x120 [ 129.896790][ T7009] do_fast_syscall_32+0x32/0x80 [ 129.897061][ T5202] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 129.898933][ T7009] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 129.898959][ T7009] RIP: 0023:0xf73b2579 [ 129.898974][ T7009] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 129.914218][ T7009] RSP: 002b:00000000f5cca57c EFLAGS: 00000292 ORIG_RAX: 0000000000000134 [ 129.917870][ T7009] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00000000200001c0 [ 129.921303][ T7009] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 129.924736][ T7009] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 129.928170][ T7009] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 129.931618][ T7009] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 129.935112][ T7009] [ 129.936616][ C2] vkms_vblank_simulate: vblank timer overrun [ 130.911186][ T7032] netlink: 766 bytes leftover after parsing attributes in process `syz.2.475'. [ 131.289702][ T7043] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 131.743607][ T7064] TCP: MD5 Hash mismatch for [fe80::bb].0->[ff02::1].20002 [R]L3 index 0 [ 132.052298][ T7079] fuse: Bad value for 'fd' [ 132.130389][ T7085] overlayfs: missing 'lowerdir' [ 132.555552][ T7091] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 132.939520][ T1352] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.943248][ T1352] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.406107][ T5236] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 133.625374][ T5236] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 133.642500][ T5236] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 133.648158][ T5236] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 133.656334][ T5236] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.672960][ T5236] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 133.677275][ T5236] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 133.680198][ T5236] usb 5-1: Product: syz [ 133.690019][ T5236] usb 5-1: Manufacturer: syz [ 133.735414][ T5236] cdc_wdm 5-1:1.0: skipping garbage [ 133.737941][ T5236] cdc_wdm 5-1:1.0: skipping garbage [ 133.745848][ T5236] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 133.749262][ T5236] cdc_wdm 5-1:1.0: Unknown control protocol [ 133.962115][ T5236] usb 5-1: USB disconnect, device number 10 [ 135.175705][ T7116] overlayfs: missing 'lowerdir' [ 135.199909][ T7118] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 135.356457][ T7128] fuse: Bad value for 'fd' [ 135.468908][ T7138] netlink: 4 bytes leftover after parsing attributes in process `syz.2.506'. [ 135.521923][ T7138] syz.2.506: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 135.530018][ T7138] CPU: 1 PID: 7138 Comm: syz.2.506 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 135.534755][ T7138] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 135.539455][ T7138] Call Trace: [ 135.541077][ T7138] [ 135.542452][ T7138] dump_stack_lvl+0x16c/0x1f0 [ 135.544472][ T7138] warn_alloc+0x24d/0x3a0 [ 135.546374][ T7138] ? __pfx_warn_alloc+0x10/0x10 [ 135.548605][ T7138] ? hlock_class+0x4e/0x130 [ 135.550579][ T7138] ? stack_depot_save_flags+0x28/0x900 [ 135.552992][ T7138] ? kasan_save_stack+0x42/0x60 [ 135.555215][ T7138] ? kasan_save_stack+0x33/0x60 [ 135.557239][ T7138] ? kasan_save_track+0x14/0x30 [ 135.559107][ T7138] ? __kasan_kmalloc+0xaa/0xb0 [ 135.561278][ T7138] ? xskq_create+0x52/0x1d0 [ 135.563356][ T7138] ? xsk_setsockopt+0x8b0/0xac0 [ 135.565281][ T7138] ? __sys_setsockopt+0x1a4/0x270 [ 135.567272][ T7138] ? __ia32_sys_setsockopt+0xbc/0x160 [ 135.569247][ T7138] ? __do_fast_syscall_32+0x73/0x120 [ 135.571363][ T7138] __vmalloc_node_range_noprof+0x10b8/0x1520 [ 135.573786][ T7138] ? xskq_create+0xfb/0x1d0 [ 135.575474][ T7138] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 135.578099][ T7138] ? xskq_create+0xfb/0x1d0 [ 135.579835][ T7138] vmalloc_user_noprof+0x6b/0x90 [ 135.581930][ T7138] ? xskq_create+0xfb/0x1d0 [ 135.583836][ T7138] xskq_create+0xfb/0x1d0 [ 135.585676][ T7138] xsk_setsockopt+0x8b0/0xac0 [ 135.587813][ T7138] ? __pfx_xsk_setsockopt+0x10/0x10 [ 135.589880][ T7138] ? __pfx_aa_sk_perm+0x10/0x10 [ 135.591805][ T7138] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 135.593995][ T7138] ? __pfx_xsk_setsockopt+0x10/0x10 [ 135.596089][ T7138] do_sock_setsockopt+0x222/0x480 [ 135.598149][ T7138] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 135.600467][ T7138] ? __fget_light+0x173/0x210 [ 135.602695][ T7138] __sys_setsockopt+0x1a4/0x270 [ 135.605100][ T7138] ? __pfx___sys_setsockopt+0x10/0x10 [ 135.607556][ T7138] ? xfd_validate_state+0x5d/0x180 [ 135.609945][ T7138] __ia32_sys_setsockopt+0xbc/0x160 [ 135.612504][ T7138] ? lockdep_hardirqs_on+0x7c/0x110 [ 135.614902][ T7138] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 135.617902][ T7138] __do_fast_syscall_32+0x73/0x120 [ 135.620257][ T7138] do_fast_syscall_32+0x32/0x80 [ 135.622667][ T7138] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 135.625603][ T7138] RIP: 0023:0xf73ca579 [ 135.629568][ T7138] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 135.638331][ T7138] RSP: 002b:00000000f5ce257c EFLAGS: 00000292 ORIG_RAX: 000000000000016e [ 135.641797][ T7138] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 000000000000011b [ 135.645152][ T7138] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 000000000000001c [ 135.648521][ T7138] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 135.651489][ T7138] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 135.655001][ T7138] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 135.658378][ T7138] [ 135.664682][ T7138] Mem-Info: [ 135.668965][ T7138] active_anon:4270 inactive_anon:2 isolated_anon:0 [ 135.668965][ T7138] active_file:10985 inactive_file:27477 isolated_file:0 [ 135.668965][ T7138] unevictable:772 dirty:307 writeback:0 [ 135.668965][ T7138] slab_reclaimable:4684 slab_unreclaimable:56978 [ 135.668965][ T7138] mapped:11976 shmem:829 pagetables:651 [ 135.668965][ T7138] sec_pagetables:328 bounce:0 [ 135.668965][ T7138] kernel_misc_reclaimable:0 [ 135.668965][ T7138] free:122580 free_pcp:3139 free_cma:0 [ 135.686634][ T7138] Node 0 active_anon:1452kB inactive_anon:0kB active_file:36kB inactive_file:0kB unevictable:1552kB isolated(anon):0kB isolated(file):0kB mapped:9380kB dirty:32kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10420kB pagetables:2008kB sec_pagetables:1276kB all_unreclaimable? no [ 135.700017][ T7138] Node 1 active_anon:17324kB inactive_anon:8kB active_file:43904kB inactive_file:110208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:38824kB dirty:1300kB writeback:0kB shmem:1780kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1064kB pagetables:604kB sec_pagetables:36kB all_unreclaimable? no [ 135.713652][ T7138] Node 0 DMA free:928kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:144kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:12kB writepending:0kB present:15992kB managed:15360kB mlocked:12kB bounce:0kB free_pcp:236kB local_pcp:20kB free_cma:0kB [ 135.726247][ T7138] lowmem_reserve[]: 0 374 0 0 0 [ 135.728407][ T7138] Node 0 DMA32 free:29680kB boost:0kB min:19048kB low:23808kB high:28568kB reserved_highatomic:6144KB active_anon:1308kB inactive_anon:0kB active_file:28kB inactive_file:0kB unevictable:1540kB writepending:32kB present:1032192kB managed:410800kB mlocked:4kB bounce:0kB free_pcp:2636kB local_pcp:240kB free_cma:0kB [ 135.741219][ T7138] lowmem_reserve[]: 0 0 0 0 0 [ 135.743268][ T7138] Node 1 DMA32 free:455656kB boost:0kB min:47048kB low:58808kB high:70568kB reserved_highatomic:0KB active_anon:19516kB inactive_anon:8kB active_file:43904kB inactive_file:110508kB unevictable:1536kB writepending:1300kB present:1048436kB managed:946208kB mlocked:0kB bounce:0kB free_pcp:9504kB local_pcp:948kB free_cma:0kB [ 135.757370][ T7138] lowmem_reserve[]: 0 0 0 0 0 [ 135.759865][ T7138] Node 0 DMA: 0*4kB 1*8kB (U) 14*16kB (UM) 12*32kB (UM) 5*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 936kB [ 135.767639][ T7138] Node 0 DMA32: 360*4kB (UH) 115*8kB (UEH) 44*16kB (UMEH) 101*32kB (UMEH) 50*64kB (UEH) 27*128kB (UMEH) 9*256kB (UE) 10*512kB (UMEH) 3*1024kB (UMH) 3*2048kB (UM) 0*4096kB = 29592kB [ 135.774509][ T7138] Node 1 DMA32: 3*4kB (UME) 1*8kB (U) 1*16kB (U) 82*32kB (UE) 28*64kB (UE) 8*128kB (UE) 3*256kB (UME) 5*512kB (ME) 10*1024kB (M) 13*2048kB (UME) 98*4096kB (UM) = 447076kB [ 135.782540][ T7138] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 135.788909][ T7138] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 135.793356][ T7138] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 135.798491][ T7138] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 135.803291][ T7138] 40251 total pagecache pages [ 135.805637][ T7138] 605 pages in swap cache [ 135.809154][ T7138] Free swap = 107176kB [ 135.811654][ T7138] Total swap = 124996kB [ 135.813648][ T7138] 524155 pages RAM [ 135.815479][ T7138] 0 pages HighMem/MovableOnly [ 135.818596][ T7138] 181063 pages reserved [ 135.820576][ T7138] 0 pages cma reserved [ 136.727513][ T7165] netlink: 4 bytes leftover after parsing attributes in process `syz.0.516'. [ 136.993802][ T7168] FAULT_INJECTION: forcing a failure. [ 136.993802][ T7168] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 137.002314][ T7168] CPU: 0 PID: 7168 Comm: syz.0.517 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 137.006813][ T7168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 137.011148][ T7168] Call Trace: [ 137.012448][ T7168] [ 137.013604][ T7168] dump_stack_lvl+0x16c/0x1f0 [ 137.015463][ T7168] should_fail_ex+0x497/0x5b0 [ 137.017354][ T7168] _copy_to_user+0x30/0xc0 [ 137.019273][ T7168] msr_read+0x155/0x250 [ 137.021060][ T7168] ? __pfx_msr_read+0x10/0x10 [ 137.023239][ T7168] ? security_file_permission+0x98/0xc0 [ 137.025583][ T7168] ? __pfx_msr_read+0x10/0x10 [ 137.027829][ T7168] vfs_read+0x1d4/0xbd0 [ 137.029457][ T7168] ? __pfx_vfs_read+0x10/0x10 [ 137.031453][ T7168] ? __fget_files+0x256/0x400 [ 137.033282][ T7168] ? __fget_light+0x173/0x210 [ 137.035463][ T7168] ksys_read+0x12f/0x260 [ 137.037304][ T7168] ? __pfx_ksys_read+0x10/0x10 [ 137.039632][ T7168] __do_fast_syscall_32+0x73/0x120 [ 137.041866][ T7168] do_fast_syscall_32+0x32/0x80 [ 137.044097][ T7168] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 137.046779][ T7168] RIP: 0023:0xf73e0579 [ 137.048665][ T7168] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 137.057059][ T7168] RSP: 002b:00000000f5cf857c EFLAGS: 00000292 ORIG_RAX: 0000000000000003 [ 137.060681][ T7168] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020019680 [ 137.064270][ T7168] RDX: 0000000000018ff8 RSI: 0000000000000000 RDI: 0000000000000000 [ 137.067632][ T7168] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 137.071169][ T7168] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 137.074754][ T7168] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 137.078287][ T7168] [ 137.342052][ T7175] fuse: Bad value for 'fd' [ 138.049908][ T55] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 138.236099][ T55] usb 6-1: Using ep0 maxpacket: 8 [ 138.240440][ T55] usb 6-1: config index 0 descriptor too short (expected 5924, got 36) [ 138.244099][ T55] usb 6-1: config 250 has an invalid interface number: 228 but max is -1 [ 138.254575][ T55] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 138.264228][ T55] usb 6-1: config 250 has no interface number 0 [ 138.267188][ T55] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 138.272051][ T55] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 138.276827][ T55] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 138.281219][ T55] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 138.285457][ T55] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 138.291905][ T55] usb 6-1: config 250 interface 228 has no altsetting 0 [ 138.297349][ T55] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 138.301201][ T55] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 138.304591][ T55] usb 6-1: Product: syz [ 138.306756][ T55] usb 6-1: SerialNumber: syz [ 138.313030][ T55] hub 6-1:250.228: bad descriptor, ignoring hub [ 138.317963][ T55] hub 6-1:250.228: probe with driver hub failed with error -5 [ 138.571034][ T55] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 5 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 138.624947][ T7185] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 138.635322][ T7185] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.894288][ T7200] block nbd3: shutting down sockets [ 140.847285][ T57] usb 6-1: USB disconnect, device number 5 [ 140.852846][ T57] usblp0: removed [ 140.864725][ T7211] fuse: Invalid rootmode [ 141.265709][ T7212] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 141.782853][ T7237] VFS: could not find a valid V7 on nullb0. [ 141.978976][ T7248] netlink: 2 bytes leftover after parsing attributes in process `syz.1.542'. [ 142.036143][ T7249] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 80 [ 142.180588][ T7264] fuse: Invalid rootmode [ 142.251247][ T7262] netlink: 44 bytes leftover after parsing attributes in process `syz.3.545'. [ 142.546266][ T35] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 142.728091][ T35] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.732985][ T35] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.737281][ T35] usb 8-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00 [ 142.741848][ T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.749789][ T35] usb 8-1: config 0 descriptor?? [ 142.969646][ T35] usbhid 8-1:0.0: can't add hid device: -71 [ 142.972361][ T35] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 142.984635][ T35] usb 8-1: USB disconnect, device number 3 [ 143.117222][ T7276] VFS: could not find a valid V7 on nullb0. [ 143.120182][ T7273] netlink: 766 bytes leftover after parsing attributes in process `syz.1.547'. [ 143.681302][ T7298] Cannot find add_set index 0 as target [ 143.701973][ T7299] fuse: Invalid rootmode [ 143.782833][ T7302] netlink: 766 bytes leftover after parsing attributes in process `syz.1.558'. [ 144.734616][ T7317] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 145.020300][ T7330] process 'syz.2.566' launched './file1' with NULL argv: empty string added [ 145.109569][ T5251] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 145.130902][ T7332] netlink: 766 bytes leftover after parsing attributes in process `syz.0.567'. [ 145.256061][ T5251] usb 8-1: device descriptor read/64, error -71 [ 145.388397][ T7338] fuse: Invalid rootmode [ 145.526418][ T5251] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 145.596350][ T55] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 145.676359][ T5251] usb 8-1: device descriptor read/64, error -71 [ 145.779625][ T55] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 145.783958][ T55] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.788920][ T55] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.796433][ T5251] usb usb8-port1: attempt power cycle [ 145.800903][ T55] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 145.804954][ T55] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.811678][ T55] usb 7-1: Product: syz [ 145.814385][ T55] usb 7-1: Manufacturer: syz [ 145.817347][ T55] usb 7-1: SerialNumber: syz [ 145.825243][ T55] usb 7-1: selecting invalid altsetting 1 [ 146.040217][ T7330] netlink: 16 bytes leftover after parsing attributes in process `syz.2.566'. [ 146.050442][ T55] cdc_ncm 7-1:1.0: failed GET_NTB_PARAMETERS [ 146.054777][ T55] cdc_ncm 7-1:1.0: bind() failure [ 146.066480][ T55] usb 7-1: USB disconnect, device number 15 [ 146.216210][ T5251] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 146.219762][ T7348] bridge0: entered allmulticast mode [ 146.223755][ T7348] bridge0: left allmulticast mode [ 146.256564][ T5251] usb 8-1: device descriptor read/8, error -71 [ 146.287467][ T39] kauditd_printk_skb: 136 callbacks suppressed [ 146.287483][ T39] audit: type=1326 audit(1754483635.262:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.0.572" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73e0579 code=0x7ffc0000 [ 146.300311][ T39] audit: type=1326 audit(1754483635.272:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.0.572" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73e0579 code=0x7ffc0000 [ 146.311916][ T39] audit: type=1326 audit(1754483635.272:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.0.572" exe="/syz-executor" sig=0 arch=40000003 syscall=344 compat=1 ip=0xf73e0579 code=0x7ffc0000 [ 146.321741][ T39] audit: type=1326 audit(1754483635.272:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.0.572" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73e0579 code=0x7ffc0000 [ 146.331545][ T39] audit: type=1326 audit(1754483635.272:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.0.572" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73e0579 code=0x7ffc0000 [ 146.341345][ T39] audit: type=1326 audit(1754483635.272:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.0.572" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73e0579 code=0x7ffc0000 [ 146.352142][ T39] audit: type=1326 audit(1754483635.272:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.0.572" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73e0579 code=0x7ffc0000 [ 146.362087][ T39] audit: type=1326 audit(1754483635.272:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.0.572" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73e0579 code=0x7ffc0000 [ 146.372182][ T39] audit: type=1326 audit(1754483635.272:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.0.572" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73e0579 code=0x7ffc0000 [ 146.383228][ T39] audit: type=1326 audit(1754483635.272:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.0.572" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73e0579 code=0x7ffc0000 [ 146.516046][ T968] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 146.546347][ T5251] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 146.552109][ T7352] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 146.556327][ T7352] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 146.585557][ T5251] usb 8-1: device descriptor read/8, error -71 [ 146.696292][ T968] usb 6-1: Using ep0 maxpacket: 32 [ 146.701387][ T7358] netlink: 766 bytes leftover after parsing attributes in process `syz.2.576'. [ 146.701663][ T968] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.710323][ T968] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.710751][ T5251] usb usb8-port1: unable to enumerate USB device [ 146.714931][ T968] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 146.728967][ T968] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 146.738380][ T968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 146.742545][ T968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.746678][ T968] usb 6-1: Product: syz [ 146.748553][ T968] usb 6-1: Manufacturer: syz [ 146.750649][ T968] usb 6-1: SerialNumber: syz [ 146.982856][ T968] cdc_ncm 6-1:1.0: bind() failure [ 146.994385][ T968] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 147.002944][ T968] cdc_ncm 6-1:1.1: bind() failure [ 147.017078][ T968] usb 6-1: USB disconnect, device number 6 [ 147.356827][ T7372] syzkaller1: entered promiscuous mode [ 147.359115][ T7372] syzkaller1: entered allmulticast mode [ 147.653147][ T7381] fuse: Invalid rootmode [ 147.913426][ T7388] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 147.917065][ T7388] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 148.234168][ T7393] netlink: 'syz.3.584': attribute type 11 has an invalid length. [ 148.691139][ T7397] netlink: 766 bytes leftover after parsing attributes in process `syz.1.586'. [ 149.292179][ T7409] warning: `syz.2.590' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 149.483057][ T7416] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 149.488824][ T7416] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 149.733015][ T7432] netlink: 8 bytes leftover after parsing attributes in process `syz.0.599'. [ 149.888063][ T968] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 150.066197][ T968] usb 8-1: Using ep0 maxpacket: 8 [ 150.070614][ T968] usb 8-1: config index 0 descriptor too short (expected 5924, got 36) [ 150.074753][ T968] usb 8-1: config 250 has an invalid interface number: 228 but max is -1 [ 150.079969][ T968] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 150.084034][ T968] usb 8-1: config 250 has no interface number 0 [ 150.091851][ T968] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 150.100659][ T968] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 150.105505][ T968] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 150.110563][ T968] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 150.115648][ T968] usb 8-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 150.121879][ T968] usb 8-1: config 250 interface 228 has no altsetting 0 [ 150.126949][ T968] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 150.130893][ T968] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 150.134342][ T968] usb 8-1: Product: syz [ 150.136028][ T968] usb 8-1: SerialNumber: syz [ 150.142530][ T968] hub 8-1:250.228: bad descriptor, ignoring hub [ 150.145808][ T968] hub 8-1:250.228: probe with driver hub failed with error -5 [ 150.269477][ T7453] netlink: 12 bytes leftover after parsing attributes in process `syz.1.605'. [ 150.319448][ T7452] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 150.355817][ T968] usblp 8-1:250.228: usblp0: USB Bidirectional printer dev 8 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 150.521514][ T7458] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.531931][ T7458] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 151.655948][ T7471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 152.687033][ T1388] usb 8-1: USB disconnect, device number 8 [ 152.701229][ T1388] usblp0: removed [ 152.845311][ T7479] FAULT_INJECTION: forcing a failure. [ 152.845311][ T7479] name failslab, interval 1, probability 0, space 0, times 0 [ 152.864019][ T7479] CPU: 0 PID: 7479 Comm: syz.0.612 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 152.868443][ T7479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 152.872930][ T7479] Call Trace: [ 152.874376][ T7479] [ 152.875645][ T7479] dump_stack_lvl+0x16c/0x1f0 [ 152.877716][ T7479] should_fail_ex+0x497/0x5b0 [ 152.879722][ T7479] should_failslab+0x9/0x20 [ 152.881674][ T7479] kmalloc_node_track_caller_noprof+0xcf/0x440 [ 152.886174][ T7479] ? kstrdup_const+0x63/0x80 [ 152.888299][ T7479] kstrdup+0x3c/0x80 [ 152.889902][ T7479] kstrdup_const+0x63/0x80 [ 152.891802][ T7479] __kernfs_new_node+0x9c/0x890 [ 152.894111][ T7479] ? kobject_add+0x12a/0x240 [ 152.896019][ T7479] ? blk_mq_update_nr_hw_queues+0x4b3/0x1320 [ 152.898382][ T7479] ? nbd_start_device+0x15b/0xed0 [ 152.900732][ T7479] ? __pfx___kernfs_new_node+0x10/0x10 [ 152.902729][ T7479] ? __pfx_mark_lock+0x10/0x10 [ 152.907482][ T7479] kernfs_new_node+0x186/0x240 [ 152.909597][ T7479] kernfs_create_dir_ns+0x4c/0x150 [ 152.911980][ T7479] sysfs_create_dir_ns+0x13b/0x2b0 [ 152.914252][ T7479] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 152.916805][ T7479] ? lockdep_hardirqs_on+0x7c/0x110 [ 152.919037][ T7479] ? kfree+0x12a/0x3b0 [ 152.920989][ T7479] kobject_add_internal+0x2c8/0x990 [ 152.923126][ T7479] kobject_add+0x16f/0x240 [ 152.925070][ T7479] ? __pfx_kobject_add+0x10/0x10 [ 152.927536][ T7479] ? __pfx_xa_find+0x10/0x10 [ 152.929564][ T7479] blk_mq_register_hctx+0x120/0x470 [ 152.931849][ T7479] blk_mq_sysfs_register_hctxs+0x13b/0x190 [ 152.934079][ T7479] ? __pfx_blk_mq_sysfs_register_hctxs+0x10/0x10 [ 152.936696][ T7479] ? blk_mq_update_queue_map+0x357/0x3f0 [ 152.939803][ T7479] ? __blk_mq_alloc_map_and_rqs+0xdb/0x1f0 [ 152.942379][ T7479] blk_mq_update_nr_hw_queues+0x4b3/0x1320 [ 152.944948][ T7479] ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10 [ 152.947620][ T7479] ? tomoyo_path_number_perm+0x190/0x5b0 [ 152.949928][ T7479] ? __pfx___mutex_lock+0x10/0x10 [ 152.952115][ T7479] nbd_start_device+0x15b/0xed0 [ 152.954192][ T7479] ? bpf_lsm_capable+0x9/0x10 [ 152.956150][ T7479] nbd_ioctl+0x21a/0xfd0 [ 152.958179][ T7479] ? __pfx_nbd_ioctl+0x10/0x10 [ 152.960266][ T7479] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 152.963144][ T7479] ? __pfx_nbd_ioctl+0x10/0x10 [ 152.965189][ T7479] compat_blkdev_ioctl+0x30a/0x770 [ 152.967475][ T7479] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 152.970079][ T7479] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 152.972457][ T7479] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 152.974936][ T7479] __do_compat_sys_ioctl+0x2c3/0x330 [ 152.977220][ T7479] __do_fast_syscall_32+0x73/0x120 [ 152.979555][ T7479] do_fast_syscall_32+0x32/0x80 [ 152.981771][ T7479] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 152.984874][ T7479] RIP: 0023:0xf73e0579 [ 152.986677][ T7479] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 152.994356][ T7479] RSP: 002b:00000000f5cf857c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 152.997511][ T7479] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ab03 [ 153.001550][ T7479] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 153.005884][ T7479] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 153.009264][ T7479] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 153.012492][ T7479] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 153.015881][ T7479] [ 153.037546][ T7491] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 153.106398][ T7479] kobject: kobject_add_internal failed for 0 (error: -12 parent: mq) [ 153.184314][ T5202] block nbd0: Receive control failed (result -32) [ 153.188919][ T5214] block nbd0: Receive control failed (result -32) [ 153.228336][ T7489] block nbd0: shutting down sockets [ 153.620877][ T7503] overlayfs: missing 'lowerdir' [ 154.249448][ T7513] netlink: 830 bytes leftover after parsing attributes in process `syz.1.622'. [ 154.576879][ T5245] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 154.759434][ T5245] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 154.774854][ T5245] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.780815][ T5245] usb 8-1: too many endpoints for config 1 interface 1 altsetting 237: 105, using maximum allowed: 30 [ 154.785713][ T5245] usb 8-1: config 1 interface 1 altsetting 237 has 0 endpoint descriptors, different from the interface descriptor's value: 105 [ 154.806287][ T5245] usb 8-1: config 1 interface 1 has no altsetting 0 [ 154.818291][ T5245] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 154.826446][ T5245] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.830309][ T5245] usb 8-1: Product: syz [ 154.832121][ T5245] usb 8-1: Manufacturer: syz [ 154.855932][ T5245] usb 8-1: SerialNumber: syz [ 154.862965][ T5245] usb 8-1: selecting invalid altsetting 1 [ 154.865548][ T5245] usb 8-1: selecting invalid altsetting 0 [ 154.875990][ T5245] usb 8-1: selecting invalid altsetting 0 [ 154.878735][ T5245] cdc_ncm 8-1:1.0: bind() failure [ 155.082472][ T7531] overlayfs: missing 'lowerdir' [ 155.305769][ T7535] evm: overlay not supported [ 157.093682][ T5214] block nbd2: Receive control failed (result -32) [ 157.104290][ T7550] block nbd2: shutting down sockets [ 157.244516][ T5245] usb 8-1: selecting invalid altsetting 0 [ 157.266155][ T5245] usbtest 8-1:1.1: probe with driver usbtest failed with error -22 [ 157.276648][ T5245] usb 8-1: USB disconnect, device number 9 [ 157.285792][ T5209] udevd[5209]: setting mode of /dev/bus/usb/008/009 to 020664 failed: No such file or directory [ 157.296075][ T5209] udevd[5209]: setting owner of /dev/bus/usb/008/009 to uid=0, gid=0 failed: No such file or directory [ 158.507561][ T7575] usb usb8: usbfs: process 7575 (syz.3.642) did not claim interface 0 before use [ 159.333384][ T7580] trusted_key: encrypted_key: insufficient parameters specified [ 159.896010][ T35] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 160.117921][ T35] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 160.122910][ T35] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.128559][ T35] usb 6-1: too many endpoints for config 1 interface 1 altsetting 237: 105, using maximum allowed: 30 [ 160.133689][ T35] usb 6-1: config 1 interface 1 altsetting 237 has 0 endpoint descriptors, different from the interface descriptor's value: 105 [ 160.140110][ T35] usb 6-1: config 1 interface 1 has no altsetting 0 [ 160.145660][ T35] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 160.152165][ T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.155987][ T35] usb 6-1: Product: syz [ 160.158390][ T35] usb 6-1: Manufacturer: syz [ 160.160404][ T35] usb 6-1: SerialNumber: syz [ 160.175318][ T35] usb 6-1: selecting invalid altsetting 1 [ 160.179181][ T35] usb 6-1: selecting invalid altsetting 0 [ 160.181731][ T35] usb 6-1: selecting invalid altsetting 0 [ 160.184136][ T35] cdc_ncm 6-1:1.0: bind() failure [ 161.599641][ T1388] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 161.775983][ T1388] usb 5-1: Using ep0 maxpacket: 8 [ 161.783286][ T1388] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 161.787172][ T1388] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 161.793862][ T1388] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 161.801326][ T1388] usb 5-1: config 250 has no interface number 0 [ 161.804203][ T1388] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 161.814163][ T1388] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 161.825310][ T1388] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 161.834344][ T1388] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 161.843479][ T1388] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 161.859119][ T1388] usb 5-1: config 250 interface 228 has no altsetting 0 [ 161.884369][ T1388] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 161.889132][ T1388] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 161.893467][ T1388] usb 5-1: Product: syz [ 161.895274][ T1388] usb 5-1: SerialNumber: syz [ 161.901459][ T1388] hub 5-1:250.228: bad descriptor, ignoring hub [ 161.907461][ T1388] hub 5-1:250.228: probe with driver hub failed with error -5 [ 162.130331][ T1388] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 11 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 162.188958][ T7606] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.193807][ T7606] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 162.213248][ T7608] netlink: 4 bytes leftover after parsing attributes in process `syz.2.649'. [ 162.541725][ T35] usb 6-1: selecting invalid altsetting 0 [ 162.543812][ T35] usbtest 6-1:1.1: probe with driver usbtest failed with error -22 [ 162.554308][ T35] usb 6-1: USB disconnect, device number 7 [ 163.232137][ T7615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 163.303017][ T7615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 163.323593][ T7615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 164.444444][ T1388] usb 5-1: USB disconnect, device number 11 [ 164.448404][ T1388] usblp0: removed [ 165.076268][ T7640] block device autoloading is deprecated and will be removed. [ 165.249849][ T7644] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 165.474516][ T7648] FAULT_INJECTION: forcing a failure. [ 165.474516][ T7648] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 165.496107][ T7648] CPU: 2 PID: 7648 Comm: syz.2.662 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 165.501403][ T7648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 165.507573][ T7648] Call Trace: [ 165.509153][ T7648] [ 165.510864][ T7648] dump_stack_lvl+0x16c/0x1f0 [ 165.513095][ T7648] should_fail_ex+0x497/0x5b0 [ 165.515138][ T7648] _copy_to_user+0x30/0xc0 [ 165.517007][ T7648] simple_read_from_buffer+0xd0/0x160 [ 165.519813][ T7648] proc_fail_nth_read+0x1b0/0x290 [ 165.522108][ T7648] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 165.524612][ T7648] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 165.527175][ T7648] vfs_read+0x1d4/0xbd0 [ 165.529066][ T7648] ? __fdget_pos+0xeb/0x180 [ 165.531113][ T7648] ? __pfx_vfs_read+0x10/0x10 [ 165.533271][ T7648] ? __pfx___mutex_lock+0x10/0x10 [ 165.535607][ T7648] ? __fget_files+0x256/0x400 [ 165.537750][ T7648] ksys_read+0x12f/0x260 [ 165.539611][ T7648] ? __pfx_ksys_read+0x10/0x10 [ 165.541981][ T7648] __do_fast_syscall_32+0x73/0x120 [ 165.544277][ T7648] do_fast_syscall_32+0x32/0x80 [ 165.546481][ T7648] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 165.549301][ T7648] RIP: 0023:0xf73ca579 [ 165.551122][ T7648] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 165.559483][ T7648] RSP: 002b:00000000f5ce25b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 165.563118][ T7648] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5ce2630 [ 165.566474][ T7648] RDX: 000000000000000f RSI: 00000000f73b4ff4 RDI: 0000000000000000 [ 165.569964][ T7648] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 165.573578][ T7648] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 165.577212][ T7648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 165.580388][ T7648] [ 168.021957][ T7695] netlink: 766 bytes leftover after parsing attributes in process `syz.0.674'. [ 168.298289][ T7698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.675'. [ 168.866623][ T5202] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 168.872775][ T5202] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 168.878000][ T5202] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 168.883257][ T5202] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 168.902603][ T5202] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 168.926890][ T5202] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 169.385537][ T7711] netlink: 32 bytes leftover after parsing attributes in process `syz.0.678'. [ 169.390613][ T7711] netlink: 4 bytes leftover after parsing attributes in process `syz.0.678'. [ 169.442361][ T7711] netlink: 12 bytes leftover after parsing attributes in process `syz.0.678'. [ 169.448672][ T7711] netlink: 104 bytes leftover after parsing attributes in process `syz.0.678'. [ 169.452541][ T7711] netlink: 104 bytes leftover after parsing attributes in process `syz.0.678'. [ 169.617533][ T82] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.643864][ T7705] chnl_net:caif_netlink_parms(): no params data found [ 169.722497][ T7715] net veth1_virt_wifi ªªªªªª: renamed from virt_wifi0 [ 169.790127][ T82] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.816108][ T5246] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 169.850292][ T7705] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.853259][ T7705] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.866941][ T7705] bridge_slave_0: entered allmulticast mode [ 169.871112][ T7705] bridge_slave_0: entered promiscuous mode [ 169.902037][ T82] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.913852][ T7705] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.917444][ T7705] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.920595][ T7705] bridge_slave_1: entered allmulticast mode [ 169.924522][ T7705] bridge_slave_1: entered promiscuous mode [ 169.996020][ T5246] usb 5-1: Using ep0 maxpacket: 16 [ 170.000161][ T5246] usb 5-1: config 0 has no interfaces? [ 170.007292][ T5246] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 170.011822][ T5246] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 170.025374][ T5246] usb 5-1: Product: syz [ 170.027444][ T5246] usb 5-1: SerialNumber: syz [ 170.037646][ T5246] usb 5-1: config 0 descriptor?? [ 170.038368][ T7705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 170.089924][ T82] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.103968][ T7705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 170.112707][ T7723] FAULT_INJECTION: forcing a failure. [ 170.112707][ T7723] name failslab, interval 1, probability 0, space 0, times 0 [ 170.119201][ T7723] CPU: 2 PID: 7723 Comm: syz.1.680 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 170.123663][ T7723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 170.128409][ T7723] Call Trace: [ 170.129954][ T7723] [ 170.131296][ T7723] dump_stack_lvl+0x16c/0x1f0 [ 170.133418][ T7723] should_fail_ex+0x497/0x5b0 [ 170.135561][ T7723] should_failslab+0x9/0x20 [ 170.137632][ T7723] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 170.140095][ T7723] ? prepare_creds+0x2e/0x750 [ 170.142233][ T7723] prepare_creds+0x2e/0x750 [ 170.144281][ T7723] __sys_setresgid+0x4af/0x1150 [ 170.146505][ T7723] __do_fast_syscall_32+0x73/0x120 [ 170.148686][ T7723] do_fast_syscall_32+0x32/0x80 [ 170.150905][ T7723] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 170.153758][ T7723] RIP: 0023:0xf73b2579 [ 170.155663][ T7723] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 170.164255][ T7723] RSP: 002b:00000000f5cca57c EFLAGS: 00000292 ORIG_RAX: 00000000000000aa [ 170.167909][ T7723] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 170.171106][ T7723] RDX: 00000000ffffff00 RSI: 0000000000000000 RDI: 0000000000000000 [ 170.174327][ T7723] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 170.177715][ T7723] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 170.181102][ T7723] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 170.184303][ T7723] [ 170.238724][ T7705] team0: Port device team_slave_0 added [ 170.244987][ T7705] team0: Port device team_slave_1 added [ 170.315776][ T7705] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 170.321394][ T7705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.333305][ T7705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.364240][ T7705] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.369102][ T7705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.380240][ T7705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.403407][ T7730] netlink: 766 bytes leftover after parsing attributes in process `syz.1.683'. [ 170.416696][ T82] bridge_slave_1: left allmulticast mode [ 170.418927][ T82] bridge_slave_1: left promiscuous mode [ 170.421488][ T82] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.427369][ T82] bridge_slave_0: left allmulticast mode [ 170.429622][ T82] bridge_slave_0: left promiscuous mode [ 170.431948][ T82] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.516782][ T7736] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.684'. [ 170.521227][ T7736] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 170.743714][ T82] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 170.759056][ T82] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 170.766682][ T82] bond0 (unregistering): Released all slaves [ 170.908157][ T7705] hsr_slave_0: entered promiscuous mode [ 170.911895][ T7705] hsr_slave_1: entered promiscuous mode [ 170.915180][ T7705] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.921610][ T7705] Cannot create hsr debugfs directory [ 171.016120][ T5214] Bluetooth: hci4: command tx timeout [ 171.247083][ T82] hsr_slave_0: left promiscuous mode [ 171.250419][ T82] hsr_slave_1: left promiscuous mode [ 171.253461][ T82] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 171.257140][ T82] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 171.261295][ T82] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 171.265449][ T82] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 171.311645][ T7755] netlink: 104 bytes leftover after parsing attributes in process `syz.1.687'. [ 171.332359][ T7755] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 171.335476][ T7755] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 171.346270][ T7755] vhci_hcd vhci_hcd.0: Device attached [ 171.349003][ T82] veth1_macvtap: left promiscuous mode [ 171.351542][ T82] veth0_macvtap: left promiscuous mode [ 171.354412][ T82] veth1_vlan: left promiscuous mode [ 171.356985][ T82] veth0_vlan: left promiscuous mode [ 171.626114][ T5246] usb 15-1: new high-speed USB device number 2 using vhci_hcd [ 172.189670][ T7756] vhci_hcd: connection reset by peer [ 172.208038][ T11] vhci_hcd: stop threads [ 172.209970][ T11] vhci_hcd: release socket [ 172.211931][ T11] vhci_hcd: disconnect device [ 172.286825][ T82] team0 (unregistering): Port device team_slave_1 removed [ 172.381004][ T82] team0 (unregistering): Port device team_slave_0 removed [ 172.529285][ T8] usb 5-1: USB disconnect, device number 12 [ 173.096180][ T5214] Bluetooth: hci4: command tx timeout [ 173.622749][ T7705] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 173.639723][ T7705] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 173.663545][ T7705] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 173.682131][ T7705] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 173.811643][ T7705] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.837327][ T7705] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.856705][ T5245] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.863235][ T5245] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.888763][ T968] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.891948][ T968] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.160738][ T7705] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.259117][ T7705] veth0_vlan: entered promiscuous mode [ 174.270832][ T7705] veth1_vlan: entered promiscuous mode [ 174.320154][ T7705] veth0_macvtap: entered promiscuous mode [ 174.338099][ T7705] veth1_macvtap: entered promiscuous mode [ 174.359059][ T7705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.363350][ T7705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.373450][ T7705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.382306][ T7705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.396264][ T7705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.400723][ T7705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.404731][ T7705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.420322][ T7705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.436637][ T7705] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 174.448693][ T7705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.453482][ T7705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.475991][ T7705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.482149][ T7705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.500631][ T7705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.505767][ T7705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.510420][ T7705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.514779][ T7705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.521770][ T7705] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.540276][ T7705] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.543943][ T7705] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.550017][ T7705] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.554458][ T7705] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.731914][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.735302][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.769130][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.772357][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.176033][ T5214] Bluetooth: hci4: command tx timeout [ 175.225966][ T57] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 175.409875][ T57] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 175.414582][ T57] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.425948][ T57] usb 8-1: too many endpoints for config 1 interface 1 altsetting 237: 105, using maximum allowed: 30 [ 175.435986][ T57] usb 8-1: config 1 interface 1 altsetting 237 has 0 endpoint descriptors, different from the interface descriptor's value: 105 [ 175.452941][ T57] usb 8-1: config 1 interface 1 has no altsetting 0 [ 175.463152][ T57] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 175.475957][ T57] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.479456][ T57] usb 8-1: Product: syz [ 175.481198][ T57] usb 8-1: Manufacturer: syz [ 175.483219][ T57] usb 8-1: SerialNumber: syz [ 175.500715][ T57] usb 8-1: selecting invalid altsetting 1 [ 175.503806][ T57] usb 8-1: selecting invalid altsetting 0 [ 175.516770][ T57] usb 8-1: selecting invalid altsetting 0 [ 175.519435][ T57] cdc_ncm 8-1:1.0: bind() failure [ 176.976016][ T5246] vhci_hcd: vhci_device speed not set [ 177.091949][ T7846] netlink: 766 bytes leftover after parsing attributes in process `syz.0.700'. [ 177.256036][ T5214] Bluetooth: hci4: command tx timeout [ 177.421028][ T7856] xt_NFQUEUE: number of total queues is 0 [ 177.880688][ T7863] sd 0:0:0:0: PR command failed: 1026 [ 177.883455][ T7863] sd 0:0:0:0: Sense Key : Illegal Request [current] [ 177.887871][ T7863] sd 0:0:0:0: Add. Sense: Invalid command operation code [ 177.966974][ T57] usb 8-1: selecting invalid altsetting 0 [ 177.969676][ T57] usbtest 8-1:1.1: probe with driver usbtest failed with error -22 [ 177.984769][ T57] usb 8-1: USB disconnect, device number 10 [ 178.026176][ T5543] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 178.211983][ T5543] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 178.220782][ T5543] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.230518][ T5543] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.238116][ T5543] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 178.243863][ T5543] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.249944][ T5543] usb 5-1: Product: syz [ 178.251662][ T5543] usb 5-1: Manufacturer: syz [ 178.254749][ T5543] usb 5-1: SerialNumber: syz [ 178.263898][ T5543] usb 5-1: selecting invalid altsetting 1 [ 178.422253][ T7871] netlink: 766 bytes leftover after parsing attributes in process `syz.1.709'. [ 178.445359][ C1] vkms_vblank_simulate: vblank timer overrun [ 178.475388][ T5543] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS [ 178.478382][ T5543] cdc_ncm 5-1:1.0: bind() failure [ 178.493052][ T5543] usb 5-1: USB disconnect, device number 13 [ 178.574586][ T7878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.710'. [ 178.791909][ T7885] 9pnet_virtio: no channels available for device 127.0.0.1 [ 178.988832][ T7894] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 179.175682][ T7908] futex_wake_op: syz.1.721 tries to shift op by -1; fix this program [ 179.206863][ T7910] netlink: 'syz.3.717': attribute type 10 has an invalid length. [ 179.238781][ T7910] team0: Failed to send options change via netlink (err -105) [ 179.242166][ T7910] team0: Port device netdevsim0 added [ 179.254431][ T5206] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 179.256851][ T7914] xt_policy: too many policy elements [ 179.270697][ T7904] netlink: 'syz.3.717': attribute type 10 has an invalid length. [ 179.297891][ T7904] team0: Failed to send options change via netlink (err -105) [ 179.301454][ T7904] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 179.307703][ T7904] team0: Port device netdevsim0 removed [ 179.313860][ T7904] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 179.325075][ T7905] netlink: 766 bytes leftover after parsing attributes in process `syz.0.718'. [ 179.331875][ T5214] Bluetooth: Unexpected start frame (len 18) [ 179.334815][ T5214] Bluetooth: Frame is too long (len 18, expected len 4) [ 179.477523][ T7927] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 179.546295][ T7934] netlink: 24 bytes leftover after parsing attributes in process `syz.0.728'. [ 179.590426][ T7930] netlink: 8 bytes leftover after parsing attributes in process `syz.0.728'. [ 179.596151][ T7930] netlink: 2432 bytes leftover after parsing attributes in process `syz.0.728'. [ 179.646148][ T35] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 179.875983][ T35] usb 8-1: Using ep0 maxpacket: 8 [ 179.891319][ T35] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 179.895047][ T35] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 179.905514][ T7947] mmap: syz.1.732 (7947) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 179.915986][ T35] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 179.920170][ T35] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 179.924379][ T35] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 179.931123][ T35] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 179.935084][ T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.152387][ T35] usb 8-1: usb_control_msg returned -32 [ 180.158257][ T35] usbtmc 8-1:16.0: can't read capabilities [ 180.442209][ T7950] FAULT_INJECTION: forcing a failure. [ 180.442209][ T7950] name failslab, interval 1, probability 0, space 0, times 0 [ 180.452667][ T7950] CPU: 1 PID: 7950 Comm: syz.2.733 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 180.456671][ T7950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 180.461956][ T7950] Call Trace: [ 180.463525][ T7950] [ 180.464830][ T7950] dump_stack_lvl+0x16c/0x1f0 [ 180.466973][ T7950] should_fail_ex+0x497/0x5b0 [ 180.469082][ T7950] should_failslab+0x9/0x20 [ 180.471098][ T7950] __kmalloc_noprof+0xcf/0x420 [ 180.472787][ T7950] ? __pfx___mutex_lock+0x10/0x10 [ 180.474908][ T7950] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 180.477834][ T7950] genl_start+0x18e/0x950 [ 180.479636][ T7950] __netlink_dump_start+0x622/0x9c0 [ 180.481839][ T7950] genl_family_rcv_msg_dumpit+0x1e1/0x2e0 [ 180.484202][ T7950] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 180.486601][ T7950] ? __pfx_genl_get_cmd+0x10/0x10 [ 180.488669][ T7950] ? __pfx_genl_start+0x10/0x10 [ 180.490303][ T7950] ? __pfx_genl_dumpit+0x10/0x10 [ 180.492156][ T7950] ? __pfx_genl_done+0x10/0x10 [ 180.493883][ T7950] ? __radix_tree_lookup+0x21f/0x2c0 [ 180.495892][ T7950] genl_rcv_msg+0x470/0x800 [ 180.497298][ T7950] ? __pfx_genl_rcv_msg+0x10/0x10 [ 180.498877][ T7950] ? __pfx_nl802154_list_associations+0x10/0x10 [ 180.501246][ T7950] ? __pfx___lock_acquire+0x10/0x10 [ 180.503278][ T7950] netlink_rcv_skb+0x165/0x410 [ 180.505159][ T7950] ? __pfx_genl_rcv_msg+0x10/0x10 [ 180.507508][ T7950] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 180.509878][ T7950] ? down_read+0xc9/0x330 [ 180.511828][ T7950] ? __pfx_down_read+0x10/0x10 [ 180.513966][ T7950] ? netlink_deliver_tap+0x1ae/0xcf0 [ 180.516390][ T7950] genl_rcv+0x28/0x40 [ 180.518231][ T7950] netlink_unicast+0x542/0x820 [ 180.520374][ T7950] ? __pfx_netlink_unicast+0x10/0x10 [ 180.522794][ T7950] ? __phys_addr_symbol+0x30/0x80 [ 180.525060][ T7950] ? __check_object_size+0x48e/0x720 [ 180.527571][ T7950] netlink_sendmsg+0x8b8/0xd70 [ 180.529748][ T7950] ? __pfx_netlink_sendmsg+0x10/0x10 [ 180.532099][ T7950] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 180.534427][ T7950] ____sys_sendmsg+0x9b4/0xb50 [ 180.536550][ T7950] ? __pfx_____sys_sendmsg+0x10/0x10 [ 180.538969][ T7950] ? get_compat_msghdr+0x11b/0x170 [ 180.541270][ T7950] ? __pfx___lock_acquire+0x10/0x10 [ 180.543588][ T7950] ___sys_sendmsg+0x135/0x1e0 [ 180.545709][ T7950] ? __pfx____sys_sendmsg+0x10/0x10 [ 180.548056][ T7950] ? ksys_write+0x21c/0x260 [ 180.550373][ T7950] ? __fget_light+0x173/0x210 [ 180.552770][ T7950] __sys_sendmsg+0x117/0x1f0 [ 180.554850][ T7950] ? __pfx___sys_sendmsg+0x10/0x10 [ 180.557158][ T7950] __do_fast_syscall_32+0x73/0x120 [ 180.559796][ T7950] do_fast_syscall_32+0x32/0x80 [ 180.562270][ T7950] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 180.565310][ T7950] RIP: 0023:0xf73ca579 [ 180.567174][ T7950] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 180.576060][ T7950] RSP: 002b:00000000f5ce257c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 180.579837][ T7950] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000300 [ 180.583614][ T7950] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 180.587565][ T7950] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 180.591056][ T7950] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 180.594700][ T7950] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 180.598251][ T7950] [ 180.599790][ C1] vkms_vblank_simulate: vblank timer overrun [ 181.027097][ T7964] usbtmc 8-1:16.0: usb_control_msg returned -32 [ 181.230004][ T5251] usb 8-1: USB disconnect, device number 11 [ 181.416045][ T5214] Bluetooth: hci4: command tx timeout [ 181.763508][ T7994] 9p: Unknown Cache mode or invalid value mmapA [ 182.739243][ T968] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 182.906073][ T968] usb 8-1: device descriptor read/64, error -71 [ 183.027805][ T8037] FAULT_INJECTION: forcing a failure. [ 183.027805][ T8037] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.039017][ T8037] CPU: 0 PID: 8037 Comm: syz.0.759 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 183.043282][ T8037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 183.047845][ T8037] Call Trace: [ 183.049295][ T8037] [ 183.050585][ T8037] dump_stack_lvl+0x16c/0x1f0 [ 183.052603][ T8037] should_fail_ex+0x497/0x5b0 [ 183.054694][ T8037] _copy_from_user+0x30/0xf0 [ 183.056687][ T8037] get_compat_msghdr+0xa8/0x170 [ 183.058795][ T8037] ? __pfx_get_compat_msghdr+0x10/0x10 [ 183.061160][ T8037] ? kfree+0x245/0x3b0 [ 183.062944][ T8037] ? find_held_lock+0x2d/0x110 [ 183.065045][ T8037] ___sys_recvmsg+0x193/0x1a0 [ 183.067138][ T8037] ? __pfx____sys_recvmsg+0x10/0x10 [ 183.069436][ T8037] ? __pfx___might_resched+0x10/0x10 [ 183.071702][ T8037] ? __fget_light+0x173/0x210 [ 183.073788][ T8037] do_recvmmsg+0x51a/0x750 [ 183.075722][ T8037] ? __pfx_do_recvmmsg+0x10/0x10 [ 183.077849][ T8037] ? __pfx_lock_release+0x10/0x10 [ 183.079991][ T8037] ? vfs_write+0x14d/0x1140 [ 183.082010][ T8037] __sys_recvmmsg+0x21e/0x280 [ 183.084060][ T8037] ? __pfx___sys_recvmmsg+0x10/0x10 [ 183.086299][ T8037] ? __pfx_ksys_write+0x10/0x10 [ 183.088482][ T8037] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 183.091169][ T8037] ? lockdep_hardirqs_on+0x7c/0x110 [ 183.093407][ T8037] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 183.096293][ T8037] __do_fast_syscall_32+0x73/0x120 [ 183.098536][ T8037] do_fast_syscall_32+0x32/0x80 [ 183.100632][ T8037] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 183.103134][ T8037] RIP: 0023:0xf73e0579 [ 183.104710][ T8037] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 183.111843][ T8037] RSP: 002b:00000000f5cf857c EFLAGS: 00000292 ORIG_RAX: 0000000000000151 [ 183.115189][ T8037] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000200055c0 [ 183.118544][ T8037] RDX: 000000000400023c RSI: 0000000000000302 RDI: 0000000000000000 [ 183.121917][ T8037] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 183.125327][ T8037] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 183.128720][ T8037] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 183.132084][ T8037] [ 183.209994][ T968] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 183.377086][ T968] usb 8-1: device descriptor read/64, error -71 [ 183.410924][ T8046] ip6gretap0: entered allmulticast mode [ 183.497119][ T968] usb usb8-port1: attempt power cycle [ 183.623407][ T8059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.769'. [ 183.651529][ T8056] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 183.806219][ T8066] netlink: 'syz.2.772': attribute type 10 has an invalid length. [ 183.809801][ T8066] netlink: 2 bytes leftover after parsing attributes in process `syz.2.772'. [ 183.813722][ T8066] bond0: entered promiscuous mode [ 183.820219][ T8066] bond_slave_0: entered promiscuous mode [ 183.823267][ T8066] bond_slave_1: entered promiscuous mode [ 183.827871][ T8066] bridge0: port 3(bond0) entered blocking state [ 183.831457][ T8066] bridge0: port 3(bond0) entered disabled state [ 183.834586][ T8066] bond0: entered allmulticast mode [ 183.837952][ T8066] bond_slave_0: entered allmulticast mode [ 183.840480][ T8066] bond_slave_1: entered allmulticast mode [ 183.848220][ T8066] bridge0: port 3(bond0) entered blocking state [ 183.850755][ T8066] bridge0: port 3(bond0) entered forwarding state [ 183.924834][ T8069] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117 [ 183.928644][ T968] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 183.931626][ T8069] PKCS7: Only support pkcs7_signedData type [ 183.940600][ T8069] tmpfs: Bad value for 'mpol' [ 183.956612][ T968] usb 8-1: device descriptor read/8, error -71 [ 184.253354][ T968] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 184.297123][ T968] usb 8-1: device descriptor read/8, error -71 [ 184.427191][ T968] usb usb8-port1: unable to enumerate USB device [ 184.832696][ T8072] VFS: could not find a valid V7 on nullb0. [ 186.182760][ T8107] FAULT_INJECTION: forcing a failure. [ 186.182760][ T8107] name failslab, interval 1, probability 0, space 0, times 0 [ 186.189331][ T8107] CPU: 3 PID: 8107 Comm: syz.3.785 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 186.193841][ T8107] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 186.198549][ T8107] Call Trace: [ 186.200192][ T8107] [ 186.201887][ T8107] dump_stack_lvl+0x16c/0x1f0 [ 186.204125][ T8107] should_fail_ex+0x497/0x5b0 [ 186.206211][ T8107] should_failslab+0x9/0x20 [ 186.208253][ T8107] __kmalloc_noprof+0xcf/0x420 [ 186.210457][ T8107] __list_lru_init+0xee/0x650 [ 186.212537][ T8107] alloc_super+0x90d/0xbd0 [ 186.214535][ T8107] ? __pfx_test_bdev_super+0x10/0x10 [ 186.216905][ T8107] sget+0x11b/0x6c0 [ 186.218545][ T8107] ? __pfx_set_bdev_super+0x10/0x10 [ 186.220863][ T8107] ? __pfx_jfs_fill_super+0x10/0x10 [ 186.223096][ T8107] mount_bdev+0x108/0x2d0 [ 186.224987][ T8107] ? __pfx_mount_bdev+0x10/0x10 [ 186.227086][ T8107] ? apparmor_capable+0x126/0x1e0 [ 186.229272][ T8107] ? __pfx_jfs_do_mount+0x10/0x10 [ 186.231132][ T8107] legacy_get_tree+0x109/0x220 [ 186.232791][ T8107] vfs_get_tree+0x8f/0x380 [ 186.234724][ T8107] path_mount+0x6e1/0x1f10 [ 186.236462][ T8107] ? kmem_cache_free+0x12f/0x3a0 [ 186.238576][ T8107] ? __pfx_path_mount+0x10/0x10 [ 186.240725][ T8107] ? putname+0x12e/0x170 [ 186.242542][ T8107] __ia32_sys_mount+0x295/0x320 [ 186.244622][ T8107] ? __pfx___ia32_sys_mount+0x10/0x10 [ 186.247058][ T8107] __do_fast_syscall_32+0x73/0x120 [ 186.249316][ T8107] do_fast_syscall_32+0x32/0x80 [ 186.251470][ T8107] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 186.253940][ T8107] RIP: 0023:0xf7450579 [ 186.255621][ T8107] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 186.263458][ T8107] RSP: 002b:00000000f5d6857c EFLAGS: 00000292 ORIG_RAX: 0000000000000015 [ 186.266680][ T8107] RAX: ffffffffffffffda RBX: 0000000020000100 RCX: 00000000200002c0 [ 186.270035][ T8107] RDX: 00000000200001c0 RSI: 0000000000000000 RDI: 0000000020000340 [ 186.273422][ T8107] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 186.276828][ T8107] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 186.280208][ T8107] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 186.283534][ T8107] [ 186.712826][ T8122] IPVS: set_ctl: invalid protocol: 43 255.255.255.255:20000 [ 187.193106][ T8134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.349493][ T5236] IPVS: starting estimator thread 0... [ 187.446244][ T8138] IPVS: using max 21 ests per chain, 50400 per kthread [ 187.584286][ T8144] FAULT_INJECTION: forcing a failure. [ 187.584286][ T8144] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 187.590018][ T8144] CPU: 1 PID: 8144 Comm: syz.1.797 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 187.593972][ T8144] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 187.594291][ T8142] Illegal XDP return value 4294967274 on prog (id 213) dev N/A, expect packet loss! [ 187.598261][ T8144] Call Trace: [ 187.598270][ T8144] [ 187.598275][ T8144] dump_stack_lvl+0x16c/0x1f0 [ 187.598299][ T8144] should_fail_ex+0x497/0x5b0 [ 187.608266][ T8144] _copy_to_user+0x30/0xc0 [ 187.610274][ T8144] simple_read_from_buffer+0xd0/0x160 [ 187.612469][ T8144] proc_fail_nth_read+0x1b0/0x290 [ 187.614505][ T8144] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 187.616590][ T8144] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 187.618704][ T8144] vfs_read+0x1d4/0xbd0 [ 187.620240][ T8144] ? __fdget_pos+0xeb/0x180 [ 187.621784][ T8144] ? __pfx_vfs_read+0x10/0x10 [ 187.623365][ T8144] ? __pfx___mutex_lock+0x10/0x10 [ 187.625055][ T8144] ? __fget_files+0x256/0x400 [ 187.626856][ T8144] ksys_read+0x12f/0x260 [ 187.628569][ T8144] ? __pfx_ksys_read+0x10/0x10 [ 187.630625][ T8144] __do_fast_syscall_32+0x73/0x120 [ 187.632763][ T8144] do_fast_syscall_32+0x32/0x80 [ 187.634813][ T8144] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 187.637541][ T8144] RIP: 0023:0xf73b2579 [ 187.639287][ T8144] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 187.646601][ T8144] RSP: 002b:00000000f5cca5b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 187.650010][ T8144] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5cca630 [ 187.653283][ T8144] RDX: 000000000000000f RSI: 00000000f739cff4 RDI: 0000000000000000 [ 187.656671][ T8144] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 187.660112][ T8144] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 187.663445][ T8144] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 187.666758][ T8144] [ 188.757728][ C2] vkms_vblank_simulate: vblank timer overrun [ 188.980234][ T8175] FAULT_INJECTION: forcing a failure. [ 188.980234][ T8175] name failslab, interval 1, probability 0, space 0, times 0 [ 188.986091][ T8175] CPU: 0 PID: 8175 Comm: syz.3.808 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 188.990714][ T8175] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 188.995144][ T8175] Call Trace: [ 188.996675][ T8175] [ 188.997903][ T8175] dump_stack_lvl+0x16c/0x1f0 [ 188.999696][ T8175] should_fail_ex+0x497/0x5b0 [ 189.001966][ T8175] should_failslab+0x9/0x20 [ 189.004339][ T8175] __kmalloc_noprof+0xcf/0x420 [ 189.007234][ T8175] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 189.010576][ T8175] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 189.013150][ T8175] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 189.015873][ T8175] ? ns_capable+0xd7/0x110 [ 189.017820][ T8175] genl_rcv_msg+0x565/0x800 [ 189.019757][ T8175] ? __pfx_genl_rcv_msg+0x10/0x10 [ 189.021987][ T8175] ? __dev_queue_xmit+0x85d/0x4130 [ 189.024128][ T8175] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 189.026429][ T8175] ? __pfx_nl80211_connect+0x10/0x10 [ 189.028637][ T8175] ? __pfx_nl80211_post_doit+0x10/0x10 [ 189.030966][ T8175] netlink_rcv_skb+0x165/0x410 [ 189.032948][ T8175] ? __pfx_genl_rcv_msg+0x10/0x10 [ 189.035145][ T8175] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 189.037434][ T8175] ? down_read+0xc9/0x330 [ 189.039308][ T8175] ? __pfx_down_read+0x10/0x10 [ 189.041368][ T8175] ? netlink_deliver_tap+0x1ae/0xcf0 [ 189.043625][ T8175] genl_rcv+0x28/0x40 [ 189.045322][ T8175] netlink_unicast+0x542/0x820 [ 189.047482][ T8175] ? __pfx_netlink_unicast+0x10/0x10 [ 189.049801][ T8175] ? __phys_addr_symbol+0x30/0x80 [ 189.052071][ T8175] ? __check_object_size+0x48e/0x720 [ 189.054593][ T8175] netlink_sendmsg+0x8b8/0xd70 [ 189.056798][ T8175] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.059018][ T8175] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 189.061577][ T8175] ____sys_sendmsg+0x9b4/0xb50 [ 189.063534][ T8175] ? __pfx_____sys_sendmsg+0x10/0x10 [ 189.065654][ T8175] ? get_compat_msghdr+0x11b/0x170 [ 189.068551][ T8175] ? __pfx___lock_acquire+0x10/0x10 [ 189.070722][ T8175] ___sys_sendmsg+0x135/0x1e0 [ 189.072698][ T8175] ? __pfx____sys_sendmsg+0x10/0x10 [ 189.074986][ T8175] ? ksys_write+0x21c/0x260 [ 189.076960][ T8175] ? __fget_light+0x173/0x210 [ 189.078954][ T8175] __sys_sendmsg+0x117/0x1f0 [ 189.080862][ T8175] ? __pfx___sys_sendmsg+0x10/0x10 [ 189.082954][ T8175] __do_fast_syscall_32+0x73/0x120 [ 189.086708][ T8175] do_fast_syscall_32+0x32/0x80 [ 189.090978][ T8175] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 189.093822][ T8175] RIP: 0023:0xf7450579 [ 189.095627][ T8175] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 189.103772][ T8175] RSP: 002b:00000000f5d6857c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 189.107282][ T8175] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0 [ 189.110957][ T8175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 189.114622][ T8175] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 189.118085][ T8175] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 189.121853][ T8175] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 189.125755][ T8175] [ 190.076026][ T5246] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 190.299246][ T5246] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 190.304293][ T5246] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 190.309064][ T5246] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 190.312876][ T5246] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.318289][ T8191] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 190.532034][ T5246] usb 5-1: USB disconnect, device number 14 [ 190.542316][ T8214] FAULT_INJECTION: forcing a failure. [ 190.542316][ T8214] name failslab, interval 1, probability 0, space 0, times 0 [ 190.547492][ T8214] CPU: 1 PID: 8214 Comm: syz.3.822 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 190.551769][ T8214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 190.556293][ T8214] Call Trace: [ 190.557817][ T8214] [ 190.559144][ T8214] dump_stack_lvl+0x16c/0x1f0 [ 190.561347][ T8214] should_fail_ex+0x497/0x5b0 [ 190.563128][ T8214] should_failslab+0x9/0x20 [ 190.564852][ T8214] kmalloc_trace_noprof+0x6b/0x310 [ 190.566819][ T8214] ? autofs_wait+0x30d/0x1c40 [ 190.568950][ T8214] autofs_wait+0x30d/0x1c40 [ 190.570945][ T8214] ? __pfx_lock_release+0x10/0x10 [ 190.573003][ T8214] ? find_held_lock+0x2d/0x110 [ 190.575135][ T8214] ? __pfx_autofs_wait+0x10/0x10 [ 190.577443][ T8214] ? find_held_lock+0x2d/0x110 [ 190.579711][ T8214] ? autofs_d_automount+0x386/0x7f0 [ 190.582044][ T8214] ? __pfx_lock_release+0x10/0x10 [ 190.584283][ T8214] autofs_mount_wait+0x132/0x380 [ 190.586445][ T8214] autofs_d_automount+0x390/0x7f0 [ 190.588657][ T8214] __traverse_mounts+0x192/0x760 [ 190.590878][ T8214] step_into+0x888/0x2230 [ 190.592813][ T8214] ? __pfx_step_into+0x10/0x10 [ 190.594886][ T8214] walk_component+0xfc/0x5b0 [ 190.596699][ T8214] path_lookupat+0x17f/0x770 [ 190.598532][ T8214] filename_lookup+0x1e5/0x5b0 [ 190.600611][ T8214] ? __pfx_lock_release+0x10/0x10 [ 190.602846][ T8214] ? __pfx_filename_lookup+0x10/0x10 [ 190.605252][ T8214] ? getname_flags.part.0+0x1e1/0x4f0 [ 190.607957][ T8214] user_path_at_empty+0x42/0x60 [ 190.610220][ T8214] __ia32_sys_chdir+0xc2/0x270 [ 190.612543][ T8214] ? ksys_write+0x1ab/0x260 [ 190.614830][ T8214] ? __pfx___ia32_sys_chdir+0x10/0x10 [ 190.617165][ T8214] __do_fast_syscall_32+0x73/0x120 [ 190.619536][ T8214] do_fast_syscall_32+0x32/0x80 [ 190.621854][ T8214] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 190.624634][ T8214] RIP: 0023:0xf7450579 [ 190.626596][ T8214] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 190.635015][ T8214] RSP: 002b:00000000f5d6857c EFLAGS: 00000292 ORIG_RAX: 000000000000000c [ 190.638665][ T8214] RAX: ffffffffffffffda RBX: 0000000020000140 RCX: 0000000000000000 [ 190.642114][ T8214] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 190.645503][ T8214] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 190.648668][ T8214] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 190.668297][ T8214] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 190.671817][ T8214] [ 190.908697][ T8245] FAULT_INJECTION: forcing a failure. [ 190.908697][ T8245] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 190.914716][ T8245] CPU: 1 PID: 8245 Comm: syz.3.830 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 190.919037][ T8245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 190.923699][ T8245] Call Trace: [ 190.925303][ T8245] [ 190.926665][ T8245] dump_stack_lvl+0x16c/0x1f0 [ 190.928649][ T8245] should_fail_ex+0x497/0x5b0 [ 190.930647][ T8245] _copy_from_iter+0x27a/0xfb0 [ 190.932643][ T8245] ? __alloc_skb+0x200/0x380 [ 190.934519][ T8245] ? __pfx___alloc_skb+0x10/0x10 [ 190.936643][ T8245] ? __pfx__copy_from_iter+0x10/0x10 [ 190.938744][ T8245] ? __lock_acquire+0x1410/0x3b30 [ 190.940837][ T8245] ? __virt_addr_valid+0x5e/0x590 [ 190.942990][ T8245] ? const_folio_flags.constprop.0+0x56/0x150 [ 190.945521][ T8245] ? __phys_addr_symbol+0x30/0x80 [ 190.947302][ T8245] ? __check_object_size+0x48e/0x720 [ 190.949238][ T8245] tcp_sendmsg_locked+0x18d7/0x3550 [ 190.951458][ T8245] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 190.953837][ T8245] ? tcp_sendmsg+0x20/0x50 [ 190.955388][ T8245] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 190.957459][ T8245] ? __local_bh_enable_ip+0xa4/0x120 [ 190.959481][ T8245] tcp_sendmsg+0x2e/0x50 [ 190.961679][ T8245] ? __pfx_tcp_sendmsg+0x10/0x10 [ 190.964178][ T8245] inet_sendmsg+0xb9/0x140 [ 190.966362][ T8245] __sys_sendto+0x42c/0x4e0 [ 190.968550][ T8245] ? __pfx___sys_sendto+0x10/0x10 [ 190.970709][ T8245] ? ksys_write+0x1ab/0x260 [ 190.972442][ T8245] ? __pfx_ksys_write+0x10/0x10 [ 190.974345][ T8245] __ia32_sys_sendto+0xdd/0x1b0 [ 190.976482][ T8245] ? lockdep_hardirqs_on+0x7c/0x110 [ 190.978759][ T8245] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 190.981515][ T8245] __do_fast_syscall_32+0x73/0x120 [ 190.983766][ T8245] do_fast_syscall_32+0x32/0x80 [ 190.986065][ T8245] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 190.988987][ T8245] RIP: 0023:0xf7450579 [ 190.990820][ T8245] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 190.998757][ T8245] RSP: 002b:00000000f5d6857c EFLAGS: 00000292 ORIG_RAX: 0000000000000171 [ 191.002774][ T8245] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000740 [ 191.006239][ T8245] RDX: 0000000000000001 RSI: 0000000000000011 RDI: 0000000000000000 [ 191.009726][ T8245] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 191.013142][ T8245] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 191.016740][ T8245] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 191.020099][ T8245] [ 191.055671][ T8253] FAULT_INJECTION: forcing a failure. [ 191.055671][ T8253] name failslab, interval 1, probability 0, space 0, times 0 [ 191.063264][ T8253] CPU: 0 PID: 8253 Comm: syz.3.834 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 191.066768][ T8253] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 191.070475][ T8253] Call Trace: [ 191.071675][ T8253] [ 191.072739][ T8253] dump_stack_lvl+0x16c/0x1f0 [ 191.074677][ T8253] should_fail_ex+0x497/0x5b0 [ 191.076518][ T8253] should_failslab+0x9/0x20 [ 191.078366][ T8253] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 191.080568][ T8253] ? build_skb+0x48/0x2e0 [ 191.082313][ T8253] build_skb+0x48/0x2e0 [ 191.083921][ T8253] __tun_build_skb+0x2c/0x340 [ 191.085811][ T8253] tun_build_skb.constprop.0+0x7df/0x1250 [ 191.088217][ T8253] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 191.090638][ T8253] ? hlock_class+0x4e/0x130 [ 191.092468][ T8253] ? __lock_acquire+0xc5d/0x3b30 [ 191.094485][ T8253] tun_get_user+0x888/0x3c20 [ 191.096632][ T8253] ? __pfx_tun_get_user+0x10/0x10 [ 191.098624][ T8253] ? find_held_lock+0x2d/0x110 [ 191.100442][ T8253] ? __pfx_lock_release+0x10/0x10 [ 191.102485][ T8253] tun_chr_write_iter+0xe8/0x210 [ 191.104280][ T8253] vfs_write+0x6b6/0x1140 [ 191.105754][ T8253] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 191.107905][ T8253] ? __pfx_vfs_write+0x10/0x10 [ 191.109790][ T8253] ? __fget_files+0x256/0x400 [ 191.111598][ T8253] ? __fget_light+0x173/0x210 [ 191.113344][ T8253] ksys_write+0x12f/0x260 [ 191.115044][ T8253] ? __pfx_ksys_write+0x10/0x10 [ 191.116781][ T8253] __do_fast_syscall_32+0x73/0x120 [ 191.118845][ T8253] do_fast_syscall_32+0x32/0x80 [ 191.120710][ T8253] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 191.123185][ T8253] RIP: 0023:0xf7450579 [ 191.124861][ T8253] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 191.131378][ T8253] RSP: 002b:00000000f5d68540 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 191.134552][ T8253] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000080 [ 191.137491][ T8253] RDX: 0000000000000026 RSI: 00000000f743aff4 RDI: 0000000000000000 [ 191.140520][ T8253] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 191.143626][ T8253] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 191.146610][ T8253] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 191.149338][ T8253] [ 191.455969][ T8258] infiniband syz1: set down [ 191.457507][ T5246] infiniband syz1: ib_query_port failed (-19) [ 191.458639][ T8258] infiniband syz1: added syzkaller0 [ 191.465150][ T8258] syz1: rxe_create_cq: returned err = -12 [ 191.476888][ T8258] infiniband syz1: Couldn't create ib_mad CQ [ 191.486472][ T8258] infiniband syz1: Couldn't open port 1 [ 191.534021][ T8258] RDS/IB: syz1: added [ 191.547382][ T8258] smc: adding ib device syz1 with port count 1 [ 191.550257][ T8258] smc: ib device syz1 port 1 has pnetid [ 191.569542][ T8258] smc: removing ib device syz1 [ 191.855760][ T8258] rdma_rxe: rxe_newlink: failed to add syzkaller0 [ 193.896076][ T57] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 194.085968][ T57] usb 7-1: Using ep0 maxpacket: 8 [ 194.097526][ T57] usb 7-1: config index 0 descriptor too short (expected 5924, got 36) [ 194.100909][ T57] usb 7-1: config 250 has an invalid interface number: 228 but max is -1 [ 194.114853][ T57] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 194.125938][ T57] usb 7-1: config 250 has no interface number 0 [ 194.128204][ T57] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 194.133332][ T57] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 194.142185][ T57] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 194.156252][ T57] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 194.160911][ T57] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 194.172136][ T57] usb 7-1: config 250 interface 228 has no altsetting 0 [ 194.177968][ T57] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 194.181843][ T57] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 194.185283][ T57] usb 7-1: Product: syz [ 194.193244][ T57] usb 7-1: SerialNumber: syz [ 194.199305][ T57] hub 7-1:250.228: bad descriptor, ignoring hub [ 194.201728][ T57] hub 7-1:250.228: probe with driver hub failed with error -5 [ 194.384716][ T1352] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.387616][ T1352] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.417473][ T57] usblp 7-1:250.228: usblp0: USB Bidirectional printer dev 16 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 194.457600][ T8330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.461692][ T8330] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.666558][ T35] usb 7-1: USB disconnect, device number 16 [ 196.671646][ T35] usblp0: removed [ 197.638896][ T55] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 197.817108][ T55] usb 6-1: Using ep0 maxpacket: 8 [ 197.820237][ T8402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.874'. [ 197.821694][ T55] usb 6-1: config index 0 descriptor too short (expected 5924, got 36) [ 197.827808][ T55] usb 6-1: config 250 has an invalid interface number: 228 but max is -1 [ 197.832369][ T55] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 197.836974][ T55] usb 6-1: config 250 has no interface number 0 [ 197.839845][ T55] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 197.844749][ T55] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 197.849367][ T55] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 197.853898][ T55] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 197.859804][ T55] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 197.865689][ T55] usb 6-1: config 250 interface 228 has no altsetting 0 [ 197.866000][ T8401] netlink: 4 bytes leftover after parsing attributes in process `syz.0.874'. [ 197.871508][ T55] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 197.876017][ T55] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 197.879573][ T55] usb 6-1: Product: syz [ 197.881375][ T55] usb 6-1: SerialNumber: syz [ 197.889431][ T55] hub 6-1:250.228: bad descriptor, ignoring hub [ 197.892396][ T55] hub 6-1:250.228: probe with driver hub failed with error -5 [ 198.093864][ T55] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 8 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 198.240216][ T8389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.243754][ T8389] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.846023][ T5206] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 199.031570][ T5206] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 199.036340][ T5206] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 199.041454][ T5206] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 199.045498][ T5206] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.054510][ T5206] usb 7-1: config 0 descriptor?? [ 199.291687][ T8431] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.882'. [ 199.476341][ T8421] qnx6: unable to set blocksize [ 199.494001][ T5206] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 199.499594][ T5206] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 199.502573][ T5206] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 199.505525][ T5206] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 199.509054][ T5206] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 199.513290][ T5206] cm6533_jd 0003:0D8C:0022.0004: No inputs registered, leaving [ 199.514846][ T8437] netlink: 8 bytes leftover after parsing attributes in process `syz.3.884'. [ 199.523318][ T8437] netlink: 16 bytes leftover after parsing attributes in process `syz.3.884'. [ 199.531713][ T8437] gtp0: entered promiscuous mode [ 199.533986][ T8437] gtp0: entered allmulticast mode [ 199.534404][ T5206] cm6533_jd 0003:0D8C:0022.0004: hiddev1,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 199.698175][ T5246] usb 7-1: USB disconnect, device number 17 [ 200.448096][ T5251] usb 6-1: USB disconnect, device number 8 [ 200.459785][ T5251] usblp0: removed [ 200.858211][ T8472] netlink: 8 bytes leftover after parsing attributes in process `syz.1.893'. [ 200.862094][ T8472] netlink: 16 bytes leftover after parsing attributes in process `syz.1.893'. [ 200.873526][ T8472] gtp0: entered promiscuous mode [ 200.875817][ T8472] gtp0: entered allmulticast mode [ 201.131225][ T8476] program syz.2.895 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 201.503508][ T8485] overlayfs: failed to resolve './file1': -2 [ 201.836386][ T8488] netlink: 1068 bytes leftover after parsing attributes in process `syz.1.899'. [ 203.045292][ T8517] program syz.3.906 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 203.420481][ T8539] FAULT_INJECTION: forcing a failure. [ 203.420481][ T8539] name failslab, interval 1, probability 0, space 0, times 0 [ 203.426239][ T8539] CPU: 2 PID: 8539 Comm: syz.2.912 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 203.430348][ T8539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 203.434742][ T8539] Call Trace: [ 203.436204][ T8539] [ 203.437482][ T8539] dump_stack_lvl+0x16c/0x1f0 [ 203.439172][ T8539] should_fail_ex+0x497/0x5b0 [ 203.442204][ T8539] should_failslab+0x9/0x20 [ 203.444233][ T8539] kmem_cache_alloc_node_noprof+0x71/0x310 [ 203.446650][ T8539] ? alloc_vmap_area+0x636/0x2a70 [ 203.448782][ T8539] alloc_vmap_area+0x636/0x2a70 [ 203.450865][ T8539] ? __pfx_alloc_vmap_area+0x10/0x10 [ 203.453199][ T8539] __get_vm_area_node+0x17e/0x2d0 [ 203.455429][ T8539] ? mark_lock+0xb5/0xc60 [ 203.457357][ T8539] __vmalloc_node_range_noprof+0x276/0x1520 [ 203.459957][ T8539] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 203.462474][ T8539] ? mark_lock+0xb5/0xc60 [ 203.464503][ T8539] ? __pfx_mark_lock+0x10/0x10 [ 203.466739][ T8539] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 203.469248][ T8539] ? hlock_class+0x4e/0x130 [ 203.471618][ T8539] ? mark_lock+0xb5/0xc60 [ 203.473649][ T8539] ? aa_get_newest_label+0x376/0x680 [ 203.475981][ T8539] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 203.478779][ T8539] ? __pfx_aa_get_newest_label+0x10/0x10 [ 203.481272][ T8539] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 203.483699][ T8539] __vmalloc_noprof+0x6d/0x90 [ 203.485764][ T8539] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 203.488358][ T8539] bpf_prog_alloc_no_stats+0x54/0x5e0 [ 203.490817][ T8539] bpf_prog_alloc+0x3b/0x240 [ 203.492997][ T8539] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 203.495610][ T8539] bpf_prog_load+0x1758/0x2670 [ 203.497707][ T8539] ? __pfx_bpf_prog_load+0x10/0x10 [ 203.499943][ T8539] ? find_held_lock+0x2d/0x110 [ 203.502181][ T8539] ? security_bpf+0x8c/0xc0 [ 203.504176][ T8539] __sys_bpf+0x9d2/0x5830 [ 203.506094][ T8539] ? __pfx___sys_bpf+0x10/0x10 [ 203.508240][ T8539] ? ksys_write+0x21c/0x260 [ 203.510210][ T8539] ? __pfx_lock_release+0x10/0x10 [ 203.512361][ T8539] ? __mutex_unlock_slowpath+0x164/0x650 [ 203.514487][ T8539] ? fput+0x32/0x390 [ 203.516222][ T8539] ? ksys_write+0x1ab/0x260 [ 203.518243][ T8539] ? __pfx_ksys_write+0x10/0x10 [ 203.520315][ T8539] __ia32_sys_bpf+0x76/0xe0 [ 203.522293][ T8539] __do_fast_syscall_32+0x73/0x120 [ 203.524610][ T8539] do_fast_syscall_32+0x32/0x80 [ 203.526863][ T8539] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 203.529585][ T8539] RIP: 0023:0xf73ca579 [ 203.531040][ T8539] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 203.538583][ T8539] RSP: 002b:00000000f5ce257c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 203.542210][ T8539] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000600 [ 203.545642][ T8539] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 203.549093][ T8539] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 203.552431][ T8539] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 203.555636][ T8539] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 203.558542][ T8539] [ 203.575462][ T8539] warn_alloc: 1 callbacks suppressed [ 203.575478][ T8539] syz.2.912: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 203.588116][ T8539] CPU: 3 PID: 8539 Comm: syz.2.912 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 203.592326][ T8539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 203.596760][ T8539] Call Trace: [ 203.598330][ T8539] [ 203.599632][ T8539] dump_stack_lvl+0x16c/0x1f0 [ 203.601588][ T8539] warn_alloc+0x24d/0x3a0 [ 203.603508][ T8539] ? __pfx_warn_alloc+0x10/0x10 [ 203.605673][ T8539] ? lockdep_hardirqs_on+0x7c/0x110 [ 203.607990][ T8539] ? __get_vm_area_node+0x27d/0x2d0 [ 203.610311][ T8539] ? __get_vm_area_node+0x1bc/0x2d0 [ 203.612648][ T8539] __vmalloc_node_range_noprof+0xc1e/0x1520 [ 203.615278][ T8539] ? mark_lock+0xb5/0xc60 [ 203.617893][ T8539] ? __pfx_mark_lock+0x10/0x10 [ 203.620033][ T8539] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 203.622489][ T8539] ? hlock_class+0x4e/0x130 [ 203.624537][ T8539] ? mark_lock+0xb5/0xc60 [ 203.626512][ T8539] ? aa_get_newest_label+0x376/0x680 [ 203.628858][ T8539] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 203.631667][ T8539] ? __pfx_aa_get_newest_label+0x10/0x10 [ 203.634143][ T8539] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 203.636541][ T8539] __vmalloc_noprof+0x6d/0x90 [ 203.638445][ T8539] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 203.640950][ T8539] bpf_prog_alloc_no_stats+0x54/0x5e0 [ 203.643378][ T8539] bpf_prog_alloc+0x3b/0x240 [ 203.645508][ T8539] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 203.648202][ T8539] bpf_prog_load+0x1758/0x2670 [ 203.650361][ T8539] ? __pfx_bpf_prog_load+0x10/0x10 [ 203.652630][ T8539] ? find_held_lock+0x2d/0x110 [ 203.654908][ T8539] ? security_bpf+0x8c/0xc0 [ 203.657034][ T8539] __sys_bpf+0x9d2/0x5830 [ 203.658970][ T8539] ? __pfx___sys_bpf+0x10/0x10 [ 203.661115][ T8539] ? ksys_write+0x21c/0x260 [ 203.663176][ T8539] ? __pfx_lock_release+0x10/0x10 [ 203.665392][ T8539] ? __mutex_unlock_slowpath+0x164/0x650 [ 203.667581][ T8539] ? fput+0x32/0x390 [ 203.669193][ T8539] ? ksys_write+0x1ab/0x260 [ 203.671208][ T8539] ? __pfx_ksys_write+0x10/0x10 [ 203.673340][ T8539] __ia32_sys_bpf+0x76/0xe0 [ 203.675334][ T8539] __do_fast_syscall_32+0x73/0x120 [ 203.677561][ T8539] do_fast_syscall_32+0x32/0x80 [ 203.679674][ T8539] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 203.682507][ T8539] RIP: 0023:0xf73ca579 [ 203.684399][ T8539] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 203.692993][ T8539] RSP: 002b:00000000f5ce257c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 203.697324][ T8539] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000600 [ 203.700603][ T8539] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 203.704283][ T8539] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 203.707776][ T8539] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 203.711408][ T8539] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 203.714779][ T8539] [ 203.718135][ T8539] Mem-Info: [ 203.719674][ T8539] active_anon:5965 inactive_anon:60 isolated_anon:0 [ 203.719674][ T8539] active_file:3473 inactive_file:35565 isolated_file:0 [ 203.719674][ T8539] unevictable:791 dirty:366 writeback:0 [ 203.719674][ T8539] slab_reclaimable:4883 slab_unreclaimable:57965 [ 203.719674][ T8539] mapped:12033 shmem:844 pagetables:688 [ 203.719674][ T8539] sec_pagetables:329 bounce:0 [ 203.719674][ T8539] kernel_misc_reclaimable:0 [ 203.719674][ T8539] free:116185 free_pcp:3210 free_cma:0 [ 203.739102][ T8539] Node 0 active_anon:128kB inactive_anon:2484kB active_file:60kB inactive_file:56kB unevictable:1628kB isolated(anon):0kB isolated(file):0kB mapped:6020kB dirty:88kB writeback:0kB shmem:1916kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10132kB pagetables:1956kB sec_pagetables:1280kB all_unreclaimable? no [ 203.752459][ T8539] Node 1 active_anon:21360kB inactive_anon:128kB active_file:13832kB inactive_file:142204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:42112kB dirty:1376kB writeback:0kB shmem:1460kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1336kB pagetables:796kB sec_pagetables:36kB all_unreclaimable? no [ 203.764734][ T8539] Node 0 DMA free:832kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:28kB active_file:0kB inactive_file:0kB unevictable:8kB writepending:0kB present:15992kB managed:15360kB mlocked:8kB bounce:0kB free_pcp:200kB local_pcp:8kB free_cma:0kB [ 203.777925][ T8539] lowmem_reserve[]: 0 374 0 0 0 [ 203.794965][ T8539] Node 0 DMA32 free:30504kB boost:0kB min:19048kB low:23808kB high:28568kB reserved_highatomic:6144KB active_anon:348kB inactive_anon:2256kB active_file:116kB inactive_file:0kB unevictable:1620kB writepending:88kB present:1032192kB managed:410800kB mlocked:84kB bounce:0kB free_pcp:2400kB local_pcp:408kB free_cma:0kB [ 203.807705][ T8539] lowmem_reserve[]: 0 0 0 0 0 [ 203.809772][ T8539] Node 1 DMA32 free:435692kB boost:0kB min:47048kB low:58808kB high:70568kB reserved_highatomic:0KB active_anon:21360kB inactive_anon:128kB active_file:13832kB inactive_file:142204kB unevictable:1536kB writepending:1376kB present:1048436kB managed:946208kB mlocked:0kB bounce:0kB free_pcp:8488kB local_pcp:5228kB free_cma:0kB [ 203.842987][ T8539] lowmem_reserve[]: 0 0 0 0 0 [ 203.844700][ T8539] Node 0 DMA: 10*4kB (U) 28*8kB (U) 34*16kB (U) 8*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 1064kB [ 203.850030][ T8539] Node 0 DMA32: 760*4kB (UMEH) 251*8kB (UMEH) 29*16kB (UEH) 133*32kB (UMEH) 49*64kB (UEH) 28*128kB (UMEH) 13*256kB (ME) 11*512kB (UMEH) 1*1024kB (H) 2*2048kB (M) 0*4096kB = 30568kB [ 203.857140][ T8539] Node 1 DMA32: 23*4kB (UME) 49*8kB (UE) 47*16kB (UE) 38*32kB (UME) 151*64kB (UME) 145*128kB (UME) 92*256kB (UME) 29*512kB (ME) 22*1024kB (UM) 10*2048kB (ME) 79*4096kB (UM) = 435668kB [ 203.863658][ T8539] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 203.867179][ T8539] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 203.870269][ T8539] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 203.874335][ T8539] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 203.879709][ T8539] 40521 total pagecache pages [ 203.881899][ T8539] 616 pages in swap cache [ 203.883310][ T8539] Free swap = 107528kB [ 203.884802][ T8539] Total swap = 124996kB [ 203.886896][ T8539] 524155 pages RAM [ 203.888319][ T8539] 0 pages HighMem/MovableOnly [ 203.890089][ T8539] 181063 pages reserved [ 203.891670][ T8539] 0 pages cma reserved [ 204.122449][ T8552] program syz.3.917 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 204.228821][ T8560] FAULT_INJECTION: forcing a failure. [ 204.228821][ T8560] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 204.234626][ T8560] CPU: 0 PID: 8560 Comm: syz.1.920 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 204.238762][ T8560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 204.243232][ T8560] Call Trace: [ 204.244657][ T8560] [ 204.245873][ T8560] dump_stack_lvl+0x16c/0x1f0 [ 204.247821][ T8560] should_fail_ex+0x497/0x5b0 [ 204.249720][ T8560] strncpy_from_user+0x38/0x300 [ 204.251764][ T8560] strncpy_from_user_nofault+0x7f/0x180 [ 204.254063][ T8560] bpf_probe_read_user_str+0x26/0x70 [ 204.256159][ T8560] bpf_prog_02a70dbeb5f742df+0x42/0x44 [ 204.258285][ T8560] bpf_trace_run2+0x231/0x590 [ 204.259999][ T8560] ? __pfx_bpf_trace_run2+0x10/0x10 [ 204.262118][ T8560] ? tomoyo_realpath_from_path+0xb2/0x710 [ 204.264619][ T8560] ? tomoyo_realpath_from_path+0xb2/0x710 [ 204.267198][ T8560] __traceiter_kfree+0x2d/0x50 [ 204.269330][ T8560] kfree+0x229/0x3b0 [ 204.271065][ T8560] ? __kmalloc_noprof+0x20b/0x420 [ 204.273239][ T8560] tomoyo_realpath_from_path+0xb2/0x710 [ 204.275561][ T8560] ? tomoyo_fill_path_info+0x233/0x420 [ 204.277833][ T8560] tomoyo_mount_acl+0x1af/0x880 [ 204.279710][ T8560] ? hlock_class+0x4e/0x130 [ 204.282097][ T8560] ? __lock_acquire+0x14f4/0x3b30 [ 204.284514][ T8560] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 204.286755][ T8560] ? putname+0x12e/0x170 [ 204.288568][ T8560] ? __pfx___lock_acquire+0x10/0x10 [ 204.290872][ T8560] ? stack_trace_save+0x95/0xd0 [ 204.293013][ T8560] ? __pfx_stack_trace_save+0x10/0x10 [ 204.295420][ T8560] ? tomoyo_domain+0xbb/0x150 [ 204.297531][ T8560] ? tomoyo_profile+0x47/0x60 [ 204.299616][ T8560] tomoyo_mount_permission+0x16b/0x410 [ 204.301990][ T8560] ? tomoyo_mount_permission+0x146/0x410 [ 204.304448][ T8560] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 204.306633][ T8560] ? get_current_fs_domain+0x188/0x1f0 [ 204.308513][ T8560] security_sb_mount+0x8d/0xe0 [ 204.310492][ T8560] path_mount+0x129/0x1f10 [ 204.312288][ T8560] ? kmem_cache_free+0x12f/0x3a0 [ 204.313961][ T8560] ? __pfx_path_mount+0x10/0x10 [ 204.315837][ T8560] ? putname+0x12e/0x170 [ 204.317518][ T8560] __ia32_sys_mount+0x295/0x320 [ 204.319472][ T8560] ? __pfx___ia32_sys_mount+0x10/0x10 [ 204.321533][ T8560] __do_fast_syscall_32+0x73/0x120 [ 204.323236][ T8560] do_fast_syscall_32+0x32/0x80 [ 204.325007][ T8560] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 204.327257][ T8560] RIP: 0023:0xf73b2579 [ 204.328720][ T8560] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 204.335996][ T8560] RSP: 002b:00000000f5cca57c EFLAGS: 00000292 ORIG_RAX: 0000000000000015 [ 204.339115][ T8560] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000020000540 [ 204.342428][ T8560] RDX: 0000000020000580 RSI: 0000000000000000 RDI: 0000000020000000 [ 204.345729][ T8560] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 204.348467][ T8560] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 204.351840][ T8560] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 204.355127][ T8560] [ 204.464416][ T8566] netlink: 8 bytes leftover after parsing attributes in process `syz.3.922'. [ 204.469039][ T8566] netlink: 16 bytes leftover after parsing attributes in process `syz.3.922'. [ 204.476351][ T8566] gtp1: entered promiscuous mode [ 204.478583][ T8566] gtp1: entered allmulticast mode [ 205.028356][ T8580] FAULT_INJECTION: forcing a failure. [ 205.028356][ T8580] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 205.034168][ T8580] CPU: 1 PID: 8580 Comm: syz.3.926 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 205.038391][ T8580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 205.043954][ T8580] Call Trace: [ 205.045794][ T8580] [ 205.047343][ T8580] dump_stack_lvl+0x16c/0x1f0 [ 205.049697][ T8580] should_fail_ex+0x497/0x5b0 [ 205.051889][ T8580] _copy_from_user+0x30/0xf0 [ 205.053551][ T8580] ucma_write+0x135/0x340 [ 205.055125][ T8580] ? __pfx_ucma_write+0x10/0x10 [ 205.057254][ T8580] ? security_file_permission+0x98/0xc0 [ 205.059790][ T8580] ? __pfx_ucma_write+0x10/0x10 [ 205.061883][ T8580] vfs_writev+0x6ec/0xde0 [ 205.063662][ T8580] ? __pfx_vfs_writev+0x10/0x10 [ 205.065782][ T8580] ? __fget_files+0x24c/0x400 [ 205.067863][ T8580] ? do_writev+0x287/0x370 [ 205.069794][ T8580] do_writev+0x287/0x370 [ 205.071532][ T8580] ? __pfx_do_writev+0x10/0x10 [ 205.073540][ T8580] __do_fast_syscall_32+0x73/0x120 [ 205.075959][ T8580] do_fast_syscall_32+0x32/0x80 [ 205.077991][ T8580] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 205.080599][ T8580] RIP: 0023:0xf7450579 [ 205.082321][ T8580] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 205.091951][ T8580] RSP: 002b:00000000f5d6857c EFLAGS: 00000292 ORIG_RAX: 0000000000000092 [ 205.096131][ T8580] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 205.100349][ T8580] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000 [ 205.103630][ T8580] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 205.107211][ T8580] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 205.110790][ T8580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 205.114013][ T8580] [ 205.115350][ C1] vkms_vblank_simulate: vblank timer overrun [ 205.184940][ T8585] netlink: 4 bytes leftover after parsing attributes in process `syz.3.928'. [ 205.193755][ T8585] netlink: 4 bytes leftover after parsing attributes in process `syz.3.928'. [ 205.205117][ T8585] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 205.208078][ T8585] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 205.215006][ T8585] vhci_hcd vhci_hcd.0: Device attached [ 205.245938][ T8586] vhci_hcd: cannot find the pending unlink 4 [ 205.313917][ T8586] vhci_hcd: connection closed [ 205.315264][ T1089] vhci_hcd: stop threads [ 205.320068][ T1089] vhci_hcd: release socket [ 205.322107][ T1089] vhci_hcd: disconnect device [ 205.577734][ T8602] netlink: 'syz.1.932': attribute type 9 has an invalid length. [ 205.581352][ T8602] netlink: 'syz.1.932': attribute type 6 has an invalid length. [ 206.486138][ T8613] netlink: 8 bytes leftover after parsing attributes in process `syz.1.936'. [ 206.489800][ T8613] netlink: 16 bytes leftover after parsing attributes in process `syz.1.936'. [ 206.496423][ T8613] gtp1: entered promiscuous mode [ 206.498489][ T8613] gtp1: entered allmulticast mode [ 207.510302][ T8637] netlink: 4 bytes leftover after parsing attributes in process `syz.2.944'. [ 207.529325][ T8637] netlink: 4 bytes leftover after parsing attributes in process `syz.2.944'. [ 207.554157][ T8637] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 207.557286][ T8637] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 207.566907][ T8637] vhci_hcd vhci_hcd.0: Device attached [ 207.592803][ T8640] vhci_hcd: cannot find the pending unlink 4 [ 207.686134][ T8640] vhci_hcd: connection closed [ 207.687786][ T1089] vhci_hcd: stop threads [ 207.691920][ T1089] vhci_hcd: release socket [ 207.699837][ T1089] vhci_hcd: disconnect device [ 207.766150][ T55] vhci_hcd: vhci_device speed not set [ 207.906800][ T5214] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0' [ 207.912126][ T5214] CPU: 0 PID: 5214 Comm: kworker/u33:6 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 207.916962][ T5214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 207.922584][ T5214] Workqueue: hci4 hci_rx_work [ 207.924761][ T5214] Call Trace: [ 207.926155][ T5214] [ 207.927444][ T5214] dump_stack_lvl+0x16c/0x1f0 [ 207.929747][ T5214] sysfs_warn_dup+0x7f/0xa0 [ 207.931977][ T5214] sysfs_create_dir_ns+0x24d/0x2b0 [ 207.934348][ T5214] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 207.936725][ T5214] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 207.939019][ T5214] ? do_raw_spin_unlock+0x172/0x230 [ 207.941398][ T5214] kobject_add_internal+0x2c8/0x990 [ 207.943847][ T5214] kobject_add+0x16f/0x240 [ 207.946132][ T5214] ? __pfx_kobject_add+0x10/0x10 [ 207.948236][ T5214] ? do_raw_spin_unlock+0x172/0x230 [ 207.950416][ T5214] ? kobject_put+0xbe/0x5b0 [ 207.952356][ T5214] device_add+0x289/0x1a70 [ 207.954479][ T5214] ? __pfx_dev_set_name+0x10/0x10 [ 207.956449][ T65] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 207.956678][ T5214] ? __pfx_device_add+0x10/0x10 [ 207.963016][ T5214] ? mgmt_send_event_skb+0x2f0/0x460 [ 207.963052][ T65] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 207.964916][ T5214] hci_conn_add_sysfs+0x17e/0x230 [ 207.970368][ T65] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 207.971367][ T65] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 207.973309][ T5214] le_conn_complete_evt+0xfc7/0x1cf0 [ 207.973348][ T5214] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 207.978933][ T65] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 207.979014][ T5214] ? trace_contention_end+0xea/0x140 [ 207.982579][ T65] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 207.984814][ T5214] hci_le_conn_complete_evt+0x23c/0x370 [ 207.992514][ T5214] hci_le_meta_evt+0x2e2/0x5d0 [ 207.994498][ T5214] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 207.997214][ T5214] hci_event_packet+0x664/0x1190 [ 207.999271][ T5214] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 208.001370][ T5214] ? __pfx_hci_event_packet+0x10/0x10 [ 208.003585][ T5214] ? mark_held_locks+0x9f/0xe0 [ 208.005711][ T5214] ? kcov_remote_start+0x3d1/0x6e0 [ 208.007992][ T5214] ? lockdep_hardirqs_on+0x7c/0x110 [ 208.010258][ T5214] hci_rx_work+0x2c4/0x1610 [ 208.012437][ T5214] process_one_work+0x958/0x1ad0 [ 208.014740][ T5214] ? __pfx_lock_acquire+0x10/0x10 [ 208.017256][ T5214] ? __pfx_process_one_work+0x10/0x10 [ 208.019709][ T5214] ? assign_work+0x1a0/0x250 [ 208.021859][ T5214] worker_thread+0x6c8/0xf30 [ 208.023935][ T5214] ? __pfx_worker_thread+0x10/0x10 [ 208.026342][ T5214] kthread+0x2c1/0x3a0 [ 208.028014][ T5214] ? _raw_spin_unlock_irq+0x23/0x50 [ 208.030404][ T5214] ? __pfx_kthread+0x10/0x10 [ 208.032060][ T1097] ------------[ cut here ]------------ [ 208.032359][ T5214] ret_from_fork+0x45/0x80 [ 208.032382][ T5214] ? __pfx_kthread+0x10/0x10 [ 208.035050][ T1097] WARNING: CPU: 3 PID: 1097 at net/wireless/nl80211.c:19473 cfg80211_bss_color_notify+0x60b/0x7d0 [ 208.036801][ T5214] ret_from_fork_asm+0x1a/0x30 [ 208.036835][ T5214] [ 208.038333][ T5214] kobject: kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 208.039070][ T1097] Modules linked in: [ 208.043578][ T5214] Bluetooth: hci4: failed to register connection device [ 208.047969][ T1097] CPU: 3 PID: 1097 Comm: kworker/u32:9 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 208.055336][ T5214] Bluetooth: hci4: hardware error 0x20 [ 208.060995][ T1097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 208.080625][ T1097] Workqueue: phy7 ieee80211_color_collision_detection_work [ 208.083807][ T1097] RIP: 0010:cfg80211_bss_color_notify+0x60b/0x7d0 [ 208.086951][ T1097] Code: 3c 5b f7 49 8d 7f 68 be ff ff ff ff e8 9e 3a a9 00 31 ff 89 c3 89 c6 e8 93 37 5b f7 85 db 0f 85 16 fb ff ff e8 86 3c 5b f7 90 <0f> 0b 90 e9 08 fb ff ff e8 78 3c 5b f7 0f b6 44 24 1c ba 01 00 00 SYZFAIL: failed to recv rpc [ 208.115202][ T1097] RSP: 0018:ffffc90006c67bf8 EFLAGS: 00010293 fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 208.118381][ T1097] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8a33528d [ 208.121954][ T1097] RDX: ffff8880206e4880 RSI: ffffffff8a33529a RDI: 0000000000000005 [ 208.125362][ T1097] RBP: 000000000000008d R08: 0000000000000005 R09: 0000000000000000 [ 208.128866][ T1097] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880587cc000 [ 208.132395][ T1097] R13: ffff8880154b0000 R14: ffff8880587cccb0 R15: ffff88802bf40700 [ 208.135831][ T1097] FS: 0000000000000000(0000) GS:ffff88802c300000(0000) knlGS:0000000000000000 [ 208.139551][ T1097] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 208.142038][ T1097] CR2: 0000000000000000 CR3: 000000001b674000 CR4: 0000000000350ef0 [ 208.145035][ T1097] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 208.148177][ T1097] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 208.151614][ T1097] Call Trace: [ 208.153067][ T1097] [ 208.154365][ T1097] ? show_regs+0x8c/0xa0 [ 208.156286][ T1097] ? __warn+0xe5/0x3c0 [ 208.158094][ T1097] ? cfg80211_bss_color_notify+0x60b/0x7d0 [ 208.160722][ T1097] ? report_bug+0x3c0/0x580 [ 208.162723][ T1097] ? handle_bug+0x3d/0x70 [ 208.168666][ T1097] ? exc_invalid_op+0x17/0x50 [ 208.172262][ T1097] ? asm_exc_invalid_op+0x1a/0x20 [ 208.175554][ T1097] ? cfg80211_bss_color_notify+0x5fd/0x7d0 [ 208.178669][ T1097] ? cfg80211_bss_color_notify+0x60a/0x7d0 [ 208.181463][ T1097] ? cfg80211_bss_color_notify+0x60b/0x7d0 [ 208.184261][ T1097] ? cfg80211_bss_color_notify+0x60a/0x7d0 [ 208.187203][ T1097] ? __pfx_lock_acquire+0x10/0x10 [ 208.189451][ T1097] ? __pfx_cfg80211_bss_color_notify+0x10/0x10 [ 208.192388][ T1097] process_one_work+0x958/0x1ad0 [ 208.194767][ T1097] ? __pfx_lock_acquire+0x10/0x10 [ 208.197527][ T1097] ? __pfx_process_one_work+0x10/0x10 [ 208.200182][ T1097] ? assign_work+0x1a0/0x250 [ 208.202371][ T1097] worker_thread+0x6c8/0xf30 [ 208.204528][ T1097] ? __kthread_parkme+0x148/0x220 [ 208.207013][ T1097] ? __pfx_worker_thread+0x10/0x10 [ 208.209170][ T1097] kthread+0x2c1/0x3a0 [ 208.210957][ T1097] ? _raw_spin_unlock_irq+0x23/0x50 [ 208.213555][ T1097] ? __pfx_kthread+0x10/0x10 [ 208.216768][ T1097] ret_from_fork+0x45/0x80 [ 208.219196][ T1097] ? __pfx_kthread+0x10/0x10 [ 208.221374][ T1097] ret_from_fork_asm+0x1a/0x30 [ 208.223656][ T1097] [ 208.225158][ T1097] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 208.228650][ T1097] CPU: 3 PID: 1097 Comm: kworker/u32:9 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 208.233607][ T1097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 208.239392][ T1097] Workqueue: phy7 ieee80211_color_collision_detection_work [ 208.242816][ T1097] Call Trace: [ 208.244350][ T1097] [ 208.245998][ T1097] dump_stack_lvl+0x3d/0x1f0 [ 208.247846][ T1097] panic+0x6f5/0x7a0 [ 208.249559][ T1097] ? __pfx_panic+0x10/0x10 [ 208.251377][ T1097] ? show_trace_log_lvl+0x363/0x500 [ 208.253589][ T1097] ? check_panic_on_warn+0x1f/0xb0 [ 208.255813][ T1097] ? cfg80211_bss_color_notify+0x60b/0x7d0 [ 208.258320][ T1097] check_panic_on_warn+0xab/0xb0 [ 208.260357][ T1097] __warn+0xf1/0x3c0 [ 208.262073][ T1097] ? cfg80211_bss_color_notify+0x60b/0x7d0 [ 208.264561][ T1097] report_bug+0x3c0/0x580 [ 208.266778][ T1097] handle_bug+0x3d/0x70 [ 208.268982][ T1097] exc_invalid_op+0x17/0x50 [ 208.271136][ T1097] asm_exc_invalid_op+0x1a/0x20 [ 208.273265][ T1097] RIP: 0010:cfg80211_bss_color_notify+0x60b/0x7d0 [ 208.276000][ T1097] Code: 3c 5b f7 49 8d 7f 68 be ff ff ff ff e8 9e 3a a9 00 31 ff 89 c3 89 c6 e8 93 37 5b f7 85 db 0f 85 16 fb ff ff e8 86 3c 5b f7 90 <0f> 0b 90 e9 08 fb ff ff e8 78 3c 5b f7 0f b6 44 24 1c ba 01 00 00 [ 208.284899][ T1097] RSP: 0018:ffffc90006c67bf8 EFLAGS: 00010293 [ 208.288397][ T1097] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8a33528d [ 208.292044][ T1097] RDX: ffff8880206e4880 RSI: ffffffff8a33529a RDI: 0000000000000005 [ 208.295579][ T1097] RBP: 000000000000008d R08: 0000000000000005 R09: 0000000000000000 [ 208.299746][ T1097] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880587cc000 [ 208.304072][ T1097] R13: ffff8880154b0000 R14: ffff8880587cccb0 R15: ffff88802bf40700 [ 208.307406][ T1097] ? cfg80211_bss_color_notify+0x5fd/0x7d0 [ 208.309961][ T1097] ? cfg80211_bss_color_notify+0x60a/0x7d0 [ 208.312407][ T1097] ? cfg80211_bss_color_notify+0x60a/0x7d0 [ 208.314822][ T1097] ? __pfx_lock_acquire+0x10/0x10 [ 208.316939][ T1097] ? __pfx_cfg80211_bss_color_notify+0x10/0x10 [ 208.319600][ T1097] process_one_work+0x958/0x1ad0 [ 208.321382][ T1097] ? __pfx_lock_acquire+0x10/0x10 [ 208.323421][ T1097] ? __pfx_process_one_work+0x10/0x10 [ 208.325629][ T1097] ? assign_work+0x1a0/0x250 [ 208.327419][ T1097] worker_thread+0x6c8/0xf30 [ 208.329102][ T1097] ? __kthread_parkme+0x148/0x220 [ 208.330972][ T1097] ? __pfx_worker_thread+0x10/0x10 [ 208.333129][ T1097] kthread+0x2c1/0x3a0 [ 208.334934][ T1097] ? _raw_spin_unlock_irq+0x23/0x50 [ 208.337152][ T1097] ? __pfx_kthread+0x10/0x10 [ 208.338863][ T1097] ret_from_fork+0x45/0x80 [ 208.340509][ T1097] ? __pfx_kthread+0x10/0x10 [ 208.342328][ T1097] ret_from_fork_asm+0x1a/0x30 [ 208.344153][ T1097] [ 208.345891][ T1097] Kernel Offset: disabled [ 208.347594][ T1097] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:50:05 Registers: info registers vcpu 0 CPU#0 RAX=0000000000040000 RBX=0000000000000001 RCX=ffffffff816f9f2e RDX=ffff8880206e2440 RSI=0000000000000000 RDI=0000000000000001 RBP=0000000000000035 RSP=ffffc900033f7730 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000003 R12=0000000000000200 R13=ffff8880206e4880 R14=ffffffff8c693e80 R15=ffffc900033f77b8 RIP=ffffffff818e8871 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000046cf0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000039 RCX=ffffffff81f550ce RDX=ffff8880195a4880 RSI=0000000000000039 RDI=00000000ffffffff RBP=ffff88801eff21d0 RSP=ffffc90000e9f730 R8 =0000000000000006 R9 =0000000000000011 R10=0000000000000001 R11=0000000000000001 R12=dffffc0000000000 R13=0000000000000011 R14=0000000000000001 R15=ffff888027b99400 RIP=ffffffff81f55156 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000000d97a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffff0f0e0d0c ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000008 RBX=0000000000000000 RCX=0000000000000001 RDX=0000000000000005 RSI=0000000000000002 RDI=0000000000000004 RBP=ffffffff8b29c600 RSP=ffffc90022b07088 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000002 R11=0000000000000002 R12=0000000000000004 R13=0000000000000001 R14=0000000000000008 R15=ffffc90022b0716d RIP=ffffffff818e8ac0 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c200000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000557dff2ab000 CR3=00000000560d6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=69d4440169d44401 69d4440169d44401 69d4440169d44401 69d4440169d44401 69d4440169d44401 69d4440169d44401 69d4440169d44401 69d4440169d44401 ZMM22=7a08fa587a08fa58 7a08fa587a08fa58 7a08fa587a08fa58 7a08fa587a08fa58 7a08fa587a08fa58 7a08fa587a08fa58 7a08fa587a08fa58 7a08fa587a08fa58 ZMM23=92273c2692273c26 92273c2692273c26 92273c2692273c26 92273c2692273c26 92273c2692273c26 92273c2692273c26 92273c2692273c26 92273c2692273c26 ZMM24=7412462374124623 7412462374124623 7412462374124623 7412462374124623 7412462374124623 7412462374124623 7412462374124623 7412462374124623 ZMM25=2ce83c192ce83c19 2ce83c192ce83c19 2ce83c192ce83c19 2ce83c192ce83c19 2ce83c192ce83c19 2ce83c192ce83c19 2ce83c192ce83c19 2ce83c192ce83c19 ZMM26=e11ce04ce11ce04c e11ce04ce11ce04c e11ce04ce11ce04c e11ce04ce11ce04c e11ce04ce11ce04c e11ce04ce11ce04c e11ce04ce11ce04c e11ce04ce11ce04c ZMM27=d8588d3ad8588d3a d8588d3ad8588d3a d8588d3ad8588d3a d8588d3ad8588d3a d8588d3ad8588d3a d8588d3ad8588d3a d8588d3ad8588d3a d8588d3ad8588d3a ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=1a0700001a070000 1a0700001a070000 1a0700001a070000 1a0700001a070000 1a0700001a070000 1a0700001a070000 1a0700001a070000 1a0700001a070000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff816f9f2e RDX=ffff8880206e4880 RSI=ffffffff816f9f1c RDI=0000000000000001 RBP=000000000000005c RSP=ffffc90006c678e0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000002 R12=0000000000000200 R13=ffff8880206e2440 R14=ffffffff8c800c60 R15=ffffc90006c67960 RIP=ffffffff816f9f1e RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000001b674000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000004080 Opmask01=0000000000000000 Opmask02=000000000000ffdf Opmask03=2040000404420020 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe2494da30 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000ff0000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffffffffffffff ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3bad1e829a127622 737325386759d627 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737142 7373737373737373 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000564e70cd8200 44455a494c414954 494e495f43455355 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6f742079617272 6120656c75722079 7261726f706d6574 002a3f005b3f2a00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 000000003130323a 306963682f306963 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 48de6df1e9610551 0000564b142a29bb 00000000000003a1 0000000033346c6c ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 48de6df1e9610551 0000564b142a9748 0000000000000071 0000003177617264 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a3a263e383a3a26 39383a3a2638383a 3a263b383a3a263a 383a3a26493b3a3a ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000