last executing test programs: 7.939996078s ago: executing program 1 (id=960): r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0}) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000340)) r4 = dup(r3) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000000)={0x1, r4}) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000003c0)={0x1, r1}) 7.858585082s ago: executing program 1 (id=963): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 7.624745697s ago: executing program 1 (id=965): r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0) mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil) mlock(&(0x7f0000626000/0x5000)=nil, 0x5000) r1 = dup(r0) sendmsg$L2TP_CMD_SESSION_CREATE(r1, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="040027bd7000fddbdf25050000000500050000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x24004080) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0}) socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x27}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) request_key(0x0, 0x0, &(0x7f00000003c0)='\xefJ4\xb1k\x13a\xfa\b\x00\x00\x00Mse\xff\x00\x00\x00\x00\x00\x00dn\x00\x00\x00', 0xfffffffffffffffc) r6 = socket$inet6(0xa, 0x802, 0x0) r7 = socket$phonet(0x23, 0x2, 0x1) ioctl$sock_SIOCINQ(r7, 0x541b, &(0x7f0000000000)) connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31) 6.380623815s ago: executing program 1 (id=970): syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000009b768405e0483020b9901e40201090227000100000000090400fb015cc7aa00090509"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x3, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xfffffffffffffd63}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) unlink(0x0) sendto$inet6(r3, &(0x7f0000000280)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000000)={0x0, 0x0, 0x3, &(0x7f00000000c0)={0x19, "90f50180e64f61909103f1fbbc2b81c9f144d76e44c700100000e52829e7cb8393"}}) socket$unix(0x1, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007911a800000000003f74fdc346f357989500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x183a00) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r5, &(0x7f0000007580)={0x0, 0x0, &(0x7f0000007540)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010025bd700000dcdf2509000000300003800800010001000000140002006272696467655f736c6176655f30000008160000"], 0x44}}, 0x48040) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) 6.031935403s ago: executing program 3 (id=973): pipe2(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x40200, 0x0) ioctl$TIOCPKT(r1, 0x5420, &(0x7f00000000c0)=0x3ff) sendfile(r0, r1, 0x0, 0x10ffff) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000740)={0x6e, 0x483aa015, 0x0, 0x0, 0x0, "fe00"}) 5.932739816s ago: executing program 3 (id=976): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x80040, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r1, 0x5218) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) r3 = socket$kcm(0x29, 0x5, 0x0) r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_tracing={0x1a, 0x10, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x46, 0x0, 0x0, 0x0, 0x1a}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@alu={0x4, 0x1, 0x3, 0xa, 0x6, 0xfffffffffffffffc, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='syzkaller\x00', 0x8000, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x2, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x212be, 0xffffffffffffffff, 0x6, &(0x7f0000000400)=[r0, r0, r0], &(0x7f0000000440)=[{0x2, 0x4, 0xb, 0x6}, {0x3, 0x3, 0x0, 0x8}, {0x5, 0x5, 0xc, 0x4}, {0x2, 0x1, 0x4, 0xc}, {0x4, 0x4, 0x3, 0xa}, {0x2, 0x5, 0xf, 0x7}], 0x10, 0x8}, 0x94) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f00000005c0)={0xffffffffffffffff, r4}) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x8}, 0x90) ioctl$SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000040)={'gretap0\x00', 0x200}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000600)={{{@in6=@remote, @in6=@remote, 0x4e21, 0x0, 0x4e21, 0x0, 0xa, 0xa0, 0x0, 0x33}, {0x5, 0x7, 0x100000000, 0x4, 0x1, 0x22, 0xffff, 0x5}, {0x6fcb9f2b, 0x5, 0x0, 0x2}, 0x25c, 0x6e6bbe, 0x0, 0x0, 0x3, 0x2}, {{@in=@remote, 0x4d6, 0x2b}, 0xa, @in=@empty, 0x3507, 0x4, 0x0, 0x7, 0x7ff, 0xffffff7f, 0x8000}}, 0xe4) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) 5.050110369s ago: executing program 2 (id=978): socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x73) setuid(0xee01) 4.918970779s ago: executing program 2 (id=980): r0 = socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) r1 = memfd_create(&(0x7f0000000680)='\x103q}2\x9a\xce\xaf^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99\x18\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1f\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\tRJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd99C\x9fF\x9c[M=\xa0^\xa8\xed)\xe8Z\xe8\x9b&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xc9\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8ZmH\x98\xaeb\xa5B5)\x80m\xff\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6\x05\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\x19\x06U)j!\x91\'\x98\xd2kFN\xfa\x80)O\xb9(!n\x9d\x13\x15\xf1\x1a\xb8y\x14l\xd1', 0x7) ioctl$FS_IOC_RESVSP(r1, 0x402c5828, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x762}) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x9, 0x2012, r1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r0, 0x0) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@none}]}) socket$inet6_udp(0xa, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) shutdown(r2, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0xc8000) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0xfffffcb6) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x24004080) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f0000000380), 0x1ff, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc2c45513, &(0x7f0000000040)={{0x2, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, [0x2, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x3, 0x2, 0x1000000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x8, 0x4, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x2, 0x4, 0x2, 0x0, 0x4cd, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x14f9, 0x0, 0x4000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x1, 0xfffffffc, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x2, 0x0, 0x1, 0x648c0000, 0x2, 0x0, 0xfffffffd]}) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') open(&(0x7f0000000040)='./file0\x00', 0x80242, 0x10) 4.85803643s ago: executing program 3 (id=982): r0 = socket$igmp6(0xa, 0x3, 0x2) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, 0x20000}, 0x1c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r2, 0xe0a, 0x70bd25, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x30044041}, 0x40) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r3) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001bc0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r1, &(0x7f0000001cc0)={&(0x7f0000001b80)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001c80)={&(0x7f0000001c00)={0x70, r4, 0x2820e38854418661, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x5d}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_PMKID={0x14, 0x55, "e535039332c9609ad9e4be3422852924"}, @NL80211_ATTR_PMKID={0x14, 0x55, "4f31c22afeb85e5f4dc2d558e49694c0"}, @NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) 4.769928007s ago: executing program 3 (id=983): pipe2(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x40200, 0x0) ioctl$TIOCPKT(r1, 0x5420, &(0x7f00000000c0)=0x3ff) sendfile(r0, r1, 0x0, 0x10ffff) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000740)={0x6e, 0x483aa015, 0x0, 0x0, 0x0, "fe00"}) (fail_nth: 3) 3.420481686s ago: executing program 2 (id=985): socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x73) setuid(0xee01) (fail_nth: 2) 3.22965865s ago: executing program 2 (id=986): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) symlinkat(&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c000000100001002cbd70002000000000000000", @ANYRES32=0x0, @ANYBLOB="1301975784800000140003006e657464657673696d30000000000000140014006970366772657461703000000000000034001680300001802c000c801400"], 0x7c}, 0x1, 0x0, 0x0, 0x20000084}, 0x20000010) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="01000000000000001c0012800c0001006d6163766c616e000c000280080001001a0000003d3ccd944b802d1c784e30d0bbf4835c4a3531457bd6da14c3c2db475f8889"], 0x3c}}, 0x0) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4}) socket$netlink(0x10, 0x3, 0x15) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) ptrace$ARCH_SHSTK_UNLOCK(0x1e, r0, 0x0, 0x5004) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000000700000000000000"], 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', r7, 0x0, 0x1}, 0x18) shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@ipv4_newrule={0x24, 0x20, 0x1, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x19, 0x3c}]}, 0x24}}, 0x48850) 3.088196542s ago: executing program 1 (id=987): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0xfe18}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}}, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000040), 0x20000000, 0x40800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0), 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETGAMMA(r2, 0xc02064a4, &(0x7f0000000400)={0x0, 0x1, &(0x7f00000002c0)=[0x0], 0x0, 0x0}) r3 = fanotify_init(0x20, 0x0) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ptrace(0x10, r4) ptrace$peeksig(0x4212, r4, &(0x7f0000000140)={0x0, 0x0, 0x4e}, &(0x7f0000000fc0)) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2800000010005fba0000002000b1000000000000", @ANYRES32=0x0, @ANYBLOB="80000200e180000008001b"], 0x28}}, 0x0) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r6, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x10, 0x4, 0x4, 0x1}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x58, &(0x7f00000004c0)={0x0, 0x0}}, 0xd) r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={r8}, 0xc) bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000000)={r9, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, 0xfffffffffffffcbf, 0x0}}, 0x10) r10 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01002cbd70100400000005000000080009000200000008000c00a80a000008000b00000000000600010005"], 0x34}}, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) syz_usb_connect(0x5, 0x24, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x1f, 0x66, 0x8, 0x58f, 0x6610, 0x4805, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x95, 0x70, 0x81, [{{0x9, 0x4, 0x0, 0x81, 0x0, 0xff, 0xff, 0xff, 0x2}}]}}]}}, &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x23}) socket$nl_netfilter(0x10, 0x3, 0xc) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 2.959911352s ago: executing program 0 (id=989): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0) r1 = epoll_create1(0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) migrate_pages(0x0, 0x9, &(0x7f0000000040)=0x9, 0x0) r2 = fcntl$dupfd(r1, 0x2, r1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mremap(&(0x7f00004d6000/0x4000)=nil, 0x4000, 0x4000, 0x2, &(0x7f00001e2000/0x4000)=nil) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r2, 0x0, 0xa}, 0x16) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil) syz_emit_ethernet(0x0, 0x0, 0x0) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r5, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) socket$inet(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0xffffffffffffffb0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000002b0009ef"], 0x14}}, 0x84) 1.994150764s ago: executing program 0 (id=990): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="50000000000118040000000000000000020000001800018014000180080001000000000008000200ac141400260002800c0002800500010000000000"], 0x50}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0xa0, 0x30, 0x51b, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}, @m_ct={0x2c, 0x1, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa0}}, 0x0) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e0001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b70000001a000000bca300000000000024030000c0feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f122059b653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa484d08c339b3016342ed345ff0055e2a06ff700f4647c727bec67745335d940b0d117125e75c0b07854fd085d9db1f43181553d68644e4c55685b2dadede4a711b1417f60bb6bde64c69adc6cc16f514bc399ab1c864b09e168ec03ce04d5"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x400}, 0x10}, 0x94) 1.993438939s ago: executing program 0 (id=991): r0 = socket$igmp6(0xa, 0x3, 0x2) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, 0x20000}, 0x1c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r2, 0xe0a, 0x70bd25, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x30044041}, 0x40) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r3) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001bc0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r1, &(0x7f0000001cc0)={&(0x7f0000001b80)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001c80)={&(0x7f0000001c00)={0x70, r4, 0x2820e38854418661, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x5d}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_PMKID={0x14, 0x55, "e535039332c9609ad9e4be3422852924"}, @NL80211_ATTR_PMKID={0x14, 0x55, "4f31c22afeb85e5f4dc2d558e49694c0"}, @NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) 1.986476385s ago: executing program 0 (id=992): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x80040, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r1, 0x5218) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$tipc(0xffffffffffffffff, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x0, 0x0, 0x20}}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) r3 = socket$kcm(0x29, 0x5, 0x0) r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_tracing={0x1a, 0x10, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x46, 0x0, 0x0, 0x0, 0x1a}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@alu={0x4, 0x1, 0x3, 0xa, 0x6, 0xfffffffffffffffc, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='syzkaller\x00', 0x8000, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x2, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x212be, 0xffffffffffffffff, 0x6, &(0x7f0000000400)=[r0, r0, r0], &(0x7f0000000440)=[{0x2, 0x4, 0xb, 0x6}, {0x3, 0x3, 0x0, 0x8}, {0x5, 0x5, 0xc, 0x4}, {0x2, 0x1, 0x4, 0xc}, {0x4, 0x4, 0x3, 0xa}, {0x2, 0x5, 0xf, 0x7}], 0x10, 0x8}, 0x94) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f00000005c0)={0xffffffffffffffff, r4}) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x8}, 0x90) ioctl$SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000040)={'gretap0\x00', 0x200}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000600)={{{@in6=@remote, @in6=@remote, 0x4e21, 0x0, 0x4e21, 0x0, 0xa, 0xa0, 0x0, 0x33}, {0x5, 0x7, 0x100000000, 0x4, 0x1, 0x22, 0xffff, 0x5}, {0x6fcb9f2b, 0x5, 0x0, 0x2}, 0x25c, 0x6e6bbe, 0x0, 0x0, 0x3, 0x2}, {{@in=@remote, 0x4d6, 0x2b}, 0xa, @in=@empty, 0x3507, 0x4, 0x0, 0x7, 0x7ff, 0xffffff7f, 0x8000}}, 0xe4) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) 1.74998705s ago: executing program 3 (id=993): openat$ipvs(0xffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x5, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000fefffe7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000c9be17044171e1d3d7b1efd036d7af273bce36015779c4cef58fa35d17c668a4b63e069efb29797573b8538e31ec24925095a163b9d4e76be2661f2a395e41f7e31a8021e00b00104e0801d4de36e5fdc6c42a7b3ff13f2360a6e231fd223bc33091dd61258a1fda45991fbdce6793c8a4785ee8b60092659b941bbd694dff0f0000000000003a45404b04bf97c4fea679c032b363956cd8bac9626b5db1b07a0bd7cc85e961506a35a04617dc0200379e731d3a8d8feac94a4ee293001f6ce7d5b40bf2a7f9be8173a9639a79fae885d05afe042c0e7821d406c967379e7521292d24d6c8034f2fc7c855a8945e9bce678ee9a015abc9daac8876623db56346916674ceb55f60b493f2f4d736acb2f206fc538450a676d71c01175b8454eb92567e8f8a707b190d7219288e23ee0800000000000010a49fc8f4ff0300000000000000000000cb947d6017ad27714772ad790af252e648ef8c313c604324f5b306000000000000cf327a00000000000000080a70162bba30ad7804fa4140f1a754ffff000000ab744d306619dfb3a37d897662bee00189f43da46a908a235c84cbad335fd1d2f2ef93a6a70c8b8ece0e243eab05a34ab0a7e7e497065e5e282e284f8d5e8852a265d528075214af000000000070d42182d8f3a347d48289a8b29b911ac473c5fa02bb0e24e5b7b238e27263a23c0b865f75331d888c72df1da4b290582f00024227f03204add786a87b23ceb17c25810e769fe2d6a7bd8e504843b66b1a8c7b364bd2194ba9c8f60ac0c9b18d8c1b9e1a736825c91b4dff0000c1c5dcffa295c2930000000000235d84b0193a5ea7c77cdb7de9ce1a59ab4158097b4dd13ebfaf4425c6855530b56a3320d85c8fe85f667998b1a7e589f486c107761108e4e230419fd27b6ad9c10b25c6b6ed84badbb970dcf133279dd355e41de944564bdab99c5c712a9fbc8e9691c775bb94f746505e1e748cf1710d52468b4b1625ce21612ed5e807dfb5f19f3267e5366b2c0b2a0be49ae476263c9407ac6c596bf3cf66204984f5aebf93d1caa220ea6969cea852fe9a7d1eee13f1f48722a69ad9fb850bd093a302b9250245900ad5c8e5f20ddf77ee3d5a168964fad1aa7347d36c502d02b1d96d753ef6fc354fc126070060c65c147651fca62c0a06939f40c90ebc3042e753fe91b5770b24f25c558736dd7e1e9fb214cbb04c5c6ee4c970b320ba6fb6ef4615f4092de54c519f4622e1224153463ea80248a45a95a189958f586d606dcaa9aac656cf95a2d35225cfb0e6f47486d5cbb04a590116d4de92e203e107d68728a189b0d537d2442beab2f8ce7b2dd357200dcd139e47267012fc2a2b6bad79be429d1ddaccbe0139f16ca1b9bc1103000000ed1ece54cfdbe04670bee9b42fe3dc42033997e2e700b6edb2b49b5f2f6001ee0a9e5d1bee199ce9124a5cb479040000000000000049ead5b02d5ea1dcf6cdcf332fe94b3c1932d8d391754774a32c9b7e6ca4023bce2c7281d27a2cb62383ab3a3bb535650fbfb96c89936855eb7a485698f0d20c3eedd6123ef8f218d52ea2c346f80acb8b9a71856d2f2d1a7c6f45ee127b6a1d1ac1e243ed02e49e8aafe835919564af915965a050c37ceff855bd2dec3452c7c38f5dbf1ff1ff00020000000000006a1a029ea6540b40b2f797813af2c7d4ed235c2dc5f1dbbfcc52b2f55fd3f9f100c4891d0cb4c10ed01489bf235c45822594d7a6edc9d1270a7819fc0c597fdfb4d7842da1b411346297a40bbf221bbf63ad3822575dcc01a3c34b5aa4e3750400000000000000fc0fd9c746cf0ed4b0343d00a154e6a869346256ffbd666a34414ab0f40bec45b1c24f02ac9bc20e69201968537dd4dc61323c8b6d3643183631664eeca616696fb30fe89c8bdb15037c801fca4a9c220fec5d14582a00b62548ddf2599e5ffc5330cefb8903d276eae21b0b4b20100ead8256636c7e754185e815dd21445cc965a0526da38021a3e540949494ef3041cfa5067f556a0af5c19d27ff4f61fa7762d7963c96853709e773f14c47eef784cb145ae9d6d37fc7b5d83e05ac773fcc429eae6826a9d207d4c39df8eed9cc2ae3f68df1c6495a82d02939b448bf8038521057714e6e6405000000be9e0b0025d16b7eff573f78364ed70a62a7b1e55311dc0193d47f9ecc8c7ad268dc6e2e75f8cc83315411bd6c6b88e1850ee757ac2f9e4d6ac510003717d5847a19e750db92d33d6bdc434d0b52b2eb4b1790459e35122f46b205120a54bf657da9fd55d43a89e333481de468f5984a69509e9eac7a5b39c004396e8cb3ab037fd62fa43f259f13ebc4b590e9ea07ea37689049c799cd444d45dabe3e3cf086768daa6816c37793d17a284d2828f5eab2d3d0bedd5334b7bb4c983fa9cd4bd86f0ad227901e83ef4871695380d25bea2929fa66382af6ddb89917ab100046151bd08fce74247955247daa1ea75139b9ce3771526503c7db3a4b3ff39301986c1fd9b5c42d39e768946c9a7ee8dd081bfb6ea5fa132ebdbe72d02ce9f2000000006f63ae8311afc4943c963d39e42c54a3f52d121bfb425fe268892f654febdaee43e95b5ae6749275e1ad8b8b279e1ae296e03a8d9386d8e199dc1f00000008000000000000000026c43493c622f041b47d329b248e8ccd92e9b17007ba2578eefcb59f50343722e6cba3be72fd037eb5fa243a395b5c83376a14414b32c2e8a33de8000000003927da2bec76f4e15c8bf3715c5bfe7b3617d0fcf9b5861554b5b76b8ae69c644a48931306a16cff8a38ea95553867e2c5fb1e99b1802e616345871b4611627874cfbe30fa5793c873ae6f75427f3eeda690147b9615b096d967c2d7f5ddf725f0544f8750a5ed04d6ca0f223506fec5d5e65b467c59459f6113cf41c174a63a17fc79d0b777a0c903c0d2e7f79b6f9ce68a3b72315407040f6a09cadc25e87b7c6b4a3079c7989b4cf04b2581b555fa9a2d74392939b4dbaa9e620e22ab975ac3a5a329157762c1f29075fbdd39451a56b97c90e4fde6782a7c78e7fbe8400054dcafcd51e9eef2d2ea10a3f2636ac2239cef5d8505060de55f472aa89cb8e0188f2ee96cb1ae8dee3c03d0a942c6289cbc4499cea402bd0550520f4aae98c436f18a667ae4efeb5e6a4b1b3f53536145a87578ead8ec76b17acd9d9629449714ed1302714c3519fdd8529b5a86ce2fabb7f285fe73730000000000000000000000000000000073b6f8e9255567374cb2cc80be58fca5b1dc50d85342e56beda632edb7f0a4abcabae102fadfbffecc6b1549315dda8e09d18a7fe5e1574e4fad426b6ca211da39a16dffdd661a20b20c390e00004b002cd83b754c3d32819c823027b3cf8f8da6e63d099712be370bb2aa06debff931ea0a2e7aa0390000000000000045b6720d74c470d49e1e97d1668bb75ad994089d723c2eeaad3f857937fa3df615121a1841ed452dd395788e1a82efda18b41c06c948ef44af8500fbe1ee0828a3b047afb80435935b0f99b381dcf101e9a1593bdaab3bc88c70bf56995a4790a339e1b62516356644ed7df6db419d0976a5169e68e8bd4712552c5ec03f2818c17c4a5bf1e5ecd9bb40074a63c66b61f4779226a99dc5ff9c442e93991570797493569e6f9ccd6d73bcbce41022e2731fc61b6bf0188c74a21471332a546ffe8e9dd738aa2ca782ff5a547a1ad7c348c59ff99d1496404eafcd0333df8f2801d39ad0c82735af24b819efc2fd67c6a53835f0af6a51d1b9123f4b9af7fa2ee2ebf4bc2973cf04380b41aa7577e35bcd28446bfcea19aa85440fe0fdce12e53da7b8842b7527a34d1bcb16fcdc84f2c46a78c01c2ff463cdd0d65267b0822e899e893514a02acd8c21583d181224175d08ff75223da84d53656eb7ab46ad442d70c67a6010029329924b8b39e6dc4b2077a4b9645d8e0a445ae2c7be53d66007d491ab0f6851a2cc1cffeed15f586a035c1a2888c56f43"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2000000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x2d1, 0xfffffffffffffd85, &(0x7f00000000c0)="b9ff03030018698cb89e40f086dd6000000e00002b00630677", 0x0, 0x100, 0x2000000, 0x0, 0x0, &(0x7f0000000440)}, 0x28) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() futex(&(0x7f0000000100)=0x1, 0xb, 0x2, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180), 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8010, 0xffffffffffffffff, 0x0) chroot(&(0x7f0000000040)='./cgroup\x00') recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ed5000410"], 0x11) 1.089737372s ago: executing program 0 (id=994): r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0}) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='sched\x00') exit(0xffff) writev(r3, &(0x7f0000000000)=[{&(0x7f0000000080)="8d", 0x1}, {&(0x7f00000000c0)="e5fd56693db2c20551f658e3e31c32bf199d447970e06a759615d54848363d56c9ac1b4d7c92f36c105c77eed10f64a9f9024cd11d5f7447d9c6156098f21497984251754b7572743b8cb08e14535a896209d5929a013cbac1bca5bd12a3e56ba6ddfc6998ba18ddc542e3cc22429a4c2124d5723941b7dbf5b1389fd948d32a3dc78e08b870df9f57fd739230b54625f8c40de76e9cc8aec1d8df905452f0944a923955062e56938257772a5fcb11a07c952eafa581", 0xb6}, {&(0x7f00000002c0)="7eac793eb718e6b20b20e93d87d8c51e1a9294f971e41c7a643d58d96f8786c9cd494a02a5e2e1abd8a0006ca08be37d4aca76f322f7e919349204994d7e4ff4778de73248f06e647c3f1b1bd2fd3fa8e6c4392ac03286944268", 0x5a}], 0x3) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000340)) dup(r4) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000003c0)={0x1, r1}) 1.06056756s ago: executing program 2 (id=995): openat$ipvs(0xffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x5, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000fefffe7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000c9be17044171e1d3d7b1efd036d7af273bce36015779c4cef58fa35d17c668a4b63e069efb29797573b8538e31ec24925095a163b9d4e76be2661f2a395e41f7e31a8021e00b00104e0801d4de36e5fdc6c42a7b3ff13f2360a6e231fd223bc33091dd61258a1fda45991fbdce6793c8a4785ee8b60092659b941bbd694dff0f0000000000003a45404b04bf97c4fea679c032b363956cd8bac9626b5db1b07a0bd7cc85e961506a35a04617dc0200379e731d3a8d8feac94a4ee293001f6ce7d5b40bf2a7f9be8173a9639a79fae885d05afe042c0e7821d406c967379e7521292d24d6c8034f2fc7c855a8945e9bce678ee9a015abc9daac8876623db56346916674ceb55f60b493f2f4d736acb2f206fc538450a676d71c01175b8454eb92567e8f8a707b190d7219288e23ee0800000000000010a49fc8f4ff0300000000000000000000cb947d6017ad27714772ad790af252e648ef8c313c604324f5b306000000000000cf327a00000000000000080a70162bba30ad7804fa4140f1a754ffff000000ab744d306619dfb3a37d897662bee00189f43da46a908a235c84cbad335fd1d2f2ef93a6a70c8b8ece0e243eab05a34ab0a7e7e497065e5e282e284f8d5e8852a265d528075214af000000000070d42182d8f3a347d48289a8b29b911ac473c5fa02bb0e24e5b7b238e27263a23c0b865f75331d888c72df1da4b290582f00024227f03204add786a87b23ceb17c25810e769fe2d6a7bd8e504843b66b1a8c7b364bd2194ba9c8f60ac0c9b18d8c1b9e1a736825c91b4dff0000c1c5dcffa295c2930000000000235d84b0193a5ea7c77cdb7de9ce1a59ab4158097b4dd13ebfaf4425c6855530b56a3320d85c8fe85f667998b1a7e589f486c107761108e4e230419fd27b6ad9c10b25c6b6ed84badbb970dcf133279dd355e41de944564bdab99c5c712a9fbc8e9691c775bb94f746505e1e748cf1710d52468b4b1625ce21612ed5e807dfb5f19f3267e5366b2c0b2a0be49ae476263c9407ac6c596bf3cf66204984f5aebf93d1caa220ea6969cea852fe9a7d1eee13f1f48722a69ad9fb850bd093a302b9250245900ad5c8e5f20ddf77ee3d5a168964fad1aa7347d36c502d02b1d96d753ef6fc354fc126070060c65c147651fca62c0a06939f40c90ebc3042e753fe91b5770b24f25c558736dd7e1e9fb214cbb04c5c6ee4c970b320ba6fb6ef4615f4092de54c519f4622e1224153463ea80248a45a95a189958f586d606dcaa9aac656cf95a2d35225cfb0e6f47486d5cbb04a590116d4de92e203e107d68728a189b0d537d2442beab2f8ce7b2dd357200dcd139e47267012fc2a2b6bad79be429d1ddaccbe0139f16ca1b9bc1103000000ed1ece54cfdbe04670bee9b42fe3dc42033997e2e700b6edb2b49b5f2f6001ee0a9e5d1bee199ce9124a5cb479040000000000000049ead5b02d5ea1dcf6cdcf332fe94b3c1932d8d391754774a32c9b7e6ca4023bce2c7281d27a2cb62383ab3a3bb535650fbfb96c89936855eb7a485698f0d20c3eedd6123ef8f218d52ea2c346f80acb8b9a71856d2f2d1a7c6f45ee127b6a1d1ac1e243ed02e49e8aafe835919564af915965a050c37ceff855bd2dec3452c7c38f5dbf1ff1ff00020000000000006a1a029ea6540b40b2f797813af2c7d4ed235c2dc5f1dbbfcc52b2f55fd3f9f100c4891d0cb4c10ed01489bf235c45822594d7a6edc9d1270a7819fc0c597fdfb4d7842da1b411346297a40bbf221bbf63ad3822575dcc01a3c34b5aa4e3750400000000000000fc0fd9c746cf0ed4b0343d00a154e6a869346256ffbd666a34414ab0f40bec45b1c24f02ac9bc20e69201968537dd4dc61323c8b6d3643183631664eeca616696fb30fe89c8bdb15037c801fca4a9c220fec5d14582a00b62548ddf2599e5ffc5330cefb8903d276eae21b0b4b20100ead8256636c7e754185e815dd21445cc965a0526da38021a3e540949494ef3041cfa5067f556a0af5c19d27ff4f61fa7762d7963c96853709e773f14c47eef784cb145ae9d6d37fc7b5d83e05ac773fcc429eae6826a9d207d4c39df8eed9cc2ae3f68df1c6495a82d02939b448bf8038521057714e6e6405000000be9e0b0025d16b7eff573f78364ed70a62a7b1e55311dc0193d47f9ecc8c7ad268dc6e2e75f8cc83315411bd6c6b88e1850ee757ac2f9e4d6ac510003717d5847a19e750db92d33d6bdc434d0b52b2eb4b1790459e35122f46b205120a54bf657da9fd55d43a89e333481de468f5984a69509e9eac7a5b39c004396e8cb3ab037fd62fa43f259f13ebc4b590e9ea07ea37689049c799cd444d45dabe3e3cf086768daa6816c37793d17a284d2828f5eab2d3d0bedd5334b7bb4c983fa9cd4bd86f0ad227901e83ef4871695380d25bea2929fa66382af6ddb89917ab100046151bd08fce74247955247daa1ea75139b9ce3771526503c7db3a4b3ff39301986c1fd9b5c42d39e768946c9a7ee8dd081bfb6ea5fa132ebdbe72d02ce9f2000000006f63ae8311afc4943c963d39e42c54a3f52d121bfb425fe268892f654febdaee43e95b5ae6749275e1ad8b8b279e1ae296e03a8d9386d8e199dc1f00000008000000000000000026c43493c622f041b47d329b248e8ccd92e9b17007ba2578eefcb59f50343722e6cba3be72fd037eb5fa243a395b5c83376a14414b32c2e8a33de8000000003927da2bec76f4e15c8bf3715c5bfe7b3617d0fcf9b5861554b5b76b8ae69c644a48931306a16cff8a38ea95553867e2c5fb1e99b1802e616345871b4611627874cfbe30fa5793c873ae6f75427f3eeda690147b9615b096d967c2d7f5ddf725f0544f8750a5ed04d6ca0f223506fec5d5e65b467c59459f6113cf41c174a63a17fc79d0b777a0c903c0d2e7f79b6f9ce68a3b72315407040f6a09cadc25e87b7c6b4a3079c7989b4cf04b2581b555fa9a2d74392939b4dbaa9e620e22ab975ac3a5a329157762c1f29075fbdd39451a56b97c90e4fde6782a7c78e7fbe8400054dcafcd51e9eef2d2ea10a3f2636ac2239cef5d8505060de55f472aa89cb8e0188f2ee96cb1ae8dee3c03d0a942c6289cbc4499cea402bd0550520f4aae98c436f18a667ae4efeb5e6a4b1b3f53536145a87578ead8ec76b17acd9d9629449714ed1302714c3519fdd8529b5a86ce2fabb7f285fe73730000000000000000000000000000000073b6f8e9255567374cb2cc80be58fca5b1dc50d85342e56beda632edb7f0a4abcabae102fadfbffecc6b1549315dda8e09d18a7fe5e1574e4fad426b6ca211da39a16dffdd661a20b20c390e00004b002cd83b754c3d32819c823027b3cf8f8da6e63d099712be370bb2aa06debff931ea0a2e7aa0390000000000000045b6720d74c470d49e1e97d1668bb75ad994089d723c2eeaad3f857937fa3df615121a1841ed452dd395788e1a82efda18b41c06c948ef44af8500fbe1ee0828a3b047afb80435935b0f99b381dcf101e9a1593bdaab3bc88c70bf56995a4790a339e1b62516356644ed7df6db419d0976a5169e68e8bd4712552c5ec03f2818c17c4a5bf1e5ecd9bb40074a63c66b61f4779226a99dc5ff9c442e93991570797493569e6f9ccd6d73bcbce41022e2731fc61b6bf0188c74a21471332a546ffe8e9dd738aa2ca782ff5a547a1ad7c348c59ff99d1496404eafcd0333df8f2801d39ad0c82735af24b819efc2fd67c6a53835f0af6a51d1b9123f4b9af7fa2ee2ebf4bc2973cf04380b41aa7577e35bcd28446bfcea19aa85440fe0fdce12e53da7b8842b7527a34d1bcb16fcdc84f2c46a78c01c2ff463cdd0d65267b0822e899e893514a02acd8c21583d181224175d08ff75223da84d53656eb7ab46ad442d70c67a6010029329924b8b39e6dc4b2077a4b9645d8e0a445ae2c7be53d66007d491ab0f6851a2cc1cffeed15f586a035c1a2888c56f43"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2000000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x2d1, 0xfffffffffffffd85, &(0x7f00000000c0)="b9ff03030018698cb89e40f086dd6000000e00002b00630677", 0x0, 0x100, 0x2000000, 0x0, 0x0, &(0x7f0000000440)}, 0x28) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) futex(&(0x7f0000000100)=0x1, 0xb, 0x2, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180), 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8010, 0xffffffffffffffff, 0x0) chroot(&(0x7f0000000040)='./cgroup\x00') recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ed5000410"], 0x11) 923.969559ms ago: executing program 3 (id=996): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) setrlimit(0x4, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000080)=0x9fe, 0x4) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) 220.255493ms ago: executing program 0 (id=997): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) setrlimit(0x4, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000080)=0x9fe, 0x4) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) (fail_nth: 1) 100.229696ms ago: executing program 2 (id=998): socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x3) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0xae71, 0x0) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x1000) ppoll(&(0x7f0000000040)=[{r3, 0x9620}], 0x1, 0x0, 0x0, 0x0) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0xf4, 0x0) write$dsp(r4, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) 0s ago: executing program 1 (id=999): syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000680)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) syz_open_dev$hidraw(&(0x7f0000000b40), 0xe1d5, 0x1ca842) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x84, 0x30, 0x400, 0xfffffffc, 0x0, {}, [{0x70, 0x1, [@m_ct={0x40, 0x2, 0x0, 0x0, {{0x7}, {0x18, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @private1}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x2c, 0x3fff, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x804}, 0x408c3) r1 = getpid() setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000ac0)=@ccm_128={{0x303}, "314a9b5cdad79202", "16075a410ef30b5384933d3b0932ac30", "62c5e469", "7226a4714de55cf6"}, 0x28) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000540)) timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mq_notify(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x2c, 0x0, @thr={&(0x7f0000000400)="3186d82c39b8bc69cb76607cacc13ada7f7a35fc1818e5f37d8940c3c0894f2c6e54c6f15727376959c805935347316f009ee7c4d4e8b5b41153cb0b88dd143e173303d7d637287d500b5a0e654ceba6e3f28f08c31c164cf5bf913a712097d4acd87d23963d3460b414f713eabfbaa2bc99a88d0b95fa109d41e8ca9995f5ecb72b8213bba0a19ef2cd55d518a6d319f75cfc8026e2b616", &(0x7f00000006c0)="0cf1f1adfb8659d2a706c7ac73a2578a30b759b5f36cd1ecea6a2799f950acd1e127de450398dfd025502edee8685d45a7d56d6c7fdcd22ac8b6384dc479aa32b661f7c3edbb1c9996930119a30b9708ab6898b8eb3c438ee10567723ba5c78ba403cbf3281273471b6dd673b1ce6228d8dbce7ea805740fca53bae953756443e61c8f8b379deab3b11dc25189cadf309154a85e31d7e65adb6f1858e15c85aecf1cbb0c1800344d3c1ca41ca8d155e82f8b752f4c059955614d2265"}}) r2 = landlock_create_ruleset(&(0x7f0000000080)={0x8040}, 0x18, 0x0) landlock_restrict_self(r2, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="340000001800010000000000010000001d0100002400050008040808150003000000008003030000000000001000000002000000"], 0x34}}, 0x20008030) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000001c0)=0xffffffffffffffff) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000240)=0x200) sched_setscheduler(r1, 0x0, &(0x7f0000000280)=0x19a) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r5, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f00000004c0)}, 0x9}, {{0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000b00)=""/11, 0xb}, 0x9}], 0x2, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, &(0x7f00000008c0)={{0x1, 0x4, 0x3, 0x1, '\x00', 0x5}, 0x0, 0x30, 0x400, r1, 0x7, 0x5, 'syz1\x00', &(0x7f0000000300)=['netdevsim0\x00', '\x00', '#(w\x00', '\x00', 'ct\x00', 'ct\x00', 'contention_begin\x00'], 0x28}) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x33}}) kernel console output (not intermixed with test programs): ce 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 159.421748][ T6023] usb 7-1: config 0 interface 0 has no altsetting 0 [ 159.428809][ T6023] usb 7-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 159.431966][ T6023] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.435288][ T6023] usb 7-1: Product: syz [ 159.437924][ T6023] usb 7-1: Manufacturer: syz [ 159.439654][ T6023] usb 7-1: SerialNumber: syz [ 159.441046][ T8296] netlink: 'syz.0.620': attribute type 1 has an invalid length. [ 159.443729][ T8296] netlink: 'syz.0.620': attribute type 2 has an invalid length. [ 159.453869][ T6023] usb 7-1: config 0 descriptor?? [ 159.626046][ T8302] loop6: detected capacity change from 0 to 524279808 [ 159.699694][ T6023] usb 7-1: Can not set alternate setting to 1, error: -71 [ 159.702791][ T6023] synaptics_usb 7-1:0.0: probe with driver synaptics_usb failed with error -71 [ 159.708331][ T6023] usb 7-1: USB disconnect, device number 4 [ 159.861845][ T8305] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 159.864720][ T8305] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 159.871392][ T8305] vhci_hcd vhci_hcd.0: Device attached [ 160.227022][ T8314] loop6: detected capacity change from 0 to 524279808 [ 160.651995][ T8307] vhci_hcd: connection closed [ 160.652983][ T1136] vhci_hcd: stop threads [ 160.671587][ T1136] vhci_hcd: release socket [ 160.702866][ T1136] vhci_hcd: disconnect device [ 161.263282][ T8319] 8021q: adding VLAN 0 to HW filter on device bond1 [ 161.319873][ T8321] FAULT_INJECTION: forcing a failure. [ 161.319873][ T8321] name failslab, interval 1, probability 0, space 0, times 0 [ 161.323838][ T8321] CPU: 0 UID: 0 PID: 8321 Comm: syz.0.625 Not tainted syzkaller #0 PREEMPT(full) [ 161.323854][ T8321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 161.323861][ T8321] Call Trace: [ 161.323866][ T8321] [ 161.323871][ T8321] dump_stack_lvl+0x16c/0x1f0 [ 161.323894][ T8321] should_fail_ex+0x512/0x640 [ 161.323912][ T8321] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 161.323931][ T8321] should_failslab+0xc2/0x120 [ 161.323944][ T8321] __kmalloc_cache_noprof+0x6a/0x3e0 [ 161.323961][ T8321] ? rtnl_newlink+0x11b/0x2000 [ 161.323974][ T8321] ? __pfx_rtnl_newlink+0x10/0x10 [ 161.323983][ T8321] rtnl_newlink+0x11b/0x2000 [ 161.323997][ T8321] ? __pfx_rtnl_newlink+0x10/0x10 [ 161.324010][ T8321] ? kmem_cache_free+0x2d1/0x4d0 [ 161.324027][ T8321] ? kfree_skbmem+0x1a4/0x1f0 [ 161.324052][ T8321] ? __lock_acquire+0x62e/0x1ce0 [ 161.324076][ T8321] ? rcu_is_watching+0x12/0xc0 [ 161.324101][ T8321] ? find_held_lock+0x2b/0x80 [ 161.324113][ T8321] ? __pfx_rtnl_newlink+0x10/0x10 [ 161.324123][ T8321] ? __pfx_rtnl_newlink+0x10/0x10 [ 161.324132][ T8321] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 161.324143][ T8321] ? __pfx_rtnl_newlink+0x10/0x10 [ 161.324154][ T8321] rtnetlink_rcv_msg+0x95b/0xe90 [ 161.324165][ T8321] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 161.324180][ T8321] ? ref_tracker_free+0x37c/0x830 [ 161.324192][ T8321] netlink_rcv_skb+0x158/0x420 [ 161.324203][ T8321] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 161.324215][ T8321] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 161.324230][ T8321] ? netlink_deliver_tap+0x1ae/0xd30 [ 161.324249][ T8321] netlink_unicast+0x5a7/0x870 [ 161.324261][ T8321] ? __pfx_netlink_unicast+0x10/0x10 [ 161.324272][ T8321] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 161.324293][ T8321] netlink_sendmsg+0x8d1/0xdd0 [ 161.324306][ T8321] ? __pfx_netlink_sendmsg+0x10/0x10 [ 161.324322][ T8321] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 161.324342][ T8321] ____sys_sendmsg+0xa98/0xc70 [ 161.324357][ T8321] ? __pfx_____sys_sendmsg+0x10/0x10 [ 161.324369][ T8321] ? get_compat_msghdr+0x11a/0x170 [ 161.324392][ T8321] ___sys_sendmsg+0x134/0x1d0 [ 161.324410][ T8321] ? __pfx____sys_sendmsg+0x10/0x10 [ 161.324433][ T8321] ? find_held_lock+0x2b/0x80 [ 161.324453][ T8321] __sys_sendmsg+0x16d/0x220 [ 161.324470][ T8321] ? __pfx___sys_sendmsg+0x10/0x10 [ 161.324493][ T8321] ? rcu_is_watching+0x12/0xc0 [ 161.324507][ T8321] __do_fast_syscall_32+0x7c/0x300 [ 161.324520][ T8321] do_fast_syscall_32+0x32/0x80 [ 161.324530][ T8321] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 161.324544][ T8321] RIP: 0023:0xf701e579 [ 161.324554][ T8321] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 161.324565][ T8321] RSP: 002b:00000000f53ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 161.324576][ T8321] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140 [ 161.324583][ T8321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 161.324589][ T8321] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 161.324595][ T8321] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 161.324601][ T8321] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 161.324614][ T8321] [ 161.482760][ T8319] bond_slave_0: entered promiscuous mode [ 161.485591][ T8319] bond_slave_1: entered promiscuous mode [ 161.492913][ T8319] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 161.498222][ T8319] bond1: (slave macvlan3): Enslaving as a backup interface with an up link [ 161.502676][ T8323] tipc: Enabling of bearer rejected, failed to enable media [ 161.776486][ T5986] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 161.928478][ T5986] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 161.931373][ T5986] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 161.934464][ T5986] usb 5-1: config 0 interface 0 has no altsetting 0 [ 161.947337][ T5986] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 161.950145][ T5986] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 161.953487][ T5986] usb 5-1: Product: syz [ 161.955248][ T5986] usb 5-1: Manufacturer: syz [ 161.957434][ T5986] usb 5-1: SerialNumber: syz [ 161.961370][ T5986] usb 5-1: config 0 descriptor?? [ 161.964459][ T5986] hub 5-1:0.0: bad descriptor, ignoring hub [ 161.966926][ T5986] hub 5-1:0.0: probe with driver hub failed with error -5 [ 161.970750][ T5986] usb 5-1: selecting invalid altsetting 0 [ 161.971938][ T8331] netlink: 4 bytes leftover after parsing attributes in process `syz.2.629'. [ 161.984590][ T8331] macvtap1: entered promiscuous mode [ 161.986830][ T8331] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode [ 161.991240][ T8331] mac80211_hwsim hwsim5 wlan1: left promiscuous mode [ 162.006663][ T1341] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 162.046041][ T40] kauditd_printk_skb: 74 callbacks suppressed [ 162.046053][ T40] audit: type=1326 audit(1759384931.368:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.2.629" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa8579 code=0x0 [ 162.286540][ T1341] usb 6-1: Using ep0 maxpacket: 16 [ 162.294615][ T1341] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 162.299892][ T1341] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 162.305191][ T1341] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 162.313161][ T1341] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 162.343582][ T1341] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 162.347843][ T1341] usb 6-1: SerialNumber: syz [ 162.530129][ T1341] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22 [ 162.646757][ T10] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 162.836525][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 162.841871][ T10] usb 7-1: unable to get BOS descriptor or descriptor too short [ 162.847260][ T10] usb 7-1: config 4 interface 0 has no altsetting 0 [ 162.854091][ T10] usb 7-1: string descriptor 0 read error: -22 [ 162.861837][ T10] usb 7-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 162.866168][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.912002][ T10] usb 7-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 162.918790][ T10] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 162.924025][ T10] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 162.930512][ T10] usb 7-1: media controller created [ 162.951759][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 163.240440][ T1341] IPVS: starting estimator thread 0... [ 163.356575][ T8344] IPVS: using max 41 ests per chain, 98400 per kthread [ 164.026811][ T10] zl10353_read_register: readreg error (reg=127, ret==0) [ 164.605459][ T6002] usb 6-1: USB disconnect, device number 5 [ 164.756748][ T5986] usb 5-1: USB disconnect, device number 7 [ 164.966144][ T8349] binder: 8348:8349 ioctl c0306201 80000500 returned -14 [ 164.985049][ T5986] usb 7-1: USB disconnect, device number 5 [ 165.012188][ T8363] comedi comedi3: pcmmio: I/O port conflict (0x4f27,32) [ 165.202631][ T8373] FAULT_INJECTION: forcing a failure. [ 165.202631][ T8373] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 165.211713][ T8373] CPU: 0 UID: 0 PID: 8373 Comm: syz.1.643 Not tainted syzkaller #0 PREEMPT(full) [ 165.211740][ T8373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 165.211751][ T8373] Call Trace: [ 165.211758][ T8373] [ 165.211766][ T8373] dump_stack_lvl+0x16c/0x1f0 [ 165.211827][ T8373] should_fail_ex+0x512/0x640 [ 165.211865][ T8373] _copy_from_user+0x2e/0xd0 [ 165.211893][ T8373] get_compat_msghdr+0xa7/0x170 [ 165.211921][ T8373] ? __pfx_get_compat_msghdr+0x10/0x10 [ 165.211955][ T8373] ___sys_sendmsg+0x1ae/0x1d0 [ 165.211985][ T8373] ? __pfx____sys_sendmsg+0x10/0x10 [ 165.212023][ T8373] ? find_held_lock+0x2b/0x80 [ 165.212059][ T8373] __sys_sendmsg+0x16d/0x220 [ 165.212086][ T8373] ? __pfx___sys_sendmsg+0x10/0x10 [ 165.212123][ T8373] ? rcu_is_watching+0x12/0xc0 [ 165.212147][ T8373] __do_fast_syscall_32+0x7c/0x300 [ 165.212167][ T8373] do_fast_syscall_32+0x32/0x80 [ 165.212184][ T8373] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 165.212206][ T8373] RIP: 0023:0xf7f12579 [ 165.212220][ T8373] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 165.212237][ T8373] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 165.212255][ T8373] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001b80 [ 165.212267][ T8373] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000 [ 165.212277][ T8373] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 165.212287][ T8373] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 165.212297][ T8373] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 165.212321][ T8373] [ 165.503118][ T8375] tmpfs: Unknown parameter 'mpol' [ 165.507646][ T8375] netlink: 8 bytes leftover after parsing attributes in process `syz.3.641'. [ 165.511310][ T8375] netlink: 48 bytes leftover after parsing attributes in process `syz.3.641'. [ 166.250400][ T40] audit: type=1326 audit(1759384935.578:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.646" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x7ffc0000 [ 166.260246][ T40] audit: type=1326 audit(1759384935.588:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.646" exe="/syz-executor" sig=0 arch=40000003 syscall=293 compat=1 ip=0xf701e579 code=0x7ffc0000 [ 166.270660][ T40] audit: type=1326 audit(1759384935.588:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.646" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x7ffc0000 [ 166.279798][ T40] audit: type=1326 audit(1759384935.588:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.646" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf701e579 code=0x7ffc0000 [ 166.288470][ T40] audit: type=1326 audit(1759384935.588:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.646" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x7ffc0000 [ 166.298503][ T40] audit: type=1326 audit(1759384935.608:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.646" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf701e579 code=0x7ffc0000 [ 166.306579][ T40] audit: type=1326 audit(1759384935.608:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.646" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x7ffc0000 [ 166.315690][ T40] audit: type=1326 audit(1759384935.608:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.646" exe="/syz-executor" sig=0 arch=40000003 syscall=55 compat=1 ip=0xf701e579 code=0x7ffc0000 [ 166.325674][ T40] audit: type=1326 audit(1759384935.608:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.0.646" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x7ffc0000 [ 166.457956][ T8392] FAULT_INJECTION: forcing a failure. [ 166.457956][ T8392] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 166.463077][ T8392] CPU: 0 UID: 0 PID: 8392 Comm: syz.3.648 Not tainted syzkaller #0 PREEMPT(full) [ 166.463103][ T8392] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 166.463114][ T8392] Call Trace: [ 166.463123][ T8392] [ 166.463132][ T8392] dump_stack_lvl+0x16c/0x1f0 [ 166.463165][ T8392] should_fail_ex+0x512/0x640 [ 166.463196][ T8392] _copy_from_user+0x2e/0xd0 [ 166.463225][ T8392] get_compat_sigset+0x21/0x50 [ 166.463247][ T8392] __ia32_compat_sys_signalfd+0xfa/0x1b0 [ 166.463268][ T8392] ? ksys_write+0x1ac/0x250 [ 166.463285][ T8392] ? __pfx___ia32_compat_sys_signalfd+0x10/0x10 [ 166.463309][ T8392] ? rcu_is_watching+0x12/0xc0 [ 166.463334][ T8392] __do_fast_syscall_32+0x7c/0x300 [ 166.463354][ T8392] do_fast_syscall_32+0x32/0x80 [ 166.463371][ T8392] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 166.463393][ T8392] RIP: 0023:0xf7fa7579 [ 166.463407][ T8392] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 166.463424][ T8392] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000141 [ 166.463442][ T8392] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002340 [ 166.463453][ T8392] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000 [ 166.463464][ T8392] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 166.463474][ T8392] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 166.463485][ T8392] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 166.463509][ T8392] [ 166.601284][ T8396] netlink: 4 bytes leftover after parsing attributes in process `syz.3.650'. [ 166.622743][ T8396] macvtap1: entered promiscuous mode [ 166.625062][ T8396] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode [ 166.631045][ T8396] mac80211_hwsim hwsim7 wlan1: left promiscuous mode [ 166.647483][ T8398] netlink: 'syz.1.651': attribute type 10 has an invalid length. [ 166.650204][ T8398] veth1_vlan: entered allmulticast mode [ 166.654575][ T8398] team0: Device veth1_vlan failed to register rx_handler [ 167.065541][ T1217] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.071193][ T1217] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20004 - 0 [ 167.074204][ T1217] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.077589][ T1217] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20004 - 0 [ 167.080753][ T1217] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.083940][ T1217] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20004 - 0 [ 167.088785][ T1217] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.092551][ T1217] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20004 - 0 [ 167.363891][ T6903] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 168.252355][ T8425] netlink: 32 bytes leftover after parsing attributes in process `syz.2.658'. [ 168.261049][ T8426] tmpfs: Unknown parameter 'mpol' [ 168.264056][ T8426] netlink: 8 bytes leftover after parsing attributes in process `syz.1.655'. [ 168.268906][ T8426] netlink: 48 bytes leftover after parsing attributes in process `syz.1.655'. [ 168.811736][ T8432] FAULT_INJECTION: forcing a failure. [ 168.811736][ T8432] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 168.817468][ T8432] CPU: 2 UID: 0 PID: 8432 Comm: syz.2.660 Not tainted syzkaller #0 PREEMPT(full) [ 168.817487][ T8432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 168.817495][ T8432] Call Trace: [ 168.817500][ T8432] [ 168.817505][ T8432] dump_stack_lvl+0x16c/0x1f0 [ 168.817534][ T8432] should_fail_ex+0x512/0x640 [ 168.817556][ T8432] should_fail_alloc_page+0xe7/0x130 [ 168.817572][ T8432] prepare_alloc_pages+0x3c2/0x610 [ 168.817590][ T8432] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 168.817603][ T8432] ? arch_stack_walk+0xa6/0x100 [ 168.817624][ T8432] ? stack_trace_save+0x8e/0xc0 [ 168.817639][ T8432] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 168.817651][ T8432] ? rcu_is_watching+0x12/0xc0 [ 168.817669][ T8432] ? kasan_save_track+0x14/0x30 [ 168.817680][ T8432] ? __kasan_slab_alloc+0x89/0x90 [ 168.817692][ T8432] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 168.817702][ T8432] ? __pmd_alloc+0xbf/0x930 [ 168.817717][ T8432] ? __handle_mm_fault+0xa06/0x2a50 [ 168.817733][ T8432] ? handle_mm_fault+0x589/0xd10 [ 168.817749][ T8432] ? do_user_addr_fault+0x7a6/0x1370 [ 168.817761][ T8432] ? exc_page_fault+0x5c/0xb0 [ 168.817777][ T8432] ? asm_exc_page_fault+0x26/0x30 [ 168.817788][ T8432] ? _copy_from_iter+0x37e/0x1720 [ 168.817806][ T8432] ? vhci_write+0x150/0x480 [ 168.817824][ T8432] ? vfs_write+0x7d0/0x11d0 [ 168.817835][ T8432] ? ksys_write+0x12a/0x250 [ 168.817844][ T8432] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 168.817859][ T8432] ? policy_nodemask+0xea/0x4e0 [ 168.817873][ T8432] alloc_pages_mpol+0x1fb/0x550 [ 168.817901][ T8432] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 168.817920][ T8432] alloc_pages_noprof+0x131/0x390 [ 168.817933][ T8432] pte_alloc_one+0x1c/0x3a0 [ 168.817948][ T8432] __pte_alloc+0x6d/0x3c0 [ 168.817962][ T8432] ? __pfx___pte_alloc+0x10/0x10 [ 168.817977][ T8432] ? do_raw_spin_lock+0x12c/0x2b0 [ 168.817990][ T8432] do_pte_missing+0x285a/0x3ba0 [ 168.818008][ T8432] ? do_raw_spin_unlock+0x172/0x230 [ 168.818020][ T8432] ? _raw_spin_unlock+0x28/0x50 [ 168.818037][ T8432] ? __pmd_alloc+0x3fb/0x930 [ 168.818053][ T8432] __handle_mm_fault+0x152a/0x2a50 [ 168.818073][ T8432] ? mt_find+0x3ef/0xa30 [ 168.818087][ T8432] ? __pfx___handle_mm_fault+0x10/0x10 [ 168.818103][ T8432] ? __pfx_mt_find+0x10/0x10 [ 168.818124][ T8432] ? find_vma+0xbf/0x140 [ 168.818137][ T8432] ? __pfx_find_vma+0x10/0x10 [ 168.818151][ T8432] handle_mm_fault+0x589/0xd10 [ 168.818170][ T8432] ? __pkru_allows_pkey+0x31/0xb0 [ 168.818183][ T8432] do_user_addr_fault+0x7a6/0x1370 [ 168.818197][ T8432] ? rcu_is_watching+0x12/0xc0 [ 168.818212][ T8432] exc_page_fault+0x5c/0xb0 [ 168.818230][ T8432] asm_exc_page_fault+0x26/0x30 [ 168.818241][ T8432] RIP: 0010:_copy_from_iter+0x37e/0x1720 [ 168.818260][ T8432] Code: fd 4d 85 f6 0f 85 52 ff ff ff e8 ed ae 20 fd 4c 8b 74 24 18 89 de 4c 89 f7 e8 1e 3a 87 fd 0f 01 cb 48 89 d9 4c 89 f7 48 89 ee a4 0f 1f 00 48 89 cd 0f 01 ca 49 89 df 49 29 cf e9 22 ff ff ff [ 168.818272][ T8432] RSP: 0018:ffffc9000e8dfba8 EFLAGS: 00050246 [ 168.818282][ T8432] RAX: 0000000000000001 RBX: 0000000000000004 RCX: 0000000000000004 [ 168.818289][ T8432] RDX: ffffed1004f8286a RSI: 00000000800002c0 RDI: ffff888027c14348 [ 168.818297][ T8432] RBP: 00000000800002c0 R08: 0000000000000001 R09: ffffed1004f82869 [ 168.818304][ T8432] R10: ffff888027c1434b R11: 0000000000000000 R12: ffffc9000e8dfd88 [ 168.818311][ T8432] R13: 00000000800002c4 R14: ffff888027c14348 R15: 00007ffffffff000 [ 168.818326][ T8432] ? _copy_from_iter+0x372/0x1720 [ 168.818346][ T8432] ? __build_skb_around+0x278/0x3b0 [ 168.818363][ T8432] ? __pfx__copy_from_iter+0x10/0x10 [ 168.818382][ T8432] ? __pfx___alloc_skb+0x10/0x10 [ 168.818402][ T8432] ? common_file_perm+0x1a9/0x340 [ 168.818419][ T8432] vhci_write+0x150/0x480 [ 168.818438][ T8432] vfs_write+0x7d0/0x11d0 [ 168.818450][ T8432] ? __pfx_vhci_write+0x10/0x10 [ 168.818469][ T8432] ? __pfx_vfs_write+0x10/0x10 [ 168.818478][ T8432] ? find_held_lock+0x2b/0x80 [ 168.818501][ T8432] ksys_write+0x12a/0x250 [ 168.818511][ T8432] ? __pfx_ksys_write+0x10/0x10 [ 168.818524][ T8432] ? rcu_is_watching+0x12/0xc0 [ 168.818544][ T8432] __do_fast_syscall_32+0x7c/0x300 [ 168.818556][ T8432] do_fast_syscall_32+0x32/0x80 [ 168.818566][ T8432] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 168.818580][ T8432] RIP: 0023:0xf7fa8579 [ 168.818588][ T8432] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 168.818599][ T8432] RSP: 002b:00000000f5496520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 168.818608][ T8432] RAX: ffffffffffffffda RBX: 00000000000000ca RCX: 00000000800002c0 [ 168.818615][ T8432] RDX: 0000000000000004 RSI: 00000000f7435ff4 RDI: 0000000000000000 [ 168.818621][ T8432] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 168.818628][ T8432] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 168.818634][ T8432] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 168.818647][ T8432] [ 169.952005][ T61] libceph: connect (1)[c::]:6789 error -101 [ 169.954420][ T61] libceph: mon0 (1)[c::]:6789 connect error [ 170.352722][ T61] libceph: connect (1)[c::]:6789 error -101 [ 170.355502][ T61] libceph: mon0 (1)[c::]:6789 connect error [ 170.371801][ T40] kauditd_printk_skb: 21 callbacks suppressed [ 170.371813][ T40] audit: type=1804 audit(1759384939.698:906): pid=8477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.672" name="/newroot/161/file1" dev="fuse" ino=1 res=1 errno=0 [ 170.381554][ T40] audit: type=1800 audit(1759384939.698:907): pid=8477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.672" name="/" dev="fuse" ino=1 res=0 errno=0 [ 170.391159][ T40] audit: type=1800 audit(1759384939.698:908): pid=8473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.672" name="/" dev="fuse" ino=1 res=0 errno=0 [ 170.457292][ T8462] ceph: No mds server is up or the cluster is laggy [ 171.385948][ T6068] libceph: connect (1)[c::]:6789 error -101 [ 171.388868][ T6068] libceph: mon0 (1)[c::]:6789 connect error [ 171.631751][ T8511] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 171.648648][ T6068] libceph: connect (1)[c::]:6789 error -101 [ 171.650795][ T6068] libceph: mon0 (1)[c::]:6789 connect error [ 172.145087][ T8522] netlink: 56 bytes leftover after parsing attributes in process `syz.1.685'. [ 172.157001][ T6068] libceph: connect (1)[c::]:6789 error -101 [ 172.160897][ T6068] libceph: mon0 (1)[c::]:6789 connect error [ 172.208947][ T8503] ceph: No mds server is up or the cluster is laggy [ 172.220318][ T8525] vxcan5: entered promiscuous mode [ 172.223909][ T8525] vxcan5: entered allmulticast mode [ 172.398253][ T8534] netlink: 'syz.3.684': attribute type 1 has an invalid length. [ 172.856127][ T8548] netlink: 20 bytes leftover after parsing attributes in process `syz.2.690'. [ 172.861173][ T8548] netlink: 'syz.2.690': attribute type 1 has an invalid length. [ 172.863670][ T8548] netlink: 4 bytes leftover after parsing attributes in process `syz.2.690'. [ 173.371348][ T8560] tmpfs: Unknown parameter 'mpol' [ 173.376072][ T8560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.692'. [ 173.384421][ T8560] netlink: 48 bytes leftover after parsing attributes in process `syz.3.692'. [ 173.909215][ T8565] netlink: 32 bytes leftover after parsing attributes in process `syz.2.695'. [ 173.930775][ T8565] syz.2.695 (8565) used greatest stack depth: 18472 bytes left [ 174.609803][ T8579] netlink: 8 bytes leftover after parsing attributes in process `syz.2.698'. [ 174.614025][ T8579] netlink: 48 bytes leftover after parsing attributes in process `syz.2.698'. [ 174.928939][ T8578] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 174.931596][ T8578] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 174.936007][ T8578] vhci_hcd vhci_hcd.0: Device attached [ 174.955709][ T8578] IPVS: Error connecting to the multicast addr [ 174.964053][ T8578] loop6: detected capacity change from 0 to 524279808 [ 175.032847][ T8584] vhci_hcd: connection closed [ 175.034222][ T6900] vhci_hcd: stop threads [ 175.038758][ T6900] vhci_hcd: release socket [ 175.041060][ T6900] vhci_hcd: disconnect device [ 175.162459][ T8596] Illegal XDP return value 4294967274 on prog (id 160) dev N/A, expect packet loss! [ 175.246500][ T6068] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 175.398256][ T6068] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 175.401111][ T6068] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 175.406629][ T6068] usb 5-1: config 0 interface 0 has no altsetting 0 [ 175.414002][ T6068] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 175.419999][ T6068] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 175.426583][ T6068] usb 5-1: Product: syz [ 175.429197][ T6068] usb 5-1: Manufacturer: syz [ 175.431082][ T6068] usb 5-1: SerialNumber: syz [ 175.435043][ T6068] usb 5-1: config 0 descriptor?? [ 175.440253][ T6068] hub 5-1:0.0: bad descriptor, ignoring hub [ 175.442814][ T6068] hub 5-1:0.0: probe with driver hub failed with error -5 [ 175.447109][ T6068] usb 5-1: selecting invalid altsetting 0 [ 175.466646][ T5956] Bluetooth: hci1: command 0x0406 tx timeout [ 176.954496][ T8623] FAULT_INJECTION: forcing a failure. [ 176.954496][ T8623] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.959468][ T8623] CPU: 2 UID: 0 PID: 8623 Comm: syz.1.710 Not tainted syzkaller #0 PREEMPT(full) [ 176.959483][ T8623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 176.959490][ T8623] Call Trace: [ 176.959494][ T8623] [ 176.959499][ T8623] dump_stack_lvl+0x16c/0x1f0 [ 176.959527][ T8623] should_fail_ex+0x512/0x640 [ 176.959546][ T8623] ? __pfx_binder_ioctl+0x10/0x10 [ 176.959561][ T8623] _copy_to_user+0x32/0xd0 [ 176.959572][ T8623] ? __pfx_binder_ioctl+0x10/0x10 [ 176.959584][ T8623] binder_ioctl+0x24f6/0x71f0 [ 176.959601][ T8623] ? tomoyo_path_number_perm+0x295/0x580 [ 176.959617][ T8623] ? tomoyo_path_number_perm+0x18d/0x580 [ 176.959629][ T8623] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 176.959641][ T8623] ? __pfx_binder_ioctl+0x10/0x10 [ 176.959657][ T8623] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 176.959670][ T8623] ? do_vfs_ioctl+0x128/0x14f0 [ 176.959686][ T8623] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 176.959704][ T8623] ? find_held_lock+0x2b/0x80 [ 176.959716][ T8623] ? hook_file_ioctl_common+0x145/0x410 [ 176.959732][ T8623] ? __fget_files+0x20e/0x3c0 [ 176.959750][ T8623] ? __pfx_binder_ioctl+0x10/0x10 [ 176.959763][ T8623] compat_ptr_ioctl+0x6e/0xa0 [ 176.959776][ T8623] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 176.959790][ T8623] __ia32_compat_sys_ioctl+0x242/0x370 [ 176.959806][ T8623] __do_fast_syscall_32+0x7c/0x300 [ 176.959818][ T8623] do_fast_syscall_32+0x32/0x80 [ 176.959829][ T8623] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 176.959843][ T8623] RIP: 0023:0xf7f12579 [ 176.959851][ T8623] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 176.959863][ T8623] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 176.959873][ T8623] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201 [ 176.959880][ T8623] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 176.959887][ T8623] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 176.959893][ T8623] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 176.959899][ T8623] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 176.959912][ T8623] [ 176.959917][ T8623] binder: 8622:8623 ioctl c0306201 800001c0 returned -14 [ 177.089084][ T8625] tipc: Cannot configure node identity twice [ 177.179479][ T8632] netlink: 4 bytes leftover after parsing attributes in process `syz.1.713'. [ 177.622139][ T8643] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 177.788398][ T8647] netlink: 'syz.3.719': attribute type 1 has an invalid length. [ 177.792214][ T8647] netlink: 188 bytes leftover after parsing attributes in process `syz.3.719'. [ 178.163001][ T8654] netlink: 'syz.3.722': attribute type 1 has an invalid length. [ 178.167247][ T8654] netlink: 224 bytes leftover after parsing attributes in process `syz.3.722'. [ 178.302272][ T6906] tipc: Subscription rejected, illegal request [ 178.308093][ T8659] netlink: 'syz.3.723': attribute type 2 has an invalid length. [ 178.325838][ T8661] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.725'. [ 178.482368][ T40] audit: type=1804 audit(1759384947.808:909): pid=8670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.726" name="/newroot/182/file0" dev="tmpfs" ino=988 res=1 errno=0 [ 178.588444][ T61] usb 5-1: USB disconnect, device number 8 [ 178.656321][ T8676] netlink: 'syz.3.728': attribute type 1 has an invalid length. [ 178.686468][ T8676] netlink: 188 bytes leftover after parsing attributes in process `syz.3.728'. [ 178.822817][ T8683] FAULT_INJECTION: forcing a failure. [ 178.822817][ T8683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 178.846449][ T8683] CPU: 3 UID: 0 PID: 8683 Comm: syz.3.731 Not tainted syzkaller #0 PREEMPT(full) [ 178.846471][ T8683] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 178.846479][ T8683] Call Trace: [ 178.846483][ T8683] [ 178.846489][ T8683] dump_stack_lvl+0x16c/0x1f0 [ 178.846527][ T8683] should_fail_ex+0x512/0x640 [ 178.846551][ T8683] _copy_from_user+0x2e/0xd0 [ 178.846573][ T8683] get_compat_msghdr+0xa7/0x170 [ 178.846592][ T8683] ? __pfx_get_compat_msghdr+0x10/0x10 [ 178.846610][ T8683] ? __pfx__kstrtoull+0x10/0x10 [ 178.846626][ T8683] ___sys_sendmsg+0x1ae/0x1d0 [ 178.846647][ T8683] ? __pfx____sys_sendmsg+0x10/0x10 [ 178.846678][ T8683] ? __pfx___might_resched+0x10/0x10 [ 178.846696][ T8683] __sys_sendmmsg+0x2f9/0x420 [ 178.846715][ T8683] ? __pfx___sys_sendmmsg+0x10/0x10 [ 178.846737][ T8683] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 178.846790][ T8683] ? fput+0x9b/0xd0 [ 178.846806][ T8683] ? ksys_write+0x1ac/0x250 [ 178.846816][ T8683] ? __pfx_ksys_write+0x10/0x10 [ 178.846829][ T8683] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 178.846847][ T8683] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 178.846868][ T8683] __do_fast_syscall_32+0x7c/0x300 [ 178.846880][ T8683] do_fast_syscall_32+0x32/0x80 [ 178.846890][ T8683] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 178.846905][ T8683] RIP: 0023:0xf7fa7579 [ 178.846915][ T8683] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 178.846927][ T8683] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 178.846938][ T8683] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080002d80 [ 178.846945][ T8683] RDX: 0000000000000002 RSI: 0000000040008004 RDI: 0000000000000000 [ 178.846952][ T8683] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 178.846959][ T8683] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 178.846966][ T8683] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 178.846980][ T8683] [ 178.916156][ C3] vkms_vblank_simulate: vblank timer overrun [ 179.223362][ T8692] netlink: 56 bytes leftover after parsing attributes in process `syz.3.733'. [ 179.224702][ T40] audit: type=1326 audit(1759384948.548:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8691 comm="syz.3.733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 179.235350][ T40] audit: type=1326 audit(1759384948.548:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8691 comm="syz.3.733" exe="/syz-executor" sig=0 arch=40000003 syscall=323 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 179.245816][ T40] audit: type=1326 audit(1759384948.548:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8691 comm="syz.3.733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 179.255442][ T40] audit: type=1326 audit(1759384948.548:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8691 comm="syz.3.733" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 179.266073][ T40] audit: type=1326 audit(1759384948.558:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8691 comm="syz.3.733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 179.275130][ T40] audit: type=1326 audit(1759384948.558:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8691 comm="syz.3.733" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 179.282526][ T40] audit: type=1326 audit(1759384948.558:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8691 comm="syz.3.733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 179.291246][ T40] audit: type=1326 audit(1759384948.558:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8691 comm="syz.3.733" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 179.300029][ T40] audit: type=1326 audit(1759384948.558:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8691 comm="syz.3.733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 179.441272][ T8700] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 179.445361][ T8700] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 179.525262][ T8706] comedi comedi0: aio_aio12_8: I/O port conflict (0x3,32) [ 179.528194][ T8700] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 179.532124][ T8700] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 179.648753][ T8700] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 179.652760][ T8700] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 179.734379][ T8700] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 179.738667][ T8700] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 179.776566][ T5986] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 179.796979][ T8711] netlink: 8 bytes leftover after parsing attributes in process `syz.0.739'. [ 179.799920][ T8711] netlink: 48 bytes leftover after parsing attributes in process `syz.0.739'. [ 179.830457][ T1136] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 256 - 0 [ 179.843200][ T1136] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 179.856303][ T1136] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 256 - 0 [ 179.859979][ T1136] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 179.872726][ T1136] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 256 - 0 [ 179.876279][ T1136] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 179.888372][ T6900] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 256 - 0 [ 179.891304][ T6900] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 179.929246][ T5986] usb 7-1: config index 0 descriptor too short (expected 39, got 27) [ 179.932547][ T5986] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 179.939791][ T5986] usb 7-1: config 0 interface 0 has no altsetting 0 [ 179.945773][ T5986] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 179.952082][ T5986] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 179.955606][ T5986] usb 7-1: Product: syz [ 179.959021][ T5986] usb 7-1: Manufacturer: syz [ 179.962784][ T5986] usb 7-1: SerialNumber: syz [ 179.976179][ T5986] usb 7-1: config 0 descriptor?? [ 179.980915][ T5986] hub 7-1:0.0: bad descriptor, ignoring hub [ 179.983637][ T5986] hub 7-1:0.0: probe with driver hub failed with error -5 [ 179.990149][ T5986] usb 7-1: selecting invalid altsetting 0 [ 180.547901][ T8717] FAULT_INJECTION: forcing a failure. [ 180.547901][ T8717] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 180.552371][ T8717] CPU: 1 UID: 0 PID: 8717 Comm: syz.3.741 Not tainted syzkaller #0 PREEMPT(full) [ 180.552390][ T8717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 180.552399][ T8717] Call Trace: [ 180.552405][ T8717] [ 180.552410][ T8717] dump_stack_lvl+0x16c/0x1f0 [ 180.552437][ T8717] should_fail_ex+0x512/0x640 [ 180.552462][ T8717] should_fail_alloc_page+0xe7/0x130 [ 180.552480][ T8717] prepare_alloc_pages+0x3c2/0x610 [ 180.552497][ T8717] ? rcu_is_watching+0x12/0xc0 [ 180.552515][ T8717] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 180.552530][ T8717] ? stack_trace_save+0x8e/0xc0 [ 180.552547][ T8717] ? __pfx_stack_trace_save+0x10/0x10 [ 180.552562][ T8717] ? __pfx_stack_trace_save+0x10/0x10 [ 180.552579][ T8717] ? stack_depot_save_flags+0x29/0x9c0 [ 180.552599][ T8717] ? stack_depot_save_flags+0x29/0x9c0 [ 180.552620][ T8717] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 180.552640][ T8717] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 180.552652][ T8717] ? __kasan_kmalloc+0xaa/0xb0 [ 180.552664][ T8717] ? rds_cong_get_maps+0x21/0xe0 [ 180.552681][ T8717] ? rds_conn_create_outgoing+0x44/0x60 [ 180.552699][ T8717] ? rds_sendmsg+0xe37/0x31f0 [ 180.552711][ T8717] ? ____sys_sendmsg+0xa98/0xc70 [ 180.552726][ T8717] ? ___sys_sendmsg+0x134/0x1d0 [ 180.552745][ T8717] ? __sys_sendmsg+0x16d/0x220 [ 180.552763][ T8717] ? __do_fast_syscall_32+0x7c/0x300 [ 180.552776][ T8717] ? do_fast_syscall_32+0x32/0x80 [ 180.552794][ T8717] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 180.552809][ T8717] ? policy_nodemask+0xea/0x4e0 [ 180.552825][ T8717] alloc_pages_mpol+0x1fb/0x550 [ 180.552841][ T8717] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 180.552857][ T8717] ? lockdep_init_map_type+0x5c/0x280 [ 180.552879][ T8717] alloc_pages_noprof+0x131/0x390 [ 180.552894][ T8717] get_zeroed_page_noprof+0x18/0xb0 [ 180.552910][ T8717] rds_cong_from_addr+0x1ad/0x540 [ 180.552930][ T8717] rds_cong_get_maps+0x21/0xe0 [ 180.552945][ T8717] ? __ipv6_addr_type+0x225/0x300 [ 180.552965][ T8717] __rds_conn_create+0xaca/0x2340 [ 180.552990][ T8717] ? __pfx___rds_conn_create+0x10/0x10 [ 180.553011][ T8717] ? lockdep_init_map_type+0x5c/0x280 [ 180.553033][ T8717] rds_conn_create_outgoing+0x44/0x60 [ 180.553054][ T8717] rds_sendmsg+0xe37/0x31f0 [ 180.553075][ T8717] ? __pfx_rds_sendmsg+0x10/0x10 [ 180.553089][ T8717] ? aa_sk_perm+0x2f4/0xb10 [ 180.553106][ T8717] ? __pfx_aa_sk_perm+0x10/0x10 [ 180.553119][ T8717] ? find_held_lock+0x2b/0x80 [ 180.553137][ T8717] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 180.553160][ T8717] ? ____sys_sendmsg+0xa98/0xc70 [ 180.553174][ T8717] ____sys_sendmsg+0xa98/0xc70 [ 180.553191][ T8717] ? __pfx_____sys_sendmsg+0x10/0x10 [ 180.553211][ T8717] ? get_compat_msghdr+0x11a/0x170 [ 180.553239][ T8717] ___sys_sendmsg+0x134/0x1d0 [ 180.553260][ T8717] ? __pfx____sys_sendmsg+0x10/0x10 [ 180.553289][ T8717] ? find_held_lock+0x2b/0x80 [ 180.553313][ T8717] __sys_sendmsg+0x16d/0x220 [ 180.553334][ T8717] ? __pfx___sys_sendmsg+0x10/0x10 [ 180.553361][ T8717] ? rcu_is_watching+0x12/0xc0 [ 180.553378][ T8717] __do_fast_syscall_32+0x7c/0x300 [ 180.553392][ T8717] do_fast_syscall_32+0x32/0x80 [ 180.553405][ T8717] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 180.553422][ T8717] RIP: 0023:0xf7fa7579 [ 180.553432][ T8717] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 180.553446][ T8717] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 180.553460][ T8717] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000080 [ 180.553468][ T8717] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 180.553475][ T8717] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 180.553483][ T8717] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 180.553490][ T8717] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 180.553506][ T8717] [ 180.761127][ T8725] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.743'. [ 180.822152][ T8728] FAULT_INJECTION: forcing a failure. [ 180.822152][ T8728] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 180.827432][ T8728] CPU: 3 UID: 0 PID: 8728 Comm: syz.0.744 Not tainted syzkaller #0 PREEMPT(full) [ 180.827464][ T8728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 180.827473][ T8728] Call Trace: [ 180.827479][ T8728] [ 180.827486][ T8728] dump_stack_lvl+0x16c/0x1f0 [ 180.827515][ T8728] should_fail_ex+0x512/0x640 [ 180.827541][ T8728] _copy_from_user+0x2e/0xd0 [ 180.827566][ T8728] do_devconfig_ioctl+0x11c/0x710 [ 180.827584][ T8728] ? __mutex_lock+0x1c5/0x1060 [ 180.827600][ T8728] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 180.827627][ T8728] ? kasan_save_stack+0x42/0x60 [ 180.827642][ T8728] ? kasan_save_stack+0x33/0x60 [ 180.827654][ T8728] ? kasan_save_track+0x14/0x30 [ 180.827666][ T8728] ? kasan_save_free_info+0x3b/0x60 [ 180.827685][ T8728] ? __kasan_slab_free+0x60/0x70 [ 180.827699][ T8728] ? kfree+0x2b4/0x4d0 [ 180.827718][ T8728] ? tomoyo_path_number_perm+0x470/0x580 [ 180.827738][ T8728] comedi_unlocked_ioctl+0x165d/0x2f00 [ 180.827766][ T8728] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 180.827800][ T8728] ? kasan_quarantine_put+0x10a/0x240 [ 180.827822][ T8728] ? lockdep_hardirqs_on+0x7c/0x110 [ 180.827847][ T8728] ? find_held_lock+0x2b/0x80 [ 180.827864][ T8728] ? tomoyo_path_number_perm+0x295/0x580 [ 180.827883][ T8728] ? tomoyo_path_number_perm+0x18d/0x580 [ 180.827900][ T8728] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 180.827919][ T8728] comedi_compat_ioctl+0x1d0/0x990 [ 180.827939][ T8728] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 180.827960][ T8728] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 180.827977][ T8728] ? do_vfs_ioctl+0x128/0x14f0 [ 180.827998][ T8728] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 180.828024][ T8728] ? find_held_lock+0x2b/0x80 [ 180.828040][ T8728] ? hook_file_ioctl_common+0x145/0x410 [ 180.828062][ T8728] ? __fget_files+0x20e/0x3c0 [ 180.828088][ T8728] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 180.828109][ T8728] __ia32_compat_sys_ioctl+0x242/0x370 [ 180.828132][ T8728] __do_fast_syscall_32+0x7c/0x300 [ 180.828149][ T8728] do_fast_syscall_32+0x32/0x80 [ 180.828163][ T8728] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 180.828181][ T8728] RIP: 0023:0xf701e579 [ 180.828194][ T8728] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 180.828209][ T8728] RSP: 002b:00000000f540e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 180.828224][ T8728] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400 [ 180.828233][ T8728] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 180.828242][ T8728] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 180.828275][ T8728] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 180.828284][ T8728] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 180.828307][ T8728] [ 180.933778][ C3] vkms_vblank_simulate: vblank timer overrun [ 180.964259][ T8730] FAULT_INJECTION: forcing a failure. [ 180.964259][ T8730] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 180.968421][ T8730] CPU: 3 UID: 0 PID: 8730 Comm: syz.0.745 Not tainted syzkaller #0 PREEMPT(full) [ 180.968437][ T8730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 180.968445][ T8730] Call Trace: [ 180.968449][ T8730] [ 180.968455][ T8730] dump_stack_lvl+0x16c/0x1f0 [ 180.968478][ T8730] should_fail_ex+0x512/0x640 [ 180.968498][ T8730] _copy_to_user+0x32/0xd0 [ 180.968511][ T8730] simple_read_from_buffer+0xcb/0x170 [ 180.968529][ T8730] proc_fail_nth_read+0x197/0x240 [ 180.968548][ T8730] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 180.968566][ T8730] ? rw_verify_area+0xcf/0x6c0 [ 180.968583][ T8730] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 180.968600][ T8730] vfs_read+0x1e4/0xcf0 [ 180.968613][ T8730] ? __pfx_vfs_read+0x10/0x10 [ 180.968622][ T8730] ? find_held_lock+0x2b/0x80 [ 180.968639][ T8730] ? __fget_files+0x20e/0x3c0 [ 180.968661][ T8730] ksys_read+0x12a/0x250 [ 180.968671][ T8730] ? __pfx_ksys_read+0x10/0x10 [ 180.968681][ T8730] ? fput+0x9b/0xd0 [ 180.968694][ T8730] ? rcu_is_watching+0x12/0xc0 [ 180.968709][ T8730] __do_fast_syscall_32+0x7c/0x300 [ 180.968722][ T8730] do_fast_syscall_32+0x32/0x80 [ 180.968732][ T8730] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 180.968747][ T8730] RIP: 0023:0xf701e579 [ 180.968756][ T8730] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 180.968768][ T8730] RSP: 002b:00000000f540e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 180.968790][ T8730] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f540e620 [ 180.968797][ T8730] RDX: 000000000000000f RSI: 00000000f73b5ff4 RDI: 0000000000000000 [ 180.968804][ T8730] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 180.968810][ T8730] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 180.968816][ T8730] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 180.968830][ T8730] [ 181.036965][ C3] vkms_vblank_simulate: vblank timer overrun [ 181.067875][ T8732] netlink: 7 bytes leftover after parsing attributes in process `syz.0.746'. [ 181.356677][ T5986] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 181.518156][ T5986] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 181.527922][ T5986] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 181.530748][ T5986] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.533197][ T5986] usb 5-1: Product: syz [ 181.544868][ T5986] usb 5-1: Manufacturer: syz [ 181.546424][ T5986] usb 5-1: SerialNumber: syz [ 181.549014][ T5986] usb 5-1: config 0 descriptor?? [ 181.738038][ T8739] netlink: 'syz.1.748': attribute type 1 has an invalid length. [ 181.836263][ T8746] FAULT_INJECTION: forcing a failure. [ 181.836263][ T8746] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 181.840460][ T8746] CPU: 0 UID: 0 PID: 8746 Comm: syz.1.750 Not tainted syzkaller #0 PREEMPT(full) [ 181.840475][ T8746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 181.840482][ T8746] Call Trace: [ 181.840487][ T8746] [ 181.840491][ T8746] dump_stack_lvl+0x16c/0x1f0 [ 181.840513][ T8746] should_fail_ex+0x512/0x640 [ 181.840533][ T8746] _copy_from_user+0x2e/0xd0 [ 181.840551][ T8746] get_compat_msghdr+0xa7/0x170 [ 181.840568][ T8746] ? __pfx_get_compat_msghdr+0x10/0x10 [ 181.840586][ T8746] ? __lock_acquire+0x62e/0x1ce0 [ 181.840605][ T8746] ___sys_recvmsg+0x191/0x1a0 [ 181.840623][ T8746] ? __pfx____sys_recvmsg+0x10/0x10 [ 181.840651][ T8746] do_recvmmsg+0x55d/0x750 [ 181.840670][ T8746] ? __pfx_do_recvmmsg+0x10/0x10 [ 181.840690][ T8746] ? __pfx_get_signal+0x10/0x10 [ 181.840710][ T8746] ? arch_do_signal_or_restart+0x211/0x790 [ 181.840726][ T8746] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 181.840743][ T8746] __sys_recvmmsg+0x21c/0x280 [ 181.840754][ T8746] ? __pfx___sys_recvmmsg+0x10/0x10 [ 181.840768][ T8746] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 181.840786][ T8746] ? do_int80_emulation+0xd4/0x3e0 [ 181.840797][ T8746] ? lockdep_hardirqs_on+0x7c/0x110 [ 181.840813][ T8746] do_int80_emulation+0x104/0x3e0 [ 181.840825][ T8746] asm_int80_emulation+0x1a/0x20 [ 181.840835][ T8746] RIP: 0023:0xf7f12579 [ 181.840844][ T8746] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 181.840855][ T8746] RSP: 002b:00000000f53e555c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 181.840866][ T8746] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000800045c0 [ 181.840872][ T8746] RDX: 0000000000000001 RSI: 0000000000010000 RDI: 0000000000000000 [ 181.840879][ T8746] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 181.840885][ T8746] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 181.840891][ T8746] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 181.840904][ T8746] [ 181.927955][ T6903] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 181.931296][ T6903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.942228][ T5963] Bluetooth: hci3: unexpected event for opcode 0x1004 [ 182.408316][ T61] usb 5-1: USB disconnect, device number 9 [ 182.505205][ T8762] __nla_validate_parse: 2 callbacks suppressed [ 182.505224][ T8762] netlink: 96 bytes leftover after parsing attributes in process `syz.3.754'. [ 182.511515][ T8762] netlink: 96 bytes leftover after parsing attributes in process `syz.3.754'. [ 182.610112][ T8768] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.758'. [ 182.634843][ T8770] netlink: 'syz.3.759': attribute type 1 has an invalid length. [ 182.638140][ T8770] netlink: 188 bytes leftover after parsing attributes in process `syz.3.759'. [ 182.646646][ T1341] usb 7-1: USB disconnect, device number 6 [ 182.734575][ T8772] support for cryptoloop has been removed. Use dm-crypt instead. [ 183.006347][ T8784] overlayfs: missing 'lowerdir' [ 183.374386][ T8786] can0: slcan on ptm0. [ 183.553453][ T5963] Bluetooth: hci3: unexpected event for opcode 0x1004 [ 183.804980][ T8806] netlink: 8 bytes leftover after parsing attributes in process `syz.3.769'. [ 183.906595][ T6068] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 183.958766][ T8783] can0 (unregistered): slcan off ptm0. [ 184.010458][ T8824] netlink: 'syz.0.772': attribute type 1 has an invalid length. [ 184.013608][ T8824] netlink: 132 bytes leftover after parsing attributes in process `syz.0.772'. [ 184.019244][ T8824] netlink: 'syz.0.772': attribute type 2 has an invalid length. [ 184.022727][ T8824] netlink: 'syz.0.772': attribute type 1 has an invalid length. [ 184.029954][ T8824] netlink: 2 bytes leftover after parsing attributes in process `syz.0.772'. [ 184.056829][ T6068] usb 6-1: device descriptor read/64, error -71 [ 184.079503][ T8829] fuse: Bad value for 'group_id' [ 184.081774][ T8829] fuse: Bad value for 'group_id' [ 184.316474][ T6068] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 184.956482][ T6068] usb 6-1: device descriptor read/64, error -71 [ 185.227276][ T6068] usb usb6-port1: attempt power cycle [ 185.586627][ T6068] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 185.608263][ T6068] usb 6-1: device descriptor read/8, error -71 [ 185.846477][ T6068] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 185.867784][ T6068] usb 6-1: device descriptor read/8, error -71 [ 185.947719][ T5963] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 185.951831][ T5963] Bluetooth: hci3: Injecting HCI hardware error event [ 185.955995][ T5956] Bluetooth: hci3: hardware error 0x00 [ 185.976749][ T6068] usb usb6-port1: unable to enumerate USB device [ 186.164308][ T8869] lo speed is unknown, defaulting to 1000 [ 186.167508][ T8869] lo speed is unknown, defaulting to 1000 [ 186.172721][ T8869] lo speed is unknown, defaulting to 1000 [ 186.180467][ T8869] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 186.191478][ T8869] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 186.215827][ T8869] lo speed is unknown, defaulting to 1000 [ 186.219558][ T8869] lo speed is unknown, defaulting to 1000 [ 186.224357][ T8869] lo speed is unknown, defaulting to 1000 [ 186.228626][ T8869] lo speed is unknown, defaulting to 1000 [ 186.257021][ T5963] Bluetooth: hci3: unexpected event for opcode 0x1004 [ 186.416269][ T8878] fuse: Unknown parameter 'groupeeªm' [ 186.575291][ T8880] FAULT_INJECTION: forcing a failure. [ 186.575291][ T8880] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 186.580670][ T8880] CPU: 3 UID: 0 PID: 8880 Comm: syz.3.792 Not tainted syzkaller #0 PREEMPT(full) [ 186.580689][ T8880] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 186.580696][ T8880] Call Trace: [ 186.580701][ T8880] [ 186.580706][ T8880] dump_stack_lvl+0x16c/0x1f0 [ 186.580753][ T8880] should_fail_ex+0x512/0x640 [ 186.580783][ T8880] _copy_to_user+0x32/0xd0 [ 186.580796][ T8880] simple_read_from_buffer+0xcb/0x170 [ 186.580816][ T8880] proc_fail_nth_read+0x197/0x240 [ 186.580837][ T8880] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 186.580858][ T8880] ? rw_verify_area+0xcf/0x6c0 [ 186.580876][ T8880] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 186.580895][ T8880] vfs_read+0x1e4/0xcf0 [ 186.580910][ T8880] ? __pfx_vfs_read+0x10/0x10 [ 186.580920][ T8880] ? find_held_lock+0x2b/0x80 [ 186.580938][ T8880] ? __fget_files+0x20e/0x3c0 [ 186.580962][ T8880] ksys_read+0x12a/0x250 [ 186.580973][ T8880] ? __pfx_ksys_read+0x10/0x10 [ 186.580984][ T8880] ? fput+0x9b/0xd0 [ 186.580998][ T8880] ? rcu_is_watching+0x12/0xc0 [ 186.581015][ T8880] __do_fast_syscall_32+0x7c/0x300 [ 186.581028][ T8880] do_fast_syscall_32+0x32/0x80 [ 186.581040][ T8880] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 186.581056][ T8880] RIP: 0023:0xf7fa7579 [ 186.581076][ T8880] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 186.581088][ T8880] RSP: 002b:00000000f5496590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 186.581101][ T8880] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f5496620 [ 186.581109][ T8880] RDX: 000000000000000f RSI: 00000000f7435ff4 RDI: 0000000000000000 [ 186.581116][ T8880] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 186.581123][ T8880] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 186.581130][ T8880] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 186.581145][ T8880] [ 186.749480][ T8896] sp0: Synchronizing with TNC [ 186.845648][ T5963] Bluetooth: hci3: unexpected event for opcode 0x1004 [ 186.976484][ T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 187.146653][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 187.159783][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 187.172361][ T9] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 187.177151][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.180634][ T9] usb 5-1: Product: syz [ 187.182863][ T9] usb 5-1: Manufacturer: syz [ 187.184792][ T9] usb 5-1: SerialNumber: syz [ 187.199606][ T9] usb 5-1: config 0 descriptor?? [ 187.225348][ T9] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 187.229659][ T9] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 187.610500][ T8894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.614234][ T8894] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.764933][ T8907] netlink: 'syz.3.802': attribute type 1 has an invalid length. [ 187.768346][ T8907] netlink: 188 bytes leftover after parsing attributes in process `syz.3.802'. [ 187.821780][ T9] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 188.064391][ T5956] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 188.122890][ T8919] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.806'. [ 188.767650][ T9] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 188.770351][ T9] em28xx 5-1:0.0: board has no eeprom [ 188.826455][ T9] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 188.829291][ T9] em28xx 5-1:0.0: dvb set to bulk mode. [ 188.837982][ T10] em28xx 5-1:0.0: Binding DVB extension [ 188.860482][ T9] usb 5-1: USB disconnect, device number 10 [ 188.863315][ T9] em28xx 5-1:0.0: Disconnecting em28xx [ 188.913594][ T10] em28xx 5-1:0.0: Registering input extension [ 188.936602][ T9] em28xx 5-1:0.0: Closing input extension [ 188.982367][ T9] em28xx 5-1:0.0: Freeing device [ 189.727084][ T8937] netlink: 8 bytes leftover after parsing attributes in process `syz.3.811'. [ 189.730548][ T8937] netlink: 48 bytes leftover after parsing attributes in process `syz.3.811'. [ 189.754982][ T8943] netlink: 'syz.2.813': attribute type 1 has an invalid length. [ 189.759548][ T8943] netlink: 188 bytes leftover after parsing attributes in process `syz.2.813'. [ 189.846008][ T8947] netlink: 8 bytes leftover after parsing attributes in process `syz.1.812'. [ 189.854318][ T8947] netlink: 48 bytes leftover after parsing attributes in process `syz.1.812'. [ 190.435638][ T8959] binder: 8958:8959 ioctl c0709411 80000400 returned -22 [ 190.549817][ T8967] comedi comedi3: multiq3: I/O port conflict (0x1004e27,16) [ 191.081812][ T8971] netlink: 4 bytes leftover after parsing attributes in process `syz.2.822'. [ 191.094808][ T8971] batman_adv: batadv0: Adding interface: macvlan2 [ 191.097736][ T8971] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.107727][ T8971] batman_adv: batadv0: Interface activated: macvlan2 [ 191.757301][ T8978] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 191.760427][ T8978] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 191.766817][ T8978] vhci_hcd vhci_hcd.0: Device attached [ 191.805079][ T8978] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(13) [ 191.807927][ T8978] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 191.813325][ T8978] vhci_hcd vhci_hcd.0: Device attached [ 192.046660][ T6009] usb 40-1: SetAddress Request (2) to port 0 [ 192.049591][ T6009] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 192.312916][ T8981] vhci_hcd: connection closed [ 192.314343][ T1217] vhci_hcd: stop threads [ 192.317109][ T8979] vhci_hcd: connection reset by peer [ 192.317461][ T1217] vhci_hcd: release socket [ 192.323987][ T1217] vhci_hcd: disconnect device [ 192.326301][ T1217] vhci_hcd: stop threads [ 192.328792][ T1217] vhci_hcd: release socket [ 192.332237][ T1217] vhci_hcd: disconnect device [ 192.442597][ T9001] futex_wake_op: syz.0.831 tries to shift op by 144; fix this program [ 192.445699][ T9000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.826'. [ 192.451124][ T9000] netlink: 48 bytes leftover after parsing attributes in process `syz.2.826'. [ 193.526598][ T1341] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 193.778296][ T1341] usb 7-1: config index 0 descriptor too short (expected 39, got 27) [ 193.782434][ T1341] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 193.790123][ T1341] usb 7-1: config 0 interface 0 has no altsetting 0 [ 193.825802][ T1341] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 193.831455][ T1341] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 193.836131][ T1341] usb 7-1: Product: syz [ 193.998895][ T1341] usb 7-1: Manufacturer: syz [ 194.004079][ T1341] usb 7-1: SerialNumber: syz [ 194.020957][ T1341] usb 7-1: config 0 descriptor?? [ 194.108453][ T1341] hub 7-1:0.0: bad descriptor, ignoring hub [ 194.110447][ T1341] hub 7-1:0.0: probe with driver hub failed with error -5 [ 194.115105][ T1341] usb 7-1: selecting invalid altsetting 0 [ 194.764772][ T9044] netlink: 'syz.3.845': attribute type 1 has an invalid length. [ 194.768587][ T9044] netlink: 188 bytes leftover after parsing attributes in process `syz.3.845'. [ 194.805960][ T9046] binder: 9045:9046 ioctl 4018620d 0 returned -22 [ 194.864111][ T9048] binder: 9045:9048 ioctl c018620c 0 returned -14 [ 195.028477][ T9054] FAULT_INJECTION: forcing a failure. [ 195.028477][ T9054] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 195.033869][ T9054] CPU: 3 UID: 0 PID: 9054 Comm: syz.0.848 Not tainted syzkaller #0 PREEMPT(full) [ 195.033886][ T9054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 195.033893][ T9054] Call Trace: [ 195.033898][ T9054] [ 195.033903][ T9054] dump_stack_lvl+0x16c/0x1f0 [ 195.033949][ T9054] should_fail_ex+0x512/0x640 [ 195.033975][ T9054] _copy_to_user+0x32/0xd0 [ 195.033993][ T9054] simple_read_from_buffer+0xcb/0x170 [ 195.034011][ T9054] proc_fail_nth_read+0x197/0x240 [ 195.034030][ T9054] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 195.034049][ T9054] ? rw_verify_area+0xcf/0x6c0 [ 195.034065][ T9054] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 195.034083][ T9054] vfs_read+0x1e4/0xcf0 [ 195.034097][ T9054] ? __pfx_vfs_read+0x10/0x10 [ 195.034106][ T9054] ? find_held_lock+0x2b/0x80 [ 195.034122][ T9054] ? __fget_files+0x20e/0x3c0 [ 195.034143][ T9054] ksys_read+0x12a/0x250 [ 195.034153][ T9054] ? __pfx_ksys_read+0x10/0x10 [ 195.034179][ T9054] ? fput+0x9b/0xd0 [ 195.034194][ T9054] ? rcu_is_watching+0x12/0xc0 [ 195.034209][ T9054] __do_fast_syscall_32+0x7c/0x300 [ 195.034221][ T9054] do_fast_syscall_32+0x32/0x80 [ 195.034232][ T9054] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 195.034249][ T9054] RIP: 0023:0xf701e579 [ 195.034258][ T9054] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 195.034269][ T9054] RSP: 002b:00000000f540e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 195.034280][ T9054] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f540e620 [ 195.034287][ T9054] RDX: 000000000000000f RSI: 00000000f73b5ff4 RDI: 0000000000000000 [ 195.034293][ T9054] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 195.034299][ T9054] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 195.034305][ T9054] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 195.034319][ T9054] [ 195.616579][ T9063] netlink: 8 bytes leftover after parsing attributes in process `syz.0.849'. [ 195.620188][ T9063] netlink: 48 bytes leftover after parsing attributes in process `syz.0.849'. [ 196.191285][ T9072] loop9: detected capacity change from 0 to 7 [ 196.197969][ T9072] Dev loop9: unable to read RDB block 7 [ 196.201029][ T9072] loop9: AHDI p1 [ 196.203102][ T9072] loop9: partition table partially beyond EOD, truncated [ 196.295604][ T9074] netlink: 'syz.1.854': attribute type 1 has an invalid length. [ 196.300004][ T9074] netlink: 188 bytes leftover after parsing attributes in process `syz.1.854'. [ 197.146534][ T6009] usb 40-1: device descriptor read/8, error -110 [ 197.336532][ T6068] vhci_hcd: vhci_device speed not set [ 198.326733][ T1341] usb 7-1: USB disconnect, device number 7 [ 198.453810][ T9105] netlink: 'syz.2.864': attribute type 1 has an invalid length. [ 198.457965][ T9105] netlink: 188 bytes leftover after parsing attributes in process `syz.2.864'. [ 198.491367][ T9112] FAULT_INJECTION: forcing a failure. [ 198.491367][ T9112] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 198.496088][ T9112] CPU: 2 UID: 0 PID: 9112 Comm: syz.2.866 Not tainted syzkaller #0 PREEMPT(full) [ 198.496115][ T9112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 198.496123][ T9112] Call Trace: [ 198.496128][ T9112] [ 198.496132][ T9112] dump_stack_lvl+0x16c/0x1f0 [ 198.496155][ T9112] should_fail_ex+0x512/0x640 [ 198.496175][ T9112] _copy_from_user+0x2e/0xd0 [ 198.496194][ T9112] drm_ioctl+0x4fb/0xc30 [ 198.496208][ T9112] ? __pfx_drm_dropmaster_ioctl+0x10/0x10 [ 198.496224][ T9112] ? __pfx_drm_ioctl+0x10/0x10 [ 198.496246][ T9112] drm_compat_ioctl+0x327/0x460 [ 198.496262][ T9112] ? __pfx_drm_compat_ioctl+0x10/0x10 [ 198.496276][ T9112] __ia32_compat_sys_ioctl+0x242/0x370 [ 198.496294][ T9112] __do_fast_syscall_32+0x7c/0x300 [ 198.496307][ T9112] do_fast_syscall_32+0x32/0x80 [ 198.496320][ T9112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 198.496335][ T9112] RIP: 0023:0xf7fa8579 [ 198.496343][ T9112] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 198.496365][ T9112] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 198.496378][ T9112] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000641f [ 198.496385][ T9112] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 198.496391][ T9112] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 198.496397][ T9112] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 198.496403][ T9112] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 198.496427][ T9112] [ 198.977474][ T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 198.990654][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 198.993218][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.067833][ T6009] usb usb40-port1: attempt power cycle [ 199.146856][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 199.153330][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 199.158348][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 199.162104][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 199.165824][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 199.172107][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 199.176523][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.627353][ T6009] usb usb40-port1: unable to enumerate USB device [ 199.836182][ T5956] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 199.839573][ T5956] CPU: 3 UID: 0 PID: 5956 Comm: kworker/u33:2 Not tainted syzkaller #0 PREEMPT(full) [ 199.839608][ T5956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 199.839624][ T5956] Workqueue: hci1 hci_rx_work [ 199.839662][ T5956] Call Trace: [ 199.839671][ T5956] [ 199.839681][ T5956] dump_stack_lvl+0x16c/0x1f0 [ 199.839721][ T5956] sysfs_warn_dup+0x7f/0xa0 [ 199.839747][ T5956] sysfs_create_dir_ns+0x24b/0x2b0 [ 199.839773][ T5956] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 199.839797][ T5956] ? find_held_lock+0x2b/0x80 [ 199.839830][ T5956] ? do_raw_spin_unlock+0x172/0x230 [ 199.839858][ T5956] kobject_add_internal+0x2c4/0x9b0 [ 199.839890][ T5956] kobject_add+0x16e/0x240 [ 199.839916][ T5956] ? __pfx_kobject_add+0x10/0x10 [ 199.839943][ T5956] ? do_raw_spin_unlock+0x172/0x230 [ 199.839968][ T5956] ? kobject_put+0xab/0x5a0 [ 199.840010][ T5956] device_add+0x288/0x1aa0 [ 199.840038][ T5956] ? __pfx_dev_set_name+0x10/0x10 [ 199.840068][ T5956] ? __pfx_device_add+0x10/0x10 [ 199.840095][ T5956] ? mgmt_send_event_skb+0x2fb/0x460 [ 199.840137][ T5956] hci_conn_add_sysfs+0x17e/0x230 [ 199.840175][ T5956] le_conn_complete_evt+0x1260/0x2150 [ 199.840216][ T5956] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 199.840245][ T5956] ? hci_event_packet+0x459/0x11c0 [ 199.840286][ T5956] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 199.840321][ T5956] ? skb_pull_data+0x166/0x210 [ 199.840359][ T5956] hci_le_meta_evt+0x354/0x5e0 [ 199.840393][ T5956] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 199.840430][ T5956] hci_event_packet+0x685/0x11c0 [ 199.840462][ T5956] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 199.840498][ T5956] ? __pfx_hci_event_packet+0x10/0x10 [ 199.840531][ T5956] ? kcov_remote_start+0x3c9/0x6d0 [ 199.840554][ T5956] ? lockdep_hardirqs_on+0x7c/0x110 [ 199.840599][ T5956] hci_rx_work+0x2c5/0x16b0 [ 199.840635][ T5956] ? rcu_is_watching+0x12/0xc0 [ 199.840667][ T5956] process_one_work+0x9cf/0x1b70 [ 199.840706][ T5956] ? __pfx_process_one_work+0x10/0x10 [ 199.840741][ T5956] ? assign_work+0x1a0/0x250 [ 199.840784][ T5956] worker_thread+0x6c8/0xf10 [ 199.840825][ T5956] ? __pfx_worker_thread+0x10/0x10 [ 199.840849][ T5956] kthread+0x3c2/0x780 [ 199.840887][ T5956] ? __pfx_kthread+0x10/0x10 [ 199.840928][ T5956] ? rcu_is_watching+0x12/0xc0 [ 199.840956][ T5956] ? __pfx_kthread+0x10/0x10 [ 199.841002][ T5956] ret_from_fork+0x56d/0x730 [ 199.841025][ T5956] ? __pfx_kthread+0x10/0x10 [ 199.841067][ T5956] ret_from_fork_asm+0x1a/0x30 [ 199.841119][ T5956] [ 199.841156][ T5956] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 199.959132][ T5956] Bluetooth: hci1: failed to register connection device [ 199.964246][ T5956] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 200.814376][ T9136] netlink: 'syz.1.875': attribute type 1 has an invalid length. [ 200.820038][ T9136] netlink: 188 bytes leftover after parsing attributes in process `syz.1.875'. [ 201.190411][ T9140] netlink: 8 bytes leftover after parsing attributes in process `syz.1.883'. [ 201.194158][ T9140] netlink: 48 bytes leftover after parsing attributes in process `syz.1.883'. [ 201.291966][ T9] usb 5-1: usb_control_msg returned -71 [ 201.294386][ T9] usbtmc 5-1:16.0: can't read capabilities [ 201.299791][ T9] usb 5-1: USB disconnect, device number 11 [ 201.337871][ T9147] netlink: 4 bytes leftover after parsing attributes in process `syz.3.878'. [ 201.349333][ T9147] macvtap1: entered promiscuous mode [ 201.351633][ T9147] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode [ 201.358615][ T9147] mac80211_hwsim hwsim7 wlan1: left promiscuous mode [ 201.455519][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 201.455538][ T40] audit: type=1326 audit(1759384970.778:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9145 comm="syz.3.878" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa7579 code=0x0 [ 202.669438][ T9163] netlink: 'syz.2.884': attribute type 1 has an invalid length. [ 202.672177][ T9163] netlink: 188 bytes leftover after parsing attributes in process `syz.2.884'. [ 202.683497][ T9156] netlink: 1 bytes leftover after parsing attributes in process `syz.1.880'. [ 202.713966][ T9165] FAULT_INJECTION: forcing a failure. [ 202.713966][ T9165] name failslab, interval 1, probability 0, space 0, times 0 [ 202.719874][ T9165] CPU: 3 UID: 0 PID: 9165 Comm: syz.2.885 Not tainted syzkaller #0 PREEMPT(full) [ 202.719899][ T9165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 202.719910][ T9165] Call Trace: [ 202.719916][ T9165] [ 202.719924][ T9165] dump_stack_lvl+0x16c/0x1f0 [ 202.719958][ T9165] should_fail_ex+0x512/0x640 [ 202.719985][ T9165] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 202.720007][ T9165] should_failslab+0xc2/0x120 [ 202.720026][ T9165] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 202.720044][ T9165] ? __d_alloc+0x32/0xae0 [ 202.720066][ T9165] __d_alloc+0x32/0xae0 [ 202.720086][ T9165] d_alloc_parallel+0x111/0x1480 [ 202.720117][ T9165] ? register_lock_class+0x41/0x4c0 [ 202.720143][ T9165] ? __lock_acquire+0xb97/0x1ce0 [ 202.720167][ T9165] ? __pfx_d_alloc_parallel+0x10/0x10 [ 202.720193][ T9165] ? lockdep_init_map_type+0x5c/0x280 [ 202.720225][ T9165] ? lockdep_init_map_type+0x5c/0x280 [ 202.720256][ T9165] __lookup_slow+0x193/0x460 [ 202.720281][ T9165] ? __pfx___lookup_slow+0x10/0x10 [ 202.720321][ T9165] ? lookup_fast+0x156/0x610 [ 202.720349][ T9165] walk_component+0x353/0x5b0 [ 202.720377][ T9165] path_lookupat+0x142/0x6d0 [ 202.720406][ T9165] filename_lookup+0x224/0x5f0 [ 202.720435][ T9165] ? __pfx_filename_lookup+0x10/0x10 [ 202.720482][ T9165] ? find_held_lock+0x2b/0x80 [ 202.720501][ T9165] ? __might_fault+0xe3/0x190 [ 202.720517][ T9165] ? __might_fault+0xe3/0x190 [ 202.720532][ T9165] ? __might_fault+0x13b/0x190 [ 202.720555][ T9165] vfs_statx+0x101/0x3f0 [ 202.720577][ T9165] ? __pfx_vfs_statx+0x10/0x10 [ 202.720598][ T9165] ? getname_flags.part.0+0x1c5/0x550 [ 202.720623][ T9165] __do_compat_sys_newlstat+0xa8/0x130 [ 202.720645][ T9165] ? __pfx___do_compat_sys_newlstat+0x10/0x10 [ 202.720679][ T9165] ? __pfx_ksys_write+0x10/0x10 [ 202.720695][ T9165] ? rcu_is_watching+0x12/0xc0 [ 202.720708][ T9165] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 202.720728][ T9165] __do_fast_syscall_32+0x7c/0x300 [ 202.720739][ T9165] do_fast_syscall_32+0x32/0x80 [ 202.720750][ T9165] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 202.720764][ T9165] RIP: 0023:0xf7fa8579 [ 202.720773][ T9165] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 202.720784][ T9165] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 000000000000006b [ 202.720794][ T9165] RAX: ffffffffffffffda RBX: 0000000080000040 RCX: 0000000080000100 [ 202.720801][ T9165] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 202.720807][ T9165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 202.720814][ T9165] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 202.720820][ T9165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 202.720833][ T9165] [ 203.132648][ T9174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.888'. [ 203.137460][ T9174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.888'. [ 203.202223][ T9177] FAULT_INJECTION: forcing a failure. [ 203.202223][ T9177] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 203.208970][ T9177] CPU: 3 UID: 0 PID: 9177 Comm: syz.0.889 Not tainted syzkaller #0 PREEMPT(full) [ 203.208997][ T9177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 203.209008][ T9177] Call Trace: [ 203.209014][ T9177] [ 203.209022][ T9177] dump_stack_lvl+0x16c/0x1f0 [ 203.209057][ T9177] should_fail_ex+0x512/0x640 [ 203.209089][ T9177] _copy_from_user+0x2e/0xd0 [ 203.209118][ T9177] snd_seq_ioctl+0x1bf/0x410 [ 203.209141][ T9177] ? __pfx_snd_seq_ioctl+0x10/0x10 [ 203.209186][ T9177] ? __fget_files+0x20e/0x3c0 [ 203.209220][ T9177] snd_seq_ioctl_compat+0xea/0x310 [ 203.209240][ T9177] ? __pfx_snd_seq_ioctl_compat+0x10/0x10 [ 203.209262][ T9177] __ia32_compat_sys_ioctl+0x242/0x370 [ 203.209288][ T9177] __do_fast_syscall_32+0x7c/0x300 [ 203.209310][ T9177] do_fast_syscall_32+0x32/0x80 [ 203.209327][ T9177] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 203.209350][ T9177] RIP: 0023:0xf701e579 [ 203.209365][ T9177] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 203.209383][ T9177] RSP: 002b:00000000f540e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 203.209401][ T9177] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004040534e [ 203.209413][ T9177] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 203.209424][ T9177] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 203.209434][ T9177] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 203.209445][ T9177] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 203.209468][ T9177] [ 203.405327][ T9180] input: syz0 as /devices/virtual/input/input9 [ 205.348432][ T9210] netlink: 4 bytes leftover after parsing attributes in process `syz.1.899'. [ 205.464265][ T40] audit: type=1326 audit(1759384974.788:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.899" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f12579 code=0x0 [ 205.976491][ T61] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 206.036844][ T9210] macvtap1: entered promiscuous mode [ 206.041996][ T9210] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 206.055994][ T9210] mac80211_hwsim hwsim9 wlan1: left promiscuous mode [ 206.136511][ T61] usb 6-1: Using ep0 maxpacket: 8 [ 206.148421][ T61] usb 6-1: unable to get BOS descriptor or descriptor too short [ 206.152204][ T61] usb 6-1: config 4 interface 0 has no altsetting 0 [ 206.157012][ T61] usb 6-1: string descriptor 0 read error: -22 [ 206.159493][ T61] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 206.166599][ T61] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.183077][ T61] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 206.187203][ T61] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 206.195152][ T61] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 206.205433][ T61] usb 6-1: media controller created [ 206.215823][ T61] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 206.606651][ T1341] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 206.713710][ T1141] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 256 - 0 [ 206.717265][ T1141] netdevsim netdevsim1 eth0: unset [1, 1] type 2 family 0 port 6081 - 0 [ 206.719921][ T1141] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 256 - 0 [ 206.722584][ T1141] netdevsim netdevsim1 eth1: unset [1, 1] type 2 family 0 port 6081 - 0 [ 206.726906][ T1141] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 256 - 0 [ 206.730126][ T1141] netdevsim netdevsim1 eth2: unset [1, 1] type 2 family 0 port 6081 - 0 [ 206.733356][ T1141] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 256 - 0 [ 206.736147][ T1141] netdevsim netdevsim1 eth3: unset [1, 1] type 2 family 0 port 6081 - 0 [ 206.888340][ T1341] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 206.892111][ T1341] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 206.895338][ T1341] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 206.906588][ T1341] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.916682][ T9227] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 206.922600][ T1341] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 207.008079][ T9233] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 207.010509][ T9233] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 207.013458][ T9233] vhci_hcd vhci_hcd.0: Device attached [ 207.051232][ T9237] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 207.110786][ T9241] netlink: 4 bytes leftover after parsing attributes in process `syz.3.906'. [ 207.117843][ T9241] macvtap1: entered promiscuous mode [ 207.119581][ T9241] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode [ 207.123911][ T9241] mac80211_hwsim hwsim7 wlan1: left promiscuous mode [ 207.135965][ T6002] usb 7-1: USB disconnect, device number 8 [ 207.188579][ T40] audit: type=1326 audit(1759384976.518:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9240 comm="syz.3.906" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa7579 code=0x0 [ 207.306455][ T6392] usb 38-1: SetAddress Request (4) to port 0 [ 207.308598][ T6392] usb 38-1: new SuperSpeed USB device number 4 using vhci_hcd [ 207.316904][ T61] zl10353_read_register: readreg error (reg=127, ret==0) [ 207.337576][ T9227] FAULT_INJECTION: forcing a failure. [ 207.337576][ T9227] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 207.343463][ T9227] CPU: 3 UID: 0 PID: 9227 Comm: syz.2.902 Not tainted syzkaller #0 PREEMPT(full) [ 207.343487][ T9227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 207.343498][ T9227] Call Trace: [ 207.343506][ T9227] [ 207.343513][ T9227] dump_stack_lvl+0x16c/0x1f0 [ 207.343546][ T9227] should_fail_ex+0x512/0x640 [ 207.343576][ T9227] _copy_to_user+0x32/0xd0 [ 207.343595][ T9227] simple_read_from_buffer+0xcb/0x170 [ 207.343623][ T9227] proc_fail_nth_read+0x197/0x240 [ 207.343653][ T9227] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 207.343682][ T9227] ? rw_verify_area+0xcf/0x6c0 [ 207.343708][ T9227] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 207.343735][ T9227] vfs_read+0x1e4/0xcf0 [ 207.343754][ T9227] ? __pfx_vfs_read+0x10/0x10 [ 207.343767][ T9227] ? find_held_lock+0x2b/0x80 [ 207.343792][ T9227] ? __fget_files+0x20e/0x3c0 [ 207.343824][ T9227] ksys_read+0x12a/0x250 [ 207.343838][ T9227] ? __pfx_ksys_read+0x10/0x10 [ 207.343877][ T9227] ? rcu_is_watching+0x12/0xc0 [ 207.343901][ T9227] __do_fast_syscall_32+0x7c/0x300 [ 207.343921][ T9227] do_fast_syscall_32+0x32/0x80 [ 207.343945][ T9227] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 207.343967][ T9227] RIP: 0023:0xf7fa8579 [ 207.343982][ T9227] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 207.344000][ T9227] RSP: 002b:00000000f5496590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 207.344017][ T9227] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5496620 [ 207.344028][ T9227] RDX: 000000000000000f RSI: 00000000f7435ff4 RDI: 0000000000000000 [ 207.344038][ T9227] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 207.344048][ T9227] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 207.344058][ T9227] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 207.344082][ T9227] [ 207.578111][ T9234] vhci_hcd: connection reset by peer [ 207.580509][ T1141] vhci_hcd: stop threads [ 207.582346][ T1141] vhci_hcd: release socket [ 207.584348][ T1141] vhci_hcd: disconnect device [ 207.716646][ T10] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 207.868085][ T10] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 207.871832][ T10] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 207.875549][ T10] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 207.879549][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.885960][ T9250] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 207.893062][ T10] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 208.094864][ T6009] usb 7-1: USB disconnect, device number 9 [ 208.195625][ T9252] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.909'. [ 208.362624][ T9255] FAULT_INJECTION: forcing a failure. [ 208.362624][ T9255] name failslab, interval 1, probability 0, space 0, times 0 [ 208.367119][ T9255] CPU: 3 UID: 0 PID: 9255 Comm: syz.0.910 Not tainted syzkaller #0 PREEMPT(full) [ 208.367144][ T9255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 208.367156][ T9255] Call Trace: [ 208.367164][ T9255] [ 208.367172][ T9255] dump_stack_lvl+0x16c/0x1f0 [ 208.367209][ T9255] should_fail_ex+0x512/0x640 [ 208.367238][ T9255] ? fs_reclaim_acquire+0xae/0x150 [ 208.367265][ T9255] ? tomoyo_encode2+0x100/0x3e0 [ 208.367288][ T9255] should_failslab+0xc2/0x120 [ 208.367309][ T9255] __kmalloc_noprof+0xd2/0x510 [ 208.367335][ T9255] tomoyo_encode2+0x100/0x3e0 [ 208.367362][ T9255] tomoyo_encode+0x29/0x50 [ 208.367385][ T9255] tomoyo_realpath_from_path+0x18f/0x6e0 [ 208.367412][ T9255] ? tomoyo_profile+0x47/0x60 [ 208.367442][ T9255] tomoyo_path_number_perm+0x245/0x580 [ 208.367461][ T9255] ? tomoyo_path_number_perm+0x237/0x580 [ 208.367485][ T9255] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 208.367537][ T9255] ? find_held_lock+0x2b/0x80 [ 208.367558][ T9255] ? hook_file_ioctl_common+0x145/0x410 [ 208.367585][ T9255] ? __fget_files+0x20e/0x3c0 [ 208.367618][ T9255] security_file_ioctl_compat+0x9b/0x240 [ 208.367641][ T9255] __ia32_compat_sys_ioctl+0xc3/0x370 [ 208.367670][ T9255] __do_fast_syscall_32+0x7c/0x300 [ 208.367690][ T9255] do_fast_syscall_32+0x32/0x80 [ 208.367709][ T9255] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 208.367730][ T9255] RIP: 0023:0xf701e579 [ 208.367745][ T9255] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 208.367763][ T9255] RSP: 002b:00000000f540e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 208.367780][ T9255] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000008b22 [ 208.367792][ T9255] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 208.367803][ T9255] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 208.367813][ T9255] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 208.367824][ T9255] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 208.367849][ T9255] [ 208.367867][ T9255] ERROR: Out of memory at tomoyo_realpath_from_path. [ 208.373220][ T10] usb 6-1: USB disconnect, device number 10 [ 208.452171][ T9259] FAULT_INJECTION: forcing a failure. [ 208.452171][ T9259] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 208.457778][ T9259] CPU: 1 UID: 0 PID: 9259 Comm: syz.0.912 Not tainted syzkaller #0 PREEMPT(full) [ 208.457800][ T9259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 208.457809][ T9259] Call Trace: [ 208.457814][ T9259] [ 208.457820][ T9259] dump_stack_lvl+0x16c/0x1f0 [ 208.457849][ T9259] should_fail_ex+0x512/0x640 [ 208.457876][ T9259] _copy_from_iter+0x29f/0x1720 [ 208.457901][ T9259] ? __lock_acquire+0x62e/0x1ce0 [ 208.457925][ T9259] ? __pfx__copy_from_iter+0x10/0x10 [ 208.457947][ T9259] ? __lock_acquire+0xb97/0x1ce0 [ 208.457966][ T9259] ? _parse_integer_limit+0x17f/0x1d0 [ 208.457992][ T9259] tun_get_user+0x26d/0x3cd0 [ 208.458021][ T9259] ? __pfx_tun_get_user+0x10/0x10 [ 208.458039][ T9259] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 208.458060][ T9259] ? find_held_lock+0x2b/0x80 [ 208.458077][ T9259] ? tun_get+0x191/0x370 [ 208.458098][ T9259] tun_chr_write_iter+0xdc/0x210 [ 208.458117][ T9259] vfs_write+0x7d0/0x11d0 [ 208.458142][ T9259] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 208.458163][ T9259] ? __pfx_vfs_write+0x10/0x10 [ 208.458176][ T9259] ? find_held_lock+0x2b/0x80 [ 208.458210][ T9259] ksys_write+0x12a/0x250 [ 208.458226][ T9259] ? __pfx_ksys_write+0x10/0x10 [ 208.458242][ T9259] ? rcu_is_watching+0x12/0xc0 [ 208.458265][ T9259] __do_fast_syscall_32+0x7c/0x300 [ 208.458285][ T9259] do_fast_syscall_32+0x32/0x80 [ 208.458301][ T9259] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 208.458323][ T9259] RIP: 0023:0xf701e579 [ 208.458337][ T9259] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 208.458354][ T9259] RSP: 002b:00000000f540e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 208.458371][ T9259] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000600 [ 208.458380][ T9259] RDX: 000000000000002a RSI: 0000000000000000 RDI: 0000000000000000 [ 208.458388][ T9259] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 208.458396][ T9259] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 208.458404][ T9259] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 208.458421][ T9259] [ 208.609899][ T9262] netlink: 'syz.0.913': attribute type 1 has an invalid length. [ 208.613555][ T9262] netlink: 180 bytes leftover after parsing attributes in process `syz.0.913'. [ 208.829983][ T9267] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 208.840538][ T9267] netlink: 8 bytes leftover after parsing attributes in process `syz.0.915'. [ 209.157386][ T9277] netlink: 8 bytes leftover after parsing attributes in process `syz.0.917'. [ 209.160617][ T9277] netlink: 48 bytes leftover after parsing attributes in process `syz.0.917'. [ 209.306452][ T10] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 209.458119][ T10] usb 7-1: config index 0 descriptor too short (expected 39, got 27) [ 209.460778][ T10] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 209.464352][ T10] usb 7-1: config 0 interface 0 has no altsetting 0 [ 209.468763][ T10] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 209.471633][ T10] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 209.474221][ T10] usb 7-1: Product: syz [ 209.475631][ T10] usb 7-1: Manufacturer: syz [ 209.477531][ T10] usb 7-1: SerialNumber: syz [ 209.480932][ T10] usb 7-1: config 0 descriptor?? [ 209.484590][ T10] hub 7-1:0.0: bad descriptor, ignoring hub [ 209.486606][ T10] hub 7-1:0.0: probe with driver hub failed with error -5 [ 209.490293][ T10] usb 7-1: selecting invalid altsetting 0 [ 209.909438][ T9281] netlink: 4 bytes leftover after parsing attributes in process `syz.0.920'. [ 209.920689][ T9281] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 209.923148][ T9281] macvtap1: entered promiscuous mode [ 209.928523][ T9281] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 210.034206][ T40] audit: type=1326 audit(1759384979.358:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9280 comm="syz.0.920" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf701e579 code=0x0 [ 210.101959][ T9285] bridge0: port 3(dummy0) entered disabled state [ 210.104679][ T9285] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.107953][ T9285] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.131856][ T9285] bond_slave_0: left promiscuous mode [ 210.135302][ T9285] bond_slave_1: left promiscuous mode [ 210.166869][ T6009] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 210.198090][ T9285] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 210.211259][ T9285] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 210.261813][ T9285] veth1_macvtap: left allmulticast mode [ 210.353754][ T6009] usb 6-1: config index 0 descriptor too short (expected 39, got 27) [ 210.357532][ T6009] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 210.361412][ T6009] usb 6-1: config 0 interface 0 has no altsetting 0 [ 210.367750][ T6009] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 210.371673][ T6009] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 210.374423][ T6009] usb 6-1: Product: syz [ 210.376292][ T6009] usb 6-1: Manufacturer: syz [ 210.383339][ T6009] usb 6-1: SerialNumber: syz [ 210.386566][ T9285] batman_adv: batadv0: Interface deactivated: macvlan2 [ 210.401711][ T6009] usb 6-1: config 0 descriptor?? [ 210.415556][ T6009] hub 6-1:0.0: bad descriptor, ignoring hub [ 210.422083][ T6009] hub 6-1:0.0: probe with driver hub failed with error -5 [ 210.434148][ T6009] usb 6-1: selecting invalid altsetting 0 [ 210.456642][ T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 210.505841][ T9279] IPVS: Error connecting to the multicast addr [ 210.564938][ T6903] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 256 - 0 [ 210.568302][ T6903] netdevsim netdevsim0 eth0: unset [1, 1] type 2 family 0 port 6081 - 0 [ 210.571309][ T6903] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 256 - 0 [ 210.574230][ T6903] netdevsim netdevsim0 eth1: unset [1, 1] type 2 family 0 port 6081 - 0 [ 210.577493][ T6903] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 256 - 0 [ 210.582295][ T6903] netdevsim netdevsim0 eth2: unset [1, 1] type 2 family 0 port 6081 - 0 [ 210.585988][ T6903] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 256 - 0 [ 210.589214][ T6903] netdevsim netdevsim0 eth3: unset [1, 1] type 2 family 0 port 6081 - 0 [ 210.886545][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 210.895738][ T10] usb 5-1: unable to get BOS descriptor or descriptor too short [ 210.902262][ T10] usb 5-1: config 4 interface 0 has no altsetting 0 [ 210.928085][ T10] usb 5-1: string descriptor 0 read error: -22 [ 210.930108][ T10] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 210.932967][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.940500][ T10] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 210.944486][ T10] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 210.951922][ T10] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 210.954438][ T10] usb 5-1: media controller created [ 210.973018][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 212.036724][ T10] zl10353_read_register: readreg error (reg=127, ret==0) [ 212.139877][ T1341] usb 7-1: USB disconnect, device number 10 [ 212.329270][ T9308] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 212.346653][ T6392] usb 38-1: device descriptor read/8, error -110 [ 212.455681][ T9314] netlink: 4 bytes leftover after parsing attributes in process `syz.2.928'. [ 212.463356][ T9314] macvtap1: entered promiscuous mode [ 212.465427][ T9314] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode [ 212.470250][ T9314] mac80211_hwsim hwsim5 wlan1: left promiscuous mode [ 212.578925][ T40] audit: type=1326 audit(1759384981.908:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9313 comm="syz.2.928" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa8579 code=0x0 [ 212.634760][ T9315] batman_adv: batadv0: Interface deactivated: macvlan2 [ 212.737488][ T6392] usb usb38-port1: attempt power cycle [ 212.896579][ T6002] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 212.936977][ T10] usb 5-1: USB disconnect, device number 12 [ 213.010281][ T9320] netlink: 4 bytes leftover after parsing attributes in process `syz.0.930'. [ 213.018131][ T9320] macvtap1: entered promiscuous mode [ 213.020200][ T9320] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 213.025053][ T9320] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 213.046599][ T6002] usb 7-1: Using ep0 maxpacket: 8 [ 213.050809][ T6002] usb 7-1: unable to get BOS descriptor or descriptor too short [ 213.054469][ T6002] usb 7-1: config 4 interface 0 has no altsetting 0 [ 213.059306][ T6002] usb 7-1: string descriptor 0 read error: -22 [ 213.061708][ T6002] usb 7-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 213.065536][ T6002] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.066886][ T1341] usb 6-1: USB disconnect, device number 11 [ 213.074800][ T6002] usb 7-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 213.075267][ T40] audit: type=1326 audit(1759384982.398:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9319 comm="syz.0.930" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf701e579 code=0x0 [ 213.080846][ T6002] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 213.090152][ T6002] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 213.092425][ T6002] usb 7-1: media controller created [ 213.105233][ T6002] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 213.406544][ T6068] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 213.468345][ T6392] usb usb38-port1: unable to enumerate USB device [ 213.533704][ T6903] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.537436][ T6903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.556304][ T5956] Bluetooth: hci1: unexpected event for opcode 0x1004 [ 213.576739][ T6068] usb 5-1: Using ep0 maxpacket: 8 [ 213.582334][ T6068] usb 5-1: unable to get BOS descriptor or descriptor too short [ 213.587802][ T6068] usb 5-1: config 4 interface 0 has no altsetting 0 [ 213.594053][ T6068] usb 5-1: string descriptor 0 read error: -22 [ 213.597421][ T6068] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 213.601308][ T6068] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.615690][ T6068] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 213.619758][ T6068] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 213.624285][ T6068] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 213.626965][ T6068] usb 5-1: media controller created [ 213.646190][ T6068] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 214.023445][ T40] audit: type=1326 audit(1759384983.348:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9329 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 214.030994][ T40] audit: type=1326 audit(1759384983.358:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9329 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 214.037883][ T40] audit: type=1326 audit(1759384983.358:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9329 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 214.045124][ T40] audit: type=1326 audit(1759384983.358:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9329 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 214.053359][ T40] audit: type=1326 audit(1759384983.358:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9329 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 214.062109][ T40] audit: type=1326 audit(1759384983.358:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9329 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 214.070009][ T40] audit: type=1326 audit(1759384983.378:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9329 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 214.078576][ T40] audit: type=1326 audit(1759384983.388:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9329 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 214.186747][ T6002] zl10353_read_register: readreg error (reg=127, ret==0) [ 214.746648][ T6068] zl10353_read_register: readreg error (reg=127, ret==0) [ 214.820761][ T5963] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 214.825659][ T5963] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 214.829177][ T5963] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 214.837301][ T5963] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 214.847296][ T5963] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 214.872450][ T9339] lo speed is unknown, defaulting to 1000 [ 214.930366][ T9344] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 214.936741][ T9344] FAULT_INJECTION: forcing a failure. [ 214.936741][ T9344] name failslab, interval 1, probability 0, space 0, times 0 [ 214.942102][ T9344] CPU: 0 UID: 0 PID: 9344 Comm: syz.3.939 Not tainted syzkaller #0 PREEMPT(full) [ 214.942202][ T9344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 214.942211][ T9344] Call Trace: [ 214.942216][ T9344] [ 214.942221][ T9344] dump_stack_lvl+0x16c/0x1f0 [ 214.942243][ T9344] should_fail_ex+0x512/0x640 [ 214.942261][ T9344] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 214.942280][ T9344] should_failslab+0xc2/0x120 [ 214.942293][ T9344] __kmalloc_cache_noprof+0x6a/0x3e0 [ 214.942310][ T9344] ? vhost_task_create+0xe5/0x370 [ 214.942329][ T9344] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 214.942451][ T9344] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 214.942477][ T9344] vhost_task_create+0xe5/0x370 [ 214.942496][ T9344] ? __pfx_vhost_task_create+0x10/0x10 [ 214.942518][ T9344] ? __pfx_vhost_task_fn+0x10/0x10 [ 214.942544][ T9344] kvm_mmu_post_init_vm+0x1b7/0x380 [ 214.942560][ T9344] kvm_arch_vcpu_ioctl_run+0x66/0x1970 [ 214.942579][ T9344] ? kvm_vcpu_ioctl+0x14c5/0x1690 [ 214.942599][ T9344] kvm_vcpu_ioctl+0x5eb/0x1690 [ 214.942617][ T9344] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 214.942636][ T9344] ? tomoyo_path_number_perm+0x18d/0x580 [ 214.942651][ T9344] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 214.942669][ T9344] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 214.942682][ T9344] ? do_vfs_ioctl+0x128/0x14f0 [ 214.942699][ T9344] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 214.942722][ T9344] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 214.942739][ T9344] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 214.942756][ T9344] ? __fget_files+0x20e/0x3c0 [ 214.942777][ T9344] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 214.942794][ T9344] __ia32_compat_sys_ioctl+0x242/0x370 [ 214.942812][ T9344] __do_fast_syscall_32+0x7c/0x300 [ 214.942825][ T9344] do_fast_syscall_32+0x32/0x80 [ 214.942836][ T9344] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 214.942859][ T9344] RIP: 0023:0xf7fa7579 [ 214.942869][ T9344] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 214.942881][ T9344] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 214.942892][ T9344] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000000000ae80 [ 214.942899][ T9344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 214.942906][ T9344] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 214.942912][ T9344] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 214.942919][ T9344] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 214.942934][ T9344] [ 214.979615][ T9339] chnl_net:caif_netlink_parms(): no params data found [ 215.126242][ T9339] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.128698][ T9339] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.131101][ T9339] bridge_slave_0: entered allmulticast mode [ 215.134234][ T9339] bridge_slave_0: entered promiscuous mode [ 215.138387][ T9339] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.140818][ T9339] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.143286][ T9339] bridge_slave_1: entered allmulticast mode [ 215.146662][ T9339] bridge_slave_1: entered promiscuous mode [ 215.183890][ T9339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 215.188614][ T9339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 215.222066][ T9339] team0: Port device team_slave_0 added [ 215.225549][ T9339] team0: Port device team_slave_1 added [ 215.260004][ T9339] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 215.262227][ T9339] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.271120][ T9339] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 215.277071][ T9339] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 215.279619][ T9339] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.290360][ T9339] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 215.334632][ T9339] hsr_slave_0: entered promiscuous mode [ 215.336991][ T9339] hsr_slave_1: entered promiscuous mode [ 215.339062][ T9339] debugfs: 'hsr0' already exists in 'hsr' [ 215.340910][ T9339] Cannot create hsr debugfs directory [ 215.489714][ T6068] usb 7-1: USB disconnect, device number 11 [ 215.591462][ T9357] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 215.630517][ T9359] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.942'. [ 215.878893][ T9339] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 215.888325][ T9339] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 215.895233][ T9339] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 215.906336][ T9339] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 215.980976][ T9339] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.998527][ T9339] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.009326][ T6900] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.013613][ T6900] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.032666][ T6002] usb 5-1: USB disconnect, device number 13 [ 216.057181][ T9371] netlink: 'syz.0.945': attribute type 1 has an invalid length. [ 216.059317][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.059761][ T9371] netlink: 20 bytes leftover after parsing attributes in process `syz.0.945'. [ 216.062170][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.219053][ T9339] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.244289][ T9339] veth0_vlan: entered promiscuous mode [ 216.249164][ T9339] veth1_vlan: entered promiscuous mode [ 216.269446][ T9339] veth0_macvtap: entered promiscuous mode [ 216.274916][ T9339] veth1_macvtap: entered promiscuous mode [ 216.285738][ T9386] netlink: 8 bytes leftover after parsing attributes in process `syz.3.948'. [ 216.292936][ T9339] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 216.308778][ T9339] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 216.318248][ T1217] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.321308][ T1217] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.324818][ T1217] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.327398][ T9389] netlink: 4 bytes leftover after parsing attributes in process `syz.3.949'. [ 216.332121][ T9389] FAULT_INJECTION: forcing a failure. [ 216.332121][ T9389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 216.336849][ T9389] CPU: 0 UID: 0 PID: 9389 Comm: syz.3.949 Not tainted syzkaller #0 PREEMPT(full) [ 216.336866][ T9389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 216.336874][ T9389] Call Trace: [ 216.336878][ T9389] [ 216.336883][ T9389] dump_stack_lvl+0x16c/0x1f0 [ 216.336908][ T9389] should_fail_ex+0x512/0x640 [ 216.336942][ T9389] _copy_from_user+0x2e/0xd0 [ 216.336964][ T9389] get_compat_msghdr+0xa7/0x170 [ 216.336983][ T9389] ? __pfx_get_compat_msghdr+0x10/0x10 [ 216.337049][ T9389] ___sys_sendmsg+0x1ae/0x1d0 [ 216.337073][ T9389] ? __pfx____sys_sendmsg+0x10/0x10 [ 216.337097][ T9389] ? find_held_lock+0x2b/0x80 [ 216.337120][ T9389] __sys_sendmsg+0x16d/0x220 [ 216.337138][ T9389] ? __pfx___sys_sendmsg+0x10/0x10 [ 216.337161][ T9389] ? rcu_is_watching+0x12/0xc0 [ 216.337180][ T9389] __do_fast_syscall_32+0x7c/0x300 [ 216.337194][ T9389] do_fast_syscall_32+0x32/0x80 [ 216.337205][ T9389] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 216.337220][ T9389] RIP: 0023:0xf7fa7579 [ 216.337230][ T9389] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 216.337242][ T9389] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 216.337254][ T9389] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000380 [ 216.337261][ T9389] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 216.337267][ T9389] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 216.337273][ T9389] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 216.337279][ T9389] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 216.337292][ T9389] [ 216.344054][ T1217] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.365587][ T9392] random: crng reseeded on system resumption [ 216.457125][ T1217] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.460829][ T1217] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.482568][ T6903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.488344][ T6903] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.720375][ T9405] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.954'. [ 216.916680][ T5956] Bluetooth: hci1: command tx timeout [ 216.974555][ T9409] FAULT_INJECTION: forcing a failure. [ 216.974555][ T9409] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 216.979560][ T9409] CPU: 1 UID: 0 PID: 9409 Comm: syz.0.955 Not tainted syzkaller #0 PREEMPT(full) [ 216.979579][ T9409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 216.979587][ T9409] Call Trace: [ 216.979592][ T9409] [ 216.979597][ T9409] dump_stack_lvl+0x16c/0x1f0 [ 216.979623][ T9409] should_fail_ex+0x512/0x640 [ 216.979642][ T9409] ? page_copy_sane+0xcd/0x2d0 [ 216.979661][ T9409] copy_folio_from_iter_atomic+0x36f/0x1ac0 [ 216.979677][ T9409] ? simple_xattr_get+0x179/0x1d0 [ 216.979693][ T9409] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 216.979705][ T9409] ? shmem_write_begin+0x176/0x300 [ 216.979718][ T9409] ? __pfx_shmem_write_begin+0x10/0x10 [ 216.979728][ T9409] ? timestamp_truncate+0x21e/0x2d0 [ 216.979740][ T9409] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 216.979760][ T9409] generic_perform_write+0x221/0x900 [ 216.979784][ T9409] ? __pfx_generic_perform_write+0x10/0x10 [ 216.979803][ T9409] ? inode_needs_update_time.part.0+0x191/0x270 [ 216.979826][ T9409] shmem_file_write_iter+0x10e/0x140 [ 216.979841][ T9409] vfs_write+0x7d0/0x11d0 [ 216.979857][ T9409] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 216.979879][ T9409] ? __pfx_vfs_write+0x10/0x10 [ 216.979892][ T9409] ? find_held_lock+0x2b/0x80 [ 216.979924][ T9409] ksys_write+0x12a/0x250 [ 216.979940][ T9409] ? __pfx_ksys_write+0x10/0x10 [ 216.979957][ T9409] ? rcu_is_watching+0x12/0xc0 [ 216.979981][ T9409] __do_fast_syscall_32+0x7c/0x300 [ 216.980002][ T9409] do_fast_syscall_32+0x32/0x80 [ 216.980017][ T9409] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 216.980032][ T9409] RIP: 0023:0xf701e579 [ 216.980042][ T9409] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 216.980053][ T9409] RSP: 002b:00000000f540e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 216.980065][ T9409] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000500 [ 216.980074][ T9409] RDX: 00000000000000a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 216.980081][ T9409] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 216.980087][ T9409] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 216.980094][ T9409] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 216.980109][ T9409] [ 217.477166][ T9416] FAULT_INJECTION: forcing a failure. [ 217.477166][ T9416] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 217.487001][ T9416] CPU: 1 UID: 0 PID: 9416 Comm: syz.0.957 Not tainted syzkaller #0 PREEMPT(full) [ 217.487024][ T9416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 217.487034][ T9416] Call Trace: [ 217.487039][ T9416] [ 217.487045][ T9416] dump_stack_lvl+0x16c/0x1f0 [ 217.487073][ T9416] should_fail_ex+0x512/0x640 [ 217.487098][ T9416] _copy_from_user+0x2e/0xd0 [ 217.487123][ T9416] snd_pcm_oss_write2+0x1c2/0x410 [ 217.487143][ T9416] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 217.487160][ T9416] ? snd_pcm_kernel_ioctl+0x267/0x2e0 [ 217.487182][ T9416] ? snd_pcm_oss_prepare+0x11e/0x220 [ 217.487201][ T9416] snd_pcm_oss_write+0x710/0xa10 [ 217.487220][ T9416] ? security_file_permission+0x71/0x210 [ 217.487242][ T9416] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 217.487259][ T9416] vfs_write+0x29d/0x11d0 [ 217.487278][ T9416] ? __pfx_vfs_write+0x10/0x10 [ 217.487290][ T9416] ? find_held_lock+0x2b/0x80 [ 217.487307][ T9416] ? __fget_files+0x204/0x3c0 [ 217.487332][ T9416] ? __fget_files+0x20e/0x3c0 [ 217.487352][ T9416] ? handle_mm_fault+0x200/0xd10 [ 217.487379][ T9416] ksys_write+0x12a/0x250 [ 217.487392][ T9416] ? __pfx_ksys_write+0x10/0x10 [ 217.487408][ T9416] ? rcu_is_watching+0x12/0xc0 [ 217.487427][ T9416] __do_fast_syscall_32+0x7c/0x300 [ 217.487443][ T9416] do_fast_syscall_32+0x32/0x80 [ 217.487457][ T9416] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 217.487475][ T9416] RIP: 0023:0xf701e579 [ 217.487486][ T9416] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 217.487501][ T9416] RSP: 002b:00000000f53ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 217.487515][ T9416] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000140 [ 217.487525][ T9416] RDX: 000000000000ffaa RSI: 0000000000000000 RDI: 0000000000000000 [ 217.487534][ T9416] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 217.487542][ T9416] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 217.487550][ T9416] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 217.487571][ T9416] [ 219.003117][ T5956] Bluetooth: hci1: command tx timeout [ 219.893923][ T9457] netlink: 4 bytes leftover after parsing attributes in process `syz.0.969'. [ 220.206489][ T9229] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 220.325249][ T1217] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.329822][ T1217] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.368654][ T9229] usb 6-1: config index 0 descriptor too short (expected 39, got 27) [ 220.372866][ T9229] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 220.377322][ T9229] usb 6-1: config 0 interface 0 has no altsetting 0 [ 220.381296][ T9229] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 220.389587][ T9229] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 220.392964][ T9229] usb 6-1: Product: syz [ 220.394718][ T9229] usb 6-1: Manufacturer: syz [ 220.397327][ T9229] usb 6-1: SerialNumber: syz [ 220.401335][ T9229] usb 6-1: config 0 descriptor?? [ 220.407762][ T9229] hub 6-1:0.0: bad descriptor, ignoring hub [ 220.410315][ T9229] hub 6-1:0.0: probe with driver hub failed with error -5 [ 220.414203][ T9229] usb 6-1: selecting invalid altsetting 0 [ 220.514664][ T9480] netlink: 12 bytes leftover after parsing attributes in process `syz.0.977'. [ 221.066618][ T5956] Bluetooth: hci1: command tx timeout [ 221.095832][ T9482] netlink: 16 bytes leftover after parsing attributes in process `syz.1.970'. [ 221.273389][ T9485] netlink: 'syz.0.979': attribute type 1 has an invalid length. [ 221.278044][ T9485] netlink: 132 bytes leftover after parsing attributes in process `syz.0.979'. [ 221.281352][ T9485] netlink: 'syz.0.979': attribute type 2 has an invalid length. [ 221.285048][ T9485] netlink: 22 bytes leftover after parsing attributes in process `syz.0.979'. [ 221.469561][ T9497] cgroup: Need name or subsystem set [ 221.514672][ T9498] FAULT_INJECTION: forcing a failure. [ 221.514672][ T9498] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 221.519579][ T9498] CPU: 2 UID: 0 PID: 9498 Comm: syz.3.983 Not tainted syzkaller #0 PREEMPT(full) [ 221.519598][ T9498] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 221.519609][ T9498] Call Trace: [ 221.519615][ T9498] [ 221.519619][ T9498] dump_stack_lvl+0x16c/0x1f0 [ 221.519644][ T9498] should_fail_ex+0x512/0x640 [ 221.519665][ T9498] _copy_from_user+0x2e/0xd0 [ 221.519685][ T9498] user_termios_to_kernel_termios_1+0x21/0x30 [ 221.519702][ T9498] set_termios+0x3be/0x880 [ 221.519718][ T9498] ? __pfx_set_termios+0x10/0x10 [ 221.519733][ T9498] ? __lock_acquire+0xb97/0x1ce0 [ 221.519759][ T9498] tty_mode_ioctl+0x57e/0xd30 [ 221.519775][ T9498] ? __pfx_tty_mode_ioctl+0x10/0x10 [ 221.519791][ T9498] ? find_held_lock+0x2b/0x80 [ 221.519811][ T9498] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 221.519828][ T9498] ? __pfx_n_tty_ioctl+0x10/0x10 [ 221.519839][ T9498] n_tty_ioctl_helper+0x4b/0x2b0 [ 221.519854][ T9498] n_tty_ioctl+0x7f/0x370 [ 221.519868][ T9498] ? __pfx_n_tty_ioctl+0x10/0x10 [ 221.519881][ T9498] tty_ioctl+0x700/0x1680 [ 221.519902][ T9498] ? __pfx_tty_ioctl+0x10/0x10 [ 221.519922][ T9498] ? do_vfs_ioctl+0x128/0x14f0 [ 221.519942][ T9498] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 221.519965][ T9498] ? find_held_lock+0x2b/0x80 [ 221.519980][ T9498] ? hook_file_ioctl_common+0x145/0x410 [ 221.520001][ T9498] ? __fget_files+0x20e/0x3c0 [ 221.520025][ T9498] tty_compat_ioctl+0x24a/0x4d0 [ 221.520045][ T9498] ? __pfx_tty_compat_ioctl+0x10/0x10 [ 221.520070][ T9498] __ia32_compat_sys_ioctl+0x242/0x370 [ 221.520092][ T9498] __do_fast_syscall_32+0x7c/0x300 [ 221.520108][ T9498] do_fast_syscall_32+0x32/0x80 [ 221.520121][ T9498] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 221.520139][ T9498] RIP: 0023:0xf7fa7579 [ 221.520150][ T9498] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 221.520164][ T9498] RSP: 002b:00000000f547555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 221.520177][ T9498] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000005402 [ 221.520186][ T9498] RDX: 0000000080000740 RSI: 0000000000000000 RDI: 0000000000000000 [ 221.520193][ T9498] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 221.520201][ T9498] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 221.520209][ T9498] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 221.520225][ T9498] [ 222.900515][ T9508] FAULT_INJECTION: forcing a failure. [ 222.900515][ T9508] name failslab, interval 1, probability 0, space 0, times 0 [ 222.905862][ T9508] CPU: 1 UID: 0 PID: 9508 Comm: syz.2.985 Not tainted syzkaller #0 PREEMPT(full) [ 222.905888][ T9508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 222.905899][ T9508] Call Trace: [ 222.905907][ T9508] [ 222.905914][ T9508] dump_stack_lvl+0x16c/0x1f0 [ 222.905946][ T9508] should_fail_ex+0x512/0x640 [ 222.905973][ T9508] ? __kmalloc_noprof+0xbf/0x510 [ 222.905992][ T9508] ? lsm_blob_alloc+0x68/0x90 [ 222.906015][ T9508] should_failslab+0xc2/0x120 [ 222.906036][ T9508] __kmalloc_noprof+0xd2/0x510 [ 222.906058][ T9508] lsm_blob_alloc+0x68/0x90 [ 222.906088][ T9508] security_prepare_creds+0x30/0x270 [ 222.906112][ T9508] prepare_creds+0x56f/0x7d0 [ 222.906132][ T9508] __sys_setuid+0x9a/0x440 [ 222.906155][ T9508] __do_fast_syscall_32+0x7c/0x300 [ 222.906175][ T9508] do_fast_syscall_32+0x32/0x80 [ 222.906192][ T9508] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 222.906213][ T9508] RIP: 0023:0xf7fa8579 [ 222.906228][ T9508] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 222.906246][ T9508] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000017 [ 222.906264][ T9508] RAX: ffffffffffffffda RBX: 000000000000ee01 RCX: 0000000000000000 [ 222.906275][ T9508] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 222.906285][ T9508] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 222.906295][ T9508] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 222.906305][ T9508] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 222.906329][ T9508] [ 222.975392][ C1] vkms_vblank_simulate: vblank timer overrun [ 223.156561][ T5956] Bluetooth: hci1: command tx timeout [ 223.178043][ T1341] usb 6-1: USB disconnect, device number 12 [ 223.189055][ T9514] netlink: 4 bytes leftover after parsing attributes in process `syz.1.987'. [ 223.199657][ T9514] mac80211_hwsim hwsim14 wlan1: entered promiscuous mode [ 223.206829][ T9514] macvtap1: entered promiscuous mode [ 223.211914][ T9514] mac80211_hwsim hwsim14 wlan1: left promiscuous mode [ 223.268963][ T40] kauditd_printk_skb: 26 callbacks suppressed [ 223.268978][ T40] audit: type=1326 audit(1759384992.598:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9513 comm="syz.1.987" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70ee579 code=0x0 [ 223.296815][ T9521] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 223.299434][ T9521] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 223.303690][ T9521] vhci_hcd vhci_hcd.0: Device attached [ 223.353137][ T9514] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.356115][ T9514] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.518659][ T9514] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 223.539365][ T9514] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 223.596482][ T6392] usb 42-1: SetAddress Request (7) to port 0 [ 223.598511][ T6392] usb 42-1: new SuperSpeed USB device number 7 using vhci_hcd [ 223.669836][ T6903] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.676672][ T6903] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.690323][ T6903] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.699269][ T6903] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.726655][ T1341] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 223.876442][ T1341] usb 6-1: Using ep0 maxpacket: 8 [ 223.883756][ T1341] usb 6-1: unable to get BOS descriptor or descriptor too short [ 223.889785][ T9522] vhci_hcd: connection reset by peer [ 223.891850][ T1217] vhci_hcd: stop threads [ 223.892594][ T1341] usb 6-1: config 4 interface 0 has no altsetting 0 [ 223.893679][ T1217] vhci_hcd: release socket [ 223.897614][ T1217] vhci_hcd: disconnect device [ 223.914376][ T1341] usb 6-1: string descriptor 0 read error: -22 [ 223.917172][ T1341] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 223.920495][ T1341] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.927073][ T1341] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 223.932505][ T1341] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 223.937629][ T1341] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 223.940034][ T1341] usb 6-1: media controller created [ 223.957095][ T1341] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 224.195961][ T9553] netlink: 'syz.0.990': attribute type 1 has an invalid length. [ 224.199951][ T9553] netlink: 132 bytes leftover after parsing attributes in process `syz.0.990'. [ 224.203503][ T9553] netlink: 'syz.0.990': attribute type 2 has an invalid length. [ 224.208442][ T9553] netlink: 22 bytes leftover after parsing attributes in process `syz.0.990'. [ 225.071484][ T1341] zl10353_read_register: readreg error (reg=127, ret==0) [ 226.204004][ T6002] usb 6-1: USB disconnect, device number 13 [ 226.297730][ T9589] FAULT_INJECTION: forcing a failure. [ 226.297730][ T9589] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 226.299187][ T9589] [ 226.299197][ T9589] ====================================================== [ 226.299203][ T9589] WARNING: possible circular locking dependency detected [ 226.299211][ T9589] syzkaller #0 Not tainted [ 226.299220][ T9589] ------------------------------------------------------ [ 226.299226][ T9589] syz.0.997/9589 is trying to acquire lock: [ 226.299235][ T9589] ffffffff8e0d0640 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0 [ 226.299285][ T9589] [ 226.299285][ T9589] but task is already holding lock: [ 226.299290][ T9589] ffff88802b43a458 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 226.299329][ T9589] [ 226.299329][ T9589] which lock already depends on the new lock. [ 226.299329][ T9589] [ 226.299336][ T9589] [ 226.299336][ T9589] the existing dependency chain (in reverse order) is: [ 226.299342][ T9589] [ 226.299342][ T9589] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 226.299365][ T9589] _raw_spin_lock_nested+0x31/0x40 [ 226.299391][ T9589] raw_spin_rq_lock_nested+0x29/0x130 [ 226.299411][ T9589] task_rq_lock+0xcf/0x490 [ 226.299430][ T9589] cgroup_move_task+0x81/0x2a0 [ 226.299453][ T9589] css_set_move_task+0x288/0x5f0 [ 226.299480][ T9589] cgroup_post_fork+0x201/0x9d0 [ 226.299499][ T9589] copy_process+0x5d11/0x76a0 [ 226.299524][ T9589] kernel_clone+0xfc/0x930 [ 226.299548][ T9589] user_mode_thread+0xc7/0x110 [ 226.299573][ T9589] rest_init+0x23/0x2b0 [ 226.299593][ T9589] start_kernel+0x3f3/0x4e0 [ 226.299637][ T9589] x86_64_start_reservations+0x18/0x30 [ 226.299664][ T9589] x86_64_start_kernel+0x130/0x190 [ 226.299690][ T9589] common_startup_64+0x13e/0x148 [ 226.299712][ T9589] [ 226.299712][ T9589] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 226.299743][ T9589] _raw_spin_lock_irqsave+0x3a/0x60 [ 226.299768][ T9589] try_to_wake_up+0xb7/0x1870 [ 226.299787][ T9589] __wake_up_common+0x135/0x1f0 [ 226.299813][ T9589] __wake_up+0x31/0x60 [ 226.299834][ T9589] tty_port_default_wakeup+0x2a/0x40 [ 226.299853][ T9589] serial8250_tx_chars+0x68e/0x860 [ 226.299871][ T9589] serial8250_handle_irq+0x761/0xcb0 [ 226.299891][ T9589] serial8250_default_handle_irq+0x9a/0x250 [ 226.299911][ T9589] serial8250_interrupt+0xf5/0x1b0 [ 226.299932][ T9589] __handle_irq_event_percpu+0x233/0x920 [ 226.299953][ T9589] handle_irq_event+0xab/0x1e0 [ 226.299972][ T9589] handle_edge_irq+0x3ca/0x9e0 [ 226.299991][ T9589] __common_interrupt+0xd0/0x2f0 [ 226.300018][ T9589] common_interrupt+0xba/0xe0 [ 226.300038][ T9589] asm_common_interrupt+0x26/0x40 [ 226.300056][ T9589] pv_native_safe_halt+0xf/0x20 [ 226.300081][ T9589] default_idle+0x13/0x20 [ 226.300097][ T9589] default_idle_call+0x6c/0xb0 [ 226.300114][ T9589] do_idle+0x38d/0x500 [ 226.300131][ T9589] cpu_startup_entry+0x4f/0x60 [ 226.300150][ T9589] start_secondary+0x21d/0x2b0 [ 226.300176][ T9589] common_startup_64+0x13e/0x148 [ 226.300196][ T9589] [ 226.300196][ T9589] -> #2 (&tty->write_wait){-...}-{3:3}: [ 226.300218][ T9589] _raw_spin_lock_irqsave+0x3a/0x60 [ 226.300242][ T9589] __wake_up+0x1c/0x60 [ 226.300261][ T9589] tty_port_default_wakeup+0x2a/0x40 [ 226.300277][ T9589] serial8250_tx_chars+0x68e/0x860 [ 226.300293][ T9589] __start_tx+0x3df/0x490 [ 226.300308][ T9589] serial8250_start_tx+0x368/0x530 [ 226.300324][ T9589] __uart_start+0x295/0x500 [ 226.300346][ T9589] uart_write+0x218/0xb30 [ 226.300372][ T9589] n_tty_write+0x41e/0x11e0 [ 226.300389][ T9589] file_tty_write.constprop.0+0x503/0x9b0 [ 226.300415][ T9589] redirected_tty_write+0xd4/0x150 [ 226.300440][ T9589] vfs_write+0x7d0/0x11d0 [ 226.300456][ T9589] ksys_write+0x12a/0x250 [ 226.300471][ T9589] do_syscall_64+0xcd/0x4b0 [ 226.300485][ T9589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.300501][ T9589] [ 226.300501][ T9589] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 226.300523][ T9589] _raw_spin_lock_irqsave+0x3a/0x60 [ 226.300545][ T9589] serial8250_console_write+0x181/0x1890 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 226.300564][ T9589] console_flush_all+0x801/0xc60 [ 226.300581][ T9589] console_unlock+0xd8/0x210 [ 226.300598][ T9589] vprintk_emit+0x418/0x6d0 [ 226.300615][ T9589] _printk+0xc7/0x100 [ 226.300638][ T9589] register_console+0xc2d/0x11b0 [ 226.300657][ T9589] univ8250_console_init+0x5f/0x90 [ 226.300685][ T9589] console_init+0x14f/0x680 [ 226.300711][ T9589] start_kernel+0x29f/0x4e0 [ 226.300739][ T9589] x86_64_start_reservations+0x18/0x30 [ 226.300766][ T9589] x86_64_start_kernel+0x130/0x190 [ 226.300792][ T9589] common_startup_64+0x13e/0x148 [ 226.300813][ T9589] [ 226.300813][ T9589] -> #0 (console_owner){-.-.}-{0:0}: [ 226.300837][ T9589] __lock_acquire+0x12a6/0x1ce0 [ 226.300863][ T9589] lock_acquire+0x179/0x350 [ 226.300889][ T9589] console_lock_spinning_enable+0xb0/0xd0 [ 226.300909][ T9589] console_flush_all+0x7aa/0xc60 [ 226.300928][ T9589] console_unlock+0xd8/0x210 [ 226.300946][ T9589] vprintk_emit+0x418/0x6d0 [ 226.300967][ T9589] _printk+0xc7/0x100 [ 226.300991][ T9589] should_fail_ex+0x4e7/0x640 [ 226.301020][ T9589] strncpy_from_user+0x3b/0x2e0 [ 226.301044][ T9589] strncpy_from_user_nofault+0x7f/0x180 [ 226.301065][ T9589] bpf_bprintf_prepare+0xe90/0x13f0 [ 226.301088][ T9589] bpf_trace_printk+0xda/0x190 [ 226.301115][ T9589] bpf_prog_930ede9872f2967c+0x3e/0x44 [ 226.301130][ T9589] bpf_trace_run2+0x239/0x590 [ 226.301147][ T9589] __bpf_trace_contention_begin+0xc9/0x110 [ 226.301175][ T9589] trace_contention_begin.constprop.0+0xde/0x160 [ 226.301194][ T9589] __pv_queued_spin_lock_slowpath+0x109/0xcf0 [ 226.301223][ T9589] do_raw_spin_lock+0x20e/0x2b0 [ 226.301240][ T9589] raw_spin_rq_lock_nested+0x7e/0x130 [ 226.301260][ T9589] __schedule+0x307/0x5de0 [ 226.301284][ T9589] schedule+0xe7/0x3a0 [ 226.301308][ T9589] exit_to_user_mode_loop+0x60/0x100 [ 226.301326][ T9589] __do_fast_syscall_32+0x240/0x300 [ 226.301343][ T9589] do_fast_syscall_32+0x32/0x80 [ 226.301360][ T9589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 226.301382][ T9589] [ 226.301382][ T9589] other info that might help us debug this: [ 226.301382][ T9589] [ 226.301388][ T9589] Chain exists of: [ 226.301388][ T9589] console_owner --> &p->pi_lock --> &rq->__lock [ 226.301388][ T9589] [ 226.301416][ T9589] Possible unsafe locking scenario: [ 226.301416][ T9589] [ 226.301421][ T9589] CPU0 CPU1 [ 226.301426][ T9589] ---- ---- [ 226.301431][ T9589] lock(&rq->__lock); [ 226.301443][ T9589] lock(&p->pi_lock); [ 226.301456][ T9589] lock(&rq->__lock); [ 226.301469][ T9589] lock(console_owner); [ 226.301481][ T9589] [ 226.301481][ T9589] *** DEADLOCK *** [ 226.301481][ T9589] [ 226.301486][ T9589] 4 locks held by syz.0.997/9589: [ 226.301497][ T9589] #0: ffff88802b43a458 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 226.301543][ T9589] #1: ffffffff8e1c3320 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1bc/0x590 [ 226.301584][ T9589] #2: ffffffff8e1b0a80 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100 [ 226.301635][ T9589] #3: ffffffff8e1b0af0 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60 [ 226.301680][ T9589] [ 226.301680][ T9589] stack backtrace: [ 226.301709][ T9589] CPU: 1 UID: 0 PID: 9589 Comm: syz.0.997 Not tainted syzkaller #0 PREEMPT(full) [ 226.301732][ T9589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 226.301750][ T9589] Call Trace: [ 226.301757][ T9589] [ 226.301765][ T9589] dump_stack_lvl+0x116/0x1f0 [ 226.301797][ T9589] print_circular_bug+0x275/0x350 [ 226.301825][ T9589] check_noncircular+0x14c/0x170 [ 226.301856][ T9589] __lock_acquire+0x12a6/0x1ce0 [ 226.301888][ T9589] lock_acquire+0x179/0x350 [ 226.301915][ T9589] ? console_lock_spinning_enable+0x9f/0xd0 [ 226.301938][ T9589] ? console_lock_spinning_enable+0x88/0xd0 [ 226.301962][ T9589] console_lock_spinning_enable+0xb0/0xd0 [ 226.301982][ T9589] ? console_lock_spinning_enable+0x9f/0xd0 [ 226.302003][ T9589] console_flush_all+0x7aa/0xc60 [ 226.302027][ T9589] ? __pfx_console_flush_all+0x10/0x10 [ 226.302052][ T9589] ? is_printk_cpu_sync_owner+0x32/0x40 [ 226.302078][ T9589] console_unlock+0xd8/0x210 [ 226.302098][ T9589] ? __pfx_console_unlock+0x10/0x10 [ 226.302120][ T9589] ? do_raw_spin_unlock+0x150/0x230 [ 226.302140][ T9589] ? _printk+0xc7/0x100 [ 226.302167][ T9589] ? __down_trylock_console_sem+0xb0/0x140 [ 226.302199][ T9589] vprintk_emit+0x418/0x6d0 [ 226.302222][ T9589] ? __pfx_vprintk_emit+0x10/0x10 [ 226.302244][ T9589] ? rb_read_data_buffer.constprop.0+0x18c/0x430 [ 226.302277][ T9589] _printk+0xc7/0x100 [ 226.302335][ T9589] ? __pfx__printk+0x10/0x10 [ 226.302364][ T9589] ? __pfx_search_extable+0x10/0x10 [ 226.302385][ T9589] ? __pfx____ratelimit+0x10/0x10 [ 226.302416][ T9589] should_fail_ex+0x4e7/0x640 [ 226.302445][ T9589] ? __rb_reserve_next.constprop.0+0x723/0x16c0 [ 226.302474][ T9589] strncpy_from_user+0x3b/0x2e0 [ 226.302502][ T9589] strncpy_from_user_nofault+0x7f/0x180 [ 226.302524][ T9589] bpf_bprintf_prepare+0xe90/0x13f0 [ 226.302549][ T9589] ? __pfx_bpf_bprintf_prepare+0x10/0x10 [ 226.302576][ T9589] ? bpf_trace_run2+0x3e1/0x590 [ 226.302592][ T9589] bpf_trace_printk+0xda/0x190 [ 226.302620][ T9589] ? __pfx_bpf_trace_printk+0x10/0x10 [ 226.302652][ T9589] ? bpf_trace_run2+0x3e1/0x590 [ 226.302673][ T9589] bpf_prog_930ede9872f2967c+0x3e/0x44 [ 226.302691][ T9589] bpf_trace_run2+0x239/0x590 [ 226.302708][ T9589] ? __pfx_bpf_trace_run2+0x10/0x10 [ 226.302727][ T9589] ? __lock_acquire+0xb97/0x1ce0 [ 226.302764][ T9589] __bpf_trace_contention_begin+0xc9/0x110 [ 226.302793][ T9589] ? __pfx___bpf_trace_contention_begin+0x10/0x10 [ 226.302822][ T9589] ? __pfx__kstrtoull+0x10/0x10 [ 226.302851][ T9589] trace_contention_begin.constprop.0+0xde/0x160 [ 226.302873][ T9589] __pv_queued_spin_lock_slowpath+0x109/0xcf0 [ 226.302905][ T9589] ? __lock_acquire+0xb97/0x1ce0 [ 226.302950][ T9589] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 226.302987][ T9589] do_raw_spin_lock+0x20e/0x2b0 [ 226.303006][ T9589] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 226.303025][ T9589] ? rcu_qs+0x2b/0xe0 [ 226.303046][ T9589] ? rcu_note_context_switch+0x192/0x1e00 [ 226.303071][ T9589] raw_spin_rq_lock_nested+0x7e/0x130 [ 226.303094][ T9589] ? schedule+0xe7/0x3a0 [ 226.303119][ T9589] __schedule+0x307/0x5de0 [ 226.303146][ T9589] ? ksys_write+0x190/0x250 [ 226.303170][ T9589] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 226.303202][ T9589] ? __pfx___schedule+0x10/0x10 [ 226.303228][ T9589] ? __fget_files+0x20e/0x3c0 [ 226.303256][ T9589] ? handle_mm_fault+0x200/0xd10 [ 226.303285][ T9589] ? fput+0x9b/0xd0 [ 226.303307][ T9589] ? ksys_write+0x1ac/0x250 [ 226.303328][ T9589] schedule+0xe7/0x3a0 [ 226.303353][ T9589] exit_to_user_mode_loop+0x60/0x100 [ 226.303373][ T9589] __do_fast_syscall_32+0x240/0x300 [ 226.303393][ T9589] do_fast_syscall_32+0x32/0x80 [ 226.303411][ T9589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 226.303436][ T9589] RIP: 0023:0xf701e579 [ 226.303451][ T9589] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 226.303471][ T9589] RSP: 002b:00000000f53cc590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 226.303490][ T9589] RAX: 0000000000000001 RBX: 0000000000000006 RCX: 00000000f53cc610 [ 226.303503][ T9589] RDX: 0000000000000001 RSI: 00000000f73b5ff4 RDI: 0000000000000000 [ 226.303515][ T9589] RBP: 00000000f73e50b0 R08: 0000000000000000 R09: 0000000000000000 [ 226.303527][ T9589] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 226.303539][ T9589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 226.303557][ T9589] [ 226.709581][ T9589] CPU: 1 UID: 0 PID: 9589 Comm: syz.0.997 Not tainted syzkaller #0 PREEMPT(full) [ 226.709596][ T9589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 226.709604][ T9589] Call Trace: [ 226.709610][ T9589] [ 226.709615][ T9589] dump_stack_lvl+0x116/0x1f0 [ 226.709636][ T9589] should_fail_ex+0x512/0x640 [ 226.709657][ T9589] ? __rb_reserve_next.constprop.0+0x723/0x16c0 [ 226.709674][ T9589] strncpy_from_user+0x3b/0x2e0 [ 226.709691][ T9589] strncpy_from_user_nofault+0x7f/0x180 [ 226.709704][ T9589] bpf_bprintf_prepare+0xe90/0x13f0 [ 226.709725][ T9589] ? __pfx_bpf_bprintf_prepare+0x10/0x10 [ 226.709741][ T9589] ? bpf_trace_run2+0x3e1/0x590 [ 226.709751][ T9589] bpf_trace_printk+0xda/0x190 [ 226.709768][ T9589] ? __pfx_bpf_trace_printk+0x10/0x10 [ 226.709785][ T9589] ? bpf_trace_run2+0x3e1/0x590 [ 226.709797][ T9589] bpf_prog_930ede9872f2967c+0x3e/0x44 [ 226.709806][ T9589] bpf_trace_run2+0x239/0x590 [ 226.709816][ T9589] ? __pfx_bpf_trace_run2+0x10/0x10 [ 226.709827][ T9589] ? __lock_acquire+0xb97/0x1ce0 [ 226.709843][ T9589] __bpf_trace_contention_begin+0xc9/0x110 [ 226.709860][ T9589] ? __pfx___bpf_trace_contention_begin+0x10/0x10 [ 226.709876][ T9589] ? __pfx__kstrtoull+0x10/0x10 [ 226.709893][ T9589] trace_contention_begin.constprop.0+0xde/0x160 [ 226.709904][ T9589] __pv_queued_spin_lock_slowpath+0x109/0xcf0 [ 226.709923][ T9589] ? __lock_acquire+0xb97/0x1ce0 [ 226.709938][ T9589] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 226.709958][ T9589] do_raw_spin_lock+0x20e/0x2b0 [ 226.709969][ T9589] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 226.709978][ T9589] ? rcu_qs+0x2b/0xe0 [ 226.709990][ T9589] ? rcu_note_context_switch+0x192/0x1e00 [ 226.710003][ T9589] raw_spin_rq_lock_nested+0x7e/0x130 [ 226.710016][ T9589] ? schedule+0xe7/0x3a0 [ 226.710030][ T9589] __schedule+0x307/0x5de0 [ 226.710045][ T9589] ? ksys_write+0x190/0x250 [ 226.710057][ T9589] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 226.710075][ T9589] ? __pfx___schedule+0x10/0x10 [ 226.710089][ T9589] ? __fget_files+0x20e/0x3c0 [ 226.710106][ T9589] ? handle_mm_fault+0x200/0xd10 [ 226.710122][ T9589] ? fput+0x9b/0xd0 [ 226.710134][ T9589] ? ksys_write+0x1ac/0x250 [ 226.710145][ T9589] schedule+0xe7/0x3a0 [ 226.710159][ T9589] exit_to_user_mode_loop+0x60/0x100 [ 226.710171][ T9589] __do_fast_syscall_32+0x240/0x300 [ 226.710182][ T9589] do_fast_syscall_32+0x32/0x80 [ 226.710192][ T9589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 226.710206][ T9589] RIP: 0023:0xf701e579 [ 226.710214][ T9589] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 226.710225][ T9589] RSP: 002b:00000000f53cc590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 226.710236][ T9589] RAX: 0000000000000001 RBX: 0000000000000006 RCX: 00000000f53cc610 [ 226.710243][ T9589] RDX: 0000000000000001 RSI: 00000000f73b5ff4 RDI: 0000000000000000 [ 226.710249][ T9589] RBP: 00000000f73e50b0 R08: 0000000000000000 R09: 0000000000000000 [ 226.710255][ T9589] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 226.710262][ T9589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 226.710271][ T9589] [ 227.510230][ T1136] bond2 (unregistering): (slave geneve3): Releasing active interface [ 227.810201][ T1136] bond0 (unregistering): left promiscuous mode [ 227.813136][ T1136] bond0 (unregistering): Released all slaves [ 227.884554][ T1136] bond1 (unregistering): Released all slaves [ 227.888464][ T1136] bond2 (unregistering): Released all slaves [ 227.892392][ T1136] bond3 (unregistering): Released all slaves [ 227.947656][ T1136] tipc: Left network mode [ 228.170046][ T1136] dummy0: left promiscuous mode [ 228.175439][ T1136] hsr_slave_0: left promiscuous mode [ 228.178627][ T1136] hsr_slave_1: left promiscuous mode [ 228.667913][ T6392] usb 42-1: device descriptor read/8, error -110 [ 229.066854][ T6392] usb usb42-port1: attempt power cycle [ 229.629835][ T1136] IPVS: stop unused estimator thread 0... [ 229.636809][ T6392] usb usb42-port1: unable to enumerate USB device [ 230.249046][ T1136] dummy0: left allmulticast mode [ 230.250823][ T1136] bridge0: port 3(dummy0) entered disabled state [ 230.253666][ T1136] bridge_slave_1: left allmulticast mode [ 230.255735][ T1136] bridge_slave_1: left promiscuous mode [ 230.258082][ T1136] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.261559][ T1136] bridge_slave_0: left allmulticast mode [ 230.263378][ T1136] bridge_slave_0: left promiscuous mode [ 230.265483][ T1136] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.277283][ T1136] bridge_slave_1: left allmulticast mode [ 230.279462][ T1136] bridge_slave_1: left promiscuous mode [ 230.281748][ T1136] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.285324][ T1136] bridge_slave_0: left allmulticast mode [ 230.287597][ T1136] bridge_slave_0: left promiscuous mode [ 230.289406][ T1136] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.406830][ T1136] batman_adv: batadv0: Removing interface: macvlan2 [ 230.484212][ T1136] bond1 (unregistering): (slave macvlan3): Removing an active aggregator [ 230.488358][ T1136] bond1 (unregistering): (slave macvlan3): Releasing backup interface [ 230.494104][ T1136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 230.498459][ T1136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 230.502242][ T1136] bond0 (unregistering): Released all slaves [ 230.575161][ T1136] bond1 (unregistering): Released all slaves [ 230.939178][ T1136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 230.943503][ T1136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 230.947094][ T1136] bond0 (unregistering): Released all slaves [ 231.098646][ T1136] IPVS: stopping master sync thread 7483 ... [ 231.480120][ T1136] hsr_slave_0: left promiscuous mode [ 231.482401][ T1136] hsr_slave_1: left promiscuous mode [ 231.484685][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 231.488971][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 231.494963][ T1136] hsr_slave_0: left promiscuous mode [ 231.499843][ T1136] hsr_slave_1: left promiscuous mode [ 231.503107][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 231.507352][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 233.236032][ T1136] team0 (unregistering): Port device team_slave_1 removed [ 233.312791][ T1136] team0 (unregistering): Port device team_slave_0 removed [ 234.393918][ T1136] IPVS: stop unused estimator thread 0... VM DIAGNOSIS: 06:03:15 Registers: info registers vcpu 0 CPU#0 RAX=000000000038394c RBX=0000000000000000 RCX=ffffffff8b4d4f19 RDX=ffffed1005686656 RSI=ffffffff8bd00d40 RDI=ffffffff81903cdd RBP=fffffbfff1bd2f00 RSP=ffffffff8de07e08 R8 =0000000000000000 R9 =ffffed1005686655 R10=ffff88802b4332ab R11=0000000000000001 R12=0000000000000000 R13=ffffffff8de97800 R14=ffffffff905fae90 R15=0000000000000000 RIP=ffffffff8b4d3a5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097c79000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000006b022000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=000000000001c400 Opmask01=00000000c7000000 Opmask02=00000000ffff7fdf Opmask03=0000000020400004 Opmask04=00000000fbffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005608bd98cfa0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005608bd991d90 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4b7fb1db20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373734216000673 431e161e035c1810 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1c1f115c435d4316 10120300161e121d ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 312d362f36627375 2f312e6463685f79 6d6d75642f6d726f 6674616c702f7365 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 005600051f40494c 43055c5155484005 424b4c55554c4e53 004057005b1a0f00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8a672ef4cef9cbb9 0000560ddd1c429f 00000000000000d1 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4b7fb1dc80 00007f4b7fb1dc80 0000000000000171 0000003177617264 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2c44422c43422c42 422c41422c39422c 38422c37422c3242 2c31422c30422c44 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 412c36412c35412c 34412c33412c3141 2c46392c45392c38 392c36392c45382c ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 43382c41382c3938 2c38382c37382c36 382c35382c34382c 33382c32382c3138 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff851d3155 RDI=ffffffff9ab3f140 RBP=ffffffff9ab3f100 RSP=ffffc9000375f218 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=000000000000005b R14=ffffffff9ab3f100 R15=ffffffff851d30f0 RIP=ffffffff851d317f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097d79000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000006b022000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000080000201 RBX=00000000be6c83c9 RCX=ffffffff849cd854 RDX=ffff88802273a480 RSI=0000000000000000 RDI=0000000000000007 RBP=ffff88802b2ba7ea RSP=ffffc900033ef1b0 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000816 R11=0000000000000000 R12=dffffc0000000000 R13=0000000000000816 R14=0000000000000815 R15=ffffc900033ef430 RIP=ffffffff81ba826c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fbe45b40300 ffffffff 00c00000 GS =0000 ffff888097e79000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000028e62000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 0000002c00000012 0004000000080024 0000000000280030 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000003ef 0000001400000000 0000000000000000 0000000000000015 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffdf080980030008 0006080020080006 00719c3800000893 0000001600000001 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000ca8030004000c a4030002000ca203 0002000ca0030008 000c98030008000c ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 9003148604000c8c 032004000c880301 8808000c80030c80 0245800345800203 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 9003000800038803 0fffffffff020380 030809a002050980 0204a4e608000100 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000080606013ba8 0000000000000000 000000316e616c77 01ffffffffffffff ZMM24=1106848011068480 1106848011068480 1106848011068480 1106848011068480 1106848011068480 1106848011068480 1106848011068480 1106848011068480 ZMM25=aab77e98aab77e98 aab77e98aab77e98 aab77e98aab77e98 aab77e98aab77e98 aab77e98aab77e98 aab77e98aab77e98 aab77e98aab77e98 aab77e98aab77e98 ZMM26=107a96f4107a96f4 107a96f4107a96f4 107a96f4107a96f4 107a96f4107a96f4 107a96f4107a96f4 107a96f4107a96f4 107a96f4107a96f4 107a96f4107a96f4 ZMM27=41321aff41321aff 41321aff41321aff 41321aff41321aff 41321aff41321aff 41321aff41321aff 41321aff41321aff 41321aff41321aff 41321aff41321aff ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=2e0800002e080000 2e0800002e080000 2e0800002e080000 2e0800002e080000 2e0800002e080000 2e0800002e080000 2e0800002e080000 2e0800002e080000 info registers vcpu 3 CPU#3 RAX=0000000000000001 RBX=0000000000000003 RCX=ffffffff81c689e2 RDX=fffffbfff20bf5d3 RSI=0000000000000008 RDI=ffffffff905fae90 RBP=ffff888022f2f190 RSP=ffffc9000377f3e0 R8 =0000000000000000 R9 =fffffbfff20bf5d2 R10=ffffffff905fae97 R11=0000000000000000 R12=ffffc9000377f4f8 R13=0000000000000005 R14=ffffffff81c6cdbe R15=0000000000000000 RIP=ffffffff8221059c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097f79000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000006b022000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000