last executing test programs: 7.52981362s ago: executing program 3 (id=1481): socket$nl_crypto(0x10, 0x3, 0x15) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000fef000/0x1000)=nil}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x80000, @private2, 0x3}, 0x1c) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='io.stat\x00', 0x275a, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x4) syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x468d, &(0x7f0000000300)={0x0, 0x9b92, 0x4, 0x1, 0x226, 0x0, r4}, &(0x7f0000000280), &(0x7f0000000380)) close(0xffffffffffffffff) write$binfmt_script(r4, &(0x7f0000000100), 0xfffffd9d) r8 = socket(0x1e, 0x4, 0x0) connect$tipc(r8, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) 4.790273611s ago: executing program 1 (id=1491): openat$sysfs(0xffffffffffffff9c, 0x0, 0x20040, 0x48) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x1, 0x40080, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x7f, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x24, 0x0, 0x0) recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x714, 0x0, 0xfffffffffffffd25) 4.288839068s ago: executing program 3 (id=1493): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x121000) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0x40485404, 0x0) 4.037350582s ago: executing program 3 (id=1496): openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'ip6gretap0\x00', 0x400}) ioctl$TUNGETVNETBE(r1, 0x800454df, &(0x7f0000000040)=0x1) pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff}, 0x80) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="043e7522"], 0x24) r3 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080), 0x0, 0xfffffffffffffffe) pipe2$watch_queue(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x7) keyctl$KEYCTL_WATCH_KEY(0x20, r3, r2, 0xb5) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="040e0600120c"], 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r5, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r6 = getpid() sched_setscheduler(r6, 0x2, 0x0) 3.850243119s ago: executing program 2 (id=1499): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000110000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000200)='contention_begin\x00', r1}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x0, @private}, 0x4}}, 0x26) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26) openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 3.849970655s ago: executing program 3 (id=1500): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000110000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000200)='contention_begin\x00', r1}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x0, @private}, 0x4}}, 0x26) openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) 2.230278911s ago: executing program 2 (id=1503): r0 = openat$ttyS3(0xffffff9c, &(0x7f00000000c0), 0x2000, 0x0) r1 = syz_open_pts(r0, 0x220080) ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'ip6gretap0\x00', 0x400}) ioctl$TUNGETVNETBE(r3, 0x800454df, &(0x7f0000000040)=0x1) pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="043e7522"], 0x24) r6 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080), 0x0, 0xfffffffffffffffe) pipe2$watch_queue(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r7, 0x7) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r4, 0xb5) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r5, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="040e0600120c"], 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) socket$inet(0xa, 0x801, 0x84) r8 = getpid() sched_setscheduler(r8, 0x2, 0x0) 1.989799107s ago: executing program 0 (id=1506): syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2002) fsopen(&(0x7f0000000200)='tracefs\x00', 0x1) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x1fffff, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0}) io_uring_enter(r2, 0x2def, 0x4000, 0x0, 0x0, 0x0) userfaultfd(0x80801) socket$tipc(0x1e, 0x2, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x40000000000000, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 1.989350885s ago: executing program 2 (id=1507): ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000002c0)={0xffffffff, 0x0, 0x0, 'queue1\x00'}) r4 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r4, &(0x7f0000014980)=[{{&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000001c00)='{', 0x1}], 0x1}}, {{&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010101}, 0x10, &(0x7f0000010700)=[{&(0x7f0000010140)="9b", 0x1}], 0x1}}], 0x2, 0x0) 1.630177584s ago: executing program 0 (id=1508): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000002c0)) r1 = socket$packet(0x11, 0x3, 0x300) r2 = dup(r1) sendmmsg$inet6(r2, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000380)="33ef86afe441d74004940f4ccc629a1ffce84d5d5c0a95b5dad23d7ee49e7658000faa6966d08d5d180d4c6ee342eb93794516ee06e4fb772439b8b3f0d5767d31f9c7ef925c6e7e37bee78f95b603ca446421e906a0f6bf0705d1ab4ba3ab551ead0a6269068c479bdd5d98aade9b5060266610a2e1a9aacfcff8d14aa5868f9aa0eab72325", 0x86}, {&(0x7f0000000440)="c8cb2b5ec77a6494eb3fc0db976db1c96976e18f474ff58afe54c18504b1f4025bcf3d09995acaec75c10ba6e248730e8671d7e07b0b2900735465275b1c1b155c568e32e1f10c2a2caf935d0984bfecd42f1bf5f9260df52158e3ba9d2c507789dabd11a21ba382e1296b921bbc57bfae6c8c099e69e317cf55668b2e1c0ea29afc25dd58d77d9cad25472a7b75835f322b3b9c619eacc8e503ce2e8d7d7770a5f732a4a970eea022637d39be5a13547c4f99cc036078f4184d3f4c4e0bcd9a70e4a746f301caaf510908dbfb38b5a4d1650965ba8bde5b7e199a2150e0abf84cadff96828fc7b4e7a8083e2f4d16a4557314723e0bf58075", 0xf9}], 0x2, &(0x7f0000000540)=ANY=[@ANYBLOB="10000000290000004300000000080000000007000000d4000000290000003600000021170000000000001089fc0b907e2a911890575fd734d744fdd9b533cb0a07eeb16b1c53873497096ebb472d9d4cb4e56e0d761354534f7aa4a71ee53f7e196b599b19cec6d9cf876d52c2bc37d9fbb4695f0222f4cdc492e677dde23df61b785c6cc763759a356780c2467fa3b3bb4be254f8bfc6929da915d3eb4e7678b389262c25e284fe4fd9f91009cf24d80e20e160a30730000000010a7f8001ff010000000000005a5f000000000000080000000000000010000000000000002d3b000000000000000000b40000002900000039000000001401020000000000000000000000000000fffffffffffffc000400000000000000000000000000fc000000000000000000000000eed53e9ae76a952257d07f000001fe80000000000000000000000000000000002000000000000000000000000000000001fc0200000000000000000000000000010000000000000000000000000000000001ff0200"/401], 0x1a8}}], 0x1, 0x88) syz_emit_ethernet(0x4a, &(0x7f0000000800)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @val={@void, {0x8100, 0x6, 0x0, 0x2}}, {@mpls_uc={0x8847, {[], @ipv6=@dccp_packet={0x8, 0x6, "8da686", 0x10, 0x21, 0x1, @local, @dev={0xfe, 0x80, '\x00', 0x39}, {[], {{0x4e21, 0x4e20, 0x4, 0x1, 0x3, 0x0, 0x0, 0x2, 0x2, "7c1185", 0x0, "d04595"}}}}}}}}, 0x0) r3 = fcntl$dupfd(r0, 0x0, r1) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0}) 1.629719352s ago: executing program 0 (id=1509): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000080)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4000000, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, 0x0) umount2(&(0x7f0000000100)='./bus\x00', 0x8) mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000340), 0x2840, &(0x7f0000000280)) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) (async) mkdir(&(0x7f0000000080)='./bus\x00', 0x0) (async) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4000000, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (async) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, 0x0) (async) umount2(&(0x7f0000000100)='./bus\x00', 0x8) (async) mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000340), 0x2840, &(0x7f0000000280)) (async) 1.549182587s ago: executing program 0 (id=1510): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_HH_FLOWS_LIMIT={0x8}]}}]}, 0x38}}, 0x40000) 1.548576501s ago: executing program 0 (id=1511): socket$netlink(0x10, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x9, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = semget$private(0x0, 0x1, 0xa0) semctl$SETVAL(r1, 0x466c0ffda0086214, 0x10, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000180)='./file0/../file0\x00', 0x88) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x3a) r5 = socket$inet_sctp(0x2, 0x8201ad65c48ccfb3, 0x84) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000000)="0a000000010007", 0x7) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 1.039375265s ago: executing program 2 (id=1512): ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) r1 = io_uring_setup(0x5f41, &(0x7f00000001c0)={0x0, 0x0, 0x2}) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r3, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0xd6, 0x1c, 0xd, 0x5, 0x401, 0xfff5, 0xa, 0x0, 0x52, 0x8000, 0x7e9, 0x401, 0x9aa1, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r3, r4], 0x2, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f0000000340)={0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b14fea7a1316b81525ccf0f8b91fd2eddb851ba62b00d87337407214ea270251"}}) close_range(r1, 0xffffffffffffffff, 0x0) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'ip6tnl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x4, 0x8c, 0xf, 0x9, 0xa, @mcast2, @remote, 0x7, 0x80, 0x6}}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0x1, 0x58, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r11 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@bridge_delneigh={0x30, 0x1c, 0xcafe28741a3524c9, 0x70bd2b, 0x25dfdbfb, {0x7, 0x0, 0x0, r10, 0x80, 0x1e, 0xa}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}, @NDA_FLAGS_EXT={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0xc0041}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000300)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv_slave_0\x00', 0x0}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000380)={@initdev, 0x0}, &(0x7f00000003c0)=0x14) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000580)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="30010000", @ANYRES16=r6, @ANYBLOB="000228bd7000fcdbdf25150000003800018008000100", @ANYRES32=r7, @ANYBLOB="14000200766574683100000000000000000000000800030001000000080003000100000008000100", @ANYRES32=r8, @ANYBLOB="8000018008000100", @ANYRES32=r10, @ANYBLOB="14000200626f6e64300000000000000000000000140002007767300000000000000000000000000008000100", @ANYRES32=r12, @ANYBLOB="1400020076657468315f766972745f776966690008000100", @ANYRES32=r13, @ANYBLOB="1400020069705f767469300000000000000000001400020064766d727030000000000000000000004c00018014000200726f736530000000000000000000000008000300020000001400020064766d7270300000000000000000000008000100", @ANYRES32=r14, @ANYBLOB="0800013f8797d099cd58844cdf6bbfa30872a8b9d6f1ea79707db5ab5b7de8c4797f7f5788fe2b3537278a8b99ddb3fc2204f7754d0c4f7ce3fa078741", @ANYRES32=0x0, @ANYBLOB="0800030000000000180001801400020076657468315f746f5f62617461647600"], 0x130}, 0x1, 0x0, 0x0, 0x8044}, 0x4000011) r15 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x400) ioctl$DRM_IOCTL_WAIT_VBLANK(r15, 0xc018643a, &(0x7f0000000140)={0x4000000, 0x2}) close(r15) 990.239378ms ago: executing program 2 (id=1513): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x5, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x40000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000340)={'filter\x00', 0x0, [0xd, 0x3a5e]}, &(0x7f0000000280)=0x44) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) setrlimit(0x0, &(0x7f00000003c0)={0x4, 0x100}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000300)='./file0\x00') openat$autofs(0xffffff9c, &(0x7f0000000400), 0x80000, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f00000000c0)={"000600", 0x4, 0x6, 0x2, 0x0, 0x4b0, "0000000000f4ff00", '\x00\x00\a\x00', "0300", "fcffffff", ["50d5c2a7c5ae5cace40000b6", "808e88e2e9ffffffffff00", "0c436d743c974f8b084000"]}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x4) ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000180)={0x0, 0x0, 0x5, {0x80000004, 0xfffffff8, 0x7ffb, 0x2}}) bind$tipc(0xffffffffffffffff, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000500)=@generic={&(0x7f0000000440)='./file0\x00', 0x0, 0x10}, 0x14) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x51c, 0x0, 0x25, 0x148, 0x340, 0x60, 0x488, 0x2a8, 0x2a8, 0x488, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @local, 0xffffffff, 0xff000000, 'bridge_slave_1\x00', 'veth1\x00', {0xff}, {0xff}, 0x73, 0x2, 0x48}, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}}}, @common=@unspec=@statistic={{0x38}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [], 0x0, 0x2}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x578) 989.872899ms ago: executing program 1 (id=1514): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001dc0)={'bond_slave_0\x00', 0x0}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000018110000", @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_IPV6_DSTOPTS(r2, 0x29, 0x3b, &(0x7f0000001e00)={0x62, 0x3, '\x00', [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x20) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) write(r4, &(0x7f0000000040)="cb", 0xfffffdef) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) chroot(&(0x7f0000000000)='./file0/../file0\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r5 = openat(0xffffffffffffffff, &(0x7f0000000440)='./bus\x00', 0x4001, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_user\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f00000000c0), 0xfea7) fcntl$setlease(r5, 0x400, 0x1) copy_file_range(r6, &(0x7f00000001c0), r5, 0x0, 0x81, 0x10000000000000) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) openat$pfkey(0xffffff9c, &(0x7f0000000400), 0x8000, 0x0) r7 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18) getdents64(r7, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) 810.207965ms ago: executing program 1 (id=1515): r0 = openat$ttyS3(0xffffff9c, &(0x7f00000000c0), 0x2000, 0x0) r1 = syz_open_pts(r0, 0x220080) ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'ip6gretap0\x00', 0x400}) ioctl$TUNGETVNETBE(r3, 0x800454df, &(0x7f0000000040)=0x1) pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="043e7522"], 0x24) r6 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080), 0x0, 0xfffffffffffffffe) pipe2$watch_queue(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r7, 0x7) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r4, 0xb5) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r5, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="040e0600120c"], 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) socket$inet(0xa, 0x801, 0x84) r8 = getpid() sched_setscheduler(r8, 0x2, 0x0) 809.145037ms ago: executing program 3 (id=1516): mremap(&(0x7f0000ffa000/0x3000)=nil, 0x1000000000000, 0x1000000000000, 0x0, &(0x7f0000ffa000/0x4000)=nil) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r4 = socket(0x10, 0x803, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x8040) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x78, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r6, {0xc, 0x4}, {}, {0x3, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x48, 0x2, [@TCA_FLOW_EMATCHES={0x44, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x38, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x7, 0x7, 0x2}, {{0x0, 0x1, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}, @TCF_EM_META={0x20, 0x2, 0x0, 0x0, {{0xfffb, 0x4, 0x2}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x2}, {0x0, 0x7}}}, @TCA_EM_META_RVALUE={0x5, 0x3, [@TCF_META_TYPE_VAR=']']}]}}]}]}]}}]}, 0x78}}, 0x200408d0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004ed00038006800000e01907864010101ac1e0001ff0000000900000001000002000000000000000004000000760000000700000000000000"], 0x0) close_range(0xffffffffffffffff, r3, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) setpriority(0x0, 0x0, 0xacf0165) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff"], 0x68}}, 0x0) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bind$bt_hci(r8, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r8, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8) setsockopt$inet6_IPV6_DSTOPTS(r7, 0x29, 0x3b, &(0x7f0000001540)={0xff}, 0x8) getsockopt$inet6_opts(r7, 0x29, 0x3b, 0x0, &(0x7f0000000000)=0x8e) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8) 620.341554ms ago: executing program 0 (id=1517): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000110000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000200)='contention_begin\x00', r1}, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) 485.191203ms ago: executing program 1 (id=1518): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000002c0)) r1 = socket$packet(0x11, 0x3, 0x300) r2 = dup(r1) sendmmsg$inet6(r2, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000380)="33ef86afe441d74004940f4ccc629a1ffce84d5d5c0a95b5dad23d7ee49e7658000faa6966d08d5d180d4c6ee342eb93794516ee06e4fb772439b8b3f0d5767d31f9c7ef925c6e7e37bee78f95b603ca446421e906a0f6bf0705d1ab4ba3ab551ead0a6269068c479bdd5d98aade9b5060266610a2e1a9aacfcff8d14aa5868f9aa0eab72325", 0x86}, {&(0x7f0000000440)="c8cb2b5ec77a6494eb3fc0db976db1c96976e18f474ff58afe54c18504b1f4025bcf3d09995acaec75c10ba6e248730e8671d7e07b0b2900735465275b1c1b155c568e32e1f10c2a2caf935d0984bfecd42f1bf5f9260df52158e3ba9d2c507789dabd11a21ba382e1296b921bbc57bfae6c8c099e69e317cf55668b2e1c0ea29afc25dd58d77d9cad25472a7b75835f322b3b9c619eacc8e503ce2e8d7d7770a5f732a4a970eea022637d39be5a13547c4f99cc036078f4184d3f4c4e0bcd9a70e4a746f301caaf510908dbfb38b5a4d1650965ba8bde5b7e199a2150e0abf84cadff96828fc7b4e7a8083e2f4d16a4557314723e0bf58075", 0xf9}], 0x2, &(0x7f0000000540)=ANY=[@ANYBLOB="10000000290000004300000000080000000007000000d4000000290000003600000021170000000000001089fc0b907e2a911890575fd734d744fdd9b533cb0a07eeb16b1c53873497096ebb472d9d4cb4e56e0d761354534f7aa4a71ee53f7e196b599b19cec6d9cf876d52c2bc37d9fbb4695f0222f4cdc492e677dde23df61b785c6cc763759a356780c2467fa3b3bb4be254f8bfc6929da915d3eb4e7678b389262c25e284fe4fd9f91009cf24d80e20e160a30730000000010a7f8001ff010000000000005a5f000000000000080000000000000010000000000000002d3b000000000000000000b40000002900000039000000001401020000000000000000000000000000fffffffffffffc000400000000000000000000000000fc000000000000000000000000eed53e9ae76a952257d07f000001fe80000000000000000000000000000000002000000000000000000000000000000001fc0200000000000000000000000000010000000000000000000000000000000001ff0200"/401], 0x1a8}}], 0x1, 0x88) syz_emit_ethernet(0x4a, &(0x7f0000000800)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @val={@void, {0x8100, 0x6, 0x0, 0x2}}, {@mpls_uc={0x8847, {[], @ipv6=@dccp_packet={0x8, 0x6, "8da686", 0x10, 0x21, 0x1, @local, @dev={0xfe, 0x80, '\x00', 0x39}, {[], {{0x4e21, 0x4e20, 0x4, 0x1, 0x3, 0x0, 0x0, 0x2, 0x2, "7c1185", 0x0, "d04595"}}}}}}}}, 0x0) r3 = fcntl$dupfd(r0, 0x0, r1) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0}) 400.163645ms ago: executing program 1 (id=1519): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000009c0)={{{@in=@private, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@multicast2}}, &(0x7f0000000ac0)=0xe4) r3 = getuid() setreuid(r2, r3) fstat(r1, &(0x7f0000000140)) r4 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x1c) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x12c, 0x12c, 0x9, [@struct={0x6, 0x5, 0x0, 0x4, 0x0, 0x200, [{0x6, 0x1, 0x3}, {0x0, 0x4, 0x3}, {0x8, 0x1, 0xffff}, {0x7, 0x1, 0xf39}, {0xb, 0x2, 0x5}]}, @restrict={0xb, 0x0, 0x0, 0xb, 0x5}, @const={0x2, 0x0, 0x0, 0xa, 0x4}, @fwd={0x9}, @union={0x0, 0x6, 0x0, 0x5, 0x0, 0x2492, [{0x1, 0x1, 0x401}, {0xd, 0x4, 0x3}, {0xf, 0x1, 0x7}, {0x3, 0x5, 0x8}, {0x3, 0x0, 0x800}, {0xa, 0x3}]}, @struct={0x1, 0x8, 0x0, 0x4, 0x1, 0x1, [{0x7, 0x2, 0x81}, {0x3, 0x4, 0xf1b}, {0xc, 0x0, 0x10001}, {0xe, 0x0, 0xff}, {0x5, 0x5, 0x4}, {0x4, 0x5}, {0x8, 0x0, 0x40}, {0x2, 0x2, 0x3}]}]}, {0x0, [0x5f, 0x0, 0x2e, 0x0, 0x2e, 0x0, 0x5f]}}, &(0x7f0000000480)=""/73, 0x14d, 0x49, 0x0, 0x5, 0x10000, @value}, 0x28) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1e, 0x4, &(0x7f00000005c0)=@raw=[@map_idx_val={0x18, 0x2, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0xfffffff1}], &(0x7f0000000600)='syzkaller\x00', 0x8, 0xa4, &(0x7f0000000640)=""/164, 0x41100, 0xb, '\x00', 0x0, @sk_lookup, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x5, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7, &(0x7f0000000740)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, r0], &(0x7f0000000780)=[{0x2, 0x5, 0xb, 0x6}, {0x0, 0x6, 0xc, 0x1}, {0x3, 0x1, 0x1, 0x8}, {0x3, 0x1, 0x8, 0x8}, {0x1, 0x5, 0x3, 0x6}, {0x1, 0x4, 0x2, 0x9}, {0x1, 0x4, 0xd, 0x4}], 0x10, 0x1ff, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x17, 0x1d, &(0x7f0000000200)=@raw=[@jmp={0x5, 0x0, 0x8, 0xb, 0x1, 0x10, 0x8}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffff9}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @snprintf, @generic={0x3, 0xd, 0xb, 0x2, 0x6}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x4}, @generic={0x6, 0x1, 0x1, 0x2, 0xfc}], &(0x7f0000000100)='GPL\x00', 0x6, 0x30, &(0x7f0000000180)=""/48, 0x41100, 0x60, '\x00', 0x0, @fallback=0x1a, r6, 0x8, &(0x7f0000000540)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000580)={0x5, 0xf, 0x1, 0x9}, 0x10, 0x0, r7, 0x3, 0x0, &(0x7f00000008c0)=[{0x2, 0x3, 0x3, 0xc}, {0x2, 0x4, 0x9, 0xd}, {0x0, 0x4, 0x2, 0xa}], 0x10, 0x91b, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000140)={@loopback, 0x80, r8}) socket$netlink(0x10, 0x3, 0x18a0a260973f2d16) capget(&(0x7f0000000080)={0x19980330, 0xffffffffffffffff}, &(0x7f00000001c0)={0x1b93630c, 0x6, 0x9b86, 0x7, 0x5, 0xe}) 320.184739ms ago: executing program 1 (id=1520): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000340)={'filter\x00', 0x0, [0xd, 0x3a5e]}, &(0x7f0000000280)=0x44) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) setrlimit(0x0, &(0x7f00000003c0)={0x4, 0x100}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000300)='./file0\x00') openat$autofs(0xffffff9c, &(0x7f0000000400), 0x80000, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f00000000c0)={"000600", 0x4, 0x6, 0x2, 0x0, 0x4b0, "0000000000f4ff00", '\x00\x00\a\x00', "0300", "fcffffff", ["50d5c2a7c5ae5cace40000b6", "808e88e2e9ffffffffff00", "0c436d743c974f8b084000"]}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000180)={0x0, 0x0, 0x5, {0x80000004, 0xfffffff8, 0x7ffb, 0x2}}) bind$tipc(0xffffffffffffffff, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000500)=@generic={&(0x7f0000000440)='./file0\x00', 0x0, 0x10}, 0x14) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x51c, 0x0, 0x25, 0x148, 0x340, 0x60, 0x488, 0x2a8, 0x2a8, 0x488, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @local, 0xffffffff, 0xff000000, 'bridge_slave_1\x00', 'veth1\x00', {0xff}, {0xff}, 0x73, 0x2, 0x48}, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}}}, @common=@unspec=@statistic={{0x38}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [], 0x0, 0x2}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x578) 202.720582ms ago: executing program 3 (id=1521): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) r0 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x4533, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f0000000340)=0x0) r3 = openat$mixer(0xffffffffffffff9c, 0x0, 0x121040, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r3, 0x40086603, &(0x7f0000000040)) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0x7d, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r0, 0x2ded, 0x3fff, 0x46, 0x0, 0x0) ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000001000)) socket$inet6(0xa, 0x2, 0x0) r5 = syz_open_dev$evdev(&(0x7f0000000800), 0x0, 0x0) read(r5, &(0x7f0000000140)=""/109, 0x6d) 0s ago: executing program 2 (id=1522): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x5, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2001, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x3, 0xfffffffd}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000340)={'filter\x00', 0x0, [0xd, 0x3a5e]}, &(0x7f0000000280)=0x44) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) setrlimit(0x0, &(0x7f00000003c0)={0x4, 0x100}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) r3 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) openat$autofs(0xffffff9c, &(0x7f0000000400), 0x80000, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f00000000c0)={"000600", 0x4, 0x6, 0x2, 0x0, 0x4b0, "0000000000f4ff00", '\x00\x00\a\x00', "0300", "fcffffff", ["50d5c2a7c5ae5cace40000b6", "808e88e2e9ffffffffff00", "0c436d743c974f8b084000"]}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0x4) ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, &(0x7f0000000180)={0x0, 0x0, 0x5, {0x80000004, 0xfffffff8, 0x7ffb, 0x2}}) bind$tipc(0xffffffffffffffff, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000500)=@generic={&(0x7f0000000440)='./file0\x00', 0x0, 0x10}, 0x14) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x51c, 0x0, 0x25, 0x148, 0x340, 0x60, 0x488, 0x2a8, 0x2a8, 0x488, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @local, 0xffffffff, 0xff000000, 'bridge_slave_1\x00', 'veth1\x00', {0xff}, {0xff}, 0x73, 0x2, 0x48}, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}}}, @common=@unspec=@statistic={{0x38}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [], 0x0, 0x2}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x578) kernel console output (not intermixed with test programs): ncpy_from_user+0x203/0x2e0 [ 238.043128][ T9673] do_execveat_common.isra.0+0x1ce/0x610 [ 238.043156][ T9673] __ia32_compat_sys_execveat+0xe0/0x120 [ 238.043182][ T9673] __do_fast_syscall_32+0x73/0x120 [ 238.043208][ T9673] do_fast_syscall_32+0x32/0x80 [ 238.043232][ T9673] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 238.043252][ T9673] RIP: 0023:0xf709e579 [ 238.043270][ T9673] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 238.043286][ T9673] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000166 [ 238.043302][ T9673] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000140 [ 238.043312][ T9673] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 238.043321][ T9673] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 238.043331][ T9673] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 238.043340][ T9673] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 238.043362][ T9673] [ 238.053085][ T1340] usb 6-1: Using ep0 maxpacket: 32 [ 238.129461][ T9677] netlink: 12 bytes leftover after parsing attributes in process `syz.2.916'. [ 238.129519][ T1340] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 238.134841][ T1340] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 238.139051][ T1340] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 238.142577][ T1340] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 238.146950][ T1340] usb 6-1: config 0 interface 0 has no altsetting 0 [ 238.154514][ T1340] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 238.157430][ T1340] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 238.160236][ T1340] usb 6-1: Product: syz [ 238.161703][ T1340] usb 6-1: Manufacturer: syz [ 238.163359][ T1340] usb 6-1: SerialNumber: syz [ 238.166079][ T1340] usb 6-1: config 0 descriptor?? [ 238.169115][ T1340] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 238.173943][ T1340] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 238.208984][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 238.208995][ T40] audit: type=1326 audit(2000000156.218:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9674 comm="syz.0.915" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x0 [ 238.418246][ T9659] xt_time: unknown flags 0xf0 [ 238.437335][ T9686] set match dimension is over the limit! [ 238.696332][ T1340] usb 6-1: USB disconnect, device number 14 [ 238.699647][ T1340] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 238.769532][ T9687] delete_channel: no stack [ 239.305852][ T9707] tmpfs: Bad value for 'mpol' [ 239.309866][ T9714] netlink: 8 bytes leftover after parsing attributes in process `syz.1.924'. [ 239.370484][ T9716] netlink: 12 bytes leftover after parsing attributes in process `syz.2.925'. [ 239.459209][ T40] audit: type=1326 audit(2000000157.428:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.0.923" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 239.500058][ T40] audit: type=1326 audit(2000000157.428:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.0.923" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 239.512032][ T40] audit: type=1326 audit(2000000157.438:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.0.923" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 239.523703][ T40] audit: type=1326 audit(2000000157.438:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.0.923" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 239.530542][ T40] audit: type=1326 audit(2000000157.438:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.0.923" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 239.537276][ T40] audit: type=1326 audit(2000000157.438:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.0.923" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 239.544007][ T40] audit: type=1326 audit(2000000157.438:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.0.923" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 239.550845][ T40] audit: type=1326 audit(2000000157.438:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.0.923" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 239.558092][ T40] audit: type=1326 audit(2000000157.438:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.0.923" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 239.788782][ T9727] set match dimension is over the limit! [ 240.881143][ T9741] set match dimension is over the limit! [ 241.233002][ T9750] set match dimension is over the limit! [ 241.591836][ T9755] Cannot find set identified by id 0 to match [ 241.635300][ T9757] pim6reg1: entered promiscuous mode [ 241.637608][ T9757] pim6reg1: entered allmulticast mode [ 241.812288][ T9759] tmpfs: Bad value for 'mpol' [ 242.062895][ T1340] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 242.108568][ T9768] 9pnet_virtio: no channels available for device syz [ 242.242828][ T1340] usb 7-1: Using ep0 maxpacket: 8 [ 242.248759][ T1340] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 242.252696][ T1340] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 242.258287][ T1340] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.263515][ T1340] usb 7-1: config 0 descriptor?? [ 242.405252][ T9778] gfs2: gfs2 mount does not exist [ 242.520039][ T1340] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 242.660959][ T9790] bond0: Error: Cannot enslave bond to itself. [ 242.797933][ T9793] Cannot find set identified by id 0 to match [ 243.013444][ T57] usb 7-1: USB disconnect, device number 2 [ 243.548426][ T9804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.953'. [ 243.885638][ T9816] netlink: 52 bytes leftover after parsing attributes in process `syz.3.957'. [ 244.300870][ T9831] set match dimension is over the limit! [ 244.975838][ T40] kauditd_printk_skb: 14 callbacks suppressed [ 244.975847][ T40] audit: type=1326 audit(2000000162.989:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.962" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 244.986505][ T40] audit: type=1326 audit(2000000162.989:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.962" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 244.993501][ T40] audit: type=1326 audit(2000000162.999:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.962" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 245.000042][ T40] audit: type=1326 audit(2000000162.999:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9838 comm="syz.0.963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 245.006565][ T40] audit: type=1326 audit(2000000162.999:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9838 comm="syz.0.963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 245.013411][ T40] audit: type=1326 audit(2000000162.999:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.962" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 245.019998][ T40] audit: type=1326 audit(2000000162.999:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.962" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 245.026770][ T40] audit: type=1326 audit(2000000163.019:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.962" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 245.033547][ T40] audit: type=1326 audit(2000000163.029:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.962" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 245.040020][ T40] audit: type=1326 audit(2000000163.029:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.962" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 245.226602][ T9851] netlink: 8 bytes leftover after parsing attributes in process `syz.3.966'. [ 245.806586][ T9862] block nbd3: shutting down sockets [ 246.014771][ T9871] netlink: 244 bytes leftover after parsing attributes in process `syz.3.971'. [ 246.112618][ T1465] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 246.242586][ T1465] usb 6-1: device descriptor read/64, error -71 [ 246.502543][ T1465] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 246.633712][ T1465] usb 6-1: device descriptor read/64, error -71 [ 246.639553][ T9886] netlink: 'syz.0.975': attribute type 3 has an invalid length. [ 246.775882][ T1465] usb usb6-port1: attempt power cycle [ 246.973055][ T9890] set match dimension is over the limit! [ 247.121687][ T1465] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 247.143029][ T1465] usb 6-1: device descriptor read/8, error -71 [ 247.382529][ T1465] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 247.403291][ T1465] usb 6-1: device descriptor read/8, error -71 [ 247.460717][ T9900] vlan0: entered promiscuous mode [ 247.537117][ T1465] usb usb6-port1: unable to enumerate USB device [ 247.584352][ T9900] tipc: Enabling of bearer rejected, failed to enable media [ 247.724254][ T9919] netlink: 'syz.0.983': attribute type 1 has an invalid length. [ 247.726866][ T9919] netlink: 'syz.0.983': attribute type 3 has an invalid length. [ 247.729413][ T9919] netlink: 224 bytes leftover after parsing attributes in process `syz.0.983'. [ 247.737483][ T5991] IPVS: starting estimator thread 0... [ 247.822645][ T9920] IPVS: using max 43 ests per chain, 103200 per kthread [ 248.752675][ T9932] set match dimension is over the limit! [ 248.921162][ T9937] futex_wake_op: syz.2.986 tries to shift op by -33; fix this program [ 249.590460][ T9950] netlink: 11 bytes leftover after parsing attributes in process `syz.0.991'. [ 249.880912][ T9962] set match dimension is over the limit! [ 250.233827][ T9973] overlayfs: failed to resolve './file1': -2 [ 250.350085][ T9977] netlink: 72 bytes leftover after parsing attributes in process `syz.3.997'. [ 250.622770][ T9983] 9pnet_virtio: no channels available for device syz [ 250.627075][ T9983] Cannot find set identified by id 0 to match [ 250.679328][ T9987] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1001'. [ 250.681868][ T9987] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1001'. [ 252.262621][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 252.262745][ T40] audit: type=1326 audit(2000000170.259:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10020 comm="syz.1.1011" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 252.273074][ T40] audit: type=1326 audit(2000000170.259:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10020 comm="syz.1.1011" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 252.280104][ T40] audit: type=1326 audit(2000000170.259:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10020 comm="syz.1.1011" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 252.286917][ T40] audit: type=1326 audit(2000000170.259:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10020 comm="syz.1.1011" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 252.293702][ T40] audit: type=1326 audit(2000000170.259:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10020 comm="syz.1.1011" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 252.300576][ T40] audit: type=1326 audit(2000000170.259:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10020 comm="syz.1.1011" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 252.308626][ T40] audit: type=1326 audit(2000000170.259:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10020 comm="syz.1.1011" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 252.319328][ T40] audit: type=1326 audit(2000000170.259:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10020 comm="syz.1.1011" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 252.327390][ T40] audit: type=1326 audit(2000000170.259:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10020 comm="syz.1.1011" exe="/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 252.343072][ T40] audit: type=1326 audit(2000000170.269:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10020 comm="syz.1.1011" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 252.899079][T10041] lo speed is unknown, defaulting to 1000 [ 253.096654][T10053] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1019'. [ 254.115109][T10077] overlayfs: failed to resolve './file1': -2 [ 254.945939][T10099] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1031'. [ 255.058359][T10106] capability: warning: `syz.0.1031' uses 32-bit capabilities (legacy support in use) [ 255.130989][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.133839][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.472430][ T1324] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 255.626776][ T1324] usb 7-1: Using ep0 maxpacket: 32 [ 255.637390][ T1324] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 255.641056][ T1324] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 255.646613][ T1324] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 255.651324][ T1324] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 255.657131][ T1324] usb 7-1: config 0 interface 0 has no altsetting 0 [ 255.663530][ T1324] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 255.667318][ T1324] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 255.670788][ T1324] usb 7-1: Product: syz [ 255.673047][ T1324] usb 7-1: Manufacturer: syz [ 255.674918][ T1324] usb 7-1: SerialNumber: syz [ 255.679354][ T1324] usb 7-1: config 0 descriptor?? [ 255.686327][ T1324] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 255.692315][ T1324] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 256.167478][ T1324] usb 7-1: USB disconnect, device number 3 [ 256.180523][ T1324] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 256.772720][ T1340] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 256.813686][T10148] netfs: Couldn't get user pages (rc=-14) [ 256.925543][ T1340] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 256.928748][ T1340] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 256.931671][ T1340] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 256.945344][ T1340] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 256.948227][ T1340] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.950668][ T1340] usb 6-1: Product: syz [ 256.953928][ T1340] usb 6-1: Manufacturer: syz [ 256.956642][ T1340] usb 6-1: SerialNumber: syz [ 256.959765][T10153] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1044'. [ 257.274149][ T1340] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 19 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 257.456752][T10161] set match dimension is over the limit! [ 257.488115][ T1465] usb 6-1: USB disconnect, device number 19 [ 257.503330][ T1465] usblp0: removed [ 257.871623][T10168] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 258.321256][T10182] dlm: no local IP address has been set [ 258.324042][T10182] dlm: cannot start dlm midcomms -107 [ 258.501309][ T1465] libceph: connect (1)[c::]:6789 error -101 [ 258.503941][ T1465] libceph: mon0 (1)[c::]:6789 connect error [ 258.511238][ T1465] libceph: connect (1)[c::]:6789 error -101 [ 258.514635][ T1465] libceph: mon0 (1)[c::]:6789 connect error [ 258.784489][ T1465] libceph: connect (1)[c::]:6789 error -101 [ 258.786776][ T1465] libceph: mon0 (1)[c::]:6789 connect error [ 259.090355][T10195] Cannot find set identified by id 0 to match [ 259.099551][T10179] ceph: No mds server is up or the cluster is laggy [ 259.429387][T10204] 9pnet_virtio: no channels available for device syz [ 259.443124][T10204] set match dimension is over the limit! [ 260.228749][T10225] Cannot find set identified by id 0 to match [ 261.096587][T10259] set match dimension is over the limit! [ 261.963162][T10276] set match dimension is over the limit! [ 262.281668][T10280] vxcan1: tx drop: invalid da for name 0x0000000000002001 [ 262.312684][T10285] 9pnet_virtio: no channels available for device syz [ 262.324832][T10285] Cannot find set identified by id 0 to match [ 262.833566][T10295] can0: slcan on ptm0. [ 262.973323][T10294] can0 (unregistered): slcan off ptm0. [ 263.201290][T10313] Cannot find set identified by id 0 to match [ 263.791673][ T1324] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 263.941677][ T1324] usb 5-1: Using ep0 maxpacket: 32 [ 263.945962][ T1324] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 263.948545][ T1324] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 263.952659][ T1324] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 263.956234][ T1324] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 263.960488][ T1324] usb 5-1: config 0 interface 0 has no altsetting 0 [ 263.965136][ T1324] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 263.967915][ T1324] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 263.970515][ T1324] usb 5-1: Product: syz [ 263.972076][ T1324] usb 5-1: Manufacturer: syz [ 263.973556][ T1324] usb 5-1: SerialNumber: syz [ 263.976165][ T1324] usb 5-1: config 0 descriptor?? [ 263.979299][ T1324] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 263.983229][ T1324] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 264.196356][T10316] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 264.257244][T10327] set match dimension is over the limit! [ 264.319312][ T1324] usb 5-1: USB disconnect, device number 9 [ 264.325705][ T1324] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 264.341944][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 264.341959][ T40] audit: type=1326 audit(2000000182.340:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10328 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 264.353916][ T40] audit: type=1326 audit(2000000182.340:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10328 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 264.362251][ T40] audit: type=1326 audit(2000000182.340:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10328 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 264.368901][ T40] audit: type=1326 audit(2000000182.340:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10328 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 264.376751][ T40] audit: type=1326 audit(2000000182.340:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10328 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 264.385475][ T40] audit: type=1326 audit(2000000182.340:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10328 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 264.394432][ T40] audit: type=1326 audit(2000000182.340:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10328 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 264.403407][ T40] audit: type=1326 audit(2000000182.340:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10328 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 264.412269][ T40] audit: type=1326 audit(2000000182.350:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10328 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 264.421051][ T40] audit: type=1326 audit(2000000182.350:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10328 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 264.611198][T10336] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 265.025745][ T1187] Bluetooth: hci4: Frame reassembly failed (-84) [ 266.819739][T10399] tmpfs: Bad value for 'nr_blocks' [ 266.827266][T10399] netlink: 'syz.1.1109': attribute type 10 has an invalid length. [ 266.830267][T10399] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1109'. [ 266.833821][T10399] dummy0: entered promiscuous mode [ 266.837286][T10399] bridge0: port 3(dummy0) entered blocking state [ 266.839879][T10399] bridge0: port 3(dummy0) entered disabled state [ 266.842563][T10399] dummy0: entered allmulticast mode [ 266.846261][T10399] bridge0: port 3(dummy0) entered blocking state [ 266.849499][T10399] bridge0: port 3(dummy0) entered forwarding state [ 267.041457][ T5964] Bluetooth: hci4: command 0x1003 tx timeout [ 267.041473][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 267.895308][T10437] FAULT_INJECTION: forcing a failure. [ 267.895308][T10437] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 267.900071][T10437] CPU: 0 UID: 0 PID: 10437 Comm: syz.0.1121 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 267.900087][T10437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 267.900094][T10437] Call Trace: [ 267.900098][T10437] [ 267.900103][T10437] dump_stack_lvl+0x16c/0x1f0 [ 267.900134][T10437] should_fail_ex+0x512/0x640 [ 267.900149][T10437] _copy_from_user+0x2e/0xd0 [ 267.900163][T10437] rfcomm_dev_ioctl+0x114/0x1ca0 [ 267.900178][T10437] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 267.900191][T10437] ? do_vfs_ioctl+0x512/0x1990 [ 267.900205][T10437] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 267.900218][T10437] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 267.900233][T10437] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 267.900246][T10437] rfcomm_sock_compat_ioctl+0xb0/0xd0 [ 267.900258][T10437] ? __pfx_rfcomm_sock_compat_ioctl+0x10/0x10 [ 267.900272][T10437] compat_sock_ioctl+0x173/0x7c0 [ 267.900284][T10437] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 267.900294][T10437] ? hook_file_ioctl_common+0x145/0x410 [ 267.900309][T10437] ? __fget_files+0x20e/0x3c0 [ 267.900327][T10437] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 267.900338][T10437] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 267.900352][T10437] __do_fast_syscall_32+0x73/0x120 [ 267.900369][T10437] do_fast_syscall_32+0x32/0x80 [ 267.900412][T10437] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 267.900425][T10437] RIP: 0023:0xf709e579 [ 267.900433][T10437] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 267.900444][T10437] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 267.900454][T10437] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000400452c9 [ 267.900460][T10437] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 267.900467][T10437] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 267.900472][T10437] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 267.900478][T10437] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 267.900491][T10437] [ 268.490476][T10458] ieee802154 phy0 wpan0: encryption failed: -22 [ 268.691742][T10477] FAULT_INJECTION: forcing a failure. [ 268.691742][T10477] name failslab, interval 1, probability 0, space 0, times 0 [ 268.695709][T10477] CPU: 3 UID: 0 PID: 10477 Comm: syz.3.1132 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 268.695734][T10477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 268.695742][T10477] Call Trace: [ 268.695746][T10477] [ 268.695750][T10477] dump_stack_lvl+0x16c/0x1f0 [ 268.695769][T10477] should_fail_ex+0x512/0x640 [ 268.695782][T10477] ? __kmalloc_noprof+0xbf/0x510 [ 268.695799][T10477] ? io_cache_alloc_new+0x45/0xf0 [ 268.695813][T10477] should_failslab+0xc2/0x120 [ 268.695823][T10477] __kmalloc_noprof+0xd2/0x510 [ 268.695842][T10477] io_cache_alloc_new+0x45/0xf0 [ 268.695857][T10477] io_rsrc_node_alloc+0x221/0x2b0 [ 268.695871][T10477] io_sqe_buffer_register+0xee/0x1d10 [ 268.695885][T10477] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 268.695901][T10477] ? io_req_task_submit+0x124/0x1f0 [ 268.695922][T10477] ? find_held_lock+0x2b/0x80 [ 268.695936][T10477] ? ctx_flush_and_put+0x161/0x410 [ 268.695952][T10477] ? __pfx_io_sqe_buffer_register+0x10/0x10 [ 268.695968][T10477] ? iovec_from_user+0xbb/0x140 [ 268.695984][T10477] __io_register_rsrc_update+0x439/0x1190 [ 268.696002][T10477] ? __pfx___io_register_rsrc_update+0x10/0x10 [ 268.696016][T10477] ? find_held_lock+0x2b/0x80 [ 268.696028][T10477] ? __might_fault+0xe3/0x190 [ 268.696044][T10477] ? __might_fault+0xe3/0x190 [ 268.696059][T10477] ? __might_fault+0x13b/0x190 [ 268.696081][T10477] io_register_rsrc_update+0x11b/0x180 [ 268.696094][T10477] ? __pfx_io_register_rsrc_update+0x10/0x10 [ 268.696109][T10477] ? __mutex_trylock_common+0xe9/0x250 [ 268.696120][T10477] ? __pfx___mutex_trylock_common+0x10/0x10 [ 268.696132][T10477] __io_uring_register+0x1ca/0x2390 [ 268.696146][T10477] ? trace_contention_end+0xdd/0x130 [ 268.696156][T10477] ? __pfx___io_uring_register+0x10/0x10 [ 268.696169][T10477] ? __mutex_lock+0x1ca/0xb90 [ 268.696186][T10477] ? __ia32_sys_io_uring_register+0x159/0x280 [ 268.696201][T10477] ? __pfx___mutex_lock+0x10/0x10 [ 268.696220][T10477] ? __fget_files+0x20e/0x3c0 [ 268.696240][T10477] __ia32_sys_io_uring_register+0x169/0x280 [ 268.696256][T10477] __do_fast_syscall_32+0x73/0x120 [ 268.696274][T10477] do_fast_syscall_32+0x32/0x80 [ 268.696290][T10477] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 268.696303][T10477] RIP: 0023:0xf7fd8579 [ 268.696311][T10477] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 268.696321][T10477] RSP: 002b:00000000f50d555c EFLAGS: 00000296 ORIG_RAX: 00000000000001ab [ 268.696332][T10477] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 0000000000000010 [ 268.696338][T10477] RDX: 00000000800003c0 RSI: 0000000000000020 RDI: 0000000000000000 [ 268.696344][T10477] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 268.696350][T10477] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 268.696356][T10477] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 268.696382][T10477] [ 268.851324][ T6015] usb 5-1: new low-speed USB device number 10 using dummy_hcd [ 268.974537][T10491] FAULT_INJECTION: forcing a failure. [ 268.974537][T10491] name failslab, interval 1, probability 0, space 0, times 0 [ 268.978423][T10491] CPU: 3 UID: 0 PID: 10491 Comm: syz.3.1135 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 268.978437][T10491] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 268.978444][T10491] Call Trace: [ 268.978448][T10491] [ 268.978452][T10491] dump_stack_lvl+0x16c/0x1f0 [ 268.978471][T10491] should_fail_ex+0x512/0x640 [ 268.978486][T10491] should_failslab+0xc2/0x120 [ 268.978497][T10491] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 268.978514][T10491] ? skb_clone+0x190/0x3f0 [ 268.978531][T10491] skb_clone+0x190/0x3f0 [ 268.978546][T10491] netlink_deliver_tap+0xabd/0xd30 [ 268.978564][T10491] netlink_unicast+0x6b2/0x7f0 [ 268.978582][T10491] ? __pfx_netlink_unicast+0x10/0x10 [ 268.978602][T10491] netlink_ack+0x696/0xb80 [ 268.978621][T10491] netlink_rcv_skb+0x347/0x440 [ 268.978637][T10491] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 268.978653][T10491] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 268.978677][T10491] ? netlink_deliver_tap+0x1ae/0xd30 [ 268.978694][T10491] netlink_unicast+0x53a/0x7f0 [ 268.978712][T10491] ? __pfx_netlink_unicast+0x10/0x10 [ 268.978736][T10491] netlink_sendmsg+0x8d1/0xdd0 [ 268.978754][T10491] ? __pfx_netlink_sendmsg+0x10/0x10 [ 268.978771][T10491] ? __import_iovec+0x1c8/0x660 [ 268.978788][T10491] ____sys_sendmsg+0xa95/0xc70 [ 268.978800][T10491] ? __pfx_____sys_sendmsg+0x10/0x10 [ 268.978809][T10491] ? get_compat_msghdr+0x11a/0x170 [ 268.978829][T10491] ___sys_sendmsg+0x134/0x1d0 [ 268.978844][T10491] ? __pfx____sys_sendmsg+0x10/0x10 [ 268.978875][T10491] __sys_sendmsg+0x16d/0x220 [ 268.978889][T10491] ? __pfx___sys_sendmsg+0x10/0x10 [ 268.978909][T10491] ? rcu_is_watching+0x12/0xc0 [ 268.978925][T10491] __do_fast_syscall_32+0x73/0x120 [ 268.978944][T10491] do_fast_syscall_32+0x32/0x80 [ 268.978960][T10491] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 268.978973][T10491] RIP: 0023:0xf7fd8579 [ 268.978981][T10491] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 268.978992][T10491] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 268.979002][T10491] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080006040 [ 268.979008][T10491] RDX: 0000000020008050 RSI: 0000000000000000 RDI: 0000000000000000 [ 268.979014][T10491] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 268.979020][T10491] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 268.979026][T10491] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 268.979039][T10491] [ 269.076201][ T6015] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 269.078899][ T6015] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 269.081467][ T6015] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 269.085569][ T6015] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 269.089080][ T6015] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8 [ 269.092839][ T6015] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 269.096300][ T6015] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 269.103148][ T6015] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 269.105891][ T6015] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 269.108398][ T6015] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 269.112060][ T6015] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 269.115622][ T6015] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8 [ 269.119066][ T6015] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 269.123744][ T6015] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 269.129051][ T6015] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 269.133381][ T6015] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 269.136170][ T6015] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 269.139381][ T6015] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 269.144582][ T6015] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8 [ 269.148058][ T6015] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 269.151661][ T6015] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 269.165509][ T6015] usb 5-1: string descriptor 0 read error: -22 [ 269.167663][ T6015] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 269.170559][ T6015] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.188409][ T6015] adutux 5-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 269.893897][T10505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1139'. [ 269.901676][T10505] FAULT_INJECTION: forcing a failure. [ 269.901676][T10505] name failslab, interval 1, probability 0, space 0, times 0 [ 269.905641][T10505] CPU: 1 UID: 0 PID: 10505 Comm: syz.1.1139 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 269.905666][T10505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 269.905674][T10505] Call Trace: [ 269.905678][T10505] [ 269.905682][T10505] dump_stack_lvl+0x16c/0x1f0 [ 269.905702][T10505] should_fail_ex+0x512/0x640 [ 269.905714][T10505] ? fs_reclaim_acquire+0xae/0x150 [ 269.905729][T10505] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 269.905744][T10505] should_failslab+0xc2/0x120 [ 269.905759][T10505] __kmalloc_noprof+0xd2/0x510 [ 269.905774][T10505] ? trace_kmalloc+0x2b/0xd0 [ 269.905784][T10505] ? __kmalloc_noprof+0x242/0x510 [ 269.905800][T10505] ? trace_sched_exit_tp+0xde/0x130 [ 269.905818][T10505] tomoyo_realpath_from_path+0xc2/0x6e0 [ 269.905834][T10505] ? tomoyo_fill_path_info+0x233/0x420 [ 269.905847][T10505] tomoyo_mount_acl+0x1ae/0x850 [ 269.905863][T10505] ? __pfx___schedule+0x10/0x10 [ 269.905877][T10505] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 269.905905][T10505] ? tomoyo_domain+0xbb/0x150 [ 269.905921][T10505] ? tomoyo_profile+0x47/0x60 [ 269.905938][T10505] tomoyo_mount_permission+0x16d/0x420 [ 269.905951][T10505] ? tomoyo_mount_permission+0x14f/0x420 [ 269.905965][T10505] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 269.905987][T10505] security_sb_mount+0x9b/0x260 [ 269.906000][T10505] path_mount+0x128/0x1f30 [ 269.906010][T10505] ? kmem_cache_free+0x2d4/0x4d0 [ 269.906025][T10505] ? __pfx_path_mount+0x10/0x10 [ 269.906037][T10505] ? putname+0x154/0x1a0 [ 269.906049][T10505] __ia32_sys_mount+0x28b/0x310 [ 269.906059][T10505] ? __pfx___ia32_sys_mount+0x10/0x10 [ 269.906071][T10505] ? rcu_is_watching+0x12/0xc0 [ 269.906086][T10505] __do_fast_syscall_32+0x73/0x120 [ 269.906103][T10505] do_fast_syscall_32+0x32/0x80 [ 269.906119][T10505] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 269.906133][T10505] RIP: 0023:0xf7fa5579 [ 269.906141][T10505] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 269.906151][T10505] RSP: 002b:00000000f508455c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 269.906161][T10505] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000000 [ 269.906168][T10505] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000080000480 [ 269.906174][T10505] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 269.906179][T10505] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 269.906185][T10505] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 269.906198][T10505] [ 269.906221][T10505] ERROR: Out of memory at tomoyo_realpath_from_path. [ 272.118759][T10543] block device autoloading is deprecated and will be removed. [ 272.655266][T10553] lo speed is unknown, defaulting to 1000 [ 272.840501][T10556] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1153'. [ 272.895383][T10558] netlink: 788 bytes leftover after parsing attributes in process `syz.3.1154'. [ 272.917153][T10558] netlink: 'syz.3.1154': attribute type 1 has an invalid length. [ 272.919530][T10558] netlink: 'syz.3.1154': attribute type 3 has an invalid length. [ 272.922690][T10558] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1154'. [ 272.925478][T10558] NCSI netlink: No device for ifindex 0 [ 272.953959][T10558] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1154'. [ 273.531227][ T1324] usb 5-1: USB disconnect, device number 10 [ 273.735447][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 273.735458][ T40] audit: type=1326 audit(2000000191.740:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1161" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 273.745933][ T40] audit: type=1326 audit(2000000191.740:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1161" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 273.752960][ T40] audit: type=1326 audit(2000000191.740:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1161" exe="/syz-executor" sig=0 arch=40000003 syscall=163 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 273.759790][ T40] audit: type=1326 audit(2000000191.750:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1161" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 273.781144][ T40] audit: type=1326 audit(2000000191.750:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1161" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 273.787544][ T40] audit: type=1326 audit(2000000191.770:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1161" exe="/syz-executor" sig=0 arch=40000003 syscall=241 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 273.794020][ T40] audit: type=1326 audit(2000000191.770:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1161" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 273.800417][ T40] audit: type=1326 audit(2000000191.770:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1161" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 273.806921][ T40] audit: type=1326 audit(2000000191.770:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1161" exe="/syz-executor" sig=0 arch=40000003 syscall=156 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 273.813368][ T40] audit: type=1326 audit(2000000191.780:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.1.1161" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 273.891383][T10591] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1160'. [ 274.447210][T10603] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1166'. [ 274.489751][T10603] 9pnet_fd: Insufficient options for proto=fd [ 274.652484][T10614] netlink: 'syz.1.1168': attribute type 6 has an invalid length. [ 274.655413][T10614] FAULT_INJECTION: forcing a failure. [ 274.655413][T10614] name failslab, interval 1, probability 0, space 0, times 0 [ 274.659944][T10614] CPU: 0 UID: 0 PID: 10614 Comm: syz.1.1168 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 274.659959][T10614] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 274.659976][T10614] Call Trace: [ 274.659995][T10614] [ 274.659999][T10614] dump_stack_lvl+0x16c/0x1f0 [ 274.660033][T10614] should_fail_ex+0x512/0x640 [ 274.660049][T10614] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 274.660068][T10614] should_failslab+0xc2/0x120 [ 274.660079][T10614] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 274.660095][T10614] ? fib_insert_alias+0x444/0xe30 [ 274.660111][T10614] fib_insert_alias+0x444/0xe30 [ 274.660124][T10614] ? lockdep_rtnl_is_held+0x26/0x40 [ 274.660135][T10614] ? fib_table_insert+0x765/0x1c40 [ 274.660151][T10614] fib_table_insert+0xa0c/0x1c40 [ 274.660171][T10614] ? __pfx_fib_table_insert+0x10/0x10 [ 274.660189][T10614] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 274.660204][T10614] ? inet_rtm_newroute+0x124/0x210 [ 274.660220][T10614] inet_rtm_newroute+0x124/0x210 [ 274.660236][T10614] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 274.660258][T10614] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 274.660274][T10614] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 274.660290][T10614] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 274.660306][T10614] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 274.660339][T10614] rtnetlink_rcv_msg+0x95b/0xe90 [ 274.660356][T10614] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 274.660377][T10614] netlink_rcv_skb+0x16a/0x440 [ 274.660394][T10614] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 274.660409][T10614] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 274.660433][T10614] ? netlink_deliver_tap+0x1ae/0xd30 [ 274.660451][T10614] netlink_unicast+0x53a/0x7f0 [ 274.660468][T10614] ? __pfx_netlink_unicast+0x10/0x10 [ 274.660488][T10614] netlink_sendmsg+0x8d1/0xdd0 [ 274.660506][T10614] ? __pfx_netlink_sendmsg+0x10/0x10 [ 274.660523][T10614] ? __import_iovec+0x1c8/0x660 [ 274.660540][T10614] ____sys_sendmsg+0xa95/0xc70 [ 274.660551][T10614] ? __pfx_____sys_sendmsg+0x10/0x10 [ 274.660561][T10614] ? get_compat_msghdr+0x11a/0x170 [ 274.660581][T10614] ___sys_sendmsg+0x134/0x1d0 [ 274.660596][T10614] ? __pfx____sys_sendmsg+0x10/0x10 [ 274.660639][T10614] __sys_sendmsg+0x16d/0x220 [ 274.660654][T10614] ? __pfx___sys_sendmsg+0x10/0x10 [ 274.660677][T10614] ? rcu_is_watching+0x12/0xc0 [ 274.660693][T10614] __do_fast_syscall_32+0x73/0x120 [ 274.660710][T10614] do_fast_syscall_32+0x32/0x80 [ 274.660727][T10614] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 274.660740][T10614] RIP: 0023:0xf7fa5579 [ 274.660749][T10614] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 274.660759][T10614] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 274.660770][T10614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 274.660776][T10614] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 274.660782][T10614] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 274.660788][T10614] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 274.660804][T10614] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 274.660819][T10614] [ 275.834066][T10634] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1173'. [ 276.018632][T10639] set match dimension is over the limit! [ 276.539526][T10644] 9pnet_virtio: no channels available for device syz [ 276.544728][T10644] set match dimension is over the limit! [ 277.228676][T10664] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan0, syncid = 1, id = 0 [ 277.252944][T10663] IPVS: set_ctl: invalid protocol: 33 172.20.20.187:20003 [ 277.259919][T10663] IPVS: stopping backup sync thread 10664 ... [ 277.304515][T10673] FAULT_INJECTION: forcing a failure. [ 277.304515][T10673] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 277.308484][T10673] CPU: 3 UID: 0 PID: 10673 Comm: syz.1.1184 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 277.308498][T10673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 277.308505][T10673] Call Trace: [ 277.308509][T10673] [ 277.308514][T10673] dump_stack_lvl+0x16c/0x1f0 [ 277.308532][T10673] should_fail_ex+0x512/0x640 [ 277.308547][T10673] _copy_to_user+0x32/0xd0 [ 277.308562][T10673] simple_read_from_buffer+0xcb/0x170 [ 277.308578][T10673] proc_fail_nth_read+0x197/0x270 [ 277.308594][T10673] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 277.308609][T10673] ? rw_verify_area+0xcf/0x680 [ 277.308621][T10673] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 277.308636][T10673] vfs_read+0x1de/0xc70 [ 277.308652][T10673] ? __pfx___mutex_lock+0x10/0x10 [ 277.308669][T10673] ? __pfx_vfs_read+0x10/0x10 [ 277.308686][T10673] ? __fget_files+0x20e/0x3c0 [ 277.308705][T10673] ksys_read+0x12a/0x240 [ 277.308720][T10673] ? __pfx_ksys_read+0x10/0x10 [ 277.308735][T10673] ? rcu_is_watching+0x12/0xc0 [ 277.308750][T10673] __do_fast_syscall_32+0x73/0x120 [ 277.308768][T10673] do_fast_syscall_32+0x32/0x80 [ 277.308784][T10673] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 277.308797][T10673] RIP: 0023:0xf7fa5579 [ 277.308806][T10673] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 277.308816][T10673] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 277.308826][T10673] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f50c6620 [ 277.308833][T10673] RDX: 000000000000000f RSI: 00000000f7432ff4 RDI: 0000000000000000 [ 277.308839][T10673] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 277.308844][T10673] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 277.308850][T10673] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 277.308867][T10673] [ 277.380795][ C3] vkms_vblank_simulate: vblank timer overrun [ 277.472457][T10676] 8021q: adding VLAN 0 to HW filter on device bond0 [ 277.482439][T10676] bond0: (slave rose0): Enslaving as an active interface with an up link [ 277.589806][T10679] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1182'. [ 278.645371][T10715] set match dimension is over the limit! [ 279.504329][T10750] syz.3.1196: attempt to access beyond end of device [ 279.504329][T10750] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0 [ 279.508207][T10750] (syz.3.1196,10750,0):ocfs2_get_sector:1714 ERROR: status = -5 [ 279.513140][T10750] (syz.3.1196,10750,0):ocfs2_sb_probe:753 ERROR: status = -5 [ 279.515413][T10750] (syz.3.1196,10750,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 279.518102][T10750] (syz.3.1196,10750,0):ocfs2_fill_super:1177 ERROR: status = -5 [ 280.667443][T10766] set match dimension is over the limit! [ 280.809359][T10771] netlink: 'syz.3.1197': attribute type 6 has an invalid length. [ 280.954638][T10775] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1203'. [ 281.647536][T10797] Cannot find set identified by id 0 to match [ 282.081138][ T1340] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 282.086405][T10803] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 282.242906][ T1340] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 282.245942][ T1340] usb 5-1: config 0 interface 0 has no altsetting 0 [ 282.249551][ T1340] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 282.254139][ T1340] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 282.257397][ T1340] usb 5-1: Product: syz [ 282.259226][ T1340] usb 5-1: Manufacturer: syz [ 282.261257][ T1340] usb 5-1: SerialNumber: syz [ 282.266691][ T1340] usb 5-1: config 0 descriptor?? [ 282.276516][ T1340] usb 5-1: selecting invalid altsetting 0 [ 282.479213][ T5991] usb 5-1: USB disconnect, device number 11 [ 282.875822][T10811] can0: slcan on ttyS3. [ 282.882142][T10813] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 282.884340][T10813] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 282.887110][T10813] vhci_hcd vhci_hcd.0: Device attached [ 282.892018][T10813] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(13) [ 282.894069][T10813] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 282.896955][T10813] vhci_hcd vhci_hcd.0: Device attached [ 282.899198][T10813] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 282.905546][T10813] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(17) [ 282.908212][T10813] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 282.913652][T10813] vhci_hcd vhci_hcd.0: Device attached [ 282.920357][T10813] vhci_hcd vhci_hcd.0: pdev(2) rhport(4) sockfd(20) [ 282.923176][T10813] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 282.927294][T10813] vhci_hcd vhci_hcd.0: Device attached [ 282.931571][T10813] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 282.937563][T10813] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 282.941518][T10813] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 282.946729][T10813] vhci_hcd vhci_hcd.0: port 0 already used [ 282.950569][T10811] can0 (unregistered): slcan off ttyS3. [ 282.956989][T10820] vhci_hcd: connection closed [ 282.957062][T10818] vhci_hcd: connection closed [ 282.958310][ T13] vhci_hcd: stop threads [ 282.958842][T10814] vhci_hcd: connection closed [ 282.960614][ T13] vhci_hcd: release socket [ 282.960685][ T13] vhci_hcd: disconnect device [ 282.962143][T10816] vhci_hcd: connection closed [ 282.965950][ T13] vhci_hcd: stop threads [ 282.970902][ T13] vhci_hcd: release socket [ 282.972787][ T13] vhci_hcd: disconnect device [ 282.976280][ T13] vhci_hcd: stop threads [ 282.978002][ T13] vhci_hcd: release socket [ 282.979836][ T13] vhci_hcd: disconnect device [ 282.982424][ T13] vhci_hcd: stop threads [ 282.983816][ T13] vhci_hcd: release socket [ 282.985248][ T13] vhci_hcd: disconnect device [ 283.015637][T10826] can0: slcan on ttyS3. [ 283.641211][T10808] can0 (unregistered): slcan off ttyS3. [ 283.961495][T10873] set match dimension is over the limit! [ 284.140501][ T1324] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 284.302888][ T1324] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 284.306370][ T1324] usb 7-1: config 0 interface 0 has no altsetting 0 [ 284.310080][ T1324] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 284.313206][ T1324] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 284.316190][ T1324] usb 7-1: Product: syz [ 284.317940][ T1324] usb 7-1: Manufacturer: syz [ 284.319553][ T1324] usb 7-1: SerialNumber: syz [ 284.326455][ T1324] usb 7-1: config 0 descriptor?? [ 284.332911][ T1324] usb 7-1: selecting invalid altsetting 0 [ 284.476902][T10883] FAULT_INJECTION: forcing a failure. [ 284.476902][T10883] name failslab, interval 1, probability 0, space 0, times 0 [ 284.481175][T10883] CPU: 2 UID: 0 PID: 10883 Comm: syz.0.1226 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 284.481190][T10883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 284.481197][T10883] Call Trace: [ 284.481201][T10883] [ 284.481205][T10883] dump_stack_lvl+0x16c/0x1f0 [ 284.481225][T10883] should_fail_ex+0x512/0x640 [ 284.481238][T10883] ? fs_reclaim_acquire+0xae/0x150 [ 284.481252][T10883] ? tomoyo_encode2+0x100/0x3e0 [ 284.481267][T10883] should_failslab+0xc2/0x120 [ 284.481277][T10883] __kmalloc_noprof+0xd2/0x510 [ 284.481296][T10883] tomoyo_encode2+0x100/0x3e0 [ 284.481312][T10883] tomoyo_encode+0x29/0x50 [ 284.481325][T10883] tomoyo_mount_acl+0x144/0x850 [ 284.481338][T10883] ? kernel_text_address+0x8d/0x100 [ 284.481352][T10883] ? __kernel_text_address+0xd/0x40 [ 284.481364][T10883] ? unwind_get_return_address+0x59/0xa0 [ 284.481379][T10883] ? arch_stack_walk+0xa6/0x100 [ 284.481394][T10883] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 284.481422][T10883] ? tomoyo_domain+0xbb/0x150 [ 284.481437][T10883] ? tomoyo_profile+0x47/0x60 [ 284.481455][T10883] tomoyo_mount_permission+0x16d/0x420 [ 284.481468][T10883] ? tomoyo_mount_permission+0x14f/0x420 [ 284.481482][T10883] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 284.481504][T10883] security_sb_mount+0x9b/0x260 [ 284.481516][T10883] path_mount+0x128/0x1f30 [ 284.481527][T10883] ? kmem_cache_free+0x2d4/0x4d0 [ 284.481546][T10883] ? __pfx_path_mount+0x10/0x10 [ 284.481558][T10883] ? putname+0x154/0x1a0 [ 284.481570][T10883] __ia32_sys_mount+0x28b/0x310 [ 284.481580][T10883] ? __pfx___ia32_sys_mount+0x10/0x10 [ 284.481592][T10883] ? rcu_is_watching+0x12/0xc0 [ 284.481607][T10883] __do_fast_syscall_32+0x73/0x120 [ 284.481625][T10883] do_fast_syscall_32+0x32/0x80 [ 284.481641][T10883] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 284.481654][T10883] RIP: 0023:0xf709e579 [ 284.481663][T10883] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 284.481673][T10883] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 284.481684][T10883] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 0000000080000080 [ 284.481690][T10883] RDX: 0000000080000000 RSI: 000000000021004f RDI: 0000000000000000 [ 284.481696][T10883] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 284.481702][T10883] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 284.481708][T10883] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 284.481720][T10883] [ 284.590309][ T1324] usb 7-1: USB disconnect, device number 4 [ 284.689694][T10891] FAULT_INJECTION: forcing a failure. [ 284.689694][T10891] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 284.705777][T10891] CPU: 3 UID: 0 PID: 10891 Comm: syz.0.1229 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 284.705799][T10891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 284.705807][T10891] Call Trace: [ 284.705812][T10891] [ 284.705818][T10891] dump_stack_lvl+0x16c/0x1f0 [ 284.705847][T10891] should_fail_ex+0x512/0x640 [ 284.705865][T10891] _copy_from_user+0x2e/0xd0 [ 284.705883][T10891] get_compat_msghdr+0xa7/0x170 [ 284.705900][T10891] ? __pfx_get_compat_msghdr+0x10/0x10 [ 284.705918][T10891] ? __pfx__kstrtoull+0x10/0x10 [ 284.705942][T10891] ___sys_sendmsg+0x1ae/0x1d0 [ 284.705961][T10891] ? __pfx____sys_sendmsg+0x10/0x10 [ 284.705987][T10891] ? find_held_lock+0x2b/0x80 [ 284.706011][T10891] ? __pfx___might_resched+0x10/0x10 [ 284.706033][T10891] __sys_sendmmsg+0x2f9/0x420 [ 284.706053][T10891] ? __pfx___sys_sendmmsg+0x10/0x10 [ 284.706076][T10891] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 284.706103][T10891] ? fput+0x70/0xf0 [ 284.706117][T10891] ? ksys_write+0x1b9/0x240 [ 284.706134][T10891] ? __pfx_ksys_write+0x10/0x10 [ 284.706155][T10891] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 284.706172][T10891] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 284.706193][T10891] __do_fast_syscall_32+0x73/0x120 [ 284.706213][T10891] do_fast_syscall_32+0x32/0x80 [ 284.706233][T10891] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 284.706250][T10891] RIP: 0023:0xf709e579 [ 284.706260][T10891] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 284.706273][T10891] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 284.706287][T10891] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180 [ 284.706295][T10891] RDX: 000000000400008a RSI: 0000000000000000 RDI: 0000000000000000 [ 284.706303][T10891] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 284.706311][T10891] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 284.706319][T10891] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 284.706336][T10891] [ 284.784311][ C3] vkms_vblank_simulate: vblank timer overrun [ 284.842169][T10903] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1233'. [ 284.846303][T10903] netlink: zone id is out of range [ 284.848419][T10903] netlink: zone id is out of range [ 284.852918][T10903] netlink: zone id is out of range [ 284.864492][T10903] netlink: zone id is out of range [ 284.867901][T10903] netlink: set zone limit has 8 unknown bytes [ 284.908359][T10907] netlink: zone id is out of range [ 284.910740][T10907] netlink: zone id is out of range [ 284.922795][T10907] netlink: zone id is out of range [ 284.927670][T10907] netlink: set zone limit has 8 unknown bytes [ 285.442735][T10922] set match dimension is over the limit! [ 286.580712][ T6015] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 286.738484][T10960] ip6gretap0: entered promiscuous mode [ 286.751859][ T6015] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 286.755985][ T6015] usb 7-1: config 0 interface 0 has no altsetting 0 [ 286.783852][ T6015] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 286.787647][ T6015] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 286.792857][ T6015] usb 7-1: Product: syz [ 286.800134][ T6015] usb 7-1: Manufacturer: syz [ 286.810746][ T6015] usb 7-1: SerialNumber: syz [ 286.830784][ T6015] usb 7-1: config 0 descriptor?? [ 286.846656][ T6015] usb 7-1: selecting invalid altsetting 0 [ 286.884653][T10966] bond0: (slave team0): Releasing backup interface [ 286.914741][T10971] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1250'. [ 286.943210][T10966] bridge_slave_0: left allmulticast mode [ 286.945471][T10966] bridge_slave_0: left promiscuous mode [ 286.950389][T10966] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.985676][T10966] bridge_slave_1: left allmulticast mode [ 286.987707][T10966] bridge_slave_1: left promiscuous mode [ 286.990471][T10966] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.067691][T10966] bond0: (slave bond_slave_0): Releasing backup interface [ 287.082783][ T9] usb 7-1: USB disconnect, device number 5 [ 287.115875][T10966] bond0: (slave bond_slave_1): Releasing backup interface [ 287.167856][T10966] team0: Port device team_slave_0 removed [ 287.290362][ T6015] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 287.384382][T10966] team0: Port device team_slave_1 removed [ 287.390681][T10966] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 287.393701][T10966] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 287.489446][T10966] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 287.501794][T10966] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 287.502872][ T6015] usb 6-1: unable to get BOS descriptor or descriptor too short [ 287.507929][ T6015] usb 6-1: config 1 interface 0 altsetting 170 bulk endpoint 0x82 has invalid maxpacket 16 [ 287.511082][ T6015] usb 6-1: config 1 interface 0 has no altsetting 0 [ 287.515799][ T6015] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 287.519521][ T6015] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.522982][ T6015] usb 6-1: Product: syz [ 287.524757][ T6015] usb 6-1: Manufacturer: syz [ 287.526732][ T6015] usb 6-1: SerialNumber: syz [ 287.535556][T10960] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 287.566448][T10966] team0: Port device geneve0 removed [ 287.594792][T10966] bond2: (slave ip6erspan0): Releasing active interface [ 287.699069][T10981] program syz.2.1252 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 287.721669][ T1324] lo speed is unknown, defaulting to 1000 [ 287.760840][ T6015] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71 [ 287.765650][ T6015] usb 6-1: USB disconnect, device number 20 [ 287.798997][T10981] [U] [ 287.800426][T10981] [U] [ 287.801747][T10981] [U] 6ÎÊ„n‹ÔäT*[<; 0o’˜ËƒÛ.¤çáž’ƒþ _ŠZ¥Î)Ð¥MGd®N¶©ƒ’ $Þçóî? gícRÉ4í¹Â¬—ù/Œ [ 287.805722][T10981] [U] ?õé1{&>ŽðÛ(Ä:a›ÛzgBÅVð1MÁhN:çAD€gýõeMiZLrµÆÀPÛ¶ˆFœw œ‡P‹v [ 287.808963][T10981] [U] \ܬMöƒ^nÌgôaßdR;då¢%F¿âQË’SI¤  [ 287.811362][T10981] [U] [ 287.812509][T10981] [U] [ 287.814061][T10981] [U] [ 287.815238][T10981] [U] [ 287.816425][T10981] [U] [ 287.817743][T10981] [U] [ 287.818970][T10981] [U] [ 287.820165][T10981] [U] [ 287.821366][T10981] [U] [ 287.831674][T10981] [U] [ 287.832756][T10981] [U] [ 287.833787][T10981] [U] [ 287.834819][T10981] [U] [ 287.835955][T10981] [U] [ 287.836934][T10981] [U] [ 287.837788][T10981] [U] [ 287.838677][T10981] [U] [ 287.895867][T10981] [U] [ 287.896827][T10981] [U] [ 287.897729][T10981] [U] [ 287.898914][T10981] [U] [ 287.899997][T10981] [U] [ 287.900960][T10981] [U] [ 287.901895][T10981] [U] [ 287.902868][T10981] [U] [ 287.909460][T10981] [U] [ 287.910417][T10981] [U] [ 287.911361][T10981] [U] [ 287.912420][T10981] [U] [ 287.916062][T10981] [U] [ 287.917062][T10981] [U] [ 287.918003][T10981] [U] [ 287.918975][T10981] [U] [ 287.921473][T10981] [U] [ 287.922492][T10981] [U] [ 287.923427][T10981] [U] [ 287.924439][T10981] [U] [ 287.925605][T10981] [U] [ 287.926584][T10981] [U] [ 287.927503][T10981] [U] [ 287.928359][T10981] [U] [ 287.929772][T10981] [U] [ 287.930698][T10981] [U] [ 287.931550][T10981] [U] [ 287.932430][T10981] [U] [ 287.936478][T10981] [U] [ 287.937345][T10981] [U] [ 287.938191][T10981] [U] [ 287.939036][T10981] [U] [ 287.940300][T10981] [U] [ 287.941200][T10981] [U] [ 287.942078][T10981] [U] [ 287.942910][T10981] [U] [ 287.945892][T10981] [U] [ 287.946791][T10981] [U] [ 287.947643][T10981] [U] [ 287.948494][T10981] [U] [ 287.949482][T10981] [U] [ 287.950356][T10981] [U] [ 287.951222][T10981] [U] [ 287.952083][T10981] [U] [ 287.957145][T10981] [U] [ 287.957991][T10981] [U] [ 287.958840][T10981] [U] [ 287.959699][T10981] [U] [ 287.960791][T10981] [U] [ 287.961648][T10981] [U] [ 287.962518][T10981] [U] [ 287.963370][T10981] [U] [ 287.964375][T10981] [U] [ 287.965219][T10981] [U] [ 287.966077][T10981] [U] [ 287.966956][T10981] [U] [ 287.969333][T10981] [U] [ 287.970485][T10981] [U] [ 287.971627][T10981] [U] [ 287.972818][T10981] [U] [ 287.975347][T10981] [U] [ 287.976327][T10981] [U] [ 287.977259][T10981] [U] [ 287.978137][T10981] [U] [ 287.979369][T10981] [U] [ 287.980304][T10981] [U] [ 287.981203][T10981] [U] [ 287.982109][T10981] [U] [ 287.983153][T10981] [U] [ 287.984040][T10981] [U] [ 287.984932][T10981] [U] [ 287.985824][T10981] [U] [ 287.986905][T10981] [U] [ 287.987788][T10981] [U] [ 287.988686][T10981] [U] [ 287.989569][T10981] [U] [ 287.992256][T10981] [U] [ 287.993153][T10981] [U] [ 287.994037][T10981] [U] [ 287.994918][T10981] [U] [ 287.995863][T10981] [U] [ 287.996766][T10981] [U] [ 287.997656][T10981] [U] [ 287.998536][T10981] [U] [ 288.001781][T10981] [U] [ 288.002693][T10981] [U] [ 288.003581][T10981] [U] [ 288.004473][T10981] [U] [ 288.005357][T10981] [U] [ 288.006319][T10981] [U] [ 288.007203][T10981] [U] [ 288.008084][T10981] [U] [ 288.008976][T10981] [U] [ 288.009906][T10981] [U] [ 288.010801][T10981] [U] [ 288.011681][T10981] [U] [ 288.012584][T10981] [U] [ 288.015347][T10981] [U] [ 288.016287][T10981] [U] [ 288.017175][T10981] [U] [ 288.018061][T10981] [U] [ 288.018997][T10981] [U] [ 288.019881][T10981] [U] [ 288.020787][T10981] [U] [ 288.021669][T10981] [U] [ 288.023186][T10981] [U] [ 288.024087][T10981] [U] [ 288.024972][T10981] [U] [ 288.025841][T10981] [U] [ 288.026845][T10981] [U] [ 288.027730][T10981] [U] [ 288.028623][T10981] [U] [ 288.077671][T10980] [U] [ 289.775461][T11024] usb usb9: check_ctrlrecip: process 11024 (syz.1.1263) requesting ep 01 but needs 81 [ 289.778695][T11024] usb usb9: usbfs: process 11024 (syz.1.1263) did not claim interface 0 before use [ 290.445582][T11047] FAULT_INJECTION: forcing a failure. [ 290.445582][T11047] name failslab, interval 1, probability 0, space 0, times 0 [ 290.449457][T11047] CPU: 3 UID: 0 PID: 11047 Comm: syz.3.1269 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 290.449472][T11047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 290.449480][T11047] Call Trace: [ 290.449484][T11047] [ 290.449488][T11047] dump_stack_lvl+0x16c/0x1f0 [ 290.449507][T11047] should_fail_ex+0x512/0x640 [ 290.449520][T11047] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 290.449541][T11047] should_failslab+0xc2/0x120 [ 290.449551][T11047] __kmalloc_cache_noprof+0x6a/0x3e0 [ 290.449566][T11047] ? sctp_datamsg_from_user+0x8d/0x1320 [ 290.449582][T11047] sctp_datamsg_from_user+0x8d/0x1320 [ 290.449596][T11047] ? __sk_mem_raise_allocated+0x895/0x1700 [ 290.449615][T11047] ? __sk_mem_schedule+0xd0/0x100 [ 290.449631][T11047] sctp_sendmsg_to_asoc+0xaf5/0x1bf0 [ 290.449646][T11047] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 290.449656][T11047] ? do_raw_spin_lock+0x12c/0x2b0 [ 290.449669][T11047] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 290.449684][T11047] ? sctp_sendmsg_check_sflags+0x176/0x320 [ 290.449702][T11047] sctp_sendmsg+0xef5/0x1ee0 [ 290.449713][T11047] ? __pfx_get_page_from_freelist+0x10/0x10 [ 290.449728][T11047] ? should_fail_alloc_page+0xee/0x130 [ 290.449742][T11047] ? __pfx_sctp_sendmsg+0x10/0x10 [ 290.449754][T11047] ? __pfx___might_resched+0x10/0x10 [ 290.449775][T11047] ? __pfx_aa_sk_perm+0x10/0x10 [ 290.449793][T11047] ? __import_iovec+0x1c8/0x660 [ 290.449807][T11047] ? __pfx_sctp_sendmsg+0x10/0x10 [ 290.449820][T11047] inet_sendmsg+0x119/0x140 [ 290.449832][T11047] ____sys_sendmsg+0x973/0xc70 [ 290.449843][T11047] ? __pfx_____sys_sendmsg+0x10/0x10 [ 290.449853][T11047] ? get_compat_msghdr+0x11a/0x170 [ 290.449868][T11047] ? __pfx__kstrtoull+0x10/0x10 [ 290.449887][T11047] ___sys_sendmsg+0x134/0x1d0 [ 290.449902][T11047] ? __pfx____sys_sendmsg+0x10/0x10 [ 290.449923][T11047] ? find_held_lock+0x2b/0x80 [ 290.449944][T11047] __sys_sendmmsg+0x2f9/0x420 [ 290.449960][T11047] ? __pfx___sys_sendmmsg+0x10/0x10 [ 290.449978][T11047] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 290.450013][T11047] ? fput+0x70/0xf0 [ 290.450025][T11047] ? ksys_write+0x1b9/0x240 [ 290.450039][T11047] ? __pfx_ksys_write+0x10/0x10 [ 290.450056][T11047] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 290.450071][T11047] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 290.450088][T11047] __do_fast_syscall_32+0x73/0x120 [ 290.450105][T11047] do_fast_syscall_32+0x32/0x80 [ 290.450121][T11047] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 290.450135][T11047] RIP: 0023:0xf7fd8579 [ 290.450143][T11047] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 290.450153][T11047] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 290.450164][T11047] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080003f00 [ 290.450170][T11047] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 290.450176][T11047] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 290.450182][T11047] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 290.450188][T11047] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 290.450200][T11047] [ 290.614166][T11049] Cannot find set identified by id 0 to match [ 291.137310][T11062] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1264'. [ 291.141234][T11062] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1264'. [ 292.353389][T11086] Cannot find set identified by id 0 to match [ 293.424480][T11102] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1284'. [ 293.600938][T11104] Cannot find set identified by id 0 to match [ 294.179308][T11118] FAULT_INJECTION: forcing a failure. [ 294.179308][T11118] name failslab, interval 1, probability 0, space 0, times 0 [ 294.183259][T11118] CPU: 3 UID: 0 PID: 11118 Comm: syz.3.1289 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 294.183274][T11118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 294.183281][T11118] Call Trace: [ 294.183285][T11118] [ 294.183289][T11118] dump_stack_lvl+0x16c/0x1f0 [ 294.183310][T11118] should_fail_ex+0x512/0x640 [ 294.183324][T11118] should_failslab+0xc2/0x120 [ 294.183335][T11118] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 294.183352][T11118] ? skb_clone+0x190/0x3f0 [ 294.183369][T11118] skb_clone+0x190/0x3f0 [ 294.183384][T11118] netlink_deliver_tap+0xabd/0xd30 [ 294.183403][T11118] netlink_unicast+0x6b2/0x7f0 [ 294.183420][T11118] ? __pfx_netlink_unicast+0x10/0x10 [ 294.183439][T11118] netlink_ack+0x696/0xb80 [ 294.183458][T11118] netlink_rcv_skb+0x347/0x440 [ 294.183474][T11118] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 294.183491][T11118] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 294.183517][T11118] ? netlink_deliver_tap+0x1ae/0xd30 [ 294.183535][T11118] netlink_unicast+0x53a/0x7f0 [ 294.183552][T11118] ? __pfx_netlink_unicast+0x10/0x10 [ 294.183574][T11118] netlink_sendmsg+0x8d1/0xdd0 [ 294.183592][T11118] ? __pfx_netlink_sendmsg+0x10/0x10 [ 294.183609][T11118] ? __import_iovec+0x1c8/0x660 [ 294.183626][T11118] ____sys_sendmsg+0xa95/0xc70 [ 294.183637][T11118] ? __pfx_____sys_sendmsg+0x10/0x10 [ 294.183647][T11118] ? get_compat_msghdr+0x11a/0x170 [ 294.183666][T11118] ___sys_sendmsg+0x134/0x1d0 [ 294.183681][T11118] ? __pfx____sys_sendmsg+0x10/0x10 [ 294.183711][T11118] __sys_sendmsg+0x16d/0x220 [ 294.183725][T11118] ? __pfx___sys_sendmsg+0x10/0x10 [ 294.183744][T11118] ? rcu_is_watching+0x12/0xc0 [ 294.183760][T11118] __do_fast_syscall_32+0x73/0x120 [ 294.183779][T11118] do_fast_syscall_32+0x32/0x80 [ 294.183795][T11118] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 294.183808][T11118] RIP: 0023:0xf7fd8579 [ 294.183816][T11118] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 294.183826][T11118] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 294.183836][T11118] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140 [ 294.183843][T11118] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 294.183849][T11118] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 294.183854][T11118] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 294.183860][T11118] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 294.183894][T11118] [ 294.419891][ T1465] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 294.454799][T11124] lo speed is unknown, defaulting to 1000 [ 294.523157][ T40] kauditd_printk_skb: 30 callbacks suppressed [ 294.523173][ T40] audit: type=1326 audit(2000000212.531:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1293" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 294.535171][ T40] audit: type=1326 audit(2000000212.531:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1293" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 294.545194][ T40] audit: type=1326 audit(2000000212.541:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1293" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 294.567576][ T40] audit: type=1326 audit(2000000212.571:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1293" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 294.576268][ T40] audit: type=1326 audit(2000000212.591:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1293" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 294.584422][T11132] FAULT_INJECTION: forcing a failure. [ 294.584422][T11132] name failslab, interval 1, probability 0, space 0, times 0 [ 294.588537][ T40] audit: type=1326 audit(2000000212.591:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1293" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 294.596048][T11132] CPU: 2 UID: 0 PID: 11132 Comm: syz.0.1293 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 294.596075][T11132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 294.596083][T11132] Call Trace: [ 294.596087][T11132] [ 294.596091][T11132] dump_stack_lvl+0x16c/0x1f0 [ 294.596110][T11132] should_fail_ex+0x512/0x640 [ 294.596124][T11132] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 294.596164][T11132] should_failslab+0xc2/0x120 [ 294.596175][T11132] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 294.596191][T11132] ? __alloc_skb+0x2b2/0x380 [ 294.596207][T11132] __alloc_skb+0x2b2/0x380 [ 294.596220][T11132] ? __pfx___alloc_skb+0x10/0x10 [ 294.596233][T11132] ? rcu_is_watching+0x12/0xc0 [ 294.596246][T11132] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 294.596263][T11132] ? audit_log_start+0x2c5/0x7f0 [ 294.596280][T11132] audit_log_start+0x2ea/0x7f0 [ 294.596297][T11132] ? __pfx_audit_log_start+0x10/0x10 [ 294.596317][T11132] ? migrate_enable+0x1ed/0x260 [ 294.596330][T11132] ? __pfx_migrate_enable+0x10/0x10 [ 294.596344][T11132] audit_seccomp+0x60/0x290 [ 294.596361][T11132] __seccomp_filter+0x7b6/0xea0 [ 294.596377][T11132] ? __pfx___seccomp_filter+0x10/0x10 [ 294.596394][T11132] ? fput+0x70/0xf0 [ 294.596404][T11132] ? ksys_write+0x1b9/0x240 [ 294.596420][T11132] __secure_computing+0x287/0x3b0 [ 294.596436][T11132] syscall_trace_enter+0x89/0x260 [ 294.596448][T11132] __do_fast_syscall_32+0xc2/0x120 [ 294.596466][T11132] do_fast_syscall_32+0x32/0x80 [ 294.596490][T11132] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 294.596503][T11132] RIP: 0023:0xf709e579 [ 294.596511][T11132] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 294.596522][T11132] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000072 [ 294.596532][T11132] RAX: ffffffffffffffda RBX: 000000000000041e RCX: 0000000000000000 [ 294.596538][T11132] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 294.596544][T11132] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 294.596550][T11132] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 294.596556][T11132] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 294.596569][T11132] [ 294.596709][ T40] audit: type=1326 audit(2000000212.591:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11135 comm="syz.0.1293" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 294.602308][T11132] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 294.604083][ T40] audit: type=1326 audit(2000000212.601:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1293" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 294.605508][T11132] audit: out of memory in audit_log_start [ 294.619898][ T1465] usb 7-1: Using ep0 maxpacket: 32 [ 294.703356][ T1465] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 294.706141][ T1465] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 294.709614][ T1465] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 294.713013][ T1465] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 294.717062][ T1465] usb 7-1: config 0 interface 0 has no altsetting 0 [ 294.728959][ T1465] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 294.733151][ T1465] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 294.735872][ T1465] usb 7-1: Product: syz [ 294.737352][ T1465] usb 7-1: Manufacturer: syz [ 294.738926][ T1465] usb 7-1: SerialNumber: syz [ 294.782651][ T1465] usb 7-1: config 0 descriptor?? [ 294.808285][ T1465] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 294.819328][ T1465] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 295.265251][ T1324] usb 7-1: USB disconnect, device number 6 [ 295.284825][ T1324] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 295.543433][T11145] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 295.547396][T11145] bond0: (slave lo): Error: Device type is different from other slaves [ 295.671411][T11157] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1297'. [ 295.916860][T11166] delete_channel: no stack [ 296.483905][T11175] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1303'. [ 296.642630][T11159] delete_channel: no stack [ 296.704647][T11180] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1305'. [ 296.745352][T11183] 9pnet_fd: Insufficient options for proto=fd [ 297.719839][ T6015] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 297.768552][T11206] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1312'. [ 297.773812][T11206] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.823043][T11206] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.884354][T11206] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.890189][ T6015] usb 6-1: Using ep0 maxpacket: 32 [ 297.893690][ T6015] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 297.896259][ T6015] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 297.902858][ T6015] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 297.906244][ T6015] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 297.919639][ T6015] usb 6-1: config 0 interface 0 has no altsetting 0 [ 297.924058][ T6015] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 297.926877][ T6015] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 297.929482][ T6015] usb 6-1: Product: syz [ 297.930902][ T6015] usb 6-1: Manufacturer: syz [ 297.932397][ T6015] usb 6-1: SerialNumber: syz [ 297.935419][ T6015] usb 6-1: config 0 descriptor?? [ 297.938799][ T6015] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 297.944326][T11206] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.945334][ T6015] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 297.965912][T11210] overlayfs: failed to resolve './file0': -2 [ 298.014121][T11206] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.022265][T11206] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.028542][T11206] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.035602][T11206] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.212303][ T1016] usb 6-1: USB disconnect, device number 21 [ 298.216251][ T1016] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 298.696505][T11222] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 299.083754][T11249] set match dimension is over the limit! [ 299.159990][T11251] 9pnet_virtio: no channels available for device syz [ 299.194567][T11251] Cannot find set identified by id 0 to match [ 300.279548][ T6015] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 300.629594][ T6015] usb 6-1: Using ep0 maxpacket: 32 [ 300.633604][ T6015] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 300.637079][ T6015] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 300.641890][ T6015] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 300.645378][ T6015] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 300.651060][ T6015] usb 6-1: config 0 interface 0 has no altsetting 0 [ 300.655043][ T6015] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 300.657986][ T6015] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 300.662615][ T6015] usb 6-1: Product: syz [ 300.663994][ T6015] usb 6-1: Manufacturer: syz [ 300.665519][ T6015] usb 6-1: SerialNumber: syz [ 300.668313][ T6015] usb 6-1: config 0 descriptor?? [ 300.671944][ T6015] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 300.675644][ T6015] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 300.849031][T11273] FAULT_INJECTION: forcing a failure. [ 300.849031][T11273] name failslab, interval 1, probability 0, space 0, times 0 [ 300.852871][T11273] CPU: 1 UID: 0 PID: 11273 Comm: syz.3.1329 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 300.852886][T11273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 300.852893][T11273] Call Trace: [ 300.852897][T11273] [ 300.852901][T11273] dump_stack_lvl+0x16c/0x1f0 [ 300.852920][T11273] should_fail_ex+0x512/0x640 [ 300.852933][T11273] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 300.852953][T11273] should_failslab+0xc2/0x120 [ 300.852963][T11273] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 300.852979][T11273] ? __alloc_skb+0x2b2/0x380 [ 300.852995][T11273] __alloc_skb+0x2b2/0x380 [ 300.853008][T11273] ? __pfx___alloc_skb+0x10/0x10 [ 300.853023][T11273] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 300.853042][T11273] netlink_alloc_large_skb+0x69/0x130 [ 300.853059][T11273] netlink_sendmsg+0x6a1/0xdd0 [ 300.853077][T11273] ? __pfx_netlink_sendmsg+0x10/0x10 [ 300.853094][T11273] ? __import_iovec+0x1c8/0x660 [ 300.853111][T11273] ____sys_sendmsg+0xa95/0xc70 [ 300.853122][T11273] ? __pfx_____sys_sendmsg+0x10/0x10 [ 300.853132][T11273] ? get_compat_msghdr+0x11a/0x170 [ 300.853151][T11273] ___sys_sendmsg+0x134/0x1d0 [ 300.853166][T11273] ? __pfx____sys_sendmsg+0x10/0x10 [ 300.853196][T11273] __sys_sendmsg+0x16d/0x220 [ 300.853210][T11273] ? __pfx___sys_sendmsg+0x10/0x10 [ 300.853227][T11273] ? rcu_is_watching+0x12/0xc0 [ 300.853242][T11273] ? rcu_is_watching+0x12/0xc0 [ 300.853257][T11273] __do_fast_syscall_32+0x73/0x120 [ 300.853275][T11273] do_fast_syscall_32+0x32/0x80 [ 300.853291][T11273] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 300.853304][T11273] RIP: 0023:0xf7fd8579 [ 300.853313][T11273] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 300.853323][T11273] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 300.853333][T11273] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 300.853339][T11273] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 300.853345][T11273] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 300.853351][T11273] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 300.853357][T11273] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 300.853369][T11273] [ 300.931030][ C1] vkms_vblank_simulate: vblank timer overrun [ 301.072775][ T5991] usb 6-1: USB disconnect, device number 22 [ 301.078702][ T5991] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 301.314212][T11286] set match dimension is over the limit! [ 301.360923][T11287] 9pnet_virtio: no channels available for device syz [ 301.370099][T11287] set match dimension is over the limit! [ 301.968629][T11302] could not allocate digest TFM handle xcbc-aes-ce [ 302.002600][T11305] 9pnet_virtio: no channels available for device syz [ 302.060115][T11305] Cannot find set identified by id 0 to match [ 302.074475][T11307] FAULT_INJECTION: forcing a failure. [ 302.074475][T11307] name failslab, interval 1, probability 0, space 0, times 0 [ 302.078862][T11307] CPU: 2 UID: 0 PID: 11307 Comm: syz.2.1340 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 302.078877][T11307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 302.078885][T11307] Call Trace: [ 302.078889][T11307] [ 302.078893][T11307] dump_stack_lvl+0x16c/0x1f0 [ 302.078913][T11307] should_fail_ex+0x512/0x640 [ 302.078928][T11307] should_failslab+0xc2/0x120 [ 302.078939][T11307] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 302.078957][T11307] ? skb_clone+0x190/0x3f0 [ 302.078973][T11307] skb_clone+0x190/0x3f0 [ 302.078988][T11307] netlink_deliver_tap+0xabd/0xd30 [ 302.079006][T11307] netlink_unicast+0x5df/0x7f0 [ 302.079024][T11307] ? __pfx_netlink_unicast+0x10/0x10 [ 302.079043][T11307] netlink_sendmsg+0x8d1/0xdd0 [ 302.079061][T11307] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.079078][T11307] ? __import_iovec+0x1c8/0x660 [ 302.079095][T11307] ____sys_sendmsg+0xa95/0xc70 [ 302.079106][T11307] ? __pfx_____sys_sendmsg+0x10/0x10 [ 302.079115][T11307] ? get_compat_msghdr+0x11a/0x170 [ 302.079135][T11307] ___sys_sendmsg+0x134/0x1d0 [ 302.079150][T11307] ? __pfx____sys_sendmsg+0x10/0x10 [ 302.079180][T11307] __sys_sendmsg+0x16d/0x220 [ 302.079194][T11307] ? __pfx___sys_sendmsg+0x10/0x10 [ 302.079213][T11307] ? rcu_is_watching+0x12/0xc0 [ 302.079229][T11307] __do_fast_syscall_32+0x73/0x120 [ 302.079246][T11307] do_fast_syscall_32+0x32/0x80 [ 302.079262][T11307] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 302.079276][T11307] RIP: 0023:0xf710e579 [ 302.079284][T11307] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 302.079295][T11307] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 302.079305][T11307] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000800012c0 [ 302.079311][T11307] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 302.079317][T11307] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 302.079323][T11307] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 302.079329][T11307] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 302.079341][T11307] [ 302.401929][T11317] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1341'. [ 303.105761][T11321] set match dimension is over the limit! [ 303.482376][ T40] kauditd_printk_skb: 6 callbacks suppressed [ 303.482386][ T40] audit: type=1326 audit(2000000221.492:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.0.1348" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e598 code=0x7ffc0000 [ 303.494122][ T40] audit: type=1326 audit(2000000221.502:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.0.1348" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 303.503145][ T40] audit: type=1326 audit(2000000221.502:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.0.1348" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e598 code=0x7ffc0000 [ 303.510313][ T40] audit: type=1326 audit(2000000221.502:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.0.1348" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e598 code=0x7ffc0000 [ 303.518622][ T40] audit: type=1326 audit(2000000221.502:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.0.1348" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e598 code=0x7ffc0000 [ 303.527154][ T40] audit: type=1326 audit(2000000221.502:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.0.1348" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 303.534913][ T40] audit: type=1326 audit(2000000221.502:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.0.1348" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 303.542070][ T40] audit: type=1326 audit(2000000221.502:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.0.1348" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e598 code=0x7ffc0000 [ 303.549505][ T40] audit: type=1326 audit(2000000221.502:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.0.1348" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e598 code=0x7ffc0000 [ 303.557394][ T40] audit: type=1326 audit(2000000221.502:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.0.1348" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000 [ 303.578912][T11336] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1348'. [ 303.583592][T11336] nbd: must specify an index to disconnect [ 304.613869][T11367] set match dimension is over the limit! [ 305.289419][T11373] 9pnet_virtio: no channels available for device syz [ 305.343568][T11372] set match dimension is over the limit! [ 305.996368][T11393] set match dimension is over the limit! [ 306.069877][ T65] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 306.219297][ T65] usb 5-1: Using ep0 maxpacket: 16 [ 306.223689][ T65] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 306.228363][ T65] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 306.233158][ T65] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 306.237445][ T65] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 306.242701][ T65] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.246796][ T65] usb 5-1: config 0 descriptor?? [ 306.422737][T11395] support for the xor transformation has been removed. [ 306.657871][ T65] shield 0003:0955:7214.002C: unknown main item tag 0x0 [ 306.661836][ T65] shield 0003:0955:7214.002C: unknown main item tag 0x0 [ 306.664213][ T65] shield 0003:0955:7214.002C: unknown main item tag 0x0 [ 306.666469][ T65] shield 0003:0955:7214.002C: unknown main item tag 0x0 [ 306.668640][ T65] shield 0003:0955:7214.002C: unknown main item tag 0x0 [ 306.677947][ T65] input: HID 0955:7214 Haptics as /devices/virtual/input/input14 [ 306.718420][ T65] shield 0003:0955:7214.002C: Registered Thunderstrike controller [ 306.721144][ T65] shield 0003:0955:7214.002C: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 306.864545][T11391] random: crng reseeded on system resumption [ 306.915964][ T1016] shield 0003:0955:7214.002C: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 306.920671][ T65] usb 5-1: USB disconnect, device number 12 [ 306.939611][ T1016] shield 0003:0955:7214.002C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 306.943152][ T1016] shield 0003:0955:7214.002C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 306.946586][ T1016] shield 0003:0955:7214.002C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 307.016311][T11405] kernel profiling enabled (shift: 9) [ 307.529464][T11418] Cannot find set identified by id 0 to match [ 308.713449][T11451] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1374'. [ 308.717548][T11451] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.795657][T11451] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.852687][T11451] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.936128][T11451] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.941903][T11459] serio: Serial port ptm0 [ 309.046109][T11451] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.052555][T11451] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.058751][T11451] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.065101][T11451] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.274105][T11465] FAULT_INJECTION: forcing a failure. [ 309.274105][T11465] name failslab, interval 1, probability 0, space 0, times 0 [ 309.278161][T11465] CPU: 1 UID: 0 PID: 11465 Comm: syz.2.1377 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 309.278188][T11465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 309.278195][T11465] Call Trace: [ 309.278199][T11465] [ 309.278205][T11465] dump_stack_lvl+0x16c/0x1f0 [ 309.278231][T11465] should_fail_ex+0x512/0x640 [ 309.278248][T11465] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 309.278264][T11465] should_failslab+0xc2/0x120 [ 309.278275][T11465] __kmalloc_cache_noprof+0x6a/0x3e0 [ 309.278289][T11465] ? sctp_has_association+0xdd/0x270 [ 309.278304][T11465] ? sctp_association_new+0xbb/0x2a00 [ 309.278318][T11465] sctp_association_new+0xbb/0x2a00 [ 309.278330][T11465] ? sctp_v4_scope+0x183/0x1a0 [ 309.278345][T11465] sctp_connect_new_asoc+0x1b6/0x790 [ 309.278358][T11465] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 309.278371][T11465] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 309.278407][T11465] __sctp_connect+0x3f3/0xc60 [ 309.278425][T11465] ? do_raw_spin_lock+0x12c/0x2b0 [ 309.278438][T11465] ? __pfx___sctp_connect+0x10/0x10 [ 309.278451][T11465] ? __pfx_sctp_inet_connect+0x10/0x10 [ 309.278464][T11465] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 309.278476][T11465] ? __pfx_sctp_inet_connect+0x10/0x10 [ 309.278487][T11465] sctp_inet_connect+0x15f/0x200 [ 309.278500][T11465] __sys_connect_file+0x13e/0x1a0 [ 309.278514][T11465] __sys_connect+0x14d/0x170 [ 309.278525][T11465] ? __pfx___sys_connect+0x10/0x10 [ 309.278542][T11465] ? __pfx_ksys_write+0x10/0x10 [ 309.278556][T11465] ? rcu_is_watching+0x12/0xc0 [ 309.278572][T11465] __ia32_sys_connect+0x71/0xb0 [ 309.278584][T11465] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 309.278600][T11465] __do_fast_syscall_32+0x73/0x120 [ 309.278617][T11465] do_fast_syscall_32+0x32/0x80 [ 309.278634][T11465] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 309.278648][T11465] RIP: 0023:0xf710e579 [ 309.278657][T11465] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 309.278667][T11465] RSP: 002b:00000000f50dd55c EFLAGS: 00000296 ORIG_RAX: 000000000000016a [ 309.278677][T11465] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000080000000 [ 309.278684][T11465] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000 [ 309.278690][T11465] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 309.278696][T11465] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 309.278702][T11465] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 309.278715][T11465] [ 309.459012][ T65] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 309.610983][ T65] usb 6-1: Using ep0 maxpacket: 32 [ 309.614920][ T65] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 309.617934][ T65] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 309.622050][ T65] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 309.626301][ T65] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 309.632029][ T65] usb 6-1: config 0 interface 0 has no altsetting 0 [ 309.636747][ T65] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 309.640591][ T65] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 309.644101][ T65] usb 6-1: Product: syz [ 309.645920][ T65] usb 6-1: Manufacturer: syz [ 309.648028][ T65] usb 6-1: SerialNumber: syz [ 309.652568][ T65] usb 6-1: config 0 descriptor?? [ 309.657047][ T65] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 309.662491][ T65] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 309.944939][ T1324] usb 6-1: USB disconnect, device number 23 [ 309.953584][ T1324] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 310.270464][T11476] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1381'. [ 311.144752][T11501] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1389'. [ 311.151172][T11501] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.212351][T11501] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.276766][T11501] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.331456][T11501] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.332277][T11504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1390'. [ 311.340444][T11504] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.430910][T11504] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.552256][T11504] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.617724][T11504] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.692274][T11504] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.703140][T11504] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.713600][T11504] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.724579][T11504] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.878935][ T65] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 312.028939][ T65] usb 6-1: Using ep0 maxpacket: 32 [ 312.032208][ T65] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 312.034918][ T65] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 312.038253][ T65] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 312.042016][ T65] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 312.046154][ T65] usb 6-1: config 0 interface 0 has no altsetting 0 [ 312.050359][ T65] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 312.053303][ T65] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 312.055910][ T65] usb 6-1: Product: syz [ 312.057314][ T65] usb 6-1: Manufacturer: syz [ 312.058906][ T65] usb 6-1: SerialNumber: syz [ 312.062204][ T65] usb 6-1: config 0 descriptor?? [ 312.067624][ T65] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 312.072553][ T65] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 312.109078][ T9] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 312.261483][ T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 312.265710][ T9] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 312.269615][ T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 312.272382][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.279230][T11517] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 312.283580][ T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 312.360415][ T1465] usb 6-1: USB disconnect, device number 24 [ 312.363514][ T1465] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 312.400923][T11501] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.409595][T11501] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.416621][T11501] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.423330][T11501] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.510271][ T65] usb 5-1: USB disconnect, device number 13 [ 313.728915][ T1465] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 313.805439][T11559] Device name cannot be null; rc = [-22] [ 313.814938][T11561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1404'. [ 313.822082][T11561] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.892872][T11561] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.900211][ T1465] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 313.904215][ T1465] usb 7-1: config 0 interface 0 has no altsetting 0 [ 313.909174][ T1465] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 313.912145][ T1465] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 313.914736][ T1465] usb 7-1: Product: syz [ 313.916226][ T1465] usb 7-1: Manufacturer: syz [ 313.917738][ T1465] usb 7-1: SerialNumber: syz [ 313.925291][ T1465] usb 7-1: config 0 descriptor?? [ 313.932715][ T1465] usb 7-1: selecting invalid altsetting 0 [ 313.932729][T11561] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.994633][T11561] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.086146][T11561] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.094682][T11561] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.101041][T11561] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.107898][T11561] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.141215][ T9] usb 7-1: USB disconnect, device number 7 [ 314.957580][T11570] netlink: 'syz.1.1406': attribute type 10 has an invalid length. [ 314.967385][T11570] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.972569][T11570] bond0: (slave team0): Enslaving as an active interface with an up link [ 315.885952][T11597] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1413'. [ 315.893201][T11597] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.962298][T11597] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.059140][T11597] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.165284][T11597] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.235233][T11597] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.243897][T11597] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.261255][T11597] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.272567][T11597] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.560530][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.562414][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.828090][T11608] xt_nat: multiple ranges no longer supported [ 316.873729][T11615] Device name cannot be null; rc = [-22] [ 316.974356][T11625] lo speed is unknown, defaulting to 1000 [ 317.003778][T11628] FAULT_INJECTION: forcing a failure. [ 317.003778][T11628] name failslab, interval 1, probability 0, space 0, times 0 [ 317.008369][T11628] CPU: 3 UID: 0 PID: 11628 Comm: syz.0.1422 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 317.008391][T11628] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 317.008401][T11628] Call Trace: [ 317.008407][T11628] [ 317.008413][T11628] dump_stack_lvl+0x16c/0x1f0 [ 317.008443][T11628] should_fail_ex+0x512/0x640 [ 317.008462][T11628] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 317.008503][T11628] should_failslab+0xc2/0x120 [ 317.008520][T11628] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 317.008544][T11628] ? __alloc_skb+0x2b2/0x380 [ 317.008568][T11628] __alloc_skb+0x2b2/0x380 [ 317.008602][T11628] ? __pfx___alloc_skb+0x10/0x10 [ 317.008620][T11628] ? __pfx_rtnl_bridge_dellink+0x10/0x10 [ 317.008649][T11628] netlink_ack+0x15d/0xb80 [ 317.008677][T11628] netlink_rcv_skb+0x347/0x440 [ 317.008699][T11628] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 317.008723][T11628] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 317.008759][T11628] ? netlink_deliver_tap+0x1ae/0xd30 [ 317.008787][T11628] netlink_unicast+0x53a/0x7f0 [ 317.008814][T11628] ? __pfx_netlink_unicast+0x10/0x10 [ 317.008845][T11628] netlink_sendmsg+0x8d1/0xdd0 [ 317.008874][T11628] ? __pfx_netlink_sendmsg+0x10/0x10 [ 317.008899][T11628] ? __import_iovec+0x1c8/0x660 [ 317.008926][T11628] ____sys_sendmsg+0xa95/0xc70 [ 317.008945][T11628] ? __pfx_____sys_sendmsg+0x10/0x10 [ 317.008960][T11628] ? get_compat_msghdr+0x11a/0x170 [ 317.008991][T11628] ___sys_sendmsg+0x134/0x1d0 [ 317.009014][T11628] ? __pfx____sys_sendmsg+0x10/0x10 [ 317.009066][T11628] __sys_sendmsg+0x16d/0x220 [ 317.009088][T11628] ? __pfx___sys_sendmsg+0x10/0x10 [ 317.009120][T11628] ? rcu_is_watching+0x12/0xc0 [ 317.009144][T11628] __do_fast_syscall_32+0x73/0x120 [ 317.009172][T11628] do_fast_syscall_32+0x32/0x80 [ 317.009196][T11628] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 317.009217][T11628] RIP: 0023:0xf709e579 [ 317.009231][T11628] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 317.009247][T11628] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 317.009263][T11628] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000540 [ 317.009274][T11628] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 317.009288][T11628] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 317.009298][T11628] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 317.009307][T11628] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 317.009331][T11628] [ 317.129495][T11625] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1421'. [ 318.488583][ T9] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 318.638636][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 318.644303][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 318.651623][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 318.656669][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 318.668055][T11674] set match dimension is over the limit! [ 318.670637][ T9] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 318.673926][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.684097][ T9] usb 5-1: config 0 descriptor?? [ 319.102324][ T9] shield 0003:0955:7214.002D: unknown main item tag 0x0 [ 319.105898][ T9] shield 0003:0955:7214.002D: unknown main item tag 0x0 [ 319.108180][ T9] shield 0003:0955:7214.002D: unknown main item tag 0x0 [ 319.113737][ T9] shield 0003:0955:7214.002D: unknown main item tag 0x0 [ 319.116018][ T9] shield 0003:0955:7214.002D: unknown main item tag 0x0 [ 319.121287][ T9] input: HID 0955:7214 Haptics as /devices/virtual/input/input15 [ 319.146443][ T9] shield 0003:0955:7214.002D: Registered Thunderstrike controller [ 319.152772][ T9] shield 0003:0955:7214.002D: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 319.304460][T11664] random: crng reseeded on system resumption [ 319.312805][ T6015] shield 0003:0955:7214.002D: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 319.312931][ T1465] usb 5-1: USB disconnect, device number 14 [ 319.318531][ T6015] shield 0003:0955:7214.002D: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 319.323161][ T6015] shield 0003:0955:7214.002D: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 319.327345][ T6015] shield 0003:0955:7214.002D: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 319.980389][T11693] syz_tun: entered allmulticast mode [ 319.986983][T11693] FAULT_INJECTION: forcing a failure. [ 319.986983][T11693] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.992114][T11693] CPU: 1 UID: 0 PID: 11693 Comm: syz.0.1439 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 319.992131][T11693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 319.992139][T11693] Call Trace: [ 319.992144][T11693] [ 319.992149][T11693] dump_stack_lvl+0x16c/0x1f0 [ 319.992168][T11693] should_fail_ex+0x512/0x640 [ 319.992183][T11693] _copy_to_user+0x32/0xd0 [ 319.992198][T11693] simple_read_from_buffer+0xcb/0x170 [ 319.992216][T11693] proc_fail_nth_read+0x197/0x270 [ 319.992233][T11693] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 319.992249][T11693] ? rw_verify_area+0xcf/0x680 [ 319.992262][T11693] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 319.992282][T11693] vfs_read+0x1de/0xc70 [ 319.992298][T11693] ? __pfx___mutex_lock+0x10/0x10 [ 319.992315][T11693] ? __pfx_vfs_read+0x10/0x10 [ 319.992333][T11693] ? __fget_files+0x20e/0x3c0 [ 319.992352][T11693] ksys_read+0x12a/0x240 [ 319.992367][T11693] ? __pfx_ksys_read+0x10/0x10 [ 319.992380][T11693] ? rcu_is_watching+0x12/0xc0 [ 319.992395][T11693] ? rcu_is_watching+0x12/0xc0 [ 319.992410][T11693] __do_fast_syscall_32+0x73/0x120 [ 319.992428][T11693] do_fast_syscall_32+0x32/0x80 [ 319.992444][T11693] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 319.992459][T11693] RIP: 0023:0xf709e579 [ 319.992467][T11693] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 319.992478][T11693] RSP: 002b:00000000f508e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 319.992489][T11693] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000f508e620 [ 319.992495][T11693] RDX: 000000000000000f RSI: 00000000f7402ff4 RDI: 0000000000000000 [ 319.992502][T11693] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 319.992508][T11693] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 319.992514][T11693] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 319.992529][T11693] [ 320.002684][T11692] syz_tun: left allmulticast mode [ 320.101227][T11695] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1440'. [ 320.259809][T11697] syz_tun: entered allmulticast mode [ 320.322338][T11698] tipc: Started in network mode [ 320.323973][T11698] tipc: Node identity 4, cluster identity 4711 [ 320.326074][T11698] tipc: Node number set to 4 [ 320.348151][T11696] syz_tun: left allmulticast mode [ 320.637398][T11706] random: crng reseeded on system resumption [ 321.101559][T11712] Cannot find set identified by id 0 to match [ 322.017553][T11737] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1450'. [ 322.023700][T11737] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1450'. [ 322.036645][T11737] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 322.042707][T11737] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 322.046112][T11737] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 322.049654][T11737] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 322.988091][T11758] set match dimension is over the limit! [ 324.496905][T11774] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1461'. [ 324.618410][T11783] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1463'. [ 325.300430][T11810] set match dimension is over the limit! [ 325.760913][T11818] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1473' sets config #0 [ 326.112965][T11830] FAULT_INJECTION: forcing a failure. [ 326.112965][T11830] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 326.119275][T11830] CPU: 2 UID: 0 PID: 11830 Comm: syz.0.1477 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 326.119291][T11830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 326.119298][T11830] Call Trace: [ 326.119303][T11830] [ 326.119307][T11830] dump_stack_lvl+0x16c/0x1f0 [ 326.119329][T11830] should_fail_ex+0x512/0x640 [ 326.119344][T11830] _copy_to_user+0x32/0xd0 [ 326.119359][T11830] simple_read_from_buffer+0xcb/0x170 [ 326.119376][T11830] proc_fail_nth_read+0x197/0x270 [ 326.119392][T11830] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 326.119407][T11830] ? rw_verify_area+0xcf/0x680 [ 326.119420][T11830] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 326.119435][T11830] vfs_read+0x1de/0xc70 [ 326.119451][T11830] ? __pfx___mutex_lock+0x10/0x10 [ 326.119469][T11830] ? __pfx_vfs_read+0x10/0x10 [ 326.119487][T11830] ? __fget_files+0x20e/0x3c0 [ 326.119507][T11830] ksys_read+0x12a/0x240 [ 326.119521][T11830] ? __pfx_ksys_read+0x10/0x10 [ 326.119537][T11830] ? rcu_is_watching+0x12/0xc0 [ 326.119553][T11830] __do_fast_syscall_32+0x73/0x120 [ 326.119571][T11830] do_fast_syscall_32+0x32/0x80 [ 326.119587][T11830] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 326.119601][T11830] RIP: 0023:0xf709e579 [ 326.119610][T11830] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 326.119620][T11830] RSP: 002b:00000000f508e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 326.119631][T11830] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f508e620 [ 326.119638][T11830] RDX: 000000000000000f RSI: 00000000f7402ff4 RDI: 0000000000000000 [ 326.119644][T11830] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 326.119650][T11830] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 326.119656][T11830] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 326.119669][T11830] [ 326.195358][ C2] vkms_vblank_simulate: vblank timer overrun [ 326.898109][ T1324] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 327.049679][ T1324] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 327.053043][ T1324] usb 7-1: config 0 interface 0 has no altsetting 0 [ 327.056659][ T1324] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 327.059559][ T1324] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 327.062127][ T1324] usb 7-1: Product: syz [ 327.063460][ T1324] usb 7-1: Manufacturer: syz [ 327.064946][ T1324] usb 7-1: SerialNumber: syz [ 327.068716][ T1324] usb 7-1: config 0 descriptor?? [ 327.075891][ T1324] usb 7-1: selecting invalid altsetting 0 [ 327.278539][ T6015] usb 7-1: USB disconnect, device number 8 [ 327.559808][T11858] set match dimension is over the limit! [ 327.722979][ T1210] Bluetooth: hci4: Frame reassembly failed (-84) [ 328.218125][ T1324] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 328.390147][ T1324] usb 7-1: unable to get BOS descriptor or descriptor too short [ 328.394236][ T1324] usb 7-1: config 1 interface 0 altsetting 170 bulk endpoint 0x82 has invalid maxpacket 16 [ 328.419400][ T1324] usb 7-1: config 1 interface 0 has no altsetting 0 [ 328.424497][ T1324] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 328.427376][ T1324] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.430459][ T1324] usb 7-1: Product: syz [ 328.438998][ T1324] usb 7-1: Manufacturer: syz [ 328.441072][ T1324] usb 7-1: SerialNumber: syz [ 328.448389][T11865] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 328.758253][ T1324] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -71 [ 328.764288][ T1324] usb 7-1: USB disconnect, device number 9 [ 329.767967][ T5964] Bluetooth: hci4: command 0x1003 tx timeout [ 329.769919][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 331.128018][ T6015] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 331.264450][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.267504][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.271534][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.274558][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.277580][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.281283][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.284299][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.287272][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.290343][ T6015] usb 7-1: Using ep0 maxpacket: 16 [ 331.293193][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.296518][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.300313][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.303576][ T6015] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 331.308268][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.311259][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.314274][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.317281][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.320564][ T6015] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 331.324545][ T6015] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 331.329878][ T6015] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 331.333534][ T6015] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.337797][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.340555][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.343485][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.346448][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.350278][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.353955][ T6015] usb 7-1: config 0 descriptor?? [ 331.356169][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.359369][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.365080][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.368269][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.371322][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.374350][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.377387][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.380474][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.383454][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.386490][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.389555][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.392543][ T76] hid-generic 0007:0000:0000.002E: unknown main item tag 0x0 [ 331.396807][ T76] hid-generic 0007:0000:0000.002E: hidraw1: HID vffffff.ff Device [syz0] on syz0 [ 331.508036][ T1465] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 331.659671][ T1465] usb 5-1: config 0 has no interfaces? [ 331.662084][ T1465] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 331.665793][ T1465] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.671148][ T1465] usb 5-1: config 0 descriptor?? [ 331.769354][ T6015] shield 0003:0955:7214.002F: unknown main item tag 0x0 [ 331.771823][ T6015] shield 0003:0955:7214.002F: unknown main item tag 0x0 [ 331.773963][ T6015] shield 0003:0955:7214.002F: unknown main item tag 0x0 [ 331.776124][ T6015] shield 0003:0955:7214.002F: unknown main item tag 0x0 [ 331.778975][ T6015] shield 0003:0955:7214.002F: unknown main item tag 0x0 [ 331.782986][ T6015] input: HID 0955:7214 Haptics as /devices/virtual/input/input16 [ 331.794031][ T6015] shield 0003:0955:7214.002F: Registered Thunderstrike controller [ 331.796497][ T6015] shield 0003:0955:7214.002F: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 331.970826][T11916] random: crng reseeded on system resumption [ 331.977519][ T9] shield 0003:0955:7214.002F: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 331.982577][ T76] usb 7-1: USB disconnect, device number 10 [ 331.985857][ T9] shield 0003:0955:7214.002F: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 331.989438][ T9] shield 0003:0955:7214.002F: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 331.994109][ T9] shield 0003:0955:7214.002F: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 332.047543][ T9] usb 5-1: USB disconnect, device number 15 [ 332.436603][T11924] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1502'. [ 332.556253][T11929] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1504'. [ 333.156234][T11948] overlayfs: failed to verify upper root origin [ 333.701862][T11958] bridge_slave_0: invalid flags given to default FDB implementation [ 333.964937][T11968] set match dimension is over the limit! [ 334.367639][ T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 334.537628][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 334.540562][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 334.544003][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 334.547075][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 334.551470][ T9] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 334.555629][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.568124][ T9] usb 5-1: config 0 descriptor?? [ 334.877199][T11990] Cannot find set identified by id 0 to match [ 334.983287][ T9] shield 0003:0955:7214.0030: unknown main item tag 0x0 [ 334.985536][ T9] shield 0003:0955:7214.0030: unknown main item tag 0x0 [ 334.988032][ T9] shield 0003:0955:7214.0030: unknown main item tag 0x0 [ 334.990285][ T9] shield 0003:0955:7214.0030: unknown main item tag 0x0 [ 334.992537][ T9] shield 0003:0955:7214.0030: unknown main item tag 0x0 [ 334.996172][ T9] input: HID 0955:7214 Haptics as /devices/virtual/input/input17 [ 335.011626][ T9] shield 0003:0955:7214.0030: Registered Thunderstrike controller [ 335.014401][ T9] shield 0003:0955:7214.0030: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 335.195477][T11973] random: crng reseeded on system resumption [ 335.204364][ T6015] shield 0003:0955:7214.0030: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 335.204401][ T1016] usb 5-1: USB disconnect, device number 16 [ 335.209097][ T6015] shield 0003:0955:7214.0030: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 335.214838][ T1016] ------------[ cut here ]------------ [ 335.217524][ T1016] workqueue: work disable count underflowed [ 335.217654][ T6015] shield 0003:0955:7214.0030: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 335.219387][ T1016] WARNING: CPU: 3 PID: 1016 at kernel/workqueue.c:4326 enable_work+0x2f8/0x340 [ 335.219410][ T1016] Modules linked in: [ 335.224556][ T6015] shield 0003:0955:7214.0030: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 335.226817][ T1016] CPU: 3 UID: 0 PID: 1016 Comm: kworker/3:2 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 335.226840][ T1016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 335.241025][T11992] 9pnet_virtio: no channels available for device syz [ 335.243789][ T1016] Workqueue: usb_hub_wq hub_event [ 335.243816][ T1016] RIP: 0010:enable_work+0x2f8/0x340 [ 335.243842][ T1016] Code: 89 ee e8 fb 66 37 00 45 84 ed 0f 85 29 fe ff ff e8 0d 6c 37 00 c6 05 51 ff ea 0e 01 90 48 c7 c7 60 e7 8b 8b e8 99 fd f6 ff 90 <0f> 0b 90 90 e9 06 fe ff ff 48 89 ef e8 77 e9 9b 00 e9 aa fe ff ff [ 335.243859][ T1016] RSP: 0018:ffffc9000676f3c8 EFLAGS: 00010086 [ 335.258359][ T1016] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817acff8 [ 335.260829][ T1016] RDX: ffff888024ae2440 RSI: ffffffff817ad005 RDI: 0000000000000001 [ 335.263264][ T1016] RBP: ffff88802aa3d730 R08: 0000000000000001 R09: 0000000000000000 [ 335.265590][ T1016] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff92000cede7a [ 335.268107][ T1016] R13: 0000000000000000 R14: ffff88802aa3d728 R15: ffffffff8fc4e0a0 [ 335.270508][ T1016] FS: 0000000000000000(0000) GS:ffff888097ab7000(0000) knlGS:0000000000000000 [ 335.273276][ T1016] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 335.275640][ T1016] CR2: 000000002fa08ffc CR3: 0000000022e6a000 CR4: 0000000000352ef0 [ 335.278132][ T1016] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 335.280669][ T1016] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 335.283215][ T1016] Call Trace: [ 335.284298][ T1016] [ 335.285321][ T1016] ? __pfx_enable_work+0x10/0x10 [ 335.286914][ T1016] ? __thermal_zone_cdev_unbind+0x6c/0x6a0 [ 335.288751][ T1016] __cancel_work_sync+0xe7/0x130 [ 335.290307][ T1016] thermal_zone_device_unregister+0x239/0x450 [ 335.292210][ T1016] ? __pfx_shield_remove+0x10/0x10 [ 335.293820][ T1016] power_supply_unregister+0x10a/0x150 [ 335.295595][ T1016] shield_remove+0x75/0x130 [ 335.297071][ T1016] ? __pfx_shield_remove+0x10/0x10 [ 335.298666][ T1016] hid_device_remove+0xce/0x260 [ 335.300205][ T1016] ? __pfx_hid_device_remove+0x10/0x10 [ 335.301857][ T1016] device_remove+0xc8/0x170 [ 335.303582][ T1016] device_release_driver_internal+0x44b/0x620 [ 335.306039][ T1016] bus_remove_device+0x22f/0x420 [ 335.308137][ T1016] device_del+0x396/0x9f0 [ 335.309981][ T1016] ? __pfx_device_del+0x10/0x10 [ 335.311638][ T1016] ? do_raw_spin_lock+0x12c/0x2b0 [ 335.313248][ T1016] hid_destroy_device+0x19c/0x240 [ 335.314825][ T1016] usbhid_disconnect+0xa0/0xe0 [ 335.316403][ T1016] usb_unbind_interface+0x1da/0x9a0 [ 335.317963][ T1016] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 335.319633][ T1016] ? __pfx_usb_unbind_interface+0x10/0x10 [ 335.321413][ T1016] device_remove+0x122/0x170 [ 335.322824][ T1016] device_release_driver_internal+0x44b/0x620 [ 335.324674][ T1016] bus_remove_device+0x22f/0x420 [ 335.326683][ T1016] device_del+0x396/0x9f0 [ 335.328305][ T1016] ? __pfx_device_del+0x10/0x10 [ 335.329805][ T1016] ? kobject_put+0x210/0x5a0 [ 335.331240][ T1016] usb_disable_device+0x355/0x7d0 [ 335.332805][ T1016] usb_disconnect+0x2e1/0x920 [ 335.334236][ T1016] hub_event+0x1c57/0x4fa0 [ 335.335685][ T1016] ? __lock_acquire+0xaa4/0x1ba0 [ 335.337192][ T1016] ? __pfx_hub_event+0x10/0x10 [ 335.338645][ T1016] ? debug_object_deactivate+0x1ec/0x3a0 [ 335.340377][ T1016] ? rcu_is_watching+0x12/0xc0 [ 335.341889][ T1016] process_one_work+0x9cc/0x1b70 [ 335.343396][ T1016] ? __pfx_process_one_work+0x10/0x10 [ 335.345117][ T1016] ? assign_work+0x1a0/0x250 [ 335.346801][ T1016] worker_thread+0x6c8/0xf10 [ 335.348219][ T1016] ? __kthread_parkme+0x19e/0x250 [ 335.349731][ T1016] ? __pfx_worker_thread+0x10/0x10 [ 335.351290][ T1016] kthread+0x3c2/0x780 [ 335.352543][ T1016] ? __pfx_kthread+0x10/0x10 [ 335.353937][ T1016] ? __pfx_kthread+0x10/0x10 [ 335.355387][ T1016] ? __pfx_kthread+0x10/0x10 [ 335.356790][ T1016] ? __pfx_kthread+0x10/0x10 [ 335.358194][ T1016] ? rcu_is_watching+0x12/0xc0 [ 335.359651][ T1016] ? __pfx_kthread+0x10/0x10 [ 335.361092][ T1016] ret_from_fork+0x45/0x80 [ 335.362419][ T1016] ? __pfx_kthread+0x10/0x10 [ 335.363829][ T1016] ret_from_fork_asm+0x1a/0x30 [ 335.365529][ T1016] [ 335.366638][ T1016] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 335.368793][ T1016] CPU: 3 UID: 0 PID: 1016 Comm: kworker/3:2 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 335.372613][ T1016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 335.376265][ T1016] Workqueue: usb_hub_wq hub_event [ 335.377794][ T1016] Call Trace: [ 335.378779][ T1016] [ 335.379688][ T1016] dump_stack_lvl+0x3d/0x1f0 [ 335.381122][ T1016] panic+0x71c/0x800 [ 335.382329][ T1016] ? __pfx_panic+0x10/0x10 [ 335.383675][ T1016] ? show_trace_log_lvl+0x29b/0x3e0 [ 335.385272][ T1016] ? check_panic_on_warn+0x1f/0xb0 [ 335.386822][ T1016] ? enable_work+0x2f8/0x340 [ 335.388228][ T1016] check_panic_on_warn+0xab/0xb0 [ 335.389691][ T1016] __warn+0xf6/0x3c0 [ 335.390876][ T1016] ? enable_work+0x2f8/0x340 [ 335.392317][ T1016] report_bug+0x3c3/0x580 [ 335.393642][ T1016] ? enable_work+0x2f8/0x340 [ 335.395099][ T1016] handle_bug+0x184/0x210 [ 335.396405][ T1016] exc_invalid_op+0x17/0x50 [ 335.397774][ T1016] asm_exc_invalid_op+0x1a/0x20 [ 335.399287][ T1016] RIP: 0010:enable_work+0x2f8/0x340 [ 335.400873][ T1016] Code: 89 ee e8 fb 66 37 00 45 84 ed 0f 85 29 fe ff ff e8 0d 6c 37 00 c6 05 51 ff ea 0e 01 90 48 c7 c7 60 e7 8b 8b e8 99 fd f6 ff 90 <0f> 0b 90 90 e9 06 fe ff ff 48 89 ef e8 77 e9 9b 00 e9 aa fe ff ff [ 335.406797][ T1016] RSP: 0018:ffffc9000676f3c8 EFLAGS: 00010086 [ 335.408585][ T1016] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817acff8 [ 335.410949][ T1016] RDX: ffff888024ae2440 RSI: ffffffff817ad005 RDI: 0000000000000001 [ 335.413401][ T1016] RBP: ffff88802aa3d730 R08: 0000000000000001 R09: 0000000000000000 [ 335.415986][ T1016] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff92000cede7a [ 335.418428][ T1016] R13: 0000000000000000 R14: ffff88802aa3d728 R15: ffffffff8fc4e0a0 [ 335.420892][ T1016] ? __warn_printk+0x198/0x350 [ 335.422426][ T1016] ? __warn_printk+0x1a5/0x350 [ 335.423939][ T1016] ? enable_work+0x2f7/0x340 [ 335.425484][ T1016] ? __pfx_enable_work+0x10/0x10 [ 335.427038][ T1016] ? __thermal_zone_cdev_unbind+0x6c/0x6a0 [ 335.428863][ T1016] __cancel_work_sync+0xe7/0x130 [ 335.430427][ T1016] thermal_zone_device_unregister+0x239/0x450 [ 335.432357][ T1016] ? __pfx_shield_remove+0x10/0x10 [ 335.433962][ T1016] power_supply_unregister+0x10a/0x150 [ 335.436070][ T1016] shield_remove+0x75/0x130 [ 335.437988][ T1016] ? __pfx_shield_remove+0x10/0x10 [ 335.439938][ T1016] hid_device_remove+0xce/0x260 [ 335.441490][ T1016] ? __pfx_hid_device_remove+0x10/0x10 [ 335.443228][ T1016] device_remove+0xc8/0x170 [ 335.444687][ T1016] device_release_driver_internal+0x44b/0x620 [ 335.446899][ T1016] bus_remove_device+0x22f/0x420 [ 335.448468][ T1016] device_del+0x396/0x9f0 [ 335.449835][ T1016] ? __pfx_device_del+0x10/0x10 [ 335.451366][ T1016] ? do_raw_spin_lock+0x12c/0x2b0 [ 335.452984][ T1016] hid_destroy_device+0x19c/0x240 [ 335.454568][ T1016] usbhid_disconnect+0xa0/0xe0 [ 335.456554][ T1016] usb_unbind_interface+0x1da/0x9a0 [ 335.458510][ T1016] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 335.460288][ T1016] ? __pfx_usb_unbind_interface+0x10/0x10 [ 335.462060][ T1016] device_remove+0x122/0x170 [ 335.463554][ T1016] device_release_driver_internal+0x44b/0x620 [ 335.465523][ T1016] bus_remove_device+0x22f/0x420 [ 335.467101][ T1016] device_del+0x396/0x9f0 [ 335.468481][ T1016] ? __pfx_device_del+0x10/0x10 [ 335.470004][ T1016] ? kobject_put+0x210/0x5a0 [ 335.471469][ T1016] usb_disable_device+0x355/0x7d0 [ 335.473090][ T1016] usb_disconnect+0x2e1/0x920 [ 335.474578][ T1016] hub_event+0x1c57/0x4fa0 [ 335.476456][ T1016] ? __lock_acquire+0xaa4/0x1ba0 [ 335.478387][ T1016] ? __pfx_hub_event+0x10/0x10 [ 335.479895][ T1016] ? debug_object_deactivate+0x1ec/0x3a0 [ 335.481668][ T1016] ? rcu_is_watching+0x12/0xc0 [ 335.483220][ T1016] process_one_work+0x9cc/0x1b70 [ 335.484788][ T1016] ? __pfx_process_one_work+0x10/0x10 [ 335.486477][ T1016] ? assign_work+0x1a0/0x250 [ 335.487946][ T1016] worker_thread+0x6c8/0xf10 [ 335.489411][ T1016] ? __kthread_parkme+0x19e/0x250 [ 335.490995][ T1016] ? __pfx_worker_thread+0x10/0x10 [ 335.492617][ T1016] kthread+0x3c2/0x780 [ 335.493947][ T1016] ? __pfx_kthread+0x10/0x10 [ 335.495649][ T1016] ? __pfx_kthread+0x10/0x10 [ 335.497617][ T1016] ? __pfx_kthread+0x10/0x10 [ 335.499076][ T1016] ? __pfx_kthread+0x10/0x10 [ 335.500562][ T1016] ? rcu_is_watching+0x12/0xc0 [ 335.502066][ T1016] ? __pfx_kthread+0x10/0x10 [ 335.503564][ T1016] ret_from_fork+0x45/0x80 [ 335.505045][ T1016] ? __pfx_kthread+0x10/0x10 [ 335.506506][ T1016] ret_from_fork_asm+0x1a/0x30 [ 335.508043][ T1016] [ 335.509712][ T1016] Kernel Offset: disabled [ 335.511094][ T1016] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:43:16 Registers: info registers vcpu 0 CPU#0 RAX=00000000008d40eb RBX=0000000000000000 RCX=ffffffff8b703439 RDX=0000000000000000 RSI=ffffffff8dbeb4ff RDI=ffffffff8bf45100 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e10 R8 =0000000000000001 R9 =ffffed10056465bd R10=ffff88802b232deb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90868010 R15=0000000000000000 RIP=ffffffff8b701ccf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977b7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73b1618 CR3=000000004dd30000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000c400000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=fffff52004b6fe34 RBX=ffffffff9acee528 RCX=ffffffff8198678c RDX=0000000000000001 RSI=0000000000000004 RDI=ffffc90025b7f1a0 RBP=fffff52004b6fe34 RSP=ffffc90025b7f158 R8 =0000000000000001 R9 =fffff52004b6fe34 R10=ffffc90025b7f1a3 R11=0000000000000000 R12=ffffffff9acee530 R13=ffffffff9acee538 R14=ffffffff9acee520 R15=1ffff92004b6fe4a RIP=ffffffff821fb1ca RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978b7000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73ad318 CR3=000000004ac3e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88806a9d47d8 RCX=ffffc900212cf6b4 RDX=0000000000000000 RSI=ffffffff8dbc5f7f RDI=ffffffff8bf45100 RBP=1ffff92004259ee3 RSP=ffffc900212cf6a0 R8 =0000000000000005 R9 =0000000000000001 R10=0000000000000002 R11=0000000000000000 R12=ffffffff8a1318f5 R13=0000000000000202 R14=ffff888022c3a440 R15=0000000000000001 RIP=ffffffff8b703bc0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880979b7000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000556fee20c000 CR3=000000004ac3e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73b2ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000006f RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854bd225 RDI=ffffffff9ae14b40 RBP=ffffffff9ae14b00 RSP=ffffc9000676ed68 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=000000000000006f R14=ffffffff9ae14b00 R15=ffffffff854bd1c0 RIP=ffffffff854bd24f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097ab7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002fa08ffc CR3=0000000022e6a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000001 Opmask01=0000000000008000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd074b6b10 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3220346220643820 3039203039203039 2030392033632039 35206135203e6400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3220346220643220 3033203033203033 2030332033632033 3520613520346400 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3541303030303030 2030393230303020 30203a5220413033 38203039355d3030 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 203930202e302030 2020303020300020 3020203020203020 2020202030202030 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a6e322a3a3a2a3a 3a2a3a3a2a3a3a2a 3c382a3e682a6e32 2a3a332a3a332a3a ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3f6c3a3a3a3a3a3a 3a3a3068383a3a2a 305a59582a573a39 323b3b5e51573a38 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000