last executing test programs: 3.632417328s ago: executing program 2 (id=780): ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}}) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x12, 0x7, 0x8, 0x8000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (fail_nth: 82) 2.501569221s ago: executing program 3 (id=790): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000e3f200000000000000020000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0xa, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000016c0), 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = syz_clone(0x800c000, &(0x7f0000001480)="627807434619734911420e123cb6f44fb54d82f86f3720b1d5ecd9651a9fcb2a1c358b9cd99a9da0b00953486764e0c7d13faa0d43ad3164e14aa9d4eafc2ae39ce2be18d63433b7dfc78608200e69639ab1530087488555d6d92591d54b3a4b2d398d9c826367e94ff87e48b5c84c384e4da2242cd7402f8ed7ca62f2bc83f74a833985f857aea120980634d28db59881240ddcdb80ae6800e45e612019d9a17a04", 0xa2, 0x0, 0x0, 0x0) kcmp(r0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000340), 0x9, 0x10000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) syz_open_dev$sg(&(0x7f0000000040), 0x2, 0x81) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$TCFLSH(r6, 0x400455c8, 0x2) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000040)) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000340)) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000180)) ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0)) write$binfmt_script(r4, &(0x7f0000000100), 0xfecc) set_mempolicy(0x4005, &(0x7f0000000080)=0x41, 0xb) 1.881197882s ago: executing program 2 (id=791): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, &(0x7f0000000040)=0x7, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x4000, @mcast1}, 0x1c) 1.880758215s ago: executing program 2 (id=792): r0 = socket$inet(0x2, 0x3, 0x6) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000140)={0x1, @raw_data="178a15c8865801935f7b18e6baf018fe788044b4ef4821c48117330756d882b27618fecf6c65b2acf5cc1590b4af5f940138dbcc0274bc7ceee640d1cff01120e413cdefabd5849e5fc78edd49042eb9a9e2f5ad67bccfdaf8bc6df1dedc84c34a90b1eab577f39d3945f5cbf9c588def073ba78b2baeac52e166eda504a6e1f29b66f5cee5881b9e5788d62cb8d46055c7519ccb0a2c5d4b3a9dc84439597985c84ff09a735585718d8921958ca85096278d8a3daf1a1ecc6740b3dbf965dc817880963a2a82b07"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}]}, 0x4c}}, 0x0) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) sendmsg$inet(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)='/', 0x1}], 0x1}, 0x0) recvmmsg(r3, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x10, 0x2, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="d4010000200000001800000000000000002000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c00000000000000000f883816814100000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0080007f0000c10000000800000000005000"/28, @ANYRES32=0x0, @ANYBLOB="7f000001ac141400000000011c0e0000000000000000000007006fc946f1f569c01801"], 0x230}, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000001880)={'wg1\x00'}) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) syslog(0x2, &(0x7f0000006900)=""/91, 0x5b) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x207f, 0x4) gettid() 1.501493684s ago: executing program 3 (id=795): mknod$loop(&(0x7f0000000100)='./file0\x00', 0x80, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) openat$cachefiles(0xffffff9c, &(0x7f0000000080), 0x200000, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc048aeca, &(0x7f0000000280)=ANY=[]) 1.280314129s ago: executing program 3 (id=796): io_setup(0x5, &(0x7f0000000e80)=0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_io_uring_setup(0x4, &(0x7f0000000580), &(0x7f0000000080), 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000001580)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0x0, r1, &(0x7f0000000080)="8c", 0x1, 0x0, 0x0, 0x1008}]) 1.091313231s ago: executing program 3 (id=797): sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) r0 = mq_open(&(0x7f0000000200)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\xff\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x911z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafah\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\xd4\xe6\x95\x7fC\x82JRi\xa2\xf9\xd9^\xc8\x8fR\xb9\xabf\x16\xe6p\xd92x\xefr\xc3]$\xc8\xf1\"\xecszs,\x8e\x06\x96\xcb\x13\xe2x\x83\f\x85\xfa\x1c\xa5)\xb4\xbd\x1b\xd6$\x16\xf7\xad\xf7\xf2>R=V\xf8\xd1\x1c$_\x8103R~\x8fB\n\xbd\x86\xffO\x1c\xea\x83\x88\xf7\xddN\x04D\xb3\x04a(\x0e\xaf\xfe\xf7\xb1\xe8\x037\xa6]e\xf0\xa3\x9c}\x7f\x9a\xf3 \xf6|\x94|[\xda\x99\x8bt\x9d\xb31!\x96:\t\xb2\xe0\x8f\xa5\xd2\xed\t.\xcef\xbc2P\x9d\x86\xfd\x00n\xa0\xb2\xb3U\xd2\xaf\x80@\xaa\xb8\x83E+\xda\xea', 0x42, 0x0, 0x0) mq_timedsend(r0, &(0x7f0000000600)='m', 0xfffffffffffffdd8, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "a05c7b5d00008023e9c5bcf5ff7700"}) r1 = syz_open_pts(0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(0xffffffffffffffff, 0x0, 0x0) fspick(r2, &(0x7f00000002c0)='.\x00', 0x8) dup3(r1, 0xffffffffffffffff, 0x0) mlockall(0x1) syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8}}, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x5, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000240)={0x0, 0x3, &(0x7f00000001c0)={&(0x7f0000000040)={0x2c, r4, 0x1, 0x0, 0x0, {0x27}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x40005504, 0x0) 955.718417ms ago: executing program 0 (id=799): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="30000000190001000000000003000000021800000000ff000000000008000100ac1414000c0009"], 0x30}}, 0x0) 831.847091ms ago: executing program 0 (id=800): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x7, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200000100000085000000860000009500"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0xe, 0x0, &(0x7f00000004c0)="0000000000005eefc9bb9fd186dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 831.35351ms ago: executing program 2 (id=801): syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/l2cap\x00') fchdir(r0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffd) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(r0, &(0x7f0000000300)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) move_pages(r2, 0x1, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0, 0x0, 0x7}, 0x18) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b88f8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b705000008000000a5000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ptrace$getregset(0x4205, r3, 0x1, &(0x7f0000000080)={&(0x7f00000000c0)=""/120, 0x78}) 757.307715ms ago: executing program 0 (id=802): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x6c}}, 0x0) r1 = syz_open_dev$loop(&(0x7f000001f0c0), 0xd, 0x8000) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) 691.70694ms ago: executing program 0 (id=804): mknod$loop(&(0x7f0000000100)='./file0\x00', 0x80, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) openat$cachefiles(0xffffff9c, &(0x7f0000000080), 0x200000, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc048aeca, &(0x7f0000000280)=ANY=[]) 561.650637ms ago: executing program 0 (id=808): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg$unix(r1, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000740)=""/123, 0x7b}, {&(0x7f0000000940)=""/104, 0x68}], 0x2}, 0xfff0}], 0x1, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000800)=@can_delroute={0x134, 0x19, 0x0, 0x0, 0x0, {}, [@CGW_CS_CRC8={0x11e, 0x6, {0x0, 0x0, 0x0, 0x0, 0x0, "ef1598caf0530909b7953ca6d1ec326a6042c0af739f8299aa8f46e9646111e1374303bc80237a4d0f839fab63861c7031c5d8c84d67f7e5205030ca3dc72423b51fea5db59677a57ce8bd3b3ff5e2d9d603dc1523fa43a5c6e084b6a535b0875b05b9f9a5b473e07f60b9634810f7bc1664464cc5465ea017e2abc56a47c0f67a707c23d3d5e480bbbbcfd4b47a40636dd6a18bf5e7f0a1bac203dfeab20b1a111616fb98010b09fa55cb37cba2a54907681bca660148fed75b3c414a323d74a2459eda731e29572e604b68a337d21e56f80a85b69967df146f66eebdd215173dc85416d021c34c9e826d723cbd113fe135bae0032b9cb804b14679a2c2a741", 0x0, "0ef2ad490734a2e20338c270fc9545f6aa0b2ba5"}}]}, 0x134}}, 0x0) 498.486665ms ago: executing program 1 (id=810): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r2) getsockname$packet(r2, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0xf1d, 0x1, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xc}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}, 0x1, 0x0, 0x1000000}, 0x0) 492.936305ms ago: executing program 2 (id=811): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10) listen(r2, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) set_mempolicy(0x2, &(0x7f0000000080)=0x4716, 0x3) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000800000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) creat(&(0x7f0000000140)='./file0\x00', 0x50) socket$nl_route(0x10, 0x3, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @dev}, 0x10) pipe2$9p(&(0x7f0000000cc0), 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000)) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, &(0x7f0000000100)='\x00') 485.387406ms ago: executing program 0 (id=812): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000800), 0x123000, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) recvmmsg(0xffffffffffffffff, &(0x7f00000062c0)=[{{0x0, 0x0, 0x0}, 0xfff}, {{0x0, 0x0, &(0x7f0000006180)}, 0x5}], 0x2, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)=0x74000000) syz_io_uring_setup(0x237, &(0x7f0000000300)={0x0, 0xf1f9, 0x100, 0x3, 0x40}, 0x0, 0x0) write$dsp(r0, &(0x7f0000002000)='`', 0x88020) (fail_nth: 72) 391.792168ms ago: executing program 1 (id=813): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}, 0x1, 0x0, 0x3f}, 0x0) 335.020331ms ago: executing program 1 (id=814): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) listen(r1, 0x1) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef) 171.554522ms ago: executing program 1 (id=815): r0 = socket(0x840000000002, 0x3, 0xff) connect$inet(r0, &(0x7f0000000540)={0x2, 0x0, @dev}, 0x10) ioctl$IMGETCOUNT(r0, 0x80044943, &(0x7f0000000000)) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}, 0xfffffdef}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=[@ip_retopts={{0xc}}, @ip_retopts={{0x14, 0x0, 0x7, {[@timestamp={0x44, 0x4, 0x69, 0x0, 0x4}, @timestamp_prespec={0x44, 0x4, 0x56, 0x3, 0x4}]}}}], 0x20}}], 0x2, 0x401eb94) 166.880707ms ago: executing program 3 (id=816): mknod$loop(&(0x7f0000000100)='./file0\x00', 0x80, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x58) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc048aeca, &(0x7f0000000280)=ANY=[]) 61.636505ms ago: executing program 1 (id=817): r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x40, 0x0) (async) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000040)={0xc, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000140)={0x48, 0x1, r1, 0x0, 0x40, 0x800}) mount(0x0, &(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)='virtiofs\x00', 0x0, &(0x7f0000000100)='&@,,') 1.289092ms ago: executing program 3 (id=818): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$l2tp(0x2, 0x2, 0x73) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f0000000100)) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) connect$inet(r3, &(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10) openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x11) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000340), 0x8a800, 0x0) bind$l2tp(r1, &(0x7f00000000c0)={0x2, 0x0, @empty}, 0x10) sendto$l2tp(r1, &(0x7f0000000040)="e5786a0d000000000000c83b", 0xc, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10) r4 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CALIPSO_C_REMOVE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x1c, r4, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004800}, 0x4) 617.508µs ago: executing program 1 (id=819): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x17, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018010000786c6c0a00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000140)={0x0, 0x7530}, 0x10) connect$llc(r3, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000002380)=""/102389, 0x18ff5}], 0x1, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r4 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r5 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0), 0x10) r6 = openat$cdrom(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$DVD_AUTH(r6, 0x5390, &(0x7f00000000c0)=@lsk={0x0, 0x0, "dd86b2d709"}) keyctl$link(0x8, r4, 0x0) r7 = add_key$keyring(0x0, &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) fchdir(r5) r8 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r7) keyctl$restrict_keyring(0x1d, r8, 0x0, 0x0) keyctl$KEYCTL_MOVE(0x1e, r4, r4, r8, 0x0) r9 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) ioctl$BLKTRACESETUP(r9, 0xc0401273, &(0x7f0000000000)={'\x00', 0x0, 0x2, 0x4, 0xfffffffffffffffd, 0x8000000000000004}) ioctl$BLKTRACESTART(r9, 0x1274, 0x0) r10 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="0d01000009000008250592d20700006a3b010902241700fa0074980904e4ff11070103000905010200ffe0000009058202"], 0x0) syz_usb_control_io(r10, 0x0, &(0x7f0000000200)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r10) r11 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[], 0x0) syz_usb_control_io$hid(r11, 0x0, 0x0) 0s ago: executing program 2 (id=820): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x17, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018010000786c6c0a00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000140)={0x0, 0x7530}, 0x10) connect$llc(r3, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000002380)=""/102389, 0x18ff5}], 0x1, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r4 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r5 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0), 0x10) r6 = openat$cdrom(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$DVD_AUTH(r6, 0x5390, &(0x7f00000000c0)=@lsk={0x0, 0x0, "dd86b2d709"}) keyctl$link(0x8, r4, 0x0) r7 = add_key$keyring(0x0, &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) fchdir(r5) r8 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r7) keyctl$restrict_keyring(0x1d, r8, 0x0, 0x0) keyctl$KEYCTL_MOVE(0x1e, r4, r4, r8, 0x0) r9 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) ioctl$BLKTRACESETUP(r9, 0xc0401273, &(0x7f0000000000)={'\x00', 0x0, 0x2, 0x4, 0xfffffffffffffffd, 0x8000000000000004}) ioctl$BLKTRACESTART(r9, 0x1274, 0x0) r10 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="0d01000009000008250592d20700006a3b010902241700fa0074980904e4ff11070103000905010200ffe0000009058202"], 0x0) syz_usb_control_io(r10, 0x0, &(0x7f0000000200)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r10) syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) kernel console output (not intermixed with test programs): e0 [ 57.024944][ T6292] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 57.027748][ T6292] ? crng_make_state+0x27d/0x6d0 [ 57.029676][ T6292] ip_route_output_flow+0x27/0x150 [ 57.031830][ T6292] sctp_v4_get_dst+0x43d/0x12d0 [ 57.033735][ T6292] ? crng_make_state+0x46e/0x6d0 [ 57.035382][ T6292] ? lockdep_hardirqs_on+0x7c/0x110 [ 57.037062][ T6292] ? crng_make_state+0x48e/0x6d0 [ 57.038463][ T6292] ? __pfx_sctp_v4_get_dst+0x10/0x10 [ 57.039987][ T6292] ? rcu_is_watching+0x12/0xc0 [ 57.041459][ T6292] ? sctp_transport_route+0x12e/0x350 [ 57.043354][ T6292] sctp_transport_route+0x12e/0x350 [ 57.045328][ T6292] sctp_assoc_add_peer+0x743/0x14b0 [ 57.047197][ T6292] sctp_connect_new_asoc+0x209/0x790 [ 57.049020][ T6292] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 57.051091][ T6292] ? mark_held_locks+0x9f/0xe0 [ 57.053059][ T6292] ? sctp_sendmsg+0x112f/0x1f10 [ 57.054766][ T6292] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 57.056783][ T6292] sctp_sendmsg+0x162a/0x1f10 [ 57.058450][ T6292] ? __pfx___lock_acquire+0x10/0x10 [ 57.060626][ T6292] ? __pfx_sctp_sendmsg+0x10/0x10 [ 57.062758][ T6292] ? __pfx___might_resched+0x10/0x10 [ 57.065090][ T6292] ? __pfx_aa_sk_perm+0x10/0x10 [ 57.066936][ T6292] ? __import_iovec+0x1f2/0x6d0 [ 57.068913][ T6292] ? __pfx_sctp_sendmsg+0x10/0x10 [ 57.070725][ T6292] inet_sendmsg+0x119/0x140 [ 57.072354][ T6292] ____sys_sendmsg+0x907/0xb40 [ 57.074101][ T6292] ? __pfx_____sys_sendmsg+0x10/0x10 [ 57.076130][ T6292] ? get_compat_msghdr+0x11b/0x170 [ 57.077892][ T6292] ? __pfx___lock_acquire+0x10/0x10 [ 57.079714][ T6292] ___sys_sendmsg+0x135/0x1e0 [ 57.081594][ T6292] ? __pfx____sys_sendmsg+0x10/0x10 [ 57.083577][ T6292] ? lock_acquire+0x2f/0xb0 [ 57.085848][ T6292] ? __fget_files+0x40/0x3f0 [ 57.087905][ T6292] ? fdget+0x176/0x210 [ 57.089692][ T6292] __sys_sendmmsg+0x2a5/0x450 [ 57.091551][ T6292] ? __pfx___sys_sendmmsg+0x10/0x10 [ 57.093201][ T6292] ? vfs_write+0x306/0x1150 [ 57.094556][ T6292] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 57.096345][ T6292] ? fput+0x30/0x390 [ 57.097472][ T6292] ? ksys_write+0x1ad/0x260 [ 57.098742][ T6292] ? __pfx_ksys_write+0x10/0x10 [ 57.100263][ T6292] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 57.102028][ T6292] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 57.104274][ T6292] __do_fast_syscall_32+0x73/0x120 [ 57.106105][ T6292] do_fast_syscall_32+0x32/0x80 [ 57.108075][ T6292] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 57.110487][ T6292] RIP: 0023:0xf7f03579 [ 57.111895][ T6292] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 57.119284][ T6292] RSP: 002b:00000000f568655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 57.122520][ T6292] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020001680 [ 57.125931][ T6292] RDX: 0000000000000001 RSI: 00000000000000fc RDI: 0000000000000000 [ 57.129018][ T6292] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 57.131922][ T6292] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 57.134936][ T6292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 57.137866][ T6292] [ 57.151612][ T830] cdc_ncm 6-1:1.0: bind() failure [ 57.158630][ T830] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 57.161175][ T830] cdc_ncm 6-1:1.1: bind() failure [ 57.169551][ T830] usb 6-1: USB disconnect, device number 2 [ 57.247421][ T64] IPVS: starting estimator thread 0... [ 57.249719][ T6298] tipc: Started in network mode [ 57.252428][ T6298] tipc: Node identity ac1414aa, cluster identity 4711 [ 57.256550][ T6298] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 57.262361][ T6298] tipc: Enabled bearer , priority 10 [ 57.341556][ T6299] IPVS: using max 35 ests per chain, 84000 per kthread [ 57.391408][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 57.530060][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 57.680029][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 57.778076][ T6310] netlink: 76 bytes leftover after parsing attributes in process `syz.1.103'. [ 57.830002][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 57.857754][ T830] IPVS: starting estimator thread 0... [ 57.904547][ T6319] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 57.940298][ T6315] IPVS: using max 35 ests per chain, 84000 per kthread [ 57.980003][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 58.130079][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 58.307767][ T1865] tipc: Node number set to 2886997162 [ 58.410028][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 58.435019][ T6335] FAULT_INJECTION: forcing a failure. [ 58.435019][ T6335] name failslab, interval 1, probability 0, space 0, times 0 [ 58.440041][ T6335] CPU: 1 UID: 0 PID: 6335 Comm: syz.3.110 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 58.443894][ T6335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.447963][ T6335] Call Trace: [ 58.449234][ T6335] [ 58.450332][ T6335] dump_stack_lvl+0x16c/0x1f0 [ 58.452088][ T6335] should_fail_ex+0x497/0x5b0 [ 58.454231][ T6335] ? fs_reclaim_acquire+0xae/0x150 [ 58.456055][ T6335] should_failslab+0xc2/0x120 [ 58.457811][ T6335] __kmalloc_noprof+0xcb/0x410 [ 58.459550][ T6335] io_alloc_async_data+0x9d/0x150 [ 58.461482][ T6335] io_prep_rw+0x30d/0xb70 [ 58.463260][ T6335] io_submit_sqes+0x8aa/0x2530 [ 58.465410][ T6335] __do_sys_io_uring_enter+0xc0f/0x1170 [ 58.467966][ T6335] ? __pfx___schedule+0x10/0x10 [ 58.470312][ T6335] ? __fget_files+0x244/0x3f0 [ 58.472202][ T6335] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 58.473794][ T6335] ? fput+0x30/0x390 [ 58.475034][ T6335] ? ksys_write+0x1ad/0x260 [ 58.476290][ T6335] __do_fast_syscall_32+0x73/0x120 [ 58.477640][ T6335] do_fast_syscall_32+0x32/0x80 [ 58.478926][ T6335] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 58.480602][ T6335] RIP: 0023:0xf748e579 [ 58.481681][ T6335] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 58.486986][ T6335] RSP: 002b:00000000f573455c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa [ 58.489325][ T6335] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000000047f6 [ 58.491514][ T6335] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 58.493724][ T6335] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 58.495789][ T6335] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 58.497897][ T6335] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 58.499961][ T6335] [ 58.679982][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 59.163705][ T6345] input: syz1 as /devices/virtual/input/input7 [ 59.167838][ T6348] netlink: 4 bytes leftover after parsing attributes in process `syz.3.115'. [ 59.231255][ T6345] netlink: 4 bytes leftover after parsing attributes in process `syz.2.114'. [ 59.772639][ T6363] FAULT_INJECTION: forcing a failure. [ 59.772639][ T6363] name failslab, interval 1, probability 0, space 0, times 0 [ 59.776303][ T6363] CPU: 3 UID: 0 PID: 6363 Comm: syz.1.120 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 59.779106][ T6363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.781973][ T6363] Call Trace: [ 59.782856][ T6363] [ 59.783647][ T6363] dump_stack_lvl+0x16c/0x1f0 [ 59.785251][ T6363] should_fail_ex+0x497/0x5b0 [ 59.786589][ T6363] ? fs_reclaim_acquire+0xae/0x150 [ 59.788515][ T6363] should_failslab+0xc2/0x120 [ 59.789901][ T6363] __kmalloc_noprof+0xcb/0x410 [ 59.791709][ T6363] ? mark_lock+0xb5/0xc60 [ 59.793032][ T6363] ip_options_get+0xa7/0x440 [ 59.795050][ T6363] ? stack_trace_save+0x95/0xd0 [ 59.796822][ T6363] ? __pfx_ip_options_get+0x10/0x10 [ 59.798503][ T6363] ? stack_depot_save_flags+0x28/0x900 [ 59.800320][ T6363] ? hlock_class+0x4f/0x130 [ 59.801815][ T6363] ? sock_kmalloc+0x111/0x170 [ 59.803368][ T6363] ip_cmsg_send+0x953/0xba0 [ 59.805163][ T6363] ? hlock_class+0x4f/0x130 [ 59.806670][ T6363] raw_sendmsg+0xebb/0x3ad0 [ 59.808206][ T6363] ? __pfx_raw_sendmsg+0x10/0x10 [ 59.809779][ T6363] ? find_held_lock+0x2d/0x110 [ 59.811327][ T6363] ? __might_fault+0x13b/0x190 [ 59.812967][ T6363] ? trace_lock_acquire+0x14a/0x1d0 [ 59.814975][ T6363] ? __pfx___might_resched+0x10/0x10 [ 59.816713][ T6363] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 59.818396][ T6363] ? __pfx_aa_sk_perm+0x10/0x10 [ 59.819805][ T6363] ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10 [ 59.822200][ T6363] ? __pfx_raw_sendmsg+0x10/0x10 [ 59.823587][ T6363] ? inet_sendmsg+0x119/0x140 [ 59.824893][ T6363] inet_sendmsg+0x119/0x140 [ 59.826179][ T6363] ____sys_sendmsg+0x907/0xb40 [ 59.827563][ T6363] ? __pfx_____sys_sendmsg+0x10/0x10 [ 59.828931][ T6363] ? get_compat_msghdr+0x11b/0x170 [ 59.830234][ T6363] ? __pfx___lock_acquire+0x10/0x10 [ 59.831565][ T6363] ___sys_sendmsg+0x135/0x1e0 [ 59.832861][ T6363] ? __pfx____sys_sendmsg+0x10/0x10 [ 59.834191][ T6363] ? lock_acquire+0x2f/0xb0 [ 59.835404][ T6363] ? __fget_files+0x40/0x3f0 [ 59.836831][ T6363] ? __pfx___might_resched+0x10/0x10 [ 59.838194][ T6363] ? fdget+0x176/0x210 [ 59.839401][ T6363] __sys_sendmmsg+0x2a5/0x450 [ 59.840775][ T6363] ? __pfx___sys_sendmmsg+0x10/0x10 [ 59.842096][ T6363] ? vfs_write+0x306/0x1150 [ 59.843453][ T6363] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 59.845401][ T6363] ? fput+0x30/0x390 [ 59.846708][ T6363] ? ksys_write+0x1ad/0x260 [ 59.848445][ T6363] ? __pfx_ksys_write+0x10/0x10 [ 59.850097][ T6363] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 59.851994][ T6363] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 59.853853][ T6363] __do_fast_syscall_32+0x73/0x120 [ 59.855219][ T6363] do_fast_syscall_32+0x32/0x80 [ 59.856704][ T6363] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 59.858363][ T6363] RIP: 0023:0xf73fe579 [ 59.859451][ T6363] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 59.864629][ T6363] RSP: 002b:00000000f56e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 59.866813][ T6363] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000400 [ 59.869265][ T6363] RDX: 0000000000000002 RSI: 000000000401eb94 RDI: 0000000000000000 [ 59.871452][ T6363] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 59.873892][ T6363] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 59.876088][ T6363] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 59.878459][ T6363] [ 59.888584][ T6366] FAULT_INJECTION: forcing a failure. [ 59.888584][ T6366] name failslab, interval 1, probability 0, space 0, times 0 [ 59.895504][ T6366] CPU: 2 UID: 0 PID: 6366 Comm: syz.2.121 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 59.898506][ T6366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.901324][ T6366] Call Trace: [ 59.902225][ T6366] [ 59.903021][ T6366] dump_stack_lvl+0x16c/0x1f0 [ 59.904364][ T6366] should_fail_ex+0x497/0x5b0 [ 59.906149][ T6366] ? fs_reclaim_acquire+0xae/0x150 [ 59.908445][ T6366] should_failslab+0xc2/0x120 [ 59.911130][ T6366] __kmalloc_noprof+0xcb/0x410 [ 59.913412][ T6366] lsm_blob_alloc+0x68/0x90 [ 59.915610][ T6366] security_prepare_creds+0x30/0x270 [ 59.917492][ T6366] prepare_creds+0x53e/0x750 [ 59.919101][ T6366] ? find_held_lock+0x2d/0x110 [ 59.920816][ T6366] ovl_fill_super+0x1df/0x6970 [ 59.922363][ T6366] ? shrinker_register+0x154/0x260 [ 59.923934][ T6366] ? __pfx_lock_release+0x10/0x10 [ 59.925514][ T6366] ? trace_contention_end+0xea/0x140 [ 59.926985][ T6366] ? __mutex_lock+0x1a6/0x9c0 [ 59.928355][ T6366] ? __pfx___mutex_lock+0x10/0x10 [ 59.930074][ T6366] ? __pfx_ovl_fill_super+0x10/0x10 [ 59.931832][ T6366] ? lockdep_init_map_type+0x16d/0x7d0 [ 59.933588][ T6366] ? lockdep_init_map_type+0x16d/0x7d0 [ 59.934967][ T6366] ? __init_swait_queue_head+0xca/0x150 [ 59.936483][ T6366] ? shrinker_register+0x1a8/0x260 [ 59.938172][ T6366] ? sget_fc+0x488/0xb90 [ 59.939640][ T6366] ? __pfx_ovl_fill_super+0x10/0x10 [ 59.941266][ T6366] ? get_tree_nodev+0xda/0x190 [ 59.942864][ T6366] get_tree_nodev+0xda/0x190 [ 59.944229][ T6366] vfs_get_tree+0x8f/0x380 [ 59.945518][ T6366] path_mount+0x6e1/0x1f10 [ 59.946700][ T6366] ? kmem_cache_free+0x152/0x4b0 [ 59.948001][ T6366] ? __pfx_path_mount+0x10/0x10 [ 59.949597][ T6366] ? putname+0x12e/0x170 [ 59.951082][ T6366] __ia32_sys_mount+0x292/0x310 [ 59.952528][ T6366] ? __pfx___ia32_sys_mount+0x10/0x10 [ 59.954007][ T6366] __do_fast_syscall_32+0x73/0x120 [ 59.955534][ T6366] do_fast_syscall_32+0x32/0x80 [ 59.956985][ T6366] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 59.958854][ T6366] RIP: 0023:0xf749e579 [ 59.960070][ T6366] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 59.965229][ T6366] RSP: 002b:00000000f578655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 59.967671][ T6366] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 59.970612][ T6366] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000020000180 [ 59.973487][ T6366] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 59.976105][ T6366] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 59.978701][ T6366] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 59.981289][ T6366] [ 61.107512][ T6395] FAULT_INJECTION: forcing a failure. [ 61.107512][ T6395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 61.111609][ T6395] CPU: 0 UID: 0 PID: 6395 Comm: syz.2.129 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 61.114416][ T6395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.117585][ T6395] Call Trace: [ 61.118718][ T6395] [ 61.119568][ T6395] dump_stack_lvl+0x16c/0x1f0 [ 61.120843][ T6395] should_fail_ex+0x497/0x5b0 [ 61.121113][ T5951] Bluetooth: hci3: command 0x0419 tx timeout [ 61.122091][ T6395] _copy_from_user+0x2e/0xd0 [ 61.125632][ T6395] snd_pcm_oss_write2+0x1c6/0x3f0 [ 61.127162][ T6395] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 61.129123][ T6395] ? snd_pcm_kernel_ioctl+0x257/0x2d0 [ 61.130791][ T6395] ? snd_pcm_oss_prepare+0x11e/0x220 [ 61.132462][ T6395] snd_pcm_oss_write+0x727/0xa00 [ 61.133933][ T6395] ? rw_verify_area+0xd0/0x700 [ 61.135200][ T6395] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 61.136628][ T6395] vfs_write+0x24c/0x1150 [ 61.137734][ T6395] ? __fget_files+0x23a/0x3f0 [ 61.139238][ T6395] ? __pfx_lock_release+0x10/0x10 [ 61.140837][ T6395] ? trace_lock_acquire+0x14a/0x1d0 [ 61.142736][ T6395] ? __pfx_vfs_write+0x10/0x10 [ 61.144337][ T6395] ? lock_acquire+0x2f/0xb0 [ 61.145955][ T6395] ? __fget_files+0x40/0x3f0 [ 61.147686][ T6395] ? __fget_files+0x244/0x3f0 [ 61.149740][ T6395] ksys_write+0x12f/0x260 [ 61.151673][ T6395] ? __pfx_ksys_write+0x10/0x10 [ 61.154392][ T6395] __do_fast_syscall_32+0x73/0x120 [ 61.157078][ T6395] do_fast_syscall_32+0x32/0x80 [ 61.159522][ T6395] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 61.161839][ T6395] RIP: 0023:0xf749e579 [ 61.162988][ T6395] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 61.168309][ T6395] RSP: 002b:00000000f576555c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 61.170915][ T6395] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020002000 [ 61.173031][ T6395] RDX: 0000000000088020 RSI: 0000000000000000 RDI: 0000000000000000 [ 61.175233][ T6395] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 61.177091][ T6395] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 61.179269][ T6395] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 61.181602][ T6395] [ 62.146618][ T6400] 9pnet_fd: Insufficient options for proto=fd [ 62.311827][ C0] net_ratelimit: 3 callbacks suppressed [ 62.311845][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 62.397557][ T6413] FAULT_INJECTION: forcing a failure. [ 62.397557][ T6413] name failslab, interval 1, probability 0, space 0, times 0 [ 62.402333][ T6413] CPU: 3 UID: 0 PID: 6413 Comm: syz.1.134 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 62.406322][ T6413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 62.411482][ T6413] Call Trace: [ 62.412986][ T6413] [ 62.414332][ T6413] dump_stack_lvl+0x16c/0x1f0 [ 62.416389][ T6413] should_fail_ex+0x497/0x5b0 [ 62.418425][ T6413] ? fs_reclaim_acquire+0xae/0x150 [ 62.420603][ T6413] should_failslab+0xc2/0x120 [ 62.422362][ T6413] __kmalloc_noprof+0xcb/0x410 [ 62.423996][ T6413] ? mark_held_locks+0x9f/0xe0 [ 62.425410][ T6413] sock_kmalloc+0x111/0x170 [ 62.426909][ T6413] hash_recvmsg+0x501/0xa50 [ 62.428227][ T6413] ? trace_lock_acquire+0x14a/0x1d0 [ 62.429874][ T6413] ____sys_recvmsg+0x5f8/0x6b0 [ 62.431254][ T6413] ? __pfx_____sys_recvmsg+0x10/0x10 [ 62.432728][ T6413] ? find_held_lock+0x2d/0x110 [ 62.434012][ T6413] ___sys_recvmsg+0x115/0x1a0 [ 62.435281][ T6413] ? __pfx____sys_recvmsg+0x10/0x10 [ 62.436817][ T6413] ? lock_acquire+0x2f/0xb0 [ 62.438066][ T6413] ? __fget_files+0x40/0x3f0 [ 62.439314][ T6413] ? __pfx___might_resched+0x10/0x10 [ 62.440760][ T6413] ? fdget+0x176/0x210 [ 62.441907][ T6413] do_recvmmsg+0x51a/0x750 [ 62.443106][ T6413] ? __pfx_do_recvmmsg+0x10/0x10 [ 62.444626][ T6413] ? __pfx_lock_release+0x10/0x10 [ 62.446050][ T6413] ? vfs_write+0x306/0x1150 [ 62.447375][ T6413] ? __fget_files+0x244/0x3f0 [ 62.448793][ T6413] __sys_recvmmsg+0x21e/0x280 [ 62.450132][ T6413] ? __pfx___sys_recvmmsg+0x10/0x10 [ 62.451778][ T6413] ? __pfx_ksys_write+0x10/0x10 [ 62.453153][ T6413] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 62.454807][ T6413] ? lockdep_hardirqs_on+0x7c/0x110 [ 62.456349][ T6413] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 62.458216][ T6413] __do_fast_syscall_32+0x73/0x120 [ 62.459555][ T6413] do_fast_syscall_32+0x32/0x80 [ 62.460903][ T6413] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 62.462620][ T6413] RIP: 0023:0xf73fe579 [ 62.463759][ T6413] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 62.470035][ T6413] RSP: 002b:00000000f56c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 62.472471][ T6413] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020003700 [ 62.474750][ T6413] RDX: 0000000000000600 RSI: 0000000000000000 RDI: 0000000000000000 [ 62.476963][ T6413] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 62.479187][ T6413] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 62.481434][ T6413] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 62.483589][ T6413] [ 62.608898][ T6417] netlink: 188 bytes leftover after parsing attributes in process `syz.3.136'. [ 63.350405][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 63.524073][ T6429] netlink: 32 bytes leftover after parsing attributes in process `syz.2.142'. [ 63.641554][ T6433] loop7: detected capacity change from 0 to 16384 [ 63.940051][ T829] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 64.120140][ T829] usb 7-1: Using ep0 maxpacket: 16 [ 64.123545][ T829] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.127583][ T829] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 64.132242][ T829] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 64.135849][ T829] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.141755][ T829] usb 7-1: config 0 descriptor?? [ 64.390615][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 64.458385][ T6453] input: syz1 as /devices/virtual/input/input8 [ 64.594795][ T6433] mmap: syz.2.143 (6433) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 64.797771][ T6459] netlink: 32 bytes leftover after parsing attributes in process `syz.3.152'. [ 64.984662][ T829] usbhid 7-1:0.0: can't add hid device: -71 [ 64.989245][ T829] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 65.000092][ T829] usb 7-1: USB disconnect, device number 2 [ 65.429983][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 66.046933][ T6499] netlink: 4 bytes leftover after parsing attributes in process `syz.3.165'. [ 66.057995][ T6499] bond_slave_0: entered promiscuous mode [ 66.060537][ T6499] bond_slave_1: entered promiscuous mode [ 66.064051][ T6499] macvtap1: entered promiscuous mode [ 66.065821][ T6499] bond0: entered promiscuous mode [ 66.067566][ T6499] macvtap1: entered allmulticast mode [ 66.069156][ T6499] bond0: entered allmulticast mode [ 66.081326][ T6499] bond_slave_0: entered allmulticast mode [ 66.083577][ T6499] bond_slave_1: entered allmulticast mode [ 66.088961][ T6499] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 66.101671][ T6499] netlink: 4 bytes leftover after parsing attributes in process `syz.3.165'. [ 66.105300][ T6499] bond0: left allmulticast mode [ 66.106687][ T6499] bond_slave_0: left allmulticast mode [ 66.110513][ T6499] bond_slave_1: left allmulticast mode [ 66.112298][ T6499] bond0: left promiscuous mode [ 66.113888][ T6499] bond_slave_0: left promiscuous mode [ 66.116569][ T6499] bond_slave_1: left promiscuous mode [ 66.178727][ T6506] netlink: 12 bytes leftover after parsing attributes in process `syz.3.168'. [ 66.180460][ T6508] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_bridge, syncid = 0, id = 0 [ 66.188798][ T6507] can0: slcan on pts0. [ 66.264914][ T6507] can0 (unregistered): slcan off pts0. [ 66.286312][ T6512] syz_tun: entered promiscuous mode [ 66.289384][ T6512] batadv_slave_0: entered promiscuous mode [ 66.408429][ T6524] validate_nla: 25 callbacks suppressed [ 66.408440][ T6524] netlink: 'syz.0.172': attribute type 9 has an invalid length. [ 66.412722][ T6524] netlink: 8 bytes leftover after parsing attributes in process `syz.0.172'. [ 66.419257][ T6520] syzkaller1: entered promiscuous mode [ 66.421213][ T6520] syzkaller1: entered allmulticast mode [ 66.480443][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 66.693720][ T6537] netlink: 'syz.3.176': attribute type 4 has an invalid length. [ 66.767869][ T6537] syzkaller0: entered promiscuous mode [ 66.770502][ T6537] syzkaller0: entered allmulticast mode [ 67.077784][ T6549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.181'. [ 67.513339][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 68.302479][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.306403][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.309321][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.314298][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.316826][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.320486][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.324226][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.326761][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.331764][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.346764][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.349697][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.356349][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.358844][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.361966][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.364518][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.366979][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.370404][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.373301][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.375815][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.378411][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.381167][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.383509][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.386060][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.388628][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.392136][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.394524][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.397038][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.399215][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.402273][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.404957][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.408557][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.412859][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.415752][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.418399][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.421439][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.424083][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.426955][ T25] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.429633][ T25] hid-generic 0000:0000:0000.0002: item fetching failed at offset 42/43 [ 68.440358][ T25] hid-generic 0000:0000:0000.0002: probe with driver hid-generic failed with error -22 [ 68.550001][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 68.595652][ T6564] xt_CT: No such helper "pptp" [ 68.913616][ C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 69.061098][ T6572] netlink: 180 bytes leftover after parsing attributes in process `syz.0.188'. [ 69.326707][ T6578] fuse: Unknown parameter '' [ 69.434112][ T39] audit: type=1326 audit(1730650814.412:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6583 comm="syz.3.194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 69.446128][ T39] audit: type=1326 audit(1730650814.412:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6583 comm="syz.3.194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 69.454870][ T39] audit: type=1326 audit(1730650814.412:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6583 comm="syz.3.194" exe="/syz-executor" sig=0 arch=40000003 syscall=356 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 69.461594][ T39] audit: type=1326 audit(1730650814.412:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6583 comm="syz.3.194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 69.467480][ T39] audit: type=1326 audit(1730650814.412:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6583 comm="syz.3.194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 69.476482][ T39] audit: type=1326 audit(1730650814.412:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6583 comm="syz.3.194" exe="/syz-executor" sig=0 arch=40000003 syscall=334 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 69.483666][ T39] audit: type=1326 audit(1730650814.412:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6583 comm="syz.3.194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 69.566727][ T39] audit: type=1326 audit(1730650814.412:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6583 comm="syz.3.194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 69.580482][ T39] audit: type=1326 audit(1730650814.412:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6583 comm="syz.3.194" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 69.587502][ T39] audit: type=1326 audit(1730650814.412:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6583 comm="syz.3.194" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 69.599995][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 70.281571][ T6597] FAULT_INJECTION: forcing a failure. [ 70.281571][ T6597] name failslab, interval 1, probability 0, space 0, times 0 [ 70.285316][ T6597] CPU: 0 UID: 0 PID: 6597 Comm: syz.0.196 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 70.288957][ T6597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.291946][ T6597] Call Trace: [ 70.292844][ T6597] [ 70.293805][ T6597] dump_stack_lvl+0x16c/0x1f0 [ 70.295308][ T6597] should_fail_ex+0x497/0x5b0 [ 70.296616][ T6597] ? fs_reclaim_acquire+0xae/0x150 [ 70.298000][ T6597] should_failslab+0xc2/0x120 [ 70.299253][ T6597] __kmalloc_noprof+0xcb/0x410 [ 70.300594][ T6597] ? ovl_fs_params_verify+0x665/0x1480 [ 70.302017][ T6597] ? prepare_creds+0x4a0/0x750 [ 70.303666][ T6597] ovl_fill_super+0x3ea/0x6970 [ 70.305374][ T6597] ? shrinker_register+0x154/0x260 [ 70.307264][ T6597] ? __pfx_lock_release+0x10/0x10 [ 70.309112][ T6597] ? trace_contention_end+0xea/0x140 [ 70.311520][ T6597] ? __mutex_lock+0x1a6/0x9c0 [ 70.313653][ T6597] ? __pfx___mutex_lock+0x10/0x10 [ 70.315571][ T6597] ? __pfx_ovl_fill_super+0x10/0x10 [ 70.317807][ T6597] ? lockdep_init_map_type+0x16d/0x7d0 [ 70.320114][ T6597] ? lockdep_init_map_type+0x16d/0x7d0 [ 70.322250][ T6597] ? __init_swait_queue_head+0xca/0x150 [ 70.324385][ T6597] ? shrinker_register+0x1a8/0x260 [ 70.326561][ T6597] ? sget_fc+0x488/0xb90 [ 70.327916][ T6597] ? __pfx_ovl_fill_super+0x10/0x10 [ 70.329542][ T6597] ? get_tree_nodev+0xda/0x190 [ 70.331150][ T6597] get_tree_nodev+0xda/0x190 [ 70.332862][ T6597] vfs_get_tree+0x8f/0x380 [ 70.334672][ T6597] path_mount+0x6e1/0x1f10 [ 70.336359][ T6597] ? kmem_cache_free+0x152/0x4b0 [ 70.338151][ T6597] ? __pfx_path_mount+0x10/0x10 [ 70.339902][ T6597] ? putname+0x12e/0x170 [ 70.341450][ T6597] __ia32_sys_mount+0x292/0x310 [ 70.343223][ T6597] ? __pfx___ia32_sys_mount+0x10/0x10 [ 70.345244][ T6597] __do_fast_syscall_32+0x73/0x120 [ 70.347643][ T6597] do_fast_syscall_32+0x32/0x80 [ 70.349775][ T6597] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 70.352797][ T6597] RIP: 0023:0xf7f03579 [ 70.354536][ T6597] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 70.360616][ T6597] RSP: 002b:00000000f568655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 70.363537][ T6597] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 70.366575][ T6597] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000020000180 [ 70.369981][ T6597] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 70.373042][ T6597] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 70.375689][ T6597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 70.378505][ T6597] [ 70.446103][ T6599] netlink: 240 bytes leftover after parsing attributes in process `syz.0.198'. [ 70.630337][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 70.802303][ T1407] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.805122][ T1407] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.977940][ T6623] netlink: 12 bytes leftover after parsing attributes in process `syz.1.205'. [ 71.260881][ T6634] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 71.262833][ T6634] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 71.266784][ T6634] vhci_hcd vhci_hcd.0: Device attached [ 71.442627][ T6639] overlayfs: overlapping lowerdir path [ 71.462663][ T830] vhci_hcd: vhci_device speed not set [ 71.540097][ T830] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 71.681374][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 72.005147][ T5951] Bluetooth: hci3: command 0x0419 tx timeout [ 72.391500][ T6635] vhci_hcd: connection reset by peer [ 72.397189][ T96] vhci_hcd: stop threads [ 72.399739][ T96] vhci_hcd: release socket [ 72.402689][ T96] vhci_hcd: disconnect device [ 72.710502][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 73.750037][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 73.956007][ T35] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 74.531631][ T35] usb 8-1: device descriptor read/64, error -71 [ 74.790004][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 74.790187][ T35] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 74.837604][ T6707] FAULT_INJECTION: forcing a failure. [ 74.837604][ T6707] name failslab, interval 1, probability 0, space 0, times 0 [ 74.841857][ T6707] CPU: 2 UID: 0 PID: 6707 Comm: syz.1.227 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 74.845221][ T6707] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.848213][ T6707] Call Trace: [ 74.849736][ T6707] [ 74.850981][ T6707] dump_stack_lvl+0x16c/0x1f0 [ 74.853349][ T6707] should_fail_ex+0x497/0x5b0 [ 74.854669][ T6707] ? fs_reclaim_acquire+0xae/0x150 [ 74.856045][ T6707] should_failslab+0xc2/0x120 [ 74.857643][ T6707] __kmalloc_noprof+0xcb/0x410 [ 74.859506][ T6707] ? __pfx_d_absolute_path+0x10/0x10 [ 74.861535][ T6707] tomoyo_encode2+0x100/0x3e0 [ 74.863105][ T6707] tomoyo_realpath_from_path+0x1a7/0x710 [ 74.864935][ T6707] tomoyo_path_number_perm+0x245/0x5b0 [ 74.866930][ T6707] ? tomoyo_path_number_perm+0x232/0x5b0 [ 74.869570][ T6707] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 74.872930][ T6707] ? trace_lock_acquire+0x14a/0x1d0 [ 74.874859][ T6707] ? lock_acquire+0x2f/0xb0 [ 74.876523][ T6707] ? __fget_files+0x40/0x3f0 [ 74.878185][ T6707] ? __fget_files+0x244/0x3f0 [ 74.879840][ T6707] security_file_ioctl_compat+0x9b/0x240 [ 74.881820][ T6707] __do_compat_sys_ioctl+0x52/0x2b0 [ 74.883524][ T6707] __do_fast_syscall_32+0x73/0x120 [ 74.885288][ T6707] do_fast_syscall_32+0x32/0x80 [ 74.887411][ T6707] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 74.889758][ T6707] RIP: 0023:0xf73fe579 [ 74.891468][ T6707] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 74.898413][ T6707] RSP: 002b:00000000f56e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 74.901232][ T6707] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0405619 [ 74.903840][ T6707] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 74.906779][ T6707] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 74.909539][ T6707] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 74.912576][ T6707] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 74.915558][ T6707] [ 74.916734][ C2] vkms_vblank_simulate: vblank timer overrun [ 74.921236][ T6707] ERROR: Out of memory at tomoyo_realpath_from_path. [ 74.970135][ T35] usb 8-1: device descriptor read/64, error -71 [ 75.020866][ T6710] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 75.023265][ T6710] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 75.035590][ T6710] vhci_hcd vhci_hcd.0: Device attached [ 75.081006][ T35] usb usb8-port1: attempt power cycle [ 75.137904][ T6714] netlink: 32 bytes leftover after parsing attributes in process `syz.2.229'. [ 75.210478][ T5992] vhci_hcd: vhci_device speed not set [ 75.271333][ T5992] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 75.282704][ T6724] netlink: 8 bytes leftover after parsing attributes in process `syz.2.232'. [ 75.300139][ T57] usb 6-1: new low-speed USB device number 3 using dummy_hcd [ 75.397985][ T6726] netlink: 4 bytes leftover after parsing attributes in process `syz.0.233'. [ 75.404803][ T6726] bond_slave_0: entered promiscuous mode [ 75.406827][ T6726] bond_slave_1: entered promiscuous mode [ 75.408918][ T6726] macvtap1: entered promiscuous mode [ 75.411015][ T6726] bond0: entered promiscuous mode [ 75.413101][ T6726] macvtap1: entered allmulticast mode [ 75.415139][ T6726] bond0: entered allmulticast mode [ 75.417081][ T6726] bond_slave_0: entered allmulticast mode [ 75.419204][ T6726] bond_slave_1: entered allmulticast mode [ 75.422708][ T6726] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 75.430434][ T35] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 75.432250][ T6726] netlink: 4 bytes leftover after parsing attributes in process `syz.0.233'. [ 75.437869][ T6726] bond0: left allmulticast mode [ 75.439718][ T6726] bond_slave_0: left allmulticast mode [ 75.442299][ T6726] bond_slave_1: left allmulticast mode [ 75.444473][ T6726] bond0: left promiscuous mode [ 75.446458][ T6726] bond_slave_0: left promiscuous mode [ 75.448136][ T6726] bond_slave_1: left promiscuous mode [ 75.461272][ T35] usb 8-1: device descriptor read/8, error -71 [ 75.467403][ T57] usb 6-1: config 0 has no interfaces? [ 75.469758][ T57] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 75.473688][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.477711][ T39] kauditd_printk_skb: 1 callbacks suppressed [ 75.477726][ T39] audit: type=1326 audit(1730650820.452:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.0.235" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 75.478501][ T57] usb 6-1: config 0 descriptor?? [ 75.479623][ T39] audit: type=1326 audit(1730650820.452:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.0.235" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 75.497448][ T39] audit: type=1326 audit(1730650820.452:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.0.235" exe="/syz-executor" sig=0 arch=40000003 syscall=197 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 75.505988][ T39] audit: type=1326 audit(1730650820.452:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.0.235" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 75.515888][ T39] audit: type=1326 audit(1730650820.452:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.0.235" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 75.523739][ T39] audit: type=1326 audit(1730650820.452:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.0.235" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 75.531907][ T39] audit: type=1326 audit(1730650820.452:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.0.235" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 75.539019][ T39] audit: type=1326 audit(1730650820.452:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.0.235" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 75.544841][ T39] audit: type=1326 audit(1730650820.452:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.0.235" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 75.551683][ T39] audit: type=1326 audit(1730650820.452:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.0.235" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000 [ 75.738982][ T35] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 75.760161][ T5992] vhci_hcd: vhci_device speed not set [ 75.765098][ T35] usb 8-1: device descriptor read/8, error -71 [ 75.820146][ T5992] usb 39-1: device descriptor read/64, error -71 [ 75.830111][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 75.870508][ T35] usb usb8-port1: unable to enumerate USB device [ 76.010072][ T5992] vhci_hcd: vhci_device speed not set [ 76.080201][ T5992] usb 39-1: new full-speed USB device number 3 using vhci_hcd [ 76.680322][ T830] vhci_hcd: vhci_device speed not set [ 76.690796][ T6753] input: syz0 as /devices/virtual/input/input9 [ 76.869950][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 76.975809][ T5955] udevd[5955]: setting mode of /dev/input/event3 to 020660 failed: Read-only file system [ 76.984494][ T5955] udevd[5955]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: Read-only file system [ 76.999030][ T6755] netlink: 'syz.0.242': attribute type 9 has an invalid length. [ 77.001868][ T6755] netlink: 8 bytes leftover after parsing attributes in process `syz.0.242'. [ 77.148396][ T6765] program syz.0.247 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 77.372845][ T6788] netlink: 232 bytes leftover after parsing attributes in process `syz.0.254'. [ 77.396345][ T6790] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.255'. [ 77.398978][ T6790] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 77.727807][ T6804] netlink: 4 bytes leftover after parsing attributes in process `syz.0.260'. [ 77.909971][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 77.912605][ T6804] team0 (unregistering): Port device team_slave_0 removed [ 77.920197][ T6804] team0 (unregistering): Port device team_slave_1 removed [ 77.957736][ T6815] netlink: 'syz.2.264': attribute type 27 has an invalid length. [ 77.995894][ T8] usb 6-1: USB disconnect, device number 3 [ 78.019141][ T6711] vhci_hcd: connection reset by peer [ 78.021405][ T6815] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.022890][ T6815] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.030955][ T96] vhci_hcd: stop threads [ 78.032771][ T96] vhci_hcd: release socket [ 78.036275][ T96] vhci_hcd: disconnect device [ 78.130629][ T6824] process 'syz.0.266' launched './file2' with NULL argv: empty string added [ 78.219258][ T6815] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 78.234867][ T6815] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 78.262308][ T6827] netlink: 'syz.1.267': attribute type 20 has an invalid length. [ 78.325766][ T6815] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.329362][ T6815] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.333087][ T6815] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.336407][ T6815] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.398257][ T6815] sit1: left allmulticast mode [ 78.477582][ T6822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.491054][ T6822] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.506065][ T6822] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 78.934149][ T6851] netlink: 'syz.3.276': attribute type 9 has an invalid length. [ 78.936561][ T6851] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.276'. [ 78.950194][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 79.035690][ T6863] netlink: 'syz.3.276': attribute type 9 has an invalid length. [ 79.037306][ T6863] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.276'. [ 79.430056][ T5951] Bluetooth: hci0: command 0x0c1a tx timeout [ 79.435637][ T5966] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 79.990034][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 80.153416][ T6894] __nla_validate_parse: 5 callbacks suppressed [ 80.153428][ T6894] netlink: 201400 bytes leftover after parsing attributes in process `syz.1.289'. [ 80.183563][ T6894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 80.291688][ T6903] MTD: Couldn't look up '': -2 [ 80.440148][ T8] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 80.590356][ T8] usb 6-1: Using ep0 maxpacket: 8 [ 80.597993][ T8] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 80.612664][ T8] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 80.630897][ T8] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 80.635638][ T8] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 80.639099][ T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 80.662673][ T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 80.668422][ T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 80.675451][ T8] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 80.679461][ T8] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 80.683305][ T8] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 80.686377][ T8] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 80.692460][ T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 80.696527][ T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 80.701344][ T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 80.708565][ T8] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 80.713784][ T8] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 80.716537][ T8] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 80.719380][ T8] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 80.725814][ T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 80.730485][ T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 80.734257][ T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 80.751908][ T8] usb 6-1: string descriptor 0 read error: -22 [ 80.754165][ T8] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 80.758046][ T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.784081][ T8] adutux 6-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 81.031593][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 81.047474][ T30] cfg80211: failed to load regulatory.db [ 81.181622][ T5992] vhci_hcd: vhci_device speed not set [ 81.550193][ T6913] netlink: 'syz.0.295': attribute type 4 has an invalid length. [ 81.880087][ T8] usb 6-1: USB disconnect, device number 4 [ 82.070002][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 82.080989][ T6922] netlink: 8 bytes leftover after parsing attributes in process `syz.3.299'. [ 82.213506][ T6925] netlink: 'syz.3.300': attribute type 1 has an invalid length. [ 82.216453][ T6925] netlink: 9352 bytes leftover after parsing attributes in process `syz.3.300'. [ 82.219772][ T6925] netlink: 'syz.3.300': attribute type 1 has an invalid length. [ 82.222717][ T6925] netlink: 'syz.3.300': attribute type 2 has an invalid length. [ 82.225598][ T6925] netlink: 4 bytes leftover after parsing attributes in process `syz.3.300'. [ 82.933219][ T6952] netlink: 160 bytes leftover after parsing attributes in process `syz.2.307'. [ 82.936025][ T6952] netlink: 108 bytes leftover after parsing attributes in process `syz.2.307'. [ 82.938460][ T6952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.307'. [ 83.109980][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 83.314079][ T6959] netlink: 'syz.1.311': attribute type 4 has an invalid length. [ 83.323853][ T6959] netlink: 'syz.1.311': attribute type 4 has an invalid length. [ 83.378833][ T6965] netlink: 188 bytes leftover after parsing attributes in process `syz.0.313'. [ 83.386317][ T6967] overlayfs: missing 'lowerdir' [ 83.416083][ T6970] openvswitch: netlink: Actions may not be safe on all matching packets [ 83.422916][ T6970] overlayfs: failed to resolve './file1': -2 [ 83.544281][ T6977] warning: `syz.1.319' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 83.900879][ T6990] netlink: 188 bytes leftover after parsing attributes in process `syz.2.323'. [ 84.017309][ T6996] FAULT_INJECTION: forcing a failure. [ 84.017309][ T6996] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 84.022630][ T6996] CPU: 2 UID: 0 PID: 6996 Comm: syz.2.326 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 84.026728][ T6996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 84.031069][ T6996] Call Trace: [ 84.032524][ T6996] [ 84.033736][ T6996] dump_stack_lvl+0x16c/0x1f0 [ 84.035666][ T6996] should_fail_ex+0x497/0x5b0 [ 84.037617][ T6996] _copy_from_user+0x2e/0xd0 [ 84.039514][ T6996] snd_seq_oss_write+0x398/0x7b0 [ 84.041490][ T6996] ? __pfx_snd_seq_oss_write+0x10/0x10 [ 84.043463][ T6996] ? apparmor_file_permission+0x251/0x400 [ 84.045526][ T6996] ? __pfx_odev_write+0x10/0x10 [ 84.047417][ T6996] odev_write+0x51/0xa0 [ 84.049319][ T6996] vfs_write+0x24c/0x1150 [ 84.051123][ T6996] ? __fget_files+0x23a/0x3f0 [ 84.052795][ T6996] ? __pfx_lock_release+0x10/0x10 [ 84.054554][ T6996] ? trace_lock_acquire+0x14a/0x1d0 [ 84.056526][ T6996] ? __pfx_vfs_write+0x10/0x10 [ 84.058395][ T6996] ? lock_acquire+0x2f/0xb0 [ 84.060264][ T6996] ? __fget_files+0x40/0x3f0 [ 84.062103][ T6996] ? __fget_files+0x244/0x3f0 [ 84.063968][ T6996] ksys_write+0x12f/0x260 [ 84.065726][ T6996] ? __pfx_ksys_write+0x10/0x10 [ 84.067752][ T6996] __do_fast_syscall_32+0x73/0x120 [ 84.070212][ T6996] do_fast_syscall_32+0x32/0x80 [ 84.071997][ T6996] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 84.074716][ T6996] RIP: 0023:0xf749e579 [ 84.076260][ T6996] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 84.084150][ T6996] RSP: 002b:00000000f578655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 84.087988][ T6996] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200003c0 [ 84.091196][ T6996] RDX: 0000000000000234 RSI: 0000000000000000 RDI: 0000000000000000 [ 84.094317][ T6996] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 84.097534][ T6996] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 84.100364][ T6996] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 84.103156][ T6996] [ 84.160021][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 84.495911][ T7018] tipc: Started in network mode [ 84.497910][ T7018] tipc: Node identity 4, cluster identity 4711 [ 84.501216][ T7018] tipc: Node number set to 4 [ 84.554524][ T7018] netlink: 'syz.2.335': attribute type 1 has an invalid length. [ 84.700642][ T7023] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 84.837826][ T7034] netlink: 'syz.1.341': attribute type 1 has an invalid length. [ 84.878099][ T7034] bond1: (slave ipip0): The slave device specified does not support setting the MAC address [ 84.882374][ T7034] bond1: (slave ipip0): Setting fail_over_mac to active for active-backup mode [ 84.887839][ T7034] bond1: (slave ipip0): making interface the new active one [ 84.892865][ T7034] bond1: (slave ipip0): Enslaving as an active interface with an up link [ 84.991477][ T7041] netlink: 12 bytes leftover after parsing attributes in process `syz.0.340'. [ 85.200025][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 85.728600][ T7038] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.861526][ T7067] netlink: 4 bytes leftover after parsing attributes in process `syz.3.350'. [ 85.874524][ T7067] bond_slave_0: entered promiscuous mode [ 85.876102][ T7067] bond_slave_1: entered promiscuous mode [ 85.878063][ T7067] macvtap2: entered promiscuous mode [ 85.879409][ T7067] bond0: entered promiscuous mode [ 85.882444][ T7067] macvtap2: entered allmulticast mode [ 85.884387][ T7067] bond0: entered allmulticast mode [ 85.885785][ T7067] bond_slave_0: entered allmulticast mode [ 85.887381][ T7067] bond_slave_1: entered allmulticast mode [ 85.889939][ T7067] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 85.923402][ T7067] netlink: 4 bytes leftover after parsing attributes in process `syz.3.350'. [ 85.929057][ T7067] bond0: left allmulticast mode [ 85.932092][ T7067] bond_slave_0: left allmulticast mode [ 85.934591][ T7067] bond_slave_1: left allmulticast mode [ 85.936501][ T7067] bond0: left promiscuous mode [ 85.938524][ T7067] bond_slave_0: left promiscuous mode [ 85.940404][ T7067] bond_slave_1: left promiscuous mode [ 85.970959][ T7072] FAULT_INJECTION: forcing a failure. [ 85.970959][ T7072] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 85.977200][ T7072] CPU: 3 UID: 0 PID: 7072 Comm: syz.1.352 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 85.980877][ T7072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.984769][ T7072] Call Trace: [ 85.985712][ T7072] [ 85.986550][ T7072] dump_stack_lvl+0x16c/0x1f0 [ 85.988142][ T7072] should_fail_ex+0x497/0x5b0 [ 85.989435][ T7072] _copy_from_user+0x2e/0xd0 [ 85.990706][ T7072] snd_pcm_oss_write2+0x1c6/0x3f0 [ 85.992341][ T7072] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 85.994111][ T7072] ? snd_pcm_kernel_ioctl+0x257/0x2d0 [ 85.995783][ T7072] ? snd_pcm_oss_prepare+0x11e/0x220 [ 85.997427][ T7072] snd_pcm_oss_write+0x727/0xa00 [ 85.998966][ T7072] ? rw_verify_area+0xd0/0x700 [ 86.000348][ T7072] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 86.001786][ T7072] vfs_write+0x24c/0x1150 [ 86.002926][ T7072] ? __fget_files+0x23a/0x3f0 [ 86.004174][ T7072] ? __pfx_lock_release+0x10/0x10 [ 86.005496][ T7072] ? trace_lock_acquire+0x14a/0x1d0 [ 86.006832][ T7072] ? __pfx_vfs_write+0x10/0x10 [ 86.008054][ T7072] ? lock_acquire+0x2f/0xb0 [ 86.009245][ T7072] ? __fget_files+0x40/0x3f0 [ 86.010472][ T7072] ? __fget_files+0x244/0x3f0 [ 86.012229][ T7072] ksys_write+0x12f/0x260 [ 86.013393][ T7072] ? __pfx_ksys_write+0x10/0x10 [ 86.014694][ T7072] __do_fast_syscall_32+0x73/0x120 [ 86.016056][ T7072] do_fast_syscall_32+0x32/0x80 [ 86.017342][ T7072] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 86.018995][ T7072] RIP: 0023:0xf73fe579 [ 86.020148][ T7072] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 86.025422][ T7072] RSP: 002b:00000000f56c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 86.027735][ T7072] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020002000 [ 86.029997][ T7072] RDX: 0000000000088020 RSI: 0000000000000000 RDI: 0000000000000000 [ 86.032338][ T7072] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 86.034955][ T7072] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 86.037435][ T7072] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 86.039680][ T7072] [ 86.071814][ T7076] netlink: 14 bytes leftover after parsing attributes in process `syz.3.354'. [ 86.229980][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 86.399168][ T7095] netlink: 'syz.3.360': attribute type 9 has an invalid length. [ 86.401439][ T7095] netlink: 8 bytes leftover after parsing attributes in process `syz.3.360'. [ 86.607303][ T7103] netlink: 'syz.0.361': attribute type 20 has an invalid length. [ 86.615091][ T7105] program syz.3.364 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 87.271860][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 87.329818][ T7129] netlink: 232 bytes leftover after parsing attributes in process `syz.2.371'. [ 87.693971][ T7136] syzkaller1: entered promiscuous mode [ 87.696142][ T7136] syzkaller1: entered allmulticast mode [ 88.099625][ T7149] netlink: 44 bytes leftover after parsing attributes in process `syz.3.377'. [ 88.178406][ T7152] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 88.180356][ T7152] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 88.182556][ T7152] vhci_hcd vhci_hcd.0: Device attached [ 88.202663][ T7152] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 88.310192][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 89.029776][ T7153] vhci_hcd: connection closed [ 89.030879][ T11] vhci_hcd: stop threads [ 89.034099][ T11] vhci_hcd: release socket [ 89.036068][ T11] vhci_hcd: disconnect device [ 89.050138][ T9] vhci_hcd: vhci_device speed not set [ 89.093562][ T7178] syzkaller0: entered allmulticast mode [ 89.154365][ T7177] syzkaller0: left allmulticast mode [ 89.350036][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 89.368387][ T7193] netlink: 8 bytes leftover after parsing attributes in process `syz.1.391'. [ 89.373295][ T7193] netlink: 12 bytes leftover after parsing attributes in process `syz.1.391'. [ 89.377107][ T7193] netlink: 'syz.1.391': attribute type 25 has an invalid length. [ 89.382661][ T7190] netlink: 40 bytes leftover after parsing attributes in process `syz.2.390'. [ 89.534079][ C3] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 89.648543][ T7217] netlink: 4 bytes leftover after parsing attributes in process `syz.1.401'. [ 89.755189][ T7225] FAULT_INJECTION: forcing a failure. [ 89.755189][ T7225] name failslab, interval 1, probability 0, space 0, times 0 [ 89.760238][ T7225] CPU: 0 UID: 0 PID: 7225 Comm: syz.0.403 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 89.764001][ T7225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.767013][ T7225] Call Trace: [ 89.767923][ T7225] [ 89.768701][ T7225] dump_stack_lvl+0x16c/0x1f0 [ 89.770126][ T7225] should_fail_ex+0x497/0x5b0 [ 89.772615][ T7225] ? fs_reclaim_acquire+0xae/0x150 [ 89.774345][ T7225] should_failslab+0xc2/0x120 [ 89.776038][ T7225] __kmalloc_noprof+0xcb/0x410 [ 89.777710][ T7225] lsm_blob_alloc+0x68/0x90 [ 89.779238][ T7225] security_sb_alloc+0x28/0x230 [ 89.780859][ T7225] alloc_super+0x245/0xbd0 [ 89.782384][ T7225] ? lock_acquire+0x2f/0xb0 [ 89.783988][ T7225] sget+0x11b/0x6c0 [ 89.785640][ T7225] ? __pfx_v9fs_set_super+0x10/0x10 [ 89.787738][ T7225] v9fs_mount+0x106/0xa30 [ 89.789211][ T7225] ? __pfx_v9fs_mount+0x10/0x10 [ 89.791338][ T7225] ? __pfx_v9fs_mount+0x10/0x10 [ 89.793270][ T7225] legacy_get_tree+0x109/0x220 [ 89.795235][ T7225] vfs_get_tree+0x8f/0x380 [ 89.797208][ T7225] path_mount+0x6e1/0x1f10 [ 89.799289][ T7225] ? kmem_cache_free+0x152/0x4b0 [ 89.801029][ T7225] ? __pfx_path_mount+0x10/0x10 [ 89.802727][ T7225] ? putname+0x12e/0x170 [ 89.804386][ T7225] __ia32_sys_mount+0x292/0x310 [ 89.806274][ T7225] ? __pfx___ia32_sys_mount+0x10/0x10 [ 89.808326][ T7225] __do_fast_syscall_32+0x73/0x120 [ 89.810218][ T7225] do_fast_syscall_32+0x32/0x80 [ 89.812134][ T7225] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 89.814509][ T7225] RIP: 0023:0xf7f03579 [ 89.816135][ T7225] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 89.822819][ T7225] RSP: 002b:00000000f568655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 89.825915][ T7225] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000040 [ 89.829116][ T7225] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 89.832637][ T7225] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 89.835587][ T7225] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 89.838518][ T7225] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 89.841338][ T7225] [ 89.842547][ C0] vkms_vblank_simulate: vblank timer overrun [ 90.390002][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 91.430018][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 91.906785][ T7285] overlayfs: failed to resolve './file1': -2 [ 92.470017][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 93.510061][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 93.675600][ T7347] __nla_validate_parse: 1 callbacks suppressed [ 93.675636][ T7347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.437'. [ 93.822643][ T7329] libceph: resolve '. [ 93.822643][ T7329] #)|.fǝa2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 93.822643][ T7329] ' (ret=-3): failed [ 94.058928][ T7329] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 94.065297][ T7329] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 94.093078][ T7329] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 94.099375][ T7329] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 94.101817][ T7329] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 94.113042][ T7329] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 94.117729][ T7329] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 94.121971][ T7329] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 94.128733][ T7329] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 94.135271][ T7329] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 94.138617][ T7329] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 94.151573][ T7329] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 94.550126][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 94.961369][ T7366] fuse: Unknown parameter '000000000000000000000030x000000000000000c 00000000000000000000' [ 95.590222][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 95.939956][ T5992] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 95.999991][ T5966] Bluetooth: hci0: command 0x0c1a tx timeout [ 96.051006][ T7324] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 96.101358][ T5992] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 96.103941][ T5992] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 96.106649][ T5992] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 96.109130][ T5992] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.114674][ T5992] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 96.117130][ T5992] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 96.119304][ T5992] usb 5-1: Product: syz [ 96.120502][ T5992] usb 5-1: Manufacturer: syz [ 96.124570][ T5992] cdc_wdm 5-1:1.0: skipping garbage [ 96.125934][ T5992] cdc_wdm 5-1:1.0: skipping garbage [ 96.127999][ T5992] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 96.129636][ T5992] cdc_wdm 5-1:1.0: Unknown control protocol [ 96.160147][ T5965] Bluetooth: hci1: command 0x0c1a tx timeout [ 96.161987][ T5951] Bluetooth: hci2: command 0x0c1a tx timeout [ 96.163727][ T5966] Bluetooth: hci3: command 0x0419 tx timeout [ 96.428375][ T829] usb 5-1: USB disconnect, device number 2 [ 96.629956][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 96.649586][ T7407] tipc: Started in network mode [ 96.652322][ T7407] tipc: Node identity 4, cluster identity 4711 [ 96.655045][ T7407] tipc: Node number set to 4 [ 97.199075][ T7418] FAULT_INJECTION: forcing a failure. [ 97.199075][ T7418] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 97.205914][ T7418] CPU: 1 UID: 0 PID: 7418 Comm: syz.3.462 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 97.210248][ T7418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.214781][ T7418] Call Trace: [ 97.216126][ T7418] [ 97.217250][ T7418] dump_stack_lvl+0x16c/0x1f0 [ 97.219034][ T7418] should_fail_ex+0x497/0x5b0 [ 97.220736][ T7418] _copy_from_user+0x2e/0xd0 [ 97.222371][ T7418] input_event_from_user+0x22d/0x3b0 [ 97.224240][ T7418] ? __pfx_input_event_from_user+0x10/0x10 [ 97.226373][ T7418] ? input_inject_event+0x193/0x370 [ 97.228219][ T7418] evdev_write+0x377/0x750 [ 97.229839][ T7418] ? __pfx_evdev_write+0x10/0x10 [ 97.231559][ T7418] ? bpf_lsm_file_permission+0x9/0x10 [ 97.233677][ T7418] ? security_file_permission+0x71/0x210 [ 97.235895][ T7418] ? __pfx_evdev_write+0x10/0x10 [ 97.238020][ T7418] vfs_write+0x24c/0x1150 [ 97.239683][ T7418] ? __fget_files+0x23a/0x3f0 [ 97.241435][ T7418] ? __pfx_lock_release+0x10/0x10 [ 97.243210][ T7418] ? trace_lock_acquire+0x14a/0x1d0 [ 97.245057][ T7418] ? __pfx_vfs_write+0x10/0x10 [ 97.246752][ T7418] ? lock_acquire+0x2f/0xb0 [ 97.248476][ T7418] ? __fget_files+0x40/0x3f0 [ 97.250292][ T7418] ? __fget_files+0x244/0x3f0 [ 97.252094][ T7418] ksys_write+0x1fa/0x260 [ 97.253672][ T7418] ? __pfx_ksys_write+0x10/0x10 [ 97.255429][ T7418] __do_fast_syscall_32+0x73/0x120 [ 97.257224][ T7418] do_fast_syscall_32+0x32/0x80 [ 97.258922][ T7418] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 97.261142][ T7418] RIP: 0023:0xf748e579 [ 97.262648][ T7418] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 97.270199][ T7418] RSP: 002b:00000000f577655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 97.273488][ T7418] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000020000040 [ 97.276351][ T7418] RDX: 00000000000012d8 RSI: 0000000000000000 RDI: 0000000000000000 [ 97.279053][ T7418] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 97.281935][ T7418] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 97.284840][ T7418] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.288050][ T7418] [ 97.415122][ T7427] netlink: 14 bytes leftover after parsing attributes in process `syz.3.464'. [ 97.463847][ T7429] netlink: 'syz.3.465': attribute type 9 has an invalid length. [ 97.466803][ T7429] netlink: 8 bytes leftover after parsing attributes in process `syz.3.465'. [ 97.671569][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 97.687638][ T7434] syz_tun: entered promiscuous mode [ 97.701596][ T7434] batadv_slave_0: entered promiscuous mode [ 97.705208][ T7434] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 97.708017][ T7434] Cannot create hsr debugfs directory [ 98.080013][ T5951] Bluetooth: hci0: command 0x0c1a tx timeout [ 98.114253][ T7448] Bluetooth: (null): Invalid header checksum [ 98.219100][ T45] Bluetooth: (null): Invalid header checksum [ 98.222050][ T45] Bluetooth: (null): Invalid header checksum [ 98.230053][ T5951] Bluetooth: hci3: command 0x0419 tx timeout [ 98.230092][ T5965] Bluetooth: hci2: command 0x0c1a tx timeout [ 98.232574][ T5951] Bluetooth: hci1: command 0x0c1a tx timeout [ 98.321305][ T96] Bluetooth: (null): Invalid header checksum [ 98.405207][ T7450] netlink: 4 bytes leftover after parsing attributes in process `syz.3.472'. [ 98.412424][ T7450] netlink: 72 bytes leftover after parsing attributes in process `syz.3.472'. [ 98.416223][ T7450] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 98.430559][ T1130] Bluetooth: (null): Invalid header checksum [ 98.552248][ T45] Bluetooth: (null): Invalid header checksum [ 98.710061][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 98.873790][ T7472] can0: slcan on pts0. [ 98.961384][ T7472] can0 (unregistered): slcan off pts0. [ 99.086018][ T7485] netlink: 24 bytes leftover after parsing attributes in process `syz.2.481'. [ 99.749573][ T7507] netlink: 'syz.3.486': attribute type 4 has an invalid length. [ 99.752724][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 99.763114][ T7507] netlink: 'syz.3.486': attribute type 4 has an invalid length. [ 99.779009][ T7507] netlink: 52 bytes leftover after parsing attributes in process `syz.3.486'. [ 100.062587][ T7513] fuse: Bad value for 'user_id' [ 100.064131][ T7513] fuse: Bad value for 'user_id' [ 100.150244][ T5966] Bluetooth: hci0: command 0x0c1a tx timeout [ 100.310046][ T5966] Bluetooth: hci1: command 0x0c1a tx timeout [ 100.313901][ T5966] Bluetooth: hci2: command 0x0c1a tx timeout [ 100.316624][ T5966] Bluetooth: hci3: command 0x0419 tx timeout [ 100.592622][ T7530] netlink: 28 bytes leftover after parsing attributes in process `syz.1.492'. [ 100.595420][ T7530] netlink: 'syz.1.492': attribute type 7 has an invalid length. [ 100.597576][ T7530] netlink: 'syz.1.492': attribute type 8 has an invalid length. [ 100.599654][ T7530] netlink: 4 bytes leftover after parsing attributes in process `syz.1.492'. [ 100.790111][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 101.102391][ T39] kauditd_printk_skb: 36 callbacks suppressed [ 101.102481][ T39] audit: type=1326 audit(1730650846.082:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7538 comm="syz.0.496" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x0 [ 101.355489][ T7545] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.452957][ T7545] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.523321][ T7545] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.654721][ T7545] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.779619][ T7545] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.785954][ T7545] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.797749][ T7545] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.805474][ T7545] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.808839][ T7568] openvswitch: netlink: Message has 11 unknown bytes. [ 101.811023][ T7568] openvswitch: netlink: Actions may not be safe on all matching packets [ 101.829996][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 102.068575][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 102.070372][ T7580] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 102.075449][ T7580] overlayfs: fs on './file0' does not support file handles, falling back to xino=off. [ 102.230044][ T5951] Bluetooth: hci0: command 0x0c1a tx timeout [ 102.370781][ T7598] hub 2-0:1.0: USB hub found [ 102.374045][ T7598] hub 2-0:1.0: 2 ports detected [ 102.424266][ T7598] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 102.590134][ T5992] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 102.749991][ T5992] usb 7-1: Using ep0 maxpacket: 16 [ 102.755152][ T5992] usb 7-1: config 129 has an invalid interface number: 211 but max is 2 [ 102.757688][ T5992] usb 7-1: config 129 has an invalid interface number: 83 but max is 2 [ 102.769965][ T5992] usb 7-1: config 129 contains an unexpected descriptor of type 0x2, skipping [ 102.780194][ T5992] usb 7-1: config 129 has an invalid interface number: 16 but max is 2 [ 102.783161][ T5992] usb 7-1: config 129 has an invalid interface number: 178 but max is 2 [ 102.786174][ T5992] usb 7-1: config 129 contains an unexpected descriptor of type 0x1, skipping [ 102.794016][ T5992] usb 7-1: config 129 has an invalid interface descriptor of length 6, skipping [ 102.797609][ T5992] usb 7-1: config 129 has an invalid descriptor of length 181, skipping remainder of the config [ 102.800515][ T5992] usb 7-1: config 129 has 4 interfaces, different from the descriptor's value: 3 [ 102.802909][ T5992] usb 7-1: config 129 has no interface number 0 [ 102.804596][ T5992] usb 7-1: config 129 has no interface number 1 [ 102.806247][ T5992] usb 7-1: config 129 has no interface number 2 [ 102.808259][ T5992] usb 7-1: config 129 has no interface number 3 [ 102.811607][ T5992] usb 7-1: config 129 interface 211 altsetting 7 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 102.814672][ T5992] usb 7-1: config 129 interface 211 altsetting 7 endpoint 0xC has invalid maxpacket 1023, setting to 64 [ 102.817958][ T5992] usb 7-1: config 129 interface 83 altsetting 3 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 102.821431][ T5992] usb 7-1: config 129 interface 83 altsetting 3 has 3 endpoint descriptors, different from the interface descriptor's value: 10 [ 102.825160][ T5992] usb 7-1: config 129 interface 16 altsetting 181 has 0 endpoint descriptors, different from the interface descriptor's value: 23 [ 102.829833][ T5992] usb 7-1: config 129 interface 178 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 6 [ 102.834211][ T5992] usb 7-1: config 129 interface 211 has no altsetting 0 [ 102.836556][ T5992] usb 7-1: config 129 interface 83 has no altsetting 0 [ 102.838631][ T5992] usb 7-1: config 129 interface 16 has no altsetting 0 [ 102.841153][ T5992] usb 7-1: config 129 interface 178 has no altsetting 0 [ 102.870036][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 102.880710][ T5992] usb 7-1: New USB device found, idVendor=2c7c, idProduct=6009, bcdDevice=18.fa [ 102.883090][ T5992] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.885201][ T5992] usb 7-1: Product: ⻈ꥉꝱ [ 102.886642][ T5992] usb 7-1: Manufacturer: ᐊ [ 102.887887][ T5992] usb 7-1: SerialNumber: syz [ 102.982266][ T5951] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 103.210136][ T5992] option 7-1:129.211: GSM modem (1-port) converter detected [ 103.224107][ T5992] usb 7-1: USB disconnect, device number 3 [ 103.228688][ T5992] option 7-1:129.211: device disconnected [ 103.250051][ T35] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 103.415079][ T35] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 103.418775][ T35] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 103.422229][ T35] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 103.425546][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.430598][ T7602] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 103.439059][ T35] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 103.706819][ T6438] usb 6-1: USB disconnect, device number 5 [ 103.783693][ T7621] FAULT_INJECTION: forcing a failure. [ 103.783693][ T7621] name failslab, interval 1, probability 0, space 0, times 0 [ 103.790349][ T7621] CPU: 2 UID: 0 PID: 7621 Comm: syz.2.526 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 103.793855][ T7621] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 103.797440][ T7621] Call Trace: [ 103.798651][ T7621] [ 103.799639][ T7621] dump_stack_lvl+0x16c/0x1f0 [ 103.801209][ T7621] should_fail_ex+0x497/0x5b0 [ 103.802782][ T7621] ? fs_reclaim_acquire+0xae/0x150 [ 103.804707][ T7621] should_failslab+0xc2/0x120 [ 103.806567][ T7621] kmem_cache_alloc_node_noprof+0x71/0x310 [ 103.809156][ T7621] ? __alloc_skb+0x2b3/0x380 [ 103.810551][ T7621] __alloc_skb+0x2b3/0x380 [ 103.811839][ T7621] ? __pfx___alloc_skb+0x10/0x10 [ 103.813520][ T7621] ? find_held_lock+0x2d/0x110 [ 103.815294][ T7621] sctp_packet_transmit+0x1ec/0x3030 [ 103.817323][ T7621] ? __sctp_packet_append_chunk+0x48a/0xd60 [ 103.819444][ T7621] ? sctp_packet_append_chunk+0xe40/0x1160 [ 103.821517][ T7621] ? sctp_packet_config+0x781/0xf40 [ 103.823445][ T7621] sctp_packet_singleton+0x19f/0x370 [ 103.825245][ T7621] ? __pfx_sctp_packet_singleton+0x10/0x10 [ 103.827279][ T7621] ? sctp_outq_select_transport+0x208/0x740 [ 103.829690][ T7621] sctp_outq_flush+0x54d/0x3380 [ 103.831474][ T7621] ? unwind_get_return_address+0x59/0xa0 [ 103.833521][ T7621] ? __pfx_sctp_outq_flush+0x10/0x10 [ 103.835267][ T7621] ? __pfx_sctp_sm_lookup_event+0x10/0x10 [ 103.838021][ T7621] ? sctp_outq_tail+0x670/0xa30 [ 103.839834][ T7621] ? sctp_endpoint_add_asoc+0x228/0x2f0 [ 103.841507][ T7621] sctp_do_sm+0x179c/0x5c90 [ 103.843196][ T7621] ? kasan_save_stack+0x42/0x60 [ 103.844741][ T7621] ? kasan_save_stack+0x33/0x60 [ 103.846222][ T7621] ? kasan_save_track+0x14/0x30 [ 103.847975][ T7621] ? __pfx_sctp_do_sm+0x10/0x10 [ 103.849331][ T7621] ? sctp_sendmsg+0x129c/0x1f10 [ 103.850903][ T7621] ? ____sys_sendmsg+0x907/0xb40 [ 103.852427][ T7621] ? __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 103.854507][ T7621] ? __do_fast_syscall_32+0x73/0x120 [ 103.855991][ T7621] ? sk_leave_memory_pressure+0xdd/0x130 [ 103.857661][ T7621] ? __sk_mem_raise_allocated+0x8a0/0x1740 [ 103.859633][ T7621] sctp_primitive_ASSOCIATE+0x9c/0xd0 [ 103.861402][ T7621] sctp_sendmsg_to_asoc+0xa4d/0x1ad0 [ 103.863224][ T7621] ? sctp_assoc_add_peer+0x254/0x14b0 [ 103.864998][ T7621] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 103.867022][ T7621] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 103.869128][ T7621] ? mark_held_locks+0x9f/0xe0 [ 103.871068][ T7621] ? sctp_sendmsg+0x112f/0x1f10 [ 103.873125][ T7621] sctp_sendmsg+0x129c/0x1f10 [ 103.874769][ T7621] ? __pfx___lock_acquire+0x10/0x10 [ 103.876407][ T7621] ? __pfx_sctp_sendmsg+0x10/0x10 [ 103.878485][ T7621] ? __pfx___might_resched+0x10/0x10 [ 103.880402][ T7621] ? __pfx_aa_sk_perm+0x10/0x10 [ 103.881876][ T7621] ? __import_iovec+0x1f2/0x6d0 [ 103.883312][ T7621] ? __pfx_sctp_sendmsg+0x10/0x10 [ 103.885080][ T7621] inet_sendmsg+0x119/0x140 [ 103.886640][ T7621] ____sys_sendmsg+0x907/0xb40 [ 103.888311][ T7621] ? __pfx_____sys_sendmsg+0x10/0x10 [ 103.890164][ T7621] ? get_compat_msghdr+0x11b/0x170 [ 103.892003][ T7621] ? __pfx___lock_acquire+0x10/0x10 [ 103.893658][ T7621] ___sys_sendmsg+0x135/0x1e0 [ 103.894891][ T7621] ? __pfx____sys_sendmsg+0x10/0x10 [ 103.896307][ T7621] ? lock_acquire+0x2f/0xb0 [ 103.897514][ T7621] ? __fget_files+0x40/0x3f0 [ 103.899119][ T7621] ? fdget+0x176/0x210 [ 103.900589][ T7621] __sys_sendmmsg+0x2a5/0x450 [ 103.902262][ T7621] ? __pfx___sys_sendmmsg+0x10/0x10 [ 103.903919][ T7621] ? vfs_write+0x306/0x1150 [ 103.905119][ T7621] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 103.906701][ T7621] ? fput+0x30/0x390 [ 103.907726][ T7621] ? ksys_write+0x1ad/0x260 [ 103.908955][ T7621] ? __pfx_ksys_write+0x10/0x10 [ 103.910438][ T7621] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 103.912565][ T7621] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 103.914786][ T7621] __do_fast_syscall_32+0x73/0x120 [ 103.916466][ T7621] do_fast_syscall_32+0x32/0x80 [ 103.918028][ T7621] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 103.919709][ T7621] RIP: 0023:0xf749e579 [ 103.920802][ T7621] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 103.926121][ T7621] RSP: 002b:00000000f578655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 103.928421][ T7621] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020001680 [ 103.930507][ T7621] RDX: 0000000000000001 RSI: 00000000000000fc RDI: 0000000000000000 [ 103.932753][ T7621] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 103.935177][ T7621] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 103.937464][ T7621] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 103.939615][ T7621] [ 103.950023][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 104.090870][ T7628] netlink: 8 bytes leftover after parsing attributes in process `syz.2.529'. [ 104.369233][ T7633] syzkaller1: entered promiscuous mode [ 104.372602][ T7633] syzkaller1: entered allmulticast mode [ 104.399999][ T6438] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 104.570242][ T6438] usb 8-1: Using ep0 maxpacket: 8 [ 104.583322][ T6438] usb 8-1: config index 0 descriptor too short (expected 5924, got 36) [ 104.586525][ T6438] usb 8-1: config 250 has an invalid interface number: 228 but max is -1 [ 104.596011][ T6438] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 104.605446][ T6438] usb 8-1: config 250 has no interface number 0 [ 104.615783][ T6438] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 104.619815][ T6438] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 104.630290][ T6438] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 104.640039][ T6438] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 104.650234][ T6438] usb 8-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 104.659998][ T6438] usb 8-1: config 250 interface 228 has no altsetting 0 [ 104.667371][ T6438] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 104.680554][ T6438] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 104.683906][ T6438] usb 8-1: Product: syz [ 104.685934][ T6438] usb 8-1: SerialNumber: syz [ 104.703066][ T6438] hub 8-1:250.228: bad descriptor, ignoring hub [ 104.705699][ T6438] hub 8-1:250.228: probe with driver hub failed with error -5 [ 104.945200][ T6438] usblp 8-1:250.228: usblp0: USB Bidirectional printer dev 6 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 104.950060][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 105.155414][ T7652] netlink: 16 bytes leftover after parsing attributes in process `syz.0.537'. [ 105.262102][ T5992] usb 8-1: USB disconnect, device number 6 [ 105.272721][ T5992] usblp0: removed [ 105.296027][ T7658] ALSA: mixer_oss: invalid index -1404626105 [ 105.590045][ T5992] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 105.760184][ T5992] usb 8-1: Using ep0 maxpacket: 8 [ 105.766185][ T5992] usb 8-1: config index 0 descriptor too short (expected 5924, got 36) [ 105.769404][ T5992] usb 8-1: config 250 has an invalid interface number: 228 but max is -1 [ 105.773123][ T5992] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 105.776704][ T5992] usb 8-1: config 250 has no interface number 0 [ 105.779405][ T5992] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 105.786698][ T5992] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 105.792390][ T5992] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 105.796405][ T5992] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 105.802312][ T5992] usb 8-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 105.808343][ T5992] usb 8-1: config 250 interface 228 has no altsetting 0 [ 105.812978][ T5992] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 105.815734][ T5992] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 105.817842][ T5992] usb 8-1: Product: syz [ 105.819087][ T5992] usb 8-1: SerialNumber: syz [ 105.825504][ T5992] hub 8-1:250.228: bad descriptor, ignoring hub [ 105.827466][ T5992] hub 8-1:250.228: probe with driver hub failed with error -5 [ 105.854577][ T7662] netlink: 240 bytes leftover after parsing attributes in process `syz.2.539'. [ 105.887301][ T7664] FAULT_INJECTION: forcing a failure. [ 105.887301][ T7664] name failslab, interval 1, probability 0, space 0, times 0 [ 105.891017][ T7664] CPU: 0 UID: 0 PID: 7664 Comm: syz.2.540 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 105.893851][ T7664] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 105.896828][ T7664] Call Trace: [ 105.898308][ T7664] [ 105.899475][ T7664] dump_stack_lvl+0x16c/0x1f0 [ 105.901656][ T7664] should_fail_ex+0x497/0x5b0 [ 105.903446][ T7664] ? fs_reclaim_acquire+0xae/0x150 [ 105.905520][ T7664] should_failslab+0xc2/0x120 [ 105.907480][ T7664] __kmalloc_noprof+0xcb/0x410 [ 105.909267][ T7664] ? find_held_lock+0x2d/0x110 [ 105.910942][ T7664] memcg_list_lru_alloc+0x24d/0xa90 [ 105.912946][ T7664] ? rcu_read_unlock+0x17/0x60 [ 105.914536][ T7664] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 105.916308][ T7664] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 105.918162][ T7664] __memcg_slab_post_alloc_hook+0x12c/0x9b0 [ 105.920576][ T7664] ? kasan_save_track+0x14/0x30 [ 105.922697][ T7664] kmem_cache_alloc_lru_noprof+0x2c8/0x2f0 [ 105.924863][ T7664] ? ovl_alloc_inode+0x25/0x190 [ 105.926661][ T7664] ? __pfx_ovl_inode_test+0x10/0x10 [ 105.928497][ T7664] ? __pfx_ovl_inode_set+0x10/0x10 [ 105.930102][ T7664] ? __pfx_ovl_alloc_inode+0x10/0x10 [ 105.931880][ T7664] ovl_alloc_inode+0x25/0x190 [ 105.933181][ T7664] alloc_inode+0x5d/0x230 [ 105.934299][ T7664] iget5_locked+0x33b/0x3d0 [ 105.935592][ T7664] ? __pfx_ovl_inode_test+0x10/0x10 [ 105.937276][ T7664] ? __pfx_ovl_inode_set+0x10/0x10 [ 105.938745][ T7664] ? __pfx_iget5_locked+0x10/0x10 [ 105.940338][ T7664] ? trace_kmalloc+0x2d/0xe0 [ 105.942168][ T7664] ovl_get_trap_inode+0xb2/0x200 [ 105.943769][ T7664] ovl_fill_super+0x7f4/0x6970 [ 105.945290][ T7664] ? shrinker_register+0x154/0x260 [ 105.946800][ T7664] ? __pfx_lock_release+0x10/0x10 [ 105.948308][ T7664] ? __mutex_lock+0x1a6/0x9c0 [ 105.949594][ T7664] ? __pfx___mutex_lock+0x10/0x10 [ 105.951042][ T7664] ? __pfx_ovl_fill_super+0x10/0x10 [ 105.952446][ T7664] ? lockdep_init_map_type+0x16d/0x7d0 [ 105.953871][ T7664] ? lockdep_init_map_type+0x16d/0x7d0 [ 105.955422][ T7664] ? __init_swait_queue_head+0xca/0x150 [ 105.957147][ T7664] ? shrinker_register+0x1a8/0x260 [ 105.958598][ T7664] ? sget_fc+0x488/0xb90 [ 105.959939][ T7664] ? __pfx_ovl_fill_super+0x10/0x10 [ 105.961941][ T7664] ? get_tree_nodev+0xda/0x190 [ 105.963655][ T7664] get_tree_nodev+0xda/0x190 [ 105.965017][ T7664] vfs_get_tree+0x8f/0x380 [ 105.966353][ T7664] path_mount+0x6e1/0x1f10 [ 105.967840][ T7664] ? kmem_cache_free+0x152/0x4b0 [ 105.969676][ T7664] ? __pfx_path_mount+0x10/0x10 [ 105.971745][ T7664] ? putname+0x12e/0x170 [ 105.973295][ T7664] __ia32_sys_mount+0x292/0x310 [ 105.975094][ T7664] ? __pfx___ia32_sys_mount+0x10/0x10 [ 105.977097][ T7664] __do_fast_syscall_32+0x73/0x120 [ 105.978967][ T7664] do_fast_syscall_32+0x32/0x80 [ 105.981125][ T7664] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 105.983825][ T7664] RIP: 0023:0xf749e579 [ 105.985482][ T7664] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 105.992723][ T7664] RSP: 002b:00000000f578655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 105.996001][ T7664] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 105.999330][ T7664] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000020000180 [ 106.002451][ T7664] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 106.005422][ T7664] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 106.008407][ T7664] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 106.011256][ T7664] [ 106.013177][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 106.047092][ T5992] usblp 8-1:250.228: usblp0: USB Bidirectional printer dev 7 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 106.070451][ T5992] usb 8-1: USB disconnect, device number 7 [ 106.075108][ T5992] usblp0: removed [ 106.536650][ T7687] Bluetooth: (null): Invalid header checksum [ 106.628927][ T7694] tipc: Started in network mode [ 106.632463][ T7694] tipc: Node identity 4, cluster identity 4711 [ 106.634747][ T7694] tipc: Node number set to 4 [ 106.686721][ T7698] fuse: Bad value for 'group_id' [ 106.688644][ T7698] fuse: Bad value for 'group_id' [ 106.693891][ T7699] FAULT_INJECTION: forcing a failure. [ 106.693891][ T7699] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 106.698837][ T7699] CPU: 3 UID: 0 PID: 7699 Comm: syz.0.555 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 106.702956][ T7699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 106.706931][ T7699] Call Trace: [ 106.708157][ T7699] [ 106.709211][ T7699] dump_stack_lvl+0x16c/0x1f0 [ 106.710876][ T7699] should_fail_ex+0x497/0x5b0 [ 106.712549][ T7699] _copy_from_user+0x2e/0xd0 [ 106.714206][ T7699] snd_seq_oss_write+0x398/0x7b0 [ 106.715991][ T7699] ? __pfx_snd_seq_oss_write+0x10/0x10 [ 106.717414][ T7699] ? apparmor_file_permission+0x251/0x400 [ 106.718917][ T7699] ? __pfx_odev_write+0x10/0x10 [ 106.720365][ T7699] odev_write+0x51/0xa0 [ 106.721615][ T7699] vfs_write+0x24c/0x1150 [ 106.722895][ T7699] ? __fget_files+0x23a/0x3f0 [ 106.724439][ T7699] ? __pfx_lock_release+0x10/0x10 [ 106.726480][ T7699] ? trace_lock_acquire+0x14a/0x1d0 [ 106.728649][ T7699] ? __pfx_vfs_write+0x10/0x10 [ 106.730066][ T7699] ? lock_acquire+0x2f/0xb0 [ 106.731854][ T7699] ? __fget_files+0x40/0x3f0 [ 106.733556][ T7699] ? __fget_files+0x244/0x3f0 [ 106.735278][ T7699] ksys_write+0x12f/0x260 [ 106.736537][ T7699] ? __pfx_ksys_write+0x10/0x10 [ 106.737861][ T7699] __do_fast_syscall_32+0x73/0x120 [ 106.739101][ T7699] do_fast_syscall_32+0x32/0x80 [ 106.740540][ T7699] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 106.742990][ T7699] RIP: 0023:0xf7f03579 [ 106.744392][ T7699] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 106.751060][ T7699] RSP: 002b:00000000f568655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 106.753446][ T7699] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200003c0 [ 106.755895][ T7699] RDX: 0000000000000234 RSI: 0000000000000000 RDI: 0000000000000000 [ 106.758017][ T7699] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 106.760146][ T7699] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 106.762295][ T7699] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 106.764457][ T7699] [ 106.765402][ C3] vkms_vblank_simulate: vblank timer overrun [ 106.856995][ T7711] netlink: 4 bytes leftover after parsing attributes in process `syz.1.562'. [ 106.953748][ T5951] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 106.975323][ T7718] loop2: detected capacity change from 0 to 61 [ 107.037955][ T7711] team0 (unregistering): Port device team_slave_0 removed [ 107.039970][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 107.054736][ T7711] team0 (unregistering): Port device team_slave_1 removed [ 107.193662][ T7723] Bluetooth: (null): Invalid header checksum [ 107.318154][ T7730] FAULT_INJECTION: forcing a failure. [ 107.318154][ T7730] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 107.322104][ T7730] CPU: 0 UID: 0 PID: 7730 Comm: syz.3.568 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 107.325214][ T7730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 107.329827][ T7730] Call Trace: [ 107.331134][ T7730] [ 107.332922][ T7730] dump_stack_lvl+0x16c/0x1f0 [ 107.334912][ T7730] should_fail_ex+0x497/0x5b0 [ 107.336373][ T7730] _copy_to_user+0x32/0xd0 [ 107.337668][ T7730] simple_read_from_buffer+0xd0/0x160 [ 107.339235][ T7730] proc_fail_nth_read+0x198/0x270 [ 107.340909][ T7730] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 107.342574][ T7730] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 107.344297][ T7730] vfs_read+0x1df/0xbe0 [ 107.345999][ T7730] ? __fget_files+0x23a/0x3f0 [ 107.347383][ T7730] ? fdget_pos+0x24c/0x360 [ 107.348861][ T7730] ? __pfx_lock_release+0x10/0x10 [ 107.350394][ T7730] ? trace_lock_acquire+0x14a/0x1d0 [ 107.352197][ T7730] ? __pfx_vfs_read+0x10/0x10 [ 107.354137][ T7730] ? __pfx___mutex_lock+0x10/0x10 [ 107.355670][ T7730] ? __fget_files+0x244/0x3f0 [ 107.356990][ T7730] ksys_read+0x12f/0x260 [ 107.358231][ T7730] ? __pfx_ksys_read+0x10/0x10 [ 107.359630][ T7730] __do_fast_syscall_32+0x73/0x120 [ 107.361143][ T7730] do_fast_syscall_32+0x32/0x80 [ 107.362545][ T7730] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 107.364315][ T7730] RIP: 0023:0xf748e579 [ 107.365748][ T7730] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 107.371024][ T7730] RSP: 002b:00000000f5776590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 107.373308][ T7730] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5776620 [ 107.375592][ T7730] RDX: 000000000000000f RSI: 00000000f747cff4 RDI: 0000000000000000 [ 107.377706][ T7730] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 107.379897][ T7730] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 107.382348][ T7730] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 107.385300][ T7730] [ 107.530255][ T30] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 107.679990][ T30] usb 6-1: Using ep0 maxpacket: 8 [ 107.686294][ T30] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 107.688433][ T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 107.699749][ T30] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.708976][ T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 107.712560][ T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 107.719575][ T30] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 107.723509][ T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 107.726916][ T30] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.730558][ T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 107.733517][ T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 107.738479][ T30] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 107.741474][ T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 107.744467][ T30] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.748514][ T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 107.752299][ T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 107.758906][ T30] usb 6-1: string descriptor 0 read error: -22 [ 107.762160][ T30] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 107.764758][ T30] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.773608][ T30] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 107.816656][ T7740] netlink: 32 bytes leftover after parsing attributes in process `syz.2.572'. [ 108.070041][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 108.116813][ T5992] usb 6-1: USB disconnect, device number 6 [ 108.542646][ T7752] fuse: Bad value for 'fd' [ 108.556985][ T7752] tmpfs: Bad value for 'mpol' [ 108.611283][ T7753] overlay: ./file0 is not a directory [ 108.779035][ T7764] blktrace: Concurrent blktraces are not allowed on nbd3 [ 108.907450][ T5951] Bluetooth: hci1: SCO packet for unknown connection handle 1955 [ 108.915236][ T7773] Cannot find map_set index 0 as target [ 109.109966][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 109.164213][ T7781] Bluetooth: (null): Invalid header checksum [ 109.271784][ T65] Bluetooth: (null): Invalid header checksum [ 109.277064][ T65] Bluetooth: (null): Invalid header checksum [ 109.391287][ T65] Bluetooth: (null): Invalid header checksum [ 109.452603][ T5951] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 109.500994][ T96] Bluetooth: (null): Invalid header checksum [ 109.610698][ T65] Bluetooth: (null): Invalid header checksum [ 109.721473][ T45] Bluetooth: (null): Invalid header checksum [ 110.150297][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 110.504534][ T7808] netlink: 'syz.3.594': attribute type 1 has an invalid length. [ 110.567333][ T7808] bond1: (slave ipip0): The slave device specified does not support setting the MAC address [ 110.570652][ T7808] bond1: (slave ipip0): Setting fail_over_mac to active for active-backup mode [ 110.577519][ T7808] bond1: (slave ipip0): making interface the new active one [ 110.581285][ T7808] bond1: (slave ipip0): Enslaving as an active interface with an up link [ 110.870440][ T7814] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 110.872417][ T7814] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 110.876254][ T7814] vhci_hcd vhci_hcd.0: Device attached [ 111.069988][ T30] vhci_hcd: vhci_device speed not set [ 111.097263][ T7817] afs: Unknown parameter 'obj_user' [ 111.139977][ T30] usb 43-1: new full-speed USB device number 3 using vhci_hcd [ 111.190076][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 111.356628][ T7832] Bluetooth: (null): Invalid header checksum [ 111.500042][ T1865] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 111.570663][ T11] Bluetooth: (null): Invalid header checksum [ 111.581093][ T11] Bluetooth: (null): Invalid header checksum [ 111.613899][ T11] Bluetooth: (null): Invalid header checksum [ 111.703265][ T65] Bluetooth: (null): Invalid header checksum [ 111.727503][ T7834] xt_CT: No such helper "pptp" [ 111.757261][ T7834] input: syz0 as /devices/virtual/input/input12 [ 111.759978][ T7815] vhci_hcd: connection reset by peer [ 111.762596][ T93] vhci_hcd: stop threads [ 111.763949][ T93] vhci_hcd: release socket [ 111.765475][ T93] vhci_hcd: disconnect device [ 111.793629][ T1865] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 111.796146][ T1865] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 111.799033][ T1865] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 111.801522][ T1865] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 111.804267][ T1865] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 111.808634][ T5955] udevd[5955]: setting mode of /dev/input/event3 to 020660 failed: Read-only file system [ 111.810153][ T65] Bluetooth: (null): Invalid header checksum [ 111.812494][ T5955] udevd[5955]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: Read-only file system [ 111.817972][ T1865] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 111.820665][ T1865] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 111.822903][ T1865] usb 6-1: Product: syz [ 111.824111][ T1865] usb 6-1: Manufacturer: syz [ 111.843421][ T1865] cdc_wdm 6-1:1.0: skipping garbage [ 111.844940][ T1865] cdc_wdm 6-1:1.0: skipping garbage [ 111.853660][ T1865] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 111.863471][ T1865] cdc_wdm 6-1:1.0: Unknown control protocol [ 111.920188][ T65] Bluetooth: (null): Invalid header checksum [ 112.190276][ T7840] autofs4:pid:7840:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e) [ 112.239954][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 112.375031][ T7849] netlink: 4 bytes leftover after parsing attributes in process `syz.2.605'. [ 112.377730][ T7849] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 112.381798][ T7849] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 112.768780][ T1865] usb 6-1: USB disconnect, device number 7 [ 112.915363][ T7866] Bluetooth: (null): Invalid header checksum [ 113.022693][ T45] Bluetooth: (null): Invalid header checksum [ 113.024809][ T45] Bluetooth: (null): Invalid header checksum [ 113.130279][ T1130] Bluetooth: (null): Invalid header checksum [ 113.240195][ T11] Bluetooth: (null): Invalid header checksum [ 113.270026][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 113.357324][ T45] Bluetooth: (null): Invalid header checksum [ 113.385685][ T7868] netlink: 'syz.1.613': attribute type 3 has an invalid length. [ 113.388147][ T7868] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.613'. [ 113.664007][ T7876] netlink: 60 bytes leftover after parsing attributes in process `syz.3.616'. [ 113.668658][ T7876] netlink: 60 bytes leftover after parsing attributes in process `syz.3.616'. [ 113.809788][ T7871] block nbd1: shutting down sockets [ 114.208972][ T7885] can0: slcan on ttyS3. [ 114.309955][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 114.310114][ T7884] can0 (unregistered): slcan off ttyS3. [ 114.386859][ T39] audit: type=1326 audit(1730650859.362:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7899 comm="syz.1.622" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 114.391060][ T7900] openvswitch: netlink: Actions may not be safe on all matching packets [ 114.407205][ T39] audit: type=1326 audit(1730650859.362:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7899 comm="syz.1.622" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 114.422041][ T39] audit: type=1326 audit(1730650859.362:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7899 comm="syz.1.622" exe="/syz-executor" sig=0 arch=40000003 syscall=332 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 114.439568][ T39] audit: type=1326 audit(1730650859.362:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7899 comm="syz.1.622" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 114.456263][ T39] audit: type=1326 audit(1730650859.362:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7899 comm="syz.1.622" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 114.466449][ T39] audit: type=1326 audit(1730650859.362:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7899 comm="syz.1.622" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 114.486737][ T39] audit: type=1326 audit(1730650859.362:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7899 comm="syz.1.622" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 114.500350][ T39] audit: type=1326 audit(1730650859.362:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7899 comm="syz.1.622" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 114.508903][ T39] audit: type=1326 audit(1730650859.362:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7899 comm="syz.1.622" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 114.521669][ T39] audit: type=1326 audit(1730650859.362:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7899 comm="syz.1.622" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 114.533337][ T7909] netlink: 4 bytes leftover after parsing attributes in process `syz.3.625'. [ 114.591055][ T7913] xt_NFQUEUE: number of total queues is 0 [ 114.725194][ T7922] blktrace: Concurrent blktraces are not allowed on nbd2 [ 114.759994][ T5950] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 114.921671][ T5950] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 114.926157][ T5950] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 114.929133][ T5950] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 114.933466][ T5950] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 114.936071][ T5950] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.941797][ T5950] usb 6-1: config 0 descriptor?? [ 114.943789][ T7907] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 114.960085][ T829] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 114.970296][ T58] usb 8-1: new full-speed USB device number 8 using dummy_hcd [ 115.120164][ T829] usb 7-1: Using ep0 maxpacket: 8 [ 115.124029][ T829] usb 7-1: config index 0 descriptor too short (expected 5924, got 36) [ 115.126115][ T829] usb 7-1: config 250 has an invalid interface number: 228 but max is -1 [ 115.128323][ T829] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 115.131070][ T829] usb 7-1: config 250 has no interface number 0 [ 115.133007][ T829] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 115.135902][ T829] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 115.138722][ T829] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 115.141569][ T58] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 115.144560][ T58] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 115.145067][ T829] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 115.148102][ T58] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 115.151029][ T829] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 115.157617][ T829] usb 7-1: config 250 interface 228 has no altsetting 0 [ 115.158273][ T58] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.163072][ T5950] usbhid 6-1:0.0: can't add hid device: -71 [ 115.164302][ T829] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 115.164780][ T5950] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 115.174712][ T829] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 115.177495][ T829] usb 7-1: Product: syz [ 115.178936][ T5950] usb 6-1: USB disconnect, device number 8 [ 115.178975][ T829] usb 7-1: SerialNumber: syz [ 115.207488][ T829] hub 7-1:250.228: bad descriptor, ignoring hub [ 115.210488][ T829] hub 7-1:250.228: probe with driver hub failed with error -5 [ 115.350025][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 115.380813][ T58] usb 8-1: usb_control_msg returned -32 [ 115.382344][ T58] usbtmc 8-1:16.0: can't read capabilities [ 115.412792][ T829] usblp 7-1:250.228: usblp1: USB Bidirectional printer dev 4 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 115.707116][ T7907] syz.1.623 (7907) used greatest stack depth: 20952 bytes left [ 115.730033][ T829] usb 7-1: USB disconnect, device number 4 [ 115.732820][ T829] usblp1: removed [ 115.780752][ T7935] netlink: 'syz.1.633': attribute type 2 has an invalid length. [ 115.784639][ T7935] netlink: 'syz.1.633': attribute type 1 has an invalid length. [ 115.787751][ T7935] netlink: 8 bytes leftover after parsing attributes in process `syz.1.633'. [ 116.080124][ T829] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 116.220126][ T30] vhci_hcd: vhci_device speed not set [ 116.240898][ T829] usb 7-1: Using ep0 maxpacket: 8 [ 116.253794][ T829] usb 7-1: config index 0 descriptor too short (expected 5924, got 36) [ 116.256474][ T829] usb 7-1: config 250 has an invalid interface number: 228 but max is -1 [ 116.259572][ T829] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 116.266446][ T829] usb 7-1: config 250 has no interface number 0 [ 116.269150][ T829] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 116.274733][ T829] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 116.279567][ T829] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 116.283298][ T829] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 116.287651][ T829] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 116.293940][ T829] usb 7-1: config 250 interface 228 has no altsetting 0 [ 116.297972][ T829] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 116.301266][ T829] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 116.304815][ T829] usb 7-1: Product: syz [ 116.306291][ T829] usb 7-1: SerialNumber: syz [ 116.324317][ T829] hub 7-1:250.228: bad descriptor, ignoring hub [ 116.326833][ T829] hub 7-1:250.228: probe with driver hub failed with error -5 [ 116.388836][ T7955] netlink: 'syz.1.640': attribute type 20 has an invalid length. [ 116.390015][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 116.527988][ T829] usblp 7-1:250.228: usblp1: USB Bidirectional printer dev 5 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 116.550287][ T829] usb 7-1: USB disconnect, device number 5 [ 116.554705][ T829] usblp1: removed [ 117.263783][ T7967] usb usb8: usbfs: process 7967 (syz.1.644) did not claim interface 0 before use [ 117.429935][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 117.745920][ T829] usb 8-1: USB disconnect, device number 8 [ 118.328268][ T8003] netlink: 4 bytes leftover after parsing attributes in process `syz.0.653'. [ 118.479948][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 119.201058][ T8024] syzkaller1: entered promiscuous mode [ 119.202847][ T8024] syzkaller1: entered allmulticast mode [ 119.376958][ T35] kernel write not supported for file /vcs (pid: 35 comm: kworker/3:0) [ 119.510075][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 119.554880][ T8054] syzkaller1: entered promiscuous mode [ 119.556894][ T8054] syzkaller1: entered allmulticast mode [ 119.674070][ T8073] trusted_key: encrypted_key: insufficient parameters specified [ 119.856252][ T8083] syz.0.687: attempt to access beyond end of device [ 119.856252][ T8083] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 119.861811][ T8083] hpfs: hpfs_map_sector(): read error [ 119.865738][ T8082] syz.0.687: attempt to access beyond end of device [ 119.865738][ T8082] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 119.869412][ T8082] hpfs: hpfs_map_sector(): read error [ 119.910184][ T8] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 120.008826][ T8094] syzkaller1: entered promiscuous mode [ 120.010747][ T8094] syzkaller1: entered allmulticast mode [ 120.061496][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 120.065243][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.068864][ T8] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 120.074338][ T8] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 120.078008][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.081045][ T8] usb 7-1: config 0 descriptor?? [ 120.160295][ T1865] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 120.318583][ T1865] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 120.321966][ T1865] usb 5-1: config 0 has no interface number 0 [ 120.328150][ T1865] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a26, bcdDevice=bb.83 [ 120.335268][ T1865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=1 [ 120.338772][ T1865] usb 5-1: Product: syz [ 120.340952][ T1865] usb 5-1: Manufacturer: syz [ 120.342227][ T1865] usb 5-1: SerialNumber: syz [ 120.345472][ T1865] usb 5-1: config 0 descriptor?? [ 120.462616][ T93] Bluetooth: (null): Invalid header checksum [ 120.465189][ T93] Bluetooth: (null): Invalid header checksum [ 120.467459][ T93] Bluetooth: (null): Invalid header checksum [ 120.550244][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 120.580526][ T65] Bluetooth: (null): Invalid header checksum [ 120.598895][ T8089] netlink: 32 bytes leftover after parsing attributes in process `syz.0.690'. [ 120.692396][ T45] Bluetooth: (null): Invalid header checksum [ 120.699194][ T8] usbhid 7-1:0.0: can't add hid device: -71 [ 120.701774][ T8] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 120.709069][ T8] usb 7-1: USB disconnect, device number 6 [ 120.801022][ T45] Bluetooth: (null): Invalid header checksum [ 120.811325][ T1865] hub 5-1:0.1: bad descriptor, ignoring hub [ 120.813150][ T1865] hub 5-1:0.1: probe with driver hub failed with error -5 [ 120.850252][ T1865] usb 5-1: USB disconnect, device number 3 [ 120.910350][ T65] Bluetooth: (null): Invalid header checksum [ 121.589964][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 121.690011][ T8119] Bluetooth: (null): Invalid header checksum [ 121.743033][ T8127] Context (ID=0x10) not attached to queue pair (handle=0x2:0x0) [ 121.763378][ T93] Bluetooth: (null): Invalid header checksum [ 121.770859][ T93] Bluetooth: (null): Invalid header checksum [ 121.880331][ T96] Bluetooth: (null): Invalid header checksum [ 122.286354][ T8148] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 122.324947][ T8151] netlink: 8 bytes leftover after parsing attributes in process `syz.0.709'. [ 122.532463][ T8164] netlink: 160 bytes leftover after parsing attributes in process `syz.2.712'. [ 122.538119][ T8164] netlink: 108 bytes leftover after parsing attributes in process `syz.2.712'. [ 122.639953][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 123.175952][ T8204] netlink: 'syz.2.726': attribute type 10 has an invalid length. [ 123.184041][ T8204] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 123.333174][ T8215] libceph: resolve '. [ 123.333174][ T8215] #)|.fǝa2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 123.333174][ T8215] ' (ret=-3): failed [ 123.412670][ T8221] libceph: resolve '. [ 123.412670][ T8221] #)|.fǝa2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 123.412670][ T8221] ' (ret=-3): failed [ 123.516385][ T8223] batman_adv: batadv0: Adding interface: ip6gretap1 [ 123.518211][ T8223] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 123.542024][ T8223] batman_adv: batadv0: Interface activated: ip6gretap1 [ 123.670304][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 124.024246][ T8215] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 124.027992][ T8215] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 124.030877][ T8215] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 124.033436][ T8215] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 124.352174][ T8247] netlink: 'syz.1.734': attribute type 4 has an invalid length. [ 124.370418][ T8247] netlink: 'syz.1.734': attribute type 4 has an invalid length. [ 124.381098][ T8247] netlink: 52 bytes leftover after parsing attributes in process `syz.1.734'. [ 124.709948][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 124.757846][ T8258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.739'. [ 124.907770][ T8262] netlink: 20 bytes leftover after parsing attributes in process `syz.1.741'. [ 124.989674][ T8263] ptm ptm1: ldisc open failed (-12), clearing slot 1 [ 125.424822][ T8283] binder: 8273:8283 ioctl c0046209 0 returned -22 [ 125.459771][ T8282] affs: No valid root block on device nullb0 [ 125.510083][ T5951] Bluetooth: hci0: command 0x0c1a tx timeout [ 125.512858][ T8208] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 125.750101][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 126.022130][ T93] Bluetooth: (null): Invalid header checksum [ 126.026234][ T93] Bluetooth: (null): Invalid header checksum [ 126.028742][ T93] Bluetooth: (null): Invalid header checksum [ 126.070170][ T5951] Bluetooth: hci3: command 0x0419 tx timeout [ 126.072391][ T5966] Bluetooth: hci2: command 0x0c1a tx timeout [ 126.075584][ T5965] Bluetooth: hci1: command 0x0c1a tx timeout [ 126.106305][ T65] Bluetooth: (null): Invalid header checksum [ 126.191322][ T93] Bluetooth: (null): Invalid header checksum [ 126.192632][ T8296] QAT: Invalid ioctl -2147183760 [ 126.248612][ T8299] QAT: Invalid ioctl -2147183760 [ 126.300686][ T1130] Bluetooth: (null): Invalid header checksum [ 126.728858][ T65] Bluetooth: hci4: Frame reassembly failed (-84) [ 126.799991][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 127.590370][ T5965] Bluetooth: hci0: command 0x0c1a tx timeout [ 127.830004][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 128.048057][ T8330] netlink: 4 bytes leftover after parsing attributes in process `syz.2.761'. [ 128.054859][ T8330] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 128.058774][ T8330] macvtap1: entered promiscuous mode [ 128.061797][ T8330] bond0: entered promiscuous mode [ 128.063674][ T8330] bond_slave_0: entered promiscuous mode [ 128.065994][ T8330] bond_slave_1: entered promiscuous mode [ 128.071239][ T8330] macvtap1: entered allmulticast mode [ 128.072875][ T8330] bond0: entered allmulticast mode [ 128.074457][ T8330] bond_slave_0: entered allmulticast mode [ 128.076204][ T8330] bond_slave_1: entered allmulticast mode [ 128.078122][ T8330] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 128.081891][ T8330] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 128.103907][ T8330] netlink: 4 bytes leftover after parsing attributes in process `syz.2.761'. [ 128.113422][ T8330] bond0: left allmulticast mode [ 128.115656][ T8330] bond_slave_0: left allmulticast mode [ 128.121705][ T8330] bond_slave_1: left allmulticast mode [ 128.123620][ T8330] mac80211_hwsim hwsim9 wlan1: left allmulticast mode [ 128.125617][ T8330] bond0: left promiscuous mode [ 128.127065][ T8330] bond_slave_0: left promiscuous mode [ 128.128961][ T8330] bond_slave_1: left promiscuous mode [ 128.133423][ T8330] mac80211_hwsim hwsim9 wlan1: left promiscuous mode [ 128.137125][ T5952] udevd[5952]: setting mode of /dev/loop0 to 060660 failed: Read-only file system [ 128.138058][ T5948] block device autoloading is deprecated and will be removed. [ 128.140313][ T5952] udevd[5952]: setting owner of /dev/loop0 to uid=0, gid=6 failed: Read-only file system [ 128.150064][ T5965] Bluetooth: hci3: command 0x0419 tx timeout [ 128.206421][ T8338] netlink: 'syz.0.762': attribute type 1 has an invalid length. [ 128.231725][ T8338] bond1: (slave ipip0): The slave device specified does not support setting the MAC address [ 128.234278][ T8338] bond1: (slave ipip0): Setting fail_over_mac to active for active-backup mode [ 128.237848][ T8338] bond1: (slave ipip0): making interface the new active one [ 128.241039][ T8338] bond1: (slave ipip0): Enslaving as an active interface with an up link [ 128.790373][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 128.872707][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 129.545559][ T8378] netlink: 256 bytes leftover after parsing attributes in process `syz.3.776'. [ 129.619713][ T8380] trusted_key: syz.3.777 sent an empty control message without MSG_MORE. [ 129.909939][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 130.206130][ T65] Bluetooth: (null): Invalid header checksum [ 130.208209][ T65] Bluetooth: (null): Invalid header checksum [ 130.212659][ T65] Bluetooth: (null): Invalid header checksum [ 130.313090][ T93] Bluetooth: (null): Invalid header checksum [ 130.425220][ T65] Bluetooth: (null): Invalid header checksum [ 130.543500][ T45] Bluetooth: (null): Invalid header checksum [ 130.650235][ T45] Bluetooth: (null): Invalid header checksum [ 130.950039][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 131.840987][ T93] Bluetooth: (null): Invalid header checksum [ 131.842899][ T93] Bluetooth: (null): Invalid header checksum [ 131.847728][ T93] Bluetooth: (null): Invalid header checksum [ 131.950432][ T45] Bluetooth: (null): Invalid header checksum [ 131.989946][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 132.060787][ T1130] Bluetooth: (null): Invalid header checksum [ 132.171210][ T1130] Bluetooth: (null): Invalid header checksum [ 132.233885][ T1407] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.236099][ T1407] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.280730][ T11] Bluetooth: (null): Invalid header checksum [ 132.996055][ T5951] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 133.030028][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 133.340026][ T5951] Bluetooth: hci3: SCO packet for unknown connection handle 200 [ 133.529369][ T8480] netlink: 24 bytes leftover after parsing attributes in process `syz.1.810'. [ 133.637255][ C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 133.657029][ T8489] FAULT_INJECTION: forcing a failure. [ 133.657029][ T8489] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.661894][ T8489] CPU: 0 UID: 0 PID: 8489 Comm: syz.0.812 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 133.665754][ T8489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.669448][ T8489] Call Trace: [ 133.670743][ T8489] [ 133.671819][ T8489] dump_stack_lvl+0x16c/0x1f0 [ 133.673715][ T8489] should_fail_ex+0x497/0x5b0 [ 133.675599][ T8489] _copy_from_user+0x2e/0xd0 [ 133.677719][ T8489] snd_pcm_oss_write2+0x1c6/0x3f0 [ 133.679661][ T8489] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 133.681717][ T8489] ? snd_pcm_kernel_ioctl+0x257/0x2d0 [ 133.683523][ T8489] ? snd_pcm_oss_prepare+0x11e/0x220 [ 133.685183][ T8489] snd_pcm_oss_write+0x727/0xa00 [ 133.687062][ T8489] ? rw_verify_area+0xd0/0x700 [ 133.688798][ T8489] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 133.690599][ T8489] vfs_write+0x24c/0x1150 [ 133.692094][ T8489] ? __fget_files+0x23a/0x3f0 [ 133.693676][ T8489] ? __pfx_lock_release+0x10/0x10 [ 133.695518][ T8489] ? trace_lock_acquire+0x14a/0x1d0 [ 133.696914][ T8489] ? __pfx_vfs_write+0x10/0x10 [ 133.698657][ T8489] ? lock_acquire+0x2f/0xb0 [ 133.699972][ T8489] ? __fget_files+0x40/0x3f0 [ 133.701244][ T8489] ? __fget_files+0x244/0x3f0 [ 133.702539][ T8489] ksys_write+0x12f/0x260 [ 133.703665][ T8489] ? __pfx_ksys_write+0x10/0x10 [ 133.705137][ T8489] __do_fast_syscall_32+0x73/0x120 [ 133.706587][ T8489] do_fast_syscall_32+0x32/0x80 [ 133.707985][ T8489] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 133.710254][ T8489] RIP: 0023:0xf7f03579 [ 133.711873][ T8489] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 133.717105][ T8489] RSP: 002b:00000000f566555c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 133.719277][ T8489] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020002000 [ 133.721332][ T8489] RDX: 0000000000088020 RSI: 0000000000000000 RDI: 0000000000000000 [ 133.723398][ T8489] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 133.725466][ T8489] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 133.727737][ T8489] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 133.730328][ T8489] [ 133.731052][ T8491] syzkaller1: entered promiscuous mode [ 133.733562][ T8491] syzkaller1: entered allmulticast mode [ 133.964896][ T8498] virtiofs: Unknown parameter '&@' [ 134.080449][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 134.093062][ C0] [ 134.094163][ C0] ============================================ [ 134.096205][ C0] WARNING: possible recursive locking detected [ 134.098377][ C0] 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 Not tainted [ 134.101778][ C0] -------------------------------------------- [ 134.104592][ C0] swapper/0/0 is trying to acquire lock: [ 134.106112][ C0] ffffc900272090d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x36e/0x4b0 [ 134.109188][ C0] [ 134.109188][ C0] but task is already holding lock: [ 134.112232][ C0] ffffc90025e310d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x36e/0x4b0 [ 134.116321][ C0] [ 134.116321][ C0] other info that might help us debug this: [ 134.119797][ C0] Possible unsafe locking scenario: [ 134.119797][ C0] [ 134.124000][ C0] CPU0 [ 134.125343][ C0] ---- [ 134.126355][ T8508] blktrace: Concurrent blktraces are not allowed on nbd2 [ 134.126767][ C0] lock(&rb->spinlock); [ 134.126784][ C0] lock(&rb->spinlock); [ 134.132820][ C0] [ 134.132820][ C0] *** DEADLOCK *** [ 134.132820][ C0] [ 134.136191][ C0] May be due to missing lock nesting notation [ 134.136191][ C0] [ 134.139573][ C0] 6 locks held by swapper/0/0: [ 134.141427][ C0] #0: ffffc9002e08fba0 (&x->wait#28){-.-.}-{2:2}, at: complete+0x1d/0x200 [ 134.145396][ C0] #1: ffff888022435298 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0xa1/0x14f0 [ 134.149105][ C0] #2: ffff88802b63ee98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 134.152862][ C0] #3: ffffffff8ddb7800 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1c2/0x590 [ 134.156720][ C0] #4: ffffc90025e310d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x36e/0x4b0 [ 134.160982][ C0] #5: ffffffff8ddb7800 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1c2/0x590 [ 134.164864][ C0] [ 134.164864][ C0] stack backtrace: [ 134.167217][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 134.171246][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 134.174523][ C0] Call Trace: [ 134.176088][ C0] [ 134.177253][ C0] dump_stack_lvl+0x116/0x1f0 [ 134.179002][ C0] print_deadlock_bug+0x2e3/0x410 [ 134.181488][ C0] __lock_acquire+0x2185/0x3ce0 [ 134.183512][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 134.185619][ C0] ? hlock_class+0x4e/0x130 [ 134.187196][ C0] ? __lock_acquire+0xbdd/0x3ce0 [ 134.189152][ C0] lock_acquire.part.0+0x11b/0x380 [ 134.191069][ C0] ? __bpf_ringbuf_reserve+0x36e/0x4b0 [ 134.192797][ C0] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 134.194647][ C0] ? rcu_is_watching+0x12/0xc0 [ 134.196390][ C0] ? trace_lock_acquire+0x14a/0x1d0 [ 134.198325][ C0] ? __bpf_ringbuf_reserve+0x36e/0x4b0 [ 134.200211][ C0] ? lock_acquire+0x2f/0xb0 [ 134.201858][ C0] ? __bpf_ringbuf_reserve+0x36e/0x4b0 [ 134.204075][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 134.205955][ C0] ? __bpf_ringbuf_reserve+0x36e/0x4b0 [ 134.207670][ C0] __bpf_ringbuf_reserve+0x36e/0x4b0 [ 134.209292][ C0] ? trace_lock_acquire+0x14a/0x1d0 [ 134.210734][ C0] ? bpf_trace_run2+0x1c2/0x590 [ 134.212265][ C0] bpf_ringbuf_reserve+0x57/0x90 [ 134.213862][ C0] bpf_prog_0e153dac479590bf+0x35/0x70 [ 134.215440][ C0] bpf_trace_run2+0x231/0x590 [ 134.216999][ C0] ? __pfx_bpf_trace_run2+0x10/0x10 [ 134.218560][ C0] ? hlock_class+0x4e/0x130 [ 134.219980][ C0] ? __lock_acquire+0x163e/0x3ce0 [ 134.221340][ C0] ? __pfx___bpf_trace_contention_begin+0x10/0x10 [ 134.223325][ C0] __traceiter_contention_begin+0x5a/0xa0 [ 134.225026][ C0] trace_contention_begin.constprop.0+0xed/0x170 [ 134.226921][ C0] __pv_queued_spin_lock_slowpath+0x10b/0xc90 [ 134.228734][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 134.230225][ C0] ? hlock_class+0x4e/0x130 [ 134.231409][ C0] ? __lock_acquire+0xbdd/0x3ce0 [ 134.232666][ C0] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 134.234594][ C0] do_raw_spin_lock+0x210/0x2c0 [ 134.235950][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 134.237696][ C0] ? lock_acquire+0x2f/0xb0 [ 134.238996][ C0] ? __bpf_ringbuf_reserve+0x36e/0x4b0 [ 134.240707][ C0] _raw_spin_lock_irqsave+0x42/0x60 [ 134.242464][ C0] ? __bpf_ringbuf_reserve+0x36e/0x4b0 [ 134.244280][ C0] __bpf_ringbuf_reserve+0x36e/0x4b0 [ 134.246080][ C0] ? trace_lock_acquire+0x14a/0x1d0 [ 134.247778][ C0] ? bpf_trace_run2+0x1c2/0x590 [ 134.249120][ C0] bpf_ringbuf_reserve+0x57/0x90 [ 134.250700][ C0] bpf_prog_0e153dac479590bf+0x35/0x70 [ 134.252537][ C0] bpf_trace_run2+0x231/0x590 [ 134.253980][ C0] ? mark_lock+0xb5/0xc60 [ 134.255495][ C0] ? __pfx_bpf_trace_run2+0x10/0x10 [ 134.257047][ C0] ? __lock_acquire+0x163e/0x3ce0 [ 134.258621][ C0] ? __pfx___bpf_trace_contention_begin+0x10/0x10 [ 134.261064][ C0] __traceiter_contention_begin+0x5a/0xa0 [ 134.263160][ C0] trace_contention_begin.constprop.0+0xed/0x170 [ 134.265413][ C0] __pv_queued_spin_lock_slowpath+0x10b/0xc90 [ 134.267878][ C0] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 134.270178][ C0] ? lock_acquire.part.0+0x11b/0x380 [ 134.272001][ C0] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 134.274232][ C0] do_raw_spin_lock+0x210/0x2c0 [ 134.275919][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 134.277691][ C0] ? raw_spin_rq_lock_nested+0x7e/0x130 [ 134.279436][ C0] raw_spin_rq_lock_nested+0x7e/0x130 [ 134.281211][ C0] try_to_wake_up+0x52e/0x14f0 [ 134.282770][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 134.284393][ C0] ? __pfx_try_to_wake_up+0x10/0x10 [ 134.286021][ C0] ? complete+0x1d/0x200 [ 134.287316][ C0] complete+0xb0/0x200 [ 134.288532][ C0] ? __pfx___rdmsr_safe_on_cpu+0x10/0x10 [ 134.290318][ C0] __flush_smp_call_function_queue+0x41f/0x8c0 [ 134.292753][ C0] __sysvec_call_function_single+0x8c/0x410 [ 134.294846][ C0] sysvec_call_function_single+0x9f/0xc0 [ 134.297711][ C0] [ 134.298748][ C0] [ 134.299742][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 134.301564][ C0] RIP: 0010:default_idle+0xf/0x20 [ 134.303011][ C0] Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d d3 14 32 00 fb f4 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [ 134.309248][ C0] RSP: 0018:ffffffff8da07e20 EFLAGS: 00000206 [ 134.311461][ C0] RAX: 0000000000437947 RBX: 0000000000000000 RCX: ffffffff8b146dc9 [ 134.313977][ C0] RDX: 0000000000000000 RSI: ffffffff8b4cc8e0 RDI: ffffffff8bb135a0 [ 134.316697][ C0] RBP: fffffbfff1b52af8 R08: 0000000000000001 R09: ffffed1005687025 [ 134.319071][ C0] R10: ffff88802b43812b R11: 0000000000000000 R12: 0000000000000000 [ 134.321753][ C0] R13: ffffffff8da957c0 R14: ffffffff901cf388 R15: 0000000000000000 [ 134.324514][ C0] ? ct_kernel_exit+0x139/0x190 [ 134.326566][ C0] default_idle_call+0x6d/0xb0 [ 134.328142][ C0] do_idle+0x32c/0x3f0 [ 134.329491][ C0] ? __pfx_do_idle+0x10/0x10 [ 134.330791][ C0] cpu_startup_entry+0x4f/0x60 [ 134.332136][ C0] rest_init+0x16b/0x2b0 [ 134.333319][ C0] ? acpi_subsystem_init+0x133/0x180 [ 134.334966][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 134.336649][ C0] start_kernel+0x3e4/0x4d0 [ 134.337859][ C0] x86_64_start_reservations+0x18/0x30 [ 134.339318][ C0] x86_64_start_kernel+0xb2/0xc0 [ 134.340661][ C0] common_startup_64+0x13e/0x148 [ 134.341987][ C0] [ 134.350199][ T8503] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 134.352207][ T8503] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 134.353970][ T8503] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 134.356123][ T8503] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 134.590113][ T35] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 134.609963][ T1865] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 134.740046][ T35] usb 6-1: Using ep0 maxpacket: 8 [ 134.745355][ T35] usb 6-1: config index 0 descriptor too short (expected 5924, got 36) [ 134.748416][ T35] usb 6-1: config 250 has an invalid interface number: 228 but max is -1 [ 134.751794][ T35] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 134.755545][ T35] usb 6-1: config 250 has no interface number 0 [ 134.757831][ T35] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 134.759914][ T1865] usb 7-1: Using ep0 maxpacket: 8 [ 134.762074][ T35] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 134.765728][ T1865] usb 7-1: config index 0 descriptor too short (expected 5924, got 36) [ 134.767394][ T35] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 134.770006][ T1865] usb 7-1: config 250 has an invalid interface number: 228 but max is -1 [ 134.774284][ T35] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 134.776893][ T1865] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 134.781532][ T35] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 134.783596][ T1865] usb 7-1: config 250 has no interface number 0 [ 134.788177][ T35] usb 6-1: config 250 interface 228 has no altsetting 0 [ 134.790439][ T35] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 134.792006][ T1865] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 134.795178][ T35] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 134.798113][ T1865] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 134.800656][ T35] usb 6-1: Product: syz [ 134.803122][ T1865] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 134.804693][ T35] usb 6-1: SerialNumber: syz [ 134.807521][ T1865] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 134.812107][ T35] hub 6-1:250.228: bad descriptor, ignoring hub [ 134.812120][ T35] hub 6-1:250.228: probe with driver hub failed with error -5 [ 134.816239][ T1865] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 134.820060][ T1865] usb 7-1: config 250 interface 228 has no altsetting 0 [ 134.823868][ T1865] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 134.826566][ T1865] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 134.828748][ T1865] usb 7-1: Product: syz [ 134.830016][ T1865] usb 7-1: SerialNumber: syz [ 134.833855][ T1865] hub 7-1:250.228: bad descriptor, ignoring hub [ 134.835561][ T1865] hub 7-1:250.228: probe with driver hub failed with error -5 [ 135.015614][ T35] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 9 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 135.048734][ T1865] usblp 7-1:250.228: usblp1: USB Bidirectional printer dev 7 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 135.109981][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 135.320154][ T35] usb 6-1: USB disconnect, device number 9 [ 135.324162][ T35] usblp0: removed [ 135.360568][ T30] usb 7-1: USB disconnect, device number 7 [ 135.363129][ T30] usblp1: removed [ 135.670048][ T35] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 135.689986][ T30] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 135.829974][ T35] usb 6-1: Using ep0 maxpacket: 8 [ 135.833506][ T35] usb 6-1: config index 0 descriptor too short (expected 5924, got 36) [ 135.835723][ T35] usb 6-1: config 250 has an invalid interface number: 228 but max is -1 [ 135.837934][ T35] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 135.840482][ T35] usb 6-1: config 250 has no interface number 0 [ 135.842325][ T35] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 135.845558][ T35] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 135.848537][ T35] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 135.851624][ T35] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 135.856061][ T35] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 135.859803][ T35] usb 6-1: config 250 interface 228 has no altsetting 0 [ 135.859971][ T30] usb 7-1: Using ep0 maxpacket: 8 [ 135.863040][ T35] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 135.865032][ T30] usb 7-1: config index 0 descriptor too short (expected 5924, got 36) [ 135.865558][ T35] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 135.865573][ T35] usb 6-1: Product: syz [ 135.865579][ T35] usb 6-1: SerialNumber: syz [ 135.867612][ T35] hub 6-1:250.228: bad descriptor, ignoring hub [ 135.868048][ T30] usb 7-1: config 250 has an invalid interface number: 228 but max is -1 [ 135.870370][ T35] hub 6-1:250.228: probe with driver hub failed with error -5 [ 135.871874][ T30] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 135.882162][ T30] usb 7-1: config 250 has no interface number 0 [ 135.884191][ T30] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 135.887621][ T30] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 135.890572][ T30] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 135.893359][ T30] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 135.896367][ T30] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 135.900590][ T30] usb 7-1: config 250 interface 228 has no altsetting 0 [ 135.903570][ T30] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 135.906242][ T30] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 135.908806][ T30] usb 7-1: Product: syz [ 135.910000][ T30] usb 7-1: SerialNumber: syz [ 135.912809][ T30] hub 7-1:250.228: bad descriptor, ignoring hub [ 135.914237][ T30] hub 7-1:250.228: probe with driver hub failed with error -5 [ 136.069018][ T35] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 10 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 136.090190][ T35] usb 6-1: USB disconnect, device number 10 [ 136.093373][ T35] usblp0: removed [ 136.121278][ T30] usblp 7-1:250.228: usblp0: USB Bidirectional printer dev 8 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 136.140693][ T30] usb 7-1: USB disconnect, device number 8 [ 136.143543][ T30] usblp0: removed [ 136.149996][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 136.390053][ T8502] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 136.390067][ T5951] Bluetooth: hci0: command 0x0c1a tx timeout [ 136.390290][ T5965] Bluetooth: hci3: command 0x0419 tx timeout [ 136.390329][ T5965] Bluetooth: hci2: command 0x0c1a tx timeout [ 136.390350][ T5965] Bluetooth: hci1: command 0x0c1a tx timeout [ 137.190063][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 138.229921][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 138.470058][ T5951] Bluetooth: hci0: command 0x0c1a tx timeout [ 139.270016][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 140.310012][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 141.349992][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 142.389972][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 143.430032][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available VM DIAGNOSIS: 16:21:19 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85046005 RDI=ffffffff9a6432e0 RBP=ffffffff9a6432a0 RSP=ffffc90000007060 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e32312e36 R12=0000000000000000 R13=0000000000000020 R14=ffffffff85045fa0 R15=0000000000000000 RIP=ffffffff8504602f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f56c5da4 CR3=0000000029e1a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000001 Opmask01=0000000000020000 Opmask02=0000000000000002 Opmask03=0000000000000000 Opmask04=00000000fffffffb Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd7c8e71f0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2030302030302030 3020303020303020 3030203030203130 2038642034372000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2030302030302030 3020303020303020 3030203030203130 2032642034372000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3030302030303030 3030203030302032 3931372e33333120 20363932300a3030 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3020302020303030 3020202030302030 3131302e24303020 2020333230000020 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 305a59582a573332 3e325e2a51573f3a 3b3d3b3d2439393b 2a2a51343e36003a ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a3a3a3a3a3a3a3a 3a3a3a3a3a3a2a30 524b58554d435845 2a3c33383a3a3a3a ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000041c7a4 RBX=0000000000000001 RCX=ffffffff8b146dc9 RDX=ffffed10056a7026 RSI=ffffffff8bb13520 RDI=ffffffff8164045c RBP=ffffed10036e9910 RSP=ffffc90000477e08 R8 =0000000000000000 R9 =ffffed10056a7025 R10=ffff88802b53812b R11=0000000000000001 R12=0000000000000001 R13=ffff88801b74c880 R14=ffffffff901cf388 R15=0000000000000000 RIP=ffffffff8b1481af RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020000340 CR3=000000005ab92000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=dffffc0000000000 RBX=ffff888024a10000 RCX=ffffffff815e2ec3 RDX=0000000000000000 RSI=ffffffff8bb13520 RDI=ffff8880250d0e90 RBP=000000000003b1b6 RSP=ffffc9002a557500 R8 =0000000000000000 R9 =fffffbfff2039e71 R10=ffffffff901cf38f R11=0000000000000000 R12=ffff8880250d0d00 R13=ffff8880250d0e30 R14=0000000000000000 R15=ffff888021c31000 RIP=ffffffff815e2f1f RFL=00000806 [-O---P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055d2c2c9f8e8 CR3=0000000064fea000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73fcff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000526ce86afc RBX=ffff88802b7283c0 RCX=00000000000006e0 RDX=0000000000000052 RSI=ffff88802b7283c0 RDI=00000000002278ec RBP=00000000002278ec RSP=ffffc900005f0ec0 R8 =0000000000000005 R9 =000000000000003f R10=0000000000000019 R11=ffffffff8b4f7ce0 R12=0000000000000000 R13=0000000000000019 R14=0000000000000000 R15=0000001f38a6d8bf RIP=ffffffff813a6865 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f56c34b4 CR3=000000006bd8a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000