last executing test programs: 3.214118137s ago: executing program 3 (id=5673): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x1a8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000001b000012000000004b28c962170b7020000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000086dd6361696630000000000000000000000076657468315f746f5f7465616d00000073797a6b616c6c65723100000000000076657468315f746f5f7465616d000000aaaaaaaaaabb0000000000000180c20000000000000000000000e8000000e80000001801000069703600000100000000000009000000000300000000000000000000000000005000000000000000fe80000000000000000000000000000000000000000000000000ffffac1e00707154f51b8b0980f73a0f35ca6a4100000000000000000000004000000000000000000080000000000000010000000000063e004904004a194dc2f70d04a500000000000000000000000800000000000400"/424]}, 0x220) 3.213637548s ago: executing program 3 (id=5674): ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x8000, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @remote, 0x7}, 0x1c) sendto$inet6(r4, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c) setsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000040)=0x3, 0x4) setsockopt$inet6_udp_int(r4, 0x11, 0x1, &(0x7f0000000080), 0x4) syz_emit_ethernet(0x56, &(0x7f0000000ac0)={@local, @empty, @void, {@ipv6={0x86dd, @tipc_packet={0x0, 0x6, "5817b1", 0x20, 0x6, 0x0, @remote, @rand_addr=' \x01\x00', {[], @payload_direct={{{{0x20, 0x0, 0x0, 0x0, 0x0, 0x8}}}}}}}}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @aes256, 0x0, @desc2}) add_key$fscrypt_v1(0x0, &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "615a091a55a8c9a640115d99d981b3886420589c6685d4982a83b71b906769e737201ac6b7a7804454156569cbf3a5be811debc957b5831b89b59d703e748c7c", 0x25}, 0x48, 0xffffffffffffffff) 2.362905489s ago: executing program 3 (id=5680): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x35, 0x0, 0x1, 0xfffefffe}, {0x4, 0x0, 0x0, 0x3b03}, {0x6, 0x1}]}) syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) 1.840655928s ago: executing program 2 (id=5686): timer_create(0x0, 0x0, &(0x7f0000000040)) r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, 0x1c) sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) 1.771735837s ago: executing program 2 (id=5688): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x0, 0x2, 0x204}, 0x48) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mlock(&(0x7f00001c3000/0x2000)=nil, 0x2000) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000380)={0x60, 0x0, &(0x7f00005b9000/0x3000)=nil, &(0x7f00008b3000/0x4000)=nil, 0x0, 0x0}) sched_setscheduler(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) io_submit(0x0, 0x0, 0x0) unshare(0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) 1.719576089s ago: executing program 0 (id=5691): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ptrace$peeksig(0x4209, r0, &(0x7f00000003c0)={0x1, 0x0, 0x3}, &(0x7f0000019840)=[{}, {}, {}]) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000500)=ANY=[@ANYBLOB="88000000", @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="6b00330080000000ffffffffffff080211"], 0x88}}, 0x0) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000019640)={0x90, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x71, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1}, {}, @broadcast}, 0x0, @default, 0x0, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @val={0x5, 0x3, {0xb7, 0xfa, 0x4}}, @void, @val={0x2a, 0x1, {0x1, 0x1, 0x1}}, @val={0x3c, 0x4}, @val={0x2d, 0x1a}, @void, @val={0x71, 0x7}, @val={0x76, 0x6, {0xa, 0x0, 0x12}}}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x800004) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r6, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0xfffffd6e}, {&(0x7f0000019740)=""/242}], 0x2, 0x0, 0x0) mmap(&(0x7f0000941000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r6) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000001c0)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00'}) sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f00000199c0)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x20004080}, 0x90) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) r7 = open(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) fcntl$notify(r7, 0x402, 0x15) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) 1.480225467s ago: executing program 3 (id=5693): setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x1a8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000001b000012000000004b28c962170b7020000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000086dd6361696630000000000000000000000076657468315f746f5f7465616d00000073797a6b616c6c65723100000000000076657468315f746f5f7465616d000000aaaaaaaaaabb0000000000000180c20000000000000000000000e8000000e80000001801000069703600000100000000000009000000000300000000000000000000000000005000000000000000fe80000000000000000000000000000000000000000000000000ffffac1e00707154f51b8b0980f73a0f35ca6a4100000000000000000000004000000000000000000080000000000000010000000000063e004904004a194dc2f70d04a500000000000000000000000800000000000400"/424]}, 0x220) 1.47997573s ago: executing program 3 (id=5694): r0 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3}, &(0x7f0000000040)=0x0, &(0x7f00000001c0)=0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3) bpf$PROG_LOAD(0x5, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r7 = socket(0x40000000015, 0x805, 0x0) getsockopt(r7, 0x114, 0x271c, 0x0, &(0x7f00000000c0)) ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r6, 0x3ba0, &(0x7f0000000240)={0x48, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x20000000}) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) r10 = socket$tipc(0x1e, 0x5, 0x0) ioctl$SIOCGETLINKNAME(r10, 0x89e0, &(0x7f00000006c0)) r11 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_DECODER_CMD(r11, 0xc0485660, &(0x7f0000000040)={0x2, 0x0, @raw_data=[0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000]}) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000480)={{}, &(0x7f0000000400), &(0x7f0000000440)='%pi6 \x00'}, 0x20) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r4, 0x0, &(0x7f0000000100)='4', 0x1}) io_uring_enter(r0, 0x7f5f, 0x0, 0x0, 0x0, 0x0) shutdown(r3, 0x1) r12 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r7) sendmsg$TIPC_NL_MEDIA_SET(r7, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="e4020000", @ANYRES16=r12, @ANYBLOB="000127bd7000fbdbdf250c000000380005800c000280080004000400000014000280080003004bf30000080001001300000008000100756470000c0002800800030093d00000bc00048014000780080004000800000008000300ffffffff0c000780080003000e0000001300010062726f6164636173742d6c696e6b000054000780080001000a0000000800020000000080080001000b000000080001000f000000080001001900000008000200fcffffff08000100040000000800010011000000080004000100000008000400ff0300000900010073797a31000000000900010073797a3000d118000900010073797a31000000000900010073797a300000000034000980080002000700000008000200800000000800010005000000080001000500000008000200040000000800020000800000a00005802400028008000300feffffff0800040000000000080002000700000008000400300e00001c00028008000400000000000800030009000000080001001e000000070001006962000008000100756470004400028008000200d00c0000080004004000000008000300090000000800040087c60000080001001c0000000800020003000000080001000f0000000800020001800000080001007564700008010280040004001c000380080002000900000008000200ff0f000008000100040900004c0003800800010002000000080002005000000008000100000800000800020006000000080002000500000008000200b700000008000100da69000008000200d108000008000100080000003c000380080002000c0000000800010009000000080001000400000008000100a69728b40800020000000000080002000800000008000200030000000c00038008000200800040000400040008000100070000000800010009000000340003800800010001000000080001000000000008000200000100000800020005000000080001000100000008000100080000000800020001000080"], 0x2e4}, 0x1, 0x0, 0x0, 0x20004001}, 0x8) 742.418395ms ago: executing program 0 (id=5696): socket(0x10, 0x3, 0x0) socket$rds(0x15, 0x5, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) r0 = eventfd(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000008857ee8600000095"], 0x0}, 0x90) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000100)={0x0, 0x0, 0x0, r0}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000000c0)=0x1, 0x4) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 708.666982ms ago: executing program 2 (id=5697): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0)) syz_open_procfs$namespace(0x0, &(0x7f0000000000)) connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) 665.34637ms ago: executing program 2 (id=5698): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000340), 0xffffff46) dup3(r2, r1, 0x0) sendmsg$netlink(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=ANY=[], 0x10}], 0x1}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r3, &(0x7f0000000340), 0xffffff46) rt_sigreturn() write$binfmt_misc(r3, &(0x7f0000000080)={'syz0'}, 0x4) close(r1) socket$inet_udp(0x2, 0x2, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000001300)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @local}, 0x80, 0x0}, 0x0) 521.775997ms ago: executing program 3 (id=5699): syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3}, &(0x7f0000000040), &(0x7f00000001c0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3) bpf$PROG_LOAD(0x5, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x10, 0xffffffffffffffff, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket(0x40000000015, 0x805, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r1, 0x3ba0, &(0x7f0000000240)={0x48, 0x4, 0xffffffffffffffff, 0x0, 0x20000, 0x0, 0x20000000}) 521.368087ms ago: executing program 0 (id=5700): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@bridge_newvlan={0x24, 0x70, 0x0, 0x0, 0x0, {}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8}}]}, 0x24}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8b1a, &(0x7f0000000000)={'virt_wifi0\x00', @random="0200002000"}) 521.224757ms ago: executing program 0 (id=5701): r0 = mq_open(&(0x7f0000000000)='t^ss\x00\x00\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x0, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$RNDADDENTROPY(r0, 0x5450, 0x0) 521.075246ms ago: executing program 2 (id=5702): setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x1a8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000001b000012000000004b28c962170b7020000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000086dd6361696630000000000000000000000076657468315f746f5f7465616d00000073797a6b616c6c65723100000000000076657468315f746f5f7465616d000000aaaaaaaaaabb0000000000000180c20000000000000000000000e8000000e80000001801000069703600000100000000000009000000000300000000000000000000000000005000000000000000fe80000000000000000000000000000000000000000000000000ffffac1e00707154f51b8b0980f73a0f35ca6a4100000000000000000000004000000000000000000080000000000000010000000000063e004904004a194dc2f70d04a500000000000000000000000800000000000400"/424]}, 0x220) 458.128272ms ago: executing program 1 (id=5703): r0 = syz_init_net_socket$llc(0x1a, 0x802, 0x0) bind$llc(r0, &(0x7f0000000000), 0x10) close(r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000007c0)=@newtaction={0xa8, 0x30, 0x10, 0x0, 0x0, {}, [{0x94, 0x1, [@m_mirred={0x90, 0x13, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x8001, 0x0, 0x1, 0x0, 0xb43}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3bb527c4, 0x6, 0x0, 0x8}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa8}}, 0x0) unshare(0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) 457.822767ms ago: executing program 2 (id=5704): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ptrace$peeksig(0x4209, r0, &(0x7f00000003c0)={0x1, 0x0, 0x3}, &(0x7f0000019840)=[{}, {}, {}]) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000500)=ANY=[@ANYBLOB="88000000", @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="6b00330080000000ffffffffffff080211"], 0x88}}, 0x0) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000019640)={0x90, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x71, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1}, {}, @broadcast}, 0x0, @default, 0x0, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @val={0x5, 0x3, {0xb7, 0xfa, 0x4}}, @void, @val={0x2a, 0x1, {0x1, 0x1, 0x1}}, @val={0x3c, 0x4}, @val={0x2d, 0x1a}, @void, @val={0x71, 0x7}, @val={0x76, 0x6, {0xa, 0x0, 0x12}}}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x800004) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r6, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0xfffffd6e}, {&(0x7f0000019740)=""/242}], 0x2, 0x0, 0x0) mmap(&(0x7f0000941000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r6) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000001c0)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00'}) sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f00000199c0)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x20004080}, 0x90) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) r7 = open(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) fcntl$notify(r7, 0x402, 0x15) 457.533157ms ago: executing program 1 (id=5705): r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) getpeername(r0, 0x0, 0x0) 457.441148ms ago: executing program 0 (id=5706): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0)) syz_open_procfs$namespace(0x0, &(0x7f0000000000)) connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) 411.084268ms ago: executing program 0 (id=5707): r0 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3}, &(0x7f0000000040)=0x0, &(0x7f00000001c0)=0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3) bpf$PROG_LOAD(0x5, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r7 = socket(0x40000000015, 0x805, 0x0) getsockopt(r7, 0x114, 0x271c, 0x0, &(0x7f00000000c0)) ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r6, 0x3ba0, &(0x7f0000000240)={0x48, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x20000000}) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) r10 = socket$tipc(0x1e, 0x5, 0x0) ioctl$SIOCGETLINKNAME(r10, 0x89e0, &(0x7f00000006c0)) r11 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_DECODER_CMD(r11, 0xc0485660, &(0x7f0000000040)={0x2, 0x0, @raw_data=[0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000]}) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000480)={{}, &(0x7f0000000400), &(0x7f0000000440)='%pi6 \x00'}, 0x20) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r4, 0x0, &(0x7f0000000100)='4', 0x1}) io_uring_enter(r0, 0x7f5f, 0x0, 0x0, 0x0, 0x0) shutdown(r3, 0x1) r12 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r7) sendmsg$TIPC_NL_MEDIA_SET(r7, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="e4020000", @ANYRES16=r12, @ANYBLOB="000127bd7000fbdbdf250c000000380005800c000280080004000400000014000280080003004bf30000080001001300000008000100756470000c0002800800030093d00000bc00048014000780080004000800000008000300ffffffff0c000780080003000e0000001300010062726f6164636173742d6c696e6b000054000780080001000a0000000800020000000080080001000b000000080001000f000000080001001900000008000200fcffffff08000100040000000800010011000000080004000100000008000400ff0300000900010073797a31000000000900010073797a3000d118000900010073797a31000000000900010073797a300000000034000980080002000700000008000200800000000800010005000000080001000500000008000200040000000800020000800000a00005802400028008000300feffffff0800040000000000080002000700000008000400300e00001c00028008000400000000000800030009000000080001001e000000070001006962000008000100756470004400028008000200d00c0000080004004000000008000300090000000800040087c60000080001001c0000000800020003000000080001000f0000000800020001800000080001007564700008010280040004001c000380080002000900000008000200ff0f000008000100040900004c0003800800010002000000080002005000000008000100000800000800020006000000080002000500000008000200b700000008000100da69000008000200d108000008000100080000003c000380080002000c0000000800010009000000080001000400000008000100a69728b40800020000000000080002000800000008000200030000000c00038008000200800040000400040008000100070000000800010009000000340003800800010001000000080001000000000008000200000100000800020005000000080001000100000008000100080000000800020001000080"], 0x2e4}, 0x1, 0x0, 0x0, 0x20004001}, 0x8) 410.880351ms ago: executing program 1 (id=5708): syz_emit_ethernet(0x56, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "3000bb", 0x20, 0x2b, 0x0, @private2, @local, {[@hopopts={0x87}], {0x0, 0x500, 0x18, 0x0, @wg=@data}}}}}}, 0x0) 341.53284ms ago: executing program 1 (id=5709): socket(0x10, 0x3, 0x0) socket$rds(0x15, 0x5, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) r0 = eventfd(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000008857ee8600000095"], 0x0}, 0x90) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000100)={0x0, 0x0, 0x0, r0}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000000c0)=0x1, 0x4) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 71.070569ms ago: executing program 1 (id=5710): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@bridge_newvlan={0x24, 0x70, 0x0, 0x0, 0x0, {}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8}}]}, 0x24}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8b1a, &(0x7f0000000000)={'virt_wifi0\x00', @random="0200002000"}) 0s ago: executing program 1 (id=5711): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000a80), 0x0, 0x0) ioctl$mixer_OSS_ALSAEMULVER(r0, 0x80044df9, 0x0) kernel console output (not intermixed with test programs): ] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 908.397164][T19480] usb 5-1: USB disconnect, device number 83 [ 908.431213][T15111] usb 7-1: USB disconnect, device number 103 [ 908.459912][T20627] netlink: 212424 bytes leftover after parsing attributes in process `syz.3.4761'. [ 908.465658][T20625] tmpfs: Unknown parameter '00000000000000000004' [ 908.967640][T20630] kvm: requested 39390 ns i8254 timer period limited to 200000 ns [ 908.980320][T20630] kvm: requested 95542 ns i8254 timer period limited to 200000 ns [ 908.987798][T20630] kvm: requested 82971 ns i8254 timer period limited to 200000 ns [ 908.993037][T20630] kvm: requested 96381 ns i8254 timer period limited to 200000 ns [ 908.997801][T20630] kvm: requested 90514 ns i8254 timer period limited to 200000 ns [ 909.001650][T20630] kvm: requested 39390 ns i8254 timer period limited to 200000 ns [ 909.006206][T20630] kvm: requested 84647 ns i8254 timer period limited to 200000 ns [ 909.010590][T20630] kvm: requested 39390 ns i8254 timer period limited to 200000 ns [ 909.015542][T20630] kvm: requested 85485 ns i8254 timer period limited to 200000 ns [ 909.019823][T20630] kvm: requested 84647 ns i8254 timer period limited to 200000 ns [ 909.422664][T20640] overlayfs: missing 'workdir' [ 909.586269][ T1092] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 909.904987][ T57] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 910.085381][ T57] usb 5-1: Using ep0 maxpacket: 8 [ 910.089457][ T57] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 910.093641][ T57] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 910.097580][ T57] usb 5-1: config 1 has no interface number 1 [ 910.101120][ T57] usb 5-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 910.108226][ T57] usb 5-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 910.113845][ T57] usb 5-1: config 1 interface 2 has no altsetting 0 [ 910.120267][ T57] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 910.123639][ T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 910.126924][ T57] usb 5-1: Product: syz [ 910.128686][ T57] usb 5-1: Manufacturer: syz [ 910.130832][ T57] usb 5-1: SerialNumber: syz [ 910.145610][T20667] tmpfs: Unknown parameter '00000000000000000004' [ 912.504850][T20646] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 912.509723][T20675] netlink: 212424 bytes leftover after parsing attributes in process `syz.1.4776'. [ 912.541334][T20678] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4777'. [ 912.541870][ T57] usb 5-1: USB disconnect, device number 84 [ 912.785627][T20697] tmpfs: Unknown parameter '00000000000000000004' [ 912.832460][T20699] netlink: 'syz.2.4785': attribute type 5 has an invalid length. [ 913.073262][T20705] netlink: 212424 bytes leftover after parsing attributes in process `syz.0.4786'. [ 913.592403][T20716] tmpfs: Unknown parameter '00000000000000000004' [ 914.171335][T20727] 9pnet: p9_errstr2errno: server reported unknown error œæçæŒÎsÿÿÿÿ [ 914.211455][T20732] FAULT_INJECTION: forcing a failure. [ 914.211455][T20732] name failslab, interval 1, probability 0, space 0, times 0 [ 914.220035][T20732] CPU: 1 PID: 20732 Comm: syz.3.4796 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 914.224477][T20732] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 914.228871][T20732] Call Trace: [ 914.230420][T20732] [ 914.231887][T20732] dump_stack_lvl+0x16c/0x1f0 [ 914.234137][T20732] should_fail_ex+0x497/0x5b0 [ 914.236407][T20732] should_failslab+0x9/0x20 [ 914.238831][T20732] __kmalloc_noprof+0xcf/0x410 [ 914.241095][T20732] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 914.244705][T20732] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 914.247274][T20732] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 914.250261][T20732] ? security_capable+0x98/0xd0 [ 914.252671][T20732] genl_rcv_msg+0x565/0x800 [ 914.254859][T20732] ? __pfx_genl_rcv_msg+0x10/0x10 [ 914.257330][T20732] ? __pfx___lock_acquire+0x10/0x10 [ 914.259908][T20732] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 914.262675][T20732] ? __pfx_nl802154_set_tx_power+0x10/0x10 [ 914.265542][T20732] ? __pfx_nl802154_post_doit+0x10/0x10 [ 914.268178][T20732] ? __pfx___lock_acquire+0x10/0x10 [ 914.270783][T20732] netlink_rcv_skb+0x16b/0x440 [ 914.273145][T20732] ? __pfx_genl_rcv_msg+0x10/0x10 [ 914.275619][T20732] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 914.278204][T20732] ? down_read+0xc9/0x330 [ 914.280320][T20732] ? __pfx_down_read+0x10/0x10 [ 914.282527][T20732] ? netlink_deliver_tap+0x1ae/0xd90 [ 914.285137][T20732] genl_rcv+0x28/0x40 [ 914.287097][T20732] netlink_unicast+0x542/0x820 [ 914.289313][T20732] ? __pfx_netlink_unicast+0x10/0x10 [ 914.291720][T20732] netlink_sendmsg+0x8b8/0xd70 [ 914.293995][T20732] ? __pfx_netlink_sendmsg+0x10/0x10 [ 914.296411][T20732] ? __import_iovec+0x1fd/0x6e0 [ 914.298812][T20732] ____sys_sendmsg+0xab5/0xc90 [ 914.301094][T20732] ? copy_msghdr_from_user+0x10b/0x160 [ 914.303686][T20732] ? __pfx_____sys_sendmsg+0x10/0x10 [ 914.306220][T20732] ? find_held_lock+0x2d/0x110 [ 914.308477][T20732] ? __pfx___lock_acquire+0x10/0x10 [ 914.311016][T20732] ___sys_sendmsg+0x135/0x1e0 [ 914.313220][T20732] ? __pfx____sys_sendmsg+0x10/0x10 [ 914.315677][T20732] ? ksys_write+0x21c/0x260 [ 914.317811][T20732] ? __fget_light+0x173/0x210 [ 914.320024][T20732] __sys_sendmsg+0x117/0x1f0 [ 914.322214][T20732] ? __pfx___sys_sendmsg+0x10/0x10 [ 914.324715][T20732] do_syscall_64+0xcd/0x250 [ 914.326961][T20732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 914.329767][T20732] RIP: 0033:0x7f1b5a975bd9 [ 914.331901][T20732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 914.341465][T20732] RSP: 002b:00007f1b5b7e6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 914.345434][T20732] RAX: ffffffffffffffda RBX: 00007f1b5ab03f60 RCX: 00007f1b5a975bd9 [ 914.349232][T20732] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 914.353028][T20732] RBP: 00007f1b5b7e60a0 R08: 0000000000000000 R09: 0000000000000000 [ 914.356771][T20732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 914.360515][T20732] R13: 000000000000000b R14: 00007f1b5ab03f60 R15: 00007ffe43a21a98 [ 914.364466][T20732] [ 914.713933][T20751] tmpfs: Unknown parameter '00000000000000000004' [ 914.846676][T20756] netlink: 212424 bytes leftover after parsing attributes in process `syz.0.4803'. [ 916.588320][T20787] tmpfs: Unknown parameter '00000000000000000004' [ 916.611985][T20788] tmpfs: Unknown parameter '00000000000000000004' [ 917.606706][ T1095] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 917.925136][T19802] usb 7-1: new high-speed USB device number 104 using dummy_hcd [ 918.105055][T19802] usb 7-1: Using ep0 maxpacket: 8 [ 918.109503][T19802] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 918.113948][T19802] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 918.117860][T19802] usb 7-1: config 1 has no interface number 1 [ 918.120400][T19802] usb 7-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 918.125053][T19802] usb 7-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 918.130564][T19802] usb 7-1: config 1 interface 2 has no altsetting 0 [ 918.136465][T19802] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 918.140100][T19802] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 918.143414][T19802] usb 7-1: Product: syz [ 918.145352][T19802] usb 7-1: Manufacturer: syz [ 918.147448][T19802] usb 7-1: SerialNumber: syz [ 918.466747][T20821] overlayfs: failed to resolve './file0': -2 [ 919.326317][T20824] tmpfs: Unknown parameter '00000000000000000004' [ 920.525593][T20805] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 920.586641][T19802] usb 7-1: USB disconnect, device number 104 [ 921.496770][T20854] overlayfs: failed to resolve './file0': -2 [ 921.691450][T20865] FAULT_INJECTION: forcing a failure. [ 921.691450][T20865] name failslab, interval 1, probability 0, space 0, times 0 [ 921.699845][T20865] CPU: 3 PID: 20865 Comm: syz.0.4838 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 921.704391][T20865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 921.708362][T20865] Call Trace: [ 921.709596][T20865] [ 921.710715][T20865] dump_stack_lvl+0x16c/0x1f0 [ 921.712716][T20865] should_fail_ex+0x497/0x5b0 [ 921.715075][T20865] should_failslab+0x9/0x20 [ 921.717232][T20865] __kmalloc_noprof+0xcf/0x410 [ 921.719499][T20865] ? mark_held_locks+0x9f/0xe0 [ 921.721695][T20865] sock_kmalloc+0x111/0x170 [ 921.723634][T20865] alg_setsockopt+0x401/0xee0 [ 921.725618][T20865] ? __pfx_alg_setsockopt+0x10/0x10 [ 921.728083][T20865] ? selinux_socket_setsockopt+0x6a/0x80 [ 921.730721][T20865] ? __pfx_alg_setsockopt+0x10/0x10 [ 921.733124][T20865] do_sock_setsockopt+0x222/0x480 [ 921.735361][T20865] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 921.737809][T20865] ? __fget_light+0x173/0x210 [ 921.739965][T20865] __sys_setsockopt+0x1a4/0x270 [ 921.742304][T20865] ? __pfx___sys_setsockopt+0x10/0x10 [ 921.744749][T20865] ? fput+0x32/0x390 [ 921.746582][T20865] ? ksys_write+0x1ab/0x260 [ 921.748731][T20865] ? __pfx_ksys_write+0x10/0x10 [ 921.751034][T20865] __x64_sys_setsockopt+0xbd/0x160 [ 921.753505][T20865] ? do_syscall_64+0x91/0x250 [ 921.755660][T20865] ? lockdep_hardirqs_on+0x7c/0x110 [ 921.758084][T20865] do_syscall_64+0xcd/0x250 [ 921.760183][T20865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 921.762992][T20865] RIP: 0033:0x7fc0f7175bd9 [ 921.765003][T20865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 921.773315][T20865] RSP: 002b:00007fc0f7fd2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 921.776542][T20865] RAX: ffffffffffffffda RBX: 00007fc0f7303f60 RCX: 00007fc0f7175bd9 [ 921.779723][T20865] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003 [ 921.783273][T20865] RBP: 00007fc0f7fd20a0 R08: 000000000000001f R09: 0000000000000000 [ 921.786839][T20865] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001 [ 921.790510][T20865] R13: 000000000000000b R14: 00007fc0f7303f60 R15: 00007ffe1165e6e8 [ 921.794499][T20865] [ 921.826123][T20867] FAULT_INJECTION: forcing a failure. [ 921.826123][T20867] name failslab, interval 1, probability 0, space 0, times 0 [ 921.831261][T20867] CPU: 0 PID: 20867 Comm: syz.1.4839 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 921.835164][T20867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 921.839293][T20867] Call Trace: [ 921.840535][T20867] [ 921.841824][T20867] dump_stack_lvl+0x16c/0x1f0 [ 921.843857][T20867] should_fail_ex+0x497/0x5b0 [ 921.845838][T20867] should_failslab+0x9/0x20 [ 921.847826][T20867] kmem_cache_alloc_lru_noprof+0x72/0x2f0 [ 921.850046][T20867] ? __d_alloc+0x31/0xaa0 [ 921.851605][T20867] __d_alloc+0x31/0xaa0 [ 921.853028][T20867] d_alloc_pseudo+0x1c/0xc0 [ 921.854845][T20867] alloc_file_pseudo_noaccount+0xdc/0x210 [ 921.857010][T20867] ? __pfx_alloc_file_pseudo_noaccount+0x10/0x10 [ 921.859461][T20867] bdev_file_open_by_dev+0x13e/0x210 [ 921.861562][T20867] disk_scan_partitions+0x1ed/0x320 [ 921.863546][T20867] blkdev_common_ioctl+0x6a7/0x2120 [ 921.865375][T20867] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 921.867328][T20867] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 921.869064][T20867] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x470 [ 921.871527][T20867] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x470 [ 921.873767][T20867] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 921.876305][T20867] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 921.878371][T20867] blkdev_ioctl+0x1d3/0x6e0 [ 921.879955][T20867] ? __pfx_blkdev_ioctl+0x10/0x10 [ 921.881972][T20867] ? selinux_file_ioctl+0xb4/0x270 [ 921.883817][T20867] ? __pfx_blkdev_ioctl+0x10/0x10 [ 921.885667][T20867] __x64_sys_ioctl+0x193/0x220 [ 921.887345][T20867] do_syscall_64+0xcd/0x250 [ 921.888904][T20867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 921.891022][T20867] RIP: 0033:0x7f2397175bd9 [ 921.892636][T20867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 921.900104][T20867] RSP: 002b:00007f2397f48048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 921.903389][T20867] RAX: ffffffffffffffda RBX: 00007f2397303f60 RCX: 00007f2397175bd9 [ 921.906554][T20867] RDX: 0000000000000000 RSI: 000000000000125f RDI: 0000000000000004 [ 921.909897][T20867] RBP: 00007f2397f480a0 R08: 0000000000000000 R09: 0000000000000000 [ 921.912852][T20867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 921.916161][T20867] R13: 000000000000000b R14: 00007f2397303f60 R15: 00007ffddce20008 [ 921.919113][T20867] [ 922.507959][ T76] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 922.828023][ T25] usb 7-1: new high-speed USB device number 105 using dummy_hcd [ 923.004972][ T25] usb 7-1: Using ep0 maxpacket: 8 [ 923.008519][ T25] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 923.012524][ T25] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 923.015975][ T25] usb 7-1: config 1 has no interface number 1 [ 923.018255][ T25] usb 7-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 923.022522][ T25] usb 7-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 923.027697][ T25] usb 7-1: config 1 interface 2 has no altsetting 0 [ 923.032379][ T25] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 923.035880][ T25] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 923.039042][ T25] usb 7-1: Product: syz [ 923.040856][ T25] usb 7-1: Manufacturer: syz [ 923.042973][ T25] usb 7-1: SerialNumber: syz [ 923.097556][T20912] overlayfs: failed to resolve './file1': -2 [ 924.005920][T20919] random: crng reseeded on system resumption [ 924.006786][ T39] audit: type=1400 audit(2000006303.438:896): avc: denied { ioctl } for pid=20918 comm="syz.1.4855" path="/dev/snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 925.431243][T20890] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 925.481532][ T25] usb 7-1: USB disconnect, device number 105 [ 925.511344][T20934] FAULT_INJECTION: forcing a failure. [ 925.511344][T20934] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 925.516200][T20934] CPU: 0 PID: 20934 Comm: syz.2.4861 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 925.519839][T20934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 925.523744][T20934] Call Trace: [ 925.524944][T20934] [ 925.525977][T20934] dump_stack_lvl+0x16c/0x1f0 [ 925.527631][T20934] should_fail_ex+0x497/0x5b0 [ 925.529262][T20934] _copy_to_user+0x30/0xc0 [ 925.530868][T20934] simple_read_from_buffer+0xd0/0x160 [ 925.532884][T20934] proc_fail_nth_read+0x1b0/0x290 [ 925.534698][T20934] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 925.536662][T20934] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 925.538940][T20934] vfs_read+0x1d4/0xbd0 [ 925.540829][T20934] ? __fdget_pos+0xeb/0x180 [ 925.542930][T20934] ? __pfx_vfs_read+0x10/0x10 [ 925.545037][T20934] ? __pfx___mutex_lock+0x10/0x10 [ 925.547292][T20934] ? __fget_files+0x256/0x400 [ 925.549383][T20934] ksys_read+0x12f/0x260 [ 925.551280][T20934] ? __pfx_ksys_read+0x10/0x10 [ 925.553436][T20934] do_syscall_64+0xcd/0x250 [ 925.555479][T20934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 925.558171][T20934] RIP: 0033:0x7fe15cd746bc [ 925.560176][T20934] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 925.568543][T20934] RSP: 002b:00007fe15db62040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 925.572197][T20934] RAX: ffffffffffffffda RBX: 00007fe15cf03f60 RCX: 00007fe15cd746bc [ 925.575668][T20934] RDX: 000000000000000f RSI: 00007fe15db620b0 RDI: 0000000000000004 [ 925.578972][T20934] RBP: 00007fe15db620a0 R08: 0000000000000000 R09: 0000000000000000 [ 925.582057][T20934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 925.585507][T20934] R13: 000000000000000b R14: 00007fe15cf03f60 R15: 00007ffdc88239a8 [ 925.588982][T20934] [ 925.942438][ T76] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 926.255036][ T56] usb 7-1: new high-speed USB device number 106 using dummy_hcd [ 926.285054][ T1780] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 926.438316][ T56] usb 7-1: Using ep0 maxpacket: 8 [ 926.442727][ T56] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 926.447093][ T56] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 926.451209][ T56] usb 7-1: config 1 has no interface number 1 [ 926.453956][ T56] usb 7-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 926.458866][ T56] usb 7-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 926.464498][ T56] usb 7-1: config 1 interface 2 has no altsetting 0 [ 926.466771][ T1780] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 926.470377][ T56] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 926.472384][ T1780] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 926.476246][ T56] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 926.480760][ T1780] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 926.484136][ T56] usb 7-1: Product: syz [ 926.488781][ T1780] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 926.490808][ T56] usb 7-1: Manufacturer: syz [ 926.495397][ T1780] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 926.497415][ T56] usb 7-1: SerialNumber: syz [ 926.500761][ T1780] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 926.508432][ T1780] usb 5-1: config 0 descriptor?? [ 926.511121][T20962] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 926.923959][ T1780] plantronics 0003:047F:FFFF.0034: unknown main item tag 0xd [ 926.927544][ T1780] plantronics 0003:047F:FFFF.0034: No inputs registered, leaving [ 926.933133][ T1780] plantronics 0003:047F:FFFF.0034: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 928.305112][ T1151] usb 5-1: reset high-speed USB device number 85 using dummy_hcd [ 928.853564][T20953] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 928.884421][ T56] usb 7-1: USB disconnect, device number 106 [ 928.900108][ T39] audit: type=1400 audit(2000006308.328:897): avc: denied { getopt } for pid=21002 comm="syz.2.4883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 928.950758][T21004] tmpfs: Unknown parameter '00000000000000000004' [ 929.883120][T15111] usb 5-1: USB disconnect, device number 85 [ 929.904529][T21029] netlink: 64 bytes leftover after parsing attributes in process `syz.3.4891'. [ 929.915473][T21029] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39 sclass=netlink_route_socket pid=21029 comm=syz.3.4891 [ 929.958033][T21035] syzkaller0: entered allmulticast mode [ 930.180366][T21048] netlink: 212424 bytes leftover after parsing attributes in process `syz.3.4896'. [ 931.308850][T21071] FAULT_INJECTION: forcing a failure. [ 931.308850][T21071] name failslab, interval 1, probability 0, space 0, times 0 [ 931.313772][T21071] CPU: 1 PID: 21071 Comm: syz.3.4901 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 931.317231][T21071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 931.321017][T21071] Call Trace: [ 931.322401][T21071] [ 931.323550][T21071] dump_stack_lvl+0x16c/0x1f0 [ 931.325197][T21071] should_fail_ex+0x497/0x5b0 [ 931.326891][T21071] should_failslab+0x9/0x20 [ 931.328429][T21071] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 931.330316][T21071] ? dst_alloc+0x99/0x1a0 [ 931.332174][T21071] dst_alloc+0x99/0x1a0 [ 931.333771][T21071] rt_dst_alloc+0x35/0x3a0 [ 931.335451][T21071] ip_route_output_key_hash_rcu+0x8a5/0x2770 [ 931.337760][T21071] ip_route_output_key_hash+0x138/0x2e0 [ 931.340119][T21071] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 931.342441][T21071] ? mark_lock+0xb5/0xc60 [ 931.344016][T21071] ? __pfx_mark_lock+0x10/0x10 [ 931.345638][T21071] tcp_v4_connect+0x7df/0x1b80 [ 931.347239][T21071] ? __pfx_tcp_v4_connect+0x10/0x10 [ 931.349205][T21071] ? mptcp_connect+0x5aa/0xd20 [ 931.351290][T21071] ? __local_bh_enable_ip+0xa4/0x120 [ 931.353592][T21071] mptcp_connect+0x661/0xd20 [ 931.355640][T21071] __inet_stream_connect+0x3c7/0x1020 [ 931.358080][T21071] ? find_held_lock+0x2d/0x110 [ 931.360024][T21071] ? __pfx___inet_stream_connect+0x10/0x10 [ 931.361993][T21071] ? __pfx_lock_release+0x10/0x10 [ 931.363795][T21071] ? __pfx_inet_stream_connect+0x10/0x10 [ 931.365715][T21071] ? mark_held_locks+0x9f/0xe0 [ 931.367382][T21071] ? inet_stream_connect+0x43/0xa0 [ 931.369112][T21071] ? __local_bh_enable_ip+0xa4/0x120 [ 931.370977][T21071] ? __pfx_inet_stream_connect+0x10/0x10 [ 931.372884][T21071] inet_stream_connect+0x57/0xa0 [ 931.374596][T21071] __sys_connect_file+0x15f/0x1a0 [ 931.376289][T21071] __sys_connect+0x149/0x170 [ 931.377865][T21071] ? __pfx___sys_connect+0x10/0x10 [ 931.379610][T21071] ? __pfx_ksys_write+0x10/0x10 [ 931.381266][T21071] __x64_sys_connect+0x72/0xb0 [ 931.382908][T21071] ? lockdep_hardirqs_on+0x7c/0x110 [ 931.384682][T21071] do_syscall_64+0xcd/0x250 [ 931.386685][T21071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.389318][T21071] RIP: 0033:0x7f1b5a975bd9 [ 931.391311][T21071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 931.399684][T21071] RSP: 002b:00007f1b5b7e6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 931.403351][T21071] RAX: ffffffffffffffda RBX: 00007f1b5ab03f60 RCX: 00007f1b5a975bd9 [ 931.406897][T21071] RDX: 0000000000000010 RSI: 0000000020000140 RDI: 0000000000000003 [ 931.410358][T21071] RBP: 00007f1b5b7e60a0 R08: 0000000000000000 R09: 0000000000000000 [ 931.413917][T21071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 931.417020][T21071] R13: 000000000000000b R14: 00007f1b5ab03f60 R15: 00007ffe43a21a98 [ 931.419838][T21071] [ 931.733877][T21080] syzkaller0: entered allmulticast mode [ 931.738694][T21080] FAULT_INJECTION: forcing a failure. [ 931.738694][T21080] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 931.744567][T21080] CPU: 0 PID: 21080 Comm: syz.3.4904 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 931.748312][T21080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 931.752434][T21080] Call Trace: [ 931.753616][T21080] [ 931.754897][T21080] dump_stack_lvl+0x16c/0x1f0 [ 931.756767][T21080] should_fail_ex+0x497/0x5b0 [ 931.758360][T21080] _copy_from_user+0x30/0xf0 [ 931.760294][T21080] get_user_ifreq+0xf1/0x250 [ 931.762071][T21080] sock_do_ioctl+0x16c/0x280 [ 931.763661][T21080] ? __pfx_sock_do_ioctl+0x10/0x10 [ 931.765779][T21080] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x470 [ 931.768082][T21080] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 931.770825][T21080] sock_ioctl+0x22e/0x6c0 [ 931.772669][T21080] ? __pfx_sock_ioctl+0x10/0x10 [ 931.774754][T21080] ? selinux_file_ioctl+0x180/0x270 [ 931.776858][T21080] ? selinux_file_ioctl+0xb4/0x270 [ 931.778908][T21080] ? __pfx_sock_ioctl+0x10/0x10 [ 931.780955][T21080] __x64_sys_ioctl+0x193/0x220 [ 931.783004][T21080] do_syscall_64+0xcd/0x250 [ 931.784765][T21080] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.787146][T21080] RIP: 0033:0x7f1b5a975bd9 [ 931.789040][T21080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 931.796569][T21080] RSP: 002b:00007f1b5b7e6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 931.800097][T21080] RAX: ffffffffffffffda RBX: 00007f1b5ab03f60 RCX: 00007f1b5a975bd9 [ 931.803328][T21080] RDX: 0000000020002280 RSI: 0000000000008922 RDI: 0000000000000006 [ 931.806666][T21080] RBP: 00007f1b5b7e60a0 R08: 0000000000000000 R09: 0000000000000000 [ 931.810013][T21080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 931.812816][T21080] R13: 000000000000000b R14: 00007f1b5ab03f60 R15: 00007ffe43a21a98 [ 931.816166][T21080] [ 931.890388][T21088] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4907'. [ 931.896905][T21088] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4907'. [ 931.951962][ T1355] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.042186][T21094] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4910'. [ 932.048717][T21094] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4910'. [ 932.175099][T19802] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 932.365128][T19802] usb 5-1: Using ep0 maxpacket: 8 [ 932.370323][T19802] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 932.375238][T19802] usb 5-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 932.381040][T19802] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 932.387682][T19802] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 932.395396][T19802] usbtmc 5-1:16.0: bulk endpoints not found [ 932.637316][T21099] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4911'. [ 934.903062][ T57] usb 5-1: USB disconnect, device number 86 [ 935.105109][ T25] usb 7-1: new high-speed USB device number 107 using dummy_hcd [ 935.311788][ T25] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 935.315961][ T25] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 935.320003][ T25] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 935.323783][ T25] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 935.328859][ T25] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 935.332790][ T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 935.339697][ T25] usb 7-1: config 0 descriptor?? [ 935.342929][T21146] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 935.523019][T21171] x_tables: duplicate underflow at hook 1 [ 935.527600][T21171] Bluetooth: MGMT ver 1.22 [ 935.638684][ T39] audit: type=1400 audit(2000006544.065:898): avc: denied { setattr } for pid=21176 comm="syz.3.4935" name="NETLINK" dev="sockfs" ino=108772 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 935.647738][T21177] netlink: 'syz.3.4935': attribute type 4 has an invalid length. [ 935.655301][ T39] audit: type=1400 audit(2000006544.085:899): avc: denied { module_load } for pid=21176 comm="syz.3.4935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 935.757149][ T25] plantronics 0003:047F:FFFF.0035: unknown main item tag 0xd [ 935.762351][ T25] plantronics 0003:047F:FFFF.0035: No inputs registered, leaving [ 935.772488][ T25] plantronics 0003:047F:FFFF.0035: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 937.225108][ T25] usb 7-1: reset high-speed USB device number 107 using dummy_hcd [ 937.472026][ T39] audit: type=1326 audit(2000006545.895:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21241 comm="syz.3.4957" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b5a975bd9 code=0x7ffc0000 [ 937.484024][ T39] audit: type=1326 audit(2000006545.895:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21241 comm="syz.3.4957" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b5a975bd9 code=0x7ffc0000 [ 937.508597][ T39] audit: type=1326 audit(2000006545.905:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21241 comm="syz.3.4957" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1b5a975bd9 code=0x7ffc0000 [ 937.518804][ T39] audit: type=1326 audit(2000006545.905:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21241 comm="syz.3.4957" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b5a975bd9 code=0x7ffc0000 [ 937.528648][ T39] audit: type=1326 audit(2000006545.905:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21241 comm="syz.3.4957" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b5a975bd9 code=0x7ffc0000 [ 937.538315][ T39] audit: type=1326 audit(2000006545.915:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21241 comm="syz.3.4957" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1b5a975bd9 code=0x7ffc0000 [ 937.547783][ T39] audit: type=1326 audit(2000006545.915:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21241 comm="syz.3.4957" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b5a975bd9 code=0x7ffc0000 [ 937.557342][ T39] audit: type=1326 audit(2000006545.925:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21241 comm="syz.3.4957" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1b5a96cc27 code=0x7ffc0000 [ 937.855586][T21253] FAULT_INJECTION: forcing a failure. [ 937.855586][T21253] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 937.860185][T21253] CPU: 0 PID: 21253 Comm: syz.1.4961 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 937.864368][T21253] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 937.867961][T21253] Call Trace: [ 937.869182][T21253] [ 937.870174][T21253] dump_stack_lvl+0x16c/0x1f0 [ 937.871812][T21253] should_fail_ex+0x497/0x5b0 [ 937.873384][T21253] _copy_from_iter+0x2a1/0x1140 [ 937.875018][T21253] ? __alloc_skb+0x1fe/0x380 [ 937.876797][T21253] ? __pfx__copy_from_iter+0x10/0x10 [ 937.878638][T21253] ? __virt_addr_valid+0x5e/0x590 [ 937.880348][T21253] ? __phys_addr_symbol+0x30/0x80 [ 937.882424][T21253] ? __check_object_size+0x48e/0x720 [ 937.884607][T21253] netlink_sendmsg+0x813/0xd70 [ 937.886817][T21253] ? __pfx_netlink_sendmsg+0x10/0x10 [ 937.888643][T21253] ? __import_iovec+0x1fd/0x6e0 [ 937.890331][T21253] ____sys_sendmsg+0xab5/0xc90 [ 937.891987][T21253] ? copy_msghdr_from_user+0x10b/0x160 [ 937.893846][T21253] ? __pfx_____sys_sendmsg+0x10/0x10 [ 937.895903][T21253] ? find_held_lock+0x2d/0x110 [ 937.897923][T21253] ? __pfx___lock_acquire+0x10/0x10 [ 937.900108][T21253] ___sys_sendmsg+0x135/0x1e0 [ 937.902113][T21253] ? __pfx____sys_sendmsg+0x10/0x10 [ 937.904344][T21253] ? ksys_write+0x21c/0x260 [ 937.906272][T21253] ? __fget_light+0x173/0x210 [ 937.908061][T21253] __sys_sendmsg+0x117/0x1f0 [ 937.909864][T21253] ? __pfx___sys_sendmsg+0x10/0x10 [ 937.912008][T21253] do_syscall_64+0xcd/0x250 [ 937.913888][T21253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.916331][T21253] RIP: 0033:0x7f2397175bd9 [ 937.918179][T21253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 937.924638][T21253] RSP: 002b:00007f2397f48048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 937.928321][T21253] RAX: ffffffffffffffda RBX: 00007f2397303f60 RCX: 00007f2397175bd9 [ 937.931087][T21253] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000004 [ 937.933735][T21253] RBP: 00007f2397f480a0 R08: 0000000000000000 R09: 0000000000000000 [ 937.936445][T21253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 937.939386][T21253] R13: 000000000000000b R14: 00007f2397303f60 R15: 00007ffddce20008 [ 937.942857][T21253] [ 937.983524][T21261] FAULT_INJECTION: forcing a failure. [ 937.983524][T21261] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 937.987941][T21261] CPU: 0 PID: 21261 Comm: syz.1.4965 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 937.992095][T21261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 937.995991][T21261] Call Trace: [ 937.997420][T21261] [ 937.998678][T21261] dump_stack_lvl+0x16c/0x1f0 [ 938.000261][T21261] should_fail_ex+0x497/0x5b0 [ 938.002060][T21261] _copy_from_iter+0x2a1/0x1140 [ 938.004148][T21261] ? __alloc_skb+0x1fe/0x380 [ 938.005831][T21261] ? __pfx__copy_from_iter+0x10/0x10 [ 938.007732][T21261] ? __virt_addr_valid+0x5e/0x590 [ 938.009854][T21261] ? __phys_addr_symbol+0x30/0x80 [ 938.011955][T21261] ? __check_object_size+0x48e/0x720 [ 938.013906][T21261] netlink_sendmsg+0x813/0xd70 [ 938.014333][T21263] tmpfs: Unknown parameter 'uid<00000000000000060929' [ 938.015550][T21261] ? __pfx_netlink_sendmsg+0x10/0x10 [ 938.015566][T21261] ? __import_iovec+0x1fd/0x6e0 [ 938.015579][T21261] ____sys_sendmsg+0xab5/0xc90 [ 938.015590][T21261] ? copy_msghdr_from_user+0x10b/0x160 [ 938.015603][T21261] ? __pfx_____sys_sendmsg+0x10/0x10 [ 938.015613][T21261] ? find_held_lock+0x2d/0x110 [ 938.015625][T21261] ? __pfx___lock_acquire+0x10/0x10 [ 938.015639][T21261] ___sys_sendmsg+0x135/0x1e0 [ 938.015652][T21261] ? __pfx____sys_sendmsg+0x10/0x10 [ 938.015666][T21261] ? ksys_write+0x21c/0x260 [ 938.015680][T21261] ? __fget_light+0x173/0x210 [ 938.015692][T21261] __sys_sendmsg+0x117/0x1f0 [ 938.015705][T21261] ? __pfx___sys_sendmsg+0x10/0x10 [ 938.039527][T21261] do_syscall_64+0xcd/0x250 [ 938.041062][T21261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.043052][T21261] RIP: 0033:0x7f2397175bd9 [ 938.044545][T21261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 938.050920][T21261] RSP: 002b:00007f2397f48048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 938.053720][T21261] RAX: ffffffffffffffda RBX: 00007f2397303f60 RCX: 00007f2397175bd9 [ 938.056349][T21261] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000005 [ 938.058930][T21261] RBP: 00007f2397f480a0 R08: 0000000000000000 R09: 0000000000000000 [ 938.061330][T21261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 938.063959][T21261] R13: 000000000000000b R14: 00007f2397303f60 R15: 00007ffddce20008 [ 938.066582][T21261] [ 938.615714][ T57] usb 7-1: USB disconnect, device number 107 [ 939.585317][T21293] FAULT_INJECTION: forcing a failure. [ 939.585317][T21293] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 939.591735][T21293] CPU: 3 PID: 21293 Comm: syz.0.4975 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 939.596007][T21293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 939.600564][T21293] Call Trace: [ 939.602005][T21293] [ 939.603294][T21293] dump_stack_lvl+0x16c/0x1f0 [ 939.605316][T21293] should_fail_ex+0x497/0x5b0 [ 939.607347][T21293] _copy_to_user+0x30/0xc0 [ 939.609303][T21293] kvm_arch_vcpu_ioctl+0xb7a/0x49d0 [ 939.611622][T21293] ? tomoyo_path_number_perm+0x467/0x590 [ 939.614089][T21293] ? kasan_save_stack+0x42/0x60 [ 939.616198][T21293] ? kasan_save_stack+0x33/0x60 [ 939.618293][T21293] ? kasan_save_free_info+0x3b/0x60 [ 939.620350][T21293] ? hlock_class+0x4e/0x130 [ 939.622299][T21293] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 939.624697][T21293] ? __pfx___lock_acquire+0x10/0x10 [ 939.627162][T21293] ? lock_acquire+0x1b1/0x560 [ 939.629274][T21293] ? rcu_is_watching+0x12/0xc0 [ 939.631424][T21293] ? trace_contention_end+0xea/0x140 [ 939.633793][T21293] ? __mutex_lock+0x1a6/0x9c0 [ 939.635826][T21293] ? kvm_vcpu_ioctl+0x1d3/0x1090 [ 939.638448][T21293] ? __pfx___mutex_lock+0x10/0x10 [ 939.640576][T21293] ? do_vfs_ioctl+0x515/0x1ad0 [ 939.642932][T21293] ? kvm_vcpu_ioctl+0xa2c/0x1090 [ 939.645036][T21293] kvm_vcpu_ioctl+0xa2c/0x1090 [ 939.647575][T21293] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 939.649960][T21293] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x470 [ 939.652998][T21293] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 939.656019][T21293] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 939.658662][T21293] ? selinux_file_ioctl+0x180/0x270 [ 939.660967][T21293] ? selinux_file_ioctl+0xb4/0x270 [ 939.663269][T21293] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 939.665611][T21293] __x64_sys_ioctl+0x193/0x220 [ 939.667788][T21293] do_syscall_64+0xcd/0x250 [ 939.669815][T21293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.672486][T21293] RIP: 0033:0x7fc0f7175bd9 [ 939.674503][T21293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 939.683070][T21293] RSP: 002b:00007fc0f7fd2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 939.686787][T21293] RAX: ffffffffffffffda RBX: 00007fc0f7303f60 RCX: 00007fc0f7175bd9 [ 939.690309][T21293] RDX: 0000000020000040 RSI: 00000000c048aeca RDI: 000000000000000c [ 939.693420][T21293] RBP: 00007fc0f7fd20a0 R08: 0000000000000000 R09: 0000000000000000 [ 939.696487][T21293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 939.699592][T21293] R13: 000000000000000b R14: 00007fc0f7303f60 R15: 00007ffe1165e6e8 [ 939.702878][T21293] [ 939.858658][T21304] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4979'. [ 939.863966][T21304] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.4979'. [ 939.869963][T21304] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4979'. [ 939.921130][T21307] netlink: 'syz.0.4980': attribute type 29 has an invalid length. [ 939.924533][T21307] netlink: 'syz.0.4980': attribute type 29 has an invalid length. [ 939.928537][T21307] netlink: 'syz.0.4980': attribute type 29 has an invalid length. [ 939.931707][T21307] FAULT_INJECTION: forcing a failure. [ 939.931707][T21307] name failslab, interval 1, probability 0, space 0, times 0 [ 939.937416][T21307] CPU: 1 PID: 21307 Comm: syz.0.4980 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 939.941655][T21307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 939.945978][T21307] Call Trace: [ 939.947406][T21307] [ 939.948675][T21307] dump_stack_lvl+0x16c/0x1f0 [ 939.950741][T21307] should_fail_ex+0x497/0x5b0 [ 939.952804][T21307] should_failslab+0x9/0x20 [ 939.954806][T21307] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 939.957298][T21307] ? skb_clone+0x190/0x3f0 [ 939.959282][T21307] skb_clone+0x190/0x3f0 [ 939.961163][T21307] netlink_deliver_tap+0xab3/0xd90 [ 939.963404][T21307] netlink_dump+0x6ff/0xe00 [ 939.965411][T21307] ? __pfx_netlink_dump+0x10/0x10 [ 939.967628][T21307] ? kfree_skbmem+0x10e/0x200 [ 939.969676][T21307] ? kfree_skbmem+0x10e/0x200 [ 939.971753][T21307] netlink_recvmsg+0xa0d/0xf30 [ 939.973846][T21307] ? __pfx_netlink_recvmsg+0x10/0x10 [ 939.976089][T21307] ? find_held_lock+0x2d/0x110 [ 939.978163][T21307] ? security_socket_recvmsg+0x98/0xd0 [ 939.980562][T21307] sock_recvmsg+0x1f6/0x250 [ 939.982524][T21307] ____sys_recvmsg+0x21f/0x6b0 [ 939.984377][T21307] ? __pfx_____sys_recvmsg+0x10/0x10 [ 939.986411][T21307] ? find_held_lock+0x2d/0x110 [ 939.988293][T21307] ___sys_recvmsg+0x115/0x1a0 [ 939.990132][T21307] ? __pfx____sys_recvmsg+0x10/0x10 [ 939.992175][T21307] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 939.994041][T21307] ? __fget_light+0x173/0x210 [ 939.995855][T21307] __sys_recvmsg+0x114/0x1e0 [ 939.997762][T21307] ? __pfx___sys_recvmsg+0x10/0x10 [ 939.999850][T21307] do_syscall_64+0xcd/0x250 [ 940.001652][T21307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.003738][T21307] RIP: 0033:0x7fc0f7175bd9 [ 940.005286][T21307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 940.011689][T21307] RSP: 002b:00007fc0f7fd2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 940.014463][T21307] RAX: ffffffffffffffda RBX: 00007fc0f7303f60 RCX: 00007fc0f7175bd9 [ 940.017212][T21307] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 940.019848][T21307] RBP: 00007fc0f7fd20a0 R08: 0000000000000000 R09: 0000000000000000 [ 940.022479][T21307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 940.025096][T21307] R13: 000000000000000b R14: 00007fc0f7303f60 R15: 00007ffe1165e6e8 [ 940.027769][T21307] [ 940.694718][ T39] kauditd_printk_skb: 39 callbacks suppressed [ 940.694730][ T39] audit: type=1400 audit(2000006549.115:947): avc: denied { unmount } for pid=19745 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 941.114834][T21327] overlayfs: missing 'lowerdir' [ 942.097259][T21345] netlink: 'syz.1.4990': attribute type 4 has an invalid length. [ 942.292697][T21352] FAULT_INJECTION: forcing a failure. [ 942.292697][T21352] name failslab, interval 1, probability 0, space 0, times 0 [ 942.298075][T21352] CPU: 0 PID: 21352 Comm: syz.1.4994 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 942.302402][T21352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 942.307608][T21352] Call Trace: [ 942.309079][T21352] [ 942.310504][T21352] dump_stack_lvl+0x16c/0x1f0 [ 942.312924][T21352] should_fail_ex+0x497/0x5b0 [ 942.315056][T21352] should_failslab+0x9/0x20 [ 942.317066][T21352] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 942.319416][T21352] ? __nf_conntrack_alloc+0xd1/0x5e0 [ 942.321653][T21352] __nf_conntrack_alloc+0xd1/0x5e0 [ 942.323744][T21352] init_conntrack.constprop.0+0xd3e/0x1080 [ 942.326258][T21352] ? __pfx_init_conntrack.constprop.0+0x10/0x10 [ 942.328834][T21352] ? __pfx_hash_conntrack_raw+0x10/0x10 [ 942.331202][T21352] ? ip6t_do_table+0xd20/0x1d40 [ 942.333349][T21352] ? __local_bh_enable_ip+0xa4/0x120 [ 942.335660][T21352] ? ip6t_do_table+0xd50/0x1d40 [ 942.337807][T21352] nf_conntrack_in+0xa50/0x1860 [ 942.339972][T21352] ? lockdep_hardirqs_on+0x7c/0x110 [ 942.342221][T21352] ? __pfx_nf_conntrack_in+0x10/0x10 [ 942.344532][T21352] ? __do_replace+0x916/0x9c0 [ 942.346601][T21352] ? __pfx_ipv6_conntrack_in+0x10/0x10 [ 942.348970][T21352] nf_hook_slow+0xbb/0x200 [ 942.350908][T21352] nf_hook.constprop.0+0x42e/0x750 [ 942.353101][T21352] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 942.355314][T21352] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 942.357662][T21352] ? sock_wfree+0x113/0x850 [ 942.359675][T21352] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 942.361780][T21352] ? __pfx_ipv6_rcv+0x10/0x10 [ 942.363766][T21352] ipv6_rcv+0xa4/0x680 [ 942.365564][T21352] ? __pfx_ipv6_rcv+0x10/0x10 [ 942.367641][T21352] __netif_receive_skb_one_core+0x12e/0x1e0 [ 942.370224][T21352] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 942.373028][T21352] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 942.375501][T21352] __netif_receive_skb+0x1d/0x160 [ 942.377662][T21352] netif_receive_skb+0x13f/0x7b0 [ 942.379764][T21352] ? __pfx_netif_receive_skb+0x10/0x10 [ 942.382054][T21352] ? __pfx___lock_acquire+0x10/0x10 [ 942.384266][T21352] ? __tun_build_skb+0x1e5/0x340 [ 942.386418][T21352] tun_rx_batched+0x429/0x780 [ 942.388484][T21352] ? __pfx_tun_rx_batched+0x10/0x10 [ 942.390737][T21352] ? __lock_acquire+0xc5d/0x3b30 [ 942.392863][T21352] ? tun_get_user+0x1d7d/0x3c30 [ 942.395016][T21352] tun_get_user+0x2a58/0x3c30 [ 942.397076][T21352] ? __pfx_tun_get_user+0x10/0x10 [ 942.399278][T21352] ? find_held_lock+0x2d/0x110 [ 942.401185][T21352] ? __pfx_lock_release+0x10/0x10 [ 942.403422][T21352] tun_chr_write_iter+0xe8/0x210 [ 942.405594][T21352] vfs_write+0x6b6/0x1140 [ 942.407488][T21352] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 942.409806][T21352] ? __pfx_vfs_write+0x10/0x10 [ 942.411937][T21352] ? __fget_files+0x256/0x400 [ 942.414013][T21352] ? __fget_light+0x173/0x210 [ 942.416059][T21352] ksys_write+0x12f/0x260 [ 942.417900][T21352] ? __pfx_ksys_write+0x10/0x10 [ 942.419971][T21352] do_syscall_64+0xcd/0x250 [ 942.421977][T21352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.424588][T21352] RIP: 0033:0x7f239717475f [ 942.426540][T21352] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 942.434468][T21352] RSP: 002b:00007f2397f48010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 942.437737][T21352] RAX: ffffffffffffffda RBX: 00007f2397303f60 RCX: 00007f239717475f [ 942.440812][T21352] RDX: 000000000000008a RSI: 0000000020000880 RDI: 00000000000000c8 [ 942.443806][T21352] RBP: 00007f2397f480a0 R08: 0000000000000000 R09: 0000000000000000 [ 942.446678][T21352] R10: 000000000000008a R11: 0000000000000293 R12: 0000000000000001 [ 942.449518][T21352] R13: 000000000000000b R14: 00007f2397303f60 R15: 00007ffddce20008 [ 942.452267][T21352] [ 942.519729][ T1089] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 942.791743][T21377] overlayfs: missing 'lowerdir' [ 942.995082][ T816] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 943.176967][ T816] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 943.182188][ T816] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 943.187165][ T816] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 943.192122][ T816] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 943.197032][ T816] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 943.200418][ T816] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 943.209261][ T816] usb 5-1: config 0 descriptor?? [ 943.212401][T21373] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 943.641714][ T816] plantronics 0003:047F:FFFF.0036: unknown main item tag 0xd [ 943.652978][ T816] plantronics 0003:047F:FFFF.0036: No inputs registered, leaving [ 943.667898][ T816] plantronics 0003:047F:FFFF.0036: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 943.948204][T21385] tmpfs: Unknown parameter '00000000000000000004' [ 945.095119][ T57] usb 5-1: reset high-speed USB device number 87 using dummy_hcd [ 945.319842][T21355] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 945.700825][ T39] audit: type=1326 audit(2000006554.125:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21396 comm="syz.2.5008" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x0 [ 945.809558][T21411] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 946.053388][ T1089] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 946.261589][T21424] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 946.264745][T21424] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 946.405063][ T57] usb 5-1: device descriptor read/64, error -71 [ 946.616330][T21431] tmpfs: Unknown parameter '00000000000000000004' [ 946.685100][ T57] usb 5-1: reset high-speed USB device number 87 using dummy_hcd [ 946.691954][ T57] usb 5-1: device reset changed ep0 maxpacket size! [ 946.695428][ T25] usb 5-1: USB disconnect, device number 87 [ 946.865053][ T25] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 947.074961][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 947.078449][ T25] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 947.082102][ T25] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 947.085185][ T25] usb 5-1: config 1 has no interface number 1 [ 947.087287][ T25] usb 5-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 947.090910][ T25] usb 5-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 947.095850][ T25] usb 5-1: config 1 interface 2 has no altsetting 0 [ 947.100109][ T25] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 947.103185][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 947.105992][ T25] usb 5-1: Product: syz [ 947.107450][ T25] usb 5-1: Manufacturer: syz [ 947.109046][ T25] usb 5-1: SerialNumber: syz [ 948.974592][T21415] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 949.006775][ T25] usb 5-1: USB disconnect, device number 88 [ 949.119987][T21445] tmpfs: Unknown parameter '00000000000000000004' [ 949.236617][ T1089] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 949.493302][T21461] FAULT_INJECTION: forcing a failure. [ 949.493302][T21461] name failslab, interval 1, probability 0, space 0, times 0 [ 949.500683][T21461] CPU: 0 PID: 21461 Comm: syz.1.5024 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 949.504602][T21461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 949.509245][T21461] Call Trace: [ 949.510727][T21461] [ 949.512052][T21461] dump_stack_lvl+0x16c/0x1f0 [ 949.514107][T21461] should_fail_ex+0x497/0x5b0 [ 949.516189][T21461] should_failslab+0x9/0x20 [ 949.518195][T21461] kmem_cache_alloc_lru_noprof+0x72/0x2f0 [ 949.520677][T21461] ? sock_alloc_inode+0x25/0x1c0 [ 949.522835][T21461] ? __pfx_sock_alloc_inode+0x10/0x10 [ 949.525241][T21461] sock_alloc_inode+0x25/0x1c0 [ 949.527337][T21461] alloc_inode+0x5d/0x230 [ 949.529220][T21461] new_inode_pseudo+0x16/0x80 [ 949.530883][T21461] sock_alloc+0x40/0x280 [ 949.532764][T21461] __sock_create+0xc0/0x800 [ 949.534796][T21461] start_sync_thread+0x158e/0x28e0 [ 949.537044][T21461] ? __pfx_sync_thread_backup+0x10/0x10 [ 949.539452][T21461] ? __pfx_start_sync_thread+0x10/0x10 [ 949.541812][T21461] ? __might_fault+0x13b/0x190 [ 949.543904][T21461] ? __pfx_lock_release+0x10/0x10 [ 949.546087][T21461] ? __pfx___might_resched+0x10/0x10 [ 949.548385][T21461] ? __might_fault+0xe3/0x190 [ 949.550414][T21461] ? read_word_at_a_time+0xe/0x20 [ 949.552619][T21461] ? do_ip_vs_set_ctl+0x452/0x11c0 [ 949.554860][T21461] do_ip_vs_set_ctl+0x452/0x11c0 [ 949.557030][T21461] ? lock_acquire+0x1b1/0x560 [ 949.559094][T21461] ? __pfx_do_ip_vs_set_ctl+0x10/0x10 [ 949.561074][T21461] ? __pfx_lock_release+0x10/0x10 [ 949.563112][T21461] ? trace_contention_end+0xea/0x140 [ 949.565423][T21461] ? __mutex_unlock_slowpath+0x164/0x650 [ 949.567516][T21461] ? nf_setsockopt+0x8a/0xf0 [ 949.569299][T21461] nf_setsockopt+0x8a/0xf0 [ 949.571253][T21461] ip_setsockopt+0xcb/0xf0 [ 949.573074][T21461] tcp_setsockopt+0xa4/0x100 [ 949.574789][T21461] smc_setsockopt+0x1b4/0xa00 [ 949.576850][T21461] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 949.579421][T21461] ? __pfx_smc_setsockopt+0x10/0x10 [ 949.581678][T21461] ? selinux_socket_setsockopt+0x6a/0x80 [ 949.584126][T21461] ? __pfx_smc_setsockopt+0x10/0x10 [ 949.586407][T21461] do_sock_setsockopt+0x222/0x480 [ 949.588597][T21461] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 949.591009][T21461] ? __fget_light+0x173/0x210 [ 949.592795][T21461] __sys_setsockopt+0x1a4/0x270 [ 949.594637][T21461] ? __pfx___sys_setsockopt+0x10/0x10 [ 949.596992][T21461] ? fput+0x32/0x390 [ 949.598586][T21461] ? ksys_write+0x1ab/0x260 [ 949.600149][T21461] ? __pfx_ksys_write+0x10/0x10 [ 949.602173][T21461] __x64_sys_setsockopt+0xbd/0x160 [ 949.604390][T21461] ? do_syscall_64+0x91/0x250 [ 949.606026][T21461] ? lockdep_hardirqs_on+0x7c/0x110 [ 949.608076][T21461] do_syscall_64+0xcd/0x250 [ 949.610070][T21461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 949.612304][T21461] RIP: 0033:0x7f2397175bd9 [ 949.613940][T21461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 949.622499][T21461] RSP: 002b:00007f2397f48048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 949.625056][ T25] usb 7-1: new high-speed USB device number 108 using dummy_hcd [ 949.625988][T21461] RAX: ffffffffffffffda RBX: 00007f2397303f60 RCX: 00007f2397175bd9 [ 949.626082][T21461] RDX: 000000000000048b RSI: 0000000000000000 RDI: 0000000000000003 [ 949.626094][T21461] RBP: 00007f2397f480a0 R08: 0000000000000018 R09: 0000000000000000 [ 949.626106][T21461] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000000000001 [ 949.626119][T21461] R13: 000000000000000b R14: 00007f2397303f60 R15: 00007ffddce20008 [ 949.626134][T21461] [ 949.631781][T21461] socket: no more sockets [ 949.649732][T21461] IPVS: Error during creation of socket; terminating [ 949.684996][ T57] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 949.815266][ T25] usb 7-1: Using ep0 maxpacket: 8 [ 949.819206][ T25] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 949.823571][ T25] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 949.827572][ T25] usb 7-1: config 1 has no interface number 1 [ 949.831188][ T25] usb 7-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 949.836201][ T25] usb 7-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 949.842414][ T25] usb 7-1: config 1 interface 2 has no altsetting 0 [ 949.848622][ T25] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 949.852701][ T25] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 949.856653][ T25] usb 7-1: Product: syz [ 949.858472][ T25] usb 7-1: Manufacturer: syz [ 949.860478][ T25] usb 7-1: SerialNumber: syz [ 949.865060][ T57] usb 5-1: Using ep0 maxpacket: 8 [ 949.869622][ T57] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 949.873610][ T57] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 949.876808][ T57] usb 5-1: config 1 has no interface number 1 [ 949.878937][ T57] usb 5-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 949.883051][ T57] usb 5-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 949.888676][ T57] usb 5-1: config 1 interface 2 has no altsetting 0 [ 949.894111][ T57] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 949.897699][ T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 949.900644][ T57] usb 5-1: Product: syz [ 949.902111][ T57] usb 5-1: Manufacturer: syz [ 949.904121][ T57] usb 5-1: SerialNumber: syz [ 952.163571][T21447] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 952.220718][ T25] usb 7-1: USB disconnect, device number 108 [ 952.221760][T21475] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 952.229291][T21475] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 952.238077][ T57] usb 5-1: USB disconnect, device number 89 [ 952.304886][T21481] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5031'. [ 952.453231][ T1095] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 952.748575][ T25] usb 7-1: new high-speed USB device number 109 using dummy_hcd [ 952.925019][ T25] usb 7-1: Using ep0 maxpacket: 8 [ 952.929378][ T25] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 952.933806][ T25] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 952.938125][ T25] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 14385, setting to 1024 [ 952.943172][ T25] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 952.948043][ T25] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 952.955433][ T25] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 952.959450][ T25] usb 7-1: New USB device strings: Mfr=17, Product=0, SerialNumber=0 [ 952.963447][ T25] usb 7-1: Manufacturer: syz [ 953.105082][ T56] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 953.173130][ T25] usb 7-1: GET_CAPABILITIES returned 0 [ 953.175675][ T25] usbtmc 7-1:16.0: can't read capabilities [ 953.297040][ T56] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 953.302152][ T56] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 953.307251][ T56] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 953.312540][ T56] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 953.318602][ T56] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 953.322633][ T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 953.328310][ T56] usb 5-1: config 0 descriptor?? [ 953.331361][T21492] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 953.374809][T15111] usb 7-1: USB disconnect, device number 109 [ 953.743891][ T56] plantronics 0003:047F:FFFF.0037: unknown main item tag 0xd [ 953.748698][ T56] plantronics 0003:047F:FFFF.0037: No inputs registered, leaving [ 953.755101][ T56] plantronics 0003:047F:FFFF.0037: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 955.105067][ T816] usb 5-1: reset high-speed USB device number 90 using dummy_hcd [ 955.195066][T19802] usb 7-1: new high-speed USB device number 110 using dummy_hcd [ 955.375052][T19802] usb 7-1: Using ep0 maxpacket: 8 [ 955.375096][T21485] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 955.380338][T19802] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 955.394963][T19802] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 955.398471][T19802] usb 7-1: config 1 has no interface number 1 [ 955.400618][T19802] usb 7-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 955.404306][T19802] usb 7-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 955.421056][T19802] usb 7-1: config 1 interface 2 has no altsetting 0 [ 955.425385][T19802] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 955.428485][T19802] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 955.431252][T19802] usb 7-1: Product: syz [ 955.444937][T19802] usb 7-1: Manufacturer: syz [ 955.446626][T19802] usb 7-1: SerialNumber: syz [ 955.530887][T21521] FAULT_INJECTION: forcing a failure. [ 955.530887][T21521] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 955.537946][T21521] CPU: 0 PID: 21521 Comm: syz.1.5040 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 955.541382][T21521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 955.545014][T21521] Call Trace: [ 955.546165][T21521] [ 955.547175][T21521] dump_stack_lvl+0x16c/0x1f0 [ 955.548790][T21521] should_fail_ex+0x497/0x5b0 [ 955.550421][T21521] ? fs_reclaim_acquire+0xae/0x160 [ 955.552185][T21521] __should_fail_alloc_page+0xe7/0x130 [ 955.554059][T21521] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 955.556162][T21521] __alloc_pages_noprof+0x194/0x2460 [ 955.558014][T21521] ? hlock_class+0x4e/0x130 [ 955.559577][T21521] ? __pfx___lock_acquire+0x10/0x10 [ 955.561352][T21521] ? __pfx_mark_lock+0x10/0x10 [ 955.563365][T21521] ? hlock_class+0x4e/0x130 [ 955.565258][T21521] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 955.567248][T21521] ? hlock_class+0x4e/0x130 [ 955.568802][T21521] ? hlock_class+0x4e/0x130 [ 955.570364][T21521] ? __lock_acquire+0xc5d/0x3b30 [ 955.572145][T21521] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 955.574143][T21521] ? policy_nodemask+0xea/0x4e0 [ 955.575843][T21521] alloc_pages_mpol_noprof+0x275/0x610 [ 955.577720][T21521] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 955.579776][T21521] ? hlock_class+0x4e/0x130 [ 955.581507][T21521] pte_alloc_one+0x20/0x370 [ 955.583094][T21521] __pte_alloc+0x6e/0x3a0 [ 955.584911][T21521] ? __pfx___pte_alloc+0x10/0x10 [ 955.587030][T21521] __handle_mm_fault+0x4883/0x5410 [ 955.588744][T21521] ? __pfx_mt_find+0x10/0x10 [ 955.590325][T21521] ? __pfx___handle_mm_fault+0x10/0x10 [ 955.592164][T21521] ? no_page_table+0xc7/0x230 [ 955.593746][T21521] handle_mm_fault+0x476/0xa00 [ 955.595419][T21521] __get_user_pages+0x475/0x15c0 [ 955.597125][T21521] ? __pfx___get_user_pages+0x10/0x10 [ 955.599005][T21521] ? down_read_killable+0xcc/0x380 [ 955.600989][T21521] ? __pfx_down_read_killable+0x10/0x10 [ 955.603233][T21521] ? hlock_class+0x4e/0x130 [ 955.604691][T21521] __gup_longterm_locked+0x243/0x2790 [ 955.606594][T21521] ? find_held_lock+0x2d/0x110 [ 955.608324][T21521] ? __pfx___gup_longterm_locked+0x10/0x10 [ 955.610414][T21521] ? gup_fast_fallback+0x1245/0x25f0 [ 955.612335][T21521] ? __pfx_lock_release+0x10/0x10 [ 955.614118][T21521] ? sanity_check_pinned_pages+0x23/0x11f0 [ 955.616232][T21521] gup_fast_fallback+0x155b/0x25f0 [ 955.618015][T21521] ? __pfx_gup_fast_fallback+0x10/0x10 [ 955.620085][T21521] ? __pfx_mark_lock+0x10/0x10 [ 955.622268][T21521] ? hlock_class+0x4e/0x130 [ 955.623958][T21521] ? hlock_class+0x4e/0x130 [ 955.625663][T21521] pin_user_pages_fast+0xa8/0x100 [ 955.627472][T21521] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 955.629404][T21521] iov_iter_extract_pages+0x388/0x18a0 [ 955.631354][T21521] ? local_clock_noinstr+0xc1/0xe0 [ 955.633168][T21521] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 955.635255][T21521] ? md5_transform+0x7dc/0xd70 [ 955.636949][T21521] extract_iter_to_sg+0xbd7/0x1950 [ 955.638766][T21521] ? __asan_memcpy+0x3c/0x60 [ 955.640678][T21521] ? sanity_check_pinned_pages+0x372/0x11f0 [ 955.643075][T21521] ? __pfx_extract_iter_to_sg+0x10/0x10 [ 955.645023][T21521] ? gup_put_folio+0x71/0x2a0 [ 955.646889][T21521] ? __pfx_unpin_user_page+0x10/0x10 [ 955.648737][T21521] ? af_alg_free_sg+0x17a/0x260 [ 955.650452][T21521] hash_sendmsg+0x431/0xf30 [ 955.652058][T21521] ? security_socket_sendmsg+0x8c/0xc0 [ 955.653976][T21521] sock_write_iter+0x50a/0x5c0 [ 955.655666][T21521] ? __pfx_sock_write_iter+0x10/0x10 [ 955.657408][T21521] ? security_file_permission+0x98/0xc0 [ 955.659332][T21521] vfs_write+0x6b6/0x1140 [ 955.661249][T21521] ? __pfx_sock_write_iter+0x10/0x10 [ 955.663325][T21521] ? __pfx_vfs_write+0x10/0x10 [ 955.665018][T21521] ? __fget_files+0x256/0x400 [ 955.666727][T21521] ? __fget_light+0x173/0x210 [ 955.668387][T21521] ksys_write+0x1f8/0x260 [ 955.669979][T21521] ? __pfx_ksys_write+0x10/0x10 [ 955.671885][T21521] do_syscall_64+0xcd/0x250 [ 955.673661][T21521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 955.675855][T21521] RIP: 0033:0x7f2397175bd9 [ 955.677498][T21521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 955.685266][T21521] RSP: 002b:00007f2397f48048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 955.688152][T21521] RAX: ffffffffffffffda RBX: 00007f2397303f60 RCX: 00007f2397175bd9 [ 955.690886][T21521] RDX: 00000000fffffdef RSI: 0000000020000040 RDI: 0000000000000004 [ 955.693615][T21521] RBP: 00007f2397f480a0 R08: 0000000000000000 R09: 0000000000000000 [ 955.696376][T21521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 955.699145][T21521] R13: 000000000000000b R14: 00007f2397303f60 R15: 00007ffddce20008 [ 955.702477][T21521] [ 955.836993][T21531] netlink: 'syz.1.5041': attribute type 10 has an invalid length. [ 955.850038][T21531] team0: Failed to send options change via netlink (err -105) [ 955.852733][T21531] team0: Port device netdevsim0 added [ 955.858660][T15732] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 955.863513][T21531] netlink: 'syz.1.5041': attribute type 10 has an invalid length. [ 955.873474][T21531] team0: Failed to send options change via netlink (err -105) [ 955.877619][T21531] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 955.882143][T21531] team0: Port device netdevsim0 removed [ 955.889159][T21531] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 955.940632][T19802] usb 7-1: USB disconnect, device number 110 [ 955.976887][T21541] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 955.980276][T21541] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 956.302328][T21548] tmpfs: Unknown parameter '00000000000000000004' [ 956.613889][T11226] usb 5-1: USB disconnect, device number 90 [ 956.819472][T21566] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5050'. [ 956.859629][T21568] FAULT_INJECTION: forcing a failure. [ 956.859629][T21568] name failslab, interval 1, probability 0, space 0, times 0 [ 956.864254][T21568] CPU: 1 PID: 21568 Comm: syz.0.5051 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 956.867742][T21568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 956.871547][T21568] Call Trace: [ 956.872699][T21568] [ 956.873741][T21568] dump_stack_lvl+0x16c/0x1f0 [ 956.875361][T21568] should_fail_ex+0x497/0x5b0 [ 956.876963][T21568] should_failslab+0x9/0x20 [ 956.878819][T21568] __kmalloc_node_noprof+0xd5/0x440 [ 956.880956][T21568] ? _copy_from_user+0x5d/0xf0 [ 956.882763][T21568] ? kvmalloc_node_noprof+0x9d/0x1a0 [ 956.884577][T21568] kvmalloc_node_noprof+0x9d/0x1a0 [ 956.886349][T21568] __do_sys_add_key+0x1f8/0x460 [ 956.888008][T21568] ? __pfx___do_sys_add_key+0x10/0x10 [ 956.890207][T21568] ? ksys_write+0x1ab/0x260 [ 956.892234][T21568] do_syscall_64+0xcd/0x250 [ 956.893856][T21568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 956.896315][T21568] RIP: 0033:0x7fc0f7175bd9 [ 956.898215][T21568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 956.905387][T21568] RSP: 002b:00007fc0f7fd2048 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 956.908222][T21568] RAX: ffffffffffffffda RBX: 00007fc0f7303f60 RCX: 00007fc0f7175bd9 [ 956.911220][T21568] RDX: 0000000020000100 RSI: 0000000020000180 RDI: 0000000020000140 [ 956.913989][T21568] RBP: 00007fc0f7fd20a0 R08: fffffffffffffffe R09: 0000000000000000 [ 956.916747][T21568] R10: 00000000000000ca R11: 0000000000000246 R12: 0000000000000001 [ 956.919284][T21568] R13: 000000000000000b R14: 00007fc0f7303f60 R15: 00007ffe1165e6e8 [ 956.921828][T21568] [ 957.108715][T21576] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 957.118822][T21576] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 957.285507][ T1089] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 957.486671][T21591] tmpfs: Unknown parameter '00000000000000000004' [ 959.407635][T21601] syzkaller0: entered promiscuous mode [ 959.410005][T21601] syzkaller0: entered allmulticast mode [ 960.214625][T21578] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 960.491899][T21610] netlink: 212424 bytes leftover after parsing attributes in process `syz.3.5062'. [ 961.884117][T21617] FAULT_INJECTION: forcing a failure. [ 961.884117][T21617] name failslab, interval 1, probability 0, space 0, times 0 [ 961.889692][T21617] CPU: 2 PID: 21617 Comm: syz.3.5064 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 961.893917][T21617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 961.898229][T21617] Call Trace: [ 961.899722][T21617] [ 961.900995][T21617] dump_stack_lvl+0x16c/0x1f0 [ 961.902575][T21617] should_fail_ex+0x497/0x5b0 [ 961.904148][T21617] should_failslab+0x9/0x20 [ 961.905652][T21617] kmem_cache_alloc_node_noprof+0x71/0x310 [ 961.908151][T21617] ? __alloc_skb+0x2b1/0x380 [ 961.910170][T21617] __alloc_skb+0x2b1/0x380 [ 961.912090][T21617] ? __pfx___alloc_skb+0x10/0x10 [ 961.914197][T21617] ? hci_sock_sendmsg+0x527/0x25e0 [ 961.916239][T21617] hci_sock_sendmsg+0x1a41/0x25e0 [ 961.918092][T21617] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 961.919945][T21617] sock_write_iter+0x50a/0x5c0 [ 961.921928][T21617] ? __pfx_sock_write_iter+0x10/0x10 [ 961.924269][T21617] ? security_file_permission+0x98/0xc0 [ 961.926685][T21617] vfs_write+0x6b6/0x1140 [ 961.928470][T21617] ? __pfx_sock_write_iter+0x10/0x10 [ 961.930297][T21617] ? __pfx_vfs_write+0x10/0x10 [ 961.932032][T21617] ? __fget_files+0x256/0x400 [ 961.933640][T21617] ? __fget_light+0x173/0x210 [ 961.935324][T21617] ksys_write+0x1f8/0x260 [ 961.936794][T21617] ? __pfx_ksys_write+0x10/0x10 [ 961.938456][T21617] do_syscall_64+0xcd/0x250 [ 961.940269][T21617] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 961.942602][T21617] RIP: 0033:0x7f1b5a975bd9 [ 961.944428][T21617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 961.951964][T21617] RSP: 002b:00007f1b5b7e6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 961.954763][T21617] RAX: ffffffffffffffda RBX: 00007f1b5ab03f60 RCX: 00007f1b5a975bd9 [ 961.957572][T21617] RDX: 0000000000000007 RSI: 0000000020000340 RDI: 0000000000000006 [ 961.960965][T21617] RBP: 00007f1b5b7e60a0 R08: 0000000000000000 R09: 0000000000000000 [ 961.964382][T21617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 961.967666][T21617] R13: 000000000000000b R14: 00007f1b5ab03f60 R15: 00007ffe43a21a98 [ 961.971027][T21617] [ 961.973733][T21617] Bluetooth: MGMT ver 1.22 [ 962.057263][T21621] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5066'. [ 962.108634][T21622] ptrace attach of "/syz-executor exec"[20395] was attempted by "/syz-executor exec"[21622] [ 962.470488][ T1089] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 962.775388][T15111] usb 7-1: new high-speed USB device number 111 using dummy_hcd [ 962.985213][T15111] usb 7-1: Using ep0 maxpacket: 8 [ 962.990496][T15111] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 962.995162][T15111] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 962.999637][T15111] usb 7-1: config 1 has no interface number 1 [ 963.002315][T15111] usb 7-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 963.007270][T15111] usb 7-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 963.012623][T15111] usb 7-1: config 1 interface 2 has no altsetting 0 [ 963.022898][T15111] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 963.027421][T15111] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 963.031343][T15111] usb 7-1: Product: syz [ 963.033381][T15111] usb 7-1: Manufacturer: syz [ 963.035728][T15111] usb 7-1: SerialNumber: syz [ 963.416025][T21642] tmpfs: Unknown parameter '00000000000000000004' [ 963.517414][T21641] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5071'. [ 964.015067][ T4629] Bluetooth: hci0: command 0x0405 tx timeout [ 964.015365][T15643] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 965.401314][T21628] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 965.411643][T21649] netlink: 212424 bytes leftover after parsing attributes in process `syz.3.5072'. [ 965.461193][T15111] usb 7-1: USB disconnect, device number 111 [ 965.533194][T21658] tmpfs: Unknown parameter '00000000000000000004' [ 965.645217][T21667] FAULT_INJECTION: forcing a failure. [ 965.645217][T21667] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 965.650720][T21667] CPU: 3 PID: 21667 Comm: syz.2.5078 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 965.654635][T21667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 965.659148][T21667] Call Trace: [ 965.660587][T21667] [ 965.661882][T21667] dump_stack_lvl+0x16c/0x1f0 [ 965.663905][T21667] should_fail_ex+0x497/0x5b0 [ 965.666461][T21667] _copy_from_user+0x30/0xf0 [ 965.668508][T21667] ____sys_sendmsg+0x8d8/0xc90 [ 965.670759][T21667] ? __pfx_____sys_sendmsg+0x10/0x10 [ 965.673081][T21667] ? find_held_lock+0x2d/0x110 [ 965.675179][T21667] ? __pfx___lock_acquire+0x10/0x10 [ 965.677409][T21667] ___sys_sendmsg+0x135/0x1e0 [ 965.679535][T21667] ? __pfx____sys_sendmsg+0x10/0x10 [ 965.681905][T21667] ? ksys_write+0x21c/0x260 [ 965.683773][T21667] ? __fget_light+0x173/0x210 [ 965.685424][T21667] __sys_sendmsg+0x117/0x1f0 [ 965.687171][T21667] ? __pfx___sys_sendmsg+0x10/0x10 [ 965.689421][T21667] do_syscall_64+0xcd/0x250 [ 965.691063][T21667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 965.693714][T21667] RIP: 0033:0x7fe15cd75bd9 [ 965.695533][T21667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 965.703725][T21667] RSP: 002b:00007fe15db62048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 965.707461][T21667] RAX: ffffffffffffffda RBX: 00007fe15cf03f60 RCX: 00007fe15cd75bd9 [ 965.710582][T21667] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 965.713700][T21667] RBP: 00007fe15db620a0 R08: 0000000000000000 R09: 0000000000000000 [ 965.716538][T21667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 965.719734][T21667] R13: 000000000000000b R14: 00007fe15cf03f60 R15: 00007ffdc88239a8 [ 965.722540][T21667] [ 966.054986][ T1780] usb 7-1: new high-speed USB device number 112 using dummy_hcd [ 966.253371][ T1780] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 966.260596][T21681] netlink: 212424 bytes leftover after parsing attributes in process `syz.1.5082'. [ 966.262820][ T1780] usb 7-1: New USB device found, idVendor=046d, idProduct=c29a, bcdDevice= 0.40 [ 966.269988][ T1780] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 966.274759][ T1780] usb 7-1: Product: syz [ 966.277972][ T1780] usb 7-1: Manufacturer: syz [ 966.280512][ T1780] usb 7-1: SerialNumber: syz [ 966.288141][ T1780] usbhid 7-1:1.0: couldn't find an input interrupt endpoint [ 966.493520][T21670] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 966.498235][T21670] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 966.512388][ T57] usb 7-1: USB disconnect, device number 112 [ 967.071691][T21699] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 967.150253][ T11] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 967.475053][ T5250] usb 7-1: new high-speed USB device number 113 using dummy_hcd [ 967.655050][ T5250] usb 7-1: Using ep0 maxpacket: 8 [ 967.665708][ T5250] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 967.670911][ T5250] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 967.675912][ T5250] usb 7-1: config 1 has no interface number 1 [ 967.678696][ T5250] usb 7-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 967.683489][ T5250] usb 7-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 967.689346][ T5250] usb 7-1: config 1 interface 2 has no altsetting 0 [ 967.695679][ T5250] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 967.699762][ T5250] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 967.703324][ T5250] usb 7-1: Product: syz [ 967.705354][ T5250] usb 7-1: Manufacturer: syz [ 967.706966][ T5250] usb 7-1: SerialNumber: syz [ 970.063427][T21698] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 970.155050][ T5250] usb 7-1: USB disconnect, device number 113 [ 970.468659][T21743] bridge0: port 3(syz_tun) entered blocking state [ 970.473258][T21743] bridge0: port 3(syz_tun) entered disabled state [ 970.476637][T21743] syz_tun: entered allmulticast mode [ 970.482664][T21743] syz_tun: entered promiscuous mode [ 970.486250][T21743] bridge0: port 3(syz_tun) entered blocking state [ 970.488863][T21743] bridge0: port 3(syz_tun) entered forwarding state [ 970.509005][T21743] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 971.245249][ T39] audit: type=1400 audit(2000007266.676:949): avc: denied { setattr } for pid=21756 comm="syz.1.5104" name="sg0" dev="devtmpfs" ino=705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 971.471973][ T1095] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 974.352581][T21771] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 974.400383][T21823] binder: 21822:21823 ioctl 5322 8 returned -22 [ 974.403618][T21823] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5122'. [ 974.494592][T21832] bridge0: port 3(syz_tun) entered blocking state [ 974.497036][T21832] bridge0: port 3(syz_tun) entered disabled state [ 974.499462][T21832] syz_tun: entered allmulticast mode [ 974.502489][T21832] syz_tun: entered promiscuous mode [ 974.505104][T21832] bridge0: port 3(syz_tun) entered blocking state [ 974.507822][T21832] bridge0: port 3(syz_tun) entered forwarding state [ 974.514705][T21832] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 974.535300][T21833] bridge0: port 3(syz_tun) entered blocking state [ 974.538343][T21833] bridge0: port 3(syz_tun) entered disabled state [ 974.543032][T21833] syz_tun: entered allmulticast mode [ 974.549711][T21833] syz_tun: entered promiscuous mode [ 974.751334][ T39] audit: type=1400 audit(2000007270.176:950): avc: denied { setopt } for pid=21841 comm="syz.2.5127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 975.023597][ T39] audit: type=1326 audit(2000007270.446:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21853 comm="syz.3.5130" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b5a975bd9 code=0x0 [ 975.800018][ T39] audit: type=1326 audit(2000007271.226:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21868 comm="syz.2.5133" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x0 [ 975.808330][ T13] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 976.266883][T21879] bridge0: port 3(syz_tun) entered blocking state [ 976.270111][T21879] bridge0: port 3(syz_tun) entered disabled state [ 976.273104][T21879] syz_tun: entered allmulticast mode [ 976.277022][T21879] syz_tun: entered promiscuous mode [ 976.280183][T21879] bridge0: port 3(syz_tun) entered blocking state [ 976.284696][T21879] bridge0: port 3(syz_tun) entered forwarding state [ 976.300135][T21879] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 978.659820][T21863] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 978.787184][ T1092] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 978.808151][T21927] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 979.105051][T19480] usb 7-1: new high-speed USB device number 114 using dummy_hcd [ 979.222879][T21943] FAULT_INJECTION: forcing a failure. [ 979.222879][T21943] name failslab, interval 1, probability 0, space 0, times 0 [ 979.228883][T21943] CPU: 3 PID: 21943 Comm: syz.0.5152 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 979.232847][T21943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 979.236504][T21943] Call Trace: [ 979.237644][T21943] [ 979.238781][T21943] dump_stack_lvl+0x16c/0x1f0 [ 979.240606][T21943] should_fail_ex+0x497/0x5b0 [ 979.242216][T21943] should_failslab+0x9/0x20 [ 979.243749][T21943] __kmalloc_noprof+0xcf/0x410 [ 979.245443][T21943] ? __wake_up+0x3f/0x60 [ 979.246918][T21943] ? __pfx_lock_release+0x10/0x10 [ 979.248607][T21943] sk_prot_alloc+0x1a8/0x2a0 [ 979.250599][T21943] sk_alloc+0x36/0xb90 [ 979.252372][T21943] ? __pfx_genl_release+0x10/0x10 [ 979.254455][T21943] __netlink_create+0x63/0x300 [ 979.256197][T21943] ? __wake_up+0x3f/0x60 [ 979.257813][T21943] netlink_create+0x3d8/0x670 [ 979.259542][T21943] ? __pfx_genl_bind+0x10/0x10 [ 979.261489][T21943] ? __pfx_genl_unbind+0x10/0x10 [ 979.263635][T21943] __sock_create+0x32e/0x800 [ 979.265682][T21943] __sys_socket+0x14f/0x260 [ 979.267654][T21943] ? __pfx___sys_socket+0x10/0x10 [ 979.269826][T21943] __x64_sys_socket+0x72/0xb0 [ 979.271855][T21943] ? lockdep_hardirqs_on+0x7c/0x110 [ 979.274125][T21943] do_syscall_64+0xcd/0x250 [ 979.276101][T21943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 979.278675][T21943] RIP: 0033:0x7fc0f71779f7 [ 979.280602][T21943] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 979.285708][T19480] usb 7-1: Using ep0 maxpacket: 8 [ 979.288587][T21943] RSP: 002b:00007fc0f7fd0f88 EFLAGS: 00000283 ORIG_RAX: 0000000000000029 [ 979.292553][T19480] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 979.293560][T21943] RAX: ffffffffffffffda RBX: 00007fc0f7303f60 RCX: 00007fc0f71779f7 [ 979.297628][T19480] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 979.300235][T21943] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 979.300252][T21943] RBP: 00007fc0f7fd20a0 R08: 0000000000000000 R09: 0000000000000000 [ 979.303695][T19480] usb 7-1: config 1 has no interface number 1 [ 979.306888][T21943] R10: 0000000020000300 R11: 0000000000000283 R12: 0000000000000001 [ 979.306906][T21943] R13: 0000000000000180 R14: 00007fc0f7303f60 R15: 0000000020000300 [ 979.306921][T21943] [ 979.306998][ C3] vkms_vblank_simulate: vblank timer overrun [ 979.309455][T19480] usb 7-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 979.326143][T19480] usb 7-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 979.331102][T19480] usb 7-1: config 1 interface 2 has no altsetting 0 [ 979.335666][T21944] xt_SECMARK: invalid security context 'system_u:object_r:devicekit_exec_t:s0' [ 979.350425][T19480] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 979.354369][T19480] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 979.357875][T19480] usb 7-1: Product: syz [ 979.359327][T19480] usb 7-1: Manufacturer: syz [ 979.361164][T19480] usb 7-1: SerialNumber: syz [ 981.009797][T21962] can: request_module (can-proto-0) failed. [ 981.697080][T21913] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 981.781140][T19480] usb 7-1: USB disconnect, device number 114 [ 981.819085][T21972] netlink: 212424 bytes leftover after parsing attributes in process `syz.2.5160'. [ 982.167204][ T1092] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 985.035595][T21977] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 985.182862][T22015] netlink: 212424 bytes leftover after parsing attributes in process `syz.2.5170'. [ 985.820699][T22029] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.5175'. [ 986.093026][ T39] audit: type=1400 audit(2000007739.513:953): avc: denied { getopt } for pid=22032 comm="syz.2.5177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 986.101747][ T39] audit: type=1400 audit(2000007739.523:954): avc: denied { nlmsg_write } for pid=22032 comm="syz.2.5177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 986.111870][ T39] audit: type=1400 audit(2000007739.523:955): avc: denied { accept } for pid=22032 comm="syz.2.5177" path="socket:[115926]" dev="sockfs" ino=115926 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 987.125115][T15111] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 987.318194][T15111] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 987.322517][T15111] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 987.325826][T15111] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 987.329272][T15111] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 987.330119][T22069] netlink: 212424 bytes leftover after parsing attributes in process `syz.1.5186'. [ 987.335660][T22056] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 987.509012][T22078] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.5187'. [ 987.545111][T22082] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5190'. [ 987.547530][ T57] usb 5-1: USB disconnect, device number 91 [ 987.807734][T22086] input: syz1 as /devices/virtual/input/input176 [ 988.827296][T22102] netlink: 212424 bytes leftover after parsing attributes in process `syz.1.5196'. [ 989.140099][ T39] audit: type=1400 audit(2000008200.562:956): avc: denied { map } for pid=22110 comm="syz.2.5198" path="socket:[116819]" dev="sockfs" ino=116819 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 989.242517][ T39] audit: type=1400 audit(2000008200.662:957): avc: denied { accept } for pid=22114 comm="syz.1.5200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 989.475185][ T13] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 989.948653][T22142] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5207'. [ 989.952699][T22142] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5207'. [ 989.957681][T22142] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5207'. [ 989.961968][T22142] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5207'. [ 989.966978][T22142] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5207'. [ 989.971352][T22142] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5207'. [ 990.143672][T22141] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22141 comm=syz.3.5207 [ 992.352311][T22120] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 992.357953][T22147] __nla_validate_parse: 14 callbacks suppressed [ 992.357963][T22147] netlink: 212424 bytes leftover after parsing attributes in process `syz.0.5208'. [ 992.363139][T22151] netlink: 212424 bytes leftover after parsing attributes in process `syz.2.5209'. [ 992.505707][ T11] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 992.721344][T22176] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5216'. [ 992.815043][T15111] usb 7-1: new high-speed USB device number 115 using dummy_hcd [ 992.995000][T15111] usb 7-1: Using ep0 maxpacket: 8 [ 992.998951][T15111] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 993.003598][T15111] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 993.007156][T15111] usb 7-1: config 1 has no interface number 1 [ 993.009988][T15111] usb 7-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 993.014409][T15111] usb 7-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 993.019968][T15111] usb 7-1: config 1 interface 2 has no altsetting 0 [ 993.025545][T15111] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 993.029138][T15111] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 993.032709][T15111] usb 7-1: Product: syz [ 993.034376][T15111] usb 7-1: Manufacturer: syz [ 993.036245][T15111] usb 7-1: SerialNumber: syz [ 993.388514][ T1355] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.714458][T22185] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 995.413138][T22161] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 995.423046][T22182] netlink: 212424 bytes leftover after parsing attributes in process `syz.1.5218'. [ 995.427647][T22194] netlink: 212424 bytes leftover after parsing attributes in process `syz.0.5221'. [ 995.473962][T15111] usb 7-1: USB disconnect, device number 115 [ 995.558698][T22205] tmpfs: Unknown parameter '00000000000000000004' [ 995.568144][ T76] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 996.173136][T15111] usb 7-1: new high-speed USB device number 116 using dummy_hcd [ 996.368844][T15111] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 996.372958][T15111] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 996.376480][T15111] usb 7-1: Product: syz [ 996.378192][T15111] usb 7-1: Manufacturer: syz [ 996.380143][T15111] usb 7-1: SerialNumber: syz [ 996.385928][T15111] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 996.414734][T15111] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 997.274052][T22222] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 997.379679][T22226] tmpfs: Unknown parameter '00000000000000000004' [ 997.459758][T15111] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 997.463754][T15111] ath9k_htc: Failed to initialize the device [ 997.496478][T15111] usb 7-1: ath9k_htc: USB layer deinitialized [ 997.505377][ T5250] usb 7-1: USB disconnect, device number 116 [ 998.464385][T22197] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 998.662836][T22236] FAULT_INJECTION: forcing a failure. [ 998.662836][T22236] name failslab, interval 1, probability 0, space 0, times 0 [ 998.666928][T22236] CPU: 2 PID: 22236 Comm: syz.0.5232 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 998.670110][T22236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 998.673888][T22236] Call Trace: [ 998.675169][T22236] [ 998.676145][T22236] dump_stack_lvl+0x16c/0x1f0 [ 998.677599][T22236] should_fail_ex+0x497/0x5b0 [ 998.679257][T22236] ? __pfx_lock_release+0x10/0x10 [ 998.680933][T22236] should_failslab+0x9/0x20 [ 998.682644][T22236] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 998.684280][T22236] ? skb_clone+0x190/0x3f0 [ 998.685608][T22236] skb_clone+0x190/0x3f0 [ 998.686979][T22236] packet_rcv+0x57a/0x1510 [ 998.688346][T22236] ? __pfx_packet_rcv+0x10/0x10 [ 998.689949][T22236] dev_queue_xmit_nit+0x373/0xba0 [ 998.691795][T22236] dev_hard_start_xmit+0x56/0x790 [ 998.693343][T22236] __dev_queue_xmit+0x7ba/0x4130 [ 998.694871][T22236] ? __pfx___dev_queue_xmit+0x10/0x10 [ 998.696565][T22236] ? __asan_memcpy+0x3c/0x60 [ 998.697869][T22237] netlink: 212424 bytes leftover after parsing attributes in process `syz.1.5231'. [ 998.697986][T22236] ? __asan_memcpy+0x3c/0x60 [ 998.703497][T22236] ? __skb_clone+0x570/0x760 [ 998.704942][T22236] netlink_deliver_tap+0xa7d/0xd90 [ 998.706574][T22236] netlink_unicast+0x604/0x820 [ 998.708045][T22236] ? __pfx_netlink_unicast+0x10/0x10 [ 998.709707][T22236] netlink_sendmsg+0x8b8/0xd70 [ 998.711413][T22236] ? __pfx_netlink_sendmsg+0x10/0x10 [ 998.713024][T22236] ? __import_iovec+0x1fd/0x6e0 [ 998.714722][T22236] ____sys_sendmsg+0xab5/0xc90 [ 998.716387][T22236] ? copy_msghdr_from_user+0x10b/0x160 [ 998.718189][T22236] ? __pfx_____sys_sendmsg+0x10/0x10 [ 998.719940][T22236] ? __pfx___lock_acquire+0x10/0x10 [ 998.721631][T22236] ___sys_sendmsg+0x135/0x1e0 [ 998.723125][T22236] ? __pfx____sys_sendmsg+0x10/0x10 [ 998.724742][T22236] ? __pfx_lock_release+0x10/0x10 [ 998.726731][T22236] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 998.728930][T22236] ? __fget_light+0x173/0x210 [ 998.730773][T22236] __sys_sendmmsg+0x1a1/0x450 [ 998.732416][T22236] ? __pfx___sys_sendmmsg+0x10/0x10 [ 998.734061][T22236] ? vfs_write+0x14d/0x1140 [ 998.735435][T22236] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 998.737354][T22236] ? fput+0x32/0x390 [ 998.738552][T22236] ? ksys_write+0x1ab/0x260 [ 998.739921][T22236] ? __pfx_ksys_write+0x10/0x10 [ 998.741400][T22236] __x64_sys_sendmmsg+0x9c/0x100 [ 998.742945][T22236] ? lockdep_hardirqs_on+0x7c/0x110 [ 998.744594][T22236] do_syscall_64+0xcd/0x250 [ 998.746049][T22236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 998.747909][T22236] RIP: 0033:0x7fc0f7175bd9 [ 998.749249][T22236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 998.755238][T22236] RSP: 002b:00007fc0f7fd2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 998.757771][T22236] RAX: ffffffffffffffda RBX: 00007fc0f7303f60 RCX: 00007fc0f7175bd9 [ 998.760233][T22236] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 998.762634][T22236] RBP: 00007fc0f7fd20a0 R08: 0000000000000000 R09: 0000000000000000 [ 998.765044][T22236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 998.767489][T22236] R13: 000000000000000b R14: 00007fc0f7303f60 R15: 00007ffe1165e6e8 [ 998.769887][T22236] [ 998.919800][T22245] netlink: 212424 bytes leftover after parsing attributes in process `syz.1.5234'. [ 998.936998][ T39] audit: type=1400 audit(2000009584.364:958): avc: denied { read } for pid=22243 comm="syz.0.5235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 999.172390][ T76] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 999.455360][ T5311] usb 7-1: new high-speed USB device number 117 using dummy_hcd [ 999.665021][ T5311] usb 7-1: Using ep0 maxpacket: 8 [ 999.669620][ T5311] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 999.674260][ T5311] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 999.678658][ T5311] usb 7-1: config 1 has no interface number 1 [ 999.682204][ T5311] usb 7-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 999.687170][ T5311] usb 7-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 999.692974][ T5311] usb 7-1: config 1 interface 2 has no altsetting 0 [ 999.698813][ T5311] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 999.703423][ T5311] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 999.707377][ T5311] usb 7-1: Product: syz [ 999.709276][ T5311] usb 7-1: Manufacturer: syz [ 999.711468][ T5311] usb 7-1: SerialNumber: syz [ 999.833849][T22265] tmpfs: Unknown parameter '00000000000000000004' [ 1000.149136][T22273] tmpfs: Unknown parameter '00000000000000000004' [ 1002.103486][T22256] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1002.114522][T22279] netlink: 212424 bytes leftover after parsing attributes in process `syz.3.5242'. [ 1002.153083][ T5311] usb 7-1: USB disconnect, device number 117 [ 1002.250366][T22287] tmpfs: Unknown parameter '00000000000000000004' [ 1002.695016][ T5311] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 1002.887000][ T5311] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1002.892198][ T5311] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1002.900989][ T5311] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1002.907917][ T5311] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1002.913662][ T5311] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1002.920751][ T5311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1002.926530][ T5311] usb 5-1: config 0 descriptor?? [ 1002.929641][T22299] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1003.302987][ T13] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 1003.342214][ T5311] plantronics 0003:047F:FFFF.0038: unknown main item tag 0xd [ 1003.348594][ T5311] plantronics 0003:047F:FFFF.0038: No inputs registered, leaving [ 1003.355665][ T5311] plantronics 0003:047F:FFFF.0038: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1003.382248][ T39] audit: type=1400 audit(2000009817.801:959): avc: denied { ioctl } for pid=22317 comm="syz.2.5252" path="socket:[115698]" dev="sockfs" ino=115698 ioctlcmd=0x89ed scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 1004.795064][T15111] usb 5-1: reset high-speed USB device number 92 using dummy_hcd [ 1005.638906][T22337] tmpfs: Unknown parameter '00000000000000000004' [ 1006.228255][ T1151] usb 5-1: USB disconnect, device number 92 [ 1006.237029][T22312] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1006.245050][T22329] netlink: 212424 bytes leftover after parsing attributes in process `syz.1.5253'. [ 1006.520267][T22351] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1006.645919][T22356] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1007.050453][ T39] audit: type=1400 audit(2000010050.472:960): avc: denied { accept } for pid=22369 comm="syz.1.5264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 1007.231082][T22376] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5266'. [ 1007.238037][T22376] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5266'. [ 1007.249303][T22376] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.5266'. [ 1007.253190][T22376] openvswitch: netlink: Tunnel attr 8192 out of range max 16 [ 1007.315641][T22382] netlink: 212424 bytes leftover after parsing attributes in process `syz.0.5267'. [ 1007.388050][T22385] tmpfs: Unknown parameter '00000000000000000004' [ 1007.468606][T22388] tmpfs: Unknown parameter '00000000000000000004' [ 1008.024350][T22392] syzkaller1: entered promiscuous mode [ 1008.027787][T22392] syzkaller1: entered allmulticast mode [ 1008.031839][T22392] FAULT_INJECTION: forcing a failure. [ 1008.031839][T22392] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1008.037918][T22392] CPU: 3 PID: 22392 Comm: syz.2.5271 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 1008.043173][T22392] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1008.048615][T22392] Call Trace: [ 1008.050455][T22392] [ 1008.052283][T22392] dump_stack_lvl+0x16c/0x1f0 [ 1008.054718][T22392] should_fail_ex+0x497/0x5b0 [ 1008.057169][T22392] _copy_from_iter+0x2a1/0x1140 [ 1008.059765][T22392] ? _copy_from_iter+0x15e/0x1140 [ 1008.062134][T22392] ? __pfx__copy_from_iter+0x10/0x10 [ 1008.064483][T22392] ? sock_alloc_send_pskb+0x750/0x980 [ 1008.066955][T22392] ? __pfx__copy_from_iter+0x10/0x10 [ 1008.070242][T22392] copy_page_from_iter+0xa5/0x120 [ 1008.072531][T22392] skb_copy_datagram_from_iter+0x41d/0x6c0 [ 1008.074979][T22392] tun_get_user+0x1997/0x3c30 [ 1008.077172][T22392] ? __pfx_tun_get_user+0x10/0x10 [ 1008.079607][T22392] ? find_held_lock+0x2d/0x110 [ 1008.082131][T22392] ? __pfx_lock_release+0x10/0x10 [ 1008.084773][T22392] tun_chr_write_iter+0xe8/0x210 [ 1008.087126][T22392] vfs_write+0x6b6/0x1140 [ 1008.089100][T22392] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1008.091841][T22392] ? __pfx_vfs_write+0x10/0x10 [ 1008.094426][T22392] ? __fget_files+0x256/0x400 [ 1008.096805][T22392] ? __fget_light+0x173/0x210 [ 1008.098896][T22392] ksys_write+0x12f/0x260 [ 1008.101243][T22392] ? __pfx_ksys_write+0x10/0x10 [ 1008.103985][T22392] do_syscall_64+0xcd/0x250 [ 1008.106645][T22392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1008.110008][T22392] RIP: 0033:0x7fe15cd75bd9 [ 1008.112447][T22392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1008.122108][T22392] RSP: 002b:00007fe15db62048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1008.126565][T22392] RAX: ffffffffffffffda RBX: 00007fe15cf03f60 RCX: 00007fe15cd75bd9 [ 1008.130410][T22392] RDX: 000000000000fdef RSI: 0000000020000140 RDI: 0000000000000003 [ 1008.134223][T22392] RBP: 00007fe15db620a0 R08: 0000000000000000 R09: 0000000000000000 [ 1008.138091][T22392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1008.142014][T22392] R13: 000000000000000b R14: 00007fe15cf03f60 R15: 00007ffdc88239a8 [ 1008.145951][T22392] [ 1008.590574][T22408] FAULT_INJECTION: forcing a failure. [ 1008.590574][T22408] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1008.598647][T22408] CPU: 2 PID: 22408 Comm: syz.0.5277 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 1008.603238][T22408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1008.608256][T22408] Call Trace: [ 1008.609769][T22408] [ 1008.611144][T22408] dump_stack_lvl+0x16c/0x1f0 [ 1008.613118][T22408] should_fail_ex+0x497/0x5b0 [ 1008.615010][T22408] ? fs_reclaim_acquire+0xae/0x160 [ 1008.617351][T22408] __should_fail_alloc_page+0xe7/0x130 [ 1008.619803][T22408] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 1008.622646][T22408] __alloc_pages_noprof+0x194/0x2460 [ 1008.625034][T22408] ? stack_depot_save_flags+0x31b/0x8f0 [ 1008.627490][T22408] ? __pfx_lock_release+0x10/0x10 [ 1008.629744][T22408] ? hlock_class+0x4e/0x130 [ 1008.631566][T22408] ? mark_lock+0xb5/0xc60 [ 1008.633022][T22408] ? preempt_schedule_notrace+0x62/0xe0 [ 1008.635405][T22408] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 1008.637972][T22408] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1008.640572][T22408] ? stack_depot_save_flags+0x31b/0x8f0 [ 1008.643051][T22408] ? kasan_save_stack+0x42/0x60 [ 1008.645227][T22408] ? kasan_save_stack+0x33/0x60 [ 1008.647405][T22408] ? kasan_save_track+0x14/0x30 [ 1008.649658][T22408] ? __kasan_slab_alloc+0x89/0x90 [ 1008.651936][T22408] ? kmem_cache_alloc_node_noprof+0x153/0x310 [ 1008.654658][T22408] ? __get_vm_area_node+0x17e/0x2d0 [ 1008.656968][T22408] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1008.659619][T22408] ? policy_nodemask+0xea/0x4e0 [ 1008.661828][T22408] alloc_pages_mpol_noprof+0x275/0x610 [ 1008.664271][T22408] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 1008.666913][T22408] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1008.669256][T22408] get_free_pages_noprof+0xc/0x40 [ 1008.671580][T22408] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1008.674100][T22408] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1008.676853][T22408] __apply_to_page_range+0x795/0xdd0 [ 1008.679218][T22408] ? __pfx___apply_to_page_range+0x10/0x10 [ 1008.681797][T22408] ? insert_vmap_area+0x2ef/0x4d0 [ 1008.684017][T22408] alloc_vmap_area+0x93e/0x2a70 [ 1008.686214][T22408] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1008.688579][T22408] __get_vm_area_node+0x17e/0x2d0 [ 1008.690546][T22408] ? hlock_class+0x4e/0x130 [ 1008.692461][T22408] __vmalloc_node_range_noprof+0x276/0x1520 [ 1008.695040][T22408] ? array_map_alloc+0x27d/0x730 [ 1008.697173][T22408] ? avc_has_perm_noaudit+0x143/0x3a0 [ 1008.699356][T22408] ? array_map_alloc+0x27d/0x730 [ 1008.701400][T22408] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1008.704050][T22408] ? find_held_lock+0x2d/0x110 [ 1008.706010][T22408] ? cap_capable+0x1cf/0x240 [ 1008.708044][T22408] ? array_map_alloc+0x27d/0x730 [ 1008.710217][T22408] __bpf_map_area_alloc+0xea/0x190 [ 1008.712463][T22408] ? array_map_alloc+0x27d/0x730 [ 1008.714976][T22408] array_map_alloc+0x27d/0x730 [ 1008.717085][T22408] map_create+0x57b/0x1c50 [ 1008.719081][T22408] ? __pfx_avc_has_perm+0x10/0x10 [ 1008.721321][T22408] ? __pfx_map_create+0x10/0x10 [ 1008.723464][T22408] ? __pfx___might_resched+0x10/0x10 [ 1008.725776][T22408] ? find_held_lock+0x2d/0x110 [ 1008.727413][T22408] ? selinux_bpf+0xde/0x130 [ 1008.729406][T22408] __sys_bpf+0xd73/0x49a0 [ 1008.731240][T22408] ? ksys_write+0x21c/0x260 [ 1008.732986][T22408] ? reacquire_held_locks+0x420/0x4c0 [ 1008.735083][T22408] ? __pfx___sys_bpf+0x10/0x10 [ 1008.736921][T22408] ? vfs_write+0x14d/0x1140 [ 1008.740815][T22408] ? __mutex_unlock_slowpath+0x164/0x650 [ 1008.743282][T22408] ? fput+0x32/0x390 [ 1008.744966][T22408] ? ksys_write+0x1ab/0x260 [ 1008.746957][T22408] ? __pfx_ksys_write+0x10/0x10 [ 1008.749090][T22408] __x64_sys_bpf+0x78/0xc0 [ 1008.751104][T22408] ? lockdep_hardirqs_on+0x7c/0x110 [ 1008.753383][T22408] do_syscall_64+0xcd/0x250 [ 1008.755444][T22408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1008.758104][T22408] RIP: 0033:0x7fc0f7175bd9 [ 1008.760083][T22408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1008.768387][T22408] RSP: 002b:00007fc0f7fb1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1008.771584][T22408] RAX: ffffffffffffffda RBX: 00007fc0f7304038 RCX: 00007fc0f7175bd9 [ 1008.774765][T22408] RDX: 0000000000000048 RSI: 00000000200027c0 RDI: 0000000000000000 [ 1008.778050][T22408] RBP: 00007fc0f7fb10a0 R08: 0000000000000000 R09: 0000000000000000 [ 1008.781250][T22408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1008.784706][T22408] R13: 000000000000006e R14: 00007fc0f7304038 R15: 00007ffe1165e6e8 [ 1008.787912][T22408] [ 1009.293406][T22418] netlink: 212424 bytes leftover after parsing attributes in process `syz.1.5280'. [ 1009.529822][T22426] tmpfs: Unknown parameter '00000000000000000004' [ 1010.131845][T22437] veth0_vlan: entered allmulticast mode [ 1010.402525][ T39] audit: type=1326 audit(2000010511.828:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22445 comm="syz.2.5289" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x0 [ 1010.783489][T22453] netlink: 212424 bytes leftover after parsing attributes in process `syz.1.5290'. [ 1011.339117][T22464] fuse: Unknown parameter 'r†otmode' [ 1011.424371][T22477] veth0_vlan: entered allmulticast mode [ 1011.751841][T22481] tmpfs: Unknown parameter '00000000000000000004' [ 1012.448267][T22492] netlink: 212424 bytes leftover after parsing attributes in process `syz.3.5301'. [ 1013.085989][T22500] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1013.506627][T22514] tmpfs: Unknown parameter '00000000000000000004' [ 1013.651122][T22517] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5300'. [ 1014.483172][T22547] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1015.637864][T22577] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1015.785103][ T11] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 1015.945060][T15643] Bluetooth: hci0: command 0x0405 tx timeout [ 1016.096638][T15732] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 1016.227626][T22607] syz.3.5333[22607] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1016.227770][T22607] syz.3.5333[22607] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1016.275202][T15732] usb 5-1: Using ep0 maxpacket: 8 [ 1016.283321][T15732] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1016.287620][T15732] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1016.291501][T15732] usb 5-1: config 1 has no interface number 1 [ 1016.294225][T15732] usb 5-1: too many endpoints for config 1 interface 2 altsetting 7: 236, using maximum allowed: 30 [ 1016.298877][T15732] usb 5-1: config 1 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 236 [ 1016.304391][T15732] usb 5-1: config 1 interface 2 has no altsetting 0 [ 1016.310776][T15732] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1016.314007][T15732] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1016.318190][T15732] usb 5-1: Product: syz [ 1016.319959][T15732] usb 5-1: Manufacturer: syz [ 1016.322058][T15732] usb 5-1: SerialNumber: syz [ 1016.989577][T22613] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1017.504990][T22626] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5340'. [ 1018.659791][T22582] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1018.702932][T15732] usb 5-1: USB disconnect, device number 93 [ 1018.743556][T22637] netlink: 197108 bytes leftover after parsing attributes in process `syz.1.5344'. [ 1018.833686][T22644] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1019.518924][T22660] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1019.659061][T22668] netlink: 144 bytes leftover after parsing attributes in process `syz.1.5355'. [ 1019.760373][T22674] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1021.268646][T22712] netlink: 287 bytes leftover after parsing attributes in process `syz.3.5370'. [ 1021.268681][ T39] audit: type=1400 audit(2000010980.690:962): avc: denied { nlmsg_read } for pid=22711 comm="syz.3.5370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1021.292879][T22718] FAULT_INJECTION: forcing a failure. [ 1021.292879][T22718] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1021.298542][T22718] CPU: 0 PID: 22718 Comm: syz.2.5372 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 1021.302615][T22718] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1021.307879][T22718] Call Trace: [ 1021.309306][T22718] [ 1021.311166][T22718] dump_stack_lvl+0x16c/0x1f0 [ 1021.313432][T22718] should_fail_ex+0x497/0x5b0 [ 1021.315577][T22718] _copy_from_user+0x30/0xf0 [ 1021.317677][T22718] move_addr_to_kernel+0x68/0x160 [ 1021.319998][T22718] __sys_connect+0xbd/0x170 [ 1021.322042][T22718] ? __pfx___sys_connect+0x10/0x10 [ 1021.324332][T22718] ? __pfx_ksys_write+0x10/0x10 [ 1021.326284][T22718] __x64_sys_connect+0x72/0xb0 [ 1021.328497][T22718] ? lockdep_hardirqs_on+0x7c/0x110 [ 1021.330834][T22718] do_syscall_64+0xcd/0x250 [ 1021.332814][T22718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1021.335097][T22718] RIP: 0033:0x7fe15cd75bd9 [ 1021.336626][T22718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1021.344482][T22718] RSP: 002b:00007fe15db62048 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1021.347886][T22718] RAX: ffffffffffffffda RBX: 00007fe15cf03f60 RCX: 00007fe15cd75bd9 [ 1021.351104][T22718] RDX: 000000000000001c RSI: 0000000020000200 RDI: 0000000000000003 [ 1021.354039][T22718] RBP: 00007fe15db620a0 R08: 0000000000000000 R09: 0000000000000000 [ 1021.357035][T22718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1021.360033][T22718] R13: 000000000000000b R14: 00007fe15cf03f60 R15: 00007ffdc88239a8 [ 1021.362698][T22718] [ 1021.445807][ T39] audit: type=1400 audit(2000010980.870:963): avc: denied { setopt } for pid=22719 comm="syz.2.5373" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 1021.493809][T22723] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5374'. [ 1021.502719][T22723] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1021.512568][ T4629] Bluetooth: hci0: unexpected event for opcode 0x080c [ 1021.515615][ T4629] Bluetooth: hci0: SCO packet for unknown connection handle 200 [ 1021.553257][T22723] netlink: 100 bytes leftover after parsing attributes in process `syz.3.5374'. [ 1022.179437][T22749] syz.0.5381: attempt to access beyond end of device [ 1022.179437][T22749] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1022.185388][T22749] FAT-fs (nbd0): unable to read boot sector [ 1022.228355][ T1092] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x9b [ 1022.406109][T22749] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5381'. [ 1022.541713][T22768] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5385'. [ 1022.554086][T22768] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1022.600229][T22768] netlink: 100 bytes leftover after parsing attributes in process `syz.0.5385'. [ 1025.134329][T22744] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1025.535298][ T4629] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 1025.539832][ T4629] Bluetooth: hci0: Injecting HCI hardware error event [ 1025.546079][T15643] Bluetooth: hci0: hardware error 0x00 [ 1027.616986][T15643] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1028.923077][T22902] netlink: 'syz.3.5432': attribute type 29 has an invalid length. [ 1028.927118][T22902] netlink: 'syz.3.5432': attribute type 29 has an invalid length. [ 1028.932026][T22902] netlink: 'syz.3.5432': attribute type 29 has an invalid length. [ 1028.936211][T22902] netlink: 'syz.3.5432': attribute type 29 has an invalid length. [ 1029.202554][T22935] netlink: 'syz.3.5448': attribute type 29 has an invalid length. [ 1029.206532][T22935] netlink: 'syz.3.5448': attribute type 29 has an invalid length. [ 1029.211701][T22935] netlink: 'syz.3.5448': attribute type 29 has an invalid length. [ 1029.221651][T22935] netlink: 'syz.3.5448': attribute type 29 has an invalid length. [ 1029.285940][T22945] netlink: 'syz.3.5453': attribute type 39 has an invalid length. [ 1029.324630][T22951] netlink: 'syz.3.5455': attribute type 1 has an invalid length. [ 1029.329639][T22951] netlink: 112860 bytes leftover after parsing attributes in process `syz.3.5455'. [ 1029.709858][T22985] Â: renamed from pim6reg1 [ 1029.718161][T22987] wg2: entered promiscuous mode [ 1029.720988][T22987] wg2: entered allmulticast mode [ 1030.477706][ T39] audit: type=1400 audit(2000010989.900:964): avc: denied { setattr } for pid=23026 comm="syz.2.5490" name="zero" dev="devtmpfs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 1031.528906][ T39] audit: type=1326 audit(2000010990.950:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23094 comm="syz.2.5515" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe15cd75bd9 code=0x0 [ 1032.417967][T23102] syzkaller0: entered promiscuous mode [ 1032.420663][T23102] syzkaller0: entered allmulticast mode [ 1034.359714][ T39] audit: type=1326 audit(2000010993.780:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23133 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1034.370275][ T39] audit: type=1326 audit(2000010993.780:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23133 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1034.379663][ T39] audit: type=1326 audit(2000010993.780:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23133 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1034.389416][ T39] audit: type=1326 audit(2000010993.780:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23133 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1034.403380][ T39] audit: type=1326 audit(2000010993.800:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23133 comm="syz.2.5528" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1034.505067][T15732] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 1034.704308][T23147] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5530'. [ 1035.078015][T15732] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1035.082138][T15732] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1035.086027][T15732] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1035.091236][T15732] usb 5-1: config 0 descriptor?? [ 1035.512087][T15732] keytouch 0003:0926:3333.0039: fixing up Keytouch IEC report descriptor [ 1035.518066][T15732] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:0926:3333.0039/input/input179 [ 1035.597676][T15732] keytouch 0003:0926:3333.0039: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 1035.922762][ T5311] usb 5-1: USB disconnect, device number 94 [ 1035.928056][T23164] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5538'. [ 1036.501474][T23189] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1036.913928][T23202] erspan0: entered promiscuous mode [ 1036.932087][T23202] erspan0: left promiscuous mode [ 1037.049504][ T39] audit: type=1400 audit(2000010996.470:971): avc: denied { lock } for pid=23210 comm="syz.0.5554" path="/dev/input/mouse0" dev="devtmpfs" ino=867 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 1037.444336][ T13] tipc: Subscription rejected, illegal request [ 1037.959597][T23238] syz_tun: left allmulticast mode [ 1037.961973][T23238] syz_tun: left promiscuous mode [ 1037.963874][T23238] bridge0: port 3(syz_tun) entered disabled state [ 1037.970134][T23238] bridge_slave_1: left allmulticast mode [ 1037.972566][T23238] bridge_slave_1: left promiscuous mode [ 1037.977583][T23238] bridge0: port 2(bridge_slave_1) entered disabled state [ 1037.984186][T23238] bridge_slave_0: left allmulticast mode [ 1037.986404][T23238] bridge_slave_0: left promiscuous mode [ 1037.988468][T23238] bridge0: port 1(bridge_slave_0) entered disabled state [ 1039.256091][T23288] netlink: 763 bytes leftover after parsing attributes in process `syz.1.5583'. [ 1039.261489][T23288] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5583'. [ 1041.998358][T15732] IPVS: starting estimator thread 0... [ 1042.098736][T23344] IPVS: using max 20 ests per chain, 48000 per kthread [ 1043.892355][ T39] audit: type=1326 audit(2000011003.310:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23378 comm="syz.0.5614" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc0f7175bd9 code=0x0 [ 1045.002451][T23404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5622'. [ 1046.499998][ T39] audit: type=1326 audit(2000011005.930:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23424 comm="syz.2.5628" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x0 [ 1047.692925][ T39] audit: type=1326 audit(2000011007.110:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23456 comm="syz.3.5639" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b5a975bd9 code=0x0 [ 1047.829969][T23468] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 1047.832875][T23468] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1047.841200][T23468] vhci_hcd vhci_hcd.0: Device attached [ 1048.179229][T19480] vhci_hcd: vhci_device speed not set [ 1048.335465][T19480] usb 19-1: new full-speed USB device number 3 using vhci_hcd [ 1048.433468][T23469] vhci_hcd: connection closed [ 1048.434373][ T1095] vhci_hcd: stop threads [ 1048.438770][ T1095] vhci_hcd: release socket [ 1048.444586][ T1095] vhci_hcd: disconnect device [ 1049.628206][T23543] team0: entered promiscuous mode [ 1049.630001][T23543] team_slave_0: entered promiscuous mode [ 1049.632945][T23543] team_slave_1: entered promiscuous mode [ 1049.837516][T23542] team0: left promiscuous mode [ 1049.839599][T23542] team_slave_0: left promiscuous mode [ 1049.843522][T23542] team_slave_1: left promiscuous mode [ 1051.240074][ T39] audit: type=1326 audit(2000011010.660:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23566 comm="syz.2.5664" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1051.249141][ T39] audit: type=1326 audit(2000011010.660:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23566 comm="syz.2.5664" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1051.256771][ T39] audit: type=1326 audit(2000011010.660:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23566 comm="syz.2.5664" exe="/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1051.267185][ T39] audit: type=1326 audit(2000011010.660:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23566 comm="syz.2.5664" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1051.277445][ T39] audit: type=1326 audit(2000011010.680:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23566 comm="syz.2.5664" exe="/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1051.285703][ T39] audit: type=1326 audit(2000011010.680:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23566 comm="syz.2.5664" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1051.299023][ T39] audit: type=1326 audit(2000011010.680:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23566 comm="syz.2.5664" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1051.308560][ T39] audit: type=1326 audit(2000011010.680:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23566 comm="syz.2.5664" exe="/syz-executor" sig=0 arch=c000003e syscall=247 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1051.325167][ T39] audit: type=1326 audit(2000011010.690:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23566 comm="syz.2.5664" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe15cd115d9 code=0x7ffc0000 [ 1051.333832][ T39] audit: type=1326 audit(2000011010.690:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23566 comm="syz.2.5664" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe15cd75bd9 code=0x7ffc0000 [ 1051.968070][T23584] team0: entered promiscuous mode [ 1051.970514][T23584] team_slave_0: entered promiscuous mode [ 1051.973322][T23584] team_slave_1: entered promiscuous mode [ 1052.318829][T23583] team0: left promiscuous mode [ 1052.321086][T23583] team_slave_0: left promiscuous mode [ 1052.325311][T23583] team_slave_1: left promiscuous mode [ 1053.455024][T19480] vhci_hcd: vhci_device speed not set [ 1053.837246][T23637] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5685'. [ 1054.821682][ T1355] ieee802154 phy0 wpan0: encryption failed: -22 [ 1055.787216][ T1092] ------------[ cut here ]------------ [ 1055.791058][ T1092] WARNING: CPU: 3 PID: 1092 at net/wireless/sme.c:846 __cfg80211_connect_result+0x2967/0x2ac0 [ 1055.796403][ T1092] Modules linked in: [ 1055.798171][ T1092] CPU: 3 PID: 1092 Comm: kworker/u32:7 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 1055.805077][ T1092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1055.810469][ T1092] Workqueue: cfg80211 cfg80211_event_work [ 1055.812815][ T1092] RIP: 0010:__cfg80211_connect_result+0x2967/0x2ac0 [ 1055.816575][ T1092] Code: ff ff 41 8b 1f 31 ff 4c 89 95 68 ff ff ff 89 de e8 de 0e 4c f7 85 db 4c 8b 95 68 ff ff ff 0f 85 f3 e6 ff ff e8 ca 13 4c f7 90 <0f> 0b 90 4c 89 fe 4c 89 f7 e8 bb 60 ff ff e9 06 d9 ff ff e8 d1 f5 [ 1055.829237][ T1092] RSP: 0018:ffffc900046efb20 EFLAGS: 00010293 [ 1055.833149][ T1092] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8a41d6a2 [ 1055.836629][ T1092] RDX: ffff8880233b0000 RSI: ffffffff8a41d6b6 RDI: 0000000000000005 [ 1055.840288][ T1092] RBP: ffffc900046efc00 R08: 0000000000000005 R09: 0000000000000000 [ 1055.843673][ T1092] R10: ffff88802f485486 R11: ffff88803db40898 R12: 0000000000000000 [ 1055.847200][ T1092] R13: ffff88803db40818 R14: ffff88802f485000 R15: ffff88803db40818 [ 1055.850166][ T1092] FS: 0000000000000000(0000) GS:ffff88806b300000(0000) knlGS:0000000000000000 [ 1055.853866][ T1092] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1055.856994][ T1092] CR2: 00007fc0f7f76fa8 CR3: 000000002ddfc000 CR4: 0000000000350ef0 [ 1055.860642][ T1092] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1055.863932][ T1092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1055.867586][ T1092] Call Trace: [ 1055.869092][ T1092] [ 1055.870485][ T1092] ? show_regs+0x8c/0xa0 [ 1055.872500][ T1092] ? __warn+0xe5/0x3c0 [ 1055.874380][ T1092] ? __cfg80211_connect_result+0x2967/0x2ac0 [ 1055.877379][ T1092] ? report_bug+0x3c0/0x580 [ 1055.879301][ T1092] ? handle_bug+0x3d/0x70 [ 1055.881714][ T1092] ? exc_invalid_op+0x17/0x50 [ 1055.884154][ T1092] ? asm_exc_invalid_op+0x1a/0x20 [ 1055.887011][ T1092] ? __cfg80211_connect_result+0x2952/0x2ac0 [ 1055.889709][ T1092] ? __cfg80211_connect_result+0x2966/0x2ac0 [ 1055.892163][ T1092] ? __cfg80211_connect_result+0x2967/0x2ac0 [ 1055.895411][ T1092] ? __pfx___cfg80211_connect_result+0x10/0x10 [ 1055.898458][ T1092] ? mark_held_locks+0x9f/0xe0 [ 1055.900810][ T1092] ? cfg80211_process_wdev_events+0x391/0x5d0 [ 1055.903862][ T1092] cfg80211_process_wdev_events+0x391/0x5d0 [ 1055.906878][ T1092] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1055.909927][ T1092] cfg80211_process_rdev_events+0x9f/0x130 [ 1055.912443][ T1092] cfg80211_event_work+0x2b/0x40 [ 1055.914992][ T1092] process_one_work+0x9c5/0x1b40 [ 1055.917554][ T1092] ? __pfx_lock_acquire+0x10/0x10 [ 1055.920086][ T1092] ? __pfx_process_one_work+0x10/0x10 [ 1055.922588][ T1092] ? assign_work+0x1a0/0x250 [ 1055.926234][ T1092] worker_thread+0x6c8/0xf30 [ 1055.928271][ T1092] ? __pfx_worker_thread+0x10/0x10 [ 1055.930576][ T1092] kthread+0x2c1/0x3a0 [ 1055.932619][ T1092] ? _raw_spin_unlock_irq+0x23/0x50 [ 1055.935362][ T1092] ? __pfx_kthread+0x10/0x10 [ 1055.937313][ T1092] ret_from_fork+0x45/0x80 [ 1055.939872][ T1092] ? __pfx_kthread+0x10/0x10 [ 1055.942099][ T1092] ret_from_fork_asm+0x1a/0x30 [ 1055.944861][ T1092] [ 1055.946308][ T1092] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1055.948910][ T1092] CPU: 3 PID: 1092 Comm: kworker/u32:7 Not tainted 6.10.0-rc7-syzkaller-00276-g882ddcd1bf63 #0 [ 1055.953184][ T1092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1055.957579][ T1092] Workqueue: cfg80211 cfg80211_event_work [ 1055.960192][ T1092] Call Trace: [ 1055.961661][ T1092] [ 1055.963006][ T1092] dump_stack_lvl+0x3d/0x1f0 [ 1055.965152][ T1092] panic+0x6f5/0x7a0 [ 1055.966884][ T1092] ? __pfx_panic+0x10/0x10 [ 1055.974532][ T1092] ? show_trace_log_lvl+0x363/0x500 [ 1055.976838][ T1092] ? check_panic_on_warn+0x1f/0xb0 [ 1055.978776][ T1092] ? __cfg80211_connect_result+0x2967/0x2ac0 [ 1055.983357][ T1092] check_panic_on_warn+0xab/0xb0 [ 1055.985476][ T1092] __warn+0xf1/0x3c0 [ 1055.987003][ T1092] ? __cfg80211_connect_result+0x2967/0x2ac0 [ 1055.989612][ T1092] report_bug+0x3c0/0x580 [ 1055.991512][ T1092] handle_bug+0x3d/0x70 [ 1055.993424][ T1092] exc_invalid_op+0x17/0x50 [ 1055.995420][ T1092] asm_exc_invalid_op+0x1a/0x20 [ 1055.997458][ T1092] RIP: 0010:__cfg80211_connect_result+0x2967/0x2ac0 [ 1056.000500][ T1092] Code: ff ff 41 8b 1f 31 ff 4c 89 95 68 ff ff ff 89 de e8 de 0e 4c f7 85 db 4c 8b 95 68 ff ff ff 0f 85 f3 e6 ff ff e8 ca 13 4c f7 90 <0f> 0b 90 4c 89 fe 4c 89 f7 e8 bb 60 ff ff e9 06 d9 ff ff e8 d1 f5 [ 1056.008817][ T1092] RSP: 0018:ffffc900046efb20 EFLAGS: 00010293 [ 1056.011669][ T1092] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8a41d6a2 [ 1056.015415][ T1092] RDX: ffff8880233b0000 RSI: ffffffff8a41d6b6 RDI: 0000000000000005 [ 1056.019028][ T1092] RBP: ffffc900046efc00 R08: 0000000000000005 R09: 0000000000000000 [ 1056.022375][ T1092] R10: ffff88802f485486 R11: ffff88803db40898 R12: 0000000000000000 [ 1056.025616][ T1092] R13: ffff88803db40818 R14: ffff88802f485000 R15: ffff88803db40818 [ 1056.028994][ T1092] ? __cfg80211_connect_result+0x2952/0x2ac0 [ 1056.031725][ T1092] ? __cfg80211_connect_result+0x2966/0x2ac0 [ 1056.034647][ T1092] ? __pfx___cfg80211_connect_result+0x10/0x10 [ 1056.037506][ T1092] ? mark_held_locks+0x9f/0xe0 [ 1056.039129][ T1092] ? cfg80211_process_wdev_events+0x391/0x5d0 [ 1056.041093][ T1092] cfg80211_process_wdev_events+0x391/0x5d0 [ 1056.043007][ T1092] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1056.045161][ T1092] cfg80211_process_rdev_events+0x9f/0x130 [ 1056.047585][ T1092] cfg80211_event_work+0x2b/0x40 [ 1056.049673][ T1092] process_one_work+0x9c5/0x1b40 [ 1056.051718][ T1092] ? __pfx_lock_acquire+0x10/0x10 [ 1056.053977][ T1092] ? __pfx_process_one_work+0x10/0x10 [ 1056.056658][ T1092] ? assign_work+0x1a0/0x250 [ 1056.058782][ T1092] worker_thread+0x6c8/0xf30 [ 1056.061203][ T1092] ? __pfx_worker_thread+0x10/0x10 [ 1056.063565][ T1092] kthread+0x2c1/0x3a0 [ 1056.065456][ T1092] ? _raw_spin_unlock_irq+0x23/0x50 [ 1056.067897][ T1092] ? __pfx_kthread+0x10/0x10 [ 1056.069934][ T1092] ret_from_fork+0x45/0x80 [ 1056.072100][ T1092] ? __pfx_kthread+0x10/0x10 [ 1056.074181][ T1092] ret_from_fork_asm+0x1a/0x30 [ 1056.076328][ T1092] [ 1056.078260][ T1092] Kernel Offset: disabled [ 1056.080218][ T1092] Rebooting in 86400 seconds.. VM DIAGNOSIS: 11:56:49 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000003 RBX=0000000000000000 RCX=0000000000000002 RDX=8f5c28f5c28f5c29 RSI=0000000000000004 RDI=ffff88802b398ae0 RBP=0000000000000000 RSP=ffffc9000344f3d8 R8 =0000000000000000 R9 =0000000000000000 R10=000000000000000f R11=0000000000000003 R12=ffffffff8dbb16e0 R13=0000000000000000 R14=0000000000000078 R15=0000000000000000 RIP=ffffffff816b9485 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b2e11bff8 CR3=0000000040f1a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffddce20310 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f23971e4325 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f23971e4332 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f23971e432c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f23971e4340 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f23971e43c6 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f23971e44a4 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000080080783 RBX=0000000000000000 RCX=ffff8880237c0f90 RDX=000000000000009d RSI=ffffffff8634bb60 RDI=ffff8880237c1168 RBP=0000000000000001 RSP=ffffc900008b0c00 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000008 R12=0000000000000001 R13=0000000000004e20 R14=ffff8880237c0f90 R15=0000000000000001 RIP=ffffffff8634bba7 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055558e9b8500 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b2cff9ff8 CR3=0000000040f1a000 CR4=00350ef0 DR0=0000000000000158 DR1=00000000872c9164 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000305f6576616c 735f766461746162 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe15cde4325 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe15cde4332 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe15cde432c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe15cde4340 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe15cde43c6 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe15cde44a4 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe15ced4488 00007fe15ced4480 00007fe15ced4478 00007fe15ced4450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe15da3d100 00007fe15ced4440 00007fe15ced0004 00080000000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe15ced4498 00007fe15ced4490 00007fe15ced4488 00007fe15ced4480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=dffffc0000000000 RBX=ffff888021700000 RCX=0000000000000009 RDX=1ffff110042e025c RSI=0000000000000000 RDI=0000000000000001 RBP=0000000000000000 RSP=ffffc90003eff608 R8 =0000000000000000 R9 =0000000000000001 R10=0000000000000001 R11=0000000000000000 R12=0000000000000004 R13=0000000000000001 R14=ffff88806b13ebc0 R15=ffff8880217004f0 RIP=ffffffff81684cf2 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fc0f7f776c0 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b2d007ff8 CR3=0000000034dea000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8130964b ffffffff81309673 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff81309673 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc0f71e4325 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc0f71e4332 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc0f71e432c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc0f71e4340 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc0f71e43c6 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc0f71e44a4 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000040008 000c00130014000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000006d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fda705 RDI=ffffffff94dde1e0 RBP=ffffffff94dde1a0 RSP=ffffc900046ef510 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000006 R12=0000000000000000 R13=000000000000006d R14=ffffffff84fda6a0 R15=0000000000000000 RIP=ffffffff84fda72f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fc0f7f76fa8 CR3=000000002ddfc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1b5a9e4325 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1b5a9e4332 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1b5a9e432c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1b5a9e4340 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1b5a9e43c6 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1b5a9e44a4 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1b5aad4488 00007f1b5aad4480 00007f1b5aad4478 00007f1b5aad4450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1b5b63d100 00007f1b5aad4440 00007f1b5aad0004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1b5aad4498 00007f1b5aad4490 00007f1b5aad4488 00007f1b5aad4480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000