last executing test programs: 7.96019384s ago: executing program 2 (id=1707): socket$packet(0x11, 0x2, 0x300) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @sliced={0x0, [0x2, 0x0, 0x0, 0x7ff, 0x1951, 0x9, 0x7ff, 0x60f4, 0x100, 0x7, 0x8, 0x4404, 0x1006, 0x7, 0xfff6, 0x0, 0x1, 0x7, 0x4, 0x71, 0x6, 0x1, 0x4, 0x7fff, 0xfffa, 0x5, 0x5, 0x8000, 0x75, 0xfd7a, 0x80, 0x3b, 0x7, 0xe, 0x7, 0xa, 0xfb, 0x5, 0x4, 0x0, 0x1, 0x8, 0x0, 0x7, 0x10, 0x0, 0x2, 0x100], 0x80000000}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x4) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000380)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000002c0)={0x0, 0x1, 0x0, &(0x7f0000000600)=""/42, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/236, 0x0, &(0x7f0000000480)=""/66}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000640)=@broute={'broute\x00', 0x7001, 0xfffff9, 0x170, [], 0x0, 0x0, 0x0}, 0x1e8) munmap(&(0x7f0000004000/0x2000)=nil, 0x2000) syz_emit_ethernet(0x3a, 0x0, 0x0) syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904"], 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) 7.659846679s ago: executing program 3 (id=1709): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5}, @IFLA_IPTUN_ENCAP_DPORT={0x6}]}}}]}, 0x44}}, 0x4000010) r1 = socket$inet(0x2, 0x200000002, 0xfffffffc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x10804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000380)={0x200, "5a199bb028d0300ea21fb310774cbe2dcec0e75a886eb405218de55e3cd2f7d5", 0xffffffffffffffff}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r7 = accept4(r6, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="ad000000", 0x4) sendmmsg$unix(r7, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(r8, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000900], 0x7fffffe, 0x0, &(0x7f0000000900)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0xe0) 6.669885319s ago: executing program 3 (id=1713): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETS(r4, 0x40045431, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) r5 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r5, 0x1, 0x4000000000000002, 0x0, 0x0) bind$inet6(r5, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0x6, 0x1, 0x0, 0x0, @str='\x17\x00'}]}, 0x1c}}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r5, 0x2) getsockopt$inet_sctp6_SCTP_NODELAY(r5, 0x84, 0x3, &(0x7f00000001c0), &(0x7f0000000280)=0x4) getsockopt$sock_buf(r0, 0x6, 0x23, &(0x7f0000003340)=""/4096, &(0x7f0000000380)=0x1000) 5.850366497s ago: executing program 1 (id=1717): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r0 = dup(0xffffffffffffffff) write$6lowpan_enable(r0, &(0x7f0000000000)='0', 0xfffffd2c) r1 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x24089, 0x80, 0x3}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0}) io_uring_enter(r1, 0x47f6, 0xb277, 0x0, 0x0, 0x0) r4 = mq_open(&(0x7f00000005c0)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x80, 0x9, 0x0) fcntl$setlease(r4, 0x400, 0x0) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_open_dev$hidraw(&(0x7f00000000c0), 0x9, 0x14a042) ioctl$HIDIOCGRDESC(r6, 0x40305829, &(0x7f0000000140)={0xd, "7954bbc8aae250bd23544617d5"}) r7 = gettid() rt_sigtimedwait(&(0x7f0000000040)={[0xffffffff]}, 0x0, 0x0, 0x8) timer_create(0x2, &(0x7f0000000180)={0x0, 0x4, 0x4, @tid=r7}, &(0x7f0000000140)) timer_settime(0x0, 0xe54aef35e9c2845d, &(0x7f0000000100)={{0x77359400}, {0x0, 0x9}}, 0x0) sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000047}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'virt_wifi0\x00', @ifru_flags}) r8 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_proto_private(r8, 0x8b23, &(0x7f0000000080)) socket$nl_route(0x10, 0x3, 0x0) 5.799930896s ago: executing program 3 (id=1718): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x200000, 0x10100, 0x0, 0x20c}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0x2def, 0x4000, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r5, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000600), 0x0) r7 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_SECURITY_KEY(r7, 0x110, 0x1, &(0x7f0000000380)='\x00hd\xefmF\x12\xdb\xbd>a', 0xb) unshare(0x6204021f) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000002c00010324bd7002f9dbdf2506"], 0x14}, 0x1, 0x0, 0x0, 0x4004004}, 0x40) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[]) read$FUSE(0xffffffffffffffff, 0x0, 0x0) timerfd_create(0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r9 = openat(r1, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x43, &(0x7f0000000000)=0x84, 0x4) ioctl$USBDEVFS_ALLOC_STREAMS(0xffffffffffffffff, 0xc0105500, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r3]) finit_module(r9, &(0x7f0000000080)='-,\xea-\x00', 0x2) 5.798271816s ago: executing program 0 (id=1719): syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b1000905"], 0x0) r0 = syz_open_dev$evdev(0x0, 0x4, 0x183000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000340)=[{0x5, 0x2, 0x13, 0x2}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) setresuid(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r3 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r3, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x10}}}, 0x1e) connect$pptp(r3, &(0x7f0000000700)={0x18, 0x2, {0x0, @multicast1}}, 0x1e) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') syz_open_procfs(0x0, &(0x7f00000000c0)='fd/4\x00') r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014000100626f6e64300000000000000000000000140001006970766c616e31"], 0x4b0}}, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000180)={0x0, 0x8, 0x0, 0x5, "2a000000000000005a957fe0213b2e100af028f0030b2eff0b61e6e66b8f37ff"}) 4.980452612s ago: executing program 1 (id=1720): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r6) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) socket$nl_route(0x10, 0x3, 0x0) accept4(r1, 0x0, 0x0, 0x800) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000840) 4.828588114s ago: executing program 2 (id=1721): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000180)=0x67e, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r3, 0x0, 0x33, &(0x7f0000000040)=0x80000001, 0x4) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r4, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r5 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x2, 0x0, 0x0, r2}, &(0x7f0000000140), &(0x7f00000001c0)) io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xa, 0x6, 0x5, 0x1000, 0x20000, r2, 0x7f, '\x00', 0x0, r2, 0x0, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r7, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0xffffffff, @loopback}, 0x1c) r8 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x38, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x38}}, 0x80) sendto$inet6(r7, &(0x7f0000000080)="44f9b108", 0x4, 0x4008080, 0x0, 0x0) splice(r7, 0x0, r6, 0x0, 0x406f413, 0x8) 4.790748905s ago: executing program 3 (id=1722): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = dup(r3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x7, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r5 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000280)=0x15) syz_open_procfs(r5, &(0x7f0000000000)='fd/3\x00') msgsnd(0x0, 0x0, 0x0, 0x0) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r9 = dup(r8) sendfile(r9, r4, 0x0, 0x89ffc) sendmsg$inet(r2, &(0x7f0000000700)={&(0x7f0000000000)={0x2, 0x4e24, @private=0xa010100}, 0x10, 0x0}, 0x8000) r10 = dup3(r0, r1, 0x0) recvmmsg(r10, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0xf00, 0x0, 0x0) 4.080530787s ago: executing program 1 (id=1723): setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, 0x0, &(0x7f00000002c0)=0x0, 0x0) syz_io_uring_submit(r2, 0x0, 0x0) r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c93012000e00"], 0x17) socket$inet6_sctp(0xa, 0x1, 0x84) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa2643, 0x4) flock(r4, 0x5) r5 = socket(0x2, 0x80805, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x24, r10, 0x1, 0x0, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x8000000, {0x0, 0x0, 0x0, r7, {0x1f, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008040}, 0x4000000) sendmmsg$inet(r5, &(0x7f00000003c0)=[{{&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)="e1", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}}], 0x2, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x17, &(0x7f0000000200), 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000440)=@secondary) add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, r3) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 3.712399507s ago: executing program 2 (id=1724): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000180)=0x67e, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r3, 0x0, 0x33, &(0x7f0000000040)=0x80000001, 0x4) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r4, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r5 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x2, 0x0, 0x0, r2}, &(0x7f0000000140), &(0x7f00000001c0)) io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xa, 0x6, 0x5, 0x1000, 0x20000, r2, 0x7f, '\x00', 0x0, r2, 0x0, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r7, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0xffffffff, @loopback}, 0x1c) r8 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x38, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x38}}, 0x80) sendto$inet6(r7, &(0x7f0000000080)="44f9b108", 0x4, 0x4008080, 0x0, 0x0) splice(r7, 0x0, r6, 0x0, 0x406f413, 0x8) 3.700419131s ago: executing program 3 (id=1725): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000180)=0x67e, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r3, 0x0, 0x33, &(0x7f0000000040)=0x80000001, 0x4) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r4, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r5 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x2, 0x0, 0x0, r2}, &(0x7f0000000140), &(0x7f00000001c0)) io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xa, 0x6, 0x5, 0x1000, 0x20000, r2, 0x7f, '\x00', 0x0, r2, 0x0, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r7, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0xffffffff, @loopback}, 0x1c) r8 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x38, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x38}}, 0x80) sendto$inet6(r7, &(0x7f0000000080)="44f9b108", 0x4, 0x4008080, 0x0, 0x0) splice(r7, 0x0, r6, 0x0, 0x406f413, 0x8) 3.005406829s ago: executing program 1 (id=1726): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000180)=0x67e, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r3, 0x0, 0x33, &(0x7f0000000040)=0x80000001, 0x4) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r4, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r5 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x2, 0x0, 0x0, r2}, &(0x7f0000000140)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r9, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r9, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0xffffffff, @loopback}, 0x1c) r10 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x38, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x38}}, 0x80) sendto$inet6(r9, &(0x7f0000000080)="44f9b108", 0x4, 0x4008080, 0x0, 0x0) splice(r9, 0x0, r8, 0x0, 0x406f413, 0x8) 2.610624161s ago: executing program 0 (id=1727): socket(0x1e, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = gettid() sched_setscheduler(r0, 0x5, &(0x7f0000000300)=0xfffffff8) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() r2 = syz_open_dev$sndctrl(&(0x7f0000000180), 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r2, 0xc0045543, &(0x7f0000000080)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) recvfrom$inet_nvme(0xffffffffffffffff, &(0x7f0000000640)=""/4096, 0x1000, 0x2000, &(0x7f0000000380)=@generic={0x11, "d71d9c1bf36be386b8195be2f96732daece168ab8c4756fcaaaaa57ab4d9fa9c5e136c872457faea878081b25c7ac9863e328325d3608f7b92b91789fb2322981d60e78ecebc51a8a848ac66a135cbf9adb555f5fff1d2552ce4b120288f1c606bebc17e3b75c547a1c41ac89d1be3f0e179d586d665ef8397dfdbdaa865"}, 0x80) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) r6 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, 0x0, 0x0) add_key(&(0x7f00000001c0)='cifs.spnego\x00', &(0x7f0000000280)={'syz', 0x0}, &(0x7f0000000300), 0x0, r6) ioctl$vim2m_VIDIOC_TRY_FMT(r5, 0xc0cc5640, &(0x7f0000000540)={0x1, @sliced={0x0, [0x12a9, 0x400, 0xea, 0x8, 0xffff, 0x3, 0x6, 0x8, 0x83, 0x1, 0xe3c7, 0x5, 0x6, 0x8, 0xc000, 0x200, 0x7, 0x9, 0x5, 0x3, 0x1ff, 0xad3f, 0x5, 0x4, 0x0, 0x7, 0x6, 0x8, 0x101, 0x515, 0x7, 0x2, 0x5, 0x9, 0x2, 0xfc00, 0x10, 0xfff, 0x9, 0x23, 0x38, 0x4, 0xfff4, 0x675, 0xa, 0x6, 0x800, 0x8], 0x3}}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0) 2.610432998s ago: executing program 2 (id=1728): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r0 = dup(0xffffffffffffffff) write$6lowpan_enable(r0, &(0x7f0000000000)='0', 0xfffffd2c) r1 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x24089, 0x80, 0x3}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0}) io_uring_enter(r1, 0x47f6, 0xb277, 0x0, 0x0, 0x0) r4 = mq_open(&(0x7f00000005c0)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x80, 0x9, 0x0) fcntl$setlease(r4, 0x400, 0x0) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_open_dev$hidraw(&(0x7f00000000c0), 0x9, 0x14a042) ioctl$HIDIOCGRDESC(r6, 0x40305829, &(0x7f0000000140)={0xd, "7954bbc8aae250bd23544617d5"}) r7 = gettid() rt_sigtimedwait(&(0x7f0000000040)={[0xffffffff]}, 0x0, 0x0, 0x8) timer_create(0x2, &(0x7f0000000180)={0x0, 0x4, 0x4, @tid=r7}, &(0x7f0000000140)) timer_settime(0x0, 0xe54aef35e9c2845d, &(0x7f0000000100)={{0x77359400}, {0x0, 0x9}}, 0x0) sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000047}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'virt_wifi0\x00', @ifru_flags}) r8 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_proto_private(r8, 0x8b23, &(0x7f0000000080)) socket$nl_route(0x10, 0x3, 0x0) 1.931974615s ago: executing program 1 (id=1729): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x2, 0xb, [{0xfffffc60}, {}, {}, {0xfffffffd}, {}, {0x0, 0x1000000}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x2, 0x2, 0x0) getsockname$inet(r1, 0x0, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r3, r2, 0x1, 0x0, @val=@netfilter={0x2, 0x0, 0x8000}}, 0x40) r4 = socket(0x840000000002, 0x3, 0xfa) sendmmsg$inet(r4, &(0x7f0000005240), 0x4000095, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = dup(r5) r7 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r7, 0x107, 0x14, &(0x7f0000000000), 0x4) sendmsg$kcm(r7, &(0x7f0000000100)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0xd}, 0x80, 0x0}, 0x45) ioctl$PIO_UNIMAP(r6, 0x4b67, &(0x7f00000002c0)={0x3, &(0x7f00000000c0)=[{0x11}, {0x5cec, 0xc616}, {0xfffe, 0x929}]}) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r6) sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, r8, 0x2, 0x70bd2a, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xc4}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4002001) 1.586928768s ago: executing program 2 (id=1730): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000016c0)=[0x1], 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x2, 0x7fffffff}]}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0904000000000000000002000000400004803c0001800e000100696d6d656469617465000000280002801c000280180002800900020073797a320000000008000180fffffffc08000140000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x94}}, 0x0) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000001180)=0x2000000) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r4, 0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000180)) ioctl$SNDCTL_DSP_GETOPTR(r4, 0x5008, 0x0) ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r4, 0x8010500c, &(0x7f00000000c0)) r6 = socket$unix(0x1, 0x5, 0x0) r7 = dup2(r6, r2) close_range(r7, 0xffffffffffffffff, 0x0) 1.583207374s ago: executing program 0 (id=1731): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000180)=0x67e, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r3, 0x0, 0x33, &(0x7f0000000040)=0x80000001, 0x4) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r4, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r5 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x2, 0x0, 0x0, r2}, &(0x7f0000000140), &(0x7f00000001c0)) io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xa, 0x6, 0x5, 0x1000, 0x20000, r2, 0x7f, '\x00', 0x0, r2, 0x0, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r7, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0xffffffff, @loopback}, 0x1c) r8 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x38, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x38}}, 0x80) sendto$inet6(r7, &(0x7f0000000080)="44f9b108", 0x4, 0x4008080, 0x0, 0x0) splice(r7, 0x0, r6, 0x0, 0x406f413, 0x8) 1.020214079s ago: executing program 0 (id=1732): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000180)=0x67e, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r3, 0x0, 0x33, &(0x7f0000000040)=0x80000001, 0x4) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r4, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r5 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x2, 0x0, 0x0, r2}, &(0x7f0000000140), &(0x7f00000001c0)) io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xa, 0x6, 0x5, 0x1000, 0x20000, r2, 0x7f, '\x00', 0x0, r2, 0x0, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r7, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0xffffffff, @loopback}, 0x1c) r8 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x38, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x38}}, 0x80) sendto$inet6(r7, &(0x7f0000000080)="44f9b108", 0x4, 0x4008080, 0x0, 0x0) splice(r7, 0x0, r6, 0x0, 0x406f413, 0x8) 950.428142ms ago: executing program 1 (id=1733): ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}, {0x0, 0x9}, {0xd97e}, {}, {}, {0xfffffffc}, {0x400000}], 0x0, 0x4, 0x0, 0x0, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) eventfd(0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100, 0x103) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(0x0, &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x56}], 0xee01}, 0x18, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r4, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x10) 899.924213ms ago: executing program 0 (id=1734): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockname(r0, 0x0, &(0x7f0000000240)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x21}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x8) sendto$inet(r4, 0x0, 0x218, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r4, &(0x7f0000000fc0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001f80)="f4c44888112286b0fcc69bd757ce93cb07d0fc06a737181e6d631bd33a045797a61ef10ed40bacc74ba22a30e95fee563e80a7b72785c9228135c08735074fa67b37265ed7c02c4ef3daa92203a132a03495015e1851e0c1ae6dbc065e5ce1a13628125962461d87568872f86754722903d8ea82ad4cc576bf23aa3c6e7698d4b1782e73437f4d3764fa218a906fece5ac822b235c663e8bab4b2a97d17de35fed53d6c3975d49c1b70a818a3b4b0b817611fd3e35cb404fbae19a2ccd774555fa4114264ee3f816868884152efbe74d74e848d99bcd3dadb274deb9dc820c78eaf983dfc234154e0b719c1e0a07710ffed4e0b283973e0d045ba23381c5ece9a52bec1937d95cec17e6ea7c387eef4a3412c18a78678283c97d20cd5860f0bd35e629cb541a965d5c1437f2580abdc1153e58614d2e8fd41478a5ee9aca37864e0a9f918c95e5dc45e011d60e53fed228f181f9fa80b1c9737c484298652b92ef7a0508fde423e178c6acfc33b67fcf516c4d93475715e908451ecc559152b20ac01da50697da05effe671f960a5b4b5392a95dd99fbf0b7fb0bd9d8077dad3a5e268dd8a013ef4014b4f1c11e0072d8f537fd6590317c3e9435ef43a7093d87694d7cbf0a35edca939294e580f2a7b04dd2884186c0e5977b7c836749d00c6ffa8c0796a4be2db5b14d83f843b7df9dc8bd7d09b24ac70221284042898b1c60b863a3ee69a8d78c7c5f851beef3fb7f33a0556eac8156d78e9b4945fa403cd84d1da7617daa4e8007f3a8acd9f442d8b3a7f4900a9358c0bb195d713a63a7d74b353606789d5737ab41e20743341d63d62e3aa272b37af8cb203f165eb24f397707a931c8131ae900e53a0112c313363ec80ad3f150390459399e7018b4e25ee427a219ef31f618b3375082c43e89132b277452bcfba5c3ab0859c27e6b1d6827af1811e06eeb2e528d3c13fb3180f69a741802e6bc2ec61be51ae78f3813d56a1ade11d778b6e4c5c3bc648ad9a96b060178518b6191eff547597c4f0e4dbf332516b0366a37254994258a66182ad492bcb1cdfa8d68d2685acaabc679b6a4db24e6f2de5e5647ba49cbf4f331927d709c56f0927e9485961f1c6c8044439f80860533ae2de9bf5fdffe28f46f278b6ccab75445488565ddf38170cda172f270e19417e16f840fea8d09fdf85b53951", 0x351}, {0x0}], 0x2}}], 0x1, 0x0) sendto$inet(r4, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) socket$nl_netfilter(0x10, 0x3, 0xc) connect$inet6(0xffffffffffffffff, 0x0, 0x0) futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 162.937899ms ago: executing program 2 (id=1735): syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0) r0 = syz_open_dev$evdev(0x0, 0x4, 0x183000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000340)=[{0x5, 0x2, 0x13, 0x2}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) setresuid(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r3 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r3, 0x0, 0x0) connect$pptp(r3, &(0x7f0000000700)={0x18, 0x2, {0x0, @multicast1}}, 0x1e) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000180)={0x0, 0x8, 0x0, 0x5, "2a000000000000005a957fe0213b2e100af028f0030b2eff0b61e6e66b8f37ff"}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e00000001500000029bd7000000000006469676573745f6e756c6c"], 0xe0}}, 0x0) sendmsg$nl_crypto(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c0000003d0007010000000000000000047c0000040008800c00018006000600800a000028000280040014"], 0x4c}}, 0xc000) 160.121182ms ago: executing program 3 (id=1736): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioperm(0x0, 0xfffc, 0x8005) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3", 0x4) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000005080)=[{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="09de", 0x2}, {&(0x7f0000000340)="d5bb69fd2ec3a88c5df48b69469a", 0xe}], 0x2, &(0x7f0000000540)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}], 0x1, 0x0) recvmmsg(r5, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000800)=""/84, 0x54}, {&(0x7f0000000880)=""/214, 0xd6}], 0x2}}], 0x1, 0x0, 0x0) sendmsg$ETHTOOL_MSG_EEE_SET(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[], 0x54}}, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="03000000000000007b01"]) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004b74ffec850000006d000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000680)='virtio_transport_alloc_pkt\x00', r7}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r6, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r8, 0x0, 0x1, &(0x7f0000000180)=""/30, &(0x7f0000000040)=0x1e) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000440)={0x53, 0x0, 0x10f, 0x1, @scatter={0x0, 0x0, 0x0}, &(0x7f00000004c0)="851666ce20db96ab0c7d83e114e7ce1762249711e34f4ce12c6afeb7e6d77bd3b97644edd8e3a3b71fcd006b6237766e151f344afb2306455034ea7a31b1a48724e372a5a8a9ca040f5831f2eb11842a4b8ec9064fa439440f374355d9af754314ce445ac9bea7fac19c3ac58a131895c378ec497ffdf9a82032d9fa225397b92d2e2193de6fe2f6b6c0bd0f80de3dc72890b6900c5b86752639bf37ab325c16dc2f3d4d01b4c3b71ebbfd6fc9b316f76a07144538506a68ae00df22f2fa9cbb0c9fa73c1dcf3eb2eb4fe3534fcee01e9ca0c66f27b8e05e7545cbc3511b3d086f51d58f9acd52eab032468cc8075451bcd5c081a8db84ff509a2f874daf6b3ddff977834d87fc0de3220a4041526a", 0x0, 0x10, 0x5bb727690d5f0ff6, 0x0, 0x0}) syz_emit_ethernet(0x8a, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@generic={0x94, 0x2}]}}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "aed73587edbae7626c00eff71cc9e8e331cb4e2a9dbcf000121836b0149af045", "437e9668d3a39c4d58305438ed9b2f48", {"66320784580196cdc6b593c4e1e4b60a", "2b8c36dd7dc15d25df6cb923bcf68def"}}}}}}}, 0x0) r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3, 0x40010, 0xffffffffffffffff, 0x0) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r9, 0x0, &(0x7f0000000080)=@IORING_OP_POLL_REMOVE={0x7, 0x18, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x0, {0x0, r10}}) ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000040)) 0s ago: executing program 0 (id=1737): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r0 = dup(0xffffffffffffffff) write$6lowpan_enable(r0, &(0x7f0000000000)='0', 0xfffffd2c) r1 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x24089, 0x80, 0x3}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0}) io_uring_enter(r1, 0x47f6, 0xb277, 0x0, 0x0, 0x0) r4 = mq_open(&(0x7f00000005c0)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x80, 0x9, 0x0) fcntl$setlease(r4, 0x400, 0x0) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_open_dev$hidraw(&(0x7f00000000c0), 0x9, 0x14a042) ioctl$HIDIOCGRDESC(r6, 0x40305829, &(0x7f0000000140)={0xd, "7954bbc8aae250bd23544617d5"}) r7 = gettid() rt_sigtimedwait(&(0x7f0000000040)={[0xffffffff]}, 0x0, 0x0, 0x8) timer_create(0x2, &(0x7f0000000180)={0x0, 0x4, 0x4, @tid=r7}, &(0x7f0000000140)) timer_settime(0x0, 0xe54aef35e9c2845d, &(0x7f0000000100)={{0x77359400}, {0x0, 0x9}}, 0x0) sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'virt_wifi0\x00', @ifru_flags}) r8 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_proto_private(r8, 0x8b23, &(0x7f0000000080)) socket$nl_route(0x10, 0x3, 0x0) kernel console output (not intermixed with test programs): z [ 370.814067][ T63] vhci_hcd: vhci_device speed not set [ 370.817195][ T6008] usb 6-1: config 0 descriptor?? [ 370.863927][ T6008] rc_core: IR keymap rc-hauppauge not found [ 370.866057][ T6008] Registered IR keymap rc-empty [ 370.871335][ T6008] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 370.877248][ T6008] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input116 [ 370.955400][ T5979] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 370.957924][ T5979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 370.961552][ T5979] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 370.964236][ T5979] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 370.966590][ T5979] usb 5-1: Manufacturer: syz [ 370.969154][ T5979] usb 5-1: config 0 descriptor?? [ 371.024493][ T5979] rc_core: IR keymap rc-hauppauge not found [ 371.026375][ T5979] Registered IR keymap rc-empty [ 371.028493][ T5979] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc1 [ 371.032226][ T5979] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc1/input117 [ 371.146239][ T35] usb 6-1: USB disconnect, device number 36 [ 371.297670][ T6091] usb 5-1: USB disconnect, device number 34 [ 371.451867][T10940] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 371.589269][T10940] bond0 (unregistering): Released all slaves [ 371.973801][ T8] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 372.135414][ T8] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 372.138396][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 372.142123][ T8] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 372.145359][ T8] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 372.322931][ T8] usb 6-1: Manufacturer: syz [ 372.326205][ T8] usb 6-1: config 0 descriptor?? [ 372.544125][ T8] rc_core: IR keymap rc-hauppauge not found [ 372.547079][ T8] Registered IR keymap rc-empty [ 372.548929][ T8] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 372.552422][ T8] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input118 [ 372.655969][ T71] usbhid 7-1:1.0: can't add hid device: -71 [ 372.657700][ T71] usbhid 7-1:1.0: probe with driver usbhid failed with error -71 [ 372.662562][ T71] usb 7-1: USB disconnect, device number 31 [ 373.022698][T10965] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 373.083834][ T71] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 373.233882][ T71] usb 7-1: Using ep0 maxpacket: 8 [ 373.236537][ T71] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 373.239479][ T71] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 373.242007][ T71] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.247531][ T71] usb 7-1: config 0 descriptor?? [ 373.250281][ T71] iowarrior 7-1:0.0: no interrupt-in endpoint found [ 373.734018][ T71] usb 8-1: new high-speed USB device number 40 using dummy_hcd [ 373.885379][ T71] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 373.888561][ T71] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 373.893086][ T71] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 373.896721][ T71] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 373.899722][ T71] usb 8-1: Manufacturer: syz [ 373.902824][ T71] usb 8-1: config 0 descriptor?? [ 373.943846][ T71] rc_core: IR keymap rc-hauppauge not found [ 373.946120][ T71] Registered IR keymap rc-empty [ 373.948638][ T71] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc1 [ 373.952250][ T71] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc1/input119 [ 374.213006][ T71] usb 8-1: USB disconnect, device number 40 [ 374.382786][ T8] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 374.545114][ T8] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 374.547598][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 374.551214][ T8] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 374.553933][ T8] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 374.556228][ T8] usb 5-1: Manufacturer: syz [ 374.559169][ T8] usb 5-1: config 0 descriptor?? [ 374.604000][ T8] rc_core: IR keymap rc-hauppauge not found [ 374.606314][ T8] Registered IR keymap rc-empty [ 374.608997][ T8] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc1 [ 374.614356][ T8] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc1/input120 [ 374.758224][ T1327] usb 6-1: USB disconnect, device number 37 [ 374.868125][ T8] usb 5-1: USB disconnect, device number 35 [ 375.223786][ T1327] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 375.377502][ T1327] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 375.387234][ T1327] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 375.405331][ T1327] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 375.415038][ T1327] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 375.426336][ T1327] usb 6-1: Manufacturer: syz [ 375.436593][ T1327] usb 6-1: config 0 descriptor?? [ 375.494424][ T1327] rc_core: IR keymap rc-hauppauge not found [ 375.501953][ T1327] Registered IR keymap rc-empty [ 375.508493][ T1327] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 375.527215][ T1327] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input121 [ 375.800124][ T71] usb 6-1: USB disconnect, device number 38 [ 375.888396][ T1327] usb 7-1: USB disconnect, device number 32 [ 377.056207][T11013] can0: slcan on ttyS3. [ 377.158948][T11013] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1019'. [ 377.785216][T11004] can0 (unregistered): slcan off ttyS3. [ 378.004944][ T1412] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.007061][ T1412] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.455209][T11051] bridge0: port 1(syz_tun) entered blocking state [ 378.457216][T11051] bridge0: port 1(syz_tun) entered disabled state [ 378.459357][T11051] syz_tun: entered allmulticast mode [ 378.463490][T11051] syz_tun: entered promiscuous mode [ 378.467184][T11051] bridge0: port 1(syz_tun) entered blocking state [ 378.469263][T11051] bridge0: port 1(syz_tun) entered forwarding state [ 379.283803][ T63] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 379.438001][ T63] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 379.441545][ T63] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 379.445164][ T63] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 379.447835][ T63] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 379.450217][ T63] usb 5-1: Manufacturer: syz [ 379.452611][ T63] usb 5-1: config 0 descriptor?? [ 379.494946][ T63] rc_core: IR keymap rc-hauppauge not found [ 379.496646][ T63] Registered IR keymap rc-empty [ 379.499025][ T63] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 379.502342][ T63] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input122 [ 381.514981][T11089] can0: slcan on ttyS3. [ 381.592075][T11094] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1032'. [ 382.050245][ T5979] usb 5-1: USB disconnect, device number 36 [ 382.319763][T11086] can0 (unregistered): slcan off ttyS3. [ 382.634044][T11113] bridge0: port 2(syz_tun) entered blocking state [ 382.636160][T11113] bridge0: port 2(syz_tun) entered disabled state [ 382.638452][T11113] syz_tun: entered allmulticast mode [ 382.642834][T11113] syz_tun: entered promiscuous mode [ 383.683360][T11133] blktrace: Concurrent blktraces are not allowed on nullb0 [ 383.702885][T11133] can: request_module (can-proto-3) failed. [ 384.640306][T11147] tipc: Started in network mode [ 384.641805][T11147] tipc: Node identity 10000, cluster identity 4711 [ 384.643652][T11147] tipc: Node number set to 65536 [ 384.924903][T11158] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1042'. [ 385.473815][ T5979] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 385.635557][ T5979] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 385.638896][ T5979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 385.644711][ T5979] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 385.648340][ T5979] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 385.651259][ T5979] usb 6-1: Manufacturer: syz [ 385.657936][ T5979] usb 6-1: config 0 descriptor?? [ 385.678270][T11174] netlink: 'syz.0.1044': attribute type 1 has an invalid length. [ 385.713798][ T5979] rc_core: IR keymap rc-hauppauge not found [ 385.717373][ T5979] Registered IR keymap rc-empty [ 385.724123][ T5979] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 385.734635][ T5979] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input123 [ 386.421149][T11184] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.466154][T11184] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.597766][T11184] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.674584][T11184] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.777857][T11193] netlink: 'syz.3.1046': attribute type 4 has an invalid length. [ 386.869761][T11184] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.875310][T11184] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.880105][T11184] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.889475][T11184] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.180649][ T5979] usb 6-1: USB disconnect, device number 39 [ 388.813824][ T5942] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 388.884606][T11201] bridge0: port 1(syz_tun) entered blocking state [ 388.887224][T11201] bridge0: port 1(syz_tun) entered disabled state [ 388.889753][T11201] syz_tun: entered allmulticast mode [ 388.893484][T11201] syz_tun: entered promiscuous mode [ 388.975747][ T5942] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 388.978167][ T5942] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 388.981686][ T5942] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 388.984374][ T5942] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 388.986658][ T5942] usb 5-1: Manufacturer: syz [ 388.988862][ T5942] usb 5-1: config 0 descriptor?? [ 389.036151][ T5942] rc_core: IR keymap rc-hauppauge not found [ 389.038520][ T5942] Registered IR keymap rc-empty [ 389.041275][ T5942] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 389.046422][ T5942] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input124 [ 389.343889][ T35] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 389.423859][T10937] usb 8-1: new high-speed USB device number 41 using dummy_hcd [ 389.495445][ T35] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 389.497883][ T35] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 389.502046][ T35] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 389.504742][ T35] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 389.507113][ T35] usb 7-1: Manufacturer: syz [ 389.509884][ T35] usb 7-1: config 0 descriptor?? [ 389.553839][ T35] rc_core: IR keymap rc-hauppauge not found [ 389.555609][ T35] Registered IR keymap rc-empty [ 389.557299][ T35] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc1 [ 389.560594][ T35] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc1/input125 [ 389.594936][T10937] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 389.597489][T10937] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 389.601145][T10937] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 389.603947][T10937] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 389.606354][T10937] usb 8-1: Manufacturer: syz [ 389.608867][T10937] usb 8-1: config 0 descriptor?? [ 389.663850][T10937] rc_core: IR keymap rc-hauppauge not found [ 389.665677][T10937] Registered IR keymap rc-empty [ 389.667538][T10937] rc rc2: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc2 [ 389.671096][T10937] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc2/input126 [ 389.865190][ T2285] usb 7-1: USB disconnect, device number 33 [ 389.979463][T10937] usb 8-1: USB disconnect, device number 41 [ 390.733826][ T2285] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 390.895169][ T2285] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 390.897666][ T2285] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 390.904434][ T2285] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 390.907953][ T2285] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 390.911004][ T2285] usb 6-1: Manufacturer: syz [ 390.914434][ T2285] usb 6-1: config 0 descriptor?? [ 390.963824][ T2285] rc_core: IR keymap rc-hauppauge not found [ 390.966081][ T2285] Registered IR keymap rc-empty [ 390.967900][ T2285] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc1 [ 390.971461][ T2285] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc1/input127 [ 391.282538][ T5979] usb 5-1: USB disconnect, device number 37 [ 391.603551][T11248] netlink: 'syz.3.1057': attribute type 1 has an invalid length. [ 392.586363][ T5979] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 392.765339][ T5979] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 392.768429][ T5979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 392.777077][ T5979] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 392.781155][ T5979] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 392.783193][T11263] netlink: 'syz.2.1072': attribute type 1 has an invalid length. [ 392.789842][ T5979] usb 5-1: Manufacturer: syz [ 392.797669][ T5979] usb 5-1: config 0 descriptor?? [ 392.843818][ T5979] rc_core: IR keymap rc-hauppauge not found [ 392.845729][ T5979] Registered IR keymap rc-empty [ 392.847635][ T5979] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 392.852729][ T5979] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input128 [ 393.525857][ T5979] usb 6-1: USB disconnect, device number 40 [ 395.348698][ T5979] usb 5-1: USB disconnect, device number 38 [ 396.729147][T11295] netlink: 'syz.0.1070': attribute type 1 has an invalid length. [ 397.043421][T11305] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1071'. [ 397.840916][T11313] blktrace: Concurrent blktraces are not allowed on nullb0 [ 397.881054][T11313] can: request_module (can-proto-3) failed. [ 398.573785][T10937] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 398.724971][T10937] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 398.727404][T10937] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 398.730934][T10937] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 398.733568][T10937] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 398.736179][T10937] usb 6-1: Manufacturer: syz [ 398.738469][T10937] usb 6-1: config 0 descriptor?? [ 398.773753][T10937] rc_core: IR keymap rc-hauppauge not found [ 398.775497][T10937] Registered IR keymap rc-empty [ 398.777391][T10937] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 398.780778][T10937] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input129 [ 401.331508][ T5979] usb 6-1: USB disconnect, device number 41 [ 401.456481][T11329] netlink: zone id is out of range [ 401.460652][T11329] netlink: zone id is out of range [ 401.462719][T11329] netlink: zone id is out of range [ 401.525645][T11330] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 401.528299][T11330] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 401.529972][T11329] virtio-fs: tag <(null)> not found [ 401.533764][T11330] vhci_hcd vhci_hcd.0: Device attached [ 402.293999][ T2285] vhci_hcd: vhci_device speed not set [ 402.353809][ T2285] usb 39-1: new full-speed USB device number 4 using vhci_hcd [ 402.918420][T11332] vhci_hcd: connection reset by peer [ 402.920603][ T45] vhci_hcd: stop threads [ 402.922270][ T45] vhci_hcd: release socket [ 402.924511][ T45] vhci_hcd: disconnect device [ 402.933915][ T71] usb 8-1: new high-speed USB device number 42 using dummy_hcd [ 402.968397][T11351] binder: 11343:11351 ioctl c0306201 20000280 returned -14 [ 403.126676][ T71] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 403.130638][ T71] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 403.136690][ T71] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 403.139405][ T71] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 403.141737][ T71] usb 8-1: Manufacturer: syz [ 403.144716][ T71] usb 8-1: config 0 descriptor?? [ 403.184076][ T71] rc_core: IR keymap rc-hauppauge not found [ 403.185909][ T71] Registered IR keymap rc-empty [ 403.192076][ T71] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0 [ 403.202558][ T71] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input130 [ 403.335704][T11361] netlink: 'syz.1.1084': attribute type 1 has an invalid length. [ 403.563795][ T1327] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 403.734939][ T1327] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 403.737386][ T1327] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 403.741066][ T1327] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 403.743962][ T1327] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 403.746299][ T1327] usb 5-1: Manufacturer: syz [ 403.750338][ T1327] usb 5-1: config 0 descriptor?? [ 403.793813][ T1327] rc_core: IR keymap rc-hauppauge not found [ 403.795645][ T1327] Registered IR keymap rc-empty [ 403.798952][ T1327] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc1 [ 403.805216][ T1327] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc1/input131 [ 403.828634][T11369] can0: slcan on ttyS3. [ 403.922668][T11376] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1086'. [ 404.574480][T11365] can0 (unregistered): slcan off ttyS3. [ 404.986620][ T39] audit: type=1326 audit(1736947311.495:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 404.993356][ T39] audit: type=1326 audit(1736947311.495:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 404.999572][ T39] audit: type=1326 audit(1736947311.495:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=70 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 405.008703][ T39] audit: type=1326 audit(1736947311.495:43): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 405.015597][ T39] audit: type=1326 audit(1736947311.495:44): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 405.021681][ T39] audit: type=1326 audit(1736947311.505:45): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 405.673069][ T63] usb 8-1: USB disconnect, device number 42 [ 405.685865][ T39] audit: type=1326 audit(1736947312.195:46): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 405.692021][ T39] audit: type=1326 audit(1736947312.195:47): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.1.1089" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 405.829110][T11410] netlink: zone id is out of range [ 405.837589][T11410] netlink: zone id is out of range [ 405.839819][T11410] netlink: zone id is out of range [ 405.902370][T11410] virtio-fs: tag <(null)> not found [ 406.360320][ T5979] usb 5-1: USB disconnect, device number 39 [ 407.480571][T11430] netlink: 'syz.1.1095': attribute type 1 has an invalid length. [ 407.534120][ T2285] vhci_hcd: vhci_device speed not set [ 408.463824][T10937] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 408.635047][T10937] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 408.637801][T10937] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 408.644983][T10937] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 408.647707][T10937] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 408.650091][T10937] usb 5-1: Manufacturer: syz [ 408.652734][T10937] usb 5-1: config 0 descriptor?? [ 408.693779][T10937] rc_core: IR keymap rc-hauppauge not found [ 408.695715][T10937] Registered IR keymap rc-empty [ 408.697891][T10937] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 408.701279][T10937] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input132 [ 409.728122][T11468] netlink: 'syz.2.1103': attribute type 1 has an invalid length. [ 410.493900][ T5979] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 410.645144][ T5979] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 410.647682][ T5979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 410.652409][ T5979] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 410.655306][ T5979] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 410.657688][ T5979] usb 6-1: Manufacturer: syz [ 410.660049][ T5979] usb 6-1: config 0 descriptor?? [ 410.703774][ T5979] rc_core: IR keymap rc-hauppauge not found [ 410.705617][ T5979] Registered IR keymap rc-empty [ 410.707558][ T5979] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc1 [ 410.711389][ T5979] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc1/input133 [ 410.905999][T11484] netlink: 'syz.3.1107': attribute type 1 has an invalid length. [ 411.257894][ T5979] usb 5-1: USB disconnect, device number 40 [ 412.189712][ T39] audit: type=1800 audit(1736947318.695:48): pid=11502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1110" name="bus" dev="overlay" ino=1575 res=0 errno=0 [ 412.605182][T11501] x86/PAT: syz.0.1118:11501 freeing invalid memtype [mem 0xfed00000-0xfed00fff] [ 412.680825][T11515] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.741769][T11515] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.888095][T11515] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.958477][T11515] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.973287][T11520] netlink: 'syz.0.1113': attribute type 4 has an invalid length. [ 413.043827][T11515] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.049220][T11515] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.055594][T11515] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.060479][T11515] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.274104][ T5979] usb 6-1: USB disconnect, device number 42 [ 413.369823][T11526] netlink: 'syz.2.1114': attribute type 1 has an invalid length. [ 413.424464][T11525] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1115'. [ 413.431426][T11525] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1115'. [ 413.746091][T10937] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 413.905315][T10937] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 413.908039][T10937] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 413.912579][T10937] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 413.915225][T10937] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 413.917572][T10937] usb 6-1: Manufacturer: syz [ 413.919819][T10937] usb 6-1: config 0 descriptor?? [ 413.959546][T10937] rc_core: IR keymap rc-hauppauge not found [ 413.961200][T10937] Registered IR keymap rc-empty [ 413.963012][T10937] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 413.966415][T10937] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input134 [ 414.149096][T11536] overlayfs: missing 'lowerdir' [ 414.582517][T11540] netlink: 'syz.0.1126': attribute type 1 has an invalid length. [ 415.191881][T11556] Process accounting resumed [ 416.145626][ T63] usb 8-1: new high-speed USB device number 43 using dummy_hcd [ 416.293319][ T63] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 416.296182][ T63] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 416.300401][ T63] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 416.304009][ T63] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 416.306554][ T63] usb 8-1: Manufacturer: syz [ 416.311253][ T63] usb 8-1: config 0 descriptor?? [ 416.350005][ T63] rc_core: IR keymap rc-hauppauge not found [ 416.354939][ T63] Registered IR keymap rc-empty [ 416.360020][ T63] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc1 [ 416.363386][ T63] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc1/input135 [ 416.438050][ T1327] usb 6-1: USB disconnect, device number 43 [ 417.487794][T11592] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1129'. [ 417.700808][T11595] netlink: 'syz.2.1130': attribute type 1 has an invalid length. [ 419.020192][ T5979] usb 8-1: USB disconnect, device number 43 [ 419.745601][T11626] syz.1.1139 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 419.758599][T11627] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 419.761170][T11626] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1139'. [ 419.794799][T11628] overlayfs: failed to resolve './file1': -2 [ 419.886098][ T63] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 420.034093][ T63] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 420.036538][ T63] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 420.043427][ T63] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 420.046237][ T63] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 420.049362][ T63] usb 5-1: Manufacturer: syz [ 420.053140][ T63] usb 5-1: config 0 descriptor?? [ 420.061546][T11632] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1140'. [ 420.101290][ T63] rc_core: IR keymap rc-hauppauge not found [ 420.103571][ T63] Registered IR keymap rc-empty [ 420.106062][ T63] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 420.110211][ T63] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input136 [ 420.826645][T11644] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 422.328287][ T5979] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 422.477052][ T5979] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 422.479535][ T5979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 422.483424][ T5979] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 422.495323][ T5979] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 422.498357][ T5979] usb 6-1: Manufacturer: syz [ 422.505537][ T5979] usb 6-1: config 0 descriptor?? [ 422.564336][ T5979] rc_core: IR keymap rc-hauppauge not found [ 422.566776][ T5979] Registered IR keymap rc-empty [ 422.569181][ T5979] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc1 [ 422.573621][ T5979] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc1/input137 [ 422.624816][ T5979] usb 5-1: USB disconnect, device number 41 [ 423.523024][T11674] netlink: 'syz.2.1156': attribute type 4 has an invalid length. [ 423.582518][T11674] netlink: 'syz.2.1156': attribute type 4 has an invalid length. [ 425.211892][ T63] usb 6-1: USB disconnect, device number 44 [ 425.582744][T11700] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1154'. [ 425.843116][T11704] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1154'. [ 427.024028][T11710] overlayfs: failed to resolve './file1': -2 [ 427.839620][T11730] netlink: 'syz.3.1161': attribute type 4 has an invalid length. [ 427.883344][T11730] netlink: 'syz.3.1161': attribute type 4 has an invalid length. [ 428.012094][T11735] netlink: zone id is out of range [ 428.020589][T11735] netlink: zone id is out of range [ 428.038630][T11735] netlink: zone id is out of range [ 428.126729][T11735] virtio-fs: tag <(null)> not found [ 428.327495][T11738] sp0: Synchronizing with TNC [ 428.351096][T11738] [U] è [ 429.269448][T11739] x86/PAT: syz.2.1165:11739 freeing invalid memtype [mem 0xfed00000-0xfed00fff] [ 431.226749][ T6008] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 431.234027][ T5979] usb 8-1: new high-speed USB device number 44 using dummy_hcd [ 431.400673][ T6008] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 431.403965][ T6008] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 431.408289][ T6008] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 431.411027][ T6008] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 431.413650][ T5979] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 431.416278][ T5979] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 431.419666][ T6008] usb 6-1: Manufacturer: syz [ 431.422714][ T5979] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 431.426550][ T5979] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 431.431037][ T5979] usb 8-1: Manufacturer: syz [ 431.433849][ T6008] usb 6-1: config 0 descriptor?? [ 431.450205][ T5979] usb 8-1: config 0 descriptor?? [ 431.494234][ T6008] rc_core: IR keymap rc-hauppauge not found [ 431.496810][ T6008] Registered IR keymap rc-empty [ 431.500099][ T6008] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 431.504254][ T5979] rc_core: IR keymap rc-hauppauge not found [ 431.506136][ T6008] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input138 [ 431.509274][ T5979] Registered IR keymap rc-empty [ 431.515476][ T5979] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc1 [ 431.525627][ T5979] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc1/input139 [ 432.277869][T11799] netlink: 'syz.2.1176': attribute type 4 has an invalid length. [ 432.300636][T11799] netlink: 'syz.2.1176': attribute type 4 has an invalid length. [ 433.932086][ T5979] usb 6-1: USB disconnect, device number 45 [ 433.935065][ T6008] usb 8-1: USB disconnect, device number 44 [ 434.011581][T11812] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 434.014027][T11809] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1178'. [ 434.427831][ T6008] usb 8-1: new high-speed USB device number 45 using dummy_hcd [ 434.578033][ T6008] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 434.580398][ T6008] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 434.591411][ T6008] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 434.594905][ T6008] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 434.609303][ T6008] usb 8-1: Manufacturer: syz [ 434.614382][ T6008] usb 8-1: config 0 descriptor?? [ 434.665934][ T6008] rc_core: IR keymap rc-hauppauge not found [ 434.668238][ T6008] Registered IR keymap rc-empty [ 434.670593][ T6008] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0 [ 434.675100][ T6008] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input140 [ 435.992819][T11845] netlink: 'syz.1.1185': attribute type 1 has an invalid length. [ 437.038076][ T6091] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 437.121974][ T6008] usb 8-1: USB disconnect, device number 45 [ 437.209565][ T6091] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 437.212849][ T6091] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 437.217905][ T6091] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 437.221343][ T6091] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 437.224359][ T6091] usb 6-1: Manufacturer: syz [ 437.227972][ T6091] usb 6-1: config 0 descriptor?? [ 437.259588][T11866] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1190'. [ 437.296683][ T6091] rc_core: IR keymap rc-hauppauge not found [ 437.298915][ T6091] Registered IR keymap rc-empty [ 437.301135][ T6091] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 437.305534][ T6091] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input141 [ 437.319311][T11873] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 437.370378][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.373135][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.375089][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.377992][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.380122][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.382495][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.384764][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.387604][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.389972][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.392354][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.394307][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.396875][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.399025][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.400937][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.402978][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.404747][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.407617][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.411320][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.413243][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.415140][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.417607][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.419581][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.421520][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.423490][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.426013][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.428167][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.432855][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.434831][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.445691][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.447656][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.449667][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.451625][ T6091] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 437.467638][ T6091] hid-generic 0000:0000:0000.0003: hidraw1: HID v0.00 Device [sy] on syz0 [ 437.525694][T11877] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 437.973306][T11882] overlayfs: missing 'lowerdir' [ 438.957041][T11896] netlink: 'syz.0.1196': attribute type 1 has an invalid length. [ 439.046342][ T1412] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.048239][ T1412] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.432972][ T2285] usb 8-1: new high-speed USB device number 46 using dummy_hcd [ 439.583270][ T2285] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 439.585791][ T2285] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.589350][ T2285] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 439.592094][ T2285] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 439.594433][ T2285] usb 8-1: Manufacturer: syz [ 439.596904][ T2285] usb 8-1: config 0 descriptor?? [ 439.641689][ T2285] rc_core: IR keymap rc-hauppauge not found [ 439.643519][ T2285] Registered IR keymap rc-empty [ 439.645376][ T2285] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc1 [ 439.648768][ T2285] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc1/input142 [ 439.716121][T11909] IPVS: length: 230 != 24 [ 439.782093][ T6008] usb 6-1: USB disconnect, device number 46 [ 439.906673][T11917] sp0: Synchronizing with TNC [ 439.956135][T11917] [U] è [ 441.134741][T11935] can0: slcan on ttyS3. [ 441.200914][T11937] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1205'. [ 441.810846][T11930] can0 (unregistered): slcan off ttyS3. [ 442.346326][ T5979] usb 8-1: USB disconnect, device number 46 [ 442.593685][T11980] netlink: zone id is out of range [ 442.625241][T11980] netlink: zone id is out of range [ 442.626755][T11980] netlink: zone id is out of range [ 442.648690][T11980] virtio-fs: tag <(null)> not found [ 443.060011][T11988] 9pnet_virtio: no channels available for device syz [ 443.262919][ T5979] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 443.483928][ T5979] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 443.486620][ T5979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 443.493607][ T5979] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 443.496264][ T5979] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 443.498519][ T5979] usb 5-1: Manufacturer: syz [ 443.535286][ T5979] usb 5-1: config 0 descriptor?? [ 443.651315][ T5979] rc_core: IR keymap rc-hauppauge not found [ 443.653388][ T5979] Registered IR keymap rc-empty [ 443.660726][ T5979] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 443.667863][ T5979] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input143 [ 443.784054][T12000] cgroup: fork rejected by pids controller in /syz1 [ 444.497453][ T63] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 444.647923][ T63] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 444.650368][ T63] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 444.653941][ T63] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 444.656760][ T63] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 444.659516][ T63] usb 7-1: Manufacturer: syz [ 444.668112][ T63] usb 7-1: config 0 descriptor?? [ 444.726430][ T63] rc_core: IR keymap rc-hauppauge not found [ 444.734681][ T63] Registered IR keymap rc-empty [ 444.736869][ T63] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc1 [ 444.743776][ T63] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc1/input144 [ 445.058619][ T39] audit: type=1800 audit(1736947351.995:49): pid=12413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1218" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 446.594057][T12424] netlink: zone id is out of range [ 446.598432][T12424] netlink: zone id is out of range [ 446.600797][T12424] netlink: zone id is out of range [ 446.615888][T12424] virtio-fs: tag <(null)> not found [ 446.800533][ T5979] usb 5-1: USB disconnect, device number 42 [ 447.082869][T12430] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 447.270176][ T5979] usb 7-1: USB disconnect, device number 34 [ 447.454544][T12451] netlink: 'syz.1.1223': attribute type 4 has an invalid length. [ 447.507138][T12460] netlink: 'syz.1.1223': attribute type 4 has an invalid length. [ 447.641153][T12459] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ûÌÌULÙvy¸ÚØ¢…D£øUDŒw˜}z [ 448.572303][ T5979] usb 8-1: new high-speed USB device number 47 using dummy_hcd [ 448.980822][ T5979] usb 8-1: Using ep0 maxpacket: 8 [ 448.983571][ T5979] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 448.986076][ T5979] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 448.988946][ T5979] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 448.991681][ T5979] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 448.994404][ T5979] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 448.998207][ T5979] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 449.001117][ T5979] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.254785][ T5979] usb 8-1: usb_control_msg returned -32 [ 449.256897][ T5979] usbtmc 8-1:16.0: can't read capabilities [ 449.753348][T12497] usbtmc 8-1:16.0: control status returned 0 [ 449.956021][ T8] usb 8-1: USB disconnect, device number 47 [ 451.733008][ T71] usb 7-1: new high-speed USB device number 35 using dummy_hcd [ 451.894025][ T71] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 451.897442][ T71] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 451.902078][ T71] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 451.905886][ T71] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 451.909086][ T71] usb 7-1: Manufacturer: syz [ 451.913248][ T71] usb 7-1: config 0 descriptor?? [ 451.962372][ T71] rc_core: IR keymap rc-hauppauge not found [ 451.964732][ T71] Registered IR keymap rc-empty [ 451.967170][ T71] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 451.972017][ T71] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input145 [ 453.229026][T12546] netlink: 'syz.0.1237': attribute type 4 has an invalid length. [ 453.258545][T12546] netlink: 'syz.0.1237': attribute type 4 has an invalid length. [ 454.306616][ T5942] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 454.457510][ T5942] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 454.459936][ T5942] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 454.463641][ T5942] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 454.466366][ T5942] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 454.468659][ T5942] usb 5-1: Manufacturer: syz [ 454.470992][ T5942] usb 5-1: config 0 descriptor?? [ 454.508774][ T5981] usb 7-1: USB disconnect, device number 35 [ 454.516126][ T5942] rc_core: IR keymap rc-hauppauge not found [ 454.518105][ T5942] Registered IR keymap rc-empty [ 454.519871][ T5942] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc1 [ 454.528262][ T5942] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc1/input146 [ 454.643641][T12562] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 454.645571][T12562] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 454.648079][T12562] vhci_hcd vhci_hcd.0: Device attached [ 454.825488][ T71] vhci_hcd: vhci_device speed not set [ 454.885704][ T71] usb 41-1: new full-speed USB device number 4 using vhci_hcd [ 455.613801][T12564] vhci_hcd: connection reset by peer [ 455.616016][ T1136] vhci_hcd: stop threads [ 455.617722][ T1136] vhci_hcd: release socket [ 455.619046][ T1136] vhci_hcd: disconnect device [ 457.100668][ T63] usb 5-1: USB disconnect, device number 43 [ 457.566578][T12604] netlink: 'syz.0.1249': attribute type 5 has an invalid length. [ 459.768782][T12643] overlayfs: missing 'lowerdir' [ 459.995843][ T71] vhci_hcd: vhci_device speed not set [ 461.227564][ T39] audit: type=1326 audit(1736947368.206:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12665 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 461.237874][ T39] audit: type=1326 audit(1736947368.206:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12665 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 461.248680][ T39] audit: type=1326 audit(1736947368.216:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12665 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=185 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 461.256925][ T39] audit: type=1326 audit(1736947368.216:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12665 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 461.264803][ T39] audit: type=1326 audit(1736947368.216:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12665 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 463.785094][T12709] netlink: 'syz.2.1274': attribute type 2 has an invalid length. [ 463.788942][T12709] netlink: 'syz.2.1274': attribute type 2 has an invalid length. [ 464.306514][T12724] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 466.280862][T12761] random: crng reseeded on system resumption [ 467.594321][ C3] vcan0: j1939_tp_rxtimer: 0xffff88804d378800: rx timeout, send abort [ 467.876295][ T2285] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 468.027363][ T2285] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 468.030727][ T2285] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 468.035361][ T2285] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 468.039488][ T2285] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 468.042584][ T2285] usb 5-1: Manufacturer: syz [ 468.052702][ T2285] usb 5-1: config 0 descriptor?? [ 468.096014][ T2285] rc_core: IR keymap rc-hauppauge not found [ 468.097921][ T2285] Registered IR keymap rc-empty [ 468.098217][ C3] vcan0: j1939_tp_rxtimer: 0xffff88804d378800: abort rx timeout. Force session deactivation [ 468.101419][ T2285] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 468.111780][ T2285] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input147 [ 468.661037][T12785] vxcan1: tx address claim with dlc 1 [ 470.497146][T12806] 9pnet: Unknown protocol version 9p2000. [ 470.662340][ T5979] usb 5-1: USB disconnect, device number 44 [ 470.874377][ T39] audit: type=1326 audit(1736947377.866:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12808 comm="syz.0.1296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f27579 code=0x7ffc0000 [ 470.880930][ T39] audit: type=1326 audit(1736947377.866:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12808 comm="syz.0.1296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f27579 code=0x7ffc0000 [ 470.909577][ T39] audit: type=1326 audit(1736947377.896:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12808 comm="syz.0.1296" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f27579 code=0x7ffc0000 [ 470.917958][ T39] audit: type=1326 audit(1736947377.906:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12808 comm="syz.0.1296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f27579 code=0x7ffc0000 [ 470.926850][ T39] audit: type=1326 audit(1736947377.906:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12808 comm="syz.0.1296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f27579 code=0x7ffc0000 [ 470.933506][ T39] audit: type=1326 audit(1736947377.906:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12808 comm="syz.0.1296" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf7f27579 code=0x7ffc0000 [ 470.939739][ T39] audit: type=1326 audit(1736947377.916:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12808 comm="syz.0.1296" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f27579 code=0x0 [ 471.377916][T12817] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 476.627980][T12900] netlink: 'syz.1.1309': attribute type 1 has an invalid length. [ 476.889806][ T39] audit: type=1326 audit(1736947383.880:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12890 comm="syz.2.1311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff0579 code=0x7fc00000 [ 476.943825][T12907] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1312'. [ 476.946653][T12907] syz_tun: left allmulticast mode [ 476.948597][T12907] syz_tun: left promiscuous mode [ 476.952154][T12907] bridge0: port 2(syz_tun) entered disabled state [ 476.956834][T12907] team0: left allmulticast mode [ 476.958609][T12907] bridge0: port 1(team0) entered disabled state [ 477.380007][ T39] audit: type=1326 audit(1736947384.380:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12890 comm="syz.2.1311" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff0579 code=0x7fc00000 [ 477.662184][T12924] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1316'. [ 477.665226][T12924] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1316'. [ 480.923529][T12959] netlink: 'syz.2.1323': attribute type 1 has an invalid length. [ 481.401171][T12968] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1325'. [ 481.861918][ T39] audit: type=1326 audit(1736947388.852:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12974 comm="syz.3.1327" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x0 [ 483.847911][T13017] netlink: 'syz.2.1334': attribute type 1 has an invalid length. [ 486.401568][T13049] netlink: 'syz.2.1342': attribute type 1 has an invalid length. [ 486.667370][T13050] netlink: 'syz.3.1343': attribute type 4 has an invalid length. [ 487.356536][T13062] netlink: 'syz.1.1346': attribute type 1 has an invalid length. [ 488.796725][ T39] audit: type=1800 audit(1736947395.784:65): pid=13078 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1348" name="bus" dev="overlay" ino=1879 res=0 errno=0 [ 490.688866][T13119] netlink: 'syz.1.1356': attribute type 1 has an invalid length. [ 491.947117][T13131] netlink: 'syz.1.1365': attribute type 1 has an invalid length. [ 492.352550][T13138] random: crng reseeded on system resumption [ 493.713890][ C1] vcan0: j1939_tp_rxtimer: 0xffff88806adc1800: rx timeout, send abort [ 493.716441][ C1] vcan0: j1939_tp_rxtimer: 0xffff88806adc0800: rx timeout, send abort [ 493.724458][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88806adc1800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 493.728964][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88806adc0800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 494.208741][ T39] audit: type=1326 audit(1736947401.205:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13152 comm="syz.3.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x7ffc0000 [ 494.467528][ T39] audit: type=1326 audit(1736947401.215:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13152 comm="syz.3.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x7ffc0000 [ 494.677530][ T39] audit: type=1326 audit(1736947401.645:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13152 comm="syz.3.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=185 compat=1 ip=0xf7f44579 code=0x7ffc0000 [ 494.683981][ T39] audit: type=1326 audit(1736947401.675:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13152 comm="syz.3.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x7ffc0000 [ 494.691962][ T39] audit: type=1326 audit(1736947401.685:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13152 comm="syz.3.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x7ffc0000 [ 494.930288][T13168] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌÌULÙvy¸ÚØ¢…D£øUDŒw˜}zR' [ 494.935276][T13168] CPU: 0 UID: 0 PID: 13168 Comm: syz.2.1367 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0 [ 494.939017][T13168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 494.942306][T13168] Call Trace: [ 494.943276][T13168] [ 494.944150][T13168] dump_stack_lvl+0x16c/0x1f0 [ 494.945551][T13168] sysfs_warn_dup+0x7f/0xa0 [ 494.946875][T13168] sysfs_do_create_link_sd+0x124/0x140 [ 494.948448][T13168] sysfs_create_link+0x61/0xc0 [ 494.949852][T13168] device_add+0x62e/0x1a70 [ 494.951160][T13168] ? __pfx_device_add+0x10/0x10 [ 494.952600][T13168] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 494.954332][T13168] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 494.956109][T13168] wiphy_register+0x1c7a/0x2860 [ 494.957554][T13168] ? netdev_run_todo+0x837/0x12d0 [ 494.959040][T13168] ? __pfx_wiphy_register+0x10/0x10 [ 494.960560][T13168] ieee80211_register_hw+0x2951/0x3fa0 [ 494.962130][T13168] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 494.963776][T13168] ? net_generic+0xea/0x2a0 [ 494.965127][T13168] ? lockdep_init_map_type+0x16d/0x7d0 [ 494.966685][T13168] ? rcu_is_watching+0x12/0xc0 [ 494.968090][T13168] ? trace_hrtimer_init+0x1a6/0x230 [ 494.969583][T13168] ? __hrtimer_init+0x106/0x2c0 [ 494.970990][T13168] mac80211_hwsim_new_radio+0x2c47/0x56c0 [ 494.972662][T13168] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 494.974404][T13168] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 494.975934][T13168] hwsim_new_radio_nl+0xb42/0x12b0 [ 494.977407][T13168] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 494.979020][T13168] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 494.981135][T13168] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 494.983252][T13168] genl_family_rcv_msg_doit+0x202/0x2f0 [ 494.984920][T13168] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 494.986687][T13168] ? genl_get_cmd+0x195/0x580 [ 494.988080][T13168] ? bpf_lsm_capable+0x9/0x10 [ 494.989448][T13168] ? security_capable+0x7e/0x260 [ 494.990935][T13168] ? ns_capable+0xd7/0x110 [ 494.992251][T13168] genl_rcv_msg+0x565/0x800 [ 494.993578][T13168] ? __pfx_genl_rcv_msg+0x10/0x10 [ 494.995112][T13168] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 494.996713][T13168] ? __pfx___lock_acquire+0x10/0x10 [ 494.998210][T13168] netlink_rcv_skb+0x165/0x410 [ 494.999604][T13168] ? __pfx_genl_rcv_msg+0x10/0x10 [ 495.001065][T13168] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 495.002581][T13168] ? down_read+0xc9/0x330 [ 495.003837][T13168] ? __pfx_down_read+0x10/0x10 [ 495.005258][T13168] ? netlink_deliver_tap+0x1ae/0xca0 [ 495.006720][T13168] genl_rcv+0x28/0x40 [ 495.007867][T13168] netlink_unicast+0x53c/0x7f0 [ 495.009254][T13168] ? __pfx_netlink_unicast+0x10/0x10 [ 495.010787][T13168] ? __phys_addr_symbol+0x30/0x80 [ 495.012249][T13168] ? __check_object_size+0x488/0x710 [ 495.013777][T13168] netlink_sendmsg+0x8b8/0xd70 [ 495.015173][T13168] ? __pfx_netlink_sendmsg+0x10/0x10 [ 495.016701][T13168] ____sys_sendmsg+0x9ae/0xb40 [ 495.018203][T13168] ? __pfx_____sys_sendmsg+0x10/0x10 [ 495.019728][T13168] ? get_compat_msghdr+0x11b/0x170 [ 495.021219][T13168] ___sys_sendmsg+0x135/0x1e0 [ 495.022589][T13168] ? __pfx____sys_sendmsg+0x10/0x10 [ 495.024107][T13168] ? __fget_files+0x206/0x3a0 [ 495.025489][T13168] __sys_sendmsg+0x16e/0x220 [ 495.026836][T13168] ? __pfx___sys_sendmsg+0x10/0x10 [ 495.028318][T13168] ? __ia32_sys_futex_time32+0x1da/0x460 [ 495.029944][T13168] __do_fast_syscall_32+0x73/0x120 [ 495.031430][T13168] do_fast_syscall_32+0x32/0x80 [ 495.032843][T13168] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 495.034651][T13168] RIP: 0023:0xf7ff0579 [ 495.035820][T13168] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 495.041149][T13168] RSP: 002b:00000000f512555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 495.043529][T13168] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000040 [ 495.045859][T13168] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 495.048098][T13168] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 495.050310][T13168] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 495.052543][T13168] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 495.054815][T13168] [ 495.127222][T13177] netlink: 'syz.0.1368': attribute type 1 has an invalid length. [ 497.823276][T13215] netlink: 'syz.3.1375': attribute type 1 has an invalid length. [ 498.794909][T13236] netlink: 'syz.0.1385': attribute type 1 has an invalid length. [ 499.159268][T13230] cgroup: fork rejected by pids controller in /syz2 [ 499.521513][T13273] IPVS: length: 230 != 24 [ 499.648763][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.651016][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.653227][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.655707][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.657907][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.660122][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.662821][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.668420][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.670700][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.672914][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.676836][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.682576][T13281] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 499.684671][T13281] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 499.688596][T13281] vhci_hcd vhci_hcd.0: Device attached [ 499.699073][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.701262][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.703324][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.705717][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.707930][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.710242][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.712459][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.714705][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.717034][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.719300][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.721569][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.723811][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.726071][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.728207][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.730426][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.732658][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.734887][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.737230][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.739453][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.741873][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.762979][T13282] netlink: 'syz.0.1389': attribute type 1 has an invalid length. [ 499.821498][ T71] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 499.832444][T13293] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 499.834243][ T71] hid-generic 0000:0000:0000.0004: hidraw1: HID v0.00 Device [sy] on syz0 [ 500.392715][ T1412] ieee802154 phy0 wpan0: encryption failed: -22 [ 500.395123][ T1412] ieee802154 phy1 wpan1: encryption failed: -22 [ 500.540320][T13289] vhci_hcd: connection closed [ 500.540534][ T1136] vhci_hcd: stop threads [ 500.543200][ T1136] vhci_hcd: release socket [ 500.545128][ T1136] vhci_hcd: disconnect device [ 500.553975][ T8] vhci_hcd: vhci_device speed not set [ 500.698511][T13303] netlink: 'syz.3.1394': attribute type 1 has an invalid length. [ 501.533530][ T39] audit: type=1800 audit(1736947408.526:71): pid=13309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1386" name="bus" dev="overlay" ino=1962 res=0 errno=0 [ 503.594775][T13336] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1395'. [ 503.826563][T13345] netlink: 'syz.0.1397': attribute type 4 has an invalid length. [ 503.849668][T13345] netlink: 'syz.0.1397': attribute type 4 has an invalid length. [ 504.420755][T13358] netlink: 'syz.2.1399': attribute type 1 has an invalid length. [ 504.475113][T13360] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌÌULÙvy¸ÚØ¢…D£øUDŒw˜}zR' [ 504.478761][T13360] CPU: 2 UID: 0 PID: 13360 Comm: syz.1.1398 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0 [ 504.481854][T13360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 504.484943][T13360] Call Trace: [ 504.485918][T13360] [ 504.486784][T13360] dump_stack_lvl+0x16c/0x1f0 [ 504.488193][T13360] sysfs_warn_dup+0x7f/0xa0 [ 504.489530][T13360] sysfs_do_create_link_sd+0x124/0x140 [ 504.491135][T13360] sysfs_create_link+0x61/0xc0 [ 504.492538][T13360] device_add+0x62e/0x1a70 [ 504.493848][T13360] ? __pfx_device_add+0x10/0x10 [ 504.495263][T13360] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 504.496989][T13360] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 504.498749][T13360] wiphy_register+0x1c7a/0x2860 [ 504.500174][T13360] ? netdev_run_todo+0x837/0x12d0 [ 504.501651][T13360] ? __pfx_wiphy_register+0x10/0x10 [ 504.503472][T13360] ieee80211_register_hw+0x2951/0x3fa0 [ 504.505533][T13360] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 504.507711][T13360] ? net_generic+0xea/0x2a0 [ 504.509479][T13360] ? lockdep_init_map_type+0x16d/0x7d0 [ 504.511541][T13360] ? rcu_is_watching+0x12/0xc0 [ 504.513341][T13360] ? trace_hrtimer_init+0x1a6/0x230 [ 504.515311][T13360] ? __hrtimer_init+0x106/0x2c0 [ 504.517159][T13360] mac80211_hwsim_new_radio+0x2c47/0x56c0 [ 504.519307][T13360] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 504.521596][T13360] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 504.523599][T13360] hwsim_new_radio_nl+0xb42/0x12b0 [ 504.525472][T13360] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 504.527470][T13360] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 504.530308][T13360] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 504.533096][T13360] genl_family_rcv_msg_doit+0x202/0x2f0 [ 504.535185][T13360] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 504.537482][T13360] ? genl_get_cmd+0x195/0x580 [ 504.539264][T13360] ? bpf_lsm_capable+0x9/0x10 [ 504.541032][T13360] ? security_capable+0x7e/0x260 [ 504.542901][T13360] ? ns_capable+0xd7/0x110 [ 504.544602][T13360] genl_rcv_msg+0x565/0x800 [ 504.546310][T13360] ? __pfx_genl_rcv_msg+0x10/0x10 [ 504.548216][T13360] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 504.550287][T13360] ? __pfx___lock_acquire+0x10/0x10 [ 504.552265][T13360] netlink_rcv_skb+0x165/0x410 [ 504.554057][T13360] ? __pfx_genl_rcv_msg+0x10/0x10 [ 504.555960][T13360] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 504.557979][T13360] ? down_read+0xc9/0x330 [ 504.559599][T13360] ? __pfx_down_read+0x10/0x10 [ 504.561411][T13360] ? netlink_deliver_tap+0x1ae/0xca0 [ 504.563412][T13360] genl_rcv+0x28/0x40 [ 504.564958][T13360] netlink_unicast+0x53c/0x7f0 [ 504.566759][T13360] ? __pfx_netlink_unicast+0x10/0x10 [ 504.568768][T13360] ? __phys_addr_symbol+0x30/0x80 [ 504.570681][T13360] ? __check_object_size+0x488/0x710 [ 504.572697][T13360] netlink_sendmsg+0x8b8/0xd70 [ 504.574500][T13360] ? __pfx_netlink_sendmsg+0x10/0x10 [ 504.576513][T13360] ____sys_sendmsg+0x9ae/0xb40 [ 504.578334][T13360] ? __pfx_____sys_sendmsg+0x10/0x10 [ 504.580294][T13360] ? get_compat_msghdr+0x11b/0x170 [ 504.582222][T13360] ___sys_sendmsg+0x135/0x1e0 [ 504.583992][T13360] ? __pfx____sys_sendmsg+0x10/0x10 [ 504.585962][T13360] ? __pfx_lock_release+0x10/0x10 [ 504.587876][T13360] ? trace_lock_acquire+0x14e/0x1f0 [ 504.589845][T13360] ? __fget_files+0x206/0x3a0 [ 504.591641][T13360] __sys_sendmsg+0x16e/0x220 [ 504.593404][T13360] ? __pfx___sys_sendmsg+0x10/0x10 [ 504.595332][T13360] ? __ia32_sys_futex_time32+0x1da/0x460 [ 504.597463][T13360] __do_fast_syscall_32+0x73/0x120 [ 504.599366][T13360] do_fast_syscall_32+0x32/0x80 [ 504.601217][T13360] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 504.603600][T13360] RIP: 0023:0xf714e579 [ 504.605164][T13360] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 504.612317][T13360] RSP: 002b:00000000f511f55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 504.615461][T13360] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000040 [ 504.618407][T13360] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 504.621385][T13360] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 504.624365][T13360] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 504.627325][T13360] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 504.630259][T13360] [ 505.499835][T13376] netlink: 'syz.1.1411': attribute type 1 has an invalid length. [ 505.763009][ T39] audit: type=1800 audit(1736947412.757:72): pid=13385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1403" name="bus" dev="overlay" ino=2024 res=0 errno=0 [ 506.717502][T13398] netlink: 'syz.2.1407': attribute type 1 has an invalid length. [ 507.170538][ T39] audit: type=1800 audit(1736947414.167:73): pid=13405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1414" name="bus" dev="overlay" ino=1991 res=0 errno=0 [ 507.276318][ T39] audit: type=1326 audit(1736947414.277:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13387 comm="syz.3.1406" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x7fc00000 [ 507.424044][ T39] audit: type=1326 audit(1736947414.427:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13387 comm="syz.3.1406" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f44579 code=0x7fc00000 [ 507.695137][ T39] audit: type=1800 audit(1736947414.697:76): pid=13417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1408" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 509.912581][T13441] netlink: 'syz.3.1415': attribute type 1 has an invalid length. [ 510.990205][T13455] netlink: 'syz.1.1419': attribute type 1 has an invalid length. [ 514.022904][ T39] audit: type=1804 audit(1736947421.027:77): pid=13497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1428" name="/newroot/357/file0/cgroup.controllers" dev="9p" ino=37749418 res=1 errno=0 [ 515.481672][T13526] netlink: 'syz.3.1431': attribute type 4 has an invalid length. [ 515.489364][T13526] netlink: 'syz.3.1431': attribute type 4 has an invalid length. [ 517.311440][T13545] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1435'. [ 517.315095][T13545] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1435'. [ 517.522433][ T2285] usb 7-1: new high-speed USB device number 36 using dummy_hcd [ 518.452282][ T2285] usb 7-1: device descriptor read/64, error -71 [ 518.812503][ T2285] usb 7-1: new high-speed USB device number 37 using dummy_hcd [ 518.952272][ T2285] usb 7-1: device descriptor read/64, error -71 [ 519.125821][ T2285] usb usb7-port1: attempt power cycle [ 519.462773][ T39] audit: type=1326 audit(1736947426.457:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13583 comm="syz.0.1441" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f27579 code=0x7ffc0000 [ 519.470917][ T39] audit: type=1326 audit(1736947426.467:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13583 comm="syz.0.1441" exe="/syz-executor" sig=0 arch=40000003 syscall=185 compat=1 ip=0xf7f27579 code=0x7ffc0000 [ 519.478595][ T39] audit: type=1326 audit(1736947426.467:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13583 comm="syz.0.1441" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f27579 code=0x7ffc0000 [ 519.492766][ T39] audit: type=1326 audit(1736947426.467:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13583 comm="syz.0.1441" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f27579 code=0x7ffc0000 [ 519.537173][T13585] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 519.541380][T13585] bridge0: left promiscuous mode [ 519.544709][T13585] bridge0: port 1(syz_tun) entered disabled state [ 519.571287][T13585] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 519.576810][T13585] mac80211_hwsim hwsim5 wlan1: left promiscuous mode [ 519.579970][T13585] bond0 (unregistering): Released all slaves [ 519.612744][ T2285] usb 7-1: new high-speed USB device number 38 using dummy_hcd [ 519.636186][ T2285] usb 7-1: device descriptor read/8, error -71 [ 519.872257][ T2285] usb 7-1: new high-speed USB device number 39 using dummy_hcd [ 519.892645][ T2285] usb 7-1: device descriptor read/8, error -71 [ 520.010851][ T2285] usb usb7-port1: unable to enumerate USB device [ 520.391528][ T5981] libceph: connect (1)[c::]:6789 error -101 [ 520.393713][ T5981] libceph: mon0 (1)[c::]:6789 connect error [ 520.655165][T13595] ceph: No mds server is up or the cluster is laggy [ 520.905373][T13606] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌÌULÙvy¸ÚØ¢…D£øUDŒw˜}zR' [ 520.908558][T13606] CPU: 0 UID: 0 PID: 13606 Comm: syz.0.1445 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0 [ 520.911903][T13606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 520.915097][T13606] Call Trace: [ 520.916128][T13606] [ 520.917069][T13606] dump_stack_lvl+0x16c/0x1f0 [ 520.918485][T13606] sysfs_warn_dup+0x7f/0xa0 [ 520.919887][T13606] sysfs_do_create_link_sd+0x124/0x140 [ 520.921575][T13606] sysfs_create_link+0x61/0xc0 [ 520.923079][T13606] device_add+0x62e/0x1a70 [ 520.924441][T13606] ? __pfx_device_add+0x10/0x10 [ 520.925943][T13606] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 520.927828][T13606] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 520.929641][T13606] wiphy_register+0x1c7a/0x2860 [ 520.931133][T13606] ? netdev_run_todo+0x837/0x12d0 [ 520.932767][T13606] ? __pfx_wiphy_register+0x10/0x10 [ 520.934333][T13606] ieee80211_register_hw+0x2951/0x3fa0 [ 520.936024][T13606] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 520.937802][T13606] ? net_generic+0xea/0x2a0 [ 520.939164][T13606] ? lockdep_init_map_type+0x16d/0x7d0 [ 520.940834][T13606] ? rcu_is_watching+0x12/0xc0 [ 520.942375][T13606] ? trace_hrtimer_init+0x1a6/0x230 [ 520.944009][T13606] ? __hrtimer_init+0x106/0x2c0 [ 520.945494][T13606] mac80211_hwsim_new_radio+0x2c47/0x56c0 [ 520.947299][T13606] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 520.949144][T13606] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 520.950791][T13606] hwsim_new_radio_nl+0xb42/0x12b0 [ 520.952442][T13606] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 520.954126][T13606] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 520.956343][T13606] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 520.958603][T13606] genl_family_rcv_msg_doit+0x202/0x2f0 [ 520.960227][T13606] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 520.962142][T13606] ? genl_get_cmd+0x195/0x580 [ 520.963583][T13606] ? bpf_lsm_capable+0x9/0x10 [ 520.965064][T13606] ? security_capable+0x7e/0x260 [ 520.966489][T13606] ? ns_capable+0xd7/0x110 [ 520.967932][T13606] genl_rcv_msg+0x565/0x800 [ 520.969327][T13606] ? __pfx_genl_rcv_msg+0x10/0x10 [ 520.970874][T13606] ? lockdep_hardirqs_on+0x7c/0x110 [ 520.972511][T13606] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 520.974223][T13606] netlink_rcv_skb+0x165/0x410 [ 520.975697][T13606] ? __pfx_genl_rcv_msg+0x10/0x10 [ 520.977268][T13606] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 520.978855][T13606] ? down_read+0xc9/0x330 [ 520.980183][T13606] ? __pfx_down_read+0x10/0x10 [ 520.981706][T13606] ? netlink_deliver_tap+0x1ae/0xca0 [ 520.983325][T13606] genl_rcv+0x28/0x40 [ 520.984565][T13606] netlink_unicast+0x53c/0x7f0 [ 520.986042][T13606] ? __pfx_netlink_unicast+0x10/0x10 [ 520.987833][T13606] ? __phys_addr_symbol+0x30/0x80 [ 520.989670][T13606] ? __check_object_size+0x488/0x710 [ 520.991489][T13606] netlink_sendmsg+0x8b8/0xd70 [ 520.993018][T13606] ? __pfx_netlink_sendmsg+0x10/0x10 [ 520.994621][T13606] ____sys_sendmsg+0x9ae/0xb40 [ 520.996127][T13606] ? __pfx_____sys_sendmsg+0x10/0x10 [ 520.997782][T13606] ? get_compat_msghdr+0x11b/0x170 [ 520.999336][T13606] ___sys_sendmsg+0x135/0x1e0 [ 521.000786][T13606] ? __pfx____sys_sendmsg+0x10/0x10 [ 521.002379][T13606] ? __pfx_lock_release+0x10/0x10 [ 521.003966][T13606] ? trace_lock_acquire+0x14e/0x1f0 [ 521.005573][T13606] ? __fget_files+0x206/0x3a0 [ 521.007060][T13606] __sys_sendmsg+0x16e/0x220 [ 521.008484][T13606] ? __pfx___sys_sendmsg+0x10/0x10 [ 521.010023][T13606] ? __ia32_sys_futex_time32+0x1da/0x460 [ 521.011785][T13606] __do_fast_syscall_32+0x73/0x120 [ 521.013386][T13606] do_fast_syscall_32+0x32/0x80 [ 521.014893][T13606] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 521.016834][T13606] RIP: 0023:0xf7f27579 [ 521.018097][T13606] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 521.024131][T13606] RSP: 002b:00000000f505555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 521.026623][T13606] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000040 [ 521.029060][T13606] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 521.031435][T13606] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 521.033908][T13606] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 521.036327][T13606] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 521.038722][T13606] [ 522.571014][T13617] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1448'. [ 522.575107][T13617] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1448'. [ 523.446334][T13634] block device autoloading is deprecated and will be removed. [ 523.462360][T13633] md: md2 stopped. [ 524.132644][T13644] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1454'. [ 524.135315][T13644] netlink: 'syz.3.1454': attribute type 1 has an invalid length. [ 524.875526][T13658] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1456'. [ 525.824605][T13664] syz.1.1458: attempt to access beyond end of device [ 525.824605][T13664] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 525.829200][T13664] syz.1.1458: attempt to access beyond end of device [ 525.829200][T13664] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 525.833204][T13664] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 525.837031][T13664] syz.1.1458: attempt to access beyond end of device [ 525.837031][T13664] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 525.840819][T13664] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 525.845307][T13664] syz.1.1458: attempt to access beyond end of device [ 525.845307][T13664] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 525.849955][T13664] syz.1.1458: attempt to access beyond end of device [ 525.849955][T13664] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 525.853953][T13664] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 525.856899][T13664] syz.1.1458: attempt to access beyond end of device [ 525.856899][T13664] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 525.860676][T13664] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 525.864306][T13664] syz.1.1458: attempt to access beyond end of device [ 525.864306][T13664] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 525.868875][T13664] syz.1.1458: attempt to access beyond end of device [ 525.868875][T13664] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 525.872923][T13664] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 525.876419][T13664] syz.1.1458: attempt to access beyond end of device [ 525.876419][T13664] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 525.880331][T13664] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 525.889651][T13664] syz.1.1458: attempt to access beyond end of device [ 525.889651][T13664] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 525.893874][T13664] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 525.897130][T13664] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 525.900139][T13664] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 526.332081][T13668] nbd1: detected capacity change from 0 to 67108884 [ 526.347298][T13542] block nbd1: Send control failed (result -89) [ 526.350061][T13542] block nbd1: Request send failed, requeueing [ 526.355405][ T5946] block nbd1: Receive control failed (result -32) [ 526.362872][T12838] block nbd1: Dead connection, failed to find a fallback [ 526.365767][T12838] block nbd1: shutting down sockets [ 526.367892][T12838] blk_print_req_error: 90 callbacks suppressed [ 526.367903][T12838] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.373830][T12838] buffer_io_error: 90 callbacks suppressed [ 526.373840][T12838] Buffer I/O error on dev nbd1, logical block 0, async page read [ 526.384166][T13542] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.392355][T13542] Buffer I/O error on dev nbd1, logical block 0, async page read [ 526.395307][T13542] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.401118][T13542] Buffer I/O error on dev nbd1, logical block 0, async page read [ 526.404469][T13542] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.407116][T13542] Buffer I/O error on dev nbd1, logical block 0, async page read [ 526.409800][T13542] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.413233][T13542] Buffer I/O error on dev nbd1, logical block 0, async page read [ 526.415955][T13542] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.418707][T13542] Buffer I/O error on dev nbd1, logical block 0, async page read [ 526.421441][T13542] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.426326][T13542] Buffer I/O error on dev nbd1, logical block 0, async page read [ 526.429086][T13542] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.431696][T13542] Buffer I/O error on dev nbd1, logical block 0, async page read [ 526.434671][T13542] ldm_validate_partition_table(): Disk read failed. [ 526.437131][T13542] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.439642][T13542] Buffer I/O error on dev nbd1, logical block 0, async page read [ 526.444274][T13542] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.446891][T13542] Buffer I/O error on dev nbd1, logical block 0, async page read [ 526.449227][T13542] Dev nbd1: unable to read RDB block 0 [ 526.451041][T13542] nbd1: unable to read partition table [ 526.921046][T13542] ldm_validate_partition_table(): Disk read failed. [ 526.923315][T13542] Dev nbd1: unable to read RDB block 0 [ 526.925130][T13542] nbd1: unable to read partition table [ 527.074336][T13682] ceph: No mds server is up or the cluster is laggy [ 527.078189][ T5979] libceph: connect (1)[c::]:6789 error -101 [ 527.081582][ T5979] libceph: mon0 (1)[c::]:6789 connect error [ 527.926803][T13699] kAFS: unable to lookup cell '.,' [ 528.188825][ T5979] libceph: connect (1)[c::]:6789 error -101 [ 528.191638][ T5979] libceph: mon0 (1)[c::]:6789 connect error [ 528.260040][T13706] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌÌULÙvy¸ÚØ¢…D£øUDŒw˜}zR' [ 528.263622][T13706] CPU: 0 UID: 0 PID: 13706 Comm: syz.1.1466 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0 [ 528.266647][T13706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 528.269694][T13706] Call Trace: [ 528.270674][T13706] [ 528.271537][T13706] dump_stack_lvl+0x16c/0x1f0 [ 528.272915][T13706] sysfs_warn_dup+0x7f/0xa0 [ 528.274251][T13706] sysfs_do_create_link_sd+0x124/0x140 [ 528.275808][T13706] sysfs_create_link+0x61/0xc0 [ 528.277175][T13706] device_add+0x62e/0x1a70 [ 528.278480][T13706] ? __pfx_device_add+0x10/0x10 [ 528.279876][T13706] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 528.281565][T13706] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 528.283275][T13706] wiphy_register+0x1c7a/0x2860 [ 528.284697][T13706] ? netdev_run_todo+0x837/0x12d0 [ 528.286146][T13706] ? __pfx_wiphy_register+0x10/0x10 [ 528.287648][T13706] ieee80211_register_hw+0x2951/0x3fa0 [ 528.289206][T13706] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 528.290896][T13706] ? net_generic+0xea/0x2a0 [ 528.292216][T13706] ? lockdep_init_map_type+0x16d/0x7d0 [ 528.293774][T13706] ? rcu_is_watching+0x12/0xc0 [ 528.295166][T13706] ? trace_hrtimer_init+0x1a6/0x230 [ 528.296666][T13706] ? __hrtimer_init+0x106/0x2c0 [ 528.298064][T13706] mac80211_hwsim_new_radio+0x2c47/0x56c0 [ 528.299715][T13706] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 528.301455][T13706] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 528.302972][T13706] hwsim_new_radio_nl+0xb42/0x12b0 [ 528.304456][T13706] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 528.306028][T13706] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 528.308159][T13706] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 528.310273][T13706] genl_family_rcv_msg_doit+0x202/0x2f0 [ 528.311869][T13706] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 528.313611][T13706] ? genl_get_cmd+0x195/0x580 [ 528.314995][T13706] ? bpf_lsm_capable+0x9/0x10 [ 528.316357][T13706] ? security_capable+0x7e/0x260 [ 528.317781][T13706] ? ns_capable+0xd7/0x110 [ 528.319084][T13706] genl_rcv_msg+0x565/0x800 [ 528.320409][T13706] ? __pfx_genl_rcv_msg+0x10/0x10 [ 528.321856][T13706] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 528.323437][T13706] ? __pfx___lock_acquire+0x10/0x10 [ 528.324934][T13706] netlink_rcv_skb+0x165/0x410 [ 528.326309][T13706] ? __pfx_genl_rcv_msg+0x10/0x10 [ 528.327770][T13706] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 528.329298][T13706] ? down_read+0xc9/0x330 [ 528.330554][T13706] ? __pfx_down_read+0x10/0x10 [ 528.331947][T13706] ? netlink_deliver_tap+0x1ae/0xca0 [ 528.333465][T13706] ? __rcu_read_unlock+0x2b4/0x580 [ 528.334930][T13706] genl_rcv+0x28/0x40 [ 528.336089][T13706] netlink_unicast+0x53c/0x7f0 [ 528.337466][T13706] ? __pfx_netlink_unicast+0x10/0x10 [ 528.338973][T13706] ? __phys_addr_symbol+0x30/0x80 [ 528.340423][T13706] ? __check_object_size+0x488/0x710 [ 528.341940][T13706] netlink_sendmsg+0x8b8/0xd70 [ 528.343319][T13706] ? __pfx_netlink_sendmsg+0x10/0x10 [ 528.344853][T13706] ____sys_sendmsg+0x9ae/0xb40 [ 528.346235][T13706] ? __pfx_____sys_sendmsg+0x10/0x10 [ 528.347768][T13706] ? get_compat_msghdr+0x11b/0x170 [ 528.349243][T13706] ___sys_sendmsg+0x135/0x1e0 [ 528.350615][T13706] ? __pfx____sys_sendmsg+0x10/0x10 [ 528.352132][T13706] ? __pfx_lock_release+0x10/0x10 [ 528.353575][T13706] ? trace_lock_acquire+0x14e/0x1f0 [ 528.355074][T13706] ? __fget_files+0x206/0x3a0 [ 528.356448][T13706] __sys_sendmsg+0x16e/0x220 [ 528.357754][T13706] ? __pfx___sys_sendmsg+0x10/0x10 [ 528.359197][T13706] ? __ia32_sys_futex_time32+0x1da/0x460 [ 528.360820][T13706] __do_fast_syscall_32+0x73/0x120 [ 528.362293][T13706] do_fast_syscall_32+0x32/0x80 [ 528.363700][T13706] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 528.365523][T13706] RIP: 0023:0xf714e579 [ 528.366694][T13706] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 528.372179][T13706] RSP: 002b:00000000f511f55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 528.374533][T13706] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000040 [ 528.376754][T13706] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 528.378975][T13706] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 528.381173][T13706] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 528.383420][T13706] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 528.385701][T13706] [ 528.493637][ T5979] libceph: connect (1)[c::]:6789 error -101 [ 528.495540][ T5979] libceph: mon0 (1)[c::]:6789 connect error [ 528.581778][T13697] ceph: No mds server is up or the cluster is laggy [ 529.412177][ T2285] usb 7-1: new high-speed USB device number 40 using dummy_hcd [ 529.602389][ T2285] usb 7-1: device descriptor read/64, error -71 [ 529.740755][T13722] random: crng reseeded on system resumption [ 529.776859][T13722] overlay: Unknown parameter 'ime [ 529.776859][T13722] string [ 529.776859][T13722] statistic [ 529.776859][T13722] state [ 529.776859][T13722] realm [ 529.776859][T13722] rateest [ 529.776859][T13722] quota [ 529.776859][T13722] pkttype [ 529.776859][T13722] physdev [ 529.776859][T13722] cgroup [ 529.776859][T13722] cgroup [ 529.776859][T13722] cgroup [ 529.776859][T13722] owner [ 529.776859][T13722] nfacct [ 529.776859][T13722] nfacct [ 529.776859][T13722] mac [ 529.776859][T13722] limit [ 529.776859][T13722] ipvs [ 529.776859][T13722] helper [ 529.776859][T13722] devgroup [ 529.776859][T13722] cpu [ 529.776859][T13722] conntrack [ 529.776859][T13722] conntrack [ 529.776859][T13722] conntrack [ 529.776859][T13722] connlabel [ 529.776859][T13722] connbytes [ 529.776859][T13722] comment [ 529.776859][T13722] bpf [ 529.776859][T13722] bpf [ 529.776859][T13722] connmark [ 529.776859][T13722] mark [ 529.776859][T13722] rpfilter [ 529.776859][T13722] ah [ 529.776859][T13722] tcpmss [ 529.776859][T13722] socket [ 529.776859][T13722] socket [ 529.776859][T13722] socket [ 529.776859][T13722] socket [ 529.776859][T13722] sctp [ 529.776859][T13722] recent [ 529.776859][T13722] recent [ 529.776859][T13722] policy [ 529.776859][T13722] osf [ 529.776859][T13722] multiport [ 529.776859][T13722] length [ 529.776859][T13722] l2tp [ 529.776859][T13722] iprange [ 529.776859][T13722] ipcomp [ 529.776859][T13722] ttl [ 529.776859][T13722] hashlimit [ 529.776859][T13722] hashlimit [ 529.776859][T13722] hashlimit [ 529.776859][T13722] esp [ 529.776859][T13722] ecn [ 529.776859][T13722] tos [ 529.776859][T13722] dscp [ 529.776859][T13722] dccp [ 529.776859][T13722] connlimit [ 529.776859][T13722] cluster [ 529.776859][T13722] addrtype [ 529.776859][T13722] addrtype [ 529.776859][T13722] set [ 529.776859][T13722] set [ 529.776859][T13722] set [ 529.776859][T13722] set [ 529.776859][T13722] set [ 529.776859][T13722] icmp [ 529.852049][ T2285] usb 7-1: new high-speed USB device number 41 using dummy_hcd [ 529.982025][ T2285] usb 7-1: device descriptor read/64, error -71 [ 530.001993][ T8] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 530.102181][ T2285] usb usb7-port1: attempt power cycle [ 530.163707][ T8] usb 6-1: config 0 has no interfaces? [ 530.166499][ T8] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 530.169487][ T8] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 530.174121][ T8] usb 6-1: Manufacturer: syz [ 530.180127][ T8] usb 6-1: config 0 descriptor?? [ 530.414808][T13734] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1475'. [ 530.442133][ T2285] usb 7-1: new high-speed USB device number 42 using dummy_hcd [ 530.465978][T13734] syzkaller0: entered promiscuous mode [ 530.466150][ T2285] usb 7-1: device descriptor read/8, error -71 [ 530.468256][T13734] syzkaller0: entered allmulticast mode [ 530.713064][ T2285] usb 7-1: new high-speed USB device number 43 using dummy_hcd [ 530.735319][ T2285] usb 7-1: device descriptor read/8, error -71 [ 530.860251][ T2285] usb usb7-port1: unable to enumerate USB device [ 531.861108][T13740] kAFS: unable to lookup cell '.,' [ 532.102007][ T2285] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 532.231989][ T2285] usb 5-1: device descriptor read/64, error -71 [ 532.261994][ T5981] usb 7-1: new high-speed USB device number 44 using dummy_hcd [ 532.423322][ T5981] usb 7-1: config 0 has no interfaces? [ 532.425057][ T5981] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 532.428192][ T5981] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.431796][ T5981] usb 7-1: config 0 descriptor?? [ 532.493358][ T2285] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 532.622102][ T2285] usb 5-1: device descriptor read/64, error -71 [ 533.034259][ T2285] usb usb5-port1: attempt power cycle [ 533.036540][ T5981] usb 6-1: USB disconnect, device number 47 [ 533.213981][ T8] usb 7-1: USB disconnect, device number 44 [ 533.372175][ T2285] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 533.392680][ T2285] usb 5-1: device descriptor read/8, error -71 [ 533.631974][ T2285] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 533.666823][ T2285] usb 5-1: device descriptor read/8, error -71 [ 533.776477][ T2285] usb usb5-port1: unable to enumerate USB device [ 536.562640][ T5979] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 536.804718][ T5979] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 536.807372][ T5979] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 536.812896][ T5979] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 536.815806][ T5979] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 536.818296][ T5979] usb 5-1: Manufacturer: syz [ 536.825474][ T5979] usb 5-1: config 0 descriptor?? [ 536.836602][ T5979] igorplugusb 5-1:0.0: incorrect number of endpoints [ 537.664319][ T63] IPVS: starting estimator thread 0... [ 537.771980][T13830] IPVS: using max 40 ests per chain, 96000 per kthread [ 537.902006][ T5979] usb 8-1: new high-speed USB device number 48 using dummy_hcd [ 538.052415][ T5979] usb 8-1: Using ep0 maxpacket: 16 [ 538.056959][ T5979] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 538.060063][ T5979] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 538.064481][ T5979] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 538.067118][ T5979] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.073275][ T5979] usb 8-1: config 0 descriptor?? [ 538.084511][ T5979] usbhid 8-1:0.0: couldn't find an input interrupt endpoint [ 538.233253][ T2285] usb 7-1: new high-speed USB device number 45 using dummy_hcd [ 538.394824][ T2285] usb 7-1: config 0 has no interfaces? [ 538.397501][ T2285] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 538.401555][ T2285] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 538.405663][ T2285] usb 7-1: Manufacturer: syz [ 538.411731][ T2285] usb 7-1: config 0 descriptor?? [ 539.266693][ T63] usb 8-1: USB disconnect, device number 48 [ 539.342114][ T5979] usb 5-1: USB disconnect, device number 49 [ 539.409748][T13851] bond0: entered promiscuous mode [ 539.411959][T13851] bond0: entered allmulticast mode [ 539.414181][T13851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 539.528763][T13851] bond0 (unregistering): Released all slaves [ 539.970629][T13866] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1498'. [ 540.565032][T13872] kAFS: unable to lookup cell 'sy>7 †ŸO-z1' [ 541.120314][ T5998] usb 7-1: USB disconnect, device number 45 [ 541.159521][T13876] Attempt to restore checkpoint with obsolete wellknown handles [ 541.332204][T13884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1501'. [ 541.831874][ T5998] usb 7-1: new high-speed USB device number 46 using dummy_hcd [ 541.833058][T13884] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 541.983138][ T5998] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 541.985569][ T5998] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 541.989185][ T5998] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 541.992201][ T5998] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 541.994498][ T5998] usb 7-1: Manufacturer: syz [ 541.996704][ T5998] usb 7-1: config 0 descriptor?? [ 542.000125][ T5998] igorplugusb 7-1:0.0: incorrect number of endpoints [ 542.179166][T13890] bond1: entered promiscuous mode [ 542.180726][T13890] bond1: entered allmulticast mode [ 542.183840][T13890] 8021q: adding VLAN 0 to HW filter on device bond1 [ 542.592039][T13890] bond1 (unregistering): Released all slaves [ 544.084233][T13921] can0: slcan on ttyS3. [ 544.322850][T13924] can0 (unregistered): slcan off ttyS3. [ 544.350048][ T5981] usb 7-1: USB disconnect, device number 46 [ 545.251851][ T5981] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 545.335387][T13950] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 545.375691][T13954] Attempt to restore checkpoint with obsolete wellknown handles [ 545.425430][ T5981] usb 6-1: config 0 has no interfaces? [ 545.428793][ T5981] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 545.431907][ T5981] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 545.434594][ T5981] usb 6-1: Manufacturer: syz [ 545.440512][ T5981] usb 6-1: config 0 descriptor?? [ 547.216646][T13984] netlink: 'syz.2.1520': attribute type 27 has an invalid length. [ 547.274807][T13984] tipc: Resetting bearer [ 547.392106][ T6008] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 547.500169][T13984] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.506129][T13984] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.509234][T13984] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.512348][T13984] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.514965][T13984] geneve2: left promiscuous mode [ 547.516449][T13984] geneve2: left allmulticast mode [ 547.527392][T13986] sp0: Synchronizing with TNC [ 547.615272][ T6008] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 547.617796][ T6008] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 547.622237][ T6008] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 547.625043][ T6008] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 547.628228][ T6008] usb 5-1: Manufacturer: syz [ 547.643416][ T6008] usb 5-1: config 0 descriptor?? [ 547.655569][ T6008] igorplugusb 5-1:0.0: incorrect number of endpoints [ 548.233063][ T6008] usb 6-1: USB disconnect, device number 48 [ 548.328447][T13981] [U] è [ 548.711769][ T39] audit: type=1804 audit(1736947455.698:82): pid=14002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1523" name="/newroot/385/file0/cgroup.controllers" dev="9p" ino=37749418 res=1 errno=0 [ 549.406332][T14014] ptrace attach of "/syz-executor exec"[5937] was attempted by "/syz-executor exec"[14014] [ 550.003322][ T5981] usb 5-1: USB disconnect, device number 50 [ 550.137783][T14024] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 550.475899][T14029] random: crng reseeded on system resumption [ 550.518936][T14031] overlay: Unknown parameter 'ime [ 550.518936][T14031] string [ 550.518936][T14031] statistic [ 550.518936][T14031] state [ 550.518936][T14031] realm [ 550.518936][T14031] rateest [ 550.518936][T14031] quota [ 550.518936][T14031] pkttype [ 550.518936][T14031] physdev [ 550.518936][T14031] cgroup [ 550.518936][T14031] cgroup [ 550.518936][T14031] cgroup [ 550.518936][T14031] owner [ 550.518936][T14031] nfacct [ 550.518936][T14031] nfacct [ 550.518936][T14031] mac [ 550.518936][T14031] limit [ 550.518936][T14031] ipvs [ 550.518936][T14031] helper [ 550.518936][T14031] devgroup [ 550.518936][T14031] cpu [ 550.518936][T14031] conntrack [ 550.518936][T14031] conntrack [ 550.518936][T14031] conntrack [ 550.518936][T14031] connlabel [ 550.518936][T14031] connbytes [ 550.518936][T14031] comment [ 550.518936][T14031] bpf [ 550.518936][T14031] bpf [ 550.518936][T14031] connmark [ 550.518936][T14031] mark [ 550.518936][T14031] rpfilter [ 550.518936][T14031] ah [ 550.518936][T14031] tcpmss [ 550.518936][T14031] socket [ 550.518936][T14031] socket [ 550.518936][T14031] socket [ 550.518936][T14031] socket [ 550.518936][T14031] sctp [ 550.518936][T14031] recent [ 550.518936][T14031] recent [ 550.518936][T14031] policy [ 550.518936][T14031] osf [ 550.518936][T14031] multiport [ 550.518936][T14031] length [ 550.518936][T14031] l2tp [ 550.518936][T14031] iprange [ 550.518936][T14031] ipcomp [ 550.518936][T14031] ttl [ 550.518936][T14031] hashlimit [ 550.518936][T14031] hashlimit [ 550.518936][T14031] hashlimit [ 550.518936][T14031] esp [ 550.518936][T14031] ecn [ 550.518936][T14031] tos [ 550.518936][T14031] dscp [ 550.518936][T14031] dccp [ 550.518936][T14031] connlimit [ 550.518936][T14031] cluster [ 550.518936][T14031] addrtype [ 550.518936][T14031] addrtype [ 550.518936][T14031] set [ 550.518936][T14031] set [ 550.518936][T14031] set [ 550.518936][T14031] set [ 550.518936][T14031] set [ 550.518936][T14031] icmp [ 550.581587][T14031] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 551.176861][ T39] audit: type=1804 audit(1736947458.178:83): pid=14044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1530" name="/newroot/378/file0/bus" dev="ramfs" ino=37499 res=1 errno=0 [ 553.376991][ T39] audit: type=1804 audit(1736947460.378:84): pid=14062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1536" name="/newroot/376/file0/cgroup.controllers" dev="9p" ino=37749418 res=1 errno=0 [ 554.455088][T14084] netlink: 'syz.3.1540': attribute type 12 has an invalid length. [ 555.555894][ T39] audit: type=1800 audit(1736947462.558:85): pid=14118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1544" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0 [ 557.179376][T14144] kAFS: unable to lookup cell 'sy>7 †ŸO-z1' [ 558.237041][T14150] can0: slcan on ttyS3. [ 558.743042][T14153] can0 (unregistered): slcan off ttyS3. [ 558.774456][T14164] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 558.776985][T14164] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 558.784462][T14164] vhci_hcd vhci_hcd.0: Device attached [ 558.951808][ T71] vhci_hcd: vhci_device speed not set [ 559.011838][ T71] usb 39-1: new full-speed USB device number 6 using vhci_hcd [ 560.285545][T14175] netlink: 4816 bytes leftover after parsing attributes in process `syz.3.1555'. [ 560.296585][T14165] vhci_hcd: connection reset by peer [ 560.319023][ T1136] vhci_hcd: stop threads [ 560.324510][ T1136] vhci_hcd: release socket [ 560.334993][ T1136] vhci_hcd: disconnect device [ 561.405226][ T39] audit: type=1400 audit(1736947468.408:86): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=14188 comm="syz.3.1560" [ 561.826250][ T1412] ieee802154 phy0 wpan0: encryption failed: -22 [ 561.828128][ T1412] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.161850][ T6091] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 563.311735][ T6091] usb 6-1: Using ep0 maxpacket: 16 [ 563.314548][ T6091] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 563.317636][ T6091] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 563.321265][ T6091] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 563.324403][ T6091] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.327708][ T6091] usb 6-1: config 0 descriptor?? [ 563.331485][ T6091] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 564.141953][ T71] vhci_hcd: vhci_device speed not set [ 564.148972][ T39] audit: type=1804 audit(1736947471.148:87): pid=14256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1567" name="/newroot/387/file0/cgroup.controllers" dev="9p" ino=37749418 res=1 errno=0 [ 564.848477][T14263] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1569'. [ 565.038042][ T5998] hid-generic 0000:0000:0000.0005: item fetching failed at offset 0/1 [ 565.042939][ T5998] hid-generic 0000:0000:0000.0005: probe with driver hid-generic failed with error -22 [ 565.559794][ T71] usb 6-1: USB disconnect, device number 49 [ 566.036263][T14272] tmpfs: Unknown parameter 'usrquota-½p' [ 568.415392][T14297] IPVS: stopping backup sync thread 11812 ... [ 568.684797][T14304] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 568.688012][T14304] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 568.690408][T14304] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 568.692961][T14304] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 568.696972][T14304] vxlan0: entered promiscuous mode [ 568.698537][T14304] vxlan0: entered allmulticast mode [ 568.702285][T14304] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 568.704759][T14304] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 568.707896][T14304] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 568.710356][T14304] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 569.173091][T14310] kAFS: unable to lookup cell 'sy>7 †ŸO-z1' [ 569.616618][T14320] netlink: 'syz.0.1582': attribute type 1 has an invalid length. [ 569.685185][T14322] can0: slcan on ttyS3. [ 570.552916][T14331] can0 (unregistered): slcan off ttyS3. [ 571.063024][T14358] overlayfs: failed to clone upperpath [ 571.921781][ T6091] usb 6-1: new high-speed USB device number 50 using dummy_hcd [ 572.168594][ T6091] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 572.171079][ T6091] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 572.188734][ T6091] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 572.191415][ T6091] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 572.193897][ T6091] usb 6-1: Manufacturer: syz [ 572.204017][ T6091] usb 6-1: config 0 descriptor?? [ 572.207532][ T6091] igorplugusb 6-1:0.0: incorrect number of endpoints [ 573.458873][T14406] netlink: 'syz.0.1595': attribute type 1 has an invalid length. [ 574.709727][ T5981] usb 6-1: USB disconnect, device number 50 [ 575.014899][T14430] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 575.035114][T14430] evm: overlay not supported [ 577.604144][ T6091] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 577.756348][T14472] pimreg: entered allmulticast mode [ 577.763460][ T6091] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 577.766687][ T6091] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 577.771044][ T6091] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 577.777356][ T6091] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 577.781103][ T6091] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 577.784914][ T6091] usb 6-1: Manufacturer: syz [ 577.790226][ T6091] usb 6-1: config 0 descriptor?? [ 577.795766][ T6091] igorplugusb 6-1:0.0: incorrect number of endpoints [ 578.797586][T14494] netlink: 'syz.0.1615': attribute type 1 has an invalid length. [ 578.910071][T14495] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 578.912340][T14495] UDF-fs: Scanning with blocksize 2048 failed [ 578.915224][T14495] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 578.917409][T14495] UDF-fs: Scanning with blocksize 4096 failed [ 580.377901][ T5981] usb 6-1: USB disconnect, device number 51 [ 582.110821][T14547] kAFS: unable to lookup cell 'sy>7 †ŸO-z1' [ 583.006828][T14563] netlink: 'syz.3.1626': attribute type 1 has an invalid length. [ 584.930407][T14593] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1632'. [ 585.206884][T14604] netlink: 'syz.0.1634': attribute type 1 has an invalid length. [ 585.453293][T14609] kAFS: unable to lookup cell 'sy>7 †ŸO-z1' [ 586.307865][ T6091] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 586.475314][ T6091] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 586.477986][ T6091] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 586.482491][ T6091] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 586.485166][ T6091] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 586.488056][ T6091] usb 6-1: Manufacturer: syz [ 586.491840][ T6091] usb 6-1: config 0 descriptor?? [ 586.496772][ T6091] igorplugusb 6-1:0.0: incorrect number of endpoints [ 588.761242][T14673] netlink: 'syz.2.1648': attribute type 1 has an invalid length. [ 589.010127][ T5981] usb 6-1: USB disconnect, device number 52 [ 591.412908][ T8] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 591.575282][ T8] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 591.577677][ T8] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 591.592929][ T8] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 591.596516][ T8] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 591.599349][ T8] usb 6-1: Manufacturer: syz [ 591.601868][ T8] usb 6-1: config 0 descriptor?? [ 591.606851][ T8] igorplugusb 6-1:0.0: incorrect number of endpoints [ 592.551966][ T5942] usb 8-1: new high-speed USB device number 49 using dummy_hcd [ 592.651740][T14737] netlink: 'syz.0.1661': attribute type 1 has an invalid length. [ 592.713101][ T5942] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 592.715889][ T5942] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 592.719885][ T5942] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 592.724002][ T5942] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 592.726435][ T5942] usb 8-1: Manufacturer: syz [ 592.735309][ T5942] usb 8-1: config 0 descriptor?? [ 592.738675][ T5942] igorplugusb 8-1:0.0: incorrect number of endpoints [ 593.597970][T14748] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 594.177556][ T5942] usb 6-1: USB disconnect, device number 53 [ 594.744876][T14759] overlayfs: failed to clone upperpath [ 595.321014][ T5981] usb 8-1: USB disconnect, device number 49 [ 596.554520][T14785] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1673'. [ 598.911775][ T8] usb 6-1: new high-speed USB device number 54 using dummy_hcd [ 599.032804][T14818] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1680'. [ 599.073287][ T8] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 599.076742][ T8] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 599.081871][ T8] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 599.086150][ T8] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 599.089642][ T8] usb 6-1: Manufacturer: syz [ 599.093919][ T8] usb 6-1: config 0 descriptor?? [ 599.098793][ T8] igorplugusb 6-1:0.0: incorrect number of endpoints [ 600.455620][T14831] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1683'. [ 600.459387][T14831] netlink: 'syz.0.1683': attribute type 1 has an invalid length. [ 600.463599][T14831] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1683'. [ 601.867149][ T5981] usb 6-1: USB disconnect, device number 54 [ 603.131755][ T8] usb 6-1: new high-speed USB device number 55 using dummy_hcd [ 603.303556][ T8] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 603.307541][ T8] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 603.313978][ T8] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 603.316570][ T8] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 603.324316][ T8] usb 6-1: Manufacturer: syz [ 603.327200][ T8] usb 6-1: config 0 descriptor?? [ 603.332517][ T8] igorplugusb 6-1:0.0: incorrect number of endpoints [ 605.987481][ T5981] usb 6-1: USB disconnect, device number 55 [ 607.780159][T14934] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1705'. [ 607.817528][T14936] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1706'. [ 608.666762][T14944] syz.2.1707: vmalloc error: size 2147483264, exceeds total pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 608.671860][T14944] CPU: 1 UID: 0 PID: 14944 Comm: syz.2.1707 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0 [ 608.674843][T14944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 608.677795][T14944] Call Trace: [ 608.678733][T14944] [ 608.679584][T14944] dump_stack_lvl+0x16c/0x1f0 [ 608.681008][T14944] warn_alloc+0x24d/0x3a0 [ 608.682264][T14944] ? __pfx_warn_alloc+0x10/0x10 [ 608.683688][T14944] ? hlock_class+0x4e/0x130 [ 608.684999][T14944] ? do_replace+0x23b/0x4d0 [ 608.686305][T14944] __vmalloc_node_range_noprof+0x10df/0x1530 [ 608.687981][T14944] ? __pfx___lock_acquire+0x10/0x10 [ 608.689480][T14944] ? do_replace+0x23b/0x4d0 [ 608.690785][T14944] ? __might_fault+0x13b/0x190 [ 608.692235][T14944] ? __pfx_lock_release+0x10/0x10 [ 608.693628][T14944] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 608.695344][T14944] ? lock_acquire+0x2f/0xb0 [ 608.696593][T14944] ? __might_fault+0xe3/0x190 [ 608.697907][T14944] ? __might_fault+0xe3/0x190 [ 608.699310][T14944] ? do_replace+0x23b/0x4d0 [ 608.701002][T14944] __vmalloc_noprof+0x6d/0x90 [ 608.702756][T14944] ? do_replace+0x23b/0x4d0 [ 608.704504][T14944] do_replace+0x23b/0x4d0 [ 608.706110][T14944] ? __pfx_do_replace+0x10/0x10 [ 608.707469][T14944] ? __pfx_compat_copy_ebt_replace_from_user+0x10/0x10 [ 608.709825][T14944] ? find_held_lock+0x2d/0x110 [ 608.711229][T14944] ? __pfx___cant_migrate+0x10/0x10 [ 608.712818][T14944] ? bpf_trace_run2+0x1c2/0x590 [ 608.714215][T14944] compat_do_replace+0x51a/0x750 [ 608.715679][T14944] ? bpf_trace_run2+0x2a6/0x590 [ 608.717319][T14944] ? lock_acquire.part.0+0x11b/0x380 [ 608.719368][T14944] ? __pfx_compat_do_replace+0x10/0x10 [ 608.721365][T14944] ? aa_get_newest_label+0x376/0x680 [ 608.723167][T14944] ? __pfx_aa_get_newest_label+0x10/0x10 [ 608.724773][T14944] ? bpf_lsm_capable+0x9/0x10 [ 608.726130][T14944] ? security_capable+0x7e/0x260 [ 608.727567][T14944] do_ebt_set_ctl+0x4af/0x580 [ 608.728991][T14944] ? sockopt_release_sock+0x52/0x60 [ 608.730897][T14944] ? __pfx_do_ebt_set_ctl+0x10/0x10 [ 608.732729][T14944] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 608.734563][T14944] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 608.736201][T14944] nf_setsockopt+0x8a/0xf0 [ 608.737482][T14944] ip_setsockopt+0xcb/0xf0 [ 608.738719][T14944] tcp_setsockopt+0xa4/0x100 [ 608.740090][T14944] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 608.741773][T14944] do_sock_setsockopt+0x222/0x480 [ 608.743241][T14944] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 608.744808][T14944] ? lock_acquire+0x2f/0xb0 [ 608.746079][T14944] __sys_setsockopt+0x1a0/0x230 [ 608.747428][T14944] __ia32_sys_setsockopt+0xbc/0x160 [ 608.748872][T14944] ? lockdep_hardirqs_on+0x7c/0x110 [ 608.750324][T14944] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 608.752163][T14944] __do_fast_syscall_32+0x73/0x120 [ 608.753604][T14944] do_fast_syscall_32+0x32/0x80 [ 608.754984][T14944] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 608.756662][T14944] RIP: 0023:0xf7ff0579 [ 608.757810][T14944] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 608.763399][T14944] RSP: 002b:00000000f514655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 608.765721][T14944] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000000 [ 608.767965][T14944] RDX: 0000000000000080 RSI: 0000000020000640 RDI: 00000000000001e8 [ 608.770160][T14944] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 608.772362][T14944] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 608.774522][T14944] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 608.776609][T14944] [ 608.777627][T14944] Mem-Info: [ 608.778510][T14944] active_anon:16543 inactive_anon:287 isolated_anon:0 [ 608.778510][T14944] active_file:5935 inactive_file:33520 isolated_file:0 [ 608.778510][T14944] unevictable:1791 dirty:422 writeback:0 [ 608.778510][T14944] slab_reclaimable:8054 slab_unreclaimable:60066 [ 608.778510][T14944] mapped:30350 shmem:13956 pagetables:829 [ 608.778510][T14944] sec_pagetables:318 bounce:0 [ 608.778510][T14944] kernel_misc_reclaimable:0 [ 608.778510][T14944] free:48610 free_pcp:2391 free_cma:0 [ 608.790874][T14944] Node 0 active_anon:3680kB inactive_anon:1148kB active_file:548kB inactive_file:9252kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:5160kB dirty:0kB writeback:0kB shmem:5272kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9200kB pagetables:808kB sec_pagetables:1136kB all_unreclaimable? yes [ 608.799527][T14944] Node 1 active_anon:62492kB inactive_anon:0kB active_file:23192kB inactive_file:124828kB unevictable:3628kB isolated(anon):0kB isolated(file):0kB mapped:116240kB dirty:1688kB writeback:0kB shmem:50552kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:2952kB pagetables:2508kB sec_pagetables:136kB all_unreclaimable? no [ 608.808274][T14944] Node 0 DMA free:2924kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:88kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:784kB local_pcp:184kB free_cma:0kB [ 608.815726][T14944] lowmem_reserve[]: 0 273 0 0 0 [ 608.817136][T14944] Node 0 DMA32 free:17444kB boost:0kB min:13904kB low:17380kB high:20856kB reserved_highatomic:4096KB active_anon:3592kB inactive_anon:1148kB active_file:548kB inactive_file:9252kB unevictable:3536kB writepending:0kB present:1032196kB managed:306308kB mlocked:0kB bounce:0kB free_pcp:4596kB local_pcp:2972kB free_cma:0kB [ 608.825231][T14944] lowmem_reserve[]: 0 0 0 0 0 [ 608.826563][T14944] Node 1 DMA32 free:174072kB boost:6144kB min:53288kB low:65072kB high:76856kB reserved_highatomic:0KB active_anon:62492kB inactive_anon:0kB active_file:23192kB inactive_file:124828kB unevictable:3628kB writepending:1688kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:4160kB local_pcp:560kB free_cma:0kB [ 608.834800][T14944] lowmem_reserve[]: 0 0 0 0 0 [ 608.836186][T14944] Node 0 DMA: 37*4kB (UME) 23*8kB (UME) 20*16kB (UME) 31*32kB (UME) 18*64kB (UME) 1*128kB (E) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2924kB [ 608.840374][T14944] Node 0 DMA32: 49*4kB (UMH) 62*8kB (UEH) 19*16kB (UEH) 90*32kB (UMEH) 38*64kB (UMEH) 9*128kB (UME) 5*256kB (U) 5*512kB (UM) 2*1024kB (M) 2*2048kB (UM) 0*4096kB = 17444kB [ 608.845242][T14944] Node 1 DMA32: 697*4kB (UME) 758*8kB (UME) 695*16kB (UME) 306*32kB (UME) 219*64kB (UME) 111*128kB (UME) 49*256kB (UME) 32*512kB (UME) 27*1024kB (U) 15*2048kB (U) 7*4096kB (UM) = 173956kB [ 608.850495][T14944] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 608.853231][T14944] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 608.855848][T14944] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 608.858514][T14944] Node 1 hugepages_total=6 hugepages_free=3 hugepages_surp=2 hugepages_size=2048kB [ 608.861093][T14944] 53411 total pagecache pages [ 608.862421][T14944] 0 pages in swap cache [ 608.863593][T14944] Free swap = 123940kB [ 608.864743][T14944] Total swap = 124996kB [ 608.865907][T14944] 524155 pages RAM [ 608.866949][T14944] 0 pages HighMem/MovableOnly [ 608.868236][T14944] 206675 pages reserved [ 608.869401][T14944] 0 pages cma reserved [ 609.272097][T14956] trusted_key: syz.3.1709 sent an empty control message without MSG_MORE. [ 609.681108][T14958] fuse: Bad value for 'fd' [ 609.684562][T14958] netlink: 'syz.0.1710': attribute type 4 has an invalid length. [ 609.691272][T14958] netlink: 'syz.0.1710': attribute type 4 has an invalid length. [ 609.894872][T14960] mmap: syz.0.1711 (14960) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 612.018047][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 612.631488][T15007] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1723'. [ 612.635145][T15007] batman_adv: batadv0: Removing interface: gretap1 [ 612.668351][T15007] bond0: (slave batadv0): Releasing backup interface [ 612.670558][T15007] bond0: (slave batadv0): the permanent HWaddr of slave - aa:aa:aa:aa:aa:2a - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 613.022121][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 613.103871][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 614.141844][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 614.147403][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 615.181732][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 615.185879][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 615.845334][ T39] audit: type=1326 audit(1736947522.848:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.1.1733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 615.851510][ T39] audit: type=1326 audit(1736947522.848:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.1.1733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 615.857634][ T39] audit: type=1326 audit(1736947522.848:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.1.1733" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 615.864081][ T39] audit: type=1326 audit(1736947522.848:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.1.1733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 615.870303][ T39] audit: type=1326 audit(1736947522.848:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.1.1733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 615.876680][ T39] audit: type=1326 audit(1736947522.848:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.1.1733" exe="/syz-executor" sig=0 arch=40000003 syscall=226 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 615.887411][ T39] audit: type=1326 audit(1736947522.848:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.1.1733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 615.952097][ T39] audit: type=1326 audit(1736947522.848:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.1.1733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 615.958164][ T39] audit: type=1326 audit(1736947522.848:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.1.1733" exe="/syz-executor" sig=0 arch=40000003 syscall=227 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 615.964792][ T39] audit: type=1326 audit(1736947522.848:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.1.1733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x7ffc0000 [ 616.231741][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 616.235555][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 616.571221][T15057] ata1.00: invalid multi_count 1 ignored [ 616.647487][T10937] [ 616.648526][T10937] ====================================================== [ 616.651392][T10937] WARNING: possible circular locking dependency detected [ 616.654269][T10937] 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0 Not tainted [ 616.658499][T10937] ------------------------------------------------------ [ 616.661378][T10937] kworker/3:3/10937 is trying to acquire lock: [ 616.663926][T10937] ffff8880438ca800 (&q->q_usage_counter(queue)#51){++++}-{0:0}, at: blk_mq_alloc_request+0x59b/0x950 [ 616.668299][T10937] [ 616.668299][T10937] but task is already holding lock: [ 616.671259][T10937] ffff8880438cae18 (&q->limits_lock){+.+.}-{4:4}, at: sd_revalidate_disk.isra.0+0x52c/0xa8d0 [ 616.675417][T10937] [ 616.675417][T10937] which lock already depends on the new lock. [ 616.675417][T10937] [ 616.679573][T10937] [ 616.679573][T10937] the existing dependency chain (in reverse order) is: [ 616.683182][T10937] [ 616.683182][T10937] -> #5 (&q->limits_lock){+.+.}-{4:4}: [ 616.686224][T10937] __mutex_lock+0x19b/0xa60 [ 616.688229][T10937] __nbd_set_size+0x2c0/0x730 [ 616.690232][T10937] nbd_start_device+0x8fd/0xd70 [ 616.692306][T10937] nbd_ioctl+0x21a/0xfd0 [ 616.694143][T10937] compat_blkdev_ioctl+0x2f7/0x750 [ 616.696285][T10937] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 616.698578][T10937] __do_fast_syscall_32+0x73/0x120 [ 616.700860][T10937] do_fast_syscall_32+0x32/0x80 [ 616.702491][T10937] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 616.704470][T10937] [ 616.704470][T10937] -> #4 (&q->q_usage_counter(io)#50){++++}-{0:0}: [ 616.706927][T10937] blk_mq_submit_bio+0x1fb6/0x24c0 [ 616.708545][T10937] __submit_bio+0x384/0x540 [ 616.710236][T10937] submit_bio_noacct_nocheck+0x698/0xd70 [ 616.712786][T10937] submit_bio_noacct+0x93a/0x1e20 [ 616.715086][T10937] mpage_readahead+0x41d/0x590 [ 616.717272][T10937] read_pages+0x1a8/0xdc0 [ 616.719290][T10937] page_cache_ra_unbounded+0x3dc/0x750 [ 616.721641][T10937] force_page_cache_ra+0x24b/0x340 [ 616.723934][T10937] page_cache_sync_ra+0x110/0x9c0 [ 616.726120][T10937] filemap_get_pages+0xd7b/0x1be0 [ 616.727967][T10937] filemap_read+0x3ca/0xd70 [ 616.729411][T10937] blkdev_read_iter+0x187/0x480 [ 616.730887][T10937] vfs_read+0x87f/0xbe0 [ 616.732776][T10937] ksys_read+0x12b/0x250 [ 616.734773][T10937] do_syscall_64+0xcd/0x250 [ 616.736801][T10937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.739435][T10937] [ 616.739435][T10937] -> #3 (mapping.invalidate_lock#2){++++}-{4:4}: [ 616.742354][T10937] down_read+0x9a/0x330 [ 616.743755][T10937] filemap_fault+0x2e0/0x2820 [ 616.745264][T10937] __do_fault+0x10a/0x490 [ 616.746676][T10937] do_pte_missing+0xebd/0x3e00 [ 616.748211][T10937] __handle_mm_fault+0x103c/0x2a40 [ 616.749847][T10937] handle_mm_fault+0x3fa/0xaa0 [ 616.751379][T10937] __get_user_pages+0x8d9/0x3b50 [ 616.753235][T10937] populate_vma_page_range+0x27f/0x3a0 [ 616.755685][T10937] __mm_populate+0x1d6/0x380 [ 616.757799][T10937] vm_mmap_pgoff+0x293/0x360 [ 616.759922][T10937] ksys_mmap_pgoff+0x32c/0x5c0 [ 616.762096][T10937] __do_fast_syscall_32+0x73/0x120 [ 616.764138][T10937] do_fast_syscall_32+0x32/0x80 [ 616.765755][T10937] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 616.767725][T10937] [ 616.767725][T10937] -> #2 (&mm->mmap_lock){++++}-{4:4}: [ 616.770135][T10937] __might_fault+0x11b/0x190 [ 616.772218][T10937] _copy_from_user+0x29/0xd0 [ 616.773902][T10937] compat_blk_trace_setup+0xc9/0x200 [ 616.776239][T10937] blk_trace_ioctl+0x24a/0x290 [ 616.778403][T10937] compat_blkdev_ioctl+0x13c/0x750 [ 616.780647][T10937] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 616.783054][T10937] __do_fast_syscall_32+0x73/0x120 [ 616.785349][T10937] do_fast_syscall_32+0x32/0x80 [ 616.787262][T10937] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 616.789326][T10937] [ 616.789326][T10937] -> #1 (&q->debugfs_mutex){+.+.}-{4:4}: [ 616.791660][T10937] __mutex_lock+0x19b/0xa60 [ 616.793181][T10937] blk_mq_init_sched+0x42b/0x640 [ 616.794857][T10937] elevator_init_mq+0x2cd/0x420 [ 616.796967][T10937] add_disk_fwnode+0x113/0x1300 [ 616.799164][T10937] sd_probe+0xa66/0xfa0 [ 616.801099][T10937] really_probe+0x23e/0xa90 [ 616.803190][T10937] __driver_probe_device+0x1de/0x440 [ 616.805486][T10937] driver_probe_device+0x4c/0x1b0 [ 616.807446][T10937] __device_attach_driver+0x1df/0x310 [ 616.809493][T10937] bus_for_each_drv+0x157/0x1e0 [ 616.811121][T10937] __device_attach_async_helper+0x1d3/0x290 [ 616.813033][T10937] async_run_entry_fn+0x9c/0x530 [ 616.814642][T10937] process_one_work+0x958/0x1b30 [ 616.816283][T10937] worker_thread+0x6c8/0xf00 [ 616.818212][T10937] kthread+0x2c1/0x3a0 [ 616.820086][T10937] ret_from_fork+0x45/0x80 [ 616.822037][T10937] ret_from_fork_asm+0x1a/0x30 [ 616.824147][T10937] [ 616.824147][T10937] -> #0 (&q->q_usage_counter(queue)#51){++++}-{0:0}: [ 616.826927][T10937] __lock_acquire+0x249e/0x3c40 [ 616.828860][T10937] lock_acquire.part.0+0x11b/0x380 [ 616.830661][T10937] blk_queue_enter+0x50f/0x640 [ 616.832313][T10937] blk_mq_alloc_request+0x59b/0x950 [ 616.834116][T10937] scsi_execute_cmd+0x20a/0xf30 [ 616.836021][T10937] read_capacity_16+0x21a/0xe20 [ 616.837860][T10937] sd_revalidate_disk.isra.0+0x1a06/0xa8d0 [ 616.839787][T10937] scsi_rescan_device+0x243/0x340 [ 616.841433][T10937] ata_scsi_dev_rescan+0x1cb/0x470 [ 616.843143][T10937] process_one_work+0x958/0x1b30 [ 616.844754][T10937] worker_thread+0x6c8/0xf00 [ 616.846265][T10937] kthread+0x2c1/0x3a0 [ 616.847689][T10937] ret_from_fork+0x45/0x80 [ 616.849373][T10937] ret_from_fork_asm+0x1a/0x30 [ 616.851554][T10937] [ 616.851554][T10937] other info that might help us debug this: [ 616.851554][T10937] [ 616.855650][T10937] Chain exists of: [ 616.855650][T10937] &q->q_usage_counter(queue)#51 --> &q->q_usage_counter(io)#50 --> &q->limits_lock [ 616.855650][T10937] [ 616.861703][T10937] Possible unsafe locking scenario: [ 616.861703][T10937] [ 616.864390][T10937] CPU0 CPU1 [ 616.865931][T10937] ---- ---- [ 616.867492][T10937] lock(&q->limits_lock); [ 616.868792][T10937] lock(&q->q_usage_counter(io)#50); [ 616.871546][T10937] lock(&q->limits_lock); [ 616.874368][T10937] rlock(&q->q_usage_counter(queue)#51); [ 616.876703][T10937] [ 616.876703][T10937] *** DEADLOCK *** [ 616.876703][T10937] [ 616.879836][T10937] 5 locks held by kworker/3:3/10937: [ 616.881795][T10937] #0: ffff88801ac88948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30 [ 616.884805][T10937] #1: ffffc90025e1fd80 ((work_completion)(&(&ap->scsi_rescan_task)->work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 616.888461][T10937] #2: ffff888020cf4358 (&ap->scsi_scan_mutex){+.+.}-{4:4}, at: ata_scsi_dev_rescan+0x3e/0x470 [ 616.891474][T10937] #3: ffff8880438bc378 (&dev->mutex){....}-{4:4}, at: scsi_rescan_device+0x27/0x340 [ 616.895311][T10937] #4: ffff8880438cae18 (&q->limits_lock){+.+.}-{4:4}, at: sd_revalidate_disk.isra.0+0x52c/0xa8d0 [ 616.899645][T10937] [ 616.899645][T10937] stack backtrace: [ 616.902037][T10937] CPU: 3 UID: 0 PID: 10937 Comm: kworker/3:3 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0 [ 616.906228][T10937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 616.909338][T10937] Workqueue: events ata_scsi_dev_rescan [ 616.911097][T10937] Call Trace: [ 616.912091][T10937] [ 616.913011][T10937] dump_stack_lvl+0x116/0x1f0 [ 616.914649][T10937] print_circular_bug+0x41c/0x610 [ 616.916420][T10937] check_noncircular+0x31a/0x400 [ 616.918361][T10937] ? __pfx_check_noncircular+0x10/0x10 [ 616.920223][T10937] ? __pfx_try_to_wake_up+0x10/0x10 [ 616.921761][T10937] ? lockdep_lock+0xc6/0x200 [ 616.923585][T10937] ? __pfx_lockdep_lock+0x10/0x10 [ 616.925409][T10937] __lock_acquire+0x249e/0x3c40 [ 616.927166][T10937] ? __pfx___lock_acquire+0x10/0x10 [ 616.928750][T10937] lock_acquire.part.0+0x11b/0x380 [ 616.930328][T10937] ? blk_mq_alloc_request+0x59b/0x950 [ 616.932369][T10937] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 616.934021][T10937] ? rcu_is_watching+0x12/0xc0 [ 616.935984][T10937] ? trace_lock_acquire+0x14e/0x1f0 [ 616.938110][T10937] ? blk_mq_alloc_request+0x59b/0x950 [ 616.940086][T10937] ? lock_acquire+0x2f/0xb0 [ 616.941495][T10937] ? blk_mq_alloc_request+0x59b/0x950 [ 616.943581][T10937] blk_queue_enter+0x50f/0x640 [ 616.945516][T10937] ? blk_mq_alloc_request+0x59b/0x950 [ 616.947749][T10937] ? __pfx_blk_queue_enter+0x10/0x10 [ 616.949929][T10937] ? __pfx___lock_acquire+0x10/0x10 [ 616.951720][T10937] ? add_lock_to_list+0x17d/0x390 [ 616.953202][T10937] blk_mq_alloc_request+0x59b/0x950 [ 616.954717][T10937] ? __pfx_blk_mq_alloc_request+0x10/0x10 [ 616.956784][T10937] ? bpf_trace_run2+0x266/0x590 [ 616.958822][T10937] ? __pfx___cant_migrate+0x10/0x10 [ 616.960948][T10937] ? bpf_trace_run2+0x1c2/0x590 [ 616.962979][T10937] scsi_execute_cmd+0x20a/0xf30 [ 616.964989][T10937] ? lock_acquire.part.0+0x11b/0x380 [ 616.967205][T10937] ? __mutex_trylock_common+0xea/0x250 [ 616.969537][T10937] ? __pfx_scsi_execute_cmd+0x10/0x10 [ 616.971635][T10937] ? __pfx___bpf_trace_contention_end+0x10/0x10 [ 616.974121][T10937] ? rcu_is_watching+0x12/0xc0 [ 616.976097][T10937] read_capacity_16+0x21a/0xe20 [ 616.977781][T10937] ? __pfx_read_capacity_16+0x10/0x10 [ 616.979576][T10937] ? __pfx___mutex_lock+0x10/0x10 [ 616.981500][T10937] ? __pfx_scsi_execute_cmd+0x10/0x10 [ 616.983721][T10937] sd_revalidate_disk.isra.0+0x1a06/0xa8d0 [ 616.986106][T10937] ? find_held_lock+0x2d/0x110 [ 616.988079][T10937] ? mark_held_locks+0x9f/0xe0 [ 616.990097][T10937] ? __pfx_sd_revalidate_disk.isra.0+0x10/0x10 [ 616.992643][T10937] ? kasan_save_stack+0x42/0x60 [ 616.994648][T10937] ? kasan_save_stack+0x33/0x60 [ 616.996653][T10937] ? kasan_save_track+0x14/0x30 [ 616.998619][T10937] ? kasan_save_free_info+0x3b/0x60 [ 617.000637][T10937] ? __kasan_slab_free+0x51/0x70 [ 617.002580][T10937] ? kfree+0x14f/0x4b0 [ 617.004275][T10937] ? scsi_attach_vpd+0x4dc/0x580 [ 617.006218][T10937] ? scsi_rescan_device+0xf5/0x340 [ 617.008260][T10937] ? ata_scsi_dev_rescan+0x1cb/0x470 [ 617.010363][T10937] ? process_one_work+0x958/0x1b30 [ 617.012444][T10937] ? worker_thread+0x6c8/0xf00 [ 617.014080][T10937] ? hlock_class+0x4e/0x130 [ 617.015420][T10937] ? mark_lock+0xb5/0xc60 [ 617.016681][T10937] ? mark_held_locks+0x9f/0xe0 [ 617.018070][T10937] ? kasan_quarantine_put+0x10a/0x240 [ 617.019460][T10937] ? lockdep_hardirqs_on+0x7c/0x110 [ 617.020969][T10937] ? kfree+0x14f/0x4b0 [ 617.022150][T10937] ? lockdep_hardirqs_on+0x7c/0x110 [ 617.023670][T10937] ? scsi_attach_vpd+0x4dc/0x580 [ 617.025104][T10937] ? scsi_attach_vpd+0x4dc/0x580 [ 617.026539][T10937] ? __pfx_sd_rescan+0x10/0x10 [ 617.027962][T10937] scsi_rescan_device+0x243/0x340 [ 617.029431][T10937] ata_scsi_dev_rescan+0x1cb/0x470 [ 617.031117][T10937] process_one_work+0x958/0x1b30 [ 617.032562][T10937] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 617.034297][T10937] ? __pfx_process_one_work+0x10/0x10 [ 617.036081][T10937] ? rcu_is_watching+0x12/0xc0 [ 617.037550][T10937] ? assign_work+0x1a0/0x250 [ 617.038969][T10937] worker_thread+0x6c8/0xf00 [ 617.040365][T10937] ? __kthread_parkme+0x148/0x220 [ 617.041943][T10937] ? __pfx_worker_thread+0x10/0x10 [ 617.043481][T10937] kthread+0x2c1/0x3a0 [ 617.044700][T10937] ? _raw_spin_unlock_irq+0x23/0x50 [ 617.046252][T10937] ? __pfx_kthread+0x10/0x10 [ 617.047643][T10937] ret_from_fork+0x45/0x80 [ 617.048967][T10937] ? __pfx_kthread+0x10/0x10 [ 617.050345][T10937] ret_from_fork_asm+0x1a/0x30 [ 617.051856][T10937] [ 617.261776][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 617.266190][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 618.301739][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 619.341953][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 620.381799][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 623.264449][ T1412] ieee802154 phy1 wpan1: encryption failed: -22 [ 623.422036][ C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 624.461797][ C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration VM DIAGNOSIS: 13:25:20 Registers: info registers vcpu 0 CPU#0 RAX=0000000080010000 RBX=0000000000000001 RCX=ffffffff8145bd26 RDX=ffff8880259dc880 RSI=ffffffff8145be3a RDI=0000000000000001 RBP=0000000000000000 RSP=ffffc90020e2fe58 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8145be3a RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002efefff8 CR3=0000000067562000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000001000008fd RBX=ffff8880259dc880 RCX=0000000000000830 RDX=0000000000000001 RSI=00000000000000fd RDI=0000000000000001 RBP=0000000000000008 RSP=ffffc90020e1f610 R8 =0000000000000000 R9 =fffffbfff2039eda R10=ffffffff901cf6d7 R11=000000000000005f R12=0000000000000003 R13=1ffff920041c3ec3 R14=0000000000000000 R15=ffffc90020e1f638 RIP=ffffffff8147a098 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002002c000 CR3=0000000067562000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff888012f8c880 RCX=ffff88802b63fb28 RDX=0000000000000001 RSI=ffff888012f8c880 RDI=ffff88802b63ee78 RBP=ffff88802b63ed00 RSP=ffffc9002131f8e8 R8 =0000000000000000 R9 =ffffed10025f1910 R10=ffff888012f8c887 R11=0000000000000000 R12=0000000000000009 R13=ffff888012f8cdfc R14=ffffffff818cfd61 R15=ffff88802b63ed00 RIP=ffffffff816d3014 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002f1efffc CR3=00000000775aa000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000000d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85145e25 RDI=ffffffff9a66a200 RBP=ffffffff9a66a1c0 RSP=ffffc90025e1ea60 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e33312e36 R12=0000000000000000 R13=000000000000000d R14=ffffffff85145dc0 R15=0000000000000000 RIP=ffffffff85145e4f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c290f6f CR3=0000000021f9c000 CR4=00352ef0 DR0=0000000000000000 DR1=000000000000000a DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000feffff00 Opmask01=000000000000007f Opmask02=00000000fffeff7f Opmask03=0000002008080010 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 75cef5e28fc74257 5ec0398d6357237d ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d5504635496f7be2 4ff4052f19eb74c7 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 27438ad026b9db1e 08ab0afc416a2a24 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a0cd1b54c8a831f8 acf1d94c5f080620 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000004300 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000001 be00800100000001 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7679e8be7679f794 7679ff0b00000001 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a0080017679ec9b 000000012a008001 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7679fba5f4008001 ce0080017679e3ef ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2ccdbb44108a75c4 e86ec6ee624ae278 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 633db083163fec8c 4cc826b8abbd4569 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 722f766564752f62 696c2f7273752f00 534b4e494c564544 00454d414e564544 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d003d454d 414e564544003d58 45444e494649003d 4550595456454400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d0018454d 414e564544001858 45444e4946490018 4550595456454400 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000f1 00000000302e7465 676461672d776172 2f73726576697264 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000563100636475 0000000000000021 0000000000000032 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8f5132513343927a 000056310f4096c4 0000000000000051 0000527a9d7d9877 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 383a3a263d383a3a 263c383a3a263f38 3a3a263e383a3a26 39383a3a2638383a ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000