last executing test programs: 10.349109769s ago: executing program 0 (id=1530): syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xffffffffffffff7c, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newtaction={0x4c, 0x1e, 0x109, 0x0, 0x0, {}, [{0x38, 0x1, [@m_mirred={0x34, 0x0, 0x0, 0x0, {{0xb, 0x12}, {0x4}, {0x6, 0x6, '\'a'}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x4c}, 0x1, 0x2b1e}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) shutdown(0xffffffffffffffff, 0x1) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$ax25(0x3, 0x3, 0xcc) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004040)={0x30, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@nested={0x8, 0x17, 0x0, 0x1, [@nested={0x4, 0x1}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x404c0c0}, 0xc000) 9.289942395s ago: executing program 3 (id=1533): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000020940)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) r6 = dup2(r5, r5) read$FUSE(r6, &(0x7f0000002fc0)={0x2020}, 0x2020) 9.004606724s ago: executing program 3 (id=1537): syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xffffffffffffff7c, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newtaction={0x4c, 0x1e, 0x109, 0x0, 0x0, {}, [{0x38, 0x1, [@m_mirred={0x34, 0x0, 0x0, 0x0, {{0xb, 0x12}, {0x4}, {0x6, 0x6, '\'a'}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x4c}, 0x1, 0x2b1e}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$ax25(0x3, 0x3, 0xcc) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004040)={0x30, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@nested={0x8, 0x17, 0x0, 0x1, [@nested={0x4, 0x1}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x404c0c0}, 0xc000) 7.25501033s ago: executing program 0 (id=1541): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket(0x1000000000000010, 0x80802, 0x0) bind$netlink(r1, &(0x7f0000000440)={0x10, 0x0, 0x0, 0x10004400}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1, 0x0, &(0x7f0000001100)=ANY=[], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) semget$private(0x0, 0x2, 0x6d3) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000240)=0x3) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x60, &(0x7f00001e3000)=""/30, &(0x7f0000d23000)=0x44) ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x7f) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x14}, 0x1, 0x8000000000000, 0x0, 0x10008090}, 0x8004) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) read$dsp(r3, &(0x7f00000001c0)=""/95, 0x5f) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) r5 = socket$netlink(0x10, 0x3, 0x4) write(r5, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) 6.209151121s ago: executing program 0 (id=1543): syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xffffffffffffff7c, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newtaction={0x4c, 0x1e, 0x109, 0x0, 0x0, {}, [{0x38, 0x1, [@m_mirred={0x34, 0x0, 0x0, 0x0, {{0xb, 0x12}, {0x4}, {0x6, 0x6, '\'a'}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x4c}, 0x1, 0x2b1e}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) shutdown(0xffffffffffffffff, 0x1) syz_init_net_socket$ax25(0x3, 0x3, 0xcc) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004040)={0x30, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@nested={0x8, 0x17, 0x0, 0x1, [@nested={0x4, 0x1}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x404c0c0}, 0xc000) 5.933319103s ago: executing program 3 (id=1544): r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = fsopen(&(0x7f0000000280)='ntfs3\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x24008094) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_SET_ADDR_RESOLV_ENABLE={{0x6}, 0x55}}}, 0x7) r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f0000000180)) write$dsp(r6, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) close(r2) 5.389754384s ago: executing program 1 (id=1547): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=']) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r1) sendmsg$NFC_CMD_DEACTIVATE_TARGET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r2, 0x501, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x41}, 0xc0) 5.389486504s ago: executing program 1 (id=1548): ioperm(0x284, 0x7f, 0xe3) socket$netlink(0x10, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) readv(r5, &(0x7f00000007c0)=[{&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000680)=""/83, 0x53}], 0x2) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'ip_vti0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, r6, {0x0, 0x3}, {0xffff, 0xffff}, {0x2, 0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24040800}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xc, 0xb, &(0x7f0000000b40)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000022020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r7}, 0x18) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94) r9 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10) r10 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r10, &(0x7f0000000440), 0x10) listen(r10, 0x0) r11 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r11, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) sendto$packet(r11, &(0x7f0000000600)="5f0efc", 0xfffffffffffffe4c, 0x44, 0x0, 0x0) close_range(r9, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) readv(r2, &(0x7f0000000c40)=[{&(0x7f00000003c0)=""/7, 0x7}], 0x1) r12 = memfd_create(&(0x7f0000001240)='[\v\xdbX\xae[\x1a\xad\xd1md\xc8\x85HX\xa9%\f\x1a,\xe2\x9c\xb4\xd7\xbc\xf1\xb3\x86\xe2/Op\xd0\xa2\x82\x1eb;(\xb5\xe1j\xc8\f\xe5\x89\x17\xee|J\x90=5\xed\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q%\x8a\xda\x05\x00f\xe3j%\x00\x00\x1c#\xc6\xd8\xdbD\x92P\xe16W\x10\xdau\xc7\x8f\xaa\x8d\xa9\x97\x9d\xcb\x1e\x80\xe7\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\xbdD\xcc\'\xa2\xaf`\xf6L\x0e\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecM\xe4H\xb7\xaf\xa8\x96dh\xa9\xab > \xac\x00O^\x14\xcbv\x17Hkb\xe7\xcb\x9d;\xd2\x9f\x05\xd1\x00\x8b\xd3\x9f\a\x99^v\xf7\xfa\xe5\xf0h\x87l\xd9\x15\xd2\x87~?\xb1\x9d\xc1\x92`\x8a\r\xfc\xeb\x14\xd1\x94\fv\x8a\xe3\x1d\x0fj}\x9f\xedsc\xd3\xee\xe6cXw\xa1\xbc\xd0o\xf9\x9cJ\b\x00\xd8;\\ik0+\xc8\xf2\x87\xdf\t\x97\x9dB\xc1\xa0\xa71\xf25GU|]A\x1eel \x8ff\xc6\nt\xd0\x91\x9d\x8c\xa4\xe5\xde\x06\x00\xffE\xf4\x96#\x92-9\xe5\xa7\xf8%\xb0I\xd4\x91r\xbf\x1bOS\xee}\x16\x87\x05\xf2\xb9\x81\x14\xe2NZ\\I\xd0[\xc4\xf2\"\x87\xf5\xb8\x95.M\xb1S\xbd\xe4i\x00\xc1b\t]?}0\t\xebV\xbci\xa5\x05\xca\xb6\xc22\x7fL\x89&\xa0\xcfMULr0rs\xb4\n\xa6)\xe23\xf0\x8d\x9dO\xb9\xc9\x83\xabS\x013\"\x1b\x97K\x17\x16\x89\a\xee\xc903\xad\x15\x1cH\xd2\x95\x91\xb4$\x1b\xbf\xaf\xf5\x9b\xc2\x85\xe7[\xe5\xfb}\x1d@f2\x11\x13Y\x98\xa4\xecWEE\x9eI\x05\v\x11\xad\x93!^T\xe5N\xf6LI\x9a6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\x1a\xc9(a\x06>g\xe5\x00:\x9au\xef\x14\t\x1f8E\x86\xcb\xd0e\x17\xfb\xc1', 0x1) fsetxattr$security_ima(r12, &(0x7f0000000080), 0x0, 0x0, 0x0) 4.638616389s ago: executing program 2 (id=1549): sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000100}, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000380)=0x0) syz_io_uring_setup(0x5e2, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r2, 0xa3d, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x17, 0x7, 0x0, 0x1000, 0x0, 0xffffffffffffffff, 0x2a, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = dup(r5) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) sendmsg$inet6(r5, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x6, @private1, 0x8}, 0x1c, &(0x7f0000000340)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) sendto$inet(r6, &(0x7f0000000400)='X', 0x1, 0x8884, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e24, @local}}, 0x1000000, 0x0, 0xffff1896, 0x1, 0x25, 0x800, 0x1e}, 0x9c) r7 = mq_open(&(0x7f000084dff0)='!sali\x1cqxte&\xac\xe87x\x00', 0x6e93ebbbcc0884f2, 0x12e, &(0x7f0000000300)={0x0, 0x1, 0x7}) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) memfd_create(&(0x7f0000000040)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t%\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c\x87\x1e|C\xd8\x01\xd0\xf5\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajnW\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x90) write$cgroup_int(r9, &(0x7f0000000000)=0x500, 0x12) sendmsg$nl_xfrm(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="fc0000001900010000000400fcdbdf2500000000000000000000000000000000fe8000000000000000000000000000bb00000000fffc00000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000083d440fa38921b779403000000000400000008000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000c2d1eb00000000440005007f00000100"/104], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) lseek(r7, 0x4, 0x0) mq_timedsend(r7, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r7, 0x0, 0x0, 0x0, 0x0) 4.420191999s ago: executing program 1 (id=1550): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095", @ANYRES64=0x0], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="400000004900150927bd7000fcdbdf250a008000", @ANYRES32=0x0, @ANYBLOB="04000000080002000c0000001400010000000000000000000000000000000000080002080c0000005a809a6c58ae51b3bdc70acc5425252fa35c880dc2033764650408f99e0cbb26040e8feb90e30719e52ef8f4ac453ee09f0935a44dd52c069c55fe96304a9d8844260617eedf1f749f7d53ba5e88686a"], 0x40}, 0x1, 0x0, 0x0, 0x24004080}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000a00000000000000ff0100000000000000000000000000010000000066ba35fa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024f500000000000000000000100000000000000000000000000000000040"], 0x90) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) socket$kcm(0x2, 0x200000000000001, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x6}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$MRT6(r6, 0x29, 0xce, &(0x7f0000000180), &(0x7f0000000300)=0x4) syz_open_dev$sndmidi(0x0, 0x2, 0x141101) syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4533, 0x10100, 0x0, 0x24c}, &(0x7f00000001c0), &(0x7f0000000280)) socket$rds(0x15, 0x5, 0x0) 4.350171831s ago: executing program 2 (id=1551): openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x404000, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x14, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0xe}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) bind$alg(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[], 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_emit_ethernet(0x0, 0x0, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000340)={'\x00', 0x9, 0x9, 0xfffffffe, 0x2, 0x5}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) prctl$PR_SET_KEEPCAPS(0x59616d61, 0x1ffffffffffffff) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) ioctl$sock_ifreq(r2, 0x891d, &(0x7f0000000180)={'veth0_to_batadv\x00', @ifru_addrs=@in={0x2, 0x4e24, @private=0xa010102}}) close(r0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x1d) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) 3.50050861s ago: executing program 1 (id=1552): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket(0x1000000000000010, 0x80802, 0x0) bind$netlink(r1, &(0x7f0000000440)={0x10, 0x0, 0x0, 0x10004400}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1, 0x0, &(0x7f0000001100)=ANY=[], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) semget$private(0x0, 0x2, 0x6d3) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000240)=0x3) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x60, &(0x7f00001e3000)=""/30, &(0x7f0000d23000)=0x44) ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x7f) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) read$dsp(r3, &(0x7f00000001c0)=""/95, 0x5f) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) r5 = socket$netlink(0x10, 0x3, 0x4) write(r5, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) 3.340089252s ago: executing program 2 (id=1553): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000340)='mm_collapse_huge_page_isolate\x00', r1}, 0x18) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$cachefiles(0xffffff9c, &(0x7f0000000100), 0x40, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000300)={r5, &(0x7f0000001700)="204c63651dba6f81c16d6d389aa32c0cb4ce53d8c5105af4d46ce4afa727a24ed317e6a8f43a32b2dd02a87381893d7743c436d84ad670d6cab725f1d0fea4748ad4aabd34171641da9fe2638ec6350b65e71d42807fcb4819c9124b6ce6d659dc72eaf37486dcff40bf114b030771baab90c7bdd80e56eaaf3aa44f4b65661137fef68291932eb679ee4490267f3ea10605e729cc7457894a111cafec304acd0860960f84a01569c3801bf00dff152569288b2d82d856ce2f1682c887502d20b03b0c42468ac25b6a51a5e0b8ca4d49431c17754fc8ea88cd0a1aed1744756468c953b325e30d023cc2c15a8d8ba872351a9a9a5a7cbfd1d214137b9b5feda9178d2e6d247296ad9b60f61b11af8a40bf5f3e02f0a92781e92a4fea074dd5729738456e9c0fe4611094069d636fce4ee98fa4683abf3de692bd4947e8ec5a5e874f3b59a05e42319040c05116390c2d69acf5e0d22d0d4a4e49d723f7f78f17da7ab8f0792805ca02ffcdfc53a2337253a7d8c580a50da407e28d81471cc316ca41120d40ea7bc0ae06a8e1b1b07f2dca350dff9922a6994938dc57218f010ae9cdf09b53f8f87c255f8e71f3700cef94af33926306d2a5297b58d762cc685d2245f84a9fa2da4e58186fd8ff44c48675d3bd86e141a6dc81bf757de4f605a14812c86e5843bd1de45f7fa5b790ab135446811f8439c163aa1a7ae7054525249359fe1e61d598cf30565759e5b818332839410a5dda4d2cd57d157239128ff007eaf52b0f5e901e874b1a447fcab8304e81a334ce6bd745b0cae1e2aa7080e9ba584ddb3fddfd0aad19c6d4b6377c481c774bf6312600017698042224da4a2d79cd12129a41afcfb7bb8272c6230444e62e537e00d31cd936e6ae7523f5f0078a3a4fcc00b358eba7b0550f0b849407da01195ce3b1c04678d3f879df5624090175f34216b06481382c9b6a1d579a66f2070f701b1e41114638aafa58cac9e9627fa2a7183f0512643ac65bdfd38713ede903d058f68d8a88fc67ba3d6655fc856c564e1a0ff81fcbc64f9bfc23980ba6303b95e3b0cc072e000e6bd5015db374eb5606c099a285e4c50b87e71b6b8f4c1e8681f6b7a4c7e6b21fdeaa12d9c96f357b87942036b87d7b5ecd3c875cd20c1e6044f4fae65e28a1393288f42e20f9a235c818dc6d140872246f6e52e2b60455f3a758ffaecf1fc0946234a3e193d54ae47068c8d49b626cb316d2ae1b0a8cb8d002bbc2c298f907a58ac09c969b7d2b9cf08de5342d6e3c8412e4f243da962ea38a8b3e99eaa8f0f73efb66e31c56155ababb25e2508638240eb2ec838eb5f655c56f24fab2cb104f9361ad6f75e0abf7889920e943101334fe9c8b3c1d903b44234c26e40df5f2bc0e78a3e95154fff744bbd4b63b9030de186abc932032926bef71c1a84158a71d712afd2e82d897cc8f8ddb2cf167bc7202dbe2f1f263a77dba0c923fcb013c9d6d544f788ed545682523d106fddf558a1f236e994f9c2cbc5dc93bfcb778f2f842c44129a5e4d58db887b117cbbda846f1c2330783677bc2b902d93f182f82592ab49376760f0274547cf0cedf26761a7a1a4cd70acc1754424ab6f5aa1977deed28619f22f482e3df604ce049e4144c245478cce51d20606b5b652be5f7501f2e8365dbfe32e40ae267894846046ec4ae7677aeff93a20b8ce1bc2758e98b5a48e9fd19fd5cc709f0071ff3b26d4d8316b666f155a33429f85cb6fa202abf8857f48d93c758e00744d7a4118bbd4b01c8930caac4526e5cdbf57c1a2e0e88aabe6f8fc6959525d482a0d542e16ef4123bc8c4632089e808e7aecfec722a12b7cacca5cb5471064e96fa11a5a406c7987d41db626677d916c11bb05c8ffa4710c785796b1ebcf27bd66cc15bc87dc88df5665c4dcfd6206a706854b946cbcb141cf31fe77b6fbe818253a45f24dd3a0a40462023c39496836a0c21b8b4914654c48df415463f489ee962806f722677451b758533ac4154c6d8d947ab09ea1e47d4188398c68752e97847c97933571cbf8d80651bdf53258b63e11559670798d1f852570a844a78127455b65889c59ca12df70507a6b52ccac5b2c9b7edba13d843b34c016f813f24b7dd91e3685caed26c4938672af5fb6a9382708fba7cb489fd2e762801d9ad291801d8cda06733975daaf31e7c8cebeb44a79a880ef1be8774e8373a44cb8170a1089713fd865e10545608c35c8fb62a9bbcde1f9a97c3d610202b2db7666f1dd195d2ecedc0d8607b8419999db127e2ed981503b3709b39b8f394df2567a2aff84c954620033dceefffe5124a23ec788d15937060617ba85e90bfaef908fdbba73c131e980a1c6577322643b272fca668255f38e7651fba095d9e2b1881cf0d4e8af11269b1310f0908200700424a0ceb5287e1a9b6b1477421f7dc2be2c77a0853b0f480dd2113eb452962d79b9eba5c2a4a607101a38aca8e9727fc28990b2a1193139c0206372cbb80321e90e1ab801c0876dbb97cdd55d225379a0e00ded21dcbb693294163ff74dd76bca3e53a0bd42830b62bc17c815ac4f07a4495dcf2639a4df55b74d53edada8ddd78f479cc5702b83dbc0eb605e1e9cf1b3d97fa0140ce6adce5998c691dcaef8025c24a134eaf01fb766a96cf0a4aaf2fc385aa83c2daf671a882d6027d57b4680d6f895ec838087032ba089a95ca3984507183729fba377728f9f9e93af22626d21ebfd75899a218df1ae3ebf09e45ffa5eed312298028b6aff2142066aa6e0138ec4076a24337de34c64d0329ef9b76bec3cc5f8fb2abbfe3c0f18e9444ba70c1653287290c6586c632e5a1e05b6fa2203a881ddd9abc86e946bfff50c2436951ef71e572bd9dfeba49db50b05447b971795af249963ccdf878095ebbee048ac09a63c0e87633bd2cfa39b5577f61c034b5598fc12cb2f553cdef7486626aa6a60e5a8ebc1b88070933b8888bdb4a0e1d9dab565d3b6b14ec8f7b003d4814c517a82a7d71cf88e7916f96badf45cbc92d4fdb4beb1b50682e0ec740c328c73b1baec9511d4ae8e82f2ff6bf39b79b7fe97e1192f5db358ecf430e5ea35927c83a7a0c3f51be55cf3afe09191567a98c95f0f054a9448662f0409568058a3bf62788db6b282c339851e9ab07b445d0d5a4e8e58c0be9633b1c03b64ce83b3abe633651e2f200130c3b8b1f824d423dc36e7d0d6f9b48a56fa22baa18c7230de29ec6a2ae7c158121a5a3501c9d7bdac4395e3efbd684264f2fca52e370b75489047d64ad792b3ff27e3fec2a559719e6523aa2b770dcf610de40e67fdeb957fd5fee1284d9229eb499dd977d0bad5f933fb1396c22cfb78a0d40607309bdfadaf0c81dc85fd4162491c9e54d2574e223c6f67a47482763b128f46e0b9755026eae685aaf741cd27b2aaa8f2205b3a20bd1f7a12dec6a40445d046dd09ac7941474634b6894ad18f29c8548ef487375655f357b4d0ebc9b3b68c76726e404e7cf4fdf033e04aa40fccd870fa0b3b4b9ff7bd20b9e461f9edc1a28eb285f69addd452d46adc5135996f5249d4b1721bf8a30e6a9f19c2a773b0534755974736910e12d5465083d60858a86179bb60d23b3d171d9cc2ea4cb3114bac4b6c60c7d13b179d4e13f0e635b157dcd7bd30c2d124dd1dcf46025ea23b370cd816f1008db4c85c2ccc4d663bc43c4e1c6da4e5b7837e70bef1e96a888fb58dce73f4e17b083b197ac29bfce72d4e89110c751776c534bbb665e9ba10e9c9a27a03b2affa2bd2ab662be7be58fab61a9c68bf915362407f71bdc27122549191f15846f59491a2b855d4875714978158df9ace4d5b2b120b9a9a4ffc20482178585385c398d0d8ab2ec1c96a32caafe81476cafce151e2a2bee5a54136e0b94c8d2c97aefd4ae452429e92e08ce0b11e725dffbe9975c56c03c88fba128d9048240a53feaf9053d26fab0f2fab23a0e4d8ac11d00fe00d282feaa8fa051c51fef1c25f2034b3bacdc02f9623d1c1ac0c279fb96e221fc9606e0caa34a7f5ecbcab5b70ecb90499eb3cff4733125aed3f21bc4add3775959f45e14694505e8eddca8eae830f93eda958805a0b84e2b4b747a631a13500ec2ad6e314f0efd3c26cc01c81bda7be9b7f835929e8e204e89c57d38551051dd60e1273fb48cc4cf91e1877fe3f67424378bd13d7bdbab03e0962ac3e30399fb5498a82d00007f8ad98997b6a7bec57bcfe8197dba2354ce6765abfa1b7fff8388d1fb148048cb20190a199d6e1e7c7d78da9f0a2cd03d199ab6cd866b86c0cb4f7311932a7365d279e281ec740f5dfaa8bf54eaa1ee3eae22f4cab31aa4492e808a34b64b2d6279a235318fa8ed4fde031087a9ea8c6dd8d5c0a2d0dff17f1d474b2221973e584506e821e2a974274f4243cbf324393fa3fb17e1d77698fb77f2904ffa6caf3759232d668f2dbdb5a4adbffd9c75efcf8cff8892b60d9b016b18a6c42dd0d1cd09f0023b86e02dc4c9e3a3ec7d94aa237b0aa2a00ef62e274cc6ac585a7cc241901c0a348d41315dd6a02ca6fda271d088b058bbd5db5b2e5c3027aa68e603d604e0c8d679da94874a9200c167fb72d4671cea50e82d131110373647b41fc8c0eef508a1d5f9bd3c293aea9077fa0ff32dc9df9512b2a443847494b7c61c52195638af3b3de0b5a0ec51adbb860574ec7b60728f66c127c17db4516354ada6705634a82c27eca7b2d3e16da7cb5a78d761fbeaa1e15dbe0b7a0af26adbbc599702a0a8891cbfb39fc54270355129654a692c2bc71ccb41d17e0f7fccc6954c1344253cbc21c1709d389dec4041f41ee946a7adee848f2bbe8727ac6a8d3cc6b4ef7b1bae84b959d7ae481a9f266becec8dcb69fdd26801295bd0c36e8fc71309ef45bf5aaed98677c6ff95a0cb8ca270158337cee261b88ab6cbfe411043a85abe645942a406d59a08f2b92c4a20352f22795a2bf08d2aa249f700311176f9aefb341eb26cc2a9fdc9096cc8e643401749b37341f7e64b9b9d0b62294404bedf850e515f790927c97a1046d232a2c855faed63721f407ab0f484f9dbbb8684ffc504f729372487a29065cdcf1e780174d7bbdfa247a6ec2a3aa5dc8227132598f16b14871000d93b8454aafd97acfa7231b96e2ff5a3807fef3853045fc58f38c34cae183c2c293c793e646a6db4d3fa3538f0f0d6c50b9f1ec3d2a38c6f56988c7bd93c9772df0ac298ae565519aa9f8aaf1deb8d7639771efa6a3c3665c331f375ec4ca74790506c9f9bb792c907b604062797d146d4fe69574f900d7ac4fc9442eac7fba0175d3876c99ab6ff12355947f70f4f3f0840b2aeb7e7fc1cee3e1f24b4e10c1e52f486ede47dc5bc9a75b99ed42ca89aeaf6c37561c745a885d13354e801822943223cc9b160ccb6d44790ddca273bd43784faa1baaeb93678cc35c2c3dc4cb3c8c442f54661d72e5bec1bb055df574b3697d9c6ad82efe738f06ae05db49c05e315652435547c37075262d001273ab4435eb0190c701aeac551abe0f5ab0faa436dd19cf4d909d3b20b9836db14da63eda6f0cba1b8171324292fdd6417dd7d77df818c6a9dfd0446b893761dbb9a557d5914b4038a12aeb1ad4032383aab4115feb98f2fbc669caf2c5e1f3d0917e8190e60ec6b614cdfdc4bdc41c2485842e40d9c569791842b640aa442306f57275e9f84e5e156d77db401b075f57cc9a917b688cd4edd52e9087b098921874a0e47adc4495b7445d8c589bb78f882052f12b1f558162d54e7189a546a22cb623ab3fa", &(0x7f0000000280)=""/10, 0x4}, 0x1c) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0) socket$netlink(0x10, 0x3, 0x0) r7 = socket$packet(0x11, 0x2, 0x300) setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f0000002900), 0x4) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) r8 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000040)={0x1, r9, 0x10000000, 0x80000005, 0xb, 0x1fb, 0x1}) close_range(r6, 0xffffffffffffffff, 0x0) 3.130155829s ago: executing program 2 (id=1554): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000020940)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) r6 = dup2(r5, r5) read$FUSE(r6, &(0x7f0000002fc0)={0x2020}, 0x2020) 2.973770567s ago: executing program 0 (id=1555): r0 = socket$kcm(0xa, 0x2, 0x73) close(r0) openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x121040, 0x0) socket$igmp(0x2, 0x3, 0x2) openat$fuse(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[@ANYBLOB="300000000101010100000000000000000200000008000340000034021400198008000100150100000800010084090000"], 0x30}}, 0x0) r2 = openat$ptp1(0xffffff9c, &(0x7f0000000180), 0x82401, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000ac0)=[{{&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000100), 0x0, &(0x7f0000000200)}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000140)=""/34, 0x22}, {&(0x7f0000000740)}], 0x2}}], 0x2, 0x0, &(0x7f0000000b40)={0x0, 0x3938700}) ioctl$PTP_SYS_OFFSET_PRECISE(r2, 0xc0403d08, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x3) mount$bind(0x0, 0x0, 0x0, 0x101091, 0x0) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x401, 0x0, 0x0, &(0x7f0000000480)=""/74}) 2.179930018s ago: executing program 2 (id=1556): sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000100}, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000380)=0x0) syz_io_uring_setup(0x5e2, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r2, 0xa3d, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x17, 0x7, 0x0, 0x1000, 0x0, 0xffffffffffffffff, 0x2a, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = dup(r5) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) sendmsg$inet6(r5, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x6, @private1, 0x8}, 0x1c, &(0x7f0000000340)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) sendto$inet(r6, &(0x7f0000000400)='X', 0x1, 0x8884, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e24, @local}}, 0x1000000, 0x0, 0xffff1896, 0x1, 0x25, 0x800, 0x1e}, 0x9c) r7 = mq_open(&(0x7f000084dff0)='!sali\x1cqxte&\xac\xe87x\x00', 0x6e93ebbbcc0884f2, 0x12e, &(0x7f0000000300)={0x0, 0x1, 0x7}) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) memfd_create(&(0x7f0000000040)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t%\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c\x87\x1e|C\xd8\x01\xd0\xf5\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajnW\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r9, &(0x7f0000000000), 0x400000000000041, 0x0) r10 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x90) write$cgroup_int(r10, &(0x7f0000000000)=0x500, 0x12) write$cgroup_int(r10, &(0x7f0000000080)=0x4078c1d5, 0x12) sendmsg$nl_xfrm(r8, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x0) lseek(r7, 0x4, 0x0) mq_timedsend(r7, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r7, 0x0, 0x0, 0x0, 0x0) 2.179490643s ago: executing program 3 (id=1557): sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000100}, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000380)=0x0) syz_io_uring_setup(0x5e2, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r2, 0xa3d, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x17, 0x7, 0x0, 0x1000, 0x0, 0xffffffffffffffff, 0x2a, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = dup(r5) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) sendmsg$inet6(r5, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x6, @private1, 0x8}, 0x1c, &(0x7f0000000340)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) sendto$inet(r6, &(0x7f0000000400)='X', 0x1, 0x8884, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e24, @local}}, 0x1000000, 0x0, 0xffff1896, 0x1, 0x25, 0x800, 0x1e}, 0x9c) r7 = mq_open(&(0x7f000084dff0)='!sali\x1cqxte&\xac\xe87x\x00', 0x6e93ebbbcc0884f2, 0x12e, &(0x7f0000000300)={0x0, 0x1, 0x7}) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) memfd_create(&(0x7f0000000040)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t%\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c\x87\x1e|C\xd8\x01\xd0\xf5\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajnW\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r9, &(0x7f0000000000), 0x400000000000041, 0x0) r10 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x90) write$cgroup_int(r10, &(0x7f0000000000)=0x500, 0x12) write$cgroup_int(r10, &(0x7f0000000080)=0x4078c1d5, 0x12) sendmsg$nl_xfrm(r8, 0x0, 0x0) lseek(r7, 0x4, 0x0) mq_timedsend(r7, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r7, 0x0, 0x0, 0x0, 0x0) 2.033933471s ago: executing program 0 (id=1558): ioperm(0x284, 0x7f, 0xe3) socket$netlink(0x10, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) readv(r5, &(0x7f00000007c0)=[{&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000680)=""/83, 0x53}], 0x2) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'ip_vti0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, r6, {0x0, 0x3}, {0xffff, 0xffff}, {0x2, 0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24040800}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xc, 0xb, &(0x7f0000000b40)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000022020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r7}, 0x18) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94) r9 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10) r10 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r10, &(0x7f0000000440), 0x10) listen(r10, 0x0) r11 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r11, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) sendto$packet(r11, &(0x7f0000000600)="5f0efc", 0xfffffffffffffe4c, 0x44, 0x0, 0x0) close_range(r9, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) readv(r2, &(0x7f0000000c40)=[{&(0x7f00000003c0)=""/7, 0x7}], 0x1) r12 = memfd_create(&(0x7f0000001240)='[\v\xdbX\xae[\x1a\xad\xd1md\xc8\x85HX\xa9%\f\x1a,\xe2\x9c\xb4\xd7\xbc\xf1\xb3\x86\xe2/Op\xd0\xa2\x82\x1eb;(\xb5\xe1j\xc8\f\xe5\x89\x17\xee|J\x90=5\xed\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q%\x8a\xda\x05\x00f\xe3j%\x00\x00\x1c#\xc6\xd8\xdbD\x92P\xe16W\x10\xdau\xc7\x8f\xaa\x8d\xa9\x97\x9d\xcb\x1e\x80\xe7\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\xbdD\xcc\'\xa2\xaf`\xf6L\x0e\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecM\xe4H\xb7\xaf\xa8\x96dh\xa9\xab > \xac\x00O^\x14\xcbv\x17Hkb\xe7\xcb\x9d;\xd2\x9f\x05\xd1\x00\x8b\xd3\x9f\a\x99^v\xf7\xfa\xe5\xf0h\x87l\xd9\x15\xd2\x87~?\xb1\x9d\xc1\x92`\x8a\r\xfc\xeb\x14\xd1\x94\fv\x8a\xe3\x1d\x0fj}\x9f\xedsc\xd3\xee\xe6cXw\xa1\xbc\xd0o\xf9\x9cJ\b\x00\xd8;\\ik0+\xc8\xf2\x87\xdf\t\x97\x9dB\xc1\xa0\xa71\xf25GU|]A\x1eel \x8ff\xc6\nt\xd0\x91\x9d\x8c\xa4\xe5\xde\x06\x00\xffE\xf4\x96#\x92-9\xe5\xa7\xf8%\xb0I\xd4\x91r\xbf\x1bOS\xee}\x16\x87\x05\xf2\xb9\x81\x14\xe2NZ\\I\xd0[\xc4\xf2\"\x87\xf5\xb8\x95.M\xb1S\xbd\xe4i\x00\xc1b\t]?}0\t\xebV\xbci\xa5\x05\xca\xb6\xc22\x7fL\x89&\xa0\xcfMULr0rs\xb4\n\xa6)\xe23\xf0\x8d\x9dO\xb9\xc9\x83\xabS\x013\"\x1b\x97K\x17\x16\x89\a\xee\xc903\xad\x15\x1cH\xd2\x95\x91\xb4$\x1b\xbf\xaf\xf5\x9b\xc2\x85\xe7[\xe5\xfb}\x1d@f2\x11\x13Y\x98\xa4\xecWEE\x9eI\x05\v\x11\xad\x93!^T\xe5N\xf6LI\x9a6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\x1a\xc9(a\x06>g\xe5\x00:\x9au\xef\x14\t\x1f8E\x86\xcb\xd0e\x17\xfb\xc1', 0x1) fsetxattr$security_ima(r12, &(0x7f0000000080), 0x0, 0x0, 0x0) 2.026244905s ago: executing program 1 (id=1559): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket(0x1000000000000010, 0x80802, 0x0) bind$netlink(r0, &(0x7f0000000600)={0x10, 0x0, 0x0, 0x10004400}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000240)=0x3) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0)) sendmsg$inet(r3, 0x0, 0x800) read$dsp(r2, &(0x7f00000001c0)=""/95, 0x5f) 1.678791419s ago: executing program 2 (id=1560): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x12) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(r3, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) close_range(r4, r4, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r2, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f00000000c0)=0x6f) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) getpgrp(r5) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/ipc\x00') syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/ipc\x00') sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@newlink={0x38, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x6, 0x0, 0x0, 0xffffff81}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x38}}, 0x0) 1.160218115s ago: executing program 1 (id=1561): openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x404000, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x14, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0xe}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) bind$alg(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[], 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_emit_ethernet(0x0, 0x0, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000340)={'\x00', 0x9, 0x9, 0xfffffffe, 0x2, 0x5}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) prctl$PR_SET_KEEPCAPS(0x59616d61, 0x1ffffffffffffff) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x82001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) close(r0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x1d) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) 1.079897063s ago: executing program 0 (id=1562): socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x139b41, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) socket$nl_generic(0x10, 0x3, 0x10) openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x101403, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f00000000c0)={0x0, 0xc000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000000)) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0xb49, 0xd, 0x7, 0x0, 0x3}, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000001c0)={0x0, 0xffaa, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0xa, 0x0, 0x0, @mcast2}, r7}}, 0x48) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r8, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000400)=0x1, r9, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @remote}, r9}}, 0x48) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000009, 0x15031, 0xffffffffffffffff, 0x0) 975.759722ms ago: executing program 3 (id=1563): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket(0x1000000000000010, 0x80802, 0x0) bind$netlink(r1, &(0x7f0000000440)={0x10, 0x0, 0x0, 0x10004400}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1, 0x0, &(0x7f0000001100)=ANY=[], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) semget$private(0x0, 0x2, 0x6d3) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000240)=0x3) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x60, &(0x7f00001e3000)=""/30, &(0x7f0000d23000)=0x44) ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x7f) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x14}, 0x1, 0x8000000000000, 0x0, 0x10008090}, 0x8004) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) read$dsp(r3, &(0x7f00000001c0)=""/95, 0x5f) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) r5 = socket$netlink(0x10, 0x3, 0x4) write(r5, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) 0s ago: executing program 3 (id=1564): syz_emit_vhci(0x0, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r1 = dup(r0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$bt_hci(r2, &(0x7f0000000580)=ANY=[@ANYBLOB], 0x8) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) read$alg(r3, &(0x7f0000000200)=""/96, 0x60) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write(r5, &(0x7f0000000700)="f5", 0x1) splice(r5, &(0x7f0000000040), r4, 0x0, 0x6, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="5800a2206dd60500000000000000f7a5cd095d38044d0780053b7de07da001588d00010006000000050005000ffa000005000400000000000900020073797a33289600005a4b57ed75a9f7b545b8a2000000001100ccfeabe76ba6dace0300686173683a69702c02000000000000006119a2447c3378170b05ec6be715a22321be523355d9833f5dbc2daedc60f1ee1f362fa7412a0af28d7938bf4e25454d7953cba1eafccacf4d50b35f9a14f3a8fee93024e611123261970dd9df6a4aea6b026bb671b29f00a64605511570628a7fff88252624c9beaf08b13580aa5af52b5d669e1f763a54e059c7683363d851df437bbe533ebc451072a0640bed5cfbb8f7"], 0x58}}, 0x6000080) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000900000000000000050000009500"/40], &(0x7f0000000140)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10) r8 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f0000000000)={0x80, 0x5, 0x10009}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r8, 0x100000) timer_create(0x3, &(0x7f00000002c0)={0x0, 0xb, 0x2}, &(0x7f0000000300)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) ioctl$KDSETLED(r7, 0x4b32, 0x1000) openat$fuse(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') preadv(r9, 0x0, 0x0, 0xfffffffd, 0x8) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c881}, 0x0) syz_init_net_socket$llc(0x1a, 0x2, 0x0) r10 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r10, &(0x7f0000000040)={0x24, @short={0x2, 0x2, 0xaaa1}}, 0x14) kernel console output (not intermixed with test programs): r=1, Product=2, SerialNumber=3 [ 410.229244][ T54] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 410.617662][T11673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1094'. [ 411.008342][T11677] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1095'. [ 411.453388][T11684] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1096'. [ 411.605087][T11130] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 411.755126][T11130] usb 6-1: Using ep0 maxpacket: 16 [ 411.758273][T11130] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 411.761703][T11130] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 411.764768][T11130] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 411.769131][T11130] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 411.772047][T11130] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.775827][T11130] usb 6-1: config 0 descriptor?? [ 412.182139][T11130] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 412.184384][T11130] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 412.186817][T11130] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 412.189091][T11130] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 412.191272][T11130] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 412.195763][T11130] input: HID 0955:7214 Haptics as /devices/virtual/input/input54 [ 412.203740][T11130] shield 0003:0955:7214.0006: Registered Thunderstrike controller [ 412.208004][T11130] shield 0003:0955:7214.0006: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 412.385811][T11683] random: crng reseeded on system resumption [ 412.392150][ T6036] usb 6-1: USB disconnect, device number 10 [ 412.510985][T11689] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1098'. [ 412.590945][T11513] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 412.594469][T11513] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 412.598093][T11513] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 412.601566][T11513] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 412.616848][ T54] usb 7-1: USB disconnect, device number 8 [ 413.185589][ T5332] Bluetooth: hci1: unexpected event for opcode 0x202d [ 414.410026][T11734] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1105'. [ 414.780265][T11739] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1107'. [ 414.915199][ T6438] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 415.065258][ T6438] usb 5-1: Using ep0 maxpacket: 8 [ 415.068645][ T6438] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 415.071980][ T6438] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 415.075781][ T6438] usb 5-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 415.079826][ T6438] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 415.082641][ T6438] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.099905][ T6438] usbtmc 5-1:16.0: bulk endpoints not found [ 415.385122][ T34] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 415.555051][ T34] usb 7-1: Using ep0 maxpacket: 16 [ 415.558947][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 415.563396][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 415.568575][ T34] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 415.573757][ T34] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 415.577730][ T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.582210][ T34] usb 7-1: config 0 descriptor?? [ 416.117478][ T34] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 416.119778][ T34] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 416.121958][ T34] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 416.124145][ T34] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 416.126372][ T34] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 416.130783][ T34] input: HID 0955:7214 Haptics as /devices/virtual/input/input55 [ 416.152060][ T34] shield 0003:0955:7214.0007: Registered Thunderstrike controller [ 416.157284][ T34] shield 0003:0955:7214.0007: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 416.215390][ T60] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 416.220642][ T60] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 416.224355][ T60] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 416.229068][ T34] usb 7-1: USB disconnect, device number 9 [ 416.231095][ T60] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 416.829840][T11776] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1114'. [ 417.328515][T11786] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1116'. [ 417.685072][ T34] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 417.742900][ T54] usb 5-1: USB disconnect, device number 11 [ 417.845099][ T34] usb 8-1: Using ep0 maxpacket: 8 [ 417.848172][ T34] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 417.851040][ T34] usb 8-1: config 0 has no interface number 0 [ 417.853310][ T34] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 417.857318][ T34] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 417.861120][ T34] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 417.864902][ T34] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 417.870218][ T34] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 417.873418][ T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.879145][ T34] usb 8-1: config 0 descriptor?? [ 417.901036][ T34] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 417.962580][T11800] random: crng reseeded on system resumption [ 418.258383][T11792] netlink: 'syz.3.1119': attribute type 7 has an invalid length. [ 418.261271][T11792] netlink: 'syz.3.1119': attribute type 8 has an invalid length. [ 418.597600][T11805] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1124'. [ 418.954803][T11811] hpfs: Bad magic ... probably not HPFS [ 419.148481][T11807] Invalid source name [ 419.149923][T11807] UBIFS error (pid: 11807): cannot open "./file0", error -22 [ 419.360981][ T5332] Bluetooth: hci2: unexpected event for opcode 0x202d [ 419.705220][ T60] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 419.855121][ T60] usb 5-1: Using ep0 maxpacket: 8 [ 419.858613][ T60] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 419.864524][ T60] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 419.868304][ T60] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 419.871741][ T60] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 419.905362][ T60] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 419.909048][ T60] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 419.912499][ T60] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 419.917428][ T60] usb 5-1: config 168 interface 0 has no altsetting 0 [ 419.920985][ T60] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 419.923243][ T60] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 419.927222][ T60] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 419.930772][ T60] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 419.934274][ T60] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 419.938642][ T60] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 419.942375][ T60] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 419.946299][ T60] usb 5-1: config 168 interface 0 has no altsetting 0 [ 419.949598][ T60] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 419.951712][ T60] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 419.957086][ T60] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 419.961053][ T60] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 419.964401][ T60] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 419.967699][ T60] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 419.970900][ T60] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 419.974630][ T60] usb 5-1: config 168 interface 0 has no altsetting 0 [ 419.979090][ T60] usb 5-1: string descriptor 0 read error: -22 [ 419.980883][ T60] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 419.983377][ T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.992581][ T60] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 420.493669][ T7861] usb 8-1: USB disconnect, device number 9 [ 420.497600][ T7861] ldusb 8-1:0.55: LD USB Device #0 now disconnected [ 420.730170][T11834] random: crng reseeded on system resumption [ 420.889564][T11837] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1133'. [ 421.577701][T11844] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1135'. [ 422.125042][ T54] usb 5-1: USB disconnect, device number 12 [ 422.345730][T11853] netlink: 'syz.0.1136': attribute type 4 has an invalid length. [ 422.577322][T11858] netlink: 'syz.3.1139': attribute type 4 has an invalid length. [ 423.012972][T11862] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1141'. [ 423.218280][T11868] random: crng reseeded on system resumption [ 423.535140][ T5332] Bluetooth: hci2: unexpected event for opcode 0x202d [ 423.722971][T11876] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1147'. [ 424.036636][T11885] Illegal XDP return value 4294967274 on prog (id 208) dev N/A, expect packet loss! [ 424.950942][ T40] audit: type=1326 audit(1754890527.092:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11890 comm="syz.1.1150" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 425.003766][ T40] audit: type=1326 audit(1754890527.142:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11890 comm="syz.1.1150" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 425.021734][ T40] audit: type=1326 audit(1754890527.142:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11890 comm="syz.1.1150" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 425.032219][ T40] audit: type=1326 audit(1754890527.142:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11890 comm="syz.1.1150" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 425.039259][ T40] audit: type=1326 audit(1754890527.162:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11890 comm="syz.1.1150" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 425.046229][ T40] audit: type=1326 audit(1754890527.162:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11890 comm="syz.1.1150" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 425.053797][ T40] audit: type=1326 audit(1754890527.162:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11890 comm="syz.1.1150" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 425.062458][ T40] audit: type=1326 audit(1754890527.162:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11890 comm="syz.1.1150" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 425.071349][ T40] audit: type=1326 audit(1754890527.162:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11890 comm="syz.1.1150" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 425.080630][ T40] audit: type=1326 audit(1754890527.162:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11890 comm="syz.1.1150" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 425.658228][T11902] FAULT_INJECTION: forcing a failure. [ 425.658228][T11902] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 425.662356][T11902] CPU: 1 UID: 0 PID: 11902 Comm: syz.0.1153 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 425.662373][T11902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 425.662380][T11902] Call Trace: [ 425.662384][T11902] [ 425.662389][T11902] dump_stack_lvl+0x16c/0x1f0 [ 425.662406][T11902] should_fail_ex+0x512/0x640 [ 425.662424][T11902] _copy_to_user+0x32/0xd0 [ 425.662444][T11902] simple_read_from_buffer+0xcb/0x170 [ 425.662464][T11902] proc_fail_nth_read+0x197/0x240 [ 425.662477][T11902] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 425.662490][T11902] ? rw_verify_area+0xcf/0x6c0 [ 425.662501][T11902] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 425.662513][T11902] vfs_read+0x1e4/0xcf0 [ 425.662528][T11902] ? __pfx_vfs_read+0x10/0x10 [ 425.662539][T11902] ? find_held_lock+0x2b/0x80 [ 425.662554][T11902] ? __fget_files+0x20e/0x3c0 [ 425.662570][T11902] ksys_read+0x12a/0x250 [ 425.662583][T11902] ? __pfx_ksys_read+0x10/0x10 [ 425.662596][T11902] ? rcu_is_watching+0x12/0xc0 [ 425.662609][T11902] __do_fast_syscall_32+0x7c/0x3a0 [ 425.662625][T11902] do_fast_syscall_32+0x32/0x80 [ 425.662639][T11902] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 425.662653][T11902] RIP: 0023:0xf7f36579 [ 425.662662][T11902] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 425.662673][T11902] RSP: 002b:00000000f5456590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 425.662683][T11902] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5456620 [ 425.662690][T11902] RDX: 000000000000000f RSI: 00000000f73c4ff4 RDI: 0000000000000000 [ 425.662696][T11902] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 425.662703][T11902] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 425.662709][T11902] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 425.662722][T11902] [ 426.545425][ T5332] Bluetooth: hci1: unexpected event for opcode 0x202d [ 428.226985][T11953] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1170'. [ 428.562680][T11964] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1171'. [ 428.571234][T11960] netlink: 'syz.2.1172': attribute type 4 has an invalid length. [ 429.444813][T11983] netlink: 'syz.0.1178': attribute type 3 has an invalid length. [ 429.899639][T11996] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1182'. [ 430.538493][T12008] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1186'. [ 430.640209][T12012] netlink: 'syz.0.1183': attribute type 4 has an invalid length. [ 430.665865][T12012] netlink: 'syz.0.1183': attribute type 4 has an invalid length. [ 430.755922][T12014] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1184'. [ 430.865155][ T5332] Bluetooth: hci3: unexpected event for opcode 0x202d [ 431.322726][ T5332] Bluetooth: hci2: unexpected event for opcode 0x0c25 [ 431.820675][T12040] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1192'. [ 432.034059][T12050] tmpfs: Bad value for 'mpol' [ 433.659584][ T5332] Bluetooth: hci3: unexpected event for opcode 0x0c25 [ 434.093445][T12076] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1195'. [ 434.597783][T12078] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1201'. [ 434.788495][T12088] FAULT_INJECTION: forcing a failure. [ 434.788495][T12088] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 434.792758][T12088] CPU: 1 UID: 0 PID: 12088 Comm: syz.2.1204 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 434.792774][T12088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 434.792781][T12088] Call Trace: [ 434.792785][T12088] [ 434.792789][T12088] dump_stack_lvl+0x16c/0x1f0 [ 434.792806][T12088] should_fail_ex+0x512/0x640 [ 434.792824][T12088] _copy_to_user+0x32/0xd0 [ 434.792842][T12088] simple_read_from_buffer+0xcb/0x170 [ 434.792862][T12088] proc_fail_nth_read+0x197/0x240 [ 434.792875][T12088] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 434.792887][T12088] ? rw_verify_area+0xcf/0x6c0 [ 434.792898][T12088] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 434.792910][T12088] vfs_read+0x1e4/0xcf0 [ 434.792926][T12088] ? __pfx_vfs_read+0x10/0x10 [ 434.792937][T12088] ? find_held_lock+0x2b/0x80 [ 434.792959][T12088] ? __fget_files+0x20e/0x3c0 [ 434.792975][T12088] ksys_read+0x12a/0x250 [ 434.792987][T12088] ? __pfx_ksys_read+0x10/0x10 [ 434.792999][T12088] ? fput+0x9b/0xd0 [ 434.793014][T12088] ? rcu_is_watching+0x12/0xc0 [ 434.793027][T12088] __do_fast_syscall_32+0x7c/0x3a0 [ 434.793043][T12088] do_fast_syscall_32+0x32/0x80 [ 434.793057][T12088] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 434.793071][T12088] RIP: 0023:0xf7f91579 [ 434.793080][T12088] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 434.793091][T12088] RSP: 002b:00000000f54b6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 434.793101][T12088] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f54b6620 [ 434.793108][T12088] RDX: 000000000000000f RSI: 00000000f7424ff4 RDI: 0000000000000000 [ 434.793115][T12088] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 434.793121][T12088] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 434.793127][T12088] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 434.793140][T12088] [ 435.476464][ T5332] Bluetooth: hci2: unexpected event for opcode 0x202d [ 436.018943][ T5332] Bluetooth: hci3: unexpected event for opcode 0x0c25 [ 437.169520][T12123] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1210'. [ 437.297996][T12131] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1212'. [ 437.304139][T12131] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1212'. [ 437.362831][T12131] wireguard0: entered promiscuous mode [ 437.365401][T12131] wireguard0: entered allmulticast mode [ 437.585319][ T7861] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 437.639563][T12128] syz.1.1211 (12128) used greatest stack depth: 17848 bytes left [ 437.735174][ T7861] usb 5-1: Using ep0 maxpacket: 8 [ 437.738768][ T7861] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 437.741347][ T7861] usb 5-1: config 0 has no interface number 0 [ 437.743311][ T7861] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 437.746743][ T7861] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 437.750304][ T7861] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 437.753613][ T7861] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 437.758201][ T7861] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 437.761049][ T7861] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.768319][ T7861] usb 5-1: config 0 descriptor?? [ 437.788031][ T7861] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 437.995288][T12133] netlink: 'syz.0.1213': attribute type 7 has an invalid length. [ 437.997800][T12133] netlink: 'syz.0.1213': attribute type 8 has an invalid length. [ 439.547262][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.320357][T12183] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1221'. [ 440.405940][ T29] usb 5-1: USB disconnect, device number 13 [ 440.410487][T12179] netlink: 'syz.3.1220': attribute type 27 has an invalid length. [ 440.430229][T12179] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.432588][T12179] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.454717][ T29] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 440.511414][T12179] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 440.519576][T12179] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 440.626078][T12179] bond1: left promiscuous mode [ 440.628315][ T91] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.631488][ T91] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.635459][ T91] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.635821][T12190] netlink: 'syz.1.1222': attribute type 4 has an invalid length. [ 440.638385][ T91] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.647619][T12190] netlink: 'syz.1.1222': attribute type 4 has an invalid length. [ 440.795527][ T29] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 440.935213][ T24] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 440.945232][ T29] usb 5-1: Using ep0 maxpacket: 16 [ 440.951617][ T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 440.955304][ T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 440.958432][ T29] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 440.962748][ T29] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 440.967315][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.972116][ T29] usb 5-1: config 0 descriptor?? [ 441.085131][ T24] usb 8-1: Using ep0 maxpacket: 16 [ 441.088386][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 441.091802][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 441.094922][ T24] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 441.098888][ T24] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 441.101864][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.105694][ T24] usb 8-1: config 0 descriptor?? [ 441.390639][ T29] shield 0003:0955:7214.0008: unknown main item tag 0x0 [ 441.392980][ T29] shield 0003:0955:7214.0008: unknown main item tag 0x0 [ 441.395660][ T29] shield 0003:0955:7214.0008: unknown main item tag 0x0 [ 441.398028][ T29] shield 0003:0955:7214.0008: unknown main item tag 0x0 [ 441.401494][ T29] shield 0003:0955:7214.0008: unknown main item tag 0x0 [ 441.406064][ T29] input: HID 0955:7214 Haptics as /devices/virtual/input/input58 [ 441.430514][ T29] shield 0003:0955:7214.0008: Registered Thunderstrike controller [ 441.433280][ T29] shield 0003:0955:7214.0008: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 441.520298][ T24] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 441.522538][ T24] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 441.526298][ T24] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 441.528542][ T24] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 441.530762][ T24] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 441.537053][ T24] input: HID 0955:7214 Haptics as /devices/virtual/input/input59 [ 441.558154][ T24] shield 0003:0955:7214.0009: Registered Thunderstrike controller [ 441.561002][ T24] shield 0003:0955:7214.0009: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.3-1/input0 [ 441.581439][T12188] random: crng reseeded on system resumption [ 441.694450][T12188] wireguard1: entered promiscuous mode [ 441.701281][T12188] wireguard1: entered allmulticast mode [ 441.707701][ T60] usb 5-1: USB disconnect, device number 14 [ 441.707981][ T54] shield 0003:0955:7214.0008: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 441.714373][T12194] random: crng reseeded on system resumption [ 441.719063][ T54] shield 0003:0955:7214.0008: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 441.725121][ T54] shield 0003:0955:7214.0008: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 441.734348][ T54] shield 0003:0955:7214.0008: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 441.794503][ T6438] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 441.799190][ T24] usb 8-1: USB disconnect, device number 10 [ 441.802967][ T6438] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 441.811760][ T6438] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 441.816236][ T6438] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 442.727861][T12230] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1232'. [ 442.742878][T12229] netlink: 'syz.0.1233': attribute type 27 has an invalid length. [ 442.830528][T12229] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.833791][T12229] bridge0: port 1(bridge_slave_0) entered disabled state [ 443.010738][T12229] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 443.026948][T12229] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 443.132219][T12229] wireguard0: left promiscuous mode [ 443.135040][T12229] wireguard0: left allmulticast mode [ 443.139239][T12229] wireguard1: left promiscuous mode [ 443.140980][T12229] wireguard1: left allmulticast mode [ 443.144191][ T87] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.155685][ T87] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.158518][ T87] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.161144][ T87] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.523514][T12251] netlink: 'syz.1.1236': attribute type 4 has an invalid length. [ 443.541017][T12251] netlink: 'syz.1.1236': attribute type 4 has an invalid length. [ 444.511710][T12265] netlink: 'syz.1.1247': attribute type 4 has an invalid length. [ 445.235181][T12205] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 445.285097][ T5332] Bluetooth: hci0: unexpected event for opcode 0x202d [ 445.435488][T12205] usb 7-1: Using ep0 maxpacket: 8 [ 445.487947][T12205] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 445.490676][T12205] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 445.495441][T12205] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 445.499769][T12205] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 445.508480][T12205] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 445.515996][T12205] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 445.519565][T12205] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 445.523571][T12205] usb 7-1: config 168 interface 0 has no altsetting 0 [ 445.527001][T12205] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 445.529405][T12205] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 445.532762][T12205] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 445.536325][T12205] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 445.539990][T12205] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 445.543377][T12205] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 445.547125][T12205] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 445.551260][T12205] usb 7-1: config 168 interface 0 has no altsetting 0 [ 445.554536][T12205] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 445.557027][T12205] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 445.560593][T12205] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 445.564226][T12205] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 445.568193][T12205] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 445.571759][T12205] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 445.575542][T12205] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 445.579831][T12205] usb 7-1: config 168 interface 0 has no altsetting 0 [ 445.586881][T12205] usb 7-1: string descriptor 0 read error: -22 [ 445.589017][T12205] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 445.591866][T12205] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 445.607599][T12205] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 445.814351][T12286] warning: `syz.3.1246' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 445.820773][T12286] bond0: (slave syz_tun): Releasing backup interface [ 445.824469][T12286] bond0: (slave team0): Releasing backup interface [ 445.828938][T12286] bridge_slave_0: left allmulticast mode [ 445.830801][T12286] bridge_slave_0: left promiscuous mode [ 445.833232][T12286] bridge0: port 1(bridge_slave_0) entered disabled state [ 445.842631][T12286] bridge_slave_1: left allmulticast mode [ 445.844473][T12286] bridge_slave_1: left promiscuous mode [ 445.847880][T12286] bridge0: port 2(bridge_slave_1) entered disabled state [ 445.853543][T12286] bond0: (slave bond_slave_0): Releasing backup interface [ 445.858298][T12286] bond0: (slave bond_slave_1): Releasing backup interface [ 445.866356][T12286] team0: Port device team_slave_0 removed [ 445.869554][T12286] team0: Port device team_slave_1 removed [ 445.872344][T12286] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 445.877031][T12289] netlink: 'syz.3.1246': attribute type 10 has an invalid length. [ 445.880244][T12286] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 445.885420][T12289] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 446.247094][T12295] netlink: 'syz.3.1248': attribute type 4 has an invalid length. [ 446.253534][T12295] netlink: 'syz.3.1248': attribute type 4 has an invalid length. [ 447.553288][T12205] usb 7-1: USB disconnect, device number 10 [ 448.118005][T12318] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1256'. [ 448.214059][T12323] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1257'. [ 449.102303][T12331] netlink: 'syz.3.1259': attribute type 4 has an invalid length. [ 449.108282][T12331] netlink: 'syz.3.1259': attribute type 4 has an invalid length. [ 449.795140][ T29] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 449.945423][ T29] usb 7-1: Using ep0 maxpacket: 8 [ 449.952785][ T29] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 449.957021][ T29] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 449.961691][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 449.966759][ T29] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 449.970903][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 449.974775][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 449.979949][ T29] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 449.984153][ T29] usb 7-1: config 168 interface 0 has no altsetting 0 [ 450.668490][ T29] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 450.670939][ T29] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 450.674499][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 450.700148][ T29] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 450.704856][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 450.709821][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 450.713804][ T29] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 450.718483][ T29] usb 7-1: config 168 interface 0 has no altsetting 0 [ 450.721525][ T29] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 450.723999][ T29] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 450.728635][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 450.733564][ T29] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 450.739048][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 450.743991][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 450.749106][ T29] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 450.757075][ T29] usb 7-1: config 168 interface 0 has no altsetting 0 [ 450.899301][ T29] usb 7-1: string descriptor 0 read error: -22 [ 450.966437][ T29] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 450.982586][ T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 451.006225][ T29] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 451.361315][ T5332] Bluetooth: hci3: unexpected event for opcode 0x202d [ 451.565470][T12364] netlink: 'syz.0.1266': attribute type 4 has an invalid length. [ 452.371436][ T29] usb 7-1: USB disconnect, device number 11 [ 452.579027][T12380] netlink: 'syz.2.1271': attribute type 4 has an invalid length. [ 452.591650][T12380] netlink: 'syz.2.1271': attribute type 4 has an invalid length. [ 452.985305][T12387] netlink: zone id is out of range [ 452.987622][T12387] netlink: zone id is out of range [ 452.989737][T12387] netlink: zone id is out of range [ 452.991822][T12387] netlink: zone id is out of range [ 452.993898][T12387] netlink: zone id is out of range [ 452.996148][T12387] netlink: zone id is out of range [ 452.998462][T12387] netlink: zone id is out of range [ 453.000634][T12387] netlink: zone id is out of range [ 453.002886][T12387] netlink: zone id is out of range [ 453.006001][T12387] netlink: zone id is out of range [ 453.058773][T12387] hub 2-0:1.0: USB hub found [ 453.060622][T12387] hub 2-0:1.0: 2 ports detected [ 453.219539][T12397] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1277'. [ 453.283862][T12400] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1278'. [ 453.289982][T12400] FAULT_INJECTION: forcing a failure. [ 453.289982][T12400] name failslab, interval 1, probability 0, space 0, times 0 [ 453.294587][T12400] CPU: 0 UID: 0 PID: 12400 Comm: syz.2.1278 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 453.294603][T12400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 453.294609][T12400] Call Trace: [ 453.294614][T12400] [ 453.294618][T12400] dump_stack_lvl+0x16c/0x1f0 [ 453.294636][T12400] should_fail_ex+0x512/0x640 [ 453.294652][T12400] ? __kmalloc_noprof+0xbf/0x510 [ 453.294666][T12400] ? nft_obj_init+0x1c6/0x370 [ 453.294679][T12400] should_failslab+0xc2/0x120 [ 453.294694][T12400] __kmalloc_noprof+0xd2/0x510 [ 453.294707][T12400] ? __nla_parse+0x40/0x60 [ 453.294719][T12400] nft_obj_init+0x1c6/0x370 [ 453.294733][T12400] nf_tables_newobj+0xaa8/0x15b0 [ 453.294747][T12400] ? __pfx_nf_tables_newobj+0x10/0x10 [ 453.294762][T12400] ? __nla_parse+0x40/0x60 [ 453.294773][T12400] nfnetlink_rcv_batch+0x18ea/0x2330 [ 453.294799][T12400] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 453.294819][T12400] ? __local_bh_enable_ip+0xa4/0x120 [ 453.294832][T12400] ? __dev_queue_xmit+0xaf1/0x4490 [ 453.294847][T12400] ? __dev_queue_xmit+0xb12/0x4490 [ 453.294864][T12400] ? __pfx___dev_queue_xmit+0x10/0x10 [ 453.294887][T12400] ? __nla_parse+0x40/0x60 [ 453.294899][T12400] nfnetlink_rcv+0x3c1/0x430 [ 453.294917][T12400] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 453.294938][T12400] netlink_unicast+0x5a7/0x870 [ 453.294966][T12400] ? __pfx_netlink_unicast+0x10/0x10 [ 453.294982][T12400] ? __pfx___might_resched+0x10/0x10 [ 453.294998][T12400] netlink_sendmsg+0x8d1/0xdd0 [ 453.295015][T12400] ? __pfx_netlink_sendmsg+0x10/0x10 [ 453.295031][T12400] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 453.295046][T12400] ____sys_sendmsg+0xa95/0xc70 [ 453.295064][T12400] ? __pfx_____sys_sendmsg+0x10/0x10 [ 453.295081][T12400] ? get_compat_msghdr+0x11a/0x170 [ 453.295102][T12400] ___sys_sendmsg+0x134/0x1d0 [ 453.295119][T12400] ? __pfx____sys_sendmsg+0x10/0x10 [ 453.295149][T12400] ? find_held_lock+0x2b/0x80 [ 453.295182][T12400] __sys_sendmsg+0x16d/0x220 [ 453.295203][T12400] ? __pfx___sys_sendmsg+0x10/0x10 [ 453.295237][T12400] ? rcu_is_watching+0x12/0xc0 [ 453.295259][T12400] __do_fast_syscall_32+0x7c/0x3a0 [ 453.295283][T12400] do_fast_syscall_32+0x32/0x80 [ 453.295303][T12400] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 453.295324][T12400] RIP: 0023:0xf7f91579 [ 453.295337][T12400] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 453.295353][T12400] RSP: 002b:00000000f54b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 453.295369][T12400] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240 [ 453.295379][T12400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 453.295388][T12400] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 453.295397][T12400] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 453.295407][T12400] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 453.295429][T12400] [ 455.262743][T12434] netlink: 'syz.0.1286': attribute type 4 has an invalid length. [ 455.282056][T12434] netlink: 'syz.0.1286': attribute type 4 has an invalid length. [ 455.907852][ T5332] Bluetooth: hci3: unexpected event for opcode 0x202d [ 458.889417][T12485] netlink: 'syz.1.1299': attribute type 4 has an invalid length. [ 458.898586][T12485] netlink: 'syz.1.1299': attribute type 4 has an invalid length. [ 459.445186][ T6438] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 459.631926][ T6438] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 459.645275][ T6438] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 459.649331][ T6438] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 459.679598][ T6438] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 459.683433][ T6438] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 459.696608][ T6438] usb 7-1: Product: syz [ 459.698390][ T6438] usb 7-1: Manufacturer: syz [ 459.700268][ T6438] usb 7-1: SerialNumber: syz [ 459.915691][ T6438] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 459.933542][ T6438] usb 7-1: USB disconnect, device number 12 [ 459.940907][ T6438] usblp0: removed [ 460.245272][ T5332] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 460.245318][ T5332] Bluetooth: hci1: Unknown advertising packet type: 0x5d [ 460.248388][ T5332] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 460.251426][ T5332] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 460.254602][ T5332] Bluetooth: hci1: Malformed LE Event: 0x0d [ 460.273926][T12505] FAULT_INJECTION: forcing a failure. [ 460.273926][T12505] name failslab, interval 1, probability 0, space 0, times 0 [ 460.278384][T12505] CPU: 1 UID: 0 PID: 12505 Comm: syz.1.1307 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 460.278400][T12505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 460.278419][T12505] Call Trace: [ 460.278424][T12505] [ 460.278429][T12505] dump_stack_lvl+0x16c/0x1f0 [ 460.278447][T12505] should_fail_ex+0x512/0x640 [ 460.278465][T12505] should_failslab+0xc2/0x120 [ 460.278480][T12505] __kmalloc_cache_noprof+0x6a/0x3e0 [ 460.278492][T12505] ? sctp_add_bind_addr+0xae/0x3f0 [ 460.278506][T12505] sctp_add_bind_addr+0xae/0x3f0 [ 460.278518][T12505] sctp_copy_local_addr_list+0x349/0x550 [ 460.278533][T12505] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 460.278548][T12505] ? sctp_association_new+0x19b9/0x2a00 [ 460.278562][T12505] ? sctp_association_new+0x19c7/0x2a00 [ 460.278576][T12505] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 460.278595][T12505] sctp_bind_addr_copy+0xe0/0x530 [ 460.278609][T12505] sctp_connect_new_asoc+0x1c9/0x770 [ 460.278626][T12505] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 460.278641][T12505] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 460.278659][T12505] __sctp_connect+0x3f3/0xc60 [ 460.278677][T12505] ? __pfx___sctp_connect+0x10/0x10 [ 460.278693][T12505] ? __sanitizer_cov_trace_switch+0x16/0x90 [ 460.278710][T12505] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 460.278727][T12505] ? __pfx_sctp_inet_connect+0x10/0x10 [ 460.278741][T12505] sctp_inet_connect+0x15f/0x200 [ 460.278757][T12505] __sys_connect_file+0x141/0x1a0 [ 460.278772][T12505] __sys_connect+0x13b/0x160 [ 460.278783][T12505] ? __pfx___sys_connect+0x10/0x10 [ 460.278794][T12505] ? handle_mm_fault+0x260/0xd10 [ 460.278809][T12505] ? xfd_validate_state+0x61/0x180 [ 460.278829][T12505] __ia32_sys_connect+0x71/0xb0 [ 460.278840][T12505] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 460.278855][T12505] __do_fast_syscall_32+0x7c/0x3a0 [ 460.278870][T12505] do_fast_syscall_32+0x32/0x80 [ 460.278885][T12505] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 460.278898][T12505] RIP: 0023:0xf7fc1579 [ 460.278907][T12505] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 460.278918][T12505] RSP: 002b:00000000f54c555c EFLAGS: 00000296 ORIG_RAX: 000000000000016a [ 460.278929][T12505] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000000 [ 460.278936][T12505] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000 [ 460.278942][T12505] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 460.278948][T12505] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 460.278954][T12505] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 460.278967][T12505] [ 461.085988][T12511] FAULT_INJECTION: forcing a failure. [ 461.085988][T12511] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 461.095701][T12511] CPU: 2 UID: 0 PID: 12511 Comm: syz.3.1309 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 461.095723][T12511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 461.095732][T12511] Call Trace: [ 461.095737][T12511] [ 461.095743][T12511] dump_stack_lvl+0x16c/0x1f0 [ 461.095766][T12511] should_fail_ex+0x512/0x640 [ 461.095794][T12511] _copy_to_user+0x32/0xd0 [ 461.095831][T12511] simple_read_from_buffer+0xcb/0x170 [ 461.095858][T12511] proc_fail_nth_read+0x197/0x240 [ 461.095886][T12511] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 461.095904][T12511] ? rw_verify_area+0xcf/0x6c0 [ 461.095919][T12511] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 461.095935][T12511] vfs_read+0x1e4/0xcf0 [ 461.095956][T12511] ? __pfx_vfs_read+0x10/0x10 [ 461.095970][T12511] ? find_held_lock+0x2b/0x80 [ 461.095990][T12511] ? __fget_files+0x20e/0x3c0 [ 461.096012][T12511] ksys_read+0x12a/0x250 [ 461.096027][T12511] ? __pfx_ksys_read+0x10/0x10 [ 461.096045][T12511] ? rcu_is_watching+0x12/0xc0 [ 461.096064][T12511] __do_fast_syscall_32+0x7c/0x3a0 [ 461.096084][T12511] do_fast_syscall_32+0x32/0x80 [ 461.096102][T12511] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 461.096120][T12511] RIP: 0023:0xf706e579 [ 461.096131][T12511] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 461.096145][T12511] RSP: 002b:00000000f543d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 461.096159][T12511] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f543d620 [ 461.096169][T12511] RDX: 000000000000000f RSI: 00000000f73d4ff4 RDI: 0000000000000000 [ 461.096178][T12511] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 461.096186][T12511] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 461.096195][T12511] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 461.096214][T12511] [ 462.321689][T12526] netlink: 'syz.3.1312': attribute type 4 has an invalid length. [ 462.328083][T12526] netlink: 'syz.3.1312': attribute type 4 has an invalid length. [ 462.634858][T12528] netlink: 'syz.2.1313': attribute type 10 has an invalid length. [ 462.666446][T12528] bond0: (slave team0): Releasing backup interface [ 462.674173][T12528] batman_adv: batadv0: Adding interface: team0 [ 462.678032][T12528] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 462.688296][T12528] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 462.723393][T12529] netlink: 'syz.2.1313': attribute type 10 has an invalid length. [ 462.726467][T12529] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1313'. [ 462.729451][T12529] team0: entered promiscuous mode [ 462.731109][T12529] team_slave_0: entered promiscuous mode [ 462.733158][T12529] team_slave_1: entered promiscuous mode [ 462.744067][T12529] 8021q: adding VLAN 0 to HW filter on device team0 [ 462.747421][T12529] batman_adv: batadv0: Interface activated: team0 [ 462.749547][T12529] batman_adv: batadv0: Interface deactivated: team0 [ 462.752668][T12529] batman_adv: batadv0: Removing interface: team0 [ 462.761665][T12529] bridge0: port 4(team0) entered blocking state [ 462.763842][T12529] bridge0: port 4(team0) entered disabled state [ 462.767254][T12529] team0: entered allmulticast mode [ 462.770240][T12529] team_slave_0: entered allmulticast mode [ 462.773009][T12529] team_slave_1: entered allmulticast mode [ 462.790064][T12529] bridge0: port 4(team0) entered blocking state [ 462.792180][T12529] bridge0: port 4(team0) entered forwarding state [ 463.132847][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 463.132940][ T40] audit: type=1326 audit(1754890565.272:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12534 comm="syz.3.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 463.158364][ T40] audit: type=1326 audit(1754890565.282:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12534 comm="syz.3.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 463.215122][ T40] audit: type=1326 audit(1754890565.352:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12534 comm="syz.3.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 463.235458][ T40] audit: type=1326 audit(1754890565.352:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12534 comm="syz.3.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 463.242410][ T40] audit: type=1326 audit(1754890565.352:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12534 comm="syz.3.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 463.255039][ T40] audit: type=1326 audit(1754890565.352:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12534 comm="syz.3.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 463.261527][ T40] audit: type=1326 audit(1754890565.352:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12534 comm="syz.3.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 463.268128][ T40] audit: type=1326 audit(1754890565.352:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12534 comm="syz.3.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 463.275093][ T40] audit: type=1326 audit(1754890565.352:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12534 comm="syz.3.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 463.282457][ T40] audit: type=1326 audit(1754890565.352:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12534 comm="syz.3.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 463.683358][T12548] netlink: 'syz.1.1319': attribute type 4 has an invalid length. [ 463.897909][T12552] block device autoloading is deprecated and will be removed. [ 466.185608][ T29] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 466.339806][ T29] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 466.344122][ T29] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 466.365073][ T29] usb 7-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 466.373395][ T29] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 466.377983][ T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.381343][ T29] usb 7-1: Product: syz [ 466.383314][ T29] usb 7-1: Manufacturer: syz [ 466.389752][ T29] usb 7-1: SerialNumber: syz [ 466.399359][ T29] cdc_mbim 7-1:1.0: skipping garbage [ 466.487808][T12587] FAULT_INJECTION: forcing a failure. [ 466.487808][T12587] name failslab, interval 1, probability 0, space 0, times 0 [ 466.493209][T12587] CPU: 1 UID: 0 PID: 12587 Comm: syz.3.1331 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 466.493231][T12587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 466.493240][T12587] Call Trace: [ 466.493246][T12587] [ 466.493252][T12587] dump_stack_lvl+0x16c/0x1f0 [ 466.493289][T12587] should_fail_ex+0x512/0x640 [ 466.493310][T12587] ? fs_reclaim_acquire+0xae/0x150 [ 466.493336][T12587] ? tomoyo_encode2+0x100/0x3e0 [ 466.493357][T12587] should_failslab+0xc2/0x120 [ 466.493380][T12587] __kmalloc_noprof+0xd2/0x510 [ 466.493399][T12587] ? d_absolute_path+0x136/0x1a0 [ 466.493428][T12587] tomoyo_encode2+0x100/0x3e0 [ 466.493454][T12587] tomoyo_encode+0x29/0x50 [ 466.493476][T12587] tomoyo_realpath_from_path+0x18f/0x6e0 [ 466.493508][T12587] tomoyo_path_number_perm+0x245/0x580 [ 466.493527][T12587] ? tomoyo_path_number_perm+0x237/0x580 [ 466.493547][T12587] ? finish_task_switch.isra.0+0x194/0xc10 [ 466.493566][T12587] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 466.493585][T12587] ? rcu_is_watching+0x12/0xc0 [ 466.493628][T12587] ? find_held_lock+0x2b/0x80 [ 466.493645][T12587] ? hook_file_ioctl_common+0x145/0x410 [ 466.493673][T12587] ? __fget_files+0x20e/0x3c0 [ 466.493697][T12587] security_file_ioctl_compat+0x9b/0x240 [ 466.493721][T12587] __ia32_compat_sys_ioctl+0xc3/0x370 [ 466.493750][T12587] __do_fast_syscall_32+0x7c/0x3a0 [ 466.493776][T12587] do_fast_syscall_32+0x32/0x80 [ 466.493798][T12587] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 466.493820][T12587] RIP: 0023:0xf706e579 [ 466.493833][T12587] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 466.493850][T12587] RSP: 002b:00000000f543955c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 466.493867][T12587] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c0401273 [ 466.493877][T12587] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 466.493888][T12587] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 466.493898][T12587] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 466.493908][T12587] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 466.493930][T12587] [ 466.494098][T12587] ERROR: Out of memory at tomoyo_realpath_from_path. [ 467.187899][ T5332] Bluetooth: hci1: unexpected event for opcode 0x202d [ 467.328213][ T5332] Bluetooth: hci0: unexpected event for opcode 0x202d [ 467.648327][T12600] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1335'. [ 467.773527][T12602] FAULT_INJECTION: forcing a failure. [ 467.773527][T12602] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 467.777678][T12602] CPU: 0 UID: 0 PID: 12602 Comm: syz.3.1335 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 467.777694][T12602] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 467.777702][T12602] Call Trace: [ 467.777707][T12602] [ 467.777711][T12602] dump_stack_lvl+0x16c/0x1f0 [ 467.777728][T12602] should_fail_ex+0x512/0x640 [ 467.777746][T12602] strncpy_from_user+0x3b/0x2e0 [ 467.777761][T12602] getname_flags.part.0+0x8f/0x550 [ 467.777780][T12602] getname_flags+0x93/0xf0 [ 467.777792][T12602] __ia32_sys_rename+0x57/0xa0 [ 467.777807][T12602] __do_fast_syscall_32+0x7c/0x3a0 [ 467.777823][T12602] do_fast_syscall_32+0x32/0x80 [ 467.777837][T12602] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 467.777851][T12602] RIP: 0023:0xf706e579 [ 467.777860][T12602] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 467.777871][T12602] RSP: 002b:00000000f541c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000026 [ 467.777882][T12602] RAX: ffffffffffffffda RBX: 0000000080000100 RCX: 00000000800000c0 [ 467.777888][T12602] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 467.777895][T12602] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 467.777901][T12602] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 467.777907][T12602] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 467.777920][T12602] [ 468.950016][ T29] cdc_mbim 7-1:1.0: bind() failure [ 468.953666][ T29] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 468.956300][ T29] cdc_ncm 7-1:1.1: bind() failure [ 468.965487][ T29] usb 7-1: USB disconnect, device number 13 [ 470.121524][T12625] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1344'. [ 470.215064][ T6438] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 470.365120][ T6438] usb 6-1: Using ep0 maxpacket: 8 [ 470.372750][ T6438] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 470.377590][ T6438] usb 6-1: config 0 has no interface number 0 [ 470.380111][ T6438] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 470.389206][ T6438] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 470.394492][ T6438] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 470.399109][ T6438] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 470.404331][ T6438] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 470.408078][ T6438] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.413269][ T6438] usb 6-1: config 0 descriptor?? [ 470.423821][ T6438] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 470.481431][T12636] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1348'. [ 470.518474][T12639] FAULT_INJECTION: forcing a failure. [ 470.518474][T12639] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 470.523999][T12639] CPU: 3 UID: 0 PID: 12639 Comm: syz.3.1350 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 470.524022][T12639] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 470.524032][T12639] Call Trace: [ 470.524040][T12639] [ 470.524047][T12639] dump_stack_lvl+0x16c/0x1f0 [ 470.524073][T12639] should_fail_ex+0x512/0x640 [ 470.524101][T12639] _copy_to_user+0x32/0xd0 [ 470.524132][T12639] simple_read_from_buffer+0xcb/0x170 [ 470.524164][T12639] proc_fail_nth_read+0x197/0x240 [ 470.524184][T12639] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 470.524206][T12639] ? rw_verify_area+0xcf/0x6c0 [ 470.524224][T12639] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 470.524243][T12639] vfs_read+0x1e4/0xcf0 [ 470.524268][T12639] ? __pfx_vfs_read+0x10/0x10 [ 470.524287][T12639] ? find_held_lock+0x2b/0x80 [ 470.524313][T12639] ? __fget_files+0x20e/0x3c0 [ 470.524339][T12639] ksys_read+0x12a/0x250 [ 470.524360][T12639] ? __pfx_ksys_read+0x10/0x10 [ 470.524382][T12639] ? rcu_is_watching+0x12/0xc0 [ 470.524405][T12639] __do_fast_syscall_32+0x7c/0x3a0 [ 470.524430][T12639] do_fast_syscall_32+0x32/0x80 [ 470.524452][T12639] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 470.524474][T12639] RIP: 0023:0xf706e579 [ 470.524485][T12639] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 470.524502][T12639] RSP: 002b:00000000f545e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 470.524519][T12639] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f545e620 [ 470.524529][T12639] RDX: 000000000000000f RSI: 00000000f73d4ff4 RDI: 0000000000000000 [ 470.524539][T12639] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 470.524550][T12639] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 470.524560][T12639] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 470.524582][T12639] [ 470.633385][T12644] 9pnet_virtio: no channels available for device syz [ 470.634571][T12619] netlink: 'syz.1.1341': attribute type 7 has an invalid length. [ 470.638311][T12619] netlink: 'syz.1.1341': attribute type 8 has an invalid length. [ 470.638598][T12645] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.1352'. [ 471.379383][T12664] netlink: 'syz.0.1354': attribute type 4 has an invalid length. [ 472.246044][T12673] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1360'. [ 473.117829][ T29] usb 6-1: USB disconnect, device number 11 [ 473.126467][ T29] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 473.652455][T12702] can0: slcan on ttyS3. [ 473.705096][ T29] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 473.737531][T12702] can0 (unregistered): slcan off ttyS3. [ 473.772930][T12703] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1369'. [ 473.867401][ T29] usb 6-1: Using ep0 maxpacket: 8 [ 473.871189][ T29] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 473.873893][ T29] usb 6-1: config 0 has no interface number 0 [ 473.876417][ T29] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 473.880183][ T29] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 473.884035][ T29] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 473.888038][ T29] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 473.892534][ T29] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 473.895592][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.904332][ T29] usb 6-1: config 0 descriptor?? [ 473.919169][ T29] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 473.967094][T12718] FAULT_INJECTION: forcing a failure. [ 473.967094][T12718] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 473.971148][T12718] CPU: 2 UID: 0 PID: 12718 Comm: syz.2.1371 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 473.971164][T12718] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 473.971171][T12718] Call Trace: [ 473.971176][T12718] [ 473.971180][T12718] dump_stack_lvl+0x16c/0x1f0 [ 473.971198][T12718] should_fail_ex+0x512/0x640 [ 473.971215][T12718] _copy_to_user+0x32/0xd0 [ 473.971233][T12718] simple_read_from_buffer+0xcb/0x170 [ 473.971254][T12718] proc_fail_nth_read+0x197/0x240 [ 473.971266][T12718] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 473.971279][T12718] ? rw_verify_area+0xcf/0x6c0 [ 473.971290][T12718] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 473.971301][T12718] vfs_read+0x1e4/0xcf0 [ 473.971316][T12718] ? __pfx_vfs_read+0x10/0x10 [ 473.971327][T12718] ? find_held_lock+0x2b/0x80 [ 473.971342][T12718] ? __fget_files+0x20e/0x3c0 [ 473.971357][T12718] ksys_read+0x12a/0x250 [ 473.971369][T12718] ? __pfx_ksys_read+0x10/0x10 [ 473.971383][T12718] ? rcu_is_watching+0x12/0xc0 [ 473.971396][T12718] __do_fast_syscall_32+0x7c/0x3a0 [ 473.971432][T12718] do_fast_syscall_32+0x32/0x80 [ 473.971455][T12718] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 473.971473][T12718] RIP: 0023:0xf7f91579 [ 473.971486][T12718] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 473.971497][T12718] RSP: 002b:00000000f54b6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 473.971508][T12718] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f54b6620 [ 473.971515][T12718] RDX: 000000000000000f RSI: 00000000f7424ff4 RDI: 0000000000000000 [ 473.971521][T12718] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 473.971527][T12718] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 473.971534][T12718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 473.971547][T12718] [ 474.052090][T12720] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 474.054422][T12720] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 474.058909][T12720] vhci_hcd vhci_hcd.0: Device attached [ 474.122270][T12697] netlink: 'syz.1.1368': attribute type 7 has an invalid length. [ 474.124711][T12697] netlink: 'syz.1.1368': attribute type 8 has an invalid length. [ 474.325166][ T29] vhci_hcd: vhci_device speed not set [ 474.385348][ T29] usb 43-1: new full-speed USB device number 2 using vhci_hcd [ 474.455132][T12721] vhci_hcd: connection closed [ 474.516080][ T95] vhci_hcd: stop threads [ 474.530671][ T95] vhci_hcd: release socket [ 474.541788][ T95] vhci_hcd: disconnect device [ 474.545935][T12733] can0: slcan on pty24. [ 474.627696][ T40] kauditd_printk_skb: 59 callbacks suppressed [ 474.627714][ T40] audit: type=1804 audit(1754890576.772:85): pid=12733 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1374" name="/newroot/330/bus" dev="tmpfs" ino=1734 res=1 errno=0 [ 475.221292][T12753] netlink: 'syz.3.1376': attribute type 4 has an invalid length. [ 475.638156][T12756] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1377'. [ 475.856765][T12729] can0 (unregistered): slcan off pty24. [ 476.365246][ T60] usb 6-1: USB disconnect, device number 12 [ 476.396458][ T60] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 476.597216][T12783] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1380'. [ 476.745044][ T7861] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 476.925147][ T7861] usb 5-1: Using ep0 maxpacket: 8 [ 477.065800][ T7861] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 477.068876][ T7861] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 477.075453][ T7861] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 477.080719][ T7861] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 477.095251][ T7861] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 477.100153][ T7861] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 477.115037][ T7861] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 477.120930][ T7861] usb 5-1: config 168 interface 0 has no altsetting 0 [ 477.135924][ T7861] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 477.139202][ T7861] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 477.144064][ T7861] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 477.172522][ T7861] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 477.185142][ T7861] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 477.189976][ T7861] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 477.194871][ T7861] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 477.225372][ T7861] usb 5-1: config 168 interface 0 has no altsetting 0 [ 477.235822][ T7861] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 477.238948][ T7861] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 477.243654][ T7861] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 477.255045][ T7861] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 477.260377][ T7861] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 477.275052][ T7861] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 477.280089][ T7861] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 477.295301][ T7861] usb 5-1: config 168 interface 0 has no altsetting 0 [ 477.313320][ T7861] usb 5-1: string descriptor 0 read error: -22 [ 477.325121][ T7861] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 477.329225][ T7861] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.348537][ T7861] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 477.551657][T12807] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1387'. [ 477.609195][T12811] ======================================================= [ 477.609195][T12811] WARNING: The mand mount option has been deprecated and [ 477.609195][T12811] and is ignored by this kernel. Remove the mand [ 477.609195][T12811] option from the mount to silence this warning. [ 477.609195][T12811] ======================================================= [ 478.606222][T12832] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1391'. [ 478.828580][T12839] FAULT_INJECTION: forcing a failure. [ 478.828580][T12839] name failslab, interval 1, probability 0, space 0, times 0 [ 478.841935][T12839] CPU: 1 UID: 0 PID: 12839 Comm: syz.2.1394 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 478.841952][T12839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 478.841959][T12839] Call Trace: [ 478.841963][T12839] [ 478.841968][T12839] dump_stack_lvl+0x16c/0x1f0 [ 478.841986][T12839] should_fail_ex+0x512/0x640 [ 478.842001][T12839] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 478.842016][T12839] should_failslab+0xc2/0x120 [ 478.842030][T12839] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 478.842043][T12839] ? schedule+0x2d7/0x3a0 [ 478.842054][T12839] ? fuse_request_alloc+0x22/0x200 [ 478.842068][T12839] fuse_request_alloc+0x22/0x200 [ 478.842080][T12839] fuse_get_req+0x748/0xfd0 [ 478.842095][T12839] ? __pfx_fuse_get_req+0x10/0x10 [ 478.842109][T12839] ? __pfx_autoremove_wake_function+0x10/0x10 [ 478.842123][T12839] ? trace_kmalloc+0x2b/0xd0 [ 478.842137][T12839] ? __kmalloc_noprof+0x242/0x510 [ 478.842150][T12839] ? fuse_copy_do+0x31b/0x430 [ 478.842163][T12839] fuse_dev_do_write+0x2208/0x3420 [ 478.842182][T12839] ? __pfx_fuse_dev_do_write+0x10/0x10 [ 478.842196][T12839] ? find_held_lock+0x2b/0x80 [ 478.842207][T12839] ? aa_file_perm+0x28f/0x12e0 [ 478.842226][T12839] ? aa_file_perm+0x29e/0x12e0 [ 478.842244][T12839] ? __pfx_aa_file_perm+0x10/0x10 [ 478.842263][T12839] ? __asan_memset+0x23/0x50 [ 478.842275][T12839] fuse_dev_write+0x155/0x1e0 [ 478.842290][T12839] ? __pfx_fuse_dev_write+0x10/0x10 [ 478.842308][T12839] ? bpf_lsm_file_permission+0x9/0x10 [ 478.842324][T12839] ? security_file_permission+0x71/0x210 [ 478.842339][T12839] ? rw_verify_area+0xcf/0x6c0 [ 478.842352][T12839] vfs_write+0x7d0/0x11d0 [ 478.842365][T12839] ? __pfx_fuse_dev_write+0x10/0x10 [ 478.842381][T12839] ? __pfx_vfs_write+0x10/0x10 [ 478.842392][T12839] ? find_held_lock+0x2b/0x80 [ 478.842411][T12839] ksys_write+0x12a/0x250 [ 478.842423][T12839] ? __pfx_ksys_write+0x10/0x10 [ 478.842437][T12839] ? rcu_is_watching+0x12/0xc0 [ 478.842451][T12839] __do_fast_syscall_32+0x7c/0x3a0 [ 478.842467][T12839] do_fast_syscall_32+0x32/0x80 [ 478.842481][T12839] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 478.842496][T12839] RIP: 0023:0xf7f91579 [ 478.842504][T12839] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 478.842515][T12839] RSP: 002b:00000000f54b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 478.842526][T12839] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140 [ 478.842532][T12839] RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000000 [ 478.842539][T12839] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 478.842545][T12839] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 478.842551][T12839] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 478.842564][T12839] [ 478.935504][ C1] vkms_vblank_simulate: vblank timer overrun [ 479.127881][T12205] usb 5-1: USB disconnect, device number 15 [ 479.205076][ T53] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 479.365112][ T53] usb 7-1: Using ep0 maxpacket: 16 [ 479.368213][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 479.371675][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 479.375115][ T53] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 479.380393][ T53] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 479.384158][ T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.394607][ T53] usb 7-1: config 0 descriptor?? [ 479.465439][T12856] FAULT_INJECTION: forcing a failure. [ 479.465439][T12856] name failslab, interval 1, probability 0, space 0, times 0 [ 479.470818][T12856] CPU: 3 UID: 0 PID: 12856 Comm: syz.3.1399 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 479.470847][T12856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 479.470857][T12856] Call Trace: [ 479.470864][T12856] [ 479.470870][T12856] dump_stack_lvl+0x16c/0x1f0 [ 479.470896][T12856] should_fail_ex+0x512/0x640 [ 479.470919][T12856] ? fs_reclaim_acquire+0xae/0x150 [ 479.470950][T12856] should_failslab+0xc2/0x120 [ 479.470971][T12856] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 479.470991][T12856] ? security_inode_alloc+0x3b/0x2b0 [ 479.471012][T12856] security_inode_alloc+0x3b/0x2b0 [ 479.471030][T12856] inode_init_always_gfp+0xce4/0x1030 [ 479.471051][T12856] alloc_inode+0x86/0x240 [ 479.471077][T12856] sock_alloc+0x40/0x280 [ 479.471103][T12856] do_accept+0xf7/0x530 [ 479.471119][T12856] ? do_raw_spin_lock+0x12c/0x2b0 [ 479.471144][T12856] ? __pfx_do_accept+0x10/0x10 [ 479.471175][T12856] __sys_accept4+0x100/0x1c0 [ 479.471192][T12856] ? __pfx___sys_accept4+0x10/0x10 [ 479.471208][T12856] ? __pfx_ksys_write+0x10/0x10 [ 479.471234][T12856] __ia32_sys_accept4+0x94/0x100 [ 479.471254][T12856] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 479.471276][T12856] __do_fast_syscall_32+0x7c/0x3a0 [ 479.471298][T12856] do_fast_syscall_32+0x32/0x80 [ 479.471317][T12856] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 479.471336][T12856] RIP: 0023:0xf706e579 [ 479.471350][T12856] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 479.471383][T12856] RSP: 002b:00000000f541c55c EFLAGS: 00000296 ORIG_RAX: 000000000000016c [ 479.471402][T12856] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000 [ 479.471414][T12856] RDX: 0000000000000000 RSI: 0000000000080000 RDI: 0000000000000000 [ 479.471424][T12856] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 479.471433][T12856] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 479.471442][T12856] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 479.471464][T12856] [ 479.566853][ T29] vhci_hcd: vhci_device speed not set [ 479.803827][ T53] shield 0003:0955:7214.000A: unknown main item tag 0x0 [ 479.807643][ T53] shield 0003:0955:7214.000A: unknown main item tag 0x0 [ 479.809973][ T53] shield 0003:0955:7214.000A: unknown main item tag 0x0 [ 479.812210][ T53] shield 0003:0955:7214.000A: unknown main item tag 0x0 [ 479.814486][ T53] shield 0003:0955:7214.000A: unknown main item tag 0x0 [ 479.820203][ T53] input: HID 0955:7214 Haptics as /devices/virtual/input/input60 [ 479.846061][ T53] shield 0003:0955:7214.000A: Registered Thunderstrike controller [ 479.848801][ T53] shield 0003:0955:7214.000A: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 479.927807][T12865] FAULT_INJECTION: forcing a failure. [ 479.927807][T12865] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 479.931935][T12865] CPU: 2 UID: 0 PID: 12865 Comm: syz.1.1400 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 479.931950][T12865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 479.931957][T12865] Call Trace: [ 479.931961][T12865] [ 479.931966][T12865] dump_stack_lvl+0x16c/0x1f0 [ 479.931984][T12865] should_fail_ex+0x512/0x640 [ 479.932002][T12865] strncpy_from_user+0x3b/0x2e0 [ 479.932028][T12865] getname_flags.part.0+0x8f/0x550 [ 479.932047][T12865] ? handle_mm_fault+0x260/0xd10 [ 479.932060][T12865] getname_flags+0x93/0xf0 [ 479.932071][T12865] user_path_at+0x24/0x60 [ 479.932084][T12865] __ia32_sys_umount+0x109/0x190 [ 479.932096][T12865] ? __pfx___ia32_sys_umount+0x10/0x10 [ 479.932110][T12865] ? rcu_is_watching+0x12/0xc0 [ 479.932122][T12865] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 479.932138][T12865] __do_fast_syscall_32+0x7c/0x3a0 [ 479.932154][T12865] do_fast_syscall_32+0x32/0x80 [ 479.932168][T12865] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 479.932182][T12865] RIP: 0023:0xf7fc1579 [ 479.932191][T12865] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 479.932202][T12865] RSP: 002b:00000000f54c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000034 [ 479.932213][T12865] RAX: ffffffffffffffda RBX: 0000000080000080 RCX: 0000000000000002 [ 479.932220][T12865] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 479.932226][T12865] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 479.932232][T12865] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 479.932238][T12865] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 479.932251][T12865] [ 479.999814][T12847] random: crng reseeded on system resumption [ 480.131998][T12847] wireguard0: entered promiscuous mode [ 480.133859][T12847] wireguard0: entered allmulticast mode [ 480.145762][ T53] shield 0003:0955:7214.000A: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 480.149233][ T24] usb 7-1: USB disconnect, device number 14 [ 480.152002][ T53] shield 0003:0955:7214.000A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 480.158894][ T53] shield 0003:0955:7214.000A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 480.162190][ T53] shield 0003:0955:7214.000A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 481.385148][ T29] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 481.535083][ T29] usb 7-1: Using ep0 maxpacket: 8 [ 481.539974][ T29] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 481.543655][ T29] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 481.550914][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 481.556522][ T29] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 481.561986][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 481.569867][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 481.578989][ T29] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 481.588168][ T29] usb 7-1: config 168 interface 0 has no altsetting 0 [ 481.596360][ T29] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 481.599414][ T29] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 481.602835][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 481.625303][ T29] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 481.635055][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 481.638634][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 481.645197][ T29] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 481.659090][ T29] usb 7-1: config 168 interface 0 has no altsetting 0 [ 481.663733][ T29] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 481.669280][ T29] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 481.679481][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 481.689656][ T29] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 481.700277][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 481.704110][ T29] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 481.711605][ T29] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 481.722502][ T29] usb 7-1: config 168 interface 0 has no altsetting 0 [ 481.727548][ T29] usb 7-1: string descriptor 0 read error: -22 [ 481.729597][ T29] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 481.732364][ T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.741249][ T29] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 481.820603][T12897] capability: warning: `syz.1.1408' uses deprecated v2 capabilities in a way that may be insecure [ 482.861870][ T5332] Bluetooth: hci0: unexpected event for opcode 0x202d [ 483.085076][ T34] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 483.235944][ T34] usb 6-1: Using ep0 maxpacket: 16 [ 483.239254][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 483.242752][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 483.246257][ T34] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 483.250806][ T34] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 483.253822][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.258774][ T34] usb 6-1: config 0 descriptor?? [ 483.676709][ T34] shield 0003:0955:7214.000B: unknown main item tag 0x0 [ 483.679245][ T34] shield 0003:0955:7214.000B: unknown main item tag 0x0 [ 483.681652][ T34] shield 0003:0955:7214.000B: unknown main item tag 0x0 [ 483.684197][ T34] shield 0003:0955:7214.000B: unknown main item tag 0x0 [ 483.686559][ T34] shield 0003:0955:7214.000B: unknown main item tag 0x0 [ 483.694258][ T34] input: HID 0955:7214 Haptics as /devices/virtual/input/input61 [ 483.707513][ T34] shield 0003:0955:7214.000B: Registered Thunderstrike controller [ 483.710891][ T34] shield 0003:0955:7214.000B: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 483.872191][T12917] random: crng reseeded on system resumption [ 483.929171][ T29] usb 7-1: USB disconnect, device number 15 [ 483.959227][T12917] wireguard0: entered promiscuous mode [ 483.960801][T12917] wireguard0: entered allmulticast mode [ 483.967345][ T6036] shield 0003:0955:7214.000B: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 483.967670][ T53] usb 6-1: USB disconnect, device number 13 [ 483.970744][ T6036] shield 0003:0955:7214.000B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 483.977637][ T6036] shield 0003:0955:7214.000B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 483.981590][ T6036] shield 0003:0955:7214.000B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 484.583924][ T5332] Bluetooth: unknown link type 128 [ 484.761480][T12929] netlink: 'syz.1.1416': attribute type 4 has an invalid length. [ 484.764797][T12929] netlink: 'syz.1.1416': attribute type 4 has an invalid length. [ 484.892776][T12932] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1417'. [ 485.221016][T12945] FAULT_INJECTION: forcing a failure. [ 485.221016][T12945] name failslab, interval 1, probability 0, space 0, times 0 [ 485.230313][T12945] CPU: 0 UID: 0 PID: 12945 Comm: syz.2.1421 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 485.230329][T12945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 485.230335][T12945] Call Trace: [ 485.230340][T12945] [ 485.230345][T12945] dump_stack_lvl+0x16c/0x1f0 [ 485.230362][T12945] should_fail_ex+0x512/0x640 [ 485.230377][T12945] ? __kmalloc_noprof+0xbf/0x510 [ 485.230391][T12945] ? sock_kmalloc+0x111/0x170 [ 485.230406][T12945] should_failslab+0xc2/0x120 [ 485.230420][T12945] __kmalloc_noprof+0xd2/0x510 [ 485.230433][T12945] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 485.230453][T12945] sock_kmalloc+0x111/0x170 [ 485.230470][T12945] hash_alloc_result+0xd7/0x150 [ 485.230486][T12945] hash_recvmsg+0x198/0x960 [ 485.230501][T12945] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 485.230517][T12945] sock_recvmsg+0x1f9/0x250 [ 485.230534][T12945] ____sys_recvmsg+0x218/0x6b0 [ 485.230557][T12945] ? __pfx_____sys_recvmsg+0x10/0x10 [ 485.230573][T12945] ? import_iovec+0x86/0xb0 [ 485.230588][T12945] ? __lock_acquire+0x62e/0x1ce0 [ 485.230605][T12945] ___sys_recvmsg+0x114/0x1a0 [ 485.230619][T12945] ? __pfx____sys_recvmsg+0x10/0x10 [ 485.230634][T12945] ? find_held_lock+0x2b/0x80 [ 485.230653][T12945] do_recvmmsg+0x55d/0x750 [ 485.230681][T12945] ? __pfx_do_recvmmsg+0x10/0x10 [ 485.230694][T12945] ? find_held_lock+0x2b/0x80 [ 485.230713][T12945] ? __fget_files+0x20e/0x3c0 [ 485.230725][T12945] ? handle_mm_fault+0x260/0xd10 [ 485.230737][T12945] __sys_recvmmsg+0x21c/0x280 [ 485.230752][T12945] ? __pfx___sys_recvmmsg+0x10/0x10 [ 485.230767][T12945] ? __pfx_ksys_write+0x10/0x10 [ 485.230782][T12945] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 485.230808][T12945] ? lockdep_hardirqs_on+0x7c/0x110 [ 485.230822][T12945] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 485.230836][T12945] __do_fast_syscall_32+0x7c/0x3a0 [ 485.230852][T12945] do_fast_syscall_32+0x32/0x80 [ 485.230866][T12945] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 485.230880][T12945] RIP: 0023:0xf7f91579 [ 485.230889][T12945] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 485.230899][T12945] RSP: 002b:00000000f547455c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 485.230910][T12945] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080003700 [ 485.230917][T12945] RDX: 0000000000000600 RSI: 0000000000000000 RDI: 0000000000000000 [ 485.230923][T12945] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 485.230929][T12945] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 485.230935][T12945] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 485.230949][T12945] [ 485.925130][ T53] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 486.085584][ T53] usb 5-1: Using ep0 maxpacket: 16 [ 486.088573][ T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 486.091915][ T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 486.094846][ T53] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 486.098912][ T53] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 486.101667][ T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 486.111264][ T53] usb 5-1: config 0 descriptor?? [ 486.213875][T12963] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1425'. [ 486.398436][T12965] netlink: 'syz.1.1426': attribute type 10 has an invalid length. [ 486.414254][T12965] bond0: (slave wlan1): Enslaving as an active interface with a down link [ 486.519848][ T53] shield 0003:0955:7214.000C: unknown main item tag 0x0 [ 486.522119][ T53] shield 0003:0955:7214.000C: unknown main item tag 0x0 [ 486.524305][ T53] shield 0003:0955:7214.000C: unknown main item tag 0x0 [ 486.526604][ T53] shield 0003:0955:7214.000C: unknown main item tag 0x0 [ 486.528866][ T53] shield 0003:0955:7214.000C: unknown main item tag 0x0 [ 486.532301][ T53] input: HID 0955:7214 Haptics as /devices/virtual/input/input62 [ 486.549364][ T53] shield 0003:0955:7214.000C: Registered Thunderstrike controller [ 486.553649][ T53] shield 0003:0955:7214.000C: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 486.665351][ T5332] Bluetooth: hci1: command 0x0406 tx timeout [ 486.718856][T12954] random: crng reseeded on system resumption [ 486.775758][T12233] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 486.793802][T12954] wireguard2: entered promiscuous mode [ 486.797315][T12954] wireguard2: entered allmulticast mode [ 486.803821][ T6438] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 486.804933][ T6036] usb 5-1: USB disconnect, device number 16 [ 486.807211][ T6438] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 486.812781][ T6438] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 486.817057][ T6438] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 486.935219][T12233] usb 6-1: Using ep0 maxpacket: 16 [ 487.112320][T12233] usb 6-1: unable to get BOS descriptor or descriptor too short [ 487.116899][T12233] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 487.119415][T12233] usb 6-1: can't read configurations, error -71 [ 487.139032][T12981] cdrom: dropping to single frame dma [ 487.286480][ T5332] Bluetooth: hci2: unexpected event for opcode 0x202d [ 487.396765][T12986] netlink: 'syz.1.1431': attribute type 4 has an invalid length. [ 489.545094][ T24] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 489.705062][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 489.709833][ T24] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 489.715261][ T24] usb 5-1: config 0 has no interface number 0 [ 489.719139][ T24] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 489.725555][ T24] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 489.734064][ T24] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 489.738871][ T24] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 489.744275][ T24] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 489.751194][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.761157][ T24] usb 5-1: config 0 descriptor?? [ 489.772997][ T24] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 489.974139][T13020] netlink: 'syz.0.1440': attribute type 7 has an invalid length. [ 489.976794][T13020] netlink: 'syz.0.1440': attribute type 8 has an invalid length. [ 490.406121][ T60] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 490.585122][ T60] usb 6-1: Using ep0 maxpacket: 16 [ 490.588668][ T60] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 490.593017][ T60] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 490.596953][ T60] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 490.602132][ T60] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 490.605852][ T60] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 490.611442][ T60] usb 6-1: config 0 descriptor?? [ 491.021586][ T60] shield 0003:0955:7214.000D: unknown main item tag 0x0 [ 491.024672][ T60] shield 0003:0955:7214.000D: unknown main item tag 0x0 [ 491.027012][ T60] shield 0003:0955:7214.000D: unknown main item tag 0x0 [ 491.029334][ T60] shield 0003:0955:7214.000D: unknown main item tag 0x0 [ 491.031512][ T60] shield 0003:0955:7214.000D: unknown main item tag 0x0 [ 491.035791][ T60] input: HID 0955:7214 Haptics as /devices/virtual/input/input63 [ 491.052470][ T60] shield 0003:0955:7214.000D: Registered Thunderstrike controller [ 491.059022][ T60] shield 0003:0955:7214.000D: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 491.225189][T13027] random: crng reseeded on system resumption [ 491.330340][T13027] wireguard1: entered promiscuous mode [ 491.332141][T13027] wireguard1: entered allmulticast mode [ 491.356346][ T34] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 491.356558][ T29] usb 6-1: USB disconnect, device number 16 [ 491.360908][ T34] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 491.366331][ T34] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 491.369730][ T34] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 491.949567][T13044] FAULT_INJECTION: forcing a failure. [ 491.949567][T13044] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 491.953760][T13044] CPU: 3 UID: 0 PID: 13044 Comm: syz.1.1445 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 491.953776][T13044] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 491.953782][T13044] Call Trace: [ 491.953787][T13044] [ 491.953791][T13044] dump_stack_lvl+0x16c/0x1f0 [ 491.953809][T13044] should_fail_ex+0x512/0x640 [ 491.953828][T13044] _copy_to_user+0x32/0xd0 [ 491.953846][T13044] simple_read_from_buffer+0xcb/0x170 [ 491.953866][T13044] proc_fail_nth_read+0x197/0x240 [ 491.953879][T13044] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 491.953892][T13044] ? rw_verify_area+0xcf/0x6c0 [ 491.953903][T13044] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 491.953915][T13044] vfs_read+0x1e4/0xcf0 [ 491.953929][T13044] ? __pfx_vfs_read+0x10/0x10 [ 491.953940][T13044] ? find_held_lock+0x2b/0x80 [ 491.953955][T13044] ? __fget_files+0x20e/0x3c0 [ 491.953972][T13044] ksys_read+0x12a/0x250 [ 491.953984][T13044] ? __pfx_ksys_read+0x10/0x10 [ 491.953997][T13044] ? rcu_is_watching+0x12/0xc0 [ 491.954010][T13044] __do_fast_syscall_32+0x7c/0x3a0 [ 491.954027][T13044] do_fast_syscall_32+0x32/0x80 [ 491.954041][T13044] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 491.954055][T13044] RIP: 0023:0xf7fc1579 [ 491.954064][T13044] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 491.954074][T13044] RSP: 002b:00000000f54e6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 491.954085][T13044] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54e6620 [ 491.954091][T13044] RDX: 000000000000000f RSI: 00000000f7454ff4 RDI: 0000000000000000 [ 491.954098][T13044] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 491.954104][T13044] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 491.954112][T13044] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 491.954127][T13044] [ 492.025953][T13045] netlink: 'syz.3.1444': attribute type 4 has an invalid length. [ 492.395089][ T29] usb 5-1: USB disconnect, device number 17 [ 492.399161][ T29] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 493.020612][T13073] syz.1.1454 uses obsolete (PF_INET,SOCK_PACKET) [ 493.032239][T13073] FAULT_INJECTION: forcing a failure. [ 493.032239][T13073] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 493.036611][T13073] CPU: 0 UID: 0 PID: 13073 Comm: syz.1.1454 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 493.036630][T13073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 493.036637][T13073] Call Trace: [ 493.036641][T13073] [ 493.036646][T13073] dump_stack_lvl+0x16c/0x1f0 [ 493.036663][T13073] should_fail_ex+0x512/0x640 [ 493.036681][T13073] _copy_from_iter+0x29f/0x16f0 [ 493.036701][T13073] ? __lock_acquire+0x62e/0x1ce0 [ 493.036718][T13073] ? __pfx__copy_from_iter+0x10/0x10 [ 493.036734][T13073] ? __lock_acquire+0xb97/0x1ce0 [ 493.036746][T13073] ? _parse_integer_limit+0x17f/0x1d0 [ 493.036765][T13073] tun_get_user+0x26d/0x3ce0 [ 493.036782][T13073] ? __pfx_tun_get_user+0x10/0x10 [ 493.036793][T13073] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 493.036813][T13073] ? find_held_lock+0x2b/0x80 [ 493.036824][T13073] ? tun_get+0x191/0x370 [ 493.036843][T13073] tun_chr_write_iter+0xdc/0x210 [ 493.036855][T13073] vfs_write+0x7d0/0x11d0 [ 493.036868][T13073] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 493.036880][T13073] ? __pfx_vfs_write+0x10/0x10 [ 493.036891][T13073] ? find_held_lock+0x2b/0x80 [ 493.036909][T13073] ksys_write+0x12a/0x250 [ 493.036922][T13073] ? __pfx_ksys_write+0x10/0x10 [ 493.036935][T13073] ? rcu_is_watching+0x12/0xc0 [ 493.036948][T13073] __do_fast_syscall_32+0x7c/0x3a0 [ 493.036964][T13073] do_fast_syscall_32+0x32/0x80 [ 493.036978][T13073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 493.036992][T13073] RIP: 0023:0xf7fc1579 [ 493.037004][T13073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 493.037015][T13073] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 493.037025][T13073] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 493.037032][T13073] RDX: 0000000000000072 RSI: 0000000000000000 RDI: 0000000000000000 [ 493.037038][T13073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 493.037044][T13073] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 493.037050][T13073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 493.037063][T13073] [ 493.337959][T13082] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1456'. [ 494.624842][T13100] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1459'. [ 495.373971][T13112] FAULT_INJECTION: forcing a failure. [ 495.373971][T13112] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 495.380227][T13112] CPU: 1 UID: 0 PID: 13112 Comm: syz.1.1463 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 495.380243][T13112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 495.380250][T13112] Call Trace: [ 495.380254][T13112] [ 495.380259][T13112] dump_stack_lvl+0x16c/0x1f0 [ 495.380288][T13112] should_fail_ex+0x512/0x640 [ 495.380306][T13112] _copy_from_user+0x2e/0xd0 [ 495.380324][T13112] kstrtouint_from_user+0xd6/0x1d0 [ 495.380338][T13112] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 495.380351][T13112] ? __lock_acquire+0xb97/0x1ce0 [ 495.380372][T13112] proc_fail_nth_write+0x83/0x220 [ 495.380385][T13112] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 495.380401][T13112] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 495.380412][T13112] vfs_write+0x29d/0x11d0 [ 495.380433][T13112] ? __pfx_vfs_write+0x10/0x10 [ 495.380444][T13112] ? find_held_lock+0x2b/0x80 [ 495.380459][T13112] ? __fget_files+0x20e/0x3c0 [ 495.380475][T13112] ksys_write+0x12a/0x250 [ 495.380487][T13112] ? __pfx_ksys_write+0x10/0x10 [ 495.380501][T13112] ? rcu_is_watching+0x12/0xc0 [ 495.380514][T13112] __do_fast_syscall_32+0x7c/0x3a0 [ 495.380531][T13112] do_fast_syscall_32+0x32/0x80 [ 495.380545][T13112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 495.380560][T13112] RIP: 0023:0xf7fc1579 [ 495.380568][T13112] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 495.380579][T13112] RSP: 002b:00000000f54e6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 495.380590][T13112] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000f54e6620 [ 495.380597][T13112] RDX: 0000000000000001 RSI: 00000000f7454ff4 RDI: 0000000000000000 [ 495.380603][T13112] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 495.380610][T13112] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 495.380616][T13112] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 495.380629][T13112] [ 495.472286][T13114] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1464'. [ 495.829199][T13119] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1465'. [ 496.985578][T13132] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1468'. [ 497.099107][T13136] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1469'. [ 497.319195][T13141] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1470'. [ 498.259691][T13150] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1472'. [ 498.313789][T13156] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 498.316605][T13156] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 498.320476][T13156] vhci_hcd vhci_hcd.0: Device attached [ 498.341418][T13157] vhci_hcd: connection closed [ 498.342747][ T13] vhci_hcd: stop threads [ 498.345873][ T13] vhci_hcd: release socket [ 498.347269][ T13] vhci_hcd: disconnect device [ 498.602742][T13162] netlink: 'syz.1.1475': attribute type 4 has an invalid length. [ 499.241399][T13175] FAULT_INJECTION: forcing a failure. [ 499.241399][T13175] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 499.259743][T13175] CPU: 0 UID: 0 PID: 13175 Comm: syz.2.1480 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 499.259773][T13175] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 499.259779][T13175] Call Trace: [ 499.259784][T13175] [ 499.259788][T13175] dump_stack_lvl+0x16c/0x1f0 [ 499.259807][T13175] should_fail_ex+0x512/0x640 [ 499.259825][T13175] _copy_from_user+0x2e/0xd0 [ 499.259843][T13175] kstrtouint_from_user+0xd6/0x1d0 [ 499.259857][T13175] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 499.259869][T13175] ? __lock_acquire+0xb97/0x1ce0 [ 499.259891][T13175] proc_fail_nth_write+0x83/0x220 [ 499.259904][T13175] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 499.259919][T13175] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 499.259930][T13175] vfs_write+0x29d/0x11d0 [ 499.259946][T13175] ? __pfx_vfs_write+0x10/0x10 [ 499.259957][T13175] ? find_held_lock+0x2b/0x80 [ 499.259972][T13175] ? __fget_files+0x20e/0x3c0 [ 499.259988][T13175] ksys_write+0x12a/0x250 [ 499.260000][T13175] ? __pfx_ksys_write+0x10/0x10 [ 499.260013][T13175] ? rcu_is_watching+0x12/0xc0 [ 499.260027][T13175] __do_fast_syscall_32+0x7c/0x3a0 [ 499.260042][T13175] do_fast_syscall_32+0x32/0x80 [ 499.260056][T13175] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 499.260071][T13175] RIP: 0023:0xf7f91579 [ 499.260080][T13175] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 499.260090][T13175] RSP: 002b:00000000f54b6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 499.260102][T13175] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f54b6620 [ 499.260109][T13175] RDX: 0000000000000001 RSI: 00000000f7424ff4 RDI: 0000000000000000 [ 499.260115][T13175] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 499.260121][T13175] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 499.260127][T13175] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 499.260141][T13175] [ 499.326487][ C0] vkms_vblank_simulate: vblank timer overrun [ 500.725162][T12205] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 500.875223][T12205] usb 8-1: Using ep0 maxpacket: 8 [ 500.880027][T12205] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 500.898285][T12205] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 500.901328][T12205] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 500.910218][T12205] usb 8-1: config 0 descriptor?? [ 500.945099][ T6036] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 500.986765][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.105074][ T6036] usb 7-1: Using ep0 maxpacket: 8 [ 501.108443][ T6036] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 501.112473][ T6036] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 501.115842][ T6036] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.125051][ T6036] usb 7-1: config 0 descriptor?? [ 501.131562][T12205] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 501.333689][ T6036] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1 [ 501.366579][T13209] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 501.368753][T13209] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 501.371544][T13209] vhci_hcd vhci_hcd.0: Device attached [ 501.381843][T13214] vhci_hcd: connection closed [ 501.382652][ T87] vhci_hcd: stop threads [ 501.387445][ T87] vhci_hcd: release socket [ 501.388993][ T87] vhci_hcd: disconnect device [ 501.500895][T13218] netlink: 'syz.1.1490': attribute type 4 has an invalid length. [ 501.631553][ T24] usb 8-1: USB disconnect, device number 11 [ 501.736364][ T53] usb 7-1: USB disconnect, device number 16 [ 502.237907][T13227] netlink: 'syz.0.1491': attribute type 4 has an invalid length. [ 502.340420][T13228] erspan0: left allmulticast mode [ 502.342530][T13228] erspan0: left promiscuous mode [ 502.344711][T13228] bridge0: port 3(erspan0) entered disabled state [ 502.371444][T13228] bridge_slave_0: left allmulticast mode [ 502.372950][T13229] netlink: 'syz.1.1493': attribute type 1 has an invalid length. [ 502.373274][T13228] bridge_slave_0: left promiscuous mode [ 502.373414][T13228] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.376771][T13229] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1493'. [ 502.393080][T13228] bridge_slave_1: left allmulticast mode [ 502.396450][T13228] bridge_slave_1: left promiscuous mode [ 502.400571][T13228] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.709709][T13228] bond0: (slave bond_slave_0): Releasing backup interface [ 502.723277][T13228] bond0: (slave bond_slave_1): Releasing backup interface [ 502.740534][T13228] team0: Port device team_slave_0 removed [ 502.753613][T13228] team0: Port device team_slave_1 removed [ 502.758314][T13228] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 502.760853][T13228] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 502.766663][T13228] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 502.769159][T13228] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 502.788214][T13228] bond0: (slave wlan1): Releasing backup interface [ 502.945239][ T24] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 503.016466][T13234] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 503.095447][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 503.098456][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 503.101853][ T24] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 503.178012][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.185330][ T24] usb 7-1: config 0 descriptor?? [ 503.313480][T13243] netlink: 'syz.3.1498': attribute type 4 has an invalid length. [ 503.318008][T13243] netlink: 'syz.3.1498': attribute type 4 has an invalid length. [ 503.613153][ T24] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 503.622373][ T24] usb 7-1: USB disconnect, device number 17 [ 504.515644][T13261] netlink: 'syz.2.1501': attribute type 4 has an invalid length. [ 505.125947][T13268] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1503'. [ 506.199085][T13292] netlink: 'syz.2.1508': attribute type 4 has an invalid length. [ 506.202790][T13292] netlink: 'syz.2.1508': attribute type 4 has an invalid length. [ 507.083257][ T29] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 507.155088][ T6036] usb 6-1: new full-speed USB device number 17 using dummy_hcd [ 507.200220][T13311] netlink: 'syz.3.1514': attribute type 4 has an invalid length. [ 507.245177][ T29] usb 7-1: Using ep0 maxpacket: 8 [ 507.249832][ T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 507.253270][ T29] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 507.256184][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.264339][ T29] usb 7-1: config 0 descriptor?? [ 507.306870][ T6036] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 507.315205][ T6036] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 507.319306][ T6036] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 507.322210][ T6036] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.472424][ T29] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 507.533082][ T6036] usb 6-1: usb_control_msg returned -32 [ 507.534861][ T6036] usbtmc 6-1:16.0: can't read capabilities [ 507.875946][T12233] usb 7-1: USB disconnect, device number 18 [ 507.895422][T13314] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1515'. [ 509.079047][T13340] netlink: 'syz.3.1519': attribute type 4 has an invalid length. [ 509.082538][T13340] netlink: 'syz.3.1519': attribute type 4 has an invalid length. [ 509.931149][ T6035] usb 6-1: USB disconnect, device number 17 [ 509.969157][T13361] netlink: 'syz.3.1523': attribute type 4 has an invalid length. [ 510.172326][T13362] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1526'. [ 511.415244][ T34] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 511.565612][T13382] netlink: 'syz.2.1531': attribute type 4 has an invalid length. [ 511.591444][T13382] netlink: 'syz.2.1531': attribute type 4 has an invalid length. [ 511.605135][ T34] usb 5-1: Using ep0 maxpacket: 8 [ 511.608299][ T34] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 511.611127][ T34] usb 5-1: config 0 has no interface number 0 [ 511.613384][ T34] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 511.617020][ T34] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 511.620603][ T34] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 511.624056][ T34] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 511.628363][ T34] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 511.631176][ T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.639584][ T34] usb 5-1: config 0 descriptor?? [ 511.647860][ T34] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 511.851653][T13377] netlink: 'syz.0.1530': attribute type 7 has an invalid length. [ 511.854058][T13377] netlink: 'syz.0.1530': attribute type 8 has an invalid length. [ 512.085567][T13387] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1532'. [ 512.727195][ T53] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 512.875661][ T53] usb 8-1: Using ep0 maxpacket: 8 [ 512.906158][ T53] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 512.921300][ T53] usb 8-1: config 0 has no interface number 0 [ 512.958362][ T53] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 512.963219][ T53] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 512.975935][ T53] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 512.980412][ T53] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 512.995226][ T53] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 512.998140][ T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 513.003435][ T53] usb 8-1: config 0 descriptor?? [ 513.022549][ T53] ldusb 8-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 513.234702][T13403] netlink: 'syz.3.1537': attribute type 7 has an invalid length. [ 513.237112][T13403] netlink: 'syz.3.1537': attribute type 8 has an invalid length. [ 513.445554][T12205] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 513.615829][T12205] usb 6-1: Using ep0 maxpacket: 8 [ 513.631122][T12205] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 513.634825][T12205] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 513.648237][T12205] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 513.652418][T12205] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 513.662600][T12205] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 513.667005][T12205] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 513.673196][T12205] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 513.681405][T12205] usb 6-1: config 168 interface 0 has no altsetting 0 [ 513.686903][T12205] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 513.691322][T12205] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 513.695433][T12205] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 513.698804][T12205] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 513.702585][T12205] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 513.709342][T12205] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 513.712627][T12205] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 513.716963][T12205] usb 6-1: config 168 interface 0 has no altsetting 0 [ 513.721074][T12205] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 513.723459][T12205] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 513.727254][T12205] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 513.731027][T12205] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 513.734954][T12205] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 513.739367][T12205] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 513.743513][T12205] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 513.747809][T12205] usb 6-1: config 168 interface 0 has no altsetting 0 [ 513.755579][T12205] usb 6-1: string descriptor 0 read error: -22 [ 513.790199][T12205] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 513.793506][T12205] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.811462][T12205] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux2 [ 513.825973][T13418] FAULT_INJECTION: forcing a failure. [ 513.825973][T13418] name failslab, interval 1, probability 0, space 0, times 0 [ 513.832036][T13418] CPU: 3 UID: 0 PID: 13418 Comm: syz.2.1540 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 513.832062][T13418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 513.832080][T13418] Call Trace: [ 513.832084][T13418] [ 513.832089][T13418] dump_stack_lvl+0x16c/0x1f0 [ 513.832106][T13418] should_fail_ex+0x512/0x640 [ 513.832124][T13418] should_failslab+0xc2/0x120 [ 513.832150][T13418] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 513.832165][T13418] ? dst_alloc+0x99/0x1a0 [ 513.832180][T13418] dst_alloc+0x99/0x1a0 [ 513.832193][T13418] rt_dst_alloc+0x35/0x3a0 [ 513.832209][T13418] ip_route_output_key_hash_rcu+0x880/0x28c0 [ 513.832225][T13418] ip_route_output_key_hash+0x137/0x2e0 [ 513.832236][T13418] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 513.832252][T13418] ? find_held_lock+0x2b/0x80 [ 513.832269][T13418] ip_route_output_flow+0x27/0x150 [ 513.832281][T13418] raw_sendmsg+0xd5b/0x37e0 [ 513.832297][T13418] ? __pfx_raw_sendmsg+0x10/0x10 [ 513.832308][T13418] ? __lock_acquire+0x62e/0x1ce0 [ 513.832342][T13418] ? __pfx_raw_sendmsg+0x10/0x10 [ 513.832354][T13418] inet_sendmsg+0x119/0x140 [ 513.832365][T13418] ____sys_sendmsg+0x973/0xc70 [ 513.832380][T13418] ? gfs2_dir_read+0xe4/0x1510 [ 513.832392][T13418] ? __pfx_____sys_sendmsg+0x10/0x10 [ 513.832409][T13418] ? get_compat_msghdr+0x11a/0x170 [ 513.832424][T13418] ? __pfx__kstrtoull+0x10/0x10 [ 513.832440][T13418] ___sys_sendmsg+0x134/0x1d0 [ 513.832454][T13418] ? __pfx____sys_sendmsg+0x10/0x10 [ 513.832485][T13418] __sys_sendmmsg+0x2f9/0x420 [ 513.832501][T13418] ? __pfx___sys_sendmmsg+0x10/0x10 [ 513.832519][T13418] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 513.832539][T13418] ? fput+0x9b/0xd0 [ 513.832555][T13418] ? ksys_write+0x1ac/0x250 [ 513.832568][T13418] ? __pfx_ksys_write+0x10/0x10 [ 513.832583][T13418] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 513.832597][T13418] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 513.832611][T13418] __do_fast_syscall_32+0x7c/0x3a0 [ 513.832626][T13418] do_fast_syscall_32+0x32/0x80 [ 513.832640][T13418] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 513.832654][T13418] RIP: 0023:0xf7f91579 [ 513.832663][T13418] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 513.832674][T13418] RSP: 002b:00000000f549555c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 513.832684][T13418] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080005240 [ 513.832691][T13418] RDX: 0000000000000300 RSI: 000000000401eb94 RDI: 0000000000000000 [ 513.832698][T13418] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 513.832704][T13418] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 513.832710][T13418] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 513.832723][T13418] [ 514.233225][ T53] usb 5-1: USB disconnect, device number 18 [ 514.445860][ T53] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 515.485257][T11130] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 515.552592][ T6035] usb 8-1: USB disconnect, device number 12 [ 515.560454][ T6035] ldusb 8-1:0.55: LD USB Device #1 now disconnected [ 515.655110][T11130] usb 5-1: Using ep0 maxpacket: 8 [ 515.658940][T11130] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 515.662337][T11130] usb 5-1: config 0 has no interface number 0 [ 515.664931][T11130] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 515.669488][T11130] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 515.674182][T11130] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 515.682140][T11130] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 515.688160][T11130] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 515.691850][T11130] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.699181][T11130] usb 5-1: config 0 descriptor?? [ 515.718198][T11130] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 515.820285][ T5332] Bluetooth: hci3: unexpected event for opcode 0x202d [ 515.916395][T13428] netlink: 'syz.0.1543': attribute type 7 has an invalid length. [ 515.918942][T13428] netlink: 'syz.0.1543': attribute type 8 has an invalid length. [ 516.065360][ T6035] usb 6-1: USB disconnect, device number 18 [ 516.076305][T13443] autofs: Bad value for 'fd' [ 516.234130][T13449] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1546'. [ 516.973111][T13454] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1549'. [ 518.510256][ T6035] usb 5-1: USB disconnect, device number 19 [ 518.528202][ T6035] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 520.085162][ T53] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 520.245262][ T53] usb 7-1: Using ep0 maxpacket: 16 [ 520.249106][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 520.263822][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 520.270355][ T53] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 520.277017][ T53] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 520.284666][ T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.292366][ T53] usb 7-1: config 0 descriptor?? [ 520.734906][ T53] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 520.737830][ T53] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 520.740553][ T53] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 520.742787][ T53] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 520.745422][ T53] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 520.757035][ T53] input: HID 0955:7214 Haptics as /devices/virtual/input/input64 [ 520.860284][ T53] shield 0003:0955:7214.000E: Registered Thunderstrike controller [ 520.886798][ T53] shield 0003:0955:7214.000E: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 521.149154][T13512] random: crng reseeded on system resumption [ 521.454803][T13500] wireguard1: entered promiscuous mode [ 521.459598][T13500] wireguard1: entered allmulticast mode [ 521.478677][ T6035] usb 7-1: USB disconnect, device number 19 [ 521.478811][ T6438] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 521.484648][ T6438] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 521.490266][ T6438] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 521.490603][ T6035] ------------[ cut here ]------------ [ 521.496067][ T6035] workqueue: work disable count underflowed [ 521.498519][ T6035] WARNING: CPU: 1 PID: 6035 at kernel/workqueue.c:4326 enable_work+0x2f8/0x340 [ 521.501675][ T6035] Modules linked in: [ 521.503302][ T6035] CPU: 1 UID: 0 PID: 6035 Comm: kworker/1:3 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 521.508525][ T6035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 521.511802][ T6035] Workqueue: usb_hub_wq hub_event [ 521.513367][ T6035] RIP: 0010:enable_work+0x2f8/0x340 [ 521.515013][ T6035] Code: 89 ee e8 5b 30 38 00 45 84 ed 0f 85 29 fe ff ff e8 6d 35 38 00 c6 05 24 e2 10 0f 01 90 48 c7 c7 e0 00 ac 8b e8 c9 26 f7 ff 90 <0f> 0b 90 90 e9 06 fe ff ff 48 89 ef e8 a7 95 9d 00 e9 aa fe ff ff [ 521.520887][ T6035] RSP: 0018:ffffc90002eaf3c0 EFLAGS: 00010086 [ 521.523006][ T6035] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a02c8 [ 521.525690][ T6035] RDX: ffff88801c754880 RSI: ffffffff817a02d5 RDI: 0000000000000001 [ 521.528384][ T6035] RBP: ffff8880508bb738 R08: 0000000000000001 R09: 0000000000000000 [ 521.530754][ T6035] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff920005d5e79 [ 521.533142][ T6035] R13: 0000000000000000 R14: ffff8880508bb698 R15: ffff8880508bb730 [ 521.535544][ T6035] FS: 0000000000000000(0000) GS:ffff8880975c6000(0000) knlGS:0000000000000000 [ 521.538259][ T6035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 521.540296][ T6035] CR2: 0000000031ff3ffc CR3: 0000000050673000 CR4: 0000000000352ef0 [ 521.542693][ T6035] Call Trace: [ 521.543737][ T6035] [ 521.544685][ T6035] ? __pfx_enable_work+0x10/0x10 [ 521.546297][ T6035] ? __thermal_zone_cdev_unbind+0x6c/0x6c0 [ 521.548154][ T6035] __cancel_work_sync+0xe7/0x130 [ 521.549669][ T6035] thermal_zone_device_unregister+0x28e/0x4d0 [ 521.551537][ T6035] ? __pfx_shield_remove+0x10/0x10 [ 521.553110][ T6035] power_supply_unregister+0x10a/0x150 [ 521.554791][ T6035] shield_remove+0x75/0x130 [ 521.556212][ T6035] ? __pfx_shield_remove+0x10/0x10 [ 521.557785][ T6035] hid_device_remove+0xd1/0x260 [ 521.559303][ T6035] ? __pfx_hid_device_remove+0x10/0x10 [ 521.560989][ T6035] device_remove+0xc8/0x170 [ 521.562404][ T6035] device_release_driver_internal+0x44b/0x620 [ 521.564408][ T6035] bus_remove_device+0x22f/0x420 [ 521.565938][ T6035] device_del+0x396/0x9f0 [ 521.567511][ T6035] ? __pfx_device_del+0x10/0x10 [ 521.569024][ T6035] ? do_raw_spin_lock+0x12c/0x2b0 [ 521.570576][ T6035] hid_destroy_device+0x19c/0x240 [ 521.572134][ T6035] usbhid_disconnect+0xa0/0xe0 [ 521.573623][ T6035] usb_unbind_interface+0x1da/0x9e0 [ 521.575260][ T6035] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 521.576991][ T6035] ? __pfx_usb_unbind_interface+0x10/0x10 [ 521.578806][ T6035] device_remove+0x125/0x170 [ 521.580253][ T6035] device_release_driver_internal+0x44b/0x620 [ 521.582114][ T6035] bus_remove_device+0x22f/0x420 [ 521.583650][ T6035] device_del+0x396/0x9f0 [ 521.584993][ T6035] ? __pfx_device_del+0x10/0x10 [ 521.586513][ T6035] ? kobject_put+0x210/0x5a0 [ 521.588013][ T6035] usb_disable_device+0x355/0x7d0 [ 521.589585][ T6035] usb_disconnect+0x2e1/0x9c0 [ 521.591048][ T6035] hub_event+0x1c81/0x4fe0 [ 521.592446][ T6035] ? __lock_acquire+0xb97/0x1ce0 [ 521.593965][ T6035] ? __pfx_hub_event+0x10/0x10 [ 521.595474][ T6035] ? ioread8_rep+0x10/0x100 [ 521.596894][ T6035] ? rcu_is_watching+0x12/0xc0 [ 521.598401][ T6035] process_one_work+0x9cc/0x1b70 [ 521.599941][ T6035] ? __pfx_process_one_work+0x10/0x10 [ 521.601705][ T6035] ? assign_work+0x1a0/0x250 [ 521.603150][ T6035] worker_thread+0x6c8/0xf10 [ 521.604603][ T6035] ? __kthread_parkme+0x19e/0x250 [ 521.606298][ T6035] ? __pfx_worker_thread+0x10/0x10 [ 521.608141][ T6035] kthread+0x3c5/0x780 [ 521.609491][ T6035] ? __pfx_kthread+0x10/0x10 [ 521.610936][ T6035] ? rcu_is_watching+0x12/0xc0 [ 521.612415][ T6035] ? __pfx_kthread+0x10/0x10 [ 521.613851][ T6035] ret_from_fork+0x5d4/0x6f0 [ 521.615311][ T6035] ? __pfx_kthread+0x10/0x10 [ 521.616753][ T6035] ret_from_fork_asm+0x1a/0x30 [ 521.618277][ T6035] [ 521.619256][ T6035] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 521.621516][ T6035] CPU: 1 UID: 0 PID: 6035 Comm: kworker/1:3 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 521.624701][ T6035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 521.628070][ T6035] Workqueue: usb_hub_wq hub_event [ 521.629676][ T6035] Call Trace: [ 521.630740][ T6035] [ 521.631694][ T6035] dump_stack_lvl+0x3d/0x1f0 [ 521.633205][ T6035] vpanic+0x6e8/0x7a0 [ 521.634520][ T6035] ? __pfx_vpanic+0x10/0x10 [ 521.635968][ T6035] ? enable_work+0x2f8/0x340 [ 521.637452][ T6035] panic+0xca/0xd0 [ 521.638656][ T6035] ? __pfx_panic+0x10/0x10 [ 521.640104][ T6035] ? check_panic_on_warn+0x1f/0xb0 [ 521.641717][ T6035] check_panic_on_warn+0xab/0xb0 [ 521.643286][ T6035] __warn+0xf6/0x3c0 [ 521.644549][ T6035] ? __pfx_vprintk_emit+0x10/0x10 [ 521.646133][ T6035] ? enable_work+0x2f8/0x340 [ 521.647633][ T6035] report_bug+0x3c3/0x580 [ 521.649028][ T6035] ? enable_work+0x2f8/0x340 [ 521.650435][ T6035] handle_bug+0x184/0x210 [ 521.651817][ T6035] exc_invalid_op+0x17/0x50 [ 521.653252][ T6035] asm_exc_invalid_op+0x1a/0x20 [ 521.654797][ T6035] RIP: 0010:enable_work+0x2f8/0x340 [ 521.656424][ T6035] Code: 89 ee e8 5b 30 38 00 45 84 ed 0f 85 29 fe ff ff e8 6d 35 38 00 c6 05 24 e2 10 0f 01 90 48 c7 c7 e0 00 ac 8b e8 c9 26 f7 ff 90 <0f> 0b 90 90 e9 06 fe ff ff 48 89 ef e8 a7 95 9d 00 e9 aa fe ff ff [ 521.662744][ T6035] RSP: 0018:ffffc90002eaf3c0 EFLAGS: 00010086 [ 521.664764][ T6035] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a02c8 [ 521.667406][ T6035] RDX: ffff88801c754880 RSI: ffffffff817a02d5 RDI: 0000000000000001 [ 521.669921][ T6035] RBP: ffff8880508bb738 R08: 0000000000000001 R09: 0000000000000000 [ 521.672414][ T6035] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff920005d5e79 [ 521.674888][ T6035] R13: 0000000000000000 R14: ffff8880508bb698 R15: ffff8880508bb730 [ 521.677387][ T6035] ? __warn_printk+0x198/0x350 [ 521.678940][ T6035] ? __warn_printk+0x1a5/0x350 [ 521.680483][ T6035] ? __pfx_enable_work+0x10/0x10 [ 521.682042][ T6035] ? __thermal_zone_cdev_unbind+0x6c/0x6c0 [ 521.683879][ T6035] __cancel_work_sync+0xe7/0x130 [ 521.685454][ T6035] thermal_zone_device_unregister+0x28e/0x4d0 [ 521.687409][ T6035] ? __pfx_shield_remove+0x10/0x10 [ 521.689032][ T6035] power_supply_unregister+0x10a/0x150 [ 521.690827][ T6035] shield_remove+0x75/0x130 [ 521.692278][ T6035] ? __pfx_shield_remove+0x10/0x10 [ 521.693889][ T6035] hid_device_remove+0xd1/0x260 [ 521.695470][ T6035] ? __pfx_hid_device_remove+0x10/0x10 [ 521.697158][ T6035] device_remove+0xc8/0x170 [ 521.698617][ T6035] device_release_driver_internal+0x44b/0x620 [ 521.700543][ T6035] bus_remove_device+0x22f/0x420 [ 521.702105][ T6035] device_del+0x396/0x9f0 [ 521.703483][ T6035] ? __pfx_device_del+0x10/0x10 [ 521.705027][ T6035] ? do_raw_spin_lock+0x12c/0x2b0 [ 521.706625][ T6035] hid_destroy_device+0x19c/0x240 [ 521.708282][ T6035] usbhid_disconnect+0xa0/0xe0 [ 521.709796][ T6035] usb_unbind_interface+0x1da/0x9e0 [ 521.711400][ T6035] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 521.713145][ T6035] ? __pfx_usb_unbind_interface+0x10/0x10 [ 521.714937][ T6035] device_remove+0x125/0x170 [ 521.716389][ T6035] device_release_driver_internal+0x44b/0x620 [ 521.718258][ T6035] bus_remove_device+0x22f/0x420 [ 521.719820][ T6035] device_del+0x396/0x9f0 [ 521.721198][ T6035] ? __pfx_device_del+0x10/0x10 [ 521.722730][ T6035] ? kobject_put+0x210/0x5a0 [ 521.724201][ T6035] usb_disable_device+0x355/0x7d0 [ 521.725801][ T6035] usb_disconnect+0x2e1/0x9c0 [ 521.727352][ T6035] hub_event+0x1c81/0x4fe0 [ 521.728769][ T6035] ? __lock_acquire+0xb97/0x1ce0 [ 521.730331][ T6035] ? __pfx_hub_event+0x10/0x10 [ 521.731847][ T6035] ? ioread8_rep+0x10/0x100 [ 521.733288][ T6035] ? rcu_is_watching+0x12/0xc0 [ 521.734807][ T6035] process_one_work+0x9cc/0x1b70 [ 521.736391][ T6035] ? __pfx_process_one_work+0x10/0x10 [ 521.738092][ T6035] ? assign_work+0x1a0/0x250 [ 521.739565][ T6035] worker_thread+0x6c8/0xf10 [ 521.741044][ T6035] ? __kthread_parkme+0x19e/0x250 [ 521.742621][ T6035] ? __pfx_worker_thread+0x10/0x10 [ 521.744245][ T6035] kthread+0x3c5/0x780 [ 521.745535][ T6035] ? __pfx_kthread+0x10/0x10 [ 521.747007][ T6035] ? rcu_is_watching+0x12/0xc0 [ 521.748536][ T6035] ? __pfx_kthread+0x10/0x10 [ 521.749990][ T6035] ret_from_fork+0x5d4/0x6f0 [ 521.751468][ T6035] ? __pfx_kthread+0x10/0x10 [ 521.752933][ T6035] ret_from_fork_asm+0x1a/0x30 [ 521.754465][ T6035] [ 521.756119][ T6035] Kernel Offset: disabled [ 521.757483][ T6035] Rebooting in 86400 seconds.. VM DIAGNOSIS: 05:37:03 Registers: info registers vcpu 0 CPU#0 RAX=0000000001ae4ae7 RBX=0000000000000000 RCX=ffffffff8b903bf9 RDX=0000000000000000 RSI=ffffffff8de4b996 RDI=ffffffff8c162880 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08 R8 =0000000000000001 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90ab6b90 R15=0000000000000000 RIP=ffffffff8b90275f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880974c6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000008000e000 CR3=0000000068925000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000006b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85613555 RDI=ffffffff9b0f6600 RBP=ffffffff9b0f65c0 RSP=ffffc90002eaed30 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=000000000000006b R14=ffffffff9b0f65c0 R15=ffffffff856134f0 RIP=ffffffff8561357f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880975c6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000031ff3ffc CR3=0000000050673000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88802b341d40 RCX=ffffffff81af13b1 RDX=ffff88801dafc880 RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900001e7880 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=1ffffffff1cb97e9 R12=dffffc0000000000 R13=ffffed10056683a9 R14=0000000000000001 R15=0000000000000001 RIP=ffffffff81bb0982 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976c6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000031df1ffc CR3=000000006d24f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000006c70 RBX=ffff888026810bb8 RCX=0000000000000000 RDX=0000000000000001 RSI=ffff88802b43a458 RDI=ffff888026810bb8 RBP=ffff88802b43a458 RSP=ffffc90002fcf960 R8 =0000000000000000 R9 =ffffed1004d02000 R10=ffff888026810007 R11=0000000000000003 R12=ffff888026810000 R13=ffff888026810af0 R14=0000000000000005 R15=0000000000000046 RIP=ffffffff8196eab8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977c6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080006000 CR3=000000006d24f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000