last executing test programs: 10.092462521s ago: executing program 1 (id=1008): socket$inet(0x2, 0x2, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x50) syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_mptcp_buf(r4, 0x11c, 0x4, &(0x7f0000001440)=""/40, &(0x7f0000001480)=0x28) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x4e, 0x0, 0x100000000007, 0xdb4e, 0x3, 0x2, 0x106c, 0x100, 0x8000000000000, 0x80000004000080, 0x8000000, 0xa, 0x0, 0x4, 0x0, 0x8000], 0x1, 0x3c5210}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) mount(&(0x7f0000000140)=@nullb, 0x0, &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x2c}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x500, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5}], {0x14}}, 0xa4}}, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x240, 0x0) 9.157818612s ago: executing program 3 (id=1014): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000100)={[{0x8, 0x97, 0x9, 0xc0, 0xc0, 0xf, 0x21, 0x10, 0x6, 0x0, 0x0, 0x7, 0x6}, {0x5, 0x2, 0x6, 0x9, 0xdb, 0xff, 0xd, 0x5, 0x5, 0x9, 0x7, 0xa, 0x4}, {0x1fc758aa, 0xa, 0x6, 0xf, 0x7f, 0xfc, 0x8, 0xff, 0x2d, 0x82, 0x8, 0x40, 0x9}], 0xffbffffa}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000140)={0x110001, 0x0, {[0x4, 0x2, 0x8, 0x9a47, 0x7, 0x80000000, 0x80, 0xdfe]}}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x5, 0x5, 0x17, 0x0, 0x1, 0xfe, 0x3, 0xc, 0x1, 0x8, 0x6, 0x1, 0x0, 0x7f, 0x5, 0x4, 0x72, 0x7, 0xfa, '\x00', 0x3, 0x2}) ioctl$KVM_RUN(r2, 0xae80, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdc01, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1b, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x80000001, 0x20000000, 0x1ff, 0x12}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x6, 0x0, 0x0, 0x10000}, 0x80}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key(&(0x7f0000000300)='cifs.idmap\x00', &(0x7f0000000340)={'syz', 0x0}, &(0x7f00000003c0), 0x0, 0xfffffffffffffffd) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x4b) io_setup(0x9, &(0x7f00000000c0)=0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/rcu_normal', 0x20001, 0x100) io_submit(r6, 0x0, &(0x7f0000000040)) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x20000, 0x80) getdents64(r7, 0x0, 0x22) add_key$keyring(&(0x7f00000013c0), &(0x7f0000001400)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa) 8.720255989s ago: executing program 1 (id=1016): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x13, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffff858500000073000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000005c0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000cbd70100400000005000000080009000200000008000c00a80a000008000b000000000006000100070000000c0010"], 0x40}, 0x1, 0x0, 0x0, 0x40811}, 0x820) bind$inet6(r3, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x50, &(0x7f00000000c0)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa348100000086dd60910100001611fffe8000000000000000000000000000bbfe8000000000000000000000000000aa00000e2200169078020300000000000000000000000005eb843645a004fc56f5b61580efb92b7d"], 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) pwritev2(r6, 0x0, 0x0, 0x7, 0xa, 0x5) llistxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f00000009c0)=""/194, 0xc2) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010200000000000000000500000a44008400060a010400000000000000000a0000060900010073797a310000000018000480140001800a0001007265646972000000040002800900020073797a3200000000140000001100010000000000000000000000000a"], 0x6c}, 0x1, 0x0, 0x0, 0x40}, 0x24000840) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000010000000000003c4d7e4c6fb164510087000000180100002020732500000000002020207b1af8ff00000000bfa10000b702000008000000b70300000900000085000000060000009500004e4af5b07c"], &(0x7f0000000080)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r7, 0x0, 0xe, 0x0, &(0x7f00000003c0)="c274386d178550cb864bd57221bc", 0x0, 0x1200000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_emit_ethernet(0x7e, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000000000000000000000000000bbfe80000000f1ffffffffffffff0000aa4e200e22004890"], 0x0) 7.80574801s ago: executing program 0 (id=1019): r0 = socket$kcm(0x10, 0x2, 0x0) memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x6}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = openat$vicodec0(0xffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0185648, &(0x7f0000000100)={0x0, 0x400, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90b, 0x6, '\x00', @value64=0x4ad}}) r2 = syz_io_uring_setup(0x34b8, &(0x7f0000000540)={0x0, 0x69ef, 0x100, 0x1, 0x11}, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0, &(0x7f0000000180)=0x0) r6 = memfd_secret(0x0) syz_io_uring_submit(r3, r4, r5, &(0x7f0000000280)=@IORING_OP_WRITE={0x17, 0x0, 0x6000, @fd=r6, 0x8, 0x0, 0x0, 0x14}) io_uring_enter(r2, 0x1, 0x1, 0x1, 0x0, 0x0) r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r7, &(0x7f0000000140)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x41}], 0x2) r8 = gettid() r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="2400000020000103000000000000ed00020000040000000012000000081238f92f74a0230fb9db2509a2a324ffb77f6b588989b40727c1e848795a3590be7ed19aae5a3d8fc073e962264b352dfa9a56e12b2a09edbffdd7cffd43e4a3c41d210436b431a4995ecd379e44013d14b472"], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000000000)=0x0) timer_settime(r10, 0x0, &(0x7f0000000280)={{}, {0x77359400}}, 0x0) r11 = syz_open_dev$video4linux(&(0x7f00000001c0), 0x3, 0x40483) ioctl$VIDIOC_DQEVENT(r11, 0x80885659, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703116000001fa1ff0000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) socket$netlink(0x10, 0x3, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) bind$alg(r12, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r13 = accept4(r12, 0x0, 0x0, 0x80800) sendmmsg$alg(r13, &(0x7f0000002700)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}], 0x1, 0x40800) recvmsg(r13, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/88, 0x58}], 0x1}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 6.797322118s ago: executing program 0 (id=1023): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000ffffd0002800000121f", 0x2e}], 0x1}, 0x8084) 6.796808362s ago: executing program 1 (id=1024): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000400001d00000018000180140002006e657464657673696d30001e00000000"], 0x2c}}, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xd, 0x0, &(0x7f0000000400)) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f0000000280)={0x0, @l2tp={0x2, 0x0, @multicast2, 0x7fffffff}, @l2tp={0x2, 0x0, @rand_addr=0x64010102}, @in={0x2, 0x4e1d, @broadcast}, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300}) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r3) r4 = socket$l2tp6(0xa, 0x2, 0x73) connect(r4, &(0x7f00000000c0)=@generic={0x8, "d382e523cc4c93588928efea163bc3a05c62e0d479873c5ebb6db958259139a2499e316e023d735eb3573549aab71b239bcdf89239627972120a8d22220283f89d514258ef3193f106c1084cc5dabb237955692ae2ad2a8e64a0ade474fdb28aceca71d1e311bb50a4ba497a0a6b9d145e39b523cdc19b44ab47541836c6"}, 0x80) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b18, &(0x7f0000000000)={'wlan1\x00'}) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000f00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000210c00098008000192d2000005600000000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a300000000034000380300000802c000180250001"], 0xf0}}, 0x42000) r8 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x10001, 0x1, 0x3, 0x8, 0xffffffc0}, 0x4, 0x1, 0x8, 0x0, 0x3, 0x0, 0x16, 0x13, 0x3, 0xca, {0x0, 0x8, 0x3, 0x5, 0x84, 0x8}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001380)=@newchain={0x24, 0x64, 0x1, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0x10, 0x1}, {0xe, 0x9}, {0x5, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x44851}, 0x20040054) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB, @ANYRES32=r10, @ANYBLOB="bf5fdc381420a84e020ed8a5c3169ce6b0d97aff96fe018da52211a144c97a7b7194ce04"], 0x20}, 0x1, 0x0, 0x0, 0xe32d732a0b4c9419}, 0x24008044) ptrace$getregset(0x4205, 0x0, 0x2, &(0x7f0000000080)={0x0}) sendmsg$inet(0xffffffffffffffff, 0x0, 0x300060c1) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x9, &(0x7f0000000300)=0xa, 0x4) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB], 0x24}}, 0x0) 6.796617329s ago: executing program 3 (id=1025): r0 = socket$netlink(0x10, 0x3, 0x15) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="04010000100053"], 0x104}, 0x1, 0x0, 0x0, 0x20040890}, 0x200080c0) 6.656344735s ago: executing program 0 (id=1026): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0xb4, 0x4) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x5, 0x1800087}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000340)={&(0x7f0000000500)=ANY=[@ANYBLOB="1401fcdb8c25000000000000000000377402007b517f0d2ff6acca5bde6fd80ed7cde05de140cbfdc3d6127fdfe35d3c57c2540d71d46c9ec5b71b184fb0cfd8fd4d99e674e746eedf21532b1ab228e99ad34ca50ae1e448c8d124624d01a83a0a5c1f47ed8d46a7647efacccd25bd71bd0332d436332dccccb0f4200427"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x8010) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x400, 0x2, 0x180, 0x9, 0x42, 0xf1, 0xfd2c, 0x8000000000000, 0x2, 0x6, 0x57c673b4, 0x8000000000000001, 0x200000f46, 0x0, 0xbdb], 0xffff1001, 0x24000}) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x300f, 0x2, 0x0, 0x0, 0x0, 0x1}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 6.650765724s ago: executing program 3 (id=1027): r0 = syz_open_dev$media(&(0x7f0000000000), 0x7, 0x610801) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000080)="895926e490f183e105b98775e2e2c82759a34c15feb9413e7b5a0c04484f289f8a3a383d9a70a6e5c55e29ba57817e94bcf758d0eef2f838e92c09d77b9d81eb3fc09277728eb10377d6f01f75bb3c94601791ebdd083afd61bb06e6ae96f987e62de99e4f58480ed8647be41925cce8c1444d9e3c8bfd9aee4e1fed016f33722304d2c13b036d44ceb78f9a562b5fdd27d36c52665cc99603018923eb09efbcafb250e75ad00b56db45ac0cd3036d2d2cfd32d309a11f11a3d7e32acddd4859c7661e7bcdeb187f36d3b807dbf379a6cc0d2b07d434ccdfe588640e2105468d41f5e00face917126ce44a378b38d7d3558b6077161e1ac4", 0xf8}, {&(0x7f0000000180)="58457c28d1df765585d6b18c4d94879749be2d62bcdc13cadb53616712b523a45bbd54c4ed8368b4d363db8869bf1eac65204452ef96f3c8702fcdf19b25a5c864707e9b9ed8d471b45dfacb5afea6a52151a121", 0x54}, {&(0x7f0000000200)="5e8fe0878c32330c126bc2e84080bee78caf5b7d1d62ffebf697f4a0915cef0ee452c460800159da156afaa98650caf29fffab63690fce2dab98955b27d801aedb759c33eb3f6c7f8adf9612e5246e64323fd6e04c013b6ccae3800e53aaa5bed0a102fee8fb77eada017430986cd8936238b0edf8c7e243f931483e36bd98b9a481fa9c63e3de", 0x87}, {&(0x7f00000002c0)="fd81", 0x2}, {&(0x7f0000000300)="e0af518551e5f2a49b523bd7048c32fe3f4bf952463993e8", 0x18}, {&(0x7f0000000340)="c9a2259c1e5685f63e86a311ba7c6c6b22d4e5c5d327403bafc48aef663e36d914ed726ba8f65b5686179a674a405baa6d527756161d39e6c009793e16d67f42f3f196d1c26db7899ad3864f58d59aab9e3f6bee80636991ecba82f44d8b1099230bfd8a699dbb98bc0cef3ee6", 0x6d}], 0x6) (async) r1 = fsopen(&(0x7f0000000640)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) (async) r2 = fsmount(r1, 0x0, 0x0) r3 = openat(r2, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) write$P9_ROPEN(r3, &(0x7f0000000400)={0x18, 0x71, 0x2, {{0x4, 0x2}, 0x7f}}, 0x18) 6.469085661s ago: executing program 1 (id=1028): r0 = fsopen(&(0x7f00000003c0)='jfs\x00', 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) r3 = socket(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback={0xff00000000000000}}, 0x1c) getsockname$packet(r3, 0x0, &(0x7f0000000440)) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="180000001400000225023a2b90af07", @ANYRES32=0x0], 0x18}, 0x1, 0x0, 0x0, 0x4008081}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff00000000017c0000040042800c0001800682237b36630000100002"], 0x34}, 0x1, 0x0, 0x0, 0x4004095}, 0xc080) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xf8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0x1ff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000002}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0xa, @in=@multicast1, 0x2, 0x4, 0x3, 0x0, 0x0, 0x0, 0x4000}]}]}, 0xf8}}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xa0, 0x21, 0x1, 0x70bd28, 0x0, {{@in6=@private2, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x80004}, [@migrate={0x50, 0x11, [{@in=@local, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@multicast2, @in6=@local, 0x3c, 0x4, 0x0, 0x2, 0x2, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40180}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff0000000002"], 0x34}, 0x1, 0x0, 0x0, 0x4000895}, 0xc000) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000280)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\bb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xd7\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x20004080) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x5, 0x7, 0x7fdf, 0x456e, 0x141, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffd}, 0x50) r7 = openat$ipvs(0xffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000000640)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x2, r8, 0x3, &(0x7f0000000680)) 6.377127361s ago: executing program 3 (id=1029): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000021c0)=@deltaction={0x22c, 0x31, 0x2, 0x70bd28, 0x25dfdbfb, {}, [@TCA_ACT_TAB={0x2c, 0x1, [{0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4b}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}, @TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x850}}]}, @TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xffff}}]}, @TCA_ACT_TAB={0x48, 0x1, [{0x10, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}]}, @TCA_ACT_TAB={0x28, 0x1, [{0xc, 0x14, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xe23d}}]}, @TCA_ACT_TAB={0x88, 0x1, [{0xc, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0x10, 0x12, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x14, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x410}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0x14, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}]}, @TCA_ACT_TAB={0x4}, @TCA_ACT_TAB={0x38, 0x1, [{0xc, 0x1a, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7b5}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0x10, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}, @TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x39}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x10000}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}]}, @TCA_ACT_TAB={0x20, 0x1, [{0xc, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}]}]}, 0x22c}, 0x1, 0x0, 0x0, 0x24004004}, 0x0) r0 = socket$phonet_pipe(0x23, 0x5, 0x2) r1 = syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x0, 0x0) mmap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x2000008, 0x13, r1, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8282, 0x0) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd86) read$FUSE(r3, &(0x7f0000000140)={0x2020}, 0x2020) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = socket$alg(0x26, 0x5, 0x0) r7 = open(&(0x7f0000000040)='./file0\x00', 0x84242, 0x1df2a23c5997fad6) linkat(r7, &(0x7f0000000240)='./bus\x00', r7, &(0x7f0000000280)='./file0\x00', 0x0) write$FUSE_CREATE_OPEN(r7, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x7, 0x3, 0xfffffffd, {0x400000080001, 0xfd, 0x20ff, 0x8, 0xe, 0xffff, 0x9, 0x3, 0xfffffffc, 0x6000, 0x0, 0x0, 0x0, 0x5, 0x7}}, {0x0, 0x13}}}, 0xa0) sendfile(r7, r7, &(0x7f0000000080), 0x7f03) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r7, 0x800442d3, &(0x7f00000002c0)={0xde6, 0x1, 0x8, @empty, 'veth1_macvtap\x00'}) bind$alg(r6, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r8 = accept4(r6, 0x0, 0x0, 0x80800) r9 = socket(0xa, 0x1, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r9, 0x89f0, &(0x7f0000000280)={'ip_vti0\x00', &(0x7f0000000500)={'syztnl0\x00', 0x0, 0x700, 0x7800, 0x67a, 0x7, {{0x5, 0x4, 0x2, 0x29, 0x14, 0x67, 0x0, 0x6, 0x2f, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0x3c}}}}}) sendmmsg$unix(r8, &(0x7f000000ea00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003d80)=[@cred={{0x18, 0x1, 0x2, {0xffffffffffffffff}}}], 0x18, 0x20000000}}], 0x1, 0x40000) setsockopt(r5, 0x84, 0x7f, &(0x7f0000002180)="02000cfb6643267222da6e205aa599e69652997d6ef6e5e3e8eb6d56949d1a00"/42, 0x2a) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x8001) getsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, 0x0, &(0x7f0000000200)) r10 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001b140100"], 0x24}, 0x1, 0x0, 0x0, 0x60001}, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r11, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@gettclass={0x24, 0x2a, 0x10, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r12, {0x0, 0x9}, {0x18, 0xf}, {0xfff3, 0x6}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x20000080) 5.757580495s ago: executing program 3 (id=1034): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000200)=ANY=[@ANYRESHEX=r0], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) pipe2$watch_queue(0x0, 0x80) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = syz_open_dev$evdev(0x0, 0x2, 0x862b01) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000100)={0x54, 0x0, 0x0, {0xffff, 0x1}, {0x50, 0x2}, @cond=[{0x8, 0x5388, 0xc, 0x7fe, 0xc9, 0x7}, {0x0, 0x5, 0x1, 0x3, 0x8000, 0x9}]}) write$char_usb(r3, 0x0, 0x0) setrlimit(0x8, &(0x7f0000000300)={0x4, 0x7}) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r2, 0x0, 0x2c, 0x24044000, &(0x7f0000000380)={0x2, 0x4e22, @remote}, 0x10) r4 = shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil) r5 = socket(0x2d, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f0000000080)={@empty, 0x57}) shmctl$IPC_RMID(r4, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1802000080ffffff00000000000000008500000036000000850000000800000095000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000a80)={r8, r7, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xe67, &(0x7f0000000ac0)=ANY=[], 0x0) socket(0x10, 0x2, 0x0) syz_clone(0x20000400, 0x0, 0xfd00, 0x0, 0x0, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/fib_triestat\x00') preadv(r9, &(0x7f0000000640)=[{&(0x7f0000000140)=""/134, 0x86}], 0x1, 0x0, 0x0) 5.611101054s ago: executing program 0 (id=1036): r0 = socket$inet6_udp(0xa, 0x2, 0x0) close(r0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0) openat$vicodec0(0xffffff9c, &(0x7f0000000440), 0x2, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0xc, 0x3032, 0xffffffffffffffff, 0x0) syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x200800, 0x42) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = timerfd_create(0x0, 0x0) timerfd_settime(r1, 0x3, &(0x7f0000000440)={{0x0, 0x3938700}}, 0x0) clock_adjtime(0x0, 0x0) close(0x3) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x4) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x12) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)=ANY=[], 0x114}], 0x1, 0x0, 0x0, 0x4001}, 0x20000000) recvfrom(r5, 0x0, 0x0, 0x42, 0x0, 0x0) r6 = socket(0x1a, 0x1, 0x20000000) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone3(&(0x7f000000dd80)={0x0, 0x0, 0x0, 0x0, {0x3c}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 5.42128511s ago: executing program 0 (id=1039): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0xffea}, [@ldst={0x3, 0x0, 0x6, 0x0, 0x0, 0xffe4, 0x50}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) 5.367521142s ago: executing program 0 (id=1040): r0 = syz_open_dev$video4linux(&(0x7f0000000200), 0x7, 0x40) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x9, 0xd, 0x1}, {0xadc3, 0x9b, 0x40, 0x2}, {0x3, 0x8, 0x4, 0x5c}]}) ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f0000000880)={0x0, 0x0, 0x1, 0x4, {0x80000001, 0x1, 0x0, 0x8001}}) r1 = openat$ublk_ctrl(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UBLK_U_CMD_GET_QUEUE_AFFINITY(r1, 0x80207501, &(0x7f0000000140)={0x0, 0xffff, 0x8, &(0x7f0000000100)}) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000000)={0x0, 0x1, 0x2023, 0x1}) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x3, &(0x7f0000000980)=0x80007) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mount$9p_virtio(&(0x7f0000000400), &(0x7f0000000480)='./file0\x00', 0x0, 0x8, 0x0) r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) r6 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000340), 0x410002, 0x0) execveat(r6, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000600)={[&(0x7f0000000440)='\x00', &(0x7f0000000580)='#! ', &(0x7f00000005c0)='#! ']}, &(0x7f0000000800)={[&(0x7f0000000640)=']\x00', &(0x7f0000000680)='GPL\x00', &(0x7f00000006c0)='\x00', &(0x7f0000000700)='#! ', &(0x7f0000000740)='^{\x00', &(0x7f0000000780)='\']#%', &(0x7f00000007c0)='skcipher\x00']}, 0x1100) ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, &(0x7f0000000080)=0x40000) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="3c073d00c6d8a38c591a1aae54ba4f091acc7730e70ce496be778c07e4b839411a9cb4213f3be1bb4ba4f87cd0b953143c9d23288e7673", @ANYRES16=0x0, @ANYBLOB="00012cbd7000ffdbdf250100000008000200020000000800020002000000080002000200000008000100020000000800010002000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4000010}, 0x40010) bind$alg(0xffffffffffffffff, &(0x7f0000000500)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be7d6a14fc29", 0xb) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r7, 0x112, 0xb, &(0x7f0000001340)=0x33, 0x2) connect$bt_sco(r7, &(0x7f00000016c0)={0x1f, @none}, 0x8) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) 5.085451202s ago: executing program 1 (id=1043): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x13, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x13, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mount$9p_virtio(&(0x7f0000000480), 0x0, 0x0, 0x2000000, 0x0) (async) mount$9p_virtio(&(0x7f0000000480), 0x0, 0x0, 0x2000000, 0x0) openat$adsp1(0xffffffffffffff9c, 0x0, 0xc002, 0x0) (async) openat$adsp1(0xffffffffffffff9c, 0x0, 0xc002, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) syz_open_dev$usbmon(&(0x7f00000000c0), 0x80000001, 0x40800) (async) r4 = syz_open_dev$usbmon(&(0x7f00000000c0), 0x80000001, 0x40800) mmap$usbmon(&(0x7f0000247000/0x2000)=nil, 0x2000, 0x1000000, 0x40012, r4, 0x80000000) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$sndctrl(0x0, 0x801, 0x430000) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async) sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) (async) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) socket$inet(0x10, 0x3, 0x0) r7 = socket$inet6(0xa, 0x2, 0x3a) sendto$inet6(r7, &(0x7f0000000080)="800009e92208a1ce", 0xfdef, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1b) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) 5.085224456s ago: executing program 2 (id=1044): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0x8, 0x0, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18004000000000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000000000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 4.966506152s ago: executing program 2 (id=1045): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, 0x15, 0x1, 0xfffffffc, 0x0, {0x10}}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x0) (async) write$binfmt_script(r0, &(0x7f00000002c0)={'#! ', './file0'}, 0xb) (async) close(r0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 4.880963685s ago: executing program 2 (id=1046): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x3af4701e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mbind(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x4, 0x3) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000389000/0x1000)=nil, 0x1000, &(0x7f0000000000)='\x00') mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket(0x1e, 0x1, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x8a, &(0x7f0000000580)=@req3, 0x1c) setsockopt$inet_int(r1, 0x0, 0x12, &(0x7f00000001c0)=0x2, 0x1) 4.517504585s ago: executing program 3 (id=1047): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x80002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, 0x0) openat$vcsa(0xffffff9c, &(0x7f00000000c0), 0x20002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0xffff, 0xb, 0x1, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r4 = socket(0x10, 0x3, 0x43) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xe4}, 0x10) sendmsg$nl_route(r4, 0x0, 0x40000c0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r5, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r6, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {"0000000000000000000200"}, 0x0, 0x1, 0x4}}}, 0x118) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) 3.990805504s ago: executing program 2 (id=1048): r0 = socket$inet6(0xa, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', 0x0}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={0xffffffffffffffff, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0], 0x0, 0xdd, &(0x7f0000000280)=[{}, {}], 0x10, 0x10, &(0x7f00000003c0), &(0x7f0000000440), 0x8, 0xdf, 0x8, 0x8, &(0x7f0000000480)}}, 0x10) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0xc, 0x2, [@TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0xa}]}}]}, 0x38}}, 0xc840) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x6}, {}, {0x7, 0x3}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) sendto$packet(r5, &(0x7f0000000140)="18", 0x1, 0x0, &(0x7f00000000c0)={0x11, 0xc, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) recvmmsg$unix(r2, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010002000000fedbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="08000800010000000600060001000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4004054}, 0x4000044) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0) r7 = socket(0x10, 0x3, 0x0) sendmmsg(r7, &(0x7f0000000000), 0x4000000000001f2, 0x0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) close_range(r0, 0xffffffffffffffff, 0x0) 3.590016251s ago: executing program 1 (id=1049): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) renameat(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x20010, 0xffffffffffffffff, 0x839c5000) socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000859000/0x4000)=nil, 0x4000, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newspdinfo={0x14, 0x24, 0x21}, 0x14}}, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) r2 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_add_rule$LANDLOCK_RULE_NET_PORT(r2, 0x2, &(0x7f00000000c0)={0x1, 0x2}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000003a01240220bd7000fcffffff04000000"], 0x14}}, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x1, 0x56d, 0x2}, 0x50) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e21, 0x0, @private1}, 0x1c) recvmsg(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, 0x0}, 0x100) syz_emit_ethernet(0x86, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x3, 0x1, "56805c734ee222c29de4125f81f6e030a5441a99f362cd24e0a1ac2291500733", "467f517bd818d5a4a8d26ae61b4cbf13", {"31ffc21d2e9bfb1eb3c03976ed837b6f", "876605ac29dcb96a8901e0711afb3db3"}}}}}}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x6c}}, 0x0) fstatfs(r1, &(0x7f0000000300)=""/133) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x14, &(0x7f0000000540)=ANY=[@ANYRES32=r1, @ANYRES16=r0, @ANYRES16, @ANYBLOB="d52c47397e3b11fb0e6dd9be4021f5cdd4d5cc08b2719221e3691958b4f77498a059b5843e64bfa4d7fd3fcc9c657d86c718b1c7d016dbb27da96e3c4296a6e4a72622599761d4d0fbab0a3603c5b6bfb1e89fcc161ec03c5c4d6134973c86e8975b627831890ce7ee7e", @ANYRES8, @ANYRESHEX=r1, @ANYRESOCT=r3], 0x0, 0x0, 0x0, 0x0, 0x60ff78ce1cb3c070, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x401}, 0x94) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000007300)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000006200)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x4c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfefff963, 0x0, 0x0, 0x0, 0x800001}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 3.470746838s ago: executing program 2 (id=1050): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000300)={'team0\x00', 0x0}) sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="10002bbd7000fedbdf250300000008000300010000e6070002000800000054000680060001036c000000140004000000000000000000000000000000000014000400fe80000000000000000000000000002508000300640183f4cc6bedb833230101060000", @ANYRES32=0x0, @ANYBLOB='\b\x00\a\x00', @ANYRES32=r1, @ANYBLOB], 0x78}, 0x1, 0x0, 0x0, 0x4040}, 0x20000080) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5}, 0x38) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x63, &(0x7f000000c280)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}, 0x1, 0x0, 0x0, 0x4008855}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="14000000100001f500000000000000000100000a14000000020a497f75241d4e1deb00000500000614001300110001"], 0x3c}, 0x1, 0x0, 0x0, 0x2004c040}, 0xc050) sendmsg$NFT_BATCH(r5, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x40081100}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)=ANY=[@ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x84}, 0x1) socket$inet6_sctp(0xa, 0x1, 0x84) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) io_uring_setup(0x4126, &(0x7f0000000c40)={0x0, 0xc09, 0x0, 0x0, 0x1000000}) 0s ago: executing program 2 (id=1051): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000840)={0x7, 0x0, [{0x6, 0xffffffff, 0x1000000, 0x0, 0x6, 0x8001, 0x4}, {0x80000000, 0x7, 0x3, 0x10, 0x8000027, 0x7, 0x5}, {0xc0000000, 0x8, 0x0, 0xffff, 0x7fffff7f, 0x5, 0x2}, {0x40000001, 0x12, 0x1, 0x7, 0xdf4, 0x401, 0x80000001}, {0x0, 0xda, 0x0, 0xa, 0x5, 0x400002, 0x400}, {0x40000001, 0xa, 0x0, 0x5, 0x5, 0x8, 0xf34f}, {0x80000007, 0x9, 0x9, 0x80000000, 0x9, 0x3, 0x7}]}) kernel console output (not intermixed with test programs): ck:5396kB pagetables:4088kB sec_pagetables:88kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 162.991259][ T7702] Node 0 DMA free:2068kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:444kB local_pcp:88kB free_cma:0kB [ 162.993817][ T5834] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 162.995004][ T7702] lowmem_reserve[]: [ 162.998833][ T5834] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 163.000532][ T7702] 0 285 285 285 285 [ 163.000559][ T7702] Node 0 DMA32 free:16252kB boost:0kB min:13096kB low:16368kB high:19640kB reserved_highatomic:0KB free_highatomic:0KB active_anon:88kB inactive_anon:60kB active_file:88kB inactive_file:92kB unevictable:3536kB writepending:0kB zspages:0kB present:1032196kB managed:292748kB mlocked:0kB bounce:0kB free_pcp:13660kB local_pcp:3188kB free_cma:0kB [ 163.000593][ T7702] lowmem_reserve[]: 0 0 0 [ 163.002723][ T5834] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 163.003750][ T7702] 0 0 [ 163.003780][ T7702] Node 1 DMA32 free:301104kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:27088kB inactive_anon:8kB active_file:25044kB inactive_file:4728kB unevictable:3536kB writepending:188kB zspages:2704kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:52904kB local_pcp:15408kB free_cma:0kB [ 163.006451][ T5834] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 163.007263][ T7702] lowmem_reserve[]: 0 0 0 0 0 [ 163.007291][ T7702] Node 0 DMA: 1*4kB (U) 2*8kB [ 163.009604][ T5834] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.011032][ T7702] (UM) 2*16kB (UM) 9*32kB (UM) 9*64kB (UM) 1*128kB (M) 0*256kB 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 2068kB [ 163.143636][ T7702] Node 0 DMA32: 927*4kB (UME) 168*8kB (UME) 58*16kB (UME) 41*32kB (UME) 26*64kB (UME) 19*128kB (UME) 9*256kB (ME) 3*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 16252kB [ 163.149165][ T7702] Node 1 DMA32: 1704*4kB (UME) 1804*8kB (UM) 877*16kB (UME) 416*32kB (UME) 339*64kB (UME) 178*128kB (UME) 80*256kB (UM) 27*512kB (UME) 11*1024kB (UM) 1*2048kB (U) 39*4096kB (M) = 300432kB [ 163.155582][ T7702] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 163.158759][ T7702] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 163.161567][ T7702] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 163.164940][ T7702] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 163.168245][ T7702] 10858 total pagecache pages [ 163.169735][ T7702] 1059 pages in swap cache [ 163.173549][ T7702] Free swap = 116472kB [ 163.174892][ T7702] Total swap = 124996kB [ 163.176281][ T7702] 524155 pages RAM [ 163.177450][ T7702] 0 pages HighMem/MovableOnly [ 163.178974][ T7702] 210075 pages reserved [ 163.180274][ T7702] 0 pages cma reserved [ 163.241140][ T7711] serio: Serial port ptm0 [ 163.457212][ T7687] netlink: 683 bytes leftover after parsing attributes in process `syz.3.491'. [ 163.497934][ T24] hid-generic 0080:0008:0000.0003: unknown main item tag 0x0 [ 163.501039][ T24] hid-generic 0080:0008:0000.0003: unknown main item tag 0x0 [ 163.504760][ T24] hid-generic 0080:0008:0000.0003: unknown main item tag 0x0 [ 163.507950][ T24] hid-generic 0080:0008:0000.0003: unknown main item tag 0x0 [ 163.510970][ T24] hid-generic 0080:0008:0000.0003: unknown main item tag 0x0 [ 163.513975][ T24] hid-generic 0080:0008:0000.0003: unknown main item tag 0x0 [ 163.518286][ T24] hid-generic 0080:0008:0000.0003: unknown main item tag 0x0 [ 163.521204][ T24] hid-generic 0080:0008:0000.0003: unknown main item tag 0x0 [ 163.524065][ T24] hid-generic 0080:0008:0000.0003: unknown main item tag 0x0 [ 163.528018][ T24] hid-generic 0080:0008:0000.0003: unknown main item tag 0x0 [ 163.537820][ T24] hid-generic 0080:0008:0000.0003: hidraw1: HID v0.00 Device [syz0] on syz0 [ 163.647659][ T7720] fido_id[7720]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 163.724438][ T7687] macvlan2: entered promiscuous mode [ 163.730289][ T7687] macvlan2: entered allmulticast mode [ 163.769571][ T7722] IPv6: NLM_F_CREATE should be specified when creating new route [ 163.776530][ T7725] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 163.927937][ T5849] usb 8-1: USB disconnect, device number 9 [ 164.070579][ T7734] binder_alloc: 7733: binder_alloc_buf size -1080863910568914944 failed, no address space [ 164.074610][ T7734] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) [ 164.122234][ T7736] capability: warning: `syz.0.508' uses deprecated v2 capabilities in a way that may be insecure [ 164.144767][ T7738] netlink: 'syz.3.509': attribute type 30 has an invalid length. [ 164.428929][ T7741] loop7: detected capacity change from 0 to 16384 [ 164.503624][ T34] net_ratelimit: 4 callbacks suppressed [ 164.503644][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 164.752509][ T218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 164.802858][ T7117] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 164.812471][ T857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 165.031063][ T7753] netlink: 'syz.3.512': attribute type 10 has an invalid length. [ 165.046312][ T7753] netlink: 'syz.3.512': attribute type 10 has an invalid length. [ 165.171712][ T7757] __nla_validate_parse: 2 callbacks suppressed [ 165.171734][ T7757] netlink: 36 bytes leftover after parsing attributes in process `syz.0.515'. [ 165.187025][ T7760] netlink: 24 bytes leftover after parsing attributes in process `syz.1.517'. [ 165.300723][ T7768] netlink: 8 bytes leftover after parsing attributes in process `syz.0.519'. [ 165.303913][ T7768] netlink: 8 bytes leftover after parsing attributes in process `syz.0.519'. [ 165.407150][ T7772] netlink: 'syz.0.520': attribute type 5 has an invalid length. [ 165.920466][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 166.163613][ T7783] netlink: 'syz.3.523': attribute type 4 has an invalid length. [ 166.166770][ T7783] netlink: 152 bytes leftover after parsing attributes in process `syz.3.523'. [ 166.175678][ T7783] .`: renamed from bond0 (while UP) [ 166.636755][ T7789] binder: 7788:7789 ioctl 4018620d 80004a80 returned -22 [ 166.907967][ T7809] Mount JFS Failure: -22 [ 166.909518][ T7809] jfs_mount failed w/return code = -22 [ 167.005183][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 167.232221][ T24] usb 8-1: new low-speed USB device number 10 using dummy_hcd [ 167.409739][ T24] usb 8-1: config 0 has no interfaces? [ 167.412254][ T24] usb 8-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00 [ 167.416704][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.422165][ T24] usb 8-1: config 0 descriptor?? [ 167.734296][ T7852] team0: Device gtp1 is up. Set it down before adding it as a team port [ 167.763291][ T7829] pim6reg: entered allmulticast mode [ 167.798533][ T7829] team0: entered allmulticast mode [ 167.804549][ T7829] team_slave_0: entered allmulticast mode [ 167.808932][ T7829] team_slave_1: entered allmulticast mode [ 167.828640][ T7858] netlink: 'syz.1.539': attribute type 1 has an invalid length. [ 167.829143][ T7829] team0: left allmulticast mode [ 167.834730][ T7829] team_slave_0: left allmulticast mode [ 167.860617][ T7829] team_slave_1: left allmulticast mode [ 167.865791][ T7829] pim6reg: left allmulticast mode [ 167.943711][ T7862] bond2: (slave veth3): Enslaving as an active interface with a down link [ 167.954140][ T7858] bridge0: port 3(dummy0) entered disabled state [ 167.958621][ T7858] dummy0: left allmulticast mode [ 167.960608][ T7858] dummy0: left promiscuous mode [ 167.964678][ T7858] bridge0: port 3(dummy0) entered disabled state [ 167.992967][ T7858] bond2: (slave dummy0): making interface the new active one [ 168.006029][ T7858] bond2: (slave dummy0): Enslaving as an active interface with an up link [ 168.008335][ T7862] netlink: 'syz.1.539': attribute type 10 has an invalid length. [ 168.013453][ T7862] netlink: 40 bytes leftover after parsing attributes in process `syz.1.539'. [ 168.019477][ T7862] dummy0: entered promiscuous mode [ 168.022513][ T7862] bond2: (slave dummy0): Releasing active interface [ 168.132250][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.135785][ T857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.185807][ T34] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 168.359289][ T34] usb 5-1: Using ep0 maxpacket: 8 [ 168.363424][ T34] usb 5-1: config index 0 descriptor too short (expected 74, got 45) [ 168.366922][ T34] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 168.372676][ T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 168.377102][ T34] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 168.381838][ T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 168.386183][ T34] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 168.392758][ T34] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 168.397276][ T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.629639][ T34] usb 5-1: GET_CAPABILITIES returned 0 [ 168.632662][ T34] usbtmc 5-1:16.0: can't read capabilities [ 168.850517][ T7861] loop5: detected capacity change from 0 to 49 [ 168.866344][ T857] usb 5-1: USB disconnect, device number 5 [ 169.258901][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 169.637150][ T7889] netlink: 84 bytes leftover after parsing attributes in process `syz.2.550'. [ 169.774992][ T53] hid_parser_main: 33 callbacks suppressed [ 169.775005][ T53] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 169.791971][ T53] hid-generic 0000:0000:0000.0004: hidraw1: HID v0.00 Device [syz1] on syz0 [ 169.795025][ T7896] netlink: 8 bytes leftover after parsing attributes in process `syz.1.552'. [ 169.863299][ T7899] netlink: 'syz.1.552': attribute type 10 has an invalid length. [ 169.866354][ T7899] netlink: 40 bytes leftover after parsing attributes in process `syz.1.552'. [ 169.872376][ T7899] bridge0: port 3(dummy0) entered blocking state [ 169.874687][ T7899] bridge0: port 3(dummy0) entered disabled state [ 169.877269][ T7899] dummy0: entered allmulticast mode [ 169.884041][ T7899] bridge0: port 3(dummy0) entered blocking state [ 169.886221][ T7899] bridge0: port 3(dummy0) entered forwarding state [ 170.386677][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 170.604982][ T53] usb 8-1: USB disconnect, device number 10 [ 170.731171][ T7902] loop9: detected capacity change from 0 to 7 [ 170.739532][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 170.743636][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 170.753665][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 170.757590][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 170.761815][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 170.766547][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 170.784841][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 170.790419][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 170.809688][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 170.811562][ T7905] netlink: 64 bytes leftover after parsing attributes in process `syz.3.554'. [ 170.813733][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 170.840654][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 170.844567][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 171.196984][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 171.200757][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 171.203861][ T7902] ldm_validate_partition_table(): Disk read failed. [ 171.206712][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 171.209532][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 171.212371][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 171.215657][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 171.218656][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 171.221765][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 171.224791][ T7902] Dev loop9: unable to read RDB block 0 [ 171.228786][ T7902] loop9: unable to read partition table [ 171.231263][ T7902] loop9: partition table beyond EOD, truncated [ 171.233349][ T7902] loop_reread_partitions: partition scan of loop9 (úù) failed (rc=-5) [ 171.361793][ T7919] 8021q: adding VLAN 0 to HW filter on device macsec2 [ 171.368925][ T54] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 171.426447][ T7117] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 171.438312][ T7928] netlink: 4 bytes leftover after parsing attributes in process `syz.3.561'. [ 171.452580][ T7928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 171.457168][ T7928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 171.461553][ T7928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 171.464874][ T7928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 171.468251][ T7928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 171.471939][ T7928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 171.476422][ T7928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 171.481005][ T7928] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 171.603434][ T7931] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.563'. [ 172.473990][ T7942] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 172.502149][ T7942] netlink: 4 bytes leftover after parsing attributes in process `syz.1.565'. [ 172.549337][ T7936] loop5: detected capacity change from 0 to 7 [ 172.556060][ T7936] Dev loop5: unable to read RDB block 7 [ 172.558269][ T7936] loop5: unable to read partition table [ 172.560962][ T7936] loop5: partition table beyond EOD, truncated [ 172.563301][ T7936] loop_reread_partitions: partition scan of loop5 (₫被xü—ŸÑà– ) failed (rc=-5) [ 172.723260][ T7939] kvm: pic: non byte read [ 172.734323][ T7939] kvm: pic: level sensitive irq not supported [ 172.734650][ T7939] kvm: pic: non byte read [ 172.753194][ T7946] serio: Serial port ptm0 [ 172.763097][ T7939] kvm: pic: level sensitive irq not supported [ 172.763595][ T7939] kvm: pic: non byte read [ 172.843032][ T7937] syz.1.565 (7937): drop_caches: 1 [ 172.850296][ T7935] syz.1.565 (7935): drop_caches: 1 [ 172.996275][ T7935] syz.1.565 (7935): drop_caches: 1 [ 173.434905][ T7969] netlink: 12 bytes leftover after parsing attributes in process `syz.1.573'. [ 173.481373][ T7969] 8021q: adding VLAN 0 to HW filter on device bond3 [ 173.491686][ T7969] netlink: 28 bytes leftover after parsing attributes in process `syz.1.573'. [ 173.495954][ T7969] bond3: entered promiscuous mode [ 173.499159][ T7969] bond3: entered allmulticast mode [ 173.505820][ T7969] bridge0: port 3(dummy0) entered disabled state [ 173.508471][ T7969] dummy0: left allmulticast mode [ 173.510050][ T7969] dummy0: left promiscuous mode [ 173.513881][ T7969] bridge0: port 3(dummy0) entered disabled state [ 173.519805][ T7969] dummy0: entered promiscuous mode [ 173.523423][ T7969] dummy0: entered allmulticast mode [ 173.525979][ T7969] bond3: (slave dummy0): Enslaving as an active interface with an up link [ 173.798972][ T7983] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode [ 173.807264][ T7983] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode [ 174.092520][ T1349] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 174.268783][ T1349] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 174.273238][ T1349] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 174.276733][ T1349] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 174.280152][ T1349] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.289145][ T7983] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 174.336713][ T1349] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 174.517989][ T1349] usb 5-1: USB disconnect, device number 6 [ 174.741418][ T7983] tmpfs: Unknown parameter 'usrquota€' [ 174.753013][ T7993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.581'. [ 175.379416][ T8005] 8021q: VLANs not supported on gre0 [ 175.775493][ T8021] FAULT_INJECTION: forcing a failure. [ 175.775493][ T8021] name failslab, interval 1, probability 0, space 0, times 0 [ 175.781107][ T8021] CPU: 3 UID: 0 PID: 8021 Comm: syz.2.591 Tainted: G L syzkaller #0 PREEMPT(full) [ 175.781139][ T8021] Tainted: [L]=SOFTLOCKUP [ 175.781145][ T8021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 175.781156][ T8021] Call Trace: [ 175.781164][ T8021] [ 175.781175][ T8021] dump_stack_lvl+0x100/0x190 [ 175.781200][ T8021] should_fail_ex.cold+0x5/0xa [ 175.781226][ T8021] should_failslab+0xc2/0x120 [ 175.781250][ T8021] __kmalloc_cache_noprof+0x7a/0x6f0 [ 175.781277][ T8021] ? binder_transaction+0x748/0x9c10 [ 175.781306][ T8021] binder_transaction+0x748/0x9c10 [ 175.781340][ T8021] ? ima_match_policy+0x8c4/0x2350 [ 175.781363][ T8021] ? ima_match_policy+0x8c4/0x2350 [ 175.781389][ T8021] ? __lock_acquire+0x4a5/0x2630 [ 175.781422][ T8021] ? __lock_acquire+0x4a5/0x2630 [ 175.781451][ T8021] ? __pfx_binder_transaction+0x10/0x10 [ 175.781478][ T8021] ? __lock_acquire+0x4a5/0x2630 [ 175.781512][ T8021] ? __lock_acquire+0x4a5/0x2630 [ 175.781550][ T8021] ? __lock_acquire+0x4a5/0x2630 [ 175.781624][ T8021] ? __lock_acquire+0x4a5/0x2630 [ 175.781651][ T8021] ? __lock_acquire+0x4a5/0x2630 [ 175.781678][ T8021] ? is_bpf_text_address+0x94/0x1a0 [ 175.781710][ T8021] ? find_held_lock+0x2b/0x80 [ 175.781732][ T8021] ? __might_fault+0xc5/0x140 [ 175.781757][ T8021] ? __might_fault+0xc5/0x140 [ 175.781795][ T8021] binder_thread_write+0x1303/0x4db0 [ 175.781830][ T8021] ? __lock_acquire+0x4a5/0x2630 [ 175.781855][ T8021] ? __pfx_binder_thread_write+0x10/0x10 [ 175.781876][ T8021] ? binder_debug+0xe0/0x190 [ 175.781892][ T8021] ? __pfx_binder_debug+0x10/0x10 [ 175.781909][ T8021] ? binder_debug+0xe0/0x190 [ 175.781925][ T8021] ? __pfx_binder_debug+0x10/0x10 [ 175.781956][ T8021] ? __pfx_binder_ioctl+0x10/0x10 [ 175.781975][ T8021] binder_ioctl+0x28f8/0x7550 [ 175.782000][ T8021] ? find_held_lock+0x2b/0x80 [ 175.782020][ T8021] ? tomoyo_path_number_perm+0x28f/0x580 [ 175.782040][ T8021] ? tomoyo_path_number_perm+0x28f/0x580 [ 175.782064][ T8021] ? tomoyo_path_number_perm+0x188/0x580 [ 175.782087][ T8021] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 175.782107][ T8021] ? __pfx_binder_ioctl+0x10/0x10 [ 175.782133][ T8021] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 175.782159][ T8021] ? do_vfs_ioctl+0x226/0x13e0 [ 175.782177][ T8021] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 175.782201][ T8021] ? find_held_lock+0x2b/0x80 [ 175.782221][ T8021] ? __fget_files+0x215/0x3d0 [ 175.782238][ T8021] ? hook_file_ioctl_common+0x149/0x410 [ 175.782264][ T8021] ? __fget_files+0x21f/0x3d0 [ 175.782283][ T8021] ? __pfx_binder_ioctl+0x10/0x10 [ 175.782302][ T8021] compat_ptr_ioctl+0x6e/0xa0 [ 175.782317][ T8021] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 175.782332][ T8021] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 175.782352][ T8021] __do_fast_syscall_32+0xe7/0x970 [ 175.782377][ T8021] ? lockdep_hardirqs_on+0x78/0x100 [ 175.782399][ T8021] do_fast_syscall_32+0x32/0x70 [ 175.782423][ T8021] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 175.782444][ T8021] RIP: 0023:0xf7f56f7c [ 175.782460][ T8021] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 175.782475][ T8021] RSP: 002b:00000000f541650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 175.782491][ T8021] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201 [ 175.782503][ T8021] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 175.782513][ T8021] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 175.782523][ T8021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 175.782539][ T8021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 175.782565][ T8021] [ 175.948909][ T8009] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 175.951609][ T8009] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 175.955102][ T8009] vhci_hcd vhci_hcd.0: Device attached [ 176.040348][ T8030] syzkaller1: entered promiscuous mode [ 176.042687][ T8030] syzkaller1: entered allmulticast mode [ 176.122470][ T1233] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.130775][ T1233] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.134522][ T1233] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.139078][ T1233] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.253095][ T8036] netlink: 44 bytes leftover after parsing attributes in process `syz.3.596'. [ 176.284335][ T53] usb 40-1: SetAddress Request (2) to port 0 [ 176.286993][ T53] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 176.300897][ T8022] vhci_hcd: connection closed [ 176.306846][ T13] vhci_hcd vhci_hcd.1: stop threads [ 176.311962][ T13] vhci_hcd vhci_hcd.1: release socket [ 176.314283][ T13] vhci_hcd vhci_hcd.1: disconnect device [ 176.336887][ T8040] binder: BINDER_SET_CONTEXT_MGR already set [ 176.339447][ T8040] binder: 8039:8040 ioctl 4018620d 80004a80 returned -16 [ 176.463765][ T54] net_ratelimit: 259 callbacks suppressed [ 176.463778][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 177.345938][ T8058] usb usb8: usbfs: process 8058 (syz.3.602) did not claim interface 0 before use [ 177.363658][ T8060] netlink: 4 bytes leftover after parsing attributes in process `syz.1.603'. [ 177.510721][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 177.583959][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 177.715041][ T8068] netlink: 4 bytes leftover after parsing attributes in process `syz.0.604'. [ 177.717962][ T8068] netlink: 348 bytes leftover after parsing attributes in process `syz.0.604'. [ 177.720694][ T8068] netlink: 4 bytes leftover after parsing attributes in process `syz.0.604'. [ 177.724014][ T8068] netlink: 348 bytes leftover after parsing attributes in process `syz.0.604'. [ 177.728122][ T8068] netlink: 4 bytes leftover after parsing attributes in process `syz.0.604'. [ 178.026632][ T857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.455424][ T8071] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 178.720631][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 179.617356][ T8090] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 179.851632][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.033486][ T8105] netlink: 4 bytes leftover after parsing attributes in process `syz.3.618'. [ 180.445308][ T8097] pim6reg: entered allmulticast mode [ 180.526741][ T8116] team0: entered allmulticast mode [ 180.528444][ T8116] team_slave_0: entered allmulticast mode [ 180.530452][ T8116] team_slave_1: entered allmulticast mode [ 180.535651][ T8116] team0: left allmulticast mode [ 180.537271][ T8116] team_slave_0: left allmulticast mode [ 180.539130][ T8116] team_slave_1: left allmulticast mode [ 180.541317][ T8116] pim6reg: left allmulticast mode [ 181.166996][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.205344][ T8059] Process accounting resumed [ 181.310751][ T7117] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.700506][ T34] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 181.744191][ T53] usb 40-1: device descriptor read/8, error -110 [ 181.991721][ T8137] input: syz1 as /devices/virtual/input/input13 [ 182.051402][ T8137] 9p: Could not find request transport: virosixacl [ 182.149397][ T8140] ubi16: attaching mtd0 [ 182.152626][ T8140] ubi16: scanning is finished [ 182.154291][ T8140] ubi16: empty MTD device detected [ 182.180956][ T53] usb usb40-port1: attempt power cycle [ 182.290096][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.422043][ T8140] ubi16: attached mtd0 (name "mtdram test device", size 0 MiB) [ 182.432653][ T8140] ubi16: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 182.440983][ T8140] ubi16: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 182.449686][ T8140] ubi16: VID header offset: 64 (aligned 64), data offset: 128 [ 182.459207][ T8140] ubi16: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 182.465184][ T8140] ubi16: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 182.477055][ T8140] ubi16: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 304207336 [ 182.489888][ T8140] ubi16: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 182.508427][ T8143] ubi16: background thread "ubi_bgt16d" started, PID 8143 [ 182.607602][ T8145] netlink: 'syz.3.630': attribute type 3 has an invalid length. [ 182.610339][ T8145] netlink: 'syz.3.630': attribute type 1 has an invalid length. [ 182.613375][ T8145] netlink: 224 bytes leftover after parsing attributes in process `syz.3.630'. [ 182.617467][ T8145] NCSI netlink: No device for ifindex 0 [ 182.621393][ T8148] 8021q: adding VLAN 0 to HW filter on device macsec1 [ 182.625680][ T1349] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 182.636355][ T34] usb 6-1: config 0 has no interfaces? [ 182.640543][ T34] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 182.645261][ T34] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 182.648984][ T34] usb 6-1: Product: syz [ 182.650958][ T34] usb 6-1: Manufacturer: syz [ 182.661545][ T34] usb 6-1: config 0 descriptor?? [ 182.847707][ T8163] netlink: 8 bytes leftover after parsing attributes in process `syz.3.634'. [ 182.917579][ T8164] netlink: 'syz.3.634': attribute type 10 has an invalid length. [ 182.921013][ T8164] netlink: 40 bytes leftover after parsing attributes in process `syz.3.634'. [ 182.924431][ T1349] usb 6-1: USB disconnect, device number 9 [ 182.939404][ T8164] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 183.014919][ T53] usb usb40-port1: unable to enumerate USB device [ 183.474630][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 183.751094][ T8167] ALSA: mixer_oss: invalid OSS volume '' [ 183.892193][ T8181] netlink: 8 bytes leftover after parsing attributes in process `syz.0.637'. [ 183.937824][ T8183] loop5: detected capacity change from 0 to 7 [ 183.946144][ T8183] Dev loop5: unable to read RDB block 7 [ 183.948268][ T8183] loop5: unable to read partition table [ 183.952397][ T8183] loop5: partition table beyond EOD, truncated [ 183.954389][ T8184] netlink: 'syz.0.637': attribute type 10 has an invalid length. [ 183.954408][ T8184] netlink: 40 bytes leftover after parsing attributes in process `syz.0.637'. [ 183.957032][ T8183] loop_reread_partitions: partition scan of loop5 (₫被xü—ŸÑà– ) failed (rc=-5) [ 184.033866][ T8184] bond1: (slave dummy0): Releasing backup interface [ 184.049497][ T8184] dummy0: left allmulticast mode [ 184.067132][ T8184] bridge0: port 3(dummy0) entered blocking state [ 184.072076][ T8184] bridge0: port 3(dummy0) entered disabled state [ 184.074902][ T8184] dummy0: entered allmulticast mode [ 184.682355][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 184.827132][ T7117] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 185.002115][ T8192] lo speed is unknown, defaulting to 1000 [ 185.101267][ T8207] serio: Serial port ttynull [ 185.222827][ T7117] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 185.370357][ T8214] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 185.374794][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 185.382839][ T8213] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 185.386022][ T7117] usb 5-1: Using ep0 maxpacket: 16 [ 185.393371][ T218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 185.398302][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 185.406001][ T7117] usb 5-1: config 0 has no interfaces? [ 185.416819][ T7117] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 185.425280][ T7117] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 185.430402][ T7117] usb 5-1: Manufacturer: syz [ 185.433477][ T7117] usb 5-1: config 0 descriptor?? [ 185.778961][ T1349] usb 5-1: USB disconnect, device number 7 [ 186.423095][ T8227] netlink: 'syz.2.651': attribute type 10 has an invalid length. [ 186.472587][ T8227] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 186.476531][ T8227] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 186.482871][ T8227] netlink: 14 bytes leftover after parsing attributes in process `syz.2.651'. [ 187.059719][ T8227] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 187.068948][ T8227] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 187.077004][ T8227] bond0 (unregistering): (slave netdevsim1): Releasing backup interface [ 187.088334][ T8227] bond0 (unregistering): Released all slaves [ 187.111749][ T8225] pim6reg: entered allmulticast mode [ 187.129496][ T8232] team0: entered allmulticast mode [ 187.150664][ T8232] vlan0: entered allmulticast mode [ 187.159708][ T8232] veth0_vlan: entered allmulticast mode [ 187.162009][ T8236] team0: left allmulticast mode [ 187.164182][ T8236] vlan0: left allmulticast mode [ 187.173587][ T8236] veth0_vlan: left allmulticast mode [ 187.175533][ T8236] pim6reg: left allmulticast mode [ 187.459882][ T5841] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 187.482927][ T5841] hid-generic 0000:0000:0000.0005: hidraw1: HID v0.00 Device [syz1] on syz0 [ 187.914478][ T5841] net_ratelimit: 2 callbacks suppressed [ 187.914491][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.084141][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.195641][ T7117] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.420859][ T8243] fido_id[8243]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 188.593867][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.791085][ T7117] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.852371][ T8227] netlink: 4 bytes leftover after parsing attributes in process `syz.2.651'. [ 188.886514][ T8255] netlink: 4 bytes leftover after parsing attributes in process `syz.3.657'. [ 188.887708][ T8227] mmap: syz.2.651 (8227) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 189.212882][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.242890][ T8263] netlink: 8 bytes leftover after parsing attributes in process `syz.0.659'. [ 189.314691][ T8266] netlink: 'syz.0.659': attribute type 10 has an invalid length. [ 189.318561][ T8266] netlink: 40 bytes leftover after parsing attributes in process `syz.0.659'. [ 189.332271][ T8266] bridge0: port 3(dummy0) entered blocking state [ 189.335536][ T8266] bridge0: port 3(dummy0) entered forwarding state [ 189.351981][ T53] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 189.440120][ T8268] evm: overlay not supported [ 190.338838][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 191.418474][ T8282] netlink: 'syz.2.666': attribute type 1 has an invalid length. [ 191.441039][ T8282] bond0: entered promiscuous mode [ 191.444081][ T8282] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.450153][ T8285] netlink: 'syz.0.667': attribute type 10 has an invalid length. [ 191.456278][ T857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 191.460729][ T8285] bridge0: port 3(dummy0) entered disabled state [ 191.463213][ T8285] dummy0: left allmulticast mode [ 191.465859][ T8285] dummy0: left promiscuous mode [ 191.467582][ T8285] bridge0: port 3(dummy0) entered disabled state [ 191.473416][ T8285] team0: Port device dummy0 added [ 191.475266][ T8285] dummy0: entered promiscuous mode [ 191.488407][ T8285] netlink: 'syz.0.667': attribute type 10 has an invalid length. [ 191.495356][ T8282] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.499317][ T8282] bond0: (slave vti0): The slave device specified does not support setting the MAC address [ 191.502948][ T8282] bond0: (slave vti0): Setting fail_over_mac to active for active-backup mode [ 191.510357][ T8282] bond0: (slave vti0): making interface the new active one [ 191.512724][ T8282] vti0: entered promiscuous mode [ 191.515473][ T8282] bond0: (slave vti0): Enslaving as an active interface with an up link [ 191.523747][ T8285] team0: Port device dummy0 removed [ 191.975594][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.305598][ T8307] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 192.338762][ T8304] syz.1.674 (8304): drop_caches: 1 [ 192.374738][ T8306] syz.1.674 (8306): drop_caches: 1 [ 192.404173][ T8304] syz.1.674 (8304): drop_caches: 1 [ 192.773080][ T8307] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 192.915570][ T8306] kvm: pic: level sensitive irq not supported [ 193.376997][ T8321] fuse: Bad value for 'user_id' [ 193.386909][ T8321] fuse: Bad value for 'user_id' [ 193.641968][ T8332] netlink: 'syz.2.681': attribute type 1 has an invalid length. [ 193.687157][ T8332] bond1: (slave geneve2): making interface the new active one [ 193.694017][ T8332] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 193.699378][ T13] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 193.706089][ T13] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 193.711829][ T8332] netlink: 28 bytes leftover after parsing attributes in process `syz.2.681'. [ 193.717051][ T13] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 193.722707][ T13] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 193.738909][ T8332] 8021q: adding VLAN 0 to HW filter on device bond1 [ 194.146571][ T5849] net_ratelimit: 1 callbacks suppressed [ 194.146585][ T5849] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 194.151508][ T857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 194.178209][ T8353] pim6reg: entered allmulticast mode [ 194.229774][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 194.397103][ T8353] team0: entered allmulticast mode [ 194.399655][ T8353] team_slave_0: entered allmulticast mode [ 194.402595][ T8353] team_slave_1: entered allmulticast mode [ 194.413004][ T8353] team0: left allmulticast mode [ 194.415446][ T8353] team_slave_0: left allmulticast mode [ 194.417817][ T8353] team_slave_1: left allmulticast mode [ 194.422243][ T8353] pim6reg: left allmulticast mode [ 195.032347][ T8368] pim6reg: entered allmulticast mode [ 195.236808][ T8368] team0: entered allmulticast mode [ 195.238760][ T8368] team_slave_0: entered allmulticast mode [ 195.240799][ T8368] team_slave_1: entered allmulticast mode [ 195.246116][ T8368] team0: left allmulticast mode [ 195.248307][ T8368] team_slave_0: left allmulticast mode [ 195.250665][ T8368] team_slave_1: left allmulticast mode [ 195.254337][ T8368] pim6reg: left allmulticast mode [ 195.380387][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 195.773879][ T8372] netlink: 168 bytes leftover after parsing attributes in process `syz.0.689'. [ 196.108065][ T8384] netlink: 4 bytes leftover after parsing attributes in process `syz.0.694'. [ 196.187523][ T8387] pim6reg: entered allmulticast mode [ 196.283199][ T8392] lo speed is unknown, defaulting to 1000 [ 196.456830][ T218] tipc: Subscription rejected, illegal request [ 196.483623][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 196.498522][ T8392] IPVS: set_ctl: invalid protocol: 115 100.1.1.0:20002 [ 196.589799][ T8382] team0: entered allmulticast mode [ 196.592681][ T8382] team_slave_0: entered allmulticast mode [ 196.595318][ T8382] team_slave_1: entered allmulticast mode [ 196.604352][ T8382] team0: left allmulticast mode [ 196.606794][ T8382] team_slave_0: left allmulticast mode [ 196.609339][ T8382] team_slave_1: left allmulticast mode [ 196.612402][ T8382] pim6reg: left allmulticast mode [ 196.804044][ T8404] netlink: 12 bytes leftover after parsing attributes in process `syz.0.700'. [ 196.859320][ T40] audit: type=1326 audit(1780649479.952:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8403 comm="syz.0.700" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000 [ 196.904629][ T40] audit: type=1326 audit(1780649479.962:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8403 comm="syz.0.700" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf702ef7c code=0x7ffc0000 [ 196.929658][ T40] audit: type=1326 audit(1780649479.962:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8403 comm="syz.0.700" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000 [ 196.938079][ T40] audit: type=1326 audit(1780649479.962:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8403 comm="syz.0.700" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000 [ 196.949367][ T40] audit: type=1326 audit(1780649479.962:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8403 comm="syz.0.700" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf702ef7c code=0x7ffc0000 [ 196.956548][ T40] audit: type=1326 audit(1780649479.962:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8403 comm="syz.0.700" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000 [ 196.965914][ T40] audit: type=1326 audit(1780649479.962:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8403 comm="syz.0.700" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf702ef7c code=0x7ffc0000 [ 196.974247][ T40] audit: type=1326 audit(1780649479.971:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8403 comm="syz.0.700" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000 [ 196.981349][ T40] audit: type=1326 audit(1780649479.980:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8403 comm="syz.0.700" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000 [ 197.177016][ T5841] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 197.231933][ T8417] netlink: 13 bytes leftover after parsing attributes in process `syz.2.704'. [ 197.350844][ T5841] usb 8-1: Using ep0 maxpacket: 8 [ 197.362100][ T5841] usb 8-1: config 1 has an invalid descriptor of length 173, skipping remainder of the config [ 197.365780][ T5841] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 197.368684][ T5841] usb 8-1: config 1 has no interface number 0 [ 197.370828][ T5841] usb 8-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0xBC, changing to 0x8C [ 197.376826][ T5841] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x8C has an invalid bInterval 93, changing to 7 [ 197.380370][ T5841] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x8C has invalid maxpacket 9440, setting to 1024 [ 197.385741][ T5841] usb 8-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40 [ 197.388793][ T5841] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.391345][ T5841] usb 8-1: Product: syz [ 197.391679][ T8424] pim6reg: entered allmulticast mode [ 197.392673][ T5841] usb 8-1: Manufacturer: syz [ 197.397114][ T5841] usb 8-1: SerialNumber: syz [ 197.437134][ T5849] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 197.488956][ T8421] team0: entered allmulticast mode [ 197.491179][ T24] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 197.491633][ T8421] team_slave_0: entered allmulticast mode [ 197.496919][ T8421] team_slave_1: entered allmulticast mode [ 197.505604][ T8421] team0: left allmulticast mode [ 197.507208][ T8421] team_slave_0: left allmulticast mode [ 197.509199][ T8421] team_slave_1: left allmulticast mode [ 197.511706][ T8421] pim6reg: left allmulticast mode [ 197.611207][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 197.666123][ T24] usb 7-1: unable to get BOS descriptor or descriptor too short [ 197.669912][ T24] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 197.672538][ T24] usb 7-1: can't read configurations, error -71 [ 198.066948][ T5841] usb 8-1: USB disconnect, device number 11 [ 198.354404][ T8432] lo speed is unknown, defaulting to 1000 [ 198.650811][ T857] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 198.737994][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 198.824192][ T857] usb 6-1: Using ep0 maxpacket: 16 [ 198.827539][ T857] usb 6-1: config 0 has no interfaces? [ 198.832723][ T857] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 198.836372][ T857] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 198.840061][ T857] usb 6-1: Manufacturer: syz [ 198.843648][ T857] usb 6-1: config 0 descriptor?? [ 198.921739][ T5841] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 199.089543][ T5841] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 199.093745][ T5841] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.098922][ T5841] usb 5-1: Product: syz [ 199.100909][ T5841] usb 5-1: Manufacturer: syz [ 199.103079][ T5841] usb 5-1: SerialNumber: syz [ 199.174820][ T857] usb 6-1: USB disconnect, device number 10 [ 199.330905][ T8440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 199.334765][ T8440] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 199.555702][ T8440] netlink: 'syz.0.712': attribute type 1 has an invalid length. [ 199.750263][ T5841] rtl8150 5-1:1.0: couldn't reset the device [ 199.753357][ T5841] rtl8150 5-1:1.0: probe with driver rtl8150 failed with error -5 [ 199.782640][ T5841] usb 5-1: USB disconnect, device number 8 [ 199.865652][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 199.902825][ T8453] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 199.909124][ T8453] hsr0: left promiscuous mode [ 199.948145][ T8453] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 199.957044][ T8453] 8021q: adding VLAN 0 to HW filter on device bond2 [ 199.964392][ T8453] 8021q: adding VLAN 0 to HW filter on device bond3 [ 199.977308][ T10] team_slave_0: entered promiscuous mode [ 199.980030][ T10] team_slave_1: entered promiscuous mode [ 199.982573][ T857] lo speed is unknown, defaulting to 1000 [ 200.011677][ T1233] bond2: (slave veth3): link status definitely up, 10000 Mbps full duplex [ 200.025821][ T1233] bond2: (slave veth3): making interface the new active one [ 200.051441][ T1233] bond2: active interface up! [ 200.192608][ T10] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 200.252319][ T8468] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 200.559726][ T10] hid-generic 0000:0000:0000.0006: hidraw1: HID v0.00 Device [syz1] on syz0 [ 200.732892][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 201.165152][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 201.261309][ T8477] fido_id[8477]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 201.788607][ T8498] netlink: 8 bytes leftover after parsing attributes in process `syz.3.730'. [ 201.863164][ T8499] netlink: 'syz.3.730': attribute type 10 has an invalid length. [ 201.866761][ T8499] netlink: 40 bytes leftover after parsing attributes in process `syz.3.730'. [ 202.397310][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 202.924491][ T8515] netlink: 'syz.3.735': attribute type 1 has an invalid length. [ 202.928321][ T8510] netlink: 16 bytes leftover after parsing attributes in process `syz.0.733'. [ 202.936645][ T8510] bridge_slave_0: left allmulticast mode [ 202.948178][ T8510] bridge_slave_0: left promiscuous mode [ 202.954532][ T8510] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.100098][ T8518] bond0: (slave veth3): Enslaving as an active interface with a down link [ 203.147349][ T8515] netlink: 'syz.3.735': attribute type 10 has an invalid length. [ 203.151903][ T8515] netlink: 40 bytes leftover after parsing attributes in process `syz.3.735'. [ 203.302817][ T8534] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 203.315756][ T8534] xt_TPROXY: Can be used only with -p tcp or -p udp [ 203.517497][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.026478][ T5849] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.097967][ T8557] raw_sendmsg: syz.2.751 forgot to set AF_INET. Fix it! [ 204.421998][ T8557] ceph: No mds server is up or the cluster is laggy [ 204.436742][ T5834] libceph: connect (1)[c::]:6789 error -101 [ 204.441862][ T5834] libceph: mon0 (1)[c::]:6789 connect error [ 204.558868][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.634432][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.978282][ T8565] netlink: 'syz.1.753': attribute type 10 has an invalid length. [ 204.985949][ T8565] bond3: (slave dummy0): Releasing backup interface [ 204.990363][ T8565] dummy0: left promiscuous mode [ 204.992903][ T8565] dummy0: left allmulticast mode [ 205.000858][ T8565] team0: Port device dummy0 added [ 205.004713][ T8565] dummy0: entered promiscuous mode [ 205.009872][ T8565] netlink: 'syz.1.753': attribute type 10 has an invalid length. [ 205.021090][ T8565] team0: Port device dummy0 removed [ 205.136690][ T8568] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 205.245151][ T6512] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 205.247222][ T1434] ieee802154 phy0 wpan0: encryption failed: -22 [ 205.253041][ T1434] ieee802154 phy1 wpan1: encryption failed: -22 [ 205.347748][ T62] Bluetooth: hci3: unexpected event for opcode 0x0406 [ 205.591064][ T8580] netlink: 4 bytes leftover after parsing attributes in process `syz.3.757'. [ 205.593968][ T8580] netlink: 348 bytes leftover after parsing attributes in process `syz.3.757'. [ 205.597409][ T8580] netlink: 4 bytes leftover after parsing attributes in process `syz.3.757'. [ 205.599348][ T5747] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 205.601459][ T8580] netlink: 348 bytes leftover after parsing attributes in process `syz.3.757'. [ 205.608222][ T8580] netlink: 4 bytes leftover after parsing attributes in process `syz.3.757'. [ 205.760519][ T6512] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 205.803883][ T8584] netlink: 'syz.2.761': attribute type 1 has an invalid length. [ 205.898727][ T8584] netlink: 28 bytes leftover after parsing attributes in process `syz.2.761'. [ 205.913368][ T8584] 8021q: adding VLAN 0 to HW filter on device bond2 [ 205.918424][ T8591] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 205.921063][ T8591] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 205.928015][ T8591] vhci_hcd vhci_hcd.0: Device attached [ 205.933389][ T8592] vhci_hcd: connection closed [ 205.934322][ T13] vhci_hcd vhci_hcd.1: stop threads [ 205.938935][ T13] vhci_hcd vhci_hcd.1: release socket [ 205.941213][ T13] vhci_hcd vhci_hcd.1: disconnect device [ 206.070502][ T8604] x_tables: ip_tables: tcpmss match: only valid for protocol 6 [ 206.517861][ T8613] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 206.528827][ T8613] CIFS mount error: No usable UNC path provided in device string! [ 206.528827][ T8613] [ 206.534211][ T8613] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 206.539929][ T8613] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.543524][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.784831][ T8623] netlink: 'syz.1.772': attribute type 10 has an invalid length. [ 206.820943][ T8623] bridge0: port 3(dummy0) entered blocking state [ 206.824402][ T8623] bridge0: port 3(dummy0) entered disabled state [ 206.828665][ T8623] dummy0: entered allmulticast mode [ 206.887462][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.924200][ T8623] bridge0: port 3(dummy0) entered blocking state [ 206.927546][ T8623] bridge0: port 3(dummy0) entered forwarding state [ 207.687951][ T8635] __nla_validate_parse: 4 callbacks suppressed [ 207.688105][ T8635] netlink: 168 bytes leftover after parsing attributes in process `syz.3.776'. [ 207.872922][ T8638] dummy0: left allmulticast mode [ 207.875463][ T8638] bridge0: port 3(dummy0) entered disabled state [ 207.900896][ T8638] bridge_slave_0: left allmulticast mode [ 207.905222][ T8638] bridge_slave_0: left promiscuous mode [ 207.910986][ T8638] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.920870][ T8638] bridge_slave_1: left allmulticast mode [ 207.926062][ T8638] bridge_slave_1: left promiscuous mode [ 207.930494][ T8638] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.956476][ T8638] bond0: (slave bond_slave_0): Releasing backup interface [ 208.009771][ T8638] bond0: (slave bond_slave_1): Releasing backup interface [ 208.025773][ T6512] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 208.043382][ T8638] team_slave_0: left promiscuous mode [ 208.050196][ T8638] team0: Port device team_slave_0 removed [ 208.068858][ T8638] team_slave_1: left promiscuous mode [ 208.129215][ T8638] team0: Port device team_slave_1 removed [ 208.140264][ T8638] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 208.154072][ T8638] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.171823][ T8638] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 208.191289][ T8638] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 208.208016][ T8638] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 208.240515][ T8652] dummy0: left allmulticast mode [ 208.243519][ T8652] bridge0: port 3(dummy0) entered disabled state [ 208.250614][ T8647] overlayfs: workdir and upperdir must be separate subtrees [ 208.253085][ T8652] bridge_slave_0: left allmulticast mode [ 208.256452][ T8652] bridge_slave_0: left promiscuous mode [ 208.258964][ T8652] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.269546][ T8652] bridge_slave_1: left allmulticast mode [ 208.271978][ T8652] bridge_slave_1: left promiscuous mode [ 208.274725][ T8652] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.295899][ T8652] team0: Port device team_slave_0 removed [ 208.306860][ T8652] team0: Port device team_slave_1 removed [ 208.311805][ T8652] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 208.315095][ T8652] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.321518][ T8652] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 208.325157][ T8652] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 208.331245][ T8652] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 208.426183][ T8656] netlink: 4 bytes leftover after parsing attributes in process `syz.0.784'. [ 208.528181][ T8662] 8021q: VLANs not supported on gre0 [ 208.535043][ T5849] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 208.580561][ T8664] netlink: 'syz.1.786': attribute type 30 has an invalid length. [ 208.784264][ T24] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 208.914193][ T5826] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 208.946687][ T24] usb 8-1: device descriptor read/64, error -71 [ 209.106786][ T5826] usb 5-1: not running at top speed; connect to a high speed hub [ 209.111251][ T5826] usb 5-1: config 31 has an invalid interface number: 242 but max is 2 [ 209.114826][ T5826] usb 5-1: config 31 has an invalid interface number: 254 but max is 2 [ 209.118370][ T5826] usb 5-1: config 31 has an invalid interface number: 254 but max is 2 [ 209.122025][ T5826] usb 5-1: config 31 has an invalid interface number: 80 but max is 2 [ 209.125746][ T5826] usb 5-1: config 31 has no interface number 0 [ 209.128713][ T5826] usb 5-1: config 31 has no interface number 1 [ 209.133124][ T5826] usb 5-1: config 31 has no interface number 2 [ 209.135861][ T5826] usb 5-1: config 31 interface 242 altsetting 62 has a duplicate endpoint with address 0xE, skipping [ 209.140272][ T5826] usb 5-1: config 31 interface 242 altsetting 62 has a duplicate endpoint with address 0x9, skipping [ 209.145135][ T5826] usb 5-1: config 31 interface 242 altsetting 62 has a duplicate endpoint with address 0x9, skipping [ 209.149923][ T5826] usb 5-1: config 31 interface 242 altsetting 62 has a duplicate endpoint with address 0xB, skipping [ 209.154232][ T6512] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.155051][ T5826] usb 5-1: config 31 interface 242 altsetting 62 has an invalid descriptor for endpoint zero, skipping [ 209.162033][ T5826] usb 5-1: config 31 interface 254 altsetting 149 has a duplicate endpoint with address 0x1, skipping [ 209.167382][ T5826] usb 5-1: config 31 interface 254 altsetting 149 has a duplicate endpoint with address 0x8, skipping [ 209.172854][ T5826] usb 5-1: config 31 interface 254 altsetting 149 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 209.177875][ T5826] usb 5-1: config 31 interface 254 altsetting 149 has a duplicate endpoint with address 0x8, skipping [ 209.182329][ T5826] usb 5-1: config 31 interface 254 altsetting 149 has an invalid descriptor for endpoint zero, skipping [ 209.189045][ T5826] usb 5-1: too many endpoints for config 31 interface 254 altsetting 77: 79, using maximum allowed: 30 [ 209.193673][ T5826] usb 5-1: config 31 interface 254 altsetting 77 has 0 endpoint descriptors, different from the interface descriptor's value: 79 [ 209.200084][ T5826] usb 5-1: config 31 interface 242 has no altsetting 0 [ 209.202994][ T5826] usb 5-1: config 31 interface 254 has no altsetting 0 [ 209.205759][ T5826] usb 5-1: config 31 interface 254 has no altsetting 1 [ 209.209295][ T5826] usb 5-1: config 31 interface 80 has no altsetting 0 [ 209.239510][ T24] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 209.296277][ T8687] netlink: 132 bytes leftover after parsing attributes in process `syz.1.795'. [ 209.308153][ T8687] overlayfs: failed to resolve './file2': -2 [ 209.380183][ T24] usb 8-1: device descriptor read/64, error -71 [ 209.418047][ T8690] lo speed is unknown, defaulting to 1000 [ 209.510738][ T24] usb usb8-port1: attempt power cycle [ 209.716127][ T5849] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 209.748898][ T62] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 209.754858][ T62] Bluetooth: hci3: Injecting HCI hardware error event [ 209.763734][ T62] Bluetooth: hci3: hardware error 0x00 [ 209.878740][ T5849] usb 6-1: Using ep0 maxpacket: 16 [ 209.882831][ T5849] usb 6-1: config 0 has no interfaces? [ 209.886690][ T5849] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 209.891883][ T5849] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 209.895661][ T5849] usb 6-1: Manufacturer: syz [ 209.899905][ T5849] usb 6-1: config 0 descriptor?? [ 209.900311][ T24] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 209.933546][ T24] usb 8-1: device descriptor read/8, error -71 [ 210.214775][ T24] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 210.239106][ T5834] usb 6-1: USB disconnect, device number 11 [ 210.244117][ T8694] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 210.248045][ T24] usb 8-1: device descriptor read/8, error -71 [ 210.367083][ T24] usb usb8-port1: unable to enumerate USB device [ 210.514704][ T8697] team0: Mode changed to "loadbalance" [ 211.398440][ T6512] net_ratelimit: 3 callbacks suppressed [ 211.398459][ T6512] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 211.858019][ T8714] netlink: 8 bytes leftover after parsing attributes in process `syz.3.802'. [ 211.915388][ T5826] usb 5-1: string descriptor 0 read error: -71 [ 211.915529][ T857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 211.923864][ T8716] netlink: 'syz.3.802': attribute type 10 has an invalid length. [ 211.927475][ T5826] usb 5-1: New USB device found, idVendor=041e, idProduct=4060, bcdDevice=22.1b [ 211.930432][ T8716] netlink: 40 bytes leftover after parsing attributes in process `syz.3.802'. [ 211.933927][ T5826] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.965327][ T5826] usb 5-1: can't set config #31, error -71 [ 212.008832][ T62] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 212.754651][ T5826] usb 5-1: USB disconnect, device number 9 [ 212.807352][ T8721] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 213.414194][ T8732] bond0: option arp_interval: mode dependency failed, not supported in mode balance-alb(6) [ 213.481593][ T8736] FAULT_INJECTION: forcing a failure. [ 213.481593][ T8736] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 213.498465][ T8736] CPU: 1 UID: 0 PID: 8736 Comm: syz.3.809 Tainted: G L syzkaller #0 PREEMPT(full) [ 213.498485][ T8736] Tainted: [L]=SOFTLOCKUP [ 213.498489][ T8736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 213.498496][ T8736] Call Trace: [ 213.498501][ T8736] [ 213.498506][ T8736] dump_stack_lvl+0x100/0x190 [ 213.498522][ T8736] should_fail_ex.cold+0x5/0xa [ 213.498538][ T8736] _copy_from_user+0x2e/0xd0 [ 213.498554][ T8736] get_compat_msghdr+0xb3/0x4b0 [ 213.498568][ T8736] ? __pfx_get_compat_msghdr+0x10/0x10 [ 213.498586][ T8736] ___sys_sendmsg+0x1b6/0x1e0 [ 213.498602][ T8736] ? __pfx____sys_sendmsg+0x10/0x10 [ 213.498624][ T8736] ? find_held_lock+0x2b/0x80 [ 213.498646][ T8736] __sys_sendmsg+0x170/0x220 [ 213.498657][ T8736] ? __pfx___sys_sendmsg+0x10/0x10 [ 213.498668][ T8736] ? __fget_files+0x21f/0x3d0 [ 213.498684][ T8736] ? ksys_write+0x1ac/0x250 [ 213.498697][ T8736] ? rcu_is_watching+0x12/0xc0 [ 213.498711][ T8736] __do_fast_syscall_32+0xe7/0x970 [ 213.498728][ T8736] ? lockdep_hardirqs_on+0x78/0x100 [ 213.498744][ T8736] do_fast_syscall_32+0x32/0x70 [ 213.498761][ T8736] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 213.498775][ T8736] RIP: 0023:0xf708ef7c [ 213.498784][ T8736] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 213.498795][ T8736] RSP: 002b:00000000f547d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 213.498807][ T8736] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 213.498814][ T8736] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 213.498820][ T8736] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 213.498826][ T8736] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 213.498832][ T8736] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 213.498845][ T8736] [ 213.726260][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 213.885687][ T8743] netlink: 'syz.3.811': attribute type 21 has an invalid length. [ 213.891042][ T8743] netlink: 128 bytes leftover after parsing attributes in process `syz.3.811'. [ 213.898855][ T8743] netlink: 3 bytes leftover after parsing attributes in process `syz.3.811'. [ 214.864493][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.952099][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 215.211156][ T857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 215.418692][ T8755] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 215.425541][ T12] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 215.443718][ T12] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.448145][ T12] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 215.452073][ T12] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 215.456011][ T12] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.459756][ T12] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 215.474425][ T12] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 215.478159][ T12] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.484073][ T12] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 215.487869][ T12] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 215.491493][ T12] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.497398][ T12] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 215.965051][ T8790] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.825'. [ 216.002478][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 216.105720][ T8727] Process accounting paused [ 216.313891][ T8796] tipc: Started in network mode [ 216.315694][ T8796] tipc: Node identity ac14140f, cluster identity 4711 [ 216.320352][ T8796] tipc: Enabled bearer , priority 10 [ 216.361122][ T8798] netlink: 4 bytes leftover after parsing attributes in process `syz.1.832'. [ 216.973400][ T8813] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 217.118675][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 217.342483][ T8828] netlink: 36 bytes leftover after parsing attributes in process `syz.3.841'. [ 217.403210][ T34] tipc: Node number set to 2886997007 [ 217.483399][ T8829] netlink: 'syz.3.841': attribute type 1 has an invalid length. [ 217.512655][ T8829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 217.516589][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 217.522519][ T8829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.253140][ T8820] netlink: 'syz.2.839': attribute type 1 has an invalid length. [ 218.257628][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.262704][ T8820] netlink: 'syz.2.839': attribute type 1 has an invalid length. [ 218.432505][ T8838] 9pnet_fd: Insufficient options for proto=fd [ 218.440302][ T8826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.455548][ T5826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.475498][ T8826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.493148][ T8826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.497615][ T40] audit: type=1326 audit(1780649499.920:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8839 comm="syz.2.845" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56f7c code=0x7ffc0000 [ 218.497752][ T40] audit: type=1326 audit(1780649499.920:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8839 comm="syz.2.845" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56f7c code=0x7ffc0000 [ 218.500117][ T40] audit: type=1326 audit(1780649499.920:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8839 comm="syz.2.845" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f56f7c code=0x7ffc0000 [ 218.529842][ T40] audit: type=1326 audit(1780649499.920:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8839 comm="syz.2.845" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56f7c code=0x7ffc0000 [ 218.543367][ T40] audit: type=1326 audit(1780649499.920:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8839 comm="syz.2.845" exe="/syz-executor" sig=0 arch=40000003 syscall=257 compat=1 ip=0xf7f56f7c code=0x7ffc0000 [ 218.558102][ T40] audit: type=1326 audit(1780649499.920:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8839 comm="syz.2.845" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56f7c code=0x7ffc0000 [ 218.567522][ T40] audit: type=1326 audit(1780649499.920:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8839 comm="syz.2.845" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f56f7c code=0x7ffc0000 [ 218.578408][ T40] audit: type=1326 audit(1780649499.920:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8839 comm="syz.2.845" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56f7c code=0x7ffc0000 [ 218.594505][ T40] audit: type=1326 audit(1780649499.920:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8839 comm="syz.2.845" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7f56f7c code=0x7ffc0000 [ 218.606983][ T40] audit: type=1326 audit(1780649499.920:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8839 comm="syz.2.845" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf71561ab code=0x7ffc0000 [ 218.635777][ T54] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 218.810349][ T54] usb 5-1: Using ep0 maxpacket: 32 [ 218.834627][ T54] usb 5-1: unable to get BOS descriptor or descriptor too short [ 218.846908][ T54] usb 5-1: config 8 has an invalid interface number: 188 but max is 0 [ 218.851206][ T54] usb 5-1: config 8 has no interface number 0 [ 218.855200][ T54] usb 5-1: config 8 interface 188 has no altsetting 0 [ 218.872340][ T54] usb 5-1: string descriptor 0 read error: -22 [ 218.882967][ T54] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0102, bcdDevice=89.0e [ 218.898115][ T54] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.968347][ T8847] netlink: 28 bytes leftover after parsing attributes in process `syz.1.847'. [ 218.971793][ T8847] netlink: 28 bytes leftover after parsing attributes in process `syz.1.847'. [ 218.983426][ T54] dvb-usb: found a 'Terratec Cinergy S2 USB HD Rev.3' in warm state. [ 218.986551][ T54] dw2102: su3000_power_ctrl: 1, initialized 0 [ 218.989222][ T54] dvb-usb: bulk message failed: -22 (2/0) [ 219.014538][ T54] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 219.023209][ T54] dvbdev: DVB: registering new adapter (Terratec Cinergy S2 USB HD Rev.3) [ 219.026721][ T54] usb 5-1: media controller created [ 219.029691][ T54] dvb-usb: bulk message failed: -22 (6/0) [ 219.032059][ T54] dw2102: i2c transfer failed. [ 219.034131][ T54] dvb-usb: bulk message failed: -22 (6/0) [ 219.036575][ T54] dw2102: i2c transfer failed. [ 219.038781][ T54] dvb-usb: bulk message failed: -22 (6/0) [ 219.041214][ T54] dw2102: i2c transfer failed. [ 219.043758][ T54] dvb-usb: bulk message failed: -22 (6/0) [ 219.046204][ T54] dw2102: i2c transfer failed. [ 219.048347][ T8847] team0: entered promiscuous mode [ 219.049789][ T54] dvb-usb: bulk message failed: -22 (6/0) [ 219.053208][ T54] dw2102: i2c transfer failed. [ 219.055072][ T54] dvb-usb: bulk message failed: -22 (6/0) [ 219.057497][ T54] dw2102: i2c transfer failed. [ 219.068461][ T54] dvb-usb: MAC address: 02:02:02:02:02:02 [ 219.072717][ T8847] team0: left promiscuous mode [ 219.151468][ T54] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 219.204808][ T8836] dvb-usb: bulk message failed: -22 (5/0) [ 219.218650][ T8836] dw2102: i2c transfer failed. [ 219.224746][ T54] dvb-usb: bulk message failed: -22 (3/0) [ 219.227897][ T54] dw2102: command 0x0e transfer failed. [ 219.239082][ T54] dvb-usb: bulk message failed: -22 (3/0) [ 219.250873][ T54] dw2102: command 0x0e transfer failed. [ 219.282482][ T8828] syz.3.841 (8828): drop_caches: 2 [ 219.404752][ T8850] netlink: 12 bytes leftover after parsing attributes in process `syz.1.849'. [ 219.478330][ T8857] netlink: 'syz.3.848': attribute type 30 has an invalid length. [ 219.600106][ T54] dvb-usb: bulk message failed: -22 (3/0) [ 219.602518][ T54] dw2102: command 0x0e transfer failed. [ 219.604819][ T54] dvb-usb: bulk message failed: -22 (3/0) [ 219.607191][ T54] dw2102: command 0x0e transfer failed. [ 219.609689][ T54] dvb-usb: bulk message failed: -22 (1/0) [ 219.612519][ T54] dw2102: command 0x51 transfer failed. [ 219.709065][ T54] DVB: Unable to find symbol ds3000_attach() [ 219.714962][ T54] dvb-usb: no frontend was attached by 'Terratec Cinergy S2 USB HD Rev.3' [ 219.817021][ T54] rc_core: IR keymap rc-su3000 not found [ 219.819340][ T54] Registered IR keymap rc-empty [ 219.838898][ T54] rc rc0: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0 [ 219.848768][ T54] input: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0/input14 [ 219.900286][ T54] dvb-usb: schedule remote query interval to 150 msecs. [ 219.904000][ T54] dw2102: su3000_power_ctrl: 0, initialized 1 [ 219.906545][ T54] dvb-usb: Terratec Cinergy S2 USB HD Rev.3 successfully initialized and connected. [ 219.921873][ T54] usb 5-1: USB disconnect, device number 10 [ 220.020533][ T54] dvb-usb: Terratec Cinergy S2 USB HD Rev.3 successfully deinitialized and disconnected. [ 220.833073][ T8886] netlink: 'syz.0.861': attribute type 1 has an invalid length. [ 220.840543][ T8886] netlink: 4 bytes leftover after parsing attributes in process `syz.0.861'. [ 220.844800][ T8886] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 220.869999][ T8886] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 220.926541][ T59] Bluetooth: hci4: Frame reassembly failed (-84) [ 221.266280][ T8891] netlink: 36 bytes leftover after parsing attributes in process `syz.3.862'. [ 221.322838][ T8893] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 221.992786][ T8916] netlink: 76 bytes leftover after parsing attributes in process `syz.3.872'. [ 222.000183][ T8916] netlink: 'syz.3.872': attribute type 1 has an invalid length. [ 222.003510][ T8916] netlink: 228 bytes leftover after parsing attributes in process `syz.3.872'. [ 222.013483][ T8916] netlink: 8 bytes leftover after parsing attributes in process `syz.3.872'. [ 222.434515][ T8922] netlink: 8 bytes leftover after parsing attributes in process `syz.2.875'. [ 222.957765][ T54] net_ratelimit: 7 callbacks suppressed [ 222.957780][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 223.101744][ T5747] Bluetooth: hci4: command 0x1003 tx timeout [ 223.103624][ T62] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 223.295976][ T1477] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 224.067321][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.127650][ T1477] usb 7-1: Using ep0 maxpacket: 16 [ 224.134884][ T1477] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 224.138714][ T1477] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 224.142352][ T1477] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 224.145637][ T1477] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 224.149285][ T1477] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 224.156081][ T1477] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 224.159114][ T1477] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 224.162151][ T1477] usb 7-1: Manufacturer: syz [ 224.168303][ T1477] usb 7-1: config 0 descriptor?? [ 224.204021][ T8935] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 224.286533][ T8937] Unsupported ieee802154 address type: 0 [ 224.417066][ T8946] bond0: option arp_interval: mode dependency failed, not supported in mode balance-alb(6) [ 224.468818][ T8948] netlink: 4 bytes leftover after parsing attributes in process `syz.3.884'. [ 224.492680][ T8948] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.496539][ T8948] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.500699][ T8948] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.504525][ T8948] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.508409][ T8948] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.513151][ T8948] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.517405][ T8948] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.521870][ T8948] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.563812][ T1477] rc_core: IR keymap rc-hauppauge not found [ 224.566034][ T1477] Registered IR keymap rc-empty [ 224.568403][ T1477] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 224.608900][ T1477] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 224.656327][ T8951] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 224.691384][ T1477] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 224.703027][ T1477] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input15 [ 224.708912][ T8926] netlink: 16 bytes leftover after parsing attributes in process `syz.2.876'. [ 224.804926][ T8926] bond3: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 224.832740][ T8957] netlink: 'syz.0.887': attribute type 3 has an invalid length. [ 224.840238][ T1477] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 224.843137][ T8926] bond3 (unregistering): Released all slaves [ 224.878901][ T1477] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 224.900508][ T1477] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 224.932850][ T1477] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 224.954941][ T1477] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 224.976506][ T1477] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 224.997809][ T1477] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 225.019932][ T1477] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 225.041114][ T1477] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 225.073771][ T1477] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 225.122479][ T8967] exFAT-fs (nbd3): unable to read boot sector [ 225.122778][ T1477] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 225.127211][ T8967] exFAT-fs (nbd3): failed to read boot sector [ 225.133094][ T1477] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 225.137453][ T8967] exFAT-fs (nbd3): failed to recognize exfat type [ 225.166587][ T1477] usb 7-1: USB disconnect, device number 8 [ 225.937219][ T8989] program syz.0.896 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 225.954421][ T8991] netlink: 'syz.2.897': attribute type 1 has an invalid length. [ 226.007803][ T8991] bond3: (slave veth3): Enslaving as an active interface with a down link [ 226.042699][ T8991] dummy0: left promiscuous mode [ 226.050664][ T8991] bond3: (slave dummy0): making interface the new active one [ 226.060356][ T8991] bond3: (slave dummy0): Enslaving as an active interface with an up link [ 226.071950][ T8991] netlink: 'syz.2.897': attribute type 10 has an invalid length. [ 226.076651][ T8991] netlink: 40 bytes leftover after parsing attributes in process `syz.2.897'. [ 226.080466][ T8991] dummy0: entered promiscuous mode [ 226.087952][ T8991] bond3: (slave dummy0): Releasing active interface [ 227.443655][ T9015] lo speed is unknown, defaulting to 1000 [ 228.027462][ T9048] bridge_slave_1: left allmulticast mode [ 228.067133][ T9048] bridge_slave_1: left promiscuous mode [ 228.075751][ T9048] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.107705][ T9048] bond0: (slave bond_slave_0): Releasing backup interface [ 228.119871][ T9048] bond0: (slave bond_slave_1): Releasing backup interface [ 228.145217][ T9048] team_slave_0: left promiscuous mode [ 228.150196][ T9048] team0: Port device team_slave_0 removed [ 228.155934][ T9048] team_slave_1: left promiscuous mode [ 228.161353][ T9048] team0: Port device team_slave_1 removed [ 228.165520][ T9048] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 228.168249][ T9048] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 228.194160][ T9054] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 228.196878][ T9061] 8021q: VLANs not supported on gre0 [ 228.209853][ T9054] overlayfs: failed to set xattr on upper [ 228.215660][ T9054] overlayfs: ...falling back to redirect_dir=nofollow. [ 228.226811][ T9054] overlayfs: ...falling back to index=off. [ 228.242666][ T9054] overlayfs: ...falling back to uuid=null. [ 228.248371][ T9066] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 228.283636][ T9054] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 228.286756][ T9054] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 228.310637][ T9054] vhci_hcd vhci_hcd.0: Device attached [ 228.527590][ T5841] IPVS: starting estimator thread 0... [ 228.535335][ T9076] tipc: Enabled bearer , priority 10 [ 228.574161][ T54] net_ratelimit: 260 callbacks suppressed [ 228.574180][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 228.610258][ T9068] vhci_hcd: connection closed [ 228.611708][ T218] vhci_hcd vhci_hcd.2: stop threads [ 228.616117][ T218] vhci_hcd vhci_hcd.2: release socket [ 228.617388][ T5849] usb 42-1: SetAddress Request (6) to port 0 [ 228.624354][ T218] vhci_hcd vhci_hcd.2: disconnect device [ 228.625764][ T5849] usb 42-1: new SuperSpeed USB device number 6 using vhci_hcd [ 228.660679][ T5849] usb 42-1: enqueue for inactive port 0 [ 228.661072][ T9077] IPVS: using max 32 ests per chain, 76800 per kthread [ 228.764038][ T9085] netlink: 146832 bytes leftover after parsing attributes in process `syz.3.925'. [ 228.921261][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 229.095020][ T5849] usb usb42-port1: attempt power cycle [ 229.260026][ T9095] netlink: 16 bytes leftover after parsing attributes in process `syz.0.927'. [ 230.180275][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 230.481741][ T5849] usb usb42-port1: unable to enumerate USB device [ 230.658869][ T9098] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 230.662412][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 230.670333][ T9097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 230.674762][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 230.678328][ T9097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 230.841520][ T9116] FAULT_INJECTION: forcing a failure. [ 230.841520][ T9116] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 230.845746][ T9116] CPU: 3 UID: 0 PID: 9116 Comm: syz.3.935 Tainted: G L syzkaller #0 PREEMPT(full) [ 230.845775][ T9116] Tainted: [L]=SOFTLOCKUP [ 230.845782][ T9116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 230.845792][ T9116] Call Trace: [ 230.845798][ T9116] [ 230.845805][ T9116] dump_stack_lvl+0x100/0x190 [ 230.845829][ T9116] should_fail_ex.cold+0x5/0xa [ 230.845848][ T9116] ? prepare_alloc_pages+0x16d/0x5f0 [ 230.845873][ T9116] should_fail_alloc_page+0xeb/0x140 [ 230.845894][ T9116] prepare_alloc_pages+0x1f0/0x5f0 [ 230.845917][ T9116] ? __lock_acquire+0x4a5/0x2630 [ 230.845945][ T9116] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 230.845984][ T9116] ? find_held_lock+0x2b/0x80 [ 230.846004][ T9116] ? is_bpf_text_address+0x8a/0x1a0 [ 230.846026][ T9116] ? is_bpf_text_address+0x8a/0x1a0 [ 230.846049][ T9116] ? bpf_ksym_find+0x124/0x1c0 [ 230.846067][ T9116] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 230.846093][ T9116] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 230.846118][ T9116] ? is_bpf_text_address+0x94/0x1a0 [ 230.846142][ T9116] ? kernel_text_address+0x8d/0x100 [ 230.846161][ T9116] ? __kernel_text_address+0xd/0x30 [ 230.846178][ T9116] ? unwind_get_return_address+0x59/0xa0 [ 230.846209][ T9116] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 230.846232][ T9116] ? policy_nodemask+0xed/0x4f0 [ 230.846252][ T9116] alloc_pages_mpol+0x1fb/0x540 [ 230.846272][ T9116] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 230.846288][ T9116] ? kasan_save_stack+0x30/0x50 [ 230.846307][ T9116] ? __kasan_kmalloc+0xaa/0xb0 [ 230.846322][ T9116] ? __get_vm_area_node+0x101/0x330 [ 230.846339][ T9116] ? __vmalloc_node_range_noprof+0x228/0x1630 [ 230.846368][ T9116] alloc_pages_noprof+0x1a/0x160 [ 230.846396][ T9116] get_free_pages_noprof+0x10/0xb0 [ 230.846415][ T9116] __kasan_populate_vmalloc+0xa0/0x210 [ 230.846445][ T9116] alloc_vmap_area+0x95d/0x2b70 [ 230.846473][ T9114] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 230.846475][ T9116] ? __pfx_alloc_vmap_area+0x10/0x10 [ 230.846501][ T9116] __get_vm_area_node+0x1ca/0x330 [ 230.846527][ T9116] __vmalloc_node_range_noprof+0x228/0x1630 [ 230.846550][ T9116] ? bpf_check+0x1dd/0xabe0 [ 230.846578][ T9116] ? bpf_check+0x1dd/0xabe0 [ 230.846597][ T9116] ? rcu_read_unlock+0x17/0x60 [ 230.846617][ T9116] ? rcu_read_unlock+0x17/0x60 [ 230.846637][ T9116] ? find_held_lock+0x2b/0x80 [ 230.846661][ T9116] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 230.846684][ T9116] ? rcu_is_watching+0x12/0xc0 [ 230.846707][ T9116] ? trace_kmalloc+0xe3/0x110 [ 230.846725][ T9116] ? __kmalloc_large_node_noprof+0x5d/0x70 [ 230.846748][ T9116] ? bpf_check+0x1dd/0xabe0 [ 230.846766][ T9116] __vmalloc_node_noprof+0xad/0xf0 [ 230.846789][ T9116] ? bpf_check+0x1dd/0xabe0 [ 230.846810][ T9116] bpf_check+0x1dd/0xabe0 [ 230.846835][ T9116] ? __css_rstat_updated+0x1ce/0x5a0 [ 230.846860][ T9116] ? __lock_acquire+0x4a5/0x2630 [ 230.846885][ T9116] ? __pfx___css_rstat_updated+0x10/0x10 [ 230.846917][ T9116] ? __lock_acquire+0x4a5/0x2630 [ 230.846943][ T9116] ? __pfx_bpf_check+0x10/0x10 [ 230.846962][ T9116] ? find_held_lock+0x2b/0x80 [ 230.846987][ T9116] ? find_held_lock+0x2b/0x80 [ 230.847007][ T9116] ? bpf_prog_load+0x1b23/0x2b30 [ 230.847033][ T9116] ? rcu_is_watching+0x12/0xc0 [ 230.847053][ T9116] ? __asan_memset+0x23/0x50 [ 230.847075][ T9116] ? lsm_blob_alloc+0x2b/0x90 [ 230.847101][ T9116] ? bpf_prog_load+0x1c0f/0x2b30 [ 230.847124][ T9116] bpf_prog_load+0x1c0f/0x2b30 [ 230.847151][ T9116] ? __pfx_bpf_prog_load+0x10/0x10 [ 230.847196][ T9116] ? bpf_lsm_bpf+0x9/0x10 [ 230.847216][ T9116] __sys_bpf+0x223a/0x4b90 [ 230.847236][ T9116] ? __pfx___sys_bpf+0x10/0x10 [ 230.847249][ T9116] ? get_pid_task+0x106/0x250 [ 230.847274][ T9116] ? proc_fail_nth_write+0x9f/0x220 [ 230.847301][ T9116] ? find_held_lock+0x2b/0x80 [ 230.847325][ T9116] ? find_held_lock+0x2b/0x80 [ 230.847346][ T9116] ? ksys_write+0x190/0x250 [ 230.847370][ T9116] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 230.847402][ T9116] ? kernel_write+0x603/0x6c0 [ 230.847433][ T9116] ? fput+0x79/0x100 [ 230.847455][ T9116] ? ksys_write+0x1ac/0x250 [ 230.847478][ T9116] __ia32_sys_bpf+0x79/0xf0 [ 230.847497][ T9116] ? lockdep_hardirqs_on+0x78/0x100 [ 230.847520][ T9116] __do_fast_syscall_32+0xe7/0x970 [ 230.847546][ T9116] ? lockdep_hardirqs_on+0x78/0x100 [ 230.847572][ T9116] do_fast_syscall_32+0x32/0x70 [ 230.847595][ T9116] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 230.847615][ T9116] RIP: 0023:0xf708ef7c [ 230.847628][ T9116] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 230.847643][ T9116] RSP: 002b:00000000f547d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 230.847660][ T9116] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800000c0 [ 230.847671][ T9116] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 230.847680][ T9116] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 230.847689][ T9116] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 230.847700][ T9116] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 230.847723][ T9116] [ 230.847757][ T9116] syz.3.935: vmalloc error: size 2720, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 231.067372][ T9116] CPU: 1 UID: 0 PID: 9116 Comm: syz.3.935 Tainted: G L syzkaller #0 PREEMPT(full) [ 231.067393][ T9116] Tainted: [L]=SOFTLOCKUP [ 231.067397][ T9116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 231.067404][ T9116] Call Trace: [ 231.067408][ T9116] [ 231.067412][ T9116] dump_stack_lvl+0x100/0x190 [ 231.067428][ T9116] warn_alloc.cold+0x95/0x1c1 [ 231.067439][ T9116] ? __pfx_warn_alloc+0x10/0x10 [ 231.067456][ T9116] ? lockdep_hardirqs_on+0x78/0x100 [ 231.067473][ T9116] ? __get_vm_area_node+0x2cd/0x330 [ 231.067490][ T9116] ? __get_vm_area_node+0x208/0x330 [ 231.067505][ T9116] __vmalloc_node_range_noprof+0xccd/0x1630 [ 231.067524][ T9116] ? bpf_check+0x1dd/0xabe0 [ 231.067537][ T9116] ? rcu_read_unlock+0x17/0x60 [ 231.067550][ T9116] ? rcu_read_unlock+0x17/0x60 [ 231.067563][ T9116] ? find_held_lock+0x2b/0x80 [ 231.067578][ T9116] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 231.067594][ T9116] ? rcu_is_watching+0x12/0xc0 [ 231.067608][ T9116] ? trace_kmalloc+0xe3/0x110 [ 231.067620][ T9116] ? __kmalloc_large_node_noprof+0x5d/0x70 [ 231.067635][ T9116] ? bpf_check+0x1dd/0xabe0 [ 231.067647][ T9116] __vmalloc_node_noprof+0xad/0xf0 [ 231.067661][ T9116] ? bpf_check+0x1dd/0xabe0 [ 231.067675][ T9116] bpf_check+0x1dd/0xabe0 [ 231.067691][ T9116] ? __css_rstat_updated+0x1ce/0x5a0 [ 231.067707][ T9116] ? __lock_acquire+0x4a5/0x2630 [ 231.067725][ T9116] ? __pfx___css_rstat_updated+0x10/0x10 [ 231.067745][ T9116] ? __lock_acquire+0x4a5/0x2630 [ 231.067761][ T9116] ? __pfx_bpf_check+0x10/0x10 [ 231.067788][ T9116] ? find_held_lock+0x2b/0x80 [ 231.067806][ T9116] ? find_held_lock+0x2b/0x80 [ 231.067818][ T9116] ? bpf_prog_load+0x1b23/0x2b30 [ 231.067834][ T9116] ? rcu_is_watching+0x12/0xc0 [ 231.067847][ T9116] ? __asan_memset+0x23/0x50 [ 231.067862][ T9116] ? lsm_blob_alloc+0x2b/0x90 [ 231.067880][ T9116] ? bpf_prog_load+0x1c0f/0x2b30 [ 231.067896][ T9116] bpf_prog_load+0x1c0f/0x2b30 [ 231.067916][ T9116] ? __pfx_bpf_prog_load+0x10/0x10 [ 231.067944][ T9116] ? bpf_lsm_bpf+0x9/0x10 [ 231.067956][ T9116] __sys_bpf+0x223a/0x4b90 [ 231.067968][ T9116] ? __pfx___sys_bpf+0x10/0x10 [ 231.067976][ T9116] ? get_pid_task+0x106/0x250 [ 231.067992][ T9116] ? proc_fail_nth_write+0x9f/0x220 [ 231.068009][ T9116] ? find_held_lock+0x2b/0x80 [ 231.068025][ T9116] ? find_held_lock+0x2b/0x80 [ 231.068038][ T9116] ? ksys_write+0x190/0x250 [ 231.068052][ T9116] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 231.068067][ T9116] ? kernel_write+0x603/0x6c0 [ 231.068086][ T9116] ? fput+0x79/0x100 [ 231.068101][ T9116] ? ksys_write+0x1ac/0x250 [ 231.068114][ T9116] __ia32_sys_bpf+0x79/0xf0 [ 231.068124][ T9116] ? lockdep_hardirqs_on+0x78/0x100 [ 231.068139][ T9116] __do_fast_syscall_32+0xe7/0x970 [ 231.068154][ T9116] ? lockdep_hardirqs_on+0x78/0x100 [ 231.068170][ T9116] do_fast_syscall_32+0x32/0x70 [ 231.068186][ T9116] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 231.068200][ T9116] RIP: 0023:0xf708ef7c [ 231.068210][ T9116] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 231.068225][ T9116] RSP: 002b:00000000f547d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 231.068236][ T9116] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800000c0 [ 231.068243][ T9116] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 231.068249][ T9116] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 231.068254][ T9116] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 231.068260][ T9116] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 231.068273][ T9116] [ 231.068322][ T9116] Mem-Info: [ 231.198862][ T9116] active_anon:9047 inactive_anon:58 isolated_anon:0 [ 231.198862][ T9116] active_file:9597 inactive_file:2038 isolated_file:0 [ 231.198862][ T9116] unevictable:1769 dirty:310 writeback:0 [ 231.198862][ T9116] slab_reclaimable:7160 slab_unreclaimable:55452 [ 231.198862][ T9116] mapped:24133 shmem:4384 pagetables:1507 [ 231.198862][ T9116] sec_pagetables:312 bounce:0 [ 231.198862][ T9116] kernel_misc_reclaimable:0 [ 231.198862][ T9116] free:73740 free_pcp:17130 free_cma:0 [ 231.212748][ T9116] Node 0 active_anon:0kB inactive_anon:152kB active_file:5388kB inactive_file:304kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:144kB dirty:12kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8212kB pagetables:1308kB sec_pagetables:1136kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 231.226416][ T9116] Node 1 active_anon:36188kB inactive_anon:80kB active_file:33000kB inactive_file:7848kB unevictable:3540kB isolated(anon):0kB isolated(file):0kB mapped:96388kB dirty:1228kB writeback:0kB shmem:14000kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5876kB pagetables:4620kB sec_pagetables:112kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 231.240349][ T9116] Node 0 DMA free:2052kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:48kB active_file:0kB inactive_file:92kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:420kB local_pcp:72kB free_cma:0kB [ 231.250296][ T9116] lowmem_reserve[]: 0 285 285 285 285 [ 231.252091][ T9116] Node 0 DMA32 free:18008kB boost:4096kB min:17192kB low:20464kB high:23736kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:104kB active_file:5388kB inactive_file:212kB unevictable:3536kB writepending:12kB zspages:0kB present:1032196kB managed:292748kB mlocked:0kB bounce:0kB free_pcp:9332kB local_pcp:972kB free_cma:0kB [ 231.262460][ T9116] lowmem_reserve[]: 0 0 0 0 0 [ 231.263950][ T9116] Node 1 DMA32 free:274868kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36220kB inactive_anon:80kB active_file:33000kB inactive_file:7848kB unevictable:3540kB writepending:1228kB zspages:2504kB present:1048432kB managed:948212kB mlocked:4kB bounce:0kB free_pcp:59048kB local_pcp:25400kB free_cma:0kB [ 231.274555][ T9116] lowmem_reserve[]: 0 0 0 0 0 [ 231.276100][ T9116] Node 0 DMA: 3*4kB (U) 1*8kB (U) 1*16kB (M) 7*32kB (UM) 8*64kB (UM) 0*128kB 1*256kB (M) 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 2052kB [ 231.281024][ T9116] Node 0 DMA32: 576*4kB (UME) 245*8kB (UME) 69*16kB (UME) 113*32kB (UME) 27*64kB (UME) 11*128kB (UM) 11*256kB (UME) 2*512kB (M) 2*1024kB (ME) 0*2048kB 0*4096kB = 18008kB [ 231.286421][ T9116] Node 1 DMA32: 1204*4kB (UME) 1216*8kB (UME) 933*16kB (UME) 205*32kB (UME) 261*64kB (UME) 276*128kB (UME) 108*256kB (UME) 43*512kB (UME) 14*1024kB (UM) 8*2048kB (UM) 26*4096kB (UM) = 274944kB [ 231.292280][ T9116] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 231.295960][ T9116] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 231.299303][ T9116] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 231.302114][ T9116] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 231.305857][ T9116] 17113 total pagecache pages [ 231.307380][ T9116] 1104 pages in swap cache [ 231.308828][ T9116] Free swap = 116472kB [ 231.310147][ T9116] Total swap = 124996kB [ 231.311432][ T9116] 524155 pages RAM [ 231.312593][ T9116] 0 pages HighMem/MovableOnly [ 231.314130][ T9116] 210075 pages reserved [ 231.315418][ T9116] 0 pages cma reserved [ 231.337795][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.476541][ T9146] netlink: 'syz.0.944': attribute type 30 has an invalid length. [ 232.561729][ T9150] netlink: 12 bytes leftover after parsing attributes in process `syz.2.945'. [ 232.587392][ T9150] 8021q: adding VLAN 0 to HW filter on device bond4 [ 232.594582][ T1477] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 232.615511][ T9150] netlink: 44 bytes leftover after parsing attributes in process `syz.2.945'. [ 232.698185][ T9158] f2fs: Unknown parameter 'disca‘d' [ 232.705505][ T9159] binder: BINDER_SET_CONTEXT_MGR already set [ 232.707387][ T9159] binder: 9157:9159 ioctl 4018620d 80004a80 returned -16 [ 232.942325][ T1477] usb 6-1: Using ep0 maxpacket: 16 [ 232.949849][ T1477] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 232.973872][ T1477] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 232.992689][ T1477] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 232.995893][ T1477] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 232.999246][ T1477] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 233.011902][ T1477] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 233.013057][ T9164] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.948'. [ 233.015245][ T1477] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 233.021792][ T1477] usb 6-1: Manufacturer: syz [ 233.033863][ T1477] usb 6-1: config 0 descriptor?? [ 233.297460][ T9138] overlayfs: missing 'lowerdir' [ 233.334842][ T9138] netlink: 16 bytes leftover after parsing attributes in process `syz.1.941'. [ 233.436653][ T9138] bond4: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 233.538646][ T9138] bond4 (unregistering): Released all slaves [ 233.912986][ T1477] rc_core: IR keymap rc-hauppauge not found [ 233.917601][ T1477] Registered IR keymap rc-empty [ 233.919350][ T1477] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 233.924464][ T9182] netlink: 4 bytes leftover after parsing attributes in process `syz.0.951'. [ 233.940154][ T1477] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 233.961095][ T1477] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 233.973660][ T1477] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input16 [ 234.006003][ T1477] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 234.036117][ T1477] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 234.057728][ T1477] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 234.074414][ T9191] netlink: 36 bytes leftover after parsing attributes in process `syz.3.953'. [ 234.090381][ T1477] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 234.114421][ T1477] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 234.133593][ T1477] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 234.167304][ T1477] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 234.198625][ T1477] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 234.220295][ T1477] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 234.253486][ T1477] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 234.275886][ T1477] mceusb 6-1:0.0: Registered with mce emulator interface version 1 [ 234.281865][ T1477] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 234.289878][ T1477] usb 6-1: USB disconnect, device number 12 [ 234.322727][ T9204] net_ratelimit: 3 callbacks suppressed [ 234.322741][ T9204] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 234.722242][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.511950][ T857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.643156][ T9232] lo speed is unknown, defaulting to 1000 [ 235.789273][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.856896][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 236.020772][ T857] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 236.057840][ T857] hid-generic 0000:0000:0000.0007: hidraw1: HID v0.00 Device [syz1] on syz0 [ 236.204216][ T9243] netlink: 4 bytes leftover after parsing attributes in process `syz.2.968'. [ 236.775065][ T9258] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 237.697757][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 238.329852][ T9268] netlink: 8 bytes leftover after parsing attributes in process `syz.2.976'. [ 238.364381][ T9270] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 238.371274][ T9268] netlink: 'syz.2.976': attribute type 1 has an invalid length. [ 238.560998][ T9275] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 238.583895][ T9275] fuse: Bad value for 'fd' [ 238.603917][ T9281] 9pnet_fd: Insufficient options for proto=fd [ 238.794947][ T857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 238.798262][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 239.155780][ T9290] netlink: 'syz.2.984': attribute type 5 has an invalid length. [ 239.214944][ T9292] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 239.413703][ T9300] overlayfs: failed lookup in lower (newroot/228, name='file1', err=-40): overlapping layers [ 239.471281][ T9302] netlink: 'syz.1.988': attribute type 30 has an invalid length. [ 239.839547][ T9304] netlink: 36 bytes leftover after parsing attributes in process `syz.0.989'. [ 239.897988][ T9306] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 239.916451][ T9306] fuse: Bad value for 'fd' [ 240.028290][ T9310] netlink: 'syz.0.992': attribute type 1 has an invalid length. [ 240.068490][ T40] kauditd_printk_skb: 15 callbacks suppressed [ 240.068501][ T40] audit: type=1400 audit(1780649519.822:54): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147C8A3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F041 [ 240.079143][ T9310] bond3: (slave gretap2): making interface the new active one [ 240.116504][ T9310] bond3: (slave gretap2): Enslaving as an active interface with an up link [ 240.145947][ T9310] netlink: 28 bytes leftover after parsing attributes in process `syz.0.992'. [ 240.155134][ T9310] bond3: entered promiscuous mode [ 240.157166][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 240.162348][ T9310] gretap2: entered promiscuous mode [ 240.164632][ T9310] 8021q: adding VLAN 0 to HW filter on device bond3 [ 240.181578][ T9310] netlink: 'syz.0.992': attribute type 2 has an invalid length. [ 241.310968][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 241.603404][ T9328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.997'. [ 241.796908][ T9337] dvmrp0: entered allmulticast mode [ 241.962615][ T9339] FAULT_INJECTION: forcing a failure. [ 241.962615][ T9339] name failslab, interval 1, probability 0, space 0, times 0 [ 241.967578][ T9339] CPU: 1 UID: 0 PID: 9339 Comm: syz.2.1002 Tainted: G L syzkaller #0 PREEMPT(full) [ 241.967598][ T9339] Tainted: [L]=SOFTLOCKUP [ 241.967602][ T9339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 241.967610][ T9339] Call Trace: [ 241.967614][ T9339] [ 241.967620][ T9339] dump_stack_lvl+0x100/0x190 [ 241.967636][ T9339] should_fail_ex.cold+0x5/0xa [ 241.967651][ T9339] should_failslab+0xc2/0x120 [ 241.967666][ T9339] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 241.967686][ T9339] ? alloc_vmap_area+0x640/0x2b70 [ 241.967702][ T9339] alloc_vmap_area+0x640/0x2b70 [ 241.967722][ T9339] ? __pfx_alloc_vmap_area+0x10/0x10 [ 241.967743][ T9339] __get_vm_area_node+0x1ca/0x330 [ 241.967760][ T9339] __vmalloc_node_range_noprof+0x228/0x1630 [ 241.967777][ T9339] ? bpf_check+0x1dd/0xabe0 [ 241.967797][ T9339] ? bpf_check+0x1dd/0xabe0 [ 241.967810][ T9339] ? rcu_read_unlock+0x17/0x60 [ 241.967825][ T9339] ? rcu_read_unlock+0x17/0x60 [ 241.967840][ T9339] ? find_held_lock+0x2b/0x80 [ 241.967857][ T9339] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 241.967874][ T9339] ? rcu_is_watching+0x12/0xc0 [ 241.967890][ T9339] ? trace_kmalloc+0xe3/0x110 [ 241.967903][ T9339] ? __kmalloc_large_node_noprof+0x5d/0x70 [ 241.967920][ T9339] ? bpf_check+0x1dd/0xabe0 [ 241.967934][ T9339] __vmalloc_node_noprof+0xad/0xf0 [ 241.967950][ T9339] ? bpf_check+0x1dd/0xabe0 [ 241.967965][ T9339] bpf_check+0x1dd/0xabe0 [ 241.967984][ T9339] ? __css_rstat_updated+0x1ce/0x5a0 [ 241.968002][ T9339] ? __lock_acquire+0x4a5/0x2630 [ 241.968020][ T9339] ? __pfx___css_rstat_updated+0x10/0x10 [ 241.968042][ T9339] ? __lock_acquire+0x4a5/0x2630 [ 241.968061][ T9339] ? __pfx_bpf_check+0x10/0x10 [ 241.968076][ T9339] ? find_held_lock+0x2b/0x80 [ 241.968095][ T9339] ? find_held_lock+0x2b/0x80 [ 241.968109][ T9339] ? bpf_prog_load+0x1b23/0x2b30 [ 241.968128][ T9339] ? rcu_is_watching+0x12/0xc0 [ 241.968142][ T9339] ? __asan_memset+0x23/0x50 [ 241.968160][ T9339] ? lsm_blob_alloc+0x2b/0x90 [ 241.968180][ T9339] ? bpf_prog_load+0x1c0f/0x2b30 [ 241.968198][ T9339] bpf_prog_load+0x1c0f/0x2b30 [ 241.968220][ T9339] ? __pfx_bpf_prog_load+0x10/0x10 [ 241.968271][ T9339] ? bpf_lsm_bpf+0x9/0x10 [ 241.968288][ T9339] __sys_bpf+0x223a/0x4b90 [ 241.968301][ T9339] ? __pfx___sys_bpf+0x10/0x10 [ 241.968311][ T9339] ? get_pid_task+0x106/0x250 [ 241.968329][ T9339] ? proc_fail_nth_write+0x9f/0x220 [ 241.968348][ T9339] ? find_held_lock+0x2b/0x80 [ 241.968366][ T9339] ? find_held_lock+0x2b/0x80 [ 241.968381][ T9339] ? ksys_write+0x190/0x250 [ 241.968398][ T9339] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 241.968416][ T9339] ? kernel_write+0x603/0x6c0 [ 241.968438][ T9339] ? fput+0x79/0x100 [ 241.968455][ T9339] ? ksys_write+0x1ac/0x250 [ 241.968471][ T9339] __ia32_sys_bpf+0x79/0xf0 [ 241.968482][ T9339] ? lockdep_hardirqs_on+0x78/0x100 [ 241.968499][ T9339] __do_fast_syscall_32+0xe7/0x970 [ 241.968517][ T9339] ? lockdep_hardirqs_on+0x78/0x100 [ 241.968535][ T9339] do_fast_syscall_32+0x32/0x70 [ 241.968553][ T9339] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 241.968568][ T9339] RIP: 0023:0xf7f56f7c [ 241.968578][ T9339] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 241.968591][ T9339] RSP: 002b:00000000f541650c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 241.968603][ T9339] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800000c0 [ 241.968611][ T9339] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 241.968617][ T9339] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 241.968624][ T9339] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 241.968658][ T9339] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 241.968682][ T9339] [ 241.968808][ T9339] syz.2.1002: vmalloc error: size 2720, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 242.095160][ T857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 242.098246][ T9339] ,cpuset=/,mems_allowed=0-1 [ 242.120481][ T9339] CPU: 1 UID: 0 PID: 9339 Comm: syz.2.1002 Tainted: G L syzkaller #0 PREEMPT(full) [ 242.120505][ T9339] Tainted: [L]=SOFTLOCKUP [ 242.120511][ T9339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 242.120520][ T9339] Call Trace: [ 242.120527][ T9339] [ 242.120534][ T9339] dump_stack_lvl+0x100/0x190 [ 242.120555][ T9339] warn_alloc.cold+0x95/0x1c1 [ 242.120574][ T9339] ? __pfx_warn_alloc+0x10/0x10 [ 242.120598][ T9339] ? lockdep_hardirqs_on+0x78/0x100 [ 242.120623][ T9339] ? __get_vm_area_node+0x2cd/0x330 [ 242.120677][ T9339] ? __get_vm_area_node+0x208/0x330 [ 242.120703][ T9339] __vmalloc_node_range_noprof+0xccd/0x1630 [ 242.120735][ T9339] ? bpf_check+0x1dd/0xabe0 [ 242.120754][ T9339] ? rcu_read_unlock+0x17/0x60 [ 242.120773][ T9339] ? rcu_read_unlock+0x17/0x60 [ 242.120792][ T9339] ? find_held_lock+0x2b/0x80 [ 242.120815][ T9339] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 242.120837][ T9339] ? rcu_is_watching+0x12/0xc0 [ 242.120874][ T9339] ? trace_kmalloc+0xe3/0x110 [ 242.120892][ T9339] ? __kmalloc_large_node_noprof+0x5d/0x70 [ 242.120914][ T9339] ? bpf_check+0x1dd/0xabe0 [ 242.120931][ T9339] __vmalloc_node_noprof+0xad/0xf0 [ 242.120952][ T9339] ? bpf_check+0x1dd/0xabe0 [ 242.120973][ T9339] bpf_check+0x1dd/0xabe0 [ 242.121007][ T9339] ? __css_rstat_updated+0x1ce/0x5a0 [ 242.121031][ T9339] ? __lock_acquire+0x4a5/0x2630 [ 242.121055][ T9339] ? __pfx___css_rstat_updated+0x10/0x10 [ 242.121085][ T9339] ? __lock_acquire+0x4a5/0x2630 [ 242.121108][ T9339] ? __pfx_bpf_check+0x10/0x10 [ 242.121126][ T9339] ? find_held_lock+0x2b/0x80 [ 242.121153][ T9339] ? find_held_lock+0x2b/0x80 [ 242.121171][ T9339] ? bpf_prog_load+0x1b23/0x2b30 [ 242.121195][ T9339] ? rcu_is_watching+0x12/0xc0 [ 242.121214][ T9339] ? __asan_memset+0x23/0x50 [ 242.121238][ T9339] ? lsm_blob_alloc+0x2b/0x90 [ 242.121263][ T9339] ? bpf_prog_load+0x1c0f/0x2b30 [ 242.121286][ T9339] bpf_prog_load+0x1c0f/0x2b30 [ 242.121315][ T9339] ? __pfx_bpf_prog_load+0x10/0x10 [ 242.121357][ T9339] ? bpf_lsm_bpf+0x9/0x10 [ 242.121376][ T9339] __sys_bpf+0x223a/0x4b90 [ 242.121394][ T9339] ? __pfx___sys_bpf+0x10/0x10 [ 242.121407][ T9339] ? get_pid_task+0x106/0x250 [ 242.121430][ T9339] ? proc_fail_nth_write+0x9f/0x220 [ 242.121454][ T9339] ? find_held_lock+0x2b/0x80 [ 242.121477][ T9339] ? find_held_lock+0x2b/0x80 [ 242.121497][ T9339] ? ksys_write+0x190/0x250 [ 242.121519][ T9339] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 242.121542][ T9339] ? kernel_write+0x603/0x6c0 [ 242.121572][ T9339] ? fput+0x79/0x100 [ 242.121592][ T9339] ? ksys_write+0x1ac/0x250 [ 242.121613][ T9339] __ia32_sys_bpf+0x79/0xf0 [ 242.121629][ T9339] ? lockdep_hardirqs_on+0x78/0x100 [ 242.121650][ T9339] __do_fast_syscall_32+0xe7/0x970 [ 242.121676][ T9339] ? lockdep_hardirqs_on+0x78/0x100 [ 242.121699][ T9339] do_fast_syscall_32+0x32/0x70 [ 242.121722][ T9339] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 242.121742][ T9339] RIP: 0023:0xf7f56f7c [ 242.121757][ T9339] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 242.121772][ T9339] RSP: 002b:00000000f541650c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 242.121811][ T9339] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800000c0 [ 242.121821][ T9339] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 242.121830][ T9339] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 242.121838][ T9339] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 242.121848][ T9339] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 242.121868][ T9339] [ 242.255893][ T9339] Mem-Info: [ 242.256992][ T9339] active_anon:15997 inactive_anon:51 isolated_anon:0 [ 242.256992][ T9339] active_file:11549 inactive_file:2056 isolated_file:0 [ 242.256992][ T9339] unevictable:1768 dirty:187 writeback:0 [ 242.256992][ T9339] slab_reclaimable:7221 slab_unreclaimable:55448 [ 242.256992][ T9339] mapped:27942 shmem:11281 pagetables:1446 [ 242.256992][ T9339] sec_pagetables:312 bounce:0 [ 242.256992][ T9339] kernel_misc_reclaimable:0 [ 242.256992][ T9339] free:62315 free_pcp:19091 free_cma:0 [ 242.287817][ T9339] Node 0 active_anon:28kB inactive_anon:124kB active_file:5388kB inactive_file:304kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:140kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8204kB pagetables:1308kB sec_pagetables:1136kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 242.300693][ T9339] Node 1 active_anon:61760kB inactive_anon:80kB active_file:40808kB inactive_file:7920kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:111628kB dirty:748kB writeback:0kB shmem:39188kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5896kB pagetables:4476kB sec_pagetables:112kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 242.314434][ T9339] Node 0 DMA free:2052kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28kB inactive_anon:20kB active_file:0kB inactive_file:92kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:420kB local_pcp:72kB free_cma:0kB [ 242.325382][ T9339] lowmem_reserve[]: 0 285 285 285 285 [ 242.328146][ T9339] Node 0 DMA32 free:17944kB boost:4096kB min:17192kB low:20464kB high:23736kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:104kB active_file:5388kB inactive_file:212kB unevictable:3536kB writepending:0kB zspages:0kB present:1032196kB managed:292748kB mlocked:0kB bounce:0kB free_pcp:9544kB local_pcp:972kB free_cma:0kB [ 242.341325][ T9339] lowmem_reserve[]: 0 0 0 0 0 [ 242.343483][ T9339] Node 1 DMA32 free:232864kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:59460kB inactive_anon:80kB active_file:40808kB inactive_file:7920kB unevictable:3536kB writepending:748kB zspages:2488kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:68280kB local_pcp:14328kB free_cma:0kB [ 242.357778][ T9339] lowmem_reserve[]: 0 0 0 0 0 [ 242.359631][ T9339] Node 0 DMA: 3*4kB (U) 1*8kB (U) 1*16kB (M) 7*32kB (UM) 8*64kB (UM) 0*128kB 1*256kB (M) 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 2052kB [ 242.365326][ T9339] Node 0 DMA32: 576*4kB (UME) 245*8kB (UME) 69*16kB (UME) 113*32kB (UME) 28*64kB (UME) 10*128kB (UM) 11*256kB (UME) 2*512kB (M) 2*1024kB (ME) 0*2048kB 0*4096kB = 17944kB [ 242.372385][ T9339] Node 1 DMA32: 8*4kB (UME) 746*8kB (UME) 940*16kB (UME) 73*32kB (UME) 121*64kB (UME) 236*128kB (UME) 113*256kB (UME) 47*512kB (UME) 14*1024kB (UM) 3*2048kB (M) 24*4096kB (UM) = 233104kB [ 242.379628][ T9339] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 242.383191][ T9339] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 242.386887][ T9339] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 242.390610][ T9339] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 242.394888][ T9339] 24124 total pagecache pages [ 242.396875][ T9339] 1117 pages in swap cache [ 242.398778][ T9339] Free swap = 116472kB [ 242.400540][ T9339] Total swap = 124996kB [ 242.402273][ T9339] 524155 pages RAM [ 242.404385][ T9339] 0 pages HighMem/MovableOnly [ 242.406303][ T9339] 210075 pages reserved [ 242.407983][ T9339] 0 pages cma reserved [ 242.435397][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 242.516278][ T9343] tipc: Enabled bearer , priority 0 [ 242.605422][ T9345] FAULT_INJECTION: forcing a failure. [ 242.605422][ T9345] name failslab, interval 1, probability 0, space 0, times 0 [ 242.610438][ T9345] CPU: 2 UID: 0 PID: 9345 Comm: syz.1.1006 Tainted: G L syzkaller #0 PREEMPT(full) [ 242.610458][ T9345] Tainted: [L]=SOFTLOCKUP [ 242.610463][ T9345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 242.610470][ T9345] Call Trace: [ 242.610474][ T9345] [ 242.610480][ T9345] dump_stack_lvl+0x100/0x190 [ 242.610497][ T9345] should_fail_ex.cold+0x5/0xa [ 242.610513][ T9345] should_failslab+0xc2/0x120 [ 242.610528][ T9345] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 242.610546][ T9345] ? ptlock_alloc+0x1f/0x70 [ 242.610567][ T9345] ptlock_alloc+0x1f/0x70 [ 242.610584][ T9345] pte_alloc_one+0x82/0x3d0 [ 242.610600][ T9345] __pte_alloc+0x6d/0x380 [ 242.610614][ T9345] ? __pfx___pte_alloc+0x10/0x10 [ 242.610628][ T9345] ? walk_to_pmd+0x302/0x4c0 [ 242.610645][ T9345] get_locked_pte+0xa1/0xc0 [ 242.610661][ T9345] insert_page+0xcc/0x220 [ 242.610677][ T9345] ? __pfx_insert_page+0x10/0x10 [ 242.610697][ T9345] vm_insert_page+0x2c0/0x400 [ 242.610721][ T9345] binder_alloc_new_buf+0x21dd/0x30b0 [ 242.610745][ T9345] ? __pfx_binder_alloc_new_buf+0x10/0x10 [ 242.610766][ T9345] binder_transaction+0x1eb0/0x9c10 [ 242.610787][ T9345] ? ima_match_policy+0x8c4/0x2350 [ 242.610803][ T9345] ? ima_match_policy+0x8c4/0x2350 [ 242.610824][ T9345] ? __lock_acquire+0x4a5/0x2630 [ 242.610843][ T9345] ? __pfx_binder_transaction+0x10/0x10 [ 242.610859][ T9345] ? __lock_acquire+0x4a5/0x2630 [ 242.610881][ T9345] ? __lock_acquire+0x4a5/0x2630 [ 242.610903][ T9345] ? __lock_acquire+0x4a5/0x2630 [ 242.610930][ T9345] ? __lock_acquire+0x4a5/0x2630 [ 242.610949][ T9345] ? __lock_acquire+0x4a5/0x2630 [ 242.610972][ T9345] ? is_bpf_text_address+0x94/0x1a0 [ 242.610995][ T9345] ? find_held_lock+0x2b/0x80 [ 242.611010][ T9345] ? __might_fault+0xc5/0x140 [ 242.611029][ T9345] ? __might_fault+0xc5/0x140 [ 242.611054][ T9345] binder_thread_write+0x1303/0x4db0 [ 242.611076][ T9345] ? __lock_acquire+0x4a5/0x2630 [ 242.611095][ T9345] ? __pfx_binder_thread_write+0x10/0x10 [ 242.611112][ T9345] ? binder_debug+0xe0/0x190 [ 242.611124][ T9345] ? __pfx_binder_debug+0x10/0x10 [ 242.611138][ T9345] ? binder_debug+0xe0/0x190 [ 242.611150][ T9345] ? __pfx_binder_debug+0x10/0x10 [ 242.611171][ T9345] ? __pfx_binder_ioctl+0x10/0x10 [ 242.611187][ T9345] binder_ioctl+0x28f8/0x7550 [ 242.611204][ T9345] ? find_held_lock+0x2b/0x80 [ 242.611220][ T9345] ? tomoyo_path_number_perm+0x28f/0x580 [ 242.611235][ T9345] ? tomoyo_path_number_perm+0x28f/0x580 [ 242.611253][ T9345] ? tomoyo_path_number_perm+0x188/0x580 [ 242.611270][ T9345] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 242.611286][ T9345] ? __pfx_binder_ioctl+0x10/0x10 [ 242.611305][ T9345] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 242.611323][ T9345] ? do_vfs_ioctl+0x226/0x13e0 [ 242.611336][ T9345] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 242.611352][ T9345] ? find_held_lock+0x2b/0x80 [ 242.611366][ T9345] ? __fget_files+0x215/0x3d0 [ 242.611379][ T9345] ? hook_file_ioctl_common+0x149/0x410 [ 242.611397][ T9345] ? __fget_files+0x21f/0x3d0 [ 242.611413][ T9345] ? __pfx_binder_ioctl+0x10/0x10 [ 242.611426][ T9345] compat_ptr_ioctl+0x6e/0xa0 [ 242.611454][ T9345] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 242.611467][ T9345] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 242.611481][ T9345] __do_fast_syscall_32+0xe7/0x970 [ 242.611500][ T9345] ? lockdep_hardirqs_on+0x78/0x100 [ 242.611518][ T9345] do_fast_syscall_32+0x32/0x70 [ 242.611536][ T9345] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 242.611551][ T9345] RIP: 0023:0xf7f02f7c [ 242.611562][ T9345] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 242.611575][ T9345] RSP: 002b:00000000f53c650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 242.611587][ T9345] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201 [ 242.611594][ T9345] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 242.611601][ T9345] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 242.611608][ T9345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 242.611615][ T9345] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 242.611630][ T9345] [ 242.611782][ T9345] binder_alloc: 9344: binder_install_single_page failed to insert page at offset 0 with -12 [ 242.775015][ T9350] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1004'. [ 242.783966][ T9353] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1007'. [ 243.609871][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 243.687938][ T9370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1012'. [ 243.920658][ T34] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 243.958338][ T9379] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1015'. [ 244.083432][ T34] usb 7-1: Using ep0 maxpacket: 16 [ 244.137928][ T34] usb 7-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 244.142278][ T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.146801][ T34] usb 7-1: Product: syz [ 244.152343][ T34] usb 7-1: Manufacturer: syz [ 244.156150][ T34] usb 7-1: SerialNumber: syz [ 244.701999][ T9368] ip6gre0: Caught tx_queue_len zero misconfig [ 244.740862][ T34] usb 7-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 244.767131][ T34] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 244.776518][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 244.779846][ T34] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 244.785148][ T34] usb 7-1: media controller created [ 244.800234][ T34] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 244.918640][ T9390] FAULT_INJECTION: forcing a failure. [ 244.918640][ T9390] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.923500][ T9390] CPU: 3 UID: 0 PID: 9390 Comm: syz.0.1018 Tainted: G L syzkaller #0 PREEMPT(full) [ 244.923545][ T9390] Tainted: [L]=SOFTLOCKUP [ 244.923551][ T9390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 244.923560][ T9390] Call Trace: [ 244.923567][ T9390] [ 244.923575][ T9390] dump_stack_lvl+0x100/0x190 [ 244.923601][ T9390] should_fail_ex.cold+0x5/0xa [ 244.923626][ T9390] _copy_from_iter+0x1f4/0x1690 [ 244.923655][ T9390] ? __asan_memset+0x23/0x50 [ 244.923680][ T9390] ? __pfx__copy_from_iter+0x10/0x10 [ 244.923703][ T9390] ? __pfx___alloc_skb+0x10/0x10 [ 244.923729][ T9390] netlink_sendmsg+0x808/0xda0 [ 244.923755][ T9390] ? __pfx_netlink_sendmsg+0x10/0x10 [ 244.923782][ T9390] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 244.923808][ T9390] ____sys_sendmsg+0x9e1/0xb70 [ 244.923828][ T9390] ? __pfx_netlink_sendmsg+0x10/0x10 [ 244.923851][ T9390] ? __pfx_____sys_sendmsg+0x10/0x10 [ 244.923884][ T9390] ___sys_sendmsg+0x190/0x1e0 [ 244.923906][ T9390] ? __pfx____sys_sendmsg+0x10/0x10 [ 244.923928][ T9390] ? find_held_lock+0x2b/0x80 [ 244.923952][ T9390] __sys_sendmsg+0x170/0x220 [ 244.923964][ T9390] ? __pfx___sys_sendmsg+0x10/0x10 [ 244.923974][ T9390] ? __fget_files+0x21f/0x3d0 [ 244.923992][ T9390] ? ksys_write+0x1ac/0x250 [ 244.924006][ T9390] ? rcu_is_watching+0x12/0xc0 [ 244.924022][ T9390] __do_fast_syscall_32+0xe7/0x970 [ 244.924046][ T9390] ? lockdep_hardirqs_on+0x78/0x100 [ 244.924076][ T9390] do_fast_syscall_32+0x32/0x70 [ 244.924103][ T9390] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 244.924123][ T9390] RIP: 0023:0xf702ef7c [ 244.924136][ T9390] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 244.924151][ T9390] RSP: 002b:00000000f541d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 244.924169][ T9390] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 244.924179][ T9390] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 244.924190][ T9390] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 244.924200][ T9390] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 244.924212][ T9390] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 244.924236][ T9390] [ 245.024079][ T34] zl10353_read_register: readreg error (reg=127, ret==-71) [ 245.060715][ T34] dvb_usb_gl861 7-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 245.074587][ T34] usb 7-1: USB disconnect, device number 9 [ 245.182999][ T9395] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1019'. [ 245.249326][ T9396] netlink: 'syz.0.1019': attribute type 10 has an invalid length. [ 245.252471][ T9396] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1019'. [ 245.394270][ T5849] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 245.869476][ T9403] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1021'. [ 245.903481][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 246.130571][ T9408] netlink: 'syz.0.1023': attribute type 10 has an invalid length. [ 246.143570][ T9408] team0: Port device dummy0 added [ 246.153356][ T9408] netlink: 'syz.0.1023': attribute type 10 has an invalid length. [ 246.153821][ T9410] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1025'. [ 246.165490][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 246.175720][ T9408] team0: Port device dummy0 removed [ 246.639188][ T9432] netlink: 'syz.1.1028': attribute type 2 has an invalid length. [ 246.738483][ T9436] netlink: 'syz.1.1028': attribute type 2 has an invalid length. [ 247.074110][ T9432] ‚#{6c: entered promiscuous mode [ 247.079339][ T9436] ‚#{6c: left promiscuous mode [ 247.171393][ T6512] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 248.678269][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 248.682427][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 249.245956][ T9469] Process accounting resumed [ 249.805093][ T6512] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 250.943434][ T6512] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 251.989975][ T857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 252.059435][ T6512] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 252.922381][ C2] [ 252.923465][ C2] ============================= [ 252.925529][ C2] [ BUG: Invalid wait context ] [ 252.927630][ C2] syzkaller #0 Tainted: G L [ 252.930293][ C2] ----------------------------- [ 252.932329][ C2] syz.2.1051/9501 is trying to lock: [ 252.934697][ C2] ffff88805a911330 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x253/0xe80 [ 252.938812][ C2] other info that might help us debug this: [ 252.941465][ C2] context-{2:2} [ 252.943082][ C2] 4 locks held by syz.2.1051/9501: [ 252.945241][ C2] #0: ffff88802418d428 (&vcpu->mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0x322/0x1720 [ 252.948758][ C2] #1: ffff88805a9112b0 (&kvm->arch.xen.xen_lock){+.+.}-{4:4}, at: kvm_xen_vcpu_set_attr+0x49/0x1350 [ 252.952779][ C2] #2: ffff88805a911890 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_vcpu_set_attr+0xa6/0x1350 [ 252.956509][ C2] #3: ffff88805a911890 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x245/0xe80 [ 252.959800][ C2] stack backtrace: [ 252.961141][ C2] CPU: 2 UID: 0 PID: 9501 Comm: syz.2.1051 Tainted: G L syzkaller #0 PREEMPT(full) [ 252.961161][ C2] Tainted: [L]=SOFTLOCKUP [ 252.961165][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 252.961172][ C2] Call Trace: [ 252.961178][ C2] [ 252.961184][ C2] dump_stack_lvl+0x100/0x190 [ 252.961200][ C2] __lock_acquire+0xfa4/0x2630 [ 252.961219][ C2] ? __lock_acquire+0x4a5/0x2630 [ 252.961236][ C2] ? xa_load+0x149/0x2c0 [ 252.961253][ C2] ? xa_load+0x149/0x2c0 [ 252.961272][ C2] lock_acquire+0x1b1/0x370 [ 252.961289][ C2] ? kvm_xen_set_evtchn_fast+0x253/0xe80 [ 252.961311][ C2] _raw_read_lock_irqsave+0x46/0x90 [ 252.961326][ C2] ? kvm_xen_set_evtchn_fast+0x253/0xe80 [ 252.961344][ C2] kvm_xen_set_evtchn_fast+0x253/0xe80 [ 252.961362][ C2] ? kvm_xen_set_evtchn_fast+0x245/0xe80 [ 252.961381][ C2] ? debug_object_deactivate+0x2e4/0x3b0 [ 252.961398][ C2] ? __pfx_kvm_xen_set_evtchn_fast+0x10/0x10 [ 252.961417][ C2] ? do_raw_spin_unlock+0x145/0x1e0 [ 252.961430][ C2] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 252.961446][ C2] ? debug_object_deactivate+0x2e4/0x3b0 [ 252.961462][ C2] xen_timer_callback+0x1db/0x2a0 [ 252.961480][ C2] ? __pfx_xen_timer_callback+0x10/0x10 [ 252.961497][ C2] ? __hrtimer_run_queues+0x383/0xa00 [ 252.961514][ C2] ? do_raw_spin_unlock+0x145/0x1e0 [ 252.961526][ C2] ? __pfx_xen_timer_callback+0x10/0x10 [ 252.961545][ C2] __hrtimer_run_queues+0x142/0xa00 [ 252.961561][ C2] hrtimer_interrupt+0x3e5/0x940 [ 252.961578][ C2] __sysvec_apic_timer_interrupt+0x10b/0x460 [ 252.961594][ C2] sysvec_apic_timer_interrupt+0x9e/0xc0 [ 252.961611][ C2] [ 252.961615][ C2] [ 252.961620][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 252.961654][ C2] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 [ 252.961671][ C2] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 86 36 5a f6 48 89 df e8 5e 86 5a f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 01 00 00 00 e8 85 52 4a f6 65 8b 05 9e 9d 7f 08 85 c0 74 16 5b [ 252.961684][ C2] RSP: 0018:ffffc90002d27608 EFLAGS: 00000246 [ 252.961695][ C2] RAX: 0000000000000006 RBX: ffff88802b4284c0 RCX: 0000000000000080 [ 252.961704][ C2] RDX: 0000000000000000 RSI: ffffffff8df1ab41 RDI: ffffffff8c1c4580 [ 252.961711][ C2] RBP: 0000000000000246 R08: 0000000000000001 R09: 0000000000000000 [ 252.961719][ C2] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88802418e9c8 [ 252.961726][ C2] R13: 0000000000559629 R14: ffff88802418e9b8 R15: ffff88802418e9c0 [ 252.961739][ C2] kvm_xen_start_timer+0x360/0x740 [ 252.961758][ C2] ? __pfx_kvm_xen_start_timer+0x10/0x10 [ 252.961778][ C2] ? find_held_lock+0x2b/0x80 [ 252.961794][ C2] kvm_xen_vcpu_set_attr+0xaec/0x1350 [ 252.961815][ C2] kvm_arch_vcpu_ioctl+0xfc6/0x5730 [ 252.961832][ C2] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 252.961850][ C2] ? is_bpf_text_address+0x94/0x1a0 [ 252.961867][ C2] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 252.961883][ C2] ? arch_stack_walk+0xa6/0xf0 [ 252.961900][ C2] ? __lock_acquire+0x4a5/0x2630 [ 252.961917][ C2] ? stack_depot_save_flags+0x27/0x9d0 [ 252.961936][ C2] ? __lock_acquire+0x4a5/0x2630 [ 252.961955][ C2] ? lock_acquire+0x1b1/0x370 [ 252.961974][ C2] ? trace_contention_end+0x122/0x170 [ 252.961987][ C2] ? __mutex_lock+0x26d/0x1b10 [ 252.962003][ C2] ? kvm_vcpu_ioctl+0x322/0x1720 [ 252.962028][ C2] ? __pfx___mutex_lock+0x10/0x10 [ 252.962050][ C2] ? kvm_vcpu_ioctl+0x8a0/0x1720 [ 252.962067][ C2] kvm_vcpu_ioctl+0x8a0/0x1720 [ 252.962086][ C2] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 252.962104][ C2] ? tomoyo_path_number_perm+0x188/0x580 [ 252.962119][ C2] ? clockevents_program_event+0x144/0x820 [ 252.962133][ C2] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 252.962150][ C2] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 252.962167][ C2] ? do_vfs_ioctl+0x226/0x13e0 [ 252.962179][ C2] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 252.962194][ C2] kvm_vcpu_compat_ioctl+0x20f/0x3c0 [ 252.962213][ C2] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 252.962231][ C2] ? __fget_files+0x21f/0x3d0 [ 252.962246][ C2] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 252.962271][ C2] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 252.962281][ C2] __do_fast_syscall_32+0xe7/0x970 [ 252.962300][ C2] do_fast_syscall_32+0x32/0x70 [ 252.962314][ C2] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 252.962326][ C2] RIP: 0023:0xf7f56f7c [ 252.962334][ C2] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 252.962344][ C2] RSP: 002b:00000000f541650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 252.962353][ C2] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004048aecb [ 252.962359][ C2] RDX: 0000000080000840 RSI: 0000000000000000 RDI: 0000000000000000 [ 252.962364][ C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 252.962369][ C2] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 252.962375][ C2] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 252.962383][ C2] [ 253.199005][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 253.337578][ T9508] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.1053'. [ 253.891706][ T857] usb 8-1: new low-speed USB device number 16 using dummy_hcd [ 254.054848][ T857] usb 8-1: unable to get BOS descriptor or descriptor too short [ 254.058242][ T857] usb 8-1: config 129 has an invalid interface number: 4 but max is 0 [ 254.060858][ T857] usb 8-1: config 129 has no interface number 0 [ 254.062996][ T857] usb 8-1: config 129 interface 4 altsetting 9 endpoint 0x5 has invalid maxpacket 1024, setting to 8 [ 254.066555][ T857] usb 8-1: config 129 interface 4 has no altsetting 0 [ 254.070966][ T857] usb 8-1: string descriptor 0 read error: -22 [ 254.072973][ T857] usb 8-1: New USB device found, idVendor=19d2, idProduct=2002, bcdDevice=3a.4e [ 254.075935][ T857] usb 8-1: New USB device strings: Mfr=243, Product=113, SerialNumber=51 [ 254.080127][ T9505] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 254.301446][ T857] usb 8-1: USB disconnect, device number 16 [ 254.313709][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 255.267979][ T857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 255.440933][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 256.567873][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 256.571347][ T1349] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 257.705822][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 258.562257][ T5849] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 258.822471][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 259.949220][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.078077][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.856881][ T5849] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 262.204082][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog