last executing test programs: 7.721686712s ago: executing program 3 (id=3465): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000002c0)=@getchain={0x24, 0x66, 0xfcd66a900070b359, 0x1, 0x81ffffff, {0x0, 0x0, 0x0, 0x0, {0x9}, {}, {0x0, 0xfff1}}}, 0x24}}, 0x0) (async) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) (async) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0xc, 0xa}, {0x0, 0x9}, {0xfff3, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_OPTS={0x18, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x14, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL={0x8, 0x5, {0x6}}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x2}]}}]}}]}, 0x54}}, 0x0) (async) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r4, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000480)={'ip6_vti0\x00', &(0x7f0000000400)={'syztnl2\x00', 0x0, 0x4, 0xd, 0xd, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @mcast1, 0x8, 0x700, 0x6, 0x5}}) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'bridge_slave_0\x00', 0x0}) (async) r9 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r8, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r9, @ANYRES32=r9], 0x44}}, 0x0) (async) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'ip_vti0\x00', &(0x7f00000004c0)={'erspan0\x00', 0x0, 0x80, 0x78ef, 0x9, 0xffffffff, {{0x6, 0x4, 0x2, 0x6, 0x18, 0x67, 0x0, 0x7, 0x2f, 0x0, @remote, @multicast2, {[@noop]}}}}}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000006c0)={'syztnl1\x00', &(0x7f0000000540)={'ip_vti0\x00', 0x0, 0x8, 0x10, 0xc, 0x6, {{0x4a, 0x4, 0x2, 0x19, 0x128, 0x68, 0x0, 0xf, 0x29, 0x0, @rand_addr=0x64010101, @private=0xa010101, {[@lsrr={0x83, 0x13, 0xae, [@broadcast, @remote, @multicast2, @multicast1]}, @lsrr={0x83, 0x23, 0xb7, [@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x3b}, @remote, @multicast1, @broadcast, @empty, @empty]}, @rr={0x7, 0x23, 0x58, [@remote, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101, @loopback, @local, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @cipso={0x86, 0x50, 0x0, [{0x7, 0xe, "914c281cb270e0acfc751c32"}, {0x7, 0x9, "adddd21d2182ef"}, {0x7, 0xa, "f8cbb6f5938c5739"}, {0x7, 0x12, "142bf0229815d8a9ce9c276ed4fd6305"}, {0x0, 0xc, "a030a4d9af8097481660"}, {0x6, 0xb, "1c90f2a267cd51e641"}]}, @rr={0x7, 0x27, 0x12, [@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @private=0xa010102, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101, @remote, @dev={0xac, 0x14, 0x14, 0x12}]}, @noop, @lsrr={0x83, 0x27, 0xa4, [@multicast1, @loopback, @private=0xa010102, @multicast2, @dev={0xac, 0x14, 0x14, 0x26}, @multicast2, @rand_addr=0x64010100, @remote, @dev={0xac, 0x14, 0x14, 0x1e}]}, @rr={0x7, 0xf, 0x48, [@initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1]}, @timestamp_prespec={0x44, 0xc, 0x35, 0x3, 0x0, [{@multicast2, 0xfff}]}]}}}}}) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000700)={'vxcan0\x00', 0x0}) sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f0000000980)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000740)={0x1f8, 0x0, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@HEADER={0x90, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}]}, 0x1f8}, 0x1, 0x0, 0x0, 0x40010}, 0x4000881) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r15 = socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) (async) r17 = io_uring_setup(0x198f, &(0x7f0000000380)={0x0, 0xd95b, 0x40, 0x0, 0xfffffffd}) io_uring_register$IORING_REGISTER_RESTRICTIONS(r17, 0xb, &(0x7f0000000080), 0x0) (async, rerun: 32) io_uring_register$IORING_REGISTER_RESTRICTIONS(r17, 0xb, 0x0, 0x0) (async, rerun: 32) sendmsg$NL80211_CMD_DEL_STATION(r15, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2c, r14, 0x121, 0x70bd2c, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x4}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x2}, @NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async, rerun: 32) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="00022dbd7000fedbdf252000000008000300", @ANYRES32=r16, @ANYBLOB="0c009900000800004d000000"], 0x28}, 0x1, 0x0, 0x0, 0x1ceb035837e11ffa}, 0x48010) (rerun: 32) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r13, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) 7.611838406s ago: executing program 3 (id=3466): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x47f, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x29}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) (fail_nth: 2) 6.146285654s ago: executing program 2 (id=3473): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(:2', 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000280)={0x3, 0x7}, 0x4) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x0, 0x7, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10110401"}}) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r3 = openat(0xffffffffffffff9c, 0x0, 0x4, 0x80) getdents64(r3, &(0x7f0000000400)=""/4096, 0x1000) r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000340), r3) sendmsg$SMC_PNETID_GET(r3, &(0x7f00000014c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001480)={&(0x7f0000001400)={0x54, r4, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'netpci0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x20000800) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x4048043) umount2(&(0x7f0000000100)='./file0\x00', 0x8) 4.590266554s ago: executing program 2 (id=3476): r0 = socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) setgroups(0x0, 0x0) r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="4544f0fffcff30c00000ee00000000"], &(0x7f0000000280)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000bc0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000c00)={0x4, 0xb, 0x902c}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000009c0)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x7}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f000000c340)={0xa802100, 0x0, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1}, 0x58) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="180100002000010003000000fbdbdf25050117800c00030008ac0f0000000000140001000000000000000000000000000000000050bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c0800eb00", @ANYRES32=0x0, @ANYBLOB="040020"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) listen(0xffffffffffffffff, 0xff) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) r7 = dup(r6) write$uinput_user_dev(r7, &(0x7f00000004c0)={'syz0\x00', {0x87, 0x3, 0x1, 0x9}, 0x7, [0xc, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0xc1f, 0x1, 0x7f5b, 0x3, 0x6, 0x5, 0x10004, 0x2, 0x3, 0x0, 0x3, 0xe, 0x3, 0x0, 0x2, 0xd9, 0x2, 0x6, 0x0, 0x3, 0x9, 0xfff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x0, 0x9, 0xb, 0xcc, 0x4, 0x80, 0x401, 0x4, 0x5, 0xfffffffd, 0x8, 0xe, 0x3, 0xffff8001, 0x7, 0x3, 0x80000000, 0x1, 0xa, 0x8007, 0x8, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0x10000, 0x7, 0x9, 0x6, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x4, 0xcc, 0xbc1, 0x80004, 0x4000000, 0x5e81339d, 0xffffc256, 0xb, 0x80000001, 0x0, 0x0, 0x4, 0x4, 0x7, 0x8, 0x10d, 0x1, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x7, 0x2, 0x8000, 0x8000, 0x1, 0x9425, 0x4, 0x6f, 0x80b, 0x1, 0x3, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0xfffffffd, 0x100, 0x6, 0x10000, 0x1306, 0x8b, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x200, 0xfffffff9, 0x7aa, 0x10, 0x80, 0x8001, 0x5, 0x0, 0x9, 0x8, 0x7fffffff, 0x1, 0x1, 0x4, 0x8, 0xfffffff7, 0x7, 0x49, 0x6, 0x4, 0x5, 0xa3, 0x40003, 0x2, 0x0, 0x3, 0x4c, 0x3, 0x5, 0x4, 0xd21e, 0x9, 0x12, 0x0, 0x2, 0xfff, 0x926, 0x800100, 0x7c83, 0xd, 0x1, 0x4, 0xf, 0x81, 0x47, 0x8007, 0x0, 0x11, 0x2, 0xffd, 0x7, 0x7, 0x7ffd, 0x7ff, 0x10, 0x2, 0x10001, 0x8000001, 0x10001, 0x6, 0x71c], [0x81, 0x3, 0x10, 0x4e26, 0x5, 0x7, 0xfffffff3, 0x497, 0x4, 0x1, 0x3, 0x5, 0x56, 0xc28, 0x9, 0x5, 0x5, 0xa, 0x79a, 0x4, 0x9, 0x6, 0xc41f, 0x5, 0x8b6, 0xffffffff, 0x0, 0x0, 0x6a, 0x9, 0x0, 0x0, 0x1000, 0x10, 0xd, 0x6, 0x8000, 0x53, 0x78d, 0x4, 0x1, 0xffffb027, 0xfffffff8, 0x9, 0x7, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400400, 0x8, 0x0, 0x8, 0x7, 0x9, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000000314230c2dbd7000ffdbdf250900020073797a32000f00000800410072786500140033007767320000000000000000000000000066129cbdaaf92ea305126427a766b1c085924cd6ad57b03cfe9655f622d77d2aeea86454e08d702ca2d6392ca31ef21b722d78da5d90886bb0db32b0e33c89a5e901bb4e0379f25665d395238e6730ad37288567b268fe7f1586d588e526e7d727ec73b81279a75e879dd960e5107507609756ec582a8032a0ae41beb16ed972c66cc59029b79ace6666660cde28316ee23ff7ea64e39ae6d39b5f45f5ccf2adaffee80cc44776710ba5c2a2e806dcb0a1fd133d11902dea4f"], 0x38}, 0x1, 0x0, 0x0, 0x400c080}, 0x0) pipe(&(0x7f0000000080)) 4.589786212s ago: executing program 3 (id=3477): r0 = socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) setgroups(0x0, 0x0) r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="4544f0fffcff30c00000ee00000000"], 0x0, 0x6, 0x1e, &(0x7f0000000300)=""/30, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000bc0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000c00)={0x4, 0xb, 0x902c}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000009c0)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x7}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f000000c340)={0xa802100, 0x0, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1}, 0x58) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="180100002000010003000000fbdbdf25050117800c00030008ac0f0000000000140001000000000000000000000000000000000050bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c0800eb00", @ANYRES32=0x0, @ANYBLOB="040020"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) listen(0xffffffffffffffff, 0xff) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) r7 = dup(r6) write$uinput_user_dev(r7, &(0x7f00000004c0)={'syz0\x00', {0x87, 0x3, 0x1, 0x9}, 0x7, [0xc, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0xc1f, 0x1, 0x7f5b, 0x3, 0x6, 0x5, 0x10004, 0x2, 0x3, 0x0, 0x3, 0xe, 0x3, 0x0, 0x2, 0xd9, 0x2, 0x6, 0x0, 0x3, 0x9, 0xfff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x0, 0x9, 0xb, 0xcc, 0x4, 0x80, 0x401, 0x4, 0x5, 0xfffffffd, 0x8, 0xe, 0x3, 0xffff8001, 0x7, 0x3, 0x80000000, 0x1, 0xa, 0x8007, 0x8, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0x10000, 0x7, 0x9, 0x6, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x4, 0xcc, 0xbc1, 0x80004, 0x4000000, 0x5e81339d, 0xffffc256, 0xb, 0x80000001, 0x0, 0x0, 0x4, 0x4, 0x7, 0x8, 0x10d, 0x1, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x7, 0x2, 0x8000, 0x8000, 0x1, 0x9425, 0x4, 0x6f, 0x80b, 0x1, 0x3, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0xfffffffd, 0x100, 0x6, 0x10000, 0x1306, 0x8b, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x200, 0xfffffff9, 0x7aa, 0x10, 0x80, 0x8001, 0x5, 0x0, 0x9, 0x8, 0x7fffffff, 0x1, 0x1, 0x4, 0x8, 0xfffffff7, 0x7, 0x49, 0x6, 0x4, 0x5, 0xa3, 0x40003, 0x2, 0x0, 0x3, 0x4c, 0x3, 0x5, 0x4, 0xd21e, 0x9, 0x12, 0x0, 0x2, 0xfff, 0x926, 0x800100, 0x7c83, 0xd, 0x1, 0x4, 0xf, 0x81, 0x47, 0x8007, 0x0, 0x11, 0x2, 0xffd, 0x7, 0x7, 0x7ffd, 0x7ff, 0x10, 0x2, 0x10001, 0x8000001, 0x10001, 0x6, 0x71c], [0x81, 0x3, 0x10, 0x4e26, 0x5, 0x7, 0xfffffff3, 0x497, 0x4, 0x1, 0x3, 0x5, 0x56, 0xc28, 0x9, 0x5, 0x5, 0xa, 0x79a, 0x4, 0x9, 0x6, 0xc41f, 0x5, 0x8b6, 0xffffffff, 0x0, 0x0, 0x6a, 0x9, 0x0, 0x0, 0x1000, 0x10, 0xd, 0x6, 0x8000, 0x53, 0x78d, 0x4, 0x1, 0xffffb027, 0xfffffff8, 0x9, 0x7, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400400, 0x8, 0x0, 0x8, 0x7, 0x9, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000000314230c2dbd7000ffdbdf250900020073797a32000f00000800410072786500140033007767320000000000000000000000000066129cbdaaf92ea305126427a766b1c085924cd6ad57b03cfe9655f622d77d2aeea86454e08d702ca2d6392ca31ef21b722d78da5d90886bb0db32b0e33c89a5e901bb4e0379f25665d395238e6730ad37288567b268fe7f1586d588e526e7d727ec73b81279a75e879dd960e5107507609756ec582a8032a0ae41beb16ed972c66cc59029b79ace6666660cde28316ee23ff7ea64e39ae6d39b5f45f5ccf2adaffee80cc44776710ba5c2a2e806dcb0a1fd133d11902dea4f"], 0x38}, 0x1, 0x0, 0x0, 0x400c080}, 0x0) pipe(&(0x7f0000000080)) 3.647624868s ago: executing program 1 (id=3480): pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x6, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x3ff) sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c000000010605"], 0x2c}, 0x1, 0x0, 0x0, 0x40001d0}, 0x0) 3.591373764s ago: executing program 1 (id=3481): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r1 = syz_clone(0xa00, &(0x7f0000000100)="0840b649764939df3d56c43c934b10f3ef33d921b73365b91f4b66d31312bbcdfda4602480468bb71f9a3f74941e806e34e2c681131fe1b907bbb035dc48e7a040f4d5e973b821b87bc177a4dc79a606b18a9c21f4399f55bbb16cf5fd266afa42af085331c12f8d582027981a05901f3e63329dd01d0796065bb4a84c40", 0x7e, &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000180)="c72fbad231a8276420d383a9aac8f0a835c791cb2af1a209b813ae4cdbc9f1b1dc64987c363fa8e5db4c12d46847209956c15eedaa93c04e7936f89b4b515e8b4def7880f585a72eb7adb8b022d10bb67b839848fbebe241a971efdf6c0d2b5fc80cd81a7536adb2e6") timer_create(0x6, &(0x7f00000000c0)={0x0, 0x1c, 0x2, @tid=r1}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) fchown(r0, 0x0, 0x0) 3.232235259s ago: executing program 1 (id=3482): socket$phonet_pipe(0x23, 0x5, 0x2) socket$kcm(0x29, 0x5, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00') mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40046f41, &(0x7f0000000440)=0x1f) r4 = syz_io_uring_setup(0x10d, 0x0, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r7, &(0x7f0000000100)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x902}, 0xe) write$binfmt_script(r7, &(0x7f0000000200), 0xfffffdef) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x8, 0x0, r7, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0, 0x40010}) io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000280)='rxrpc_local\x00', r3, 0x0, 0x5}, 0xfffffe2e) kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x48000}], 0x320000) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_TXQLEN={0x8, 0xd, 0x7ee5}]}, 0x28}}, 0x0) 3.231723926s ago: executing program 0 (id=3484): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) io_uring_setup(0x734a, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0xfff7fffc}) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendto$unix(r2, &(0x7f0000000380)="674fe31d572036eecf17a205a9b8096fd48403c40e6a8ba895fe071e6e5bc8bd3670d9c3c18280e6a8073b573d7da9b548688516123cd20482194905d95359dae1eabeeff7307c3a29c46d169ef12e464d65e99544979088e1a18066e5e4af5d57943894bd9725d1275c3a180cb298b3a841264cfcedf51150e88c1f", 0x7c, 0x20000000, &(0x7f0000000400)=@file={0x0, './file2\x00'}, 0x6e) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0xff, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10) prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0) prctl$PR_SET_SECCOMP(0x4e, 0x2, 0x0) sendmmsg(r4, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r5 = openat$audio1(0xffffff9c, &(0x7f0000000540), 0x412000, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000580)=0x8fd2) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000080)='./file0\x00') mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480), 0x2000000, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 3.053017618s ago: executing program 2 (id=3485): socket$phonet_pipe(0x23, 0x5, 0x2) socket$kcm(0x29, 0x5, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00') mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40046f41, &(0x7f0000000440)=0x1f) r4 = syz_io_uring_setup(0x10d, 0x0, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r7, &(0x7f0000000100)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x902}, 0xe) write$binfmt_script(r7, &(0x7f0000000200), 0xfffffdef) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x8, 0x0, r7, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0, 0x40010}) io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000280)='rxrpc_local\x00', r3, 0x0, 0x5}, 0xfffffe2e) kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x48000}], 0x320000) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_TXQLEN={0x8, 0xd, 0x7ee5}]}, 0x28}}, 0x0) 2.581026375s ago: executing program 3 (id=3486): socket$phonet_pipe(0x23, 0x5, 0x2) socket$kcm(0x29, 0x5, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00') mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40046f41, 0x0) r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r7, &(0x7f0000000100)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x902}, 0xe) write$binfmt_script(r7, &(0x7f0000000200), 0xfffffdef) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x8, 0x0, r7, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0, 0x40010}) io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000280)='rxrpc_local\x00', r3, 0x0, 0x5}, 0xfffffe2e) kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x48000}], 0x320000) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_TXQLEN={0x8, 0xd, 0x7ee5}]}, 0x28}}, 0x0) 1.64418858s ago: executing program 0 (id=3487): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x541b, 0x0) 1.561235627s ago: executing program 3 (id=3488): socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) setgroups(0x0, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="4544f0fffcff30c00000ee000000"], &(0x7f0000000280)='GPL\x00', 0x6, 0x1e, &(0x7f0000000300)=""/30, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000bc0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000c00)={0x4, 0xb, 0x902c}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000009c0)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x7}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f000000c340)={0xa802100, 0x0, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1}, 0x58) 1.551765868s ago: executing program 0 (id=3489): syz_io_uring_setup(0x1593, &(0x7f0000000200)={0x0, 0x11b7, 0x40, 0x3, 0x6}, &(0x7f0000000400), &(0x7f0000002c00)) syz_clone(0x200000, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, 0x0, 0x40000) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) (fail_nth: 2) 1.325269635s ago: executing program 0 (id=3490): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000340)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b189a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0/file0/file0\x00', 0x0, 0x18e5811, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x84000, 0x0) 1.310321096s ago: executing program 0 (id=3498): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x541b, 0x0) 1.191960566s ago: executing program 1 (id=3491): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0xe, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup(r2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r1, &(0x7f0000000340)={@val={0x0, 0x6005}, @void, @eth={@empty, @remote, @val={@val={0x88a8, 0x0, 0x0, 0x3}, {0x88a8, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x26, 0x14, 0x66, 0x0, 0x9, 0x32, 0x0, @private=0xa010101, @rand_addr=0x64010102}}}}}}, 0x2e) r4 = add_key(&(0x7f0000000080)='rxrpc\x00', &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) connect$unix(r5, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r6, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="300000000114000827bd7000fddbdfc6711ff642f1c5cf08000100020000000800010001000000080001000200000000"], 0x30}, 0x1, 0x0, 0x0, 0x4000801}, 0x40) r7 = syz_io_uring_setup(0x497, &(0x7f0000000000)={0x0, 0x849e, 0x80, 0x3, 0x37d}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x2000, 0x0}) io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0) r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') mount$bpf(0x0, &(0x7f0000000ac0)='.\x00', &(0x7f0000000b00), 0x400008, &(0x7f0000000080)={[{@gid={'gid', 0x3d, 0xee00}}]}) lseek(r10, 0x10001, 0x0) close(0x3) dup(0xffffffffffffffff) sigaltstack(&(0x7f0000000100)={&(0x7f0000001940)=""/4096, 0x0, 0x1000}, 0x0) keyctl$read(0xb, r4, 0x0, 0x0) r11 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000001680), r0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1000000, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000b, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mlock2(&(0x7f0000341000/0x3000)=nil, 0x3000, 0x1) sendmsg$NLBL_CIPSOV4_C_LIST(r0, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000016c0)={0x1c, r11, 0x3, 0x70bd26, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x48040) 1.040277818s ago: executing program 2 (id=3492): syz_io_uring_setup(0x1593, &(0x7f0000000200)={0x0, 0x11b7, 0x40, 0x3, 0x2fb}, &(0x7f0000000000), &(0x7f0000002c00)) syz_clone(0x200000, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, 0x0, 0x40000) epoll_create1(0x1eee7f9adb27f006) socket$inet_mptcp(0x2, 0x1, 0x106) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) 940.447455ms ago: executing program 2 (id=3493): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x30, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x46) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000080)={0x43, 0x3, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r3, 0x10f, 0x88) write$qrtrtun(r0, &(0x7f0000000340)="66bb0b760dc0f4ff", 0x8) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40) 940.17307ms ago: executing program 0 (id=3494): socket$phonet_pipe(0x23, 0x5, 0x2) socket$kcm(0x29, 0x5, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00') mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40046f41, &(0x7f0000000440)=0x1f) r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140), 0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r6, &(0x7f0000000100)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x902}, 0xe) write$binfmt_script(r6, &(0x7f0000000200), 0xfffffdef) syz_io_uring_submit(0x0, r5, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x8, 0x0, r6, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0, 0x40010}) io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000280)='rxrpc_local\x00', r3, 0x0, 0x5}, 0xfffffe2e) kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x48000}], 0x320000) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_TXQLEN={0x8, 0xd, 0x7ee5}]}, 0x28}}, 0x0) 835.199786ms ago: executing program 32 (id=3494): socket$phonet_pipe(0x23, 0x5, 0x2) socket$kcm(0x29, 0x5, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00') mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40046f41, &(0x7f0000000440)=0x1f) r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140), 0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r6, &(0x7f0000000100)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x902}, 0xe) write$binfmt_script(r6, &(0x7f0000000200), 0xfffffdef) syz_io_uring_submit(0x0, r5, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x8, 0x0, r6, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0, 0x40010}) io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000280)='rxrpc_local\x00', r3, 0x0, 0x5}, 0xfffffe2e) kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x48000}], 0x320000) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_TXQLEN={0x8, 0xd, 0x7ee5}]}, 0x28}}, 0x0) 783.505364ms ago: executing program 2 (id=3496): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x47f, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x29}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) 614.759242ms ago: executing program 1 (id=3497): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000340)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b189a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0/file0/file0\x00', 0x0, 0x18e5811, 0x0) (fail_nth: 2) mount$bind(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x84000, 0x0) 479.648298ms ago: executing program 1 (id=3499): r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000300)='source', &(0x7f0000000180)='%\xde({^\xfa@:', 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="11000000040000000400000002"], 0x48) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000080)={r2, 0x58, &(0x7f00000003c0)}, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c00007d93649ce3f78af9354855eccc629bbd572b45", @ANYRES16=r3, @ANYBLOB="110c2dbd7000fedbdf256800000008000300", @ANYRES32=r4, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) io_setup(0x4, &(0x7f0000000040)=0x0) r6 = eventfd(0x0) io_submit(r5, 0x2, &(0x7f0000000140)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xc3, r6, 0x0, 0x0, 0x36}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0x7, r6, 0x0, 0x0, 0x0, 0x0, 0x2, r6}]) r7 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) r8 = fsmount(r7, 0x1, 0x1) fchdir(r8) ioctl$TCSETS(r8, 0x5402, &(0x7f00000002c0)={0x10000, 0x9, 0x1, 0x7, 0x6, "93af550896ee3ffb1abdfed297b3122ee4f929"}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) faccessat2(0xffffffffffffff9c, 0x0, 0x5f, 0x1100) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r9, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4) connect$inet6(r9, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r9, &(0x7f0000000480)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2", 0x6b, 0x840, 0x0, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) r11 = dup3(r9, r10, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r10, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r11, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001380)=0x40) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) 0s ago: executing program 3 (id=3500): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x0, 0x20000000) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_QUEUE_NUM={0x6}, @NFTA_QUEUE_SREG_QNUM={0x8, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="640000000206010200000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a32000000000500040000000000140007800800124000000000050015002200000005000500020000000500010006"], 0x64}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000001c0)={0x28, 0x3, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4048880}, 0x10) openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)={0x40040, 0xd2, 0xf}, 0xffffffffffffffe6) inotify_init() bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000016000000b50e00007f00000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000020000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/28], 0x50) kernel console output (not intermixed with test programs): 9.187312][T19065] inet_sendmsg+0xb9/0x140 [ 899.187331][T19065] __sys_sendto+0x43c/0x520 [ 899.187352][T19065] ? __pfx___sys_sendto+0x10/0x10 [ 899.187390][T19065] ? ksys_write+0x1ac/0x250 [ 899.187413][T19065] ? __pfx_ksys_write+0x10/0x10 [ 899.187439][T19065] __ia32_sys_sendto+0xdd/0x1b0 [ 899.187457][T19065] ? __do_fast_syscall_32+0x9a/0x680 [ 899.187482][T19065] ? lockdep_hardirqs_on+0x7c/0x110 [ 899.187506][T19065] __do_fast_syscall_32+0xe8/0x680 [ 899.187533][T19065] do_fast_syscall_32+0x32/0x80 [ 899.187558][T19065] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 899.187579][T19065] RIP: 0023:0xf700d579 [ 899.187593][T19065] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 899.187610][T19065] RSP: 002b:00000000f53bb55c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 899.187627][T19065] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000040 [ 899.187638][T19065] RDX: 00000000ffffffe4 RSI: 0000000000000015 RDI: 0000000000000000 [ 899.187647][T19065] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 899.187663][T19065] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 899.187674][T19065] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 899.187726][T19065] [ 899.223986][T15763] usb 5-1: USB disconnect, device number 12 [ 899.328183][T19057] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 899.331486][T19057] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 899.333733][T19057] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 899.337240][T19057] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 899.447739][T15763] yurex 5-1:64.0: USB YUREX #0 now disconnected [ 900.395194][T19084] FAULT_INJECTION: forcing a failure. [ 900.395194][T19084] name failslab, interval 1, probability 0, space 0, times 0 [ 900.405923][T19084] CPU: 0 UID: 0 PID: 19084 Comm: syz.1.3149 Not tainted syzkaller #0 PREEMPT(full) [ 900.405953][T19084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 900.405962][T19084] Call Trace: [ 900.405968][T19084] [ 900.405974][T19084] dump_stack_lvl+0x16c/0x1f0 [ 900.405994][T19084] should_fail_ex+0x512/0x640 [ 900.406008][T19084] ? fs_reclaim_acquire+0xae/0x150 [ 900.406027][T19084] should_failslab+0xc2/0x120 [ 900.406045][T19084] __kmalloc_noprof+0xeb/0x910 [ 900.406058][T19084] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 900.406077][T19084] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 900.406092][T19084] tomoyo_realpath_from_path+0xc2/0x6e0 [ 900.406109][T19084] ? tomoyo_profile+0x47/0x60 [ 900.406127][T19084] tomoyo_path_number_perm+0x245/0x580 [ 900.406139][T19084] ? tomoyo_path_number_perm+0x237/0x580 [ 900.406158][T19084] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 900.406200][T19084] ? find_held_lock+0x2b/0x80 [ 900.406222][T19084] ? hook_file_ioctl_common+0x144/0x410 [ 900.406250][T19084] ? __fget_files+0x20e/0x3c0 [ 900.406271][T19084] ? fput+0x70/0xf0 [ 900.406291][T19084] security_file_ioctl_compat+0x9b/0x240 [ 900.406314][T19084] __ia32_compat_sys_ioctl+0xc3/0x370 [ 900.406340][T19084] __do_fast_syscall_32+0xe8/0x680 [ 900.406368][T19084] do_fast_syscall_32+0x32/0x80 [ 900.406395][T19084] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 900.406418][T19084] RIP: 0023:0xf700d579 [ 900.406432][T19084] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 900.406449][T19084] RSP: 002b:00000000f53bb55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 900.406466][T19084] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c0045005 [ 900.406477][T19084] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 900.406487][T19084] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 900.406497][T19084] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 900.406506][T19084] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 900.406528][T19084] [ 900.407493][T19084] ERROR: Out of memory at tomoyo_realpath_from_path. [ 900.480381][T19088] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3151'. [ 900.501599][T19088] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3151'. [ 900.680166][T19089] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 900.682449][T19089] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 900.704095][T19089] vhci_hcd vhci_hcd.0: Device attached [ 900.784464][T19089] rdma_rxe: rxe_newlink: failed to add wg2 [ 900.980280][ T24] usb 42-1: SetAddress Request (106) to port 0 [ 900.982652][ T24] usb 42-1: new SuperSpeed USB device number 106 using vhci_hcd [ 901.163055][T19092] vhci_hcd: connection reset by peer [ 901.168961][T18315] vhci_hcd vhci_hcd.2: stop threads [ 901.172787][T18315] vhci_hcd vhci_hcd.2: release socket [ 901.175229][T18315] vhci_hcd vhci_hcd.2: disconnect device [ 901.339952][ T5947] Bluetooth: hci3: command 0x0c1a tx timeout [ 901.342498][ T5947] Bluetooth: hci0: command 0x040f tx timeout [ 901.344696][ T5947] Bluetooth: hci4: command 0x040f tx timeout [ 901.346991][T16703] Bluetooth: hci1: command 0x0c1a tx timeout [ 901.841911][T19105] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 901.844467][T19105] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 901.848459][T19105] vhci_hcd vhci_hcd.0: Device attached [ 902.139998][ T6034] usb 44-1: SetAddress Request (86) to port 0 [ 902.140055][ T6034] usb 44-1: new SuperSpeed USB device number 86 using vhci_hcd [ 902.241689][T19105] rdma_rxe: rxe_newlink: failed to add wg2 [ 902.680734][T19116] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 902.943112][T19106] vhci_hcd: connection reset by peer [ 902.950870][T18315] vhci_hcd vhci_hcd.3: stop threads [ 902.955037][T18315] vhci_hcd vhci_hcd.3: release socket [ 902.960235][T18315] vhci_hcd vhci_hcd.3: disconnect device [ 904.032176][T19118] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3157'. [ 904.295178][T19128] input: syz1 as /devices/virtual/input/input83 [ 904.336453][T19128] FAULT_INJECTION: forcing a failure. [ 904.336453][T19128] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 904.341367][T19128] CPU: 3 UID: 0 PID: 19128 Comm: syz.3.3161 Not tainted syzkaller #0 PREEMPT(full) [ 904.341389][T19128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 904.341398][T19128] Call Trace: [ 904.341404][T19128] [ 904.341410][T19128] dump_stack_lvl+0x16c/0x1f0 [ 904.341438][T19128] should_fail_ex+0x512/0x640 [ 904.341458][T19128] _copy_from_user+0x2e/0xd0 [ 904.341475][T19128] input_event_from_user+0x137/0x290 [ 904.341497][T19128] ? __pfx_input_event_from_user+0x10/0x10 [ 904.341524][T19128] uinput_write+0xbe7/0xff0 [ 904.341542][T19128] ? __pfx_uinput_write+0x10/0x10 [ 904.341558][T19128] ? bpf_lsm_file_permission+0x9/0x10 [ 904.341577][T19128] ? security_file_permission+0x71/0x210 [ 904.341597][T19128] ? rw_verify_area+0xcf/0x6c0 [ 904.341618][T19128] ? __pfx_uinput_write+0x10/0x10 [ 904.341630][T19128] vfs_write+0x2a0/0x11d0 [ 904.341664][T19128] ? __pfx_vfs_write+0x10/0x10 [ 904.341684][T19128] ? find_held_lock+0x2b/0x80 [ 904.341705][T19128] ? __fget_files+0x204/0x3c0 [ 904.341730][T19128] ? __fget_files+0x20e/0x3c0 [ 904.341758][T19128] ksys_write+0x1f8/0x250 [ 904.341778][T19128] ? __pfx_ksys_write+0x10/0x10 [ 904.341800][T19128] ? do_user_addr_fault+0x843/0x1370 [ 904.341824][T19128] __do_fast_syscall_32+0xe8/0x680 [ 904.341851][T19128] do_fast_syscall_32+0x32/0x80 [ 904.341874][T19128] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 904.341893][T19128] RIP: 0023:0xf703d579 [ 904.341906][T19128] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 904.341921][T19128] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 904.341937][T19128] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240 [ 904.341947][T19128] RDX: 000000000000045c RSI: 0000000000000000 RDI: 0000000000000000 [ 904.341956][T19128] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 904.341966][T19128] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 904.341974][T19128] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 904.341995][T19128] [ 904.544422][T19136] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3162'. [ 904.549348][T19136] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3162'. [ 904.804878][T19130] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 904.814717][T19130] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 904.825173][T19130] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 904.835307][T19130] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 905.062734][T19145] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 905.064883][T19145] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 905.070801][T19145] vhci_hcd vhci_hcd.0: Device attached [ 905.101414][T19145] syz2: rxe_newlink: already configured on wg2 [ 905.350878][ T6012] usb 40-1: SetAddress Request (78) to port 0 [ 905.355949][ T6012] usb 40-1: new SuperSpeed USB device number 78 using vhci_hcd [ 905.526280][T19147] vhci_hcd: connection reset by peer [ 905.529659][ T4950] vhci_hcd vhci_hcd.1: stop threads [ 905.532647][ T4950] vhci_hcd vhci_hcd.1: release socket [ 905.535574][ T4950] vhci_hcd vhci_hcd.1: disconnect device [ 905.638391][T19150] FAULT_INJECTION: forcing a failure. [ 905.638391][T19150] name failslab, interval 1, probability 0, space 0, times 0 [ 905.644491][T19150] CPU: 3 UID: 0 PID: 19150 Comm: syz.3.3166 Not tainted syzkaller #0 PREEMPT(full) [ 905.644512][T19150] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 905.644520][T19150] Call Trace: [ 905.644524][T19150] [ 905.644529][T19150] dump_stack_lvl+0x16c/0x1f0 [ 905.644568][T19150] should_fail_ex+0x512/0x640 [ 905.644584][T19150] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 905.644602][T19150] should_failslab+0xc2/0x120 [ 905.644620][T19150] kmem_cache_alloc_node_noprof+0x86/0x800 [ 905.644635][T19150] ? __alloc_skb+0x156/0x410 [ 905.644650][T19150] ? __pfx_tcp_current_mss+0x10/0x10 [ 905.644669][T19150] ? __alloc_skb+0x156/0x410 [ 905.644680][T19150] __alloc_skb+0x156/0x410 [ 905.644692][T19150] ? __pfx___alloc_skb+0x10/0x10 [ 905.644705][T19150] ? _parse_integer_limit+0x17f/0x1d0 [ 905.644726][T19150] tcp_stream_alloc_skb+0x34/0x670 [ 905.644740][T19150] tcp_sendmsg_locked+0x12de/0x42a0 [ 905.644825][T19150] ? __lock_acquire+0x436/0x2890 [ 905.644857][T19150] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 905.644874][T19150] ? do_raw_spin_lock+0x12c/0x2b0 [ 905.644887][T19150] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 905.644904][T19150] ? __local_bh_enable_ip+0xa4/0x120 [ 905.644924][T19150] tcp_sendmsg+0x2e/0x50 [ 905.644935][T19150] ? __pfx_tcp_sendmsg+0x10/0x10 [ 905.644948][T19150] inet_sendmsg+0xb9/0x140 [ 905.644962][T19150] __sys_sendto+0x43c/0x520 [ 905.644976][T19150] ? __pfx___sys_sendto+0x10/0x10 [ 905.645000][T19150] ? ksys_write+0x1ac/0x250 [ 905.645017][T19150] ? __pfx_ksys_write+0x10/0x10 [ 905.645034][T19150] __ia32_sys_sendto+0xdd/0x1b0 [ 905.645047][T19150] ? __do_fast_syscall_32+0x9a/0x680 [ 905.645066][T19150] ? lockdep_hardirqs_on+0x7c/0x110 [ 905.645082][T19150] __do_fast_syscall_32+0xe8/0x680 [ 905.645101][T19150] do_fast_syscall_32+0x32/0x80 [ 905.645119][T19150] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 905.645134][T19150] RIP: 0023:0xf703d579 [ 905.645143][T19150] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 905.645154][T19150] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 905.645165][T19150] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 905.645172][T19150] RDX: 00000000ffffff94 RSI: 0000000000000000 RDI: 0000000000000000 [ 905.645205][T19150] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 905.645212][T19150] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 905.645218][T19150] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 905.645233][T19150] [ 905.804981][ T64] Bluetooth: hci4: unexpected event for opcode 0x6b1b [ 906.061017][ T24] usb 42-1: device descriptor read/8, error -110 [ 906.474091][ T24] usb usb42-port1: attempt power cycle [ 906.861489][ T64] Bluetooth: hci1: command 0x0c1a tx timeout [ 906.861626][ T5947] Bluetooth: hci0: command 0x040f tx timeout [ 906.867690][T16703] Bluetooth: hci3: command 0x0c1a tx timeout [ 907.032632][ T24] usb usb42-port1: unable to enumerate USB device [ 907.131516][T19185] netlink: 164 bytes leftover after parsing attributes in process `syz.2.3174'. [ 907.139118][T19185] FAULT_INJECTION: forcing a failure. [ 907.139118][T19185] name failslab, interval 1, probability 0, space 0, times 0 [ 907.151793][T19185] CPU: 0 UID: 0 PID: 19185 Comm: syz.2.3174 Not tainted syzkaller #0 PREEMPT(full) [ 907.151812][T19185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 907.151820][T19185] Call Trace: [ 907.151826][T19185] [ 907.151832][T19185] dump_stack_lvl+0x16c/0x1f0 [ 907.151853][T19185] should_fail_ex+0x512/0x640 [ 907.151868][T19185] ? fs_reclaim_acquire+0xae/0x150 [ 907.151887][T19185] should_failslab+0xc2/0x120 [ 907.151905][T19185] __kmalloc_noprof+0xeb/0x910 [ 907.151918][T19185] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 907.151936][T19185] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 907.151951][T19185] tomoyo_realpath_from_path+0xc2/0x6e0 [ 907.151968][T19185] ? tomoyo_profile+0x47/0x60 [ 907.151986][T19185] tomoyo_path_number_perm+0x245/0x580 [ 907.151998][T19185] ? tomoyo_path_number_perm+0x237/0x580 [ 907.152012][T19185] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 907.152039][T19185] ? find_held_lock+0x2b/0x80 [ 907.152054][T19185] ? hook_file_ioctl_common+0x144/0x410 [ 907.152070][T19185] ? __fget_files+0x20e/0x3c0 [ 907.152085][T19185] ? fput+0x70/0xf0 [ 907.152098][T19185] security_file_ioctl_compat+0x9b/0x240 [ 907.152113][T19185] __ia32_compat_sys_ioctl+0xc3/0x370 [ 907.152129][T19185] __do_fast_syscall_32+0xe8/0x680 [ 907.152148][T19185] do_fast_syscall_32+0x32/0x80 [ 907.152166][T19185] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 907.152180][T19185] RIP: 0023:0xf7f62579 [ 907.152189][T19185] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 907.152201][T19185] RSP: 002b:00000000f541455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 907.152212][T19185] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c0045005 [ 907.152219][T19185] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 907.152225][T19185] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 907.152231][T19185] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 907.152238][T19185] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 907.152252][T19185] [ 907.152257][T19185] ERROR: Out of memory at tomoyo_realpath_from_path. [ 907.211420][ T6034] usb 44-1: device descriptor read/8, error -110 [ 907.388180][ T40] audit: type=1326 audit(1767231931.136:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19192 comm="syz.1.3178" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf700d598 code=0x7ffc0000 [ 907.419203][ T40] audit: type=1326 audit(1767231931.136:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19192 comm="syz.1.3178" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf700d598 code=0x7ffc0000 [ 907.431734][ T40] audit: type=1326 audit(1767231931.136:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19192 comm="syz.1.3178" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf700d598 code=0x7ffc0000 [ 907.451427][ T40] audit: type=1326 audit(1767231931.136:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19192 comm="syz.1.3178" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf700d598 code=0x7ffc0000 [ 907.460219][ T40] audit: type=1326 audit(1767231931.136:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19192 comm="syz.1.3178" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf700d598 code=0x7ffc0000 [ 907.469738][ T40] audit: type=1326 audit(1767231931.136:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19192 comm="syz.1.3178" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf700d598 code=0x7ffc0000 [ 907.480198][ T40] audit: type=1326 audit(1767231931.136:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19192 comm="syz.1.3178" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf700d598 code=0x7ffc0000 [ 907.489236][ T40] audit: type=1326 audit(1767231931.136:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19192 comm="syz.1.3178" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf700d598 code=0x7ffc0000 [ 907.498051][ T40] audit: type=1326 audit(1767231931.136:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19192 comm="syz.1.3178" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf700d598 code=0x7ffc0000 [ 907.507481][ T40] audit: type=1326 audit(1767231931.136:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19192 comm="syz.1.3178" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf700d598 code=0x7ffc0000 [ 907.632187][ T6034] usb usb44-port1: attempt power cycle [ 907.760727][T19198] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 907.763223][T19198] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 907.801016][T19198] vhci_hcd vhci_hcd.0: Device attached [ 907.941169][T19198] rdma_rxe: rxe_newlink: failed to add wg2 [ 908.061602][T18270] usb 38-1: SetAddress Request (84) to port 0 [ 908.064591][T18270] usb 38-1: new SuperSpeed USB device number 84 using vhci_hcd [ 908.097371][T19214] FAULT_INJECTION: forcing a failure. [ 908.097371][T19214] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 908.119676][T19214] CPU: 3 UID: 0 PID: 19214 Comm: syz.2.3182 Not tainted syzkaller #0 PREEMPT(full) [ 908.119694][T19214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 908.119701][T19214] Call Trace: [ 908.119717][T19214] [ 908.119723][T19214] dump_stack_lvl+0x16c/0x1f0 [ 908.119745][T19214] should_fail_ex+0x512/0x640 [ 908.119760][T19214] _copy_from_user+0x2e/0xd0 [ 908.119774][T19214] get_compat_msghdr+0xa7/0x170 [ 908.119789][T19214] ? __pfx_get_compat_msghdr+0x10/0x10 [ 908.119808][T19214] ___sys_sendmsg+0x1ae/0x1d0 [ 908.119824][T19214] ? __pfx____sys_sendmsg+0x10/0x10 [ 908.119844][T19214] ? find_held_lock+0x2b/0x80 [ 908.119872][T19214] __sys_sendmsg+0x16d/0x220 [ 908.119887][T19214] ? __pfx___sys_sendmsg+0x10/0x10 [ 908.119906][T19214] ? do_user_addr_fault+0x843/0x1370 [ 908.119923][T19214] __do_fast_syscall_32+0xe8/0x680 [ 908.119942][T19214] do_fast_syscall_32+0x32/0x80 [ 908.119959][T19214] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 908.119973][T19214] RIP: 0023:0xf7f62579 [ 908.119983][T19214] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 908.119994][T19214] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 908.120005][T19214] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 908.120012][T19214] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 908.120018][T19214] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 908.120024][T19214] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 908.120031][T19214] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 908.120045][T19214] [ 908.202121][ T6034] usb usb44-port1: unable to enumerate USB device [ 908.354568][T19199] vhci_hcd: connection reset by peer [ 908.356953][T18411] vhci_hcd vhci_hcd.0: stop threads [ 908.359301][T18411] vhci_hcd vhci_hcd.0: release socket [ 908.371968][T18411] vhci_hcd vhci_hcd.0: disconnect device [ 909.159254][T19227] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 909.161919][T19227] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 909.164359][T19227] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 909.166908][T19227] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 909.362703][T19238] FAULT_INJECTION: forcing a failure. [ 909.362703][T19238] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 909.368301][T19238] CPU: 2 UID: 0 PID: 19238 Comm: syz.3.3189 Not tainted syzkaller #0 PREEMPT(full) [ 909.368327][T19238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 909.368340][T19238] Call Trace: [ 909.368346][T19238] [ 909.368354][T19238] dump_stack_lvl+0x16c/0x1f0 [ 909.368386][T19238] should_fail_ex+0x512/0x640 [ 909.368410][T19238] _copy_from_user+0x2e/0xd0 [ 909.368432][T19238] get_compat_msghdr+0xa7/0x170 [ 909.368455][T19238] ? __pfx_get_compat_msghdr+0x10/0x10 [ 909.368486][T19238] ___sys_sendmsg+0x1ae/0x1d0 [ 909.368512][T19238] ? __pfx____sys_sendmsg+0x10/0x10 [ 909.368546][T19238] ? find_held_lock+0x2b/0x80 [ 909.368584][T19238] __sys_sendmsg+0x16d/0x220 [ 909.368606][T19238] ? __pfx___sys_sendmsg+0x10/0x10 [ 909.368639][T19238] ? do_user_addr_fault+0x843/0x1370 [ 909.368675][T19238] __do_fast_syscall_32+0xe8/0x680 [ 909.368712][T19238] do_fast_syscall_32+0x32/0x80 [ 909.368794][T19238] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 909.368820][T19238] RIP: 0023:0xf703d579 [ 909.368836][T19238] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 909.368861][T19238] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 909.368880][T19238] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 909.368892][T19238] RDX: 00000000240008c4 RSI: 0000000000000000 RDI: 0000000000000000 [ 909.368903][T19238] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 909.368917][T19238] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 909.368928][T19238] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 909.368952][T19238] [ 910.306315][T19261] overlayfs: missing 'lowerdir' [ 910.329031][T19261] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 910.392420][ T6012] usb 40-1: device descriptor read/8, error -110 [ 910.784968][ T6012] usb usb40-port1: attempt power cycle [ 910.810327][T19271] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3199'. [ 910.818694][T19271] bridge0: port 2(bridge_slave_1) entered disabled state [ 910.821667][T19271] bridge0: port 1(bridge_slave_0) entered disabled state [ 911.030192][T16703] Bluetooth: hci4: command 0x040f tx timeout [ 911.184850][T16703] Bluetooth: hci1: command 0x0c1a tx timeout [ 911.184905][ T5947] Bluetooth: hci3: command 0x0c1a tx timeout [ 911.184983][ T64] Bluetooth: hci0: command 0x040f tx timeout [ 911.353866][ T6012] usb usb40-port1: unable to enumerate USB device [ 911.812012][T19284] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 911.814373][T19284] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 911.828170][T19284] vhci_hcd vhci_hcd.0: Device attached [ 911.927166][T19284] rdma_rxe: rxe_newlink: failed to add wg2 [ 911.967895][T19293] device ioctl magic numbers don't match! Did you rebuild pvfs2-client-core/libpvfs2? [cmd c0189375, magic 93 != 6b] [ 912.092272][T19285] vhci_hcd: connection closed [ 912.092784][ T1244] vhci_hcd vhci_hcd.3: stop threads [ 912.096341][ T1244] vhci_hcd vhci_hcd.3: release socket [ 912.098535][ T1244] vhci_hcd vhci_hcd.3: disconnect device [ 912.132718][ T6033] usb 44-1: enqueue for inactive port 0 [ 912.218858][T19305] FAULT_INJECTION: forcing a failure. [ 912.218858][T19305] name failslab, interval 1, probability 0, space 0, times 0 [ 912.224377][T19305] CPU: 0 UID: 0 PID: 19305 Comm: syz.2.3208 Not tainted syzkaller #0 PREEMPT(full) [ 912.224400][T19305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 912.224411][T19305] Call Trace: [ 912.224418][T19305] [ 912.224424][T19305] dump_stack_lvl+0x16c/0x1f0 [ 912.224606][T19305] should_fail_ex+0x512/0x640 [ 912.224629][T19305] ? fs_reclaim_acquire+0xae/0x150 [ 912.224711][T19305] should_failslab+0xc2/0x120 [ 912.224739][T19305] __kmalloc_noprof+0xeb/0x910 [ 912.224760][T19305] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 912.224789][T19305] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 912.224811][T19305] tomoyo_realpath_from_path+0xc2/0x6e0 [ 912.224837][T19305] ? tomoyo_profile+0x47/0x60 [ 912.224874][T19305] tomoyo_path_number_perm+0x245/0x580 [ 912.224893][T19305] ? tomoyo_path_number_perm+0x237/0x580 [ 912.225141][T19305] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 912.225185][T19305] ? find_held_lock+0x2b/0x80 [ 912.225209][T19305] ? hook_file_ioctl_common+0x144/0x410 [ 912.225235][T19305] ? __fget_files+0x20e/0x3c0 [ 912.225259][T19305] ? fput+0x70/0xf0 [ 912.225279][T19305] security_file_ioctl_compat+0x9b/0x240 [ 912.225303][T19305] __ia32_compat_sys_ioctl+0xc3/0x370 [ 912.225328][T19305] __do_fast_syscall_32+0xe8/0x680 [ 912.225362][T19305] do_fast_syscall_32+0x32/0x80 [ 912.225389][T19305] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 912.225442][T19305] RIP: 0023:0xf7f62579 [ 912.225458][T19305] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 912.225474][T19305] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 912.225497][T19305] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0306201 [ 912.225571][T19305] RDX: 0000000080000c80 RSI: 0000000000000000 RDI: 0000000000000000 [ 912.225582][T19305] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 912.225592][T19305] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 912.225602][T19305] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 912.225626][T19305] [ 912.226144][T19305] ERROR: Out of memory at tomoyo_realpath_from_path. [ 912.752930][ T6033] usb usb44-port1: attempt power cycle [ 912.839533][T19293] overlayfs: statfs failed on './file0' [ 913.112938][T18270] usb 38-1: device descriptor read/8, error -110 [ 913.324589][ T6033] usb usb44-port1: unable to enumerate USB device [ 913.481843][T19333] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3214'. [ 913.484466][T19322] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 913.488937][T19322] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 913.492440][T19322] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 913.495739][T19322] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 913.496510][T19333] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3214'. [ 913.513642][T19334] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3222'. [ 913.518213][T18270] usb usb38-port1: attempt power cycle [ 913.518279][T19334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3222'. [ 914.085157][T18270] usb usb38-port1: unable to enumerate USB device [ 914.869293][T19351] FAULT_INJECTION: forcing a failure. [ 914.869293][T19351] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 914.878505][T19351] CPU: 2 UID: 0 PID: 19351 Comm: syz.3.3217 Not tainted syzkaller #0 PREEMPT(full) [ 914.878523][T19351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 914.878530][T19351] Call Trace: [ 914.878537][T19351] [ 914.878542][T19351] dump_stack_lvl+0x16c/0x1f0 [ 914.878565][T19351] should_fail_ex+0x512/0x640 [ 914.878581][T19351] _copy_from_user+0x2e/0xd0 [ 914.878653][T19351] get_compat_msghdr+0xa7/0x170 [ 914.878998][T19351] ? __pfx_get_compat_msghdr+0x10/0x10 [ 914.879025][T19351] ___sys_sendmsg+0x1ae/0x1d0 [ 914.879043][T19351] ? __pfx____sys_sendmsg+0x10/0x10 [ 914.879066][T19351] ? find_held_lock+0x2b/0x80 [ 914.879089][T19351] __sys_sendmsg+0x16d/0x220 [ 914.879104][T19351] ? __pfx___sys_sendmsg+0x10/0x10 [ 914.879126][T19351] __do_fast_syscall_32+0xe8/0x680 [ 914.879146][T19351] do_fast_syscall_32+0x32/0x80 [ 914.879163][T19351] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 914.879178][T19351] RIP: 0023:0xf703d579 [ 914.879188][T19351] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 914.879199][T19351] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 914.879211][T19351] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000480 [ 914.879218][T19351] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 914.879225][T19351] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 914.879231][T19351] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 914.879238][T19351] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 914.879253][T19351] [ 915.192690][T19355] can: request_module (can-proto-3) failed. [ 915.283797][T19361] overlayfs: missing 'lowerdir' [ 915.290024][T19361] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 915.503813][ T5947] Bluetooth: hci4: command 0x040f tx timeout [ 915.505982][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout [ 915.508077][T16703] Bluetooth: hci3: command 0x0c1a tx timeout [ 915.510199][T16703] Bluetooth: hci0: command 0x040f tx timeout [ 916.510118][T19379] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 916.513537][T19379] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 916.517541][T19379] vhci_hcd vhci_hcd.0: Device attached [ 916.554353][T19382] 9pnet_virtio: no channels available for device syz [ 916.586835][T19382] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 916.587011][T19382] overlayfs: overlapping lowerdir path [ 916.784512][ T6034] usb 44-1: SetAddress Request (94) to port 0 [ 916.784557][ T6034] usb 44-1: new SuperSpeed USB device number 94 using vhci_hcd [ 917.498070][T19379] rdma_rxe: rxe_newlink: failed to add wg2 [ 917.520597][T19387] binder: 19386:19387 unknown command 2147486080 [ 917.522910][T19387] binder: 19386:19387 ioctl c0306201 800003c0 returned -22 [ 917.595049][ T64] Bluetooth: hci1: command 0x0c1a tx timeout [ 917.650891][T19380] vhci_hcd: connection reset by peer [ 917.656790][ T8754] vhci_hcd vhci_hcd.3: stop threads [ 917.658958][ T8754] vhci_hcd vhci_hcd.3: release socket [ 917.665859][ T8754] vhci_hcd vhci_hcd.3: disconnect device [ 917.852225][T19395] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3227'. [ 917.856738][T19395] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3227'. [ 919.078682][T19424] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 921.117067][T19450] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3239'. [ 921.121711][T19450] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3239'. [ 921.385810][T19457] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 921.835905][T19425] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 921.905491][ T64] Bluetooth: hci4: command 0x040f tx timeout [ 922.186077][T19425] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 922.188640][T19425] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 922.190914][T19425] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 922.200265][ T6034] usb 44-1: device descriptor read/8, error -110 [ 922.613240][T19465] 9pnet_virtio: no channels available for device syz [ 922.620588][T19465] overlayfs: missing 'lowerdir' [ 922.698960][T19466] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 922.702712][T19466] overlayfs: overlapping lowerdir path [ 923.106066][ T6034] usb usb44-port1: attempt power cycle [ 923.686653][ T6034] usb usb44-port1: unable to enumerate USB device [ 923.995977][ T64] Bluetooth: hci0: command 0x040f tx timeout [ 924.235960][ T64] Bluetooth: hci1: command 0x0c1a tx timeout [ 924.236082][ T5947] Bluetooth: hci3: command 0x0c1a tx timeout [ 924.290412][T19482] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3244'. [ 924.548177][T19463] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 924.550423][T19463] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 924.553255][T19463] vhci_hcd vhci_hcd.0: Device attached [ 924.646270][T19493] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 924.648779][T19493] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 924.669744][T19463] rdma_rxe: rxe_newlink: failed to add wg2 [ 924.672284][T19493] vhci_hcd vhci_hcd.0: Device attached [ 924.805498][T19490] vhci_hcd: connection closed [ 924.805910][ T1145] vhci_hcd vhci_hcd.0: stop threads [ 924.810298][ T1145] vhci_hcd vhci_hcd.0: release socket [ 924.812657][ T1145] vhci_hcd vhci_hcd.0: disconnect device [ 924.816356][ T24] usb 38-1: enqueue for inactive port 0 [ 924.946417][ T6012] usb 40-1: SetAddress Request (82) to port 0 [ 924.949000][ T6012] usb 40-1: new SuperSpeed USB device number 82 using vhci_hcd [ 925.041933][T19493] syz2: rxe_newlink: already configured on wg2 [ 925.306865][ T24] usb usb38-port1: attempt power cycle [ 925.345565][T19494] vhci_hcd: connection reset by peer [ 925.348770][ T215] vhci_hcd vhci_hcd.1: stop threads [ 925.351157][ T215] vhci_hcd vhci_hcd.1: release socket [ 925.353498][ T215] vhci_hcd vhci_hcd.1: disconnect device [ 925.556790][T19504] FAULT_INJECTION: forcing a failure. [ 925.556790][T19504] name failslab, interval 1, probability 0, space 0, times 0 [ 925.562271][T19504] CPU: 3 UID: 0 PID: 19504 Comm: syz.3.3247 Not tainted syzkaller #0 PREEMPT(full) [ 925.562295][T19504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 925.562307][T19504] Call Trace: [ 925.562315][T19504] [ 925.562322][T19504] dump_stack_lvl+0x16c/0x1f0 [ 925.562354][T19504] should_fail_ex+0x512/0x640 [ 925.562374][T19504] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 925.562400][T19504] should_failslab+0xc2/0x120 [ 925.562428][T19504] kmem_cache_alloc_node_noprof+0x86/0x800 [ 925.562450][T19504] ? __alloc_skb+0x156/0x410 [ 925.562475][T19504] ? __alloc_skb+0x156/0x410 [ 925.562492][T19504] __alloc_skb+0x156/0x410 [ 925.562509][T19504] ? __alloc_skb+0x35d/0x410 [ 925.562528][T19504] ? __pfx___alloc_skb+0x10/0x10 [ 925.562548][T19504] ? is_bpf_text_address+0x8a/0x1a0 [ 925.562573][T19504] ? bpf_ksym_find+0x124/0x1c0 [ 925.562596][T19504] alloc_skb_with_frags+0xe0/0x860 [ 925.562621][T19504] ? unwind_get_return_address+0x59/0xa0 [ 925.562651][T19504] sock_alloc_send_pskb+0x7f9/0x980 [ 925.562672][T19504] ? __lock_acquire+0x436/0x2890 [ 925.562695][T19504] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 925.562716][T19504] ? __pfx___might_resched+0x10/0x10 [ 925.562746][T19504] ? find_held_lock+0x2b/0x80 [ 925.562773][T19504] ? aa_sk_perm+0x2f2/0xae0 [ 925.562797][T19504] hci_sock_sendmsg+0x1c7/0x26b0 [ 925.562828][T19504] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 925.562853][T19504] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 925.562888][T19504] sock_write_iter+0x566/0x610 [ 925.562917][T19504] ? __pfx_sock_write_iter+0x10/0x10 [ 925.562953][T19504] ? bpf_lsm_file_permission+0x9/0x10 [ 925.562975][T19504] ? security_file_permission+0x71/0x210 [ 925.562998][T19504] ? rw_verify_area+0xcf/0x6c0 [ 925.563024][T19504] vfs_write+0x7d3/0x11d0 [ 925.563050][T19504] ? __pfx_sock_write_iter+0x10/0x10 [ 925.563081][T19504] ? __pfx_vfs_write+0x10/0x10 [ 925.563104][T19504] ? find_held_lock+0x2b/0x80 [ 925.563142][T19504] ksys_write+0x1f8/0x250 [ 925.563166][T19504] ? __pfx_ksys_write+0x10/0x10 [ 925.563193][T19504] ? do_user_addr_fault+0x843/0x1370 [ 925.563219][T19504] __do_fast_syscall_32+0xe8/0x680 [ 925.563249][T19504] do_fast_syscall_32+0x32/0x80 [ 925.563277][T19504] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 925.563300][T19504] RIP: 0023:0xf703d579 [ 925.563314][T19504] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 925.563331][T19504] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 925.563348][T19504] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000 [ 925.563360][T19504] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000 [ 925.563370][T19504] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 925.563381][T19504] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 925.563391][T19504] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 925.563415][T19504] [ 925.848331][T19512] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3248'. [ 925.857723][T19506] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3248'. [ 925.867875][ T24] usb usb38-port1: unable to enumerate USB device [ 926.817085][T19521] binder: 19520:19521 ioctl c00864bf 800002c0 returned -22 [ 926.821219][T19521] binder: 19520:19521 ioctl c02064cc 80000340 returned -22 [ 927.086404][T19534] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 927.180269][T19525] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 927.184251][T19525] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 927.187352][T19525] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 927.190651][T19525] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 928.122830][T19542] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 928.125705][T19542] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 928.129797][T19542] vhci_hcd vhci_hcd.0: Device attached [ 928.407191][ T24] usb 42-1: SetAddress Request (110) to port 0 [ 928.410200][ T24] usb 42-1: new SuperSpeed USB device number 110 using vhci_hcd [ 928.650488][T19542] rdma_rxe: rxe_newlink: failed to add wg2 [ 928.768441][T19554] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3255'. [ 929.187302][ T5947] Bluetooth: hci0: command 0x040f tx timeout [ 929.187312][ T64] Bluetooth: hci4: command 0x040f tx timeout [ 929.267379][ T5947] Bluetooth: hci3: command 0x0c1a tx timeout [ 929.269849][ T64] Bluetooth: hci1: command 0x0c1a tx timeout [ 929.565488][T19543] vhci_hcd: connection reset by peer [ 929.567854][ T215] vhci_hcd vhci_hcd.2: stop threads [ 929.569991][ T215] vhci_hcd vhci_hcd.2: release socket [ 929.572226][ T215] vhci_hcd vhci_hcd.2: disconnect device [ 929.988497][ T6012] usb 40-1: device descriptor read/8, error -110 [ 930.096213][T19570] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 930.098458][T19570] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 930.111877][T19570] vhci_hcd vhci_hcd.0: Device attached [ 930.113993][T19573] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 930.116275][T19573] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 930.125580][T19573] vhci_hcd vhci_hcd.0: Device attached [ 930.227671][ T6012] usb 40-1: SetAddress Request (83) to port 0 [ 930.230733][ T6012] usb 40-1: new SuperSpeed USB device number 83 using vhci_hcd [ 930.304335][T19570] rdma_rxe: rxe_newlink: failed to add wg2 [ 930.387825][T14363] usb 44-1: SetAddress Request (98) to port 0 [ 930.390308][T14363] usb 44-1: new SuperSpeed USB device number 98 using vhci_hcd [ 930.413497][T19573] syz2: rxe_newlink: already configured on wg2 [ 930.449827][T19578] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3259'. [ 930.454582][T19578] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3259'. [ 932.064244][T19574] vhci_hcd: connection reset by peer [ 932.066397][ T1145] vhci_hcd vhci_hcd.1: stop threads [ 932.072203][ T1145] vhci_hcd vhci_hcd.1: release socket [ 932.074757][ T1145] vhci_hcd vhci_hcd.1: disconnect device [ 932.084819][T19571] vhci_hcd: connection reset by peer [ 932.086848][ T1145] vhci_hcd vhci_hcd.3: stop threads [ 932.089237][ T1145] vhci_hcd vhci_hcd.3: release socket [ 932.092844][ T1145] vhci_hcd vhci_hcd.3: disconnect device [ 932.880229][T19598] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 932.883691][T19598] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 932.886423][T19598] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 932.891002][T19598] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 932.962321][T19602] netlink: 'syz.1.3264': attribute type 1 has an invalid length. [ 932.967404][T19602] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3264'. [ 932.973881][T19602] netlink: 658 bytes leftover after parsing attributes in process `syz.1.3264'. [ 932.978251][T19602] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3264'. [ 932.994082][ T40] kauditd_printk_skb: 524 callbacks suppressed [ 932.994095][ T40] audit: type=1326 audit(1767231956.739:616): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=unconfined pid=19601 comm="syz.1.3264" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x0 [ 933.508503][ T24] usb 42-1: device descriptor read/8, error -110 [ 933.909482][ T24] usb usb42-port1: attempt power cycle [ 934.371074][T19626] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 934.616547][ T24] usb usb42-port1: unable to enumerate USB device [ 934.868764][ T5947] Bluetooth: hci4: command 0x040f tx timeout [ 934.949004][T16703] Bluetooth: hci3: command 0x0c1a tx timeout [ 934.951253][T16703] Bluetooth: hci0: command 0x040f tx timeout [ 934.953414][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout [ 935.269083][ T6012] usb 40-1: device descriptor read/8, error -110 [ 935.379731][ T6012] usb usb40-port1: attempt power cycle [ 935.429042][T14363] usb 44-1: device descriptor read/8, error -110 [ 935.831798][T14363] usb usb44-port1: attempt power cycle [ 935.873014][T19631] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3271'. [ 935.877520][T19631] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3271'. [ 935.959722][ T6012] usb usb40-port1: unable to enumerate USB device [ 936.336968][T19643] netlink: 'syz.2.3272': attribute type 1 has an invalid length. [ 936.633050][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 936.656211][T19643] 8021q: adding VLAN 0 to HW filter on device bond2 [ 936.674760][T14363] usb usb44-port1: unable to enumerate USB device [ 936.684301][T19643] veth3: entered promiscuous mode [ 936.688548][T19643] bond2: (slave veth3): Enslaving as a backup interface with a down link [ 936.914611][T19652] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3277'. [ 937.029380][T13148] Bluetooth: hci1: command 0x0c1a tx timeout [ 939.350035][T13148] Bluetooth: hci4: command 0x040f tx timeout [ 939.352928][T19660] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 939.515001][T19674] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 939.517284][T19674] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 939.520462][T19674] vhci_hcd vhci_hcd.0: Device attached [ 939.575105][T19674] syz2: rxe_newlink: already configured on wg2 [ 939.790095][ T6034] usb 40-1: SetAddress Request (86) to port 0 [ 939.792662][ T6034] usb 40-1: new SuperSpeed USB device number 86 using vhci_hcd [ 939.857107][T19660] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 939.859917][T19660] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 939.863228][T19660] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 940.006175][T19678] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 940.510628][T19675] vhci_hcd: connection reset by peer [ 940.513126][ T13] vhci_hcd vhci_hcd.1: stop threads [ 940.515047][ T13] vhci_hcd vhci_hcd.1: release socket [ 940.517419][ T13] vhci_hcd vhci_hcd.1: disconnect device [ 940.605247][T19685] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3282'. [ 940.731044][T19685] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3282'. [ 940.901180][T19690] overlayfs: overlapping lowerdir path [ 940.911172][T19690] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 940.913899][T19690] overlayfs: overlapping lowerdir path [ 941.430576][T13148] Bluetooth: hci0: command 0x040f tx timeout [ 941.761475][T19698] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3284'. [ 941.778537][T19698] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3284'. [ 941.920246][ T64] Bluetooth: hci3: command 0x0c1a tx timeout [ 941.923921][T13148] Bluetooth: hci1: command 0x0c1a tx timeout [ 943.011043][T19708] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 943.015565][T19708] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 943.018614][T19708] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 943.022254][T19708] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 943.715025][T19720] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3287'. [ 943.721413][T19717] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3287'. [ 944.871529][ T6034] usb 40-1: device descriptor read/8, error -110 [ 944.951485][ T64] Bluetooth: hci4: command 0x040f tx timeout [ 945.032188][ T64] Bluetooth: hci1: command 0x0c1a tx timeout [ 945.032431][ T5947] Bluetooth: hci0: command 0x040f tx timeout [ 945.037132][T13148] Bluetooth: hci3: command 0x0c1a tx timeout [ 945.262323][ T6034] usb usb40-port1: attempt power cycle [ 945.822573][T19743] netlink: 'syz.3.3291': attribute type 1 has an invalid length. [ 945.890317][ T6034] usb usb40-port1: unable to enumerate USB device [ 946.206812][T19743] 8021q: adding VLAN 0 to HW filter on device bond1 [ 946.270406][T19743] veth3: entered promiscuous mode [ 946.276741][T19743] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 946.615015][T19751] overlayfs: overlapping lowerdir path [ 946.623636][T19751] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 946.626598][T19751] overlayfs: overlapping lowerdir path [ 948.072405][ T5947] Bluetooth: hci4: command 0x040f tx timeout [ 948.092321][T19740] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 948.666894][T19740] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 948.690400][T19777] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.3295' sets config #0 [ 948.694898][T19777] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.3295' sets config #1 [ 948.708600][T19740] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 948.713162][T19740] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 950.162797][T13148] Bluetooth: hci0: command 0x040f tx timeout [ 950.713076][T13148] Bluetooth: hci3: command 0x0c1a tx timeout [ 950.774432][T19795] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 950.777896][T19795] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 950.783102][T19795] vhci_hcd vhci_hcd.0: Device attached [ 950.793375][T13148] Bluetooth: hci1: command 0x0c1a tx timeout [ 950.962459][T19795] rdma_rxe: rxe_newlink: failed to add wg2 [ 951.053474][T15924] usb 38-1: SetAddress Request (92) to port 0 [ 951.055846][T15924] usb 38-1: new SuperSpeed USB device number 92 using vhci_hcd [ 951.350559][T19796] vhci_hcd: connection reset by peer [ 951.352889][ T8946] vhci_hcd vhci_hcd.0: stop threads [ 951.355250][ T8946] vhci_hcd vhci_hcd.0: release socket [ 951.358600][ T8946] vhci_hcd vhci_hcd.0: disconnect device [ 952.669587][T19819] overlayfs: overlapping lowerdir path [ 952.704527][T19819] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 952.708441][T19819] overlayfs: overlapping lowerdir path [ 952.883652][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout [ 953.763817][ T5947] Bluetooth: hci4: command 0x040f tx timeout [ 953.827122][T19807] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 953.902850][T19828] fuse: Bad value for 'fd' [ 954.321480][T19835] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.3306' sets config #0 [ 954.335161][T19835] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.3306' sets config #1 [ 954.379791][T19807] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 954.381997][T19807] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 954.384301][T19807] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 954.688835][T19841] overlay: Unknown parameter '/' [ 954.696988][T19841] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 955.834224][ T5947] Bluetooth: hci0: command 0x040f tx timeout [ 956.154517][T15924] usb 38-1: device descriptor read/8, error -110 [ 956.404396][T13148] Bluetooth: hci3: command 0x0c1a tx timeout [ 956.407080][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout [ 956.570698][T19854] 9pnet_virtio: no channels available for device syz [ 956.581810][T19854] overlayfs: overlapping lowerdir path [ 956.935401][T15924] usb usb38-port1: attempt power cycle [ 957.032860][T19859] overlay: Unknown parameter '/' [ 957.038092][T19859] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 958.215833][T19861] 9pnet_virtio: no channels available for device syz [ 958.437129][T15924] usb usb38-port1: unable to enumerate USB device [ 958.586183][T19861] overlayfs: overlapping lowerdir path [ 959.053106][T19874] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 959.055412][T19874] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 959.058848][T19874] vhci_hcd vhci_hcd.0: Device attached [ 959.173593][T19874] rdma_rxe: rxe_newlink: failed to add wg2 [ 959.216686][T19872] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 959.218916][T19872] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 959.221078][T19872] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 959.223812][T19872] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 959.370647][T14363] usb 42-1: SetAddress Request (114) to port 0 [ 959.373103][T14363] usb 42-1: new SuperSpeed USB device number 114 using vhci_hcd [ 959.532314][T19875] vhci_hcd: connection reset by peer [ 959.535330][ T1168] vhci_hcd vhci_hcd.2: stop threads [ 959.537140][ T1168] vhci_hcd vhci_hcd.2: release socket [ 959.538954][ T1168] vhci_hcd vhci_hcd.2: disconnect device [ 959.602421][T19886] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 959.604557][T19886] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 959.613515][T19886] vhci_hcd vhci_hcd.0: Device attached [ 959.720074][T19886] rdma_rxe: rxe_newlink: failed to add wg2 [ 959.858472][T19890] FAULT_INJECTION: forcing a failure. [ 959.858472][T19890] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 959.864284][T19890] CPU: 3 UID: 0 PID: 19890 Comm: syz.1.3319 Not tainted syzkaller #0 PREEMPT(full) [ 959.864305][T19890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 959.864313][T19890] Call Trace: [ 959.864318][T19890] [ 959.864324][T19890] dump_stack_lvl+0x16c/0x1f0 [ 959.864349][T19890] should_fail_ex+0x512/0x640 [ 959.864367][T19890] _copy_from_user+0x2e/0xd0 [ 959.864382][T19890] move_addr_to_kernel+0x65/0x170 [ 959.864396][T19890] __sys_connect+0xb1/0x160 [ 959.864409][T19890] ? __pfx___sys_connect+0x10/0x10 [ 959.864427][T19890] ? __pfx_ksys_write+0x10/0x10 [ 959.864446][T19890] ? do_user_addr_fault+0x843/0x1370 [ 959.864464][T19890] __ia32_sys_connect+0x71/0xb0 [ 959.864475][T19890] ? lockdep_hardirqs_on+0x7c/0x110 [ 959.864495][T19890] __do_fast_syscall_32+0xe8/0x680 [ 959.864530][T19890] do_fast_syscall_32+0x32/0x80 [ 959.864549][T19890] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 959.864566][T19890] RIP: 0023:0xf700d579 [ 959.864576][T19890] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 959.864589][T19890] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 000000000000016a [ 959.864606][T19890] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000180 [ 959.864618][T19890] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 959.864628][T19890] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 959.864638][T19890] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 959.864648][T19890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 959.864672][T19890] [ 959.929787][ T24] usb 44-1: SetAddress Request (102) to port 0 [ 959.932377][ T24] usb 44-1: new SuperSpeed USB device number 102 using vhci_hcd [ 960.133354][T19887] vhci_hcd: connection reset by peer [ 960.136018][ T62] vhci_hcd vhci_hcd.3: stop threads [ 960.138204][ T62] vhci_hcd vhci_hcd.3: release socket [ 960.140301][ T62] vhci_hcd vhci_hcd.3: disconnect device [ 960.522265][T19905] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 960.524480][T19905] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 960.533029][T19905] vhci_hcd vhci_hcd.0: Device attached [ 960.935778][T19905] rdma_rxe: rxe_newlink: failed to add wg2 [ 961.276283][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout [ 961.276461][T19912] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3324'. [ 961.276518][ T64] Bluetooth: hci3: command 0x0c1a tx timeout [ 961.276557][ T64] Bluetooth: hci0: command 0x040f tx timeout [ 961.276579][ T64] Bluetooth: hci4: command 0x040f tx timeout [ 961.296915][T19906] vhci_hcd: connection closed [ 961.297257][ T62] vhci_hcd vhci_hcd.2: stop threads [ 961.301515][ T62] vhci_hcd vhci_hcd.2: release socket [ 961.304048][ T62] vhci_hcd vhci_hcd.2: disconnect device [ 962.130784][T19924] tipc: Enabling of bearer rejected, failed to enable media [ 962.333208][T19928] overlay: Unknown parameter '/' [ 962.346532][T19928] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 963.356147][T13148] Bluetooth: hci1: command 0x0c1a tx timeout [ 963.817924][T19937] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 963.820163][T19937] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 963.838909][T19937] vhci_hcd vhci_hcd.0: Device attached [ 963.938254][T19943] FAULT_INJECTION: forcing a failure. [ 963.938254][T19943] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 963.944431][T19943] CPU: 3 UID: 0 PID: 19943 Comm: syz.0.3330 Not tainted syzkaller #0 PREEMPT(full) [ 963.944458][T19943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 963.944470][T19943] Call Trace: [ 963.944478][T19943] [ 963.944486][T19943] dump_stack_lvl+0x16c/0x1f0 [ 963.944521][T19943] should_fail_ex+0x512/0x640 [ 963.944547][T19943] _copy_from_user+0x2e/0xd0 [ 963.944570][T19943] get_compat_msghdr+0xa7/0x170 [ 963.944601][T19943] ? __pfx_get_compat_msghdr+0x10/0x10 [ 963.944635][T19943] ___sys_sendmsg+0x1ae/0x1d0 [ 963.944664][T19943] ? __pfx____sys_sendmsg+0x10/0x10 [ 963.944699][T19943] ? find_held_lock+0x2b/0x80 [ 963.944739][T19943] __sys_sendmsg+0x16d/0x220 [ 963.944764][T19943] ? __pfx___sys_sendmsg+0x10/0x10 [ 963.944805][T19943] __do_fast_syscall_32+0xe8/0x680 [ 963.944838][T19943] do_fast_syscall_32+0x32/0x80 [ 963.944867][T19943] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 963.944893][T19943] RIP: 0023:0xf700d579 [ 963.944907][T19943] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 963.944927][T19943] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 963.944947][T19943] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300 [ 963.944958][T19943] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 963.944970][T19943] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 963.944981][T19943] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 963.944994][T19943] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 963.945016][T19943] [ 964.058037][T19937] rdma_rxe: rxe_newlink: failed to add wg2 [ 964.229602][T19954] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 964.232038][T19954] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 964.242062][T19954] vhci_hcd vhci_hcd.0: Device attached [ 964.311891][T19954] rdma_rxe: rxe_newlink: failed to add wg2 [ 964.402534][T19958] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 964.405094][T19958] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 964.408155][T19958] vhci_hcd vhci_hcd.0: Device attached [ 964.551263][T19958] syz2: rxe_newlink: already configured on wg2 [ 964.694188][T15924] usb 40-1: SetAddress Request (90) to port 0 [ 964.697112][T15924] usb 40-1: new SuperSpeed USB device number 90 using vhci_hcd [ 964.796624][T19956] vhci_hcd: connection reset by peer [ 964.804971][ T62] vhci_hcd vhci_hcd.2: stop threads [ 964.807621][ T62] vhci_hcd vhci_hcd.2: release socket [ 964.809711][ T62] vhci_hcd vhci_hcd.2: disconnect device [ 964.809780][T14363] usb 42-1: device descriptor read/8, error -110 [ 965.124990][T19938] vhci_hcd: connection reset by peer [ 965.132118][T18315] vhci_hcd vhci_hcd.3: stop threads [ 965.134273][T18315] vhci_hcd vhci_hcd.3: release socket [ 965.136212][T18315] vhci_hcd vhci_hcd.3: disconnect device [ 965.136281][ T24] usb 44-1: device descriptor read/8, error -110 [ 965.247698][T19964] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 965.249938][T19964] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 965.267253][T14363] usb usb42-port1: attempt power cycle [ 965.272459][T19964] vhci_hcd vhci_hcd.0: Device attached [ 965.403960][T19964] rdma_rxe: rxe_newlink: failed to add wg2 [ 965.440942][T19959] vhci_hcd: connection reset by peer [ 965.443829][ T4950] vhci_hcd vhci_hcd.1: stop threads [ 965.445610][ T4950] vhci_hcd vhci_hcd.1: release socket [ 965.447785][ T4950] vhci_hcd vhci_hcd.1: disconnect device [ 965.527351][ T24] usb usb44-port1: attempt power cycle [ 965.546637][ T53] usb 38-1: SetAddress Request (96) to port 0 [ 965.549482][ T53] usb 38-1: new SuperSpeed USB device number 96 using vhci_hcd [ 965.838121][T14363] usb usb42-port1: unable to enumerate USB device [ 965.841403][T19965] vhci_hcd: connection reset by peer [ 965.843869][ T1168] vhci_hcd vhci_hcd.0: stop threads [ 965.846291][ T1168] vhci_hcd vhci_hcd.0: release socket [ 965.851122][ T1168] vhci_hcd vhci_hcd.0: disconnect device [ 965.855019][T19970] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 965.858089][T19970] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 965.858650][T19974] dummy0: entered allmulticast mode [ 965.860820][T19970] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 965.866404][T19970] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 966.040487][T19973] dummy0: left allmulticast mode [ 966.107057][ T24] usb usb44-port1: unable to enumerate USB device [ 966.197050][T19983] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3338'. [ 966.204031][T19983] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3338'. [ 967.521421][T19996] overlay: Unknown parameter '/' [ 967.587719][T19997] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 967.757204][T13148] Bluetooth: hci4: command 0x040f tx timeout [ 967.917292][T16703] Bluetooth: hci0: command 0x040f tx timeout [ 967.919369][ T5947] Bluetooth: hci3: command 0x0c1a tx timeout [ 967.921402][T13148] Bluetooth: hci1: command 0x0c1a tx timeout [ 969.175769][T20015] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 969.178332][T20015] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 969.207559][T20015] vhci_hcd vhci_hcd.0: Device attached [ 969.574305][T20015] rdma_rxe: rxe_newlink: failed to add wg2 [ 969.690548][T20036] FAULT_INJECTION: forcing a failure. [ 969.690548][T20036] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 969.695531][T20036] CPU: 3 UID: 0 PID: 20036 Comm: syz.1.3349 Not tainted syzkaller #0 PREEMPT(full) [ 969.695551][T20036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 969.695561][T20036] Call Trace: [ 969.695567][T20036] [ 969.695573][T20036] dump_stack_lvl+0x16c/0x1f0 [ 969.695600][T20036] should_fail_ex+0x512/0x640 [ 969.695620][T20036] _copy_from_iter+0x2a4/0x16c0 [ 969.695641][T20036] ? __pfx__copy_from_iter+0x10/0x10 [ 969.695659][T20036] ? find_held_lock+0x2b/0x80 [ 969.695679][T20036] ? rawv6_sendmsg+0xb68/0x4860 [ 969.695705][T20036] rawv6_sendmsg+0x238c/0x4860 [ 969.695726][T20036] ? is_bpf_text_address+0x8a/0x1a0 [ 969.695745][T20036] ? aa_label_sk_perm+0x194/0x5f0 [ 969.695761][T20036] ? bpf_ksym_find+0x124/0x1c0 [ 969.695778][T20036] ? aa_pivotroot+0x39a/0x1070 [ 969.695796][T20036] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 969.695822][T20036] ? __lock_acquire+0x436/0x2890 [ 969.695843][T20036] ? find_held_lock+0x2b/0x80 [ 969.695864][T20036] ? aa_sk_perm+0x2f2/0xae0 [ 969.695888][T20036] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 969.695911][T20036] ? inet_sendmsg+0x11c/0x140 [ 969.695927][T20036] inet_sendmsg+0x11c/0x140 [ 969.695944][T20036] sock_write_iter+0x509/0x610 [ 969.695968][T20036] ? __pfx_sock_write_iter+0x10/0x10 [ 969.695997][T20036] ? bpf_lsm_file_permission+0x9/0x10 [ 969.696014][T20036] ? security_file_permission+0x71/0x210 [ 969.696033][T20036] ? rw_verify_area+0xcf/0x6c0 [ 969.696054][T20036] vfs_write+0x7d3/0x11d0 [ 969.696079][T20036] ? __pfx_sock_write_iter+0x10/0x10 [ 969.696103][T20036] ? __pfx_vfs_write+0x10/0x10 [ 969.696122][T20036] ? find_held_lock+0x2b/0x80 [ 969.696152][T20036] ksys_write+0x1f8/0x250 [ 969.696171][T20036] ? __pfx_ksys_write+0x10/0x10 [ 969.696192][T20036] ? do_user_addr_fault+0x843/0x1370 [ 969.696214][T20036] __do_fast_syscall_32+0xe8/0x680 [ 969.696240][T20036] do_fast_syscall_32+0x32/0x80 [ 969.696262][T20036] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 969.696282][T20036] RIP: 0023:0xf700d579 [ 969.696293][T20036] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 969.696308][T20036] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 969.696321][T20036] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 969.696332][T20036] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000 [ 969.696341][T20036] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 969.696349][T20036] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 969.696358][T20036] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 969.696378][T20036] [ 969.705283][T20037] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 969.790227][T20041] FAULT_INJECTION: forcing a failure. [ 969.790227][T20041] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 969.792096][T20037] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 969.798036][T15924] usb 40-1: device descriptor read/8, error -110 [ 969.798555][T20041] CPU: 3 UID: 0 PID: 20041 Comm: syz.1.3350 Not tainted syzkaller #0 PREEMPT(full) [ 969.798575][T20041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 969.798586][T20041] Call Trace: [ 969.798592][T20041] [ 969.798598][T20041] dump_stack_lvl+0x16c/0x1f0 [ 969.798624][T20041] should_fail_ex+0x512/0x640 [ 969.798646][T20041] _copy_from_user+0x2e/0xd0 [ 969.798663][T20041] get_compat_msghdr+0xa7/0x170 [ 969.798683][T20041] ? __pfx_get_compat_msghdr+0x10/0x10 [ 969.798708][T20041] ___sys_sendmsg+0x1ae/0x1d0 [ 969.798729][T20041] ? __pfx____sys_sendmsg+0x10/0x10 [ 969.798757][T20041] ? find_held_lock+0x2b/0x80 [ 969.798788][T20041] __sys_sendmsg+0x16d/0x220 [ 969.798807][T20041] ? __pfx___sys_sendmsg+0x10/0x10 [ 969.798838][T20041] __do_fast_syscall_32+0xe8/0x680 [ 969.798863][T20041] do_fast_syscall_32+0x32/0x80 [ 969.798886][T20041] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 969.798904][T20041] RIP: 0023:0xf700d579 [ 969.798915][T20041] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 969.798930][T20041] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 969.798945][T20041] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800003c0 [ 969.798954][T20041] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 969.798963][T20041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 969.798971][T20041] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 969.798980][T20041] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 969.798999][T20041] [ 969.869119][T20037] vhci_hcd vhci_hcd.0: Device attached [ 969.881528][T20016] vhci_hcd: connection closed [ 969.883252][T18411] vhci_hcd vhci_hcd.0: stop threads [ 969.887243][T18411] vhci_hcd vhci_hcd.0: release socket [ 969.892570][T18411] vhci_hcd vhci_hcd.0: disconnect device [ 970.157930][T18270] usb 44-1: SetAddress Request (106) to port 0 [ 970.167813][T18270] usb 44-1: new SuperSpeed USB device number 106 using vhci_hcd [ 970.298087][T15924] usb usb40-port1: attempt power cycle [ 970.334088][T20055] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 970.337160][T20055] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 970.348017][T20055] vhci_hcd vhci_hcd.0: Device attached [ 970.412701][T20055] netlink: 'syz.1.3352': attribute type 1 has an invalid length. [ 970.481942][T20055] 8021q: adding VLAN 0 to HW filter on device bond2 [ 970.490775][T20060] bond2: (slave geneve2): making interface the new active one [ 970.494192][T20060] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 970.620293][T20058] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 970.622519][T20058] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 970.626414][T20058] vhci_hcd vhci_hcd.0: Device attached [ 970.637951][ T53] usb 38-1: device descriptor read/8, error -110 [ 970.657345][T20028] rdma_rxe: rxe_newlink: failed to add wg2 [ 970.748277][T20058] rdma_rxe: rxe_newlink: failed to add wg2 [ 970.841058][T20038] vhci_hcd: connection reset by peer [ 970.843467][ T215] vhci_hcd vhci_hcd.3: stop threads [ 970.845371][ T215] vhci_hcd vhci_hcd.3: release socket [ 970.849809][ T215] vhci_hcd vhci_hcd.3: disconnect device [ 970.879577][T15924] usb usb40-port1: unable to enumerate USB device [ 970.898027][T15256] usb 42-1: SetAddress Request (118) to port 0 [ 970.900547][T15256] usb 42-1: new SuperSpeed USB device number 118 using vhci_hcd [ 970.928640][T20056] vhci_hcd: connection closed [ 970.929703][ T215] vhci_hcd vhci_hcd.1: stop threads [ 970.936519][ T215] vhci_hcd vhci_hcd.1: release socket [ 970.940947][ T215] vhci_hcd vhci_hcd.1: disconnect device [ 970.947942][ T6034] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 970.959085][T20066] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 970.961745][T20066] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 970.964382][T20066] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 970.966865][T20066] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 971.000299][T20061] vhci_hcd: connection reset by peer [ 971.003092][T18411] vhci_hcd vhci_hcd.2: stop threads [ 971.004893][T18411] vhci_hcd vhci_hcd.2: release socket [ 971.010625][T18411] vhci_hcd vhci_hcd.2: disconnect device [ 971.029272][ T53] usb usb38-port1: attempt power cycle [ 971.589193][ T53] usb usb38-port1: unable to enumerate USB device [ 971.790288][T20073] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3356'. [ 971.881244][T20078] IPVS: set_ctl: invalid protocol: 59 224.0.0.1:20002 [ 972.717781][T20095] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3361'. [ 972.724518][T20095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3361'. [ 972.734803][T20095] fuse: Unknown parameter '˙˙0x0000000000000008' [ 972.738706][T20095] overlayfs: missing 'lowerdir' [ 972.770494][T20094] FAULT_INJECTION: forcing a failure. [ 972.770494][T20094] name failslab, interval 1, probability 0, space 0, times 0 [ 972.777156][T20094] CPU: 1 UID: 0 PID: 20094 Comm: syz.1.3360 Not tainted syzkaller #0 PREEMPT(full) [ 972.777182][T20094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 972.777193][T20094] Call Trace: [ 972.777199][T20094] [ 972.777205][T20094] dump_stack_lvl+0x16c/0x1f0 [ 972.777236][T20094] should_fail_ex+0x512/0x640 [ 972.777254][T20094] ? fs_reclaim_acquire+0xae/0x150 [ 972.777281][T20094] should_failslab+0xc2/0x120 [ 972.777306][T20094] __kmalloc_noprof+0xeb/0x910 [ 972.777324][T20094] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 972.777351][T20094] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 972.777372][T20094] tomoyo_realpath_from_path+0xc2/0x6e0 [ 972.777396][T20094] ? tomoyo_profile+0x47/0x60 [ 972.777421][T20094] tomoyo_path_number_perm+0x245/0x580 [ 972.777439][T20094] ? tomoyo_path_number_perm+0x237/0x580 [ 972.777459][T20094] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 972.777499][T20094] ? find_held_lock+0x2b/0x80 [ 972.777520][T20094] ? hook_file_ioctl_common+0x144/0x410 [ 972.777544][T20094] ? __fget_files+0x20e/0x3c0 [ 972.777566][T20094] ? fput+0x70/0xf0 [ 972.777585][T20094] security_file_ioctl_compat+0x9b/0x240 [ 972.777606][T20094] __ia32_compat_sys_ioctl+0xc3/0x370 [ 972.777629][T20094] __do_fast_syscall_32+0xe8/0x680 [ 972.777657][T20094] do_fast_syscall_32+0x32/0x80 [ 972.777683][T20094] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 972.777704][T20094] RIP: 0023:0xf700d579 [ 972.777719][T20094] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 972.777734][T20094] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 972.777751][T20094] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0189436 [ 972.777762][T20094] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 972.777771][T20094] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 972.777781][T20094] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 972.777790][T20094] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 972.777812][T20094] [ 972.777819][T20094] ERROR: Out of memory at tomoyo_realpath_from_path. [ 972.878528][ T5947] Bluetooth: hci4: command 0x040f tx timeout [ 973.038468][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout [ 973.038505][T16703] Bluetooth: hci3: command 0x0c1a tx timeout [ 973.038721][ T64] Bluetooth: hci0: command 0x040f tx timeout [ 973.126513][T20105] FAULT_INJECTION: forcing a failure. [ 973.126513][T20105] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 973.131200][T20105] CPU: 3 UID: 0 PID: 20105 Comm: syz.2.3365 Not tainted syzkaller #0 PREEMPT(full) [ 973.131218][T20105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 973.131225][T20105] Call Trace: [ 973.131230][T20105] [ 973.131234][T20105] dump_stack_lvl+0x16c/0x1f0 [ 973.131256][T20105] should_fail_ex+0x512/0x640 [ 973.131271][T20105] _copy_to_user+0x32/0xd0 [ 973.131285][T20105] simple_read_from_buffer+0xcb/0x170 [ 973.131315][T20105] proc_fail_nth_read+0x197/0x240 [ 973.131335][T20105] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 973.131354][T20105] ? rw_verify_area+0xcf/0x6c0 [ 973.131368][T20105] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 973.131386][T20105] vfs_read+0x1e4/0xcf0 [ 973.131402][T20105] ? __pfx___mutex_lock+0x10/0x10 [ 973.131422][T20105] ? __pfx_vfs_read+0x10/0x10 [ 973.131436][T20105] ? find_held_lock+0x2b/0x80 [ 973.131455][T20105] ? __fget_files+0x20e/0x3c0 [ 973.131474][T20105] ksys_read+0x12a/0x250 [ 973.131489][T20105] ? __pfx_ksys_read+0x10/0x10 [ 973.131505][T20105] ? do_user_addr_fault+0x843/0x1370 [ 973.131522][T20105] __do_fast_syscall_32+0xe8/0x680 [ 973.131541][T20105] do_fast_syscall_32+0x32/0x80 [ 973.131558][T20105] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 973.131572][T20105] RIP: 0023:0xf7f62579 [ 973.131581][T20105] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 973.131592][T20105] RSP: 002b:00000000f5456590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 973.131603][T20105] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5456620 [ 973.131610][T20105] RDX: 000000000000000f RSI: 00000000f73f6ff4 RDI: 0000000000000000 [ 973.131617][T20105] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 973.131623][T20105] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 973.131629][T20105] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 973.131643][T20105] [ 973.214270][T20106] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 973.214288][T20106] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 973.215990][T20106] vhci_hcd vhci_hcd.0: Device attached [ 973.324774][T20106] syz2: rxe_newlink: already configured on wg2 [ 973.406148][T20117] FAULT_INJECTION: forcing a failure. [ 973.406148][T20117] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 973.412250][T20117] CPU: 2 UID: 0 PID: 20117 Comm: syz.2.3367 Not tainted syzkaller #0 PREEMPT(full) [ 973.412278][T20117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 973.412290][T20117] Call Trace: [ 973.412297][T20117] [ 973.412305][T20117] dump_stack_lvl+0x16c/0x1f0 [ 973.412350][T20117] should_fail_ex+0x512/0x640 [ 973.412377][T20117] _copy_to_user+0x32/0xd0 [ 973.412401][T20117] simple_read_from_buffer+0xcb/0x170 [ 973.412424][T20117] proc_fail_nth_read+0x197/0x240 [ 973.412444][T20117] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 973.412465][T20117] ? rw_verify_area+0xcf/0x6c0 [ 973.412480][T20117] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 973.412500][T20117] vfs_read+0x1e4/0xcf0 [ 973.412517][T20117] ? __pfx___mutex_lock+0x10/0x10 [ 973.412537][T20117] ? __pfx_vfs_read+0x10/0x10 [ 973.412551][T20117] ? find_held_lock+0x2b/0x80 [ 973.412571][T20117] ? __fget_files+0x20e/0x3c0 [ 973.412592][T20117] ksys_read+0x12a/0x250 [ 973.412608][T20117] ? __pfx_ksys_read+0x10/0x10 [ 973.412625][T20117] ? do_user_addr_fault+0x843/0x1370 [ 973.412643][T20117] __do_fast_syscall_32+0xe8/0x680 [ 973.412663][T20117] do_fast_syscall_32+0x32/0x80 [ 973.412681][T20117] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 973.412697][T20117] RIP: 0023:0xf7f62579 [ 973.412706][T20117] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 973.412718][T20117] RSP: 002b:00000000f5456590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 973.412730][T20117] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5456620 [ 973.412738][T20117] RDX: 000000000000000f RSI: 00000000f73f6ff4 RDI: 0000000000000000 [ 973.412745][T20117] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 973.412752][T20117] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 973.412759][T20117] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 973.412774][T20117] [ 973.498707][ T53] usb 40-1: SetAddress Request (94) to port 0 [ 973.501094][ T53] usb 40-1: new SuperSpeed USB device number 94 using vhci_hcd [ 973.764728][T20121] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 973.767069][T20121] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 973.778677][T20108] vhci_hcd: connection reset by peer [ 973.778813][T20121] vhci_hcd vhci_hcd.0: Device attached [ 973.783326][ T62] vhci_hcd vhci_hcd.1: stop threads [ 973.785149][ T62] vhci_hcd vhci_hcd.1: release socket [ 973.788789][ T62] vhci_hcd vhci_hcd.1: disconnect device [ 973.803639][T20125] devtmpfs: Unknown parameter 'u3rquota_inode_‡ardlimit' [ 973.954618][T20130] FAULT_INJECTION: forcing a failure. [ 973.954618][T20130] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 973.961807][T20130] CPU: 2 UID: 0 PID: 20130 Comm: syz.0.3371 Not tainted syzkaller #0 PREEMPT(full) [ 973.961834][T20130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 973.961845][T20130] Call Trace: [ 973.961852][T20130] [ 973.961860][T20130] dump_stack_lvl+0x16c/0x1f0 [ 973.961896][T20130] should_fail_ex+0x512/0x640 [ 973.961918][T20130] _copy_to_user+0x32/0xd0 [ 973.961934][T20130] simple_read_from_buffer+0xcb/0x170 [ 973.961952][T20130] proc_fail_nth_read+0x197/0x240 [ 973.961973][T20130] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 973.961993][T20130] ? rw_verify_area+0xcf/0x6c0 [ 973.962008][T20130] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 973.962027][T20130] vfs_read+0x1e4/0xcf0 [ 973.962052][T20130] ? __pfx___mutex_lock+0x10/0x10 [ 973.962072][T20130] ? __pfx_vfs_read+0x10/0x10 [ 973.962087][T20130] ? find_held_lock+0x2b/0x80 [ 973.962106][T20130] ? __fget_files+0x20e/0x3c0 [ 973.962128][T20130] ksys_read+0x12a/0x250 [ 973.962144][T20130] ? __pfx_ksys_read+0x10/0x10 [ 973.962165][T20130] __do_fast_syscall_32+0xe8/0x680 [ 973.962185][T20130] do_fast_syscall_32+0x32/0x80 [ 973.962203][T20130] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 973.962218][T20130] RIP: 0023:0xf700d579 [ 973.962228][T20130] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 973.962240][T20130] RSP: 002b:00000000f53fd590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 973.962252][T20130] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f53fd620 [ 973.962259][T20130] RDX: 000000000000000f RSI: 00000000f73a6ff4 RDI: 0000000000000000 [ 973.962266][T20130] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 973.962273][T20130] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 973.962280][T20130] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 973.962297][T20130] [ 973.962808][T20121] rdma_rxe: rxe_newlink: failed to add wg2 [ 974.444501][T20122] vhci_hcd: connection closed [ 974.444801][T19862] vhci_hcd vhci_hcd.2: stop threads [ 974.448387][T19862] vhci_hcd vhci_hcd.2: release socket [ 974.450499][T19862] vhci_hcd vhci_hcd.2: disconnect device [ 974.592329][T20145] binder: 20144:20145 ioctl 4018620d 0 returned -22 [ 975.076539][T20152] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 975.079451][T20152] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 975.082237][T20152] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 975.111857][T20152] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 975.125039][T20156] FAULT_INJECTION: forcing a failure. [ 975.125039][T20156] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 975.130855][T20156] CPU: 2 UID: 0 PID: 20156 Comm: syz.2.3378 Not tainted syzkaller #0 PREEMPT(full) [ 975.130872][T20156] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 975.130880][T20156] Call Trace: [ 975.130884][T20156] [ 975.130888][T20156] dump_stack_lvl+0x16c/0x1f0 [ 975.130910][T20156] should_fail_ex+0x512/0x640 [ 975.130925][T20156] _copy_from_user+0x2e/0xd0 [ 975.130938][T20156] snd_pcm_oss_write2+0x1c2/0x410 [ 975.130952][T20156] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 975.130962][T20156] ? snd_pcm_kernel_ioctl+0x267/0x2e0 [ 975.130976][T20156] ? snd_pcm_oss_prepare+0x11e/0x240 [ 975.131029][T20156] snd_pcm_oss_write+0x710/0xa10 [ 975.131044][T20156] ? security_file_permission+0x71/0x210 [ 975.131062][T20156] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 975.131073][T20156] vfs_write+0x2a0/0x11d0 [ 975.131093][T20156] ? __pfx_vfs_write+0x10/0x10 [ 975.131107][T20156] ? find_held_lock+0x2b/0x80 [ 975.131122][T20156] ? __fget_files+0x204/0x3c0 [ 975.131265][T20156] ? __fget_files+0x20e/0x3c0 [ 975.131298][T20156] ksys_write+0x12a/0x250 [ 975.131323][T20156] ? __pfx_ksys_write+0x10/0x10 [ 975.131348][T20156] ? do_user_addr_fault+0x843/0x1370 [ 975.131376][T20156] __do_fast_syscall_32+0xe8/0x680 [ 975.131408][T20156] do_fast_syscall_32+0x32/0x80 [ 975.131429][T20156] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 975.131443][T20156] RIP: 0023:0xf7f62579 [ 975.131457][T20156] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 975.131469][T20156] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 975.131481][T20156] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0 [ 975.131488][T20156] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 975.131495][T20156] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 975.131501][T20156] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 975.131508][T20156] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 975.131521][T20156] [ 975.209041][T18270] usb 44-1: device descriptor read/8, error -110 [ 975.619660][T18270] usb usb44-port1: attempt power cycle [ 975.664852][T20166] FAULT_INJECTION: forcing a failure. [ 975.664852][T20166] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 975.670565][T20166] CPU: 3 UID: 0 PID: 20166 Comm: syz.2.3382 Not tainted syzkaller #0 PREEMPT(full) [ 975.670591][T20166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 975.670603][T20166] Call Trace: [ 975.670610][T20166] [ 975.670617][T20166] dump_stack_lvl+0x16c/0x1f0 [ 975.670650][T20166] should_fail_ex+0x512/0x640 [ 975.670674][T20166] _copy_from_user+0x2e/0xd0 [ 975.670694][T20166] snd_pcm_oss_write2+0x1c2/0x410 [ 975.670713][T20166] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 975.670731][T20166] ? snd_pcm_kernel_ioctl+0x267/0x2e0 [ 975.670753][T20166] ? snd_pcm_oss_prepare+0x11e/0x240 [ 975.670785][T20166] snd_pcm_oss_write+0x710/0xa10 [ 975.670806][T20166] ? security_file_permission+0x71/0x210 [ 975.670833][T20166] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 975.670850][T20166] vfs_write+0x2a0/0x11d0 [ 975.670881][T20166] ? __pfx_vfs_write+0x10/0x10 [ 975.670905][T20166] ? find_held_lock+0x2b/0x80 [ 975.670930][T20166] ? __fget_files+0x204/0x3c0 [ 975.670959][T20166] ? __fget_files+0x20e/0x3c0 [ 975.671073][T20166] ksys_write+0x12a/0x250 [ 975.671108][T20166] ? __pfx_ksys_write+0x10/0x10 [ 975.671135][T20166] ? do_user_addr_fault+0x843/0x1370 [ 975.671164][T20166] __do_fast_syscall_32+0xe8/0x680 [ 975.671197][T20166] do_fast_syscall_32+0x32/0x80 [ 975.671227][T20166] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 975.671260][T20166] RIP: 0023:0xf7f62579 [ 975.671275][T20166] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 975.671294][T20166] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 975.671312][T20166] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0 [ 975.671325][T20166] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 975.671336][T20166] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 975.671348][T20166] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 975.671359][T20166] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 975.671385][T20166] [ 975.999262][T15256] usb 42-1: device descriptor read/8, error -110 [ 976.252616][T18270] usb usb44-port1: unable to enumerate USB device [ 976.310586][T20175] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 976.312923][T20175] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 976.316395][T20175] vhci_hcd vhci_hcd.0: Device attached [ 976.385903][T20175] rdma_rxe: rxe_newlink: failed to add wg2 [ 976.390827][T15256] usb usb42-port1: attempt power cycle [ 976.589458][ T24] usb 38-1: SetAddress Request (100) to port 0 [ 976.592576][ T24] usb 38-1: new SuperSpeed USB device number 100 using vhci_hcd [ 976.914249][T20176] vhci_hcd: connection reset by peer [ 976.916834][T18315] vhci_hcd vhci_hcd.0: stop threads [ 976.919070][T18315] vhci_hcd vhci_hcd.0: release socket [ 976.921414][T18315] vhci_hcd vhci_hcd.0: disconnect device [ 976.970393][T15256] usb usb42-port1: unable to enumerate USB device [ 977.039479][T13148] Bluetooth: hci4: command 0x040f tx timeout [ 977.119619][T16703] Bluetooth: hci3: command 0x0c1a tx timeout [ 977.119691][T13148] Bluetooth: hci1: command 0x0c1a tx timeout [ 977.129511][T13148] Bluetooth: hci0: command 0x040f tx timeout [ 977.500340][T20181] binder: 20180:20181 ioctl d000943d 80003880 returned -22 [ 977.507259][T20181] binder: 20180:20181 ioctl d0009411 80001880 returned -22 [ 977.603908][T20181] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3387'. [ 977.961732][T20192] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 977.964457][T20192] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 977.973880][T20192] vhci_hcd vhci_hcd.0: Device attached [ 978.227478][T20205] FAULT_INJECTION: forcing a failure. [ 978.227478][T20205] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 978.239759][T20205] CPU: 0 UID: 0 PID: 20205 Comm: syz.1.3393 Not tainted syzkaller #0 PREEMPT(full) [ 978.239794][T20205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 978.239804][T20205] Call Trace: [ 978.239818][T20205] [ 978.239825][T20205] dump_stack_lvl+0x16c/0x1f0 [ 978.239851][T20205] should_fail_ex+0x512/0x640 [ 978.239870][T20205] _copy_from_user+0x2e/0xd0 [ 978.239968][T20205] get_compat_msghdr+0xa7/0x170 [ 978.240032][T20205] ? __pfx_get_compat_msghdr+0x10/0x10 [ 978.240053][T20205] ___sys_sendmsg+0x1ae/0x1d0 [ 978.240071][T20205] ? __pfx____sys_sendmsg+0x10/0x10 [ 978.240092][T20205] ? find_held_lock+0x2b/0x80 [ 978.240116][T20205] __sys_sendmsg+0x16d/0x220 [ 978.240130][T20205] ? __pfx___sys_sendmsg+0x10/0x10 [ 978.240150][T20205] ? do_user_addr_fault+0x843/0x1370 [ 978.240166][T20205] __do_fast_syscall_32+0xe8/0x680 [ 978.240187][T20205] do_fast_syscall_32+0x32/0x80 [ 978.240204][T20205] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 978.240219][T20205] RIP: 0023:0xf700d579 [ 978.240229][T20205] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 978.240240][T20205] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 978.240252][T20205] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 978.240259][T20205] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000 [ 978.240266][T20205] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 978.240272][T20205] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 978.240279][T20205] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 978.240293][T20205] [ 978.405883][T20192] rdma_rxe: rxe_newlink: failed to add wg2 [ 978.560068][ T53] usb 40-1: device descriptor read/8, error -110 [ 979.290851][ T53] usb usb40-port1: attempt power cycle [ 979.483049][T20207] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 979.485319][T20207] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 979.488551][T20207] vhci_hcd vhci_hcd.0: Device attached [ 979.579773][T20207] syz2: rxe_newlink: already configured on wg2 [ 979.618245][T20193] vhci_hcd: connection closed [ 979.632112][T19478] vhci_hcd vhci_hcd.0: stop threads [ 979.637165][T19478] vhci_hcd vhci_hcd.0: release socket [ 979.641760][T19478] vhci_hcd vhci_hcd.0: disconnect device [ 979.645051][T20215] FAULT_INJECTION: forcing a failure. [ 979.645051][T20215] name failslab, interval 1, probability 0, space 0, times 0 [ 979.649803][T20215] CPU: 3 UID: 0 PID: 20215 Comm: syz.3.3396 Not tainted syzkaller #0 PREEMPT(full) [ 979.649820][T20215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 979.649827][T20215] Call Trace: [ 979.649832][T20215] [ 979.649837][T20215] dump_stack_lvl+0x16c/0x1f0 [ 979.649859][T20215] should_fail_ex+0x512/0x640 [ 979.649872][T20215] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 979.649889][T20215] should_failslab+0xc2/0x120 [ 979.649907][T20215] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 979.649921][T20215] ? sock_alloc_inode+0x25/0x1c0 [ 979.649941][T20215] ? __pfx_sock_alloc_inode+0x10/0x10 [ 979.649974][T20215] ? sock_alloc_inode+0x25/0x1c0 [ 979.649990][T20215] sock_alloc_inode+0x25/0x1c0 [ 979.650005][T20215] alloc_inode+0x64/0x240 [ 979.650018][T20215] sock_alloc+0x40/0x280 [ 979.650034][T20215] do_accept+0xf7/0x530 [ 979.650045][T20215] ? do_raw_spin_lock+0x12c/0x2b0 [ 979.650059][T20215] ? __pfx_do_accept+0x10/0x10 [ 979.650079][T20215] __sys_accept4_file+0xcd/0x210 [ 979.650090][T20215] ? __pfx___sys_accept4_file+0x10/0x10 [ 979.650106][T20215] __ia32_sys_accept4+0xd5/0x150 [ 979.650119][T20215] __do_fast_syscall_32+0xe8/0x680 [ 979.650138][T20215] do_fast_syscall_32+0x32/0x80 [ 979.650156][T20215] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 979.650170][T20215] RIP: 0023:0xf703d579 [ 979.650179][T20215] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 979.650190][T20215] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 000000000000016c [ 979.650201][T20215] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 979.650208][T20215] RDX: 0000000000000000 RSI: 0000000000080800 RDI: 0000000000000000 [ 979.650217][T20215] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 979.650223][T20215] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 979.650230][T20215] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 979.650243][T20215] [ 979.740795][ T53] usb 40-1: SetAddress Request (96) to port 0 [ 979.743632][ T53] usb 40-1: new SuperSpeed USB device number 96 using vhci_hcd [ 979.761745][T20216] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 979.764056][T20216] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 979.767254][T20216] vhci_hcd vhci_hcd.0: Device attached [ 979.814994][T20212] vhci_hcd: connection reset by peer [ 979.818040][T19478] vhci_hcd vhci_hcd.1: stop threads [ 979.825997][T19478] vhci_hcd vhci_hcd.1: release socket [ 979.829811][T19478] vhci_hcd vhci_hcd.1: disconnect device [ 979.895108][T20216] rdma_rxe: rxe_newlink: failed to add wg2 [ 980.005304][T20217] vhci_hcd: connection closed [ 980.005650][ T90] vhci_hcd vhci_hcd.2: stop threads [ 980.009210][ T90] vhci_hcd vhci_hcd.2: release socket [ 980.011162][ T90] vhci_hcd vhci_hcd.2: disconnect device [ 980.030388][T15924] usb 42-1: enqueue for inactive port 0 [ 980.409156][T20233] FAULT_INJECTION: forcing a failure. [ 980.409156][T20233] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 980.415701][T20233] CPU: 0 UID: 0 PID: 20233 Comm: syz.1.3400 Not tainted syzkaller #0 PREEMPT(full) [ 980.415731][T20233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 980.415744][T20233] Call Trace: [ 980.415752][T20233] [ 980.415760][T20233] dump_stack_lvl+0x16c/0x1f0 [ 980.415792][T20233] should_fail_ex+0x512/0x640 [ 980.415818][T20233] _copy_to_user+0x32/0xd0 [ 980.415840][T20233] simple_read_from_buffer+0xcb/0x170 [ 980.415869][T20233] proc_fail_nth_read+0x197/0x240 [ 980.415900][T20233] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 980.415931][T20233] ? rw_verify_area+0xcf/0x6c0 [ 980.415955][T20233] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 980.415985][T20233] vfs_read+0x1e4/0xcf0 [ 980.416012][T20233] ? __pfx___mutex_lock+0x10/0x10 [ 980.416043][T20233] ? __pfx_vfs_read+0x10/0x10 [ 980.416065][T20233] ? find_held_lock+0x2b/0x80 [ 980.416107][T20233] ? __fget_files+0x20e/0x3c0 [ 980.416140][T20233] ksys_read+0x12a/0x250 [ 980.416165][T20233] ? __pfx_ksys_read+0x10/0x10 [ 980.416198][T20233] __do_fast_syscall_32+0xe8/0x680 [ 980.416229][T20233] do_fast_syscall_32+0x32/0x80 [ 980.416258][T20233] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 980.416281][T20233] RIP: 0023:0xf700d579 [ 980.416296][T20233] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 980.416321][T20233] RSP: 002b:00000000f53fd590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 980.416340][T20233] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f53fd620 [ 980.416353][T20233] RDX: 000000000000000f RSI: 00000000f73a6ff4 RDI: 0000000000000000 [ 980.416364][T20233] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 980.416375][T20233] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 980.416387][T20233] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 980.416412][T20233] [ 980.443650][T20236] netlink: 'syz.1.3401': attribute type 1 has an invalid length. [ 980.503186][T20230] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 980.505733][T20230] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 980.508081][T20230] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 980.510706][T20230] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 980.531358][T15924] usb usb42-port1: attempt power cycle [ 980.536770][T20236] 8021q: adding VLAN 0 to HW filter on device bond3 [ 980.552377][T20238] 8021q: adding VLAN 0 to HW filter on device bond3 [ 980.555172][T20238] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 980.559940][T20238] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 980.613764][T20236] bond4: entered promiscuous mode [ 980.620395][T20236] bond4 (unregistering): Released all slaves [ 980.643430][T20242] macvlan2: entered promiscuous mode [ 980.645392][T20242] macvlan2: entered allmulticast mode [ 980.648298][T20242] bond3: entered promiscuous mode [ 980.653608][T20242] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 980.659619][T20242] bond3: left promiscuous mode [ 980.865543][T20254] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3407'. [ 980.872742][T20254] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3407'. [ 981.101216][T15924] usb usb42-port1: unable to enumerate USB device [ 981.690631][ T24] usb 38-1: device descriptor read/8, error -110 [ 981.987612][T20263] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3408'. [ 982.001384][T20263] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3408'. [ 982.101580][ T24] usb usb38-port1: attempt power cycle [ 982.464527][T20273] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 982.466776][T20273] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 982.469828][T20273] vhci_hcd vhci_hcd.0: Device attached [ 982.560890][T16703] Bluetooth: hci3: command 0x0c1a tx timeout [ 982.563219][T16703] Bluetooth: hci0: command 0x040f tx timeout [ 982.567208][T16703] Bluetooth: hci4: command 0x040f tx timeout [ 982.567245][T13148] Bluetooth: hci1: command 0x0c1a tx timeout [ 982.577070][T20273] rdma_rxe: rxe_newlink: failed to add wg2 [ 982.682030][ T24] usb usb38-port1: unable to enumerate USB device [ 982.761031][T18270] usb 42-1: SetAddress Request (126) to port 0 [ 982.764492][T18270] usb 42-1: new SuperSpeed USB device number 126 using vhci_hcd [ 982.978511][T20274] vhci_hcd: connection reset by peer [ 982.983979][ T62] vhci_hcd vhci_hcd.2: stop threads [ 982.986299][ T62] vhci_hcd vhci_hcd.2: release socket [ 982.988434][ T62] vhci_hcd vhci_hcd.2: disconnect device [ 983.279944][T20283] FAULT_INJECTION: forcing a failure. [ 983.279944][T20283] name failslab, interval 1, probability 0, space 0, times 0 [ 983.284756][T20283] CPU: 0 UID: 0 PID: 20283 Comm: syz.1.3413 Not tainted syzkaller #0 PREEMPT(full) [ 983.284773][T20283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 983.284781][T20283] Call Trace: [ 983.284786][T20283] [ 983.284792][T20283] dump_stack_lvl+0x16c/0x1f0 [ 983.284814][T20283] should_fail_ex+0x512/0x640 [ 983.284827][T20283] ? fs_reclaim_acquire+0xae/0x150 [ 983.284846][T20283] should_failslab+0xc2/0x120 [ 983.284864][T20283] __kmalloc_noprof+0xeb/0x910 [ 983.284877][T20283] ? tomoyo_encode2+0x100/0x3e0 [ 983.284895][T20283] ? tomoyo_encode2+0x100/0x3e0 [ 983.284909][T20283] tomoyo_encode2+0x100/0x3e0 [ 983.284931][T20283] tomoyo_encode+0x29/0x50 [ 983.284945][T20283] tomoyo_realpath_from_path+0x18f/0x6e0 [ 983.284962][T20283] ? tomoyo_profile+0x47/0x60 [ 983.284980][T20283] tomoyo_path_number_perm+0x245/0x580 [ 983.284992][T20283] ? tomoyo_path_number_perm+0x237/0x580 [ 983.285006][T20283] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 983.285032][T20283] ? find_held_lock+0x2b/0x80 [ 983.285047][T20283] ? hook_file_ioctl_common+0x144/0x410 [ 983.285063][T20283] ? __fget_files+0x20e/0x3c0 [ 983.285079][T20283] ? fput+0x70/0xf0 [ 983.285092][T20283] security_file_ioctl_compat+0x9b/0x240 [ 983.285108][T20283] __ia32_compat_sys_ioctl+0xc3/0x370 [ 983.285124][T20283] __do_fast_syscall_32+0xe8/0x680 [ 983.285144][T20283] do_fast_syscall_32+0x32/0x80 [ 983.285162][T20283] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 983.285177][T20283] RIP: 0023:0xf700d579 [ 983.285186][T20283] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 983.285197][T20283] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 983.285208][T20283] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008946 [ 983.285216][T20283] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 983.285222][T20283] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 983.285229][T20283] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 983.285235][T20283] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 983.285249][T20283] [ 983.285264][T20283] ERROR: Out of memory at tomoyo_realpath_from_path. [ 983.302613][T20285] FAULT_INJECTION: forcing a failure. [ 983.302613][T20285] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 983.377222][T20285] CPU: 1 UID: 0 PID: 20285 Comm: syz.3.3412 Not tainted syzkaller #0 PREEMPT(full) [ 983.377240][T20285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 983.377248][T20285] Call Trace: [ 983.377253][T20285] [ 983.377258][T20285] dump_stack_lvl+0x16c/0x1f0 [ 983.377281][T20285] should_fail_ex+0x512/0x640 [ 983.377297][T20285] _copy_to_user+0x32/0xd0 [ 983.377312][T20285] simple_read_from_buffer+0xcb/0x170 [ 983.377331][T20285] proc_fail_nth_read+0x197/0x240 [ 983.377351][T20285] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 983.377372][T20285] ? rw_verify_area+0xcf/0x6c0 [ 983.377388][T20285] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 983.377407][T20285] vfs_read+0x1e4/0xcf0 [ 983.377425][T20285] ? __pfx___mutex_lock+0x10/0x10 [ 983.377445][T20285] ? __pfx_vfs_read+0x10/0x10 [ 983.377461][T20285] ? find_held_lock+0x2b/0x80 [ 983.377481][T20285] ? __fget_files+0x20e/0x3c0 [ 983.377502][T20285] ksys_read+0x12a/0x250 [ 983.377518][T20285] ? __pfx_ksys_read+0x10/0x10 [ 983.377535][T20285] ? do_user_addr_fault+0x843/0x1370 [ 983.377553][T20285] __do_fast_syscall_32+0xe8/0x680 [ 983.377590][T20285] do_fast_syscall_32+0x32/0x80 [ 983.377619][T20285] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 983.377642][T20285] RIP: 0023:0xf703d579 [ 983.377656][T20285] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 983.377673][T20285] RSP: 002b:00000000f542d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 983.377692][T20285] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f542d620 [ 983.377705][T20285] RDX: 000000000000000f RSI: 00000000f73d6ff4 RDI: 0000000000000000 [ 983.377715][T20285] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 983.377728][T20285] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 983.377740][T20285] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 983.377765][T20285] [ 983.681182][T20290] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 983.683428][T20290] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 983.689578][T20290] vhci_hcd vhci_hcd.0: Device attached [ 983.737588][T20290] random: crng reseeded on system resumption [ 983.751970][T20304] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3417'. [ 983.759088][T20304] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3417'. [ 984.630774][T20298] vhci_hcd: connection closed [ 984.641813][T18315] vhci_hcd vhci_hcd.1: stop threads [ 984.646191][T18315] vhci_hcd vhci_hcd.1: release socket [ 984.655909][T18315] vhci_hcd vhci_hcd.1: disconnect device [ 984.801546][ T53] usb 40-1: device descriptor read/8, error -110 [ 984.949432][T20323] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3419'. [ 985.202170][ T53] usb usb40-port1: unable to enumerate USB device [ 985.204765][T20326] overlay: Unknown parameter '/' [ 986.345188][T20338] FAULT_INJECTION: forcing a failure. [ 986.345188][T20338] name failslab, interval 1, probability 0, space 0, times 0 [ 986.350865][T20338] CPU: 3 UID: 0 PID: 20338 Comm: syz.1.3424 Not tainted syzkaller #0 PREEMPT(full) [ 986.350885][T20338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 986.350996][T20338] Call Trace: [ 986.351005][T20338] [ 986.351011][T20338] dump_stack_lvl+0x16c/0x1f0 [ 986.351036][T20338] should_fail_ex+0x512/0x640 [ 986.351051][T20338] ? fs_reclaim_acquire+0xae/0x150 [ 986.351072][T20338] should_failslab+0xc2/0x120 [ 986.351091][T20338] __kmalloc_noprof+0xeb/0x910 [ 986.351105][T20338] ? tomoyo_encode2+0x100/0x3e0 [ 986.351124][T20338] ? tomoyo_encode2+0x100/0x3e0 [ 986.351138][T20338] tomoyo_encode2+0x100/0x3e0 [ 986.351162][T20338] tomoyo_encode+0x29/0x50 [ 986.351177][T20338] tomoyo_realpath_from_path+0x18f/0x6e0 [ 986.351196][T20338] tomoyo_path_number_perm+0x245/0x580 [ 986.351208][T20338] ? tomoyo_path_number_perm+0x237/0x580 [ 986.351222][T20338] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 986.351249][T20338] ? find_held_lock+0x2b/0x80 [ 986.351265][T20338] ? hook_file_ioctl_common+0x144/0x410 [ 986.351283][T20338] ? __fget_files+0x20e/0x3c0 [ 986.351299][T20338] ? fput+0x70/0xf0 [ 986.351313][T20338] security_file_ioctl_compat+0x9b/0x240 [ 986.351329][T20338] __ia32_compat_sys_ioctl+0xc3/0x370 [ 986.351346][T20338] __do_fast_syscall_32+0xe8/0x680 [ 986.351366][T20338] do_fast_syscall_32+0x32/0x80 [ 986.351384][T20338] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 986.351399][T20338] RIP: 0023:0xf700d579 [ 986.351410][T20338] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 986.351422][T20338] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 986.351434][T20338] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0cc5605 [ 986.351441][T20338] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 986.351448][T20338] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 986.351455][T20338] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 986.351462][T20338] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 986.351476][T20338] [ 986.351491][T20338] ERROR: Out of memory at tomoyo_realpath_from_path. [ 986.427188][T20342] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 986.440902][T20342] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 986.456058][T20342] vhci_hcd vhci_hcd.0: Device attached [ 986.584619][T20356] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3427'. [ 986.734558][T14363] usb 44-1: SetAddress Request (110) to port 0 [ 986.740173][T14363] usb 44-1: new SuperSpeed USB device number 110 using vhci_hcd [ 986.954603][T20362] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3428'. [ 987.433030][T20362] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3428'. [ 987.848059][T20343] vhci_hcd: connection reset by peer [ 987.854137][T18270] usb 42-1: device descriptor read/8, error -110 [ 987.864482][ T1145] vhci_hcd vhci_hcd.3: stop threads [ 987.866645][ T1145] vhci_hcd vhci_hcd.3: release socket [ 987.872596][ T1145] vhci_hcd vhci_hcd.3: disconnect device [ 988.601003][T20373] bridge_slave_0: left allmulticast mode [ 988.603207][T20373] bridge_slave_0: left promiscuous mode [ 988.605661][T20373] bridge0: port 1(bridge_slave_0) entered disabled state [ 988.715716][T20380] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 988.717952][T20380] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 988.720724][T20380] vhci_hcd vhci_hcd.0: Device attached [ 989.032447][T16448] usb 38-1: SetAddress Request (104) to port 0 [ 989.034704][T16448] usb 38-1: new SuperSpeed USB device number 104 using vhci_hcd [ 989.058859][T18270] usb usb42-port1: attempt power cycle [ 989.104919][T20381] vhci_hcd: connection closed [ 989.108675][ T8946] vhci_hcd vhci_hcd.0: stop threads [ 989.112645][ T8946] vhci_hcd vhci_hcd.0: release socket [ 989.114896][ T8946] vhci_hcd vhci_hcd.0: disconnect device [ 989.117245][T16448] usb 38-1: enqueue for inactive port 0 [ 989.591949][T20392] overlay: Unknown parameter '/' [ 989.814580][T18270] usb usb42-port1: unable to enumerate USB device [ 991.173467][T16448] usb usb38-port1: attempt power cycle [ 991.204700][T20390] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 991.207495][T20390] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 991.211056][T20390] vhci_hcd vhci_hcd.0: Device attached [ 991.276131][T20390] syz2: rxe_newlink: already configured on wg2 [ 991.344217][T20400] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3441'. [ 991.349497][T20400] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3441'. [ 991.482987][ T53] usb 40-1: SetAddress Request (98) to port 0 [ 991.485175][ T53] usb 40-1: new SuperSpeed USB device number 98 using vhci_hcd [ 991.754308][T16448] usb usb38-port1: unable to enumerate USB device [ 992.173099][T20395] vhci_hcd: connection reset by peer [ 992.175647][ T90] vhci_hcd vhci_hcd.1: stop threads [ 992.178273][ T90] vhci_hcd vhci_hcd.1: release socket [ 992.181260][ T90] vhci_hcd vhci_hcd.1: disconnect device [ 992.253741][T20412] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3443'. [ 992.263340][T20408] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 992.265635][T20408] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 992.267953][T20408] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 992.653503][T14363] usb 44-1: device descriptor read/8, error -110 [ 993.258984][T14363] usb usb44-port1: attempt power cycle [ 994.243569][ T5947] Bluetooth: hci4: command 0x040f tx timeout [ 994.333664][T13148] Bluetooth: hci3: command 0x0c1a tx timeout [ 994.336657][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout [ 994.745460][T14363] usb usb44-port1: unable to enumerate USB device [ 995.096917][T20452] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3451'. [ 995.184385][T20455] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 995.186537][T20455] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 995.191918][T20455] vhci_hcd vhci_hcd.0: Device attached [ 995.327856][T20455] rdma_rxe: rxe_newlink: failed to add wg2 [ 995.515891][T18270] usb 38-1: SetAddress Request (108) to port 0 [ 995.555882][T18270] usb 38-1: new SuperSpeed USB device number 108 using vhci_hcd [ 995.845978][T20456] vhci_hcd: connection reset by peer [ 995.865835][ T8946] vhci_hcd vhci_hcd.0: stop threads [ 995.867787][ T8946] vhci_hcd vhci_hcd.0: release socket [ 995.869607][ T8946] vhci_hcd vhci_hcd.0: disconnect device [ 995.954270][T20463] netlink: 'syz.1.3453': attribute type 4 has an invalid length. [ 996.147625][T20470] FAULT_INJECTION: forcing a failure. [ 996.147625][T20470] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 996.152080][T20470] CPU: 3 UID: 0 PID: 20470 Comm: syz.3.3456 Not tainted syzkaller #0 PREEMPT(full) [ 996.152096][T20470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 996.152104][T20470] Call Trace: [ 996.152109][T20470] [ 996.152118][T20470] dump_stack_lvl+0x16c/0x1f0 [ 996.152139][T20470] should_fail_ex+0x512/0x640 [ 996.152155][T20470] _copy_from_iter+0x2a4/0x16c0 [ 996.152171][T20470] ? __pfx__copy_from_iter+0x10/0x10 [ 996.152184][T20470] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 996.152206][T20470] copy_page_from_iter+0xde/0x180 [ 996.152220][T20470] tun_build_skb.constprop.0+0x2e8/0x1560 [ 996.152238][T20470] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 996.152253][T20470] ? __lock_acquire+0x436/0x2890 [ 996.152264][T20470] ? __lock_acquire+0x436/0x2890 [ 996.152279][T20470] ? find_held_lock+0x2b/0x80 [ 996.152295][T20470] tun_get_user+0x149c/0x3cc0 [ 996.152312][T20470] ? __pfx_tun_get_user+0x10/0x10 [ 996.152325][T20470] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 996.152343][T20470] ? find_held_lock+0x2b/0x80 [ 996.152357][T20470] ? tun_get+0x191/0x370 [ 996.152371][T20470] tun_chr_write_iter+0xdc/0x210 [ 996.152384][T20470] vfs_write+0x7d3/0x11d0 [ 996.152401][T20470] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 996.152414][T20470] ? __pfx_vfs_write+0x10/0x10 [ 996.152429][T20470] ? find_held_lock+0x2b/0x80 [ 996.152450][T20470] ksys_write+0x12a/0x250 [ 996.152466][T20470] ? __pfx_ksys_write+0x10/0x10 [ 996.152482][T20470] ? do_user_addr_fault+0x843/0x1370 [ 996.152500][T20470] __do_fast_syscall_32+0xe8/0x680 [ 996.152528][T20470] do_fast_syscall_32+0x32/0x80 [ 996.152557][T20470] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 996.152579][T20470] RIP: 0023:0xf703d579 [ 996.152594][T20470] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 996.152609][T20470] RSP: 002b:00000000f542d520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 996.152620][T20470] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080001800 [ 996.152627][T20470] RDX: 000000000000002a RSI: 00000000f73d6ff4 RDI: 0000000000000000 [ 996.152634][T20470] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 996.152641][T20470] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 996.152647][T20470] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 996.152661][T20470] [ 996.487046][T20476] 9pnet_virtio: no channels available for device syz [ 996.493273][T20476] overlayfs: overlapping lowerdir path [ 996.502415][T20476] overlayfs: overlapping lowerdir path [ 996.516285][T20478] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3458'. [ 996.564216][ T53] usb 40-1: device descriptor read/8, error -110 [ 996.629691][T20487] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3460'. [ 996.957871][ T53] usb usb40-port1: attempt power cycle [ 997.058952][T20494] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 997.061083][T20494] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 997.064645][T20494] vhci_hcd vhci_hcd.0: Device attached [ 997.200387][T20494] syz2: rxe_newlink: already configured on wg2 [ 997.304312][ T53] usb 40-1: SetAddress Request (100) to port 0 [ 997.306550][ T53] usb 40-1: new SuperSpeed USB device number 100 using vhci_hcd [ 997.675511][T20505] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 997.678551][T20505] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 997.683224][T20505] vhci_hcd vhci_hcd.0: Device attached [ 997.964670][ T6034] usb 42-1: SetAddress Request (4) to port 0 [ 997.964709][ T6034] usb 42-1: new SuperSpeed USB device number 4 using vhci_hcd [ 998.087674][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.318656][T20495] vhci_hcd: connection reset by peer [ 998.328075][ T62] vhci_hcd vhci_hcd.1: stop threads [ 998.329842][ T62] vhci_hcd vhci_hcd.1: release socket [ 998.334515][ T62] vhci_hcd vhci_hcd.1: disconnect device [ 998.531288][T20505] rdma_rxe: rxe_newlink: failed to add wg2 [ 998.821757][T20506] vhci_hcd: connection reset by peer [ 998.832412][T19367] vhci_hcd vhci_hcd.2: stop threads [ 998.835278][T19367] vhci_hcd vhci_hcd.2: release socket [ 998.838976][T19367] vhci_hcd vhci_hcd.2: disconnect device [ 999.124754][T20533] FAULT_INJECTION: forcing a failure. [ 999.124754][T20533] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 999.129732][T20533] CPU: 0 UID: 0 PID: 20533 Comm: syz.0.3469 Tainted: G L syzkaller #0 PREEMPT(full) [ 999.129753][T20533] Tainted: [L]=SOFTLOCKUP [ 999.129757][T20533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 999.129771][T20533] Call Trace: [ 999.129776][T20533] [ 999.129783][T20533] dump_stack_lvl+0x16c/0x1f0 [ 999.129804][T20533] should_fail_ex+0x512/0x640 [ 999.129819][T20533] _copy_from_user+0x2e/0xd0 [ 999.129833][T20533] get_old_itimerspec32+0xfa/0x1d0 [ 999.129846][T20533] ? __pfx_get_old_itimerspec32+0x10/0x10 [ 999.129859][T20533] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 999.129879][T20533] __ia32_sys_timer_settime32+0x1a5/0x2c0 [ 999.129896][T20533] ? __pfx___ia32_sys_timer_settime32+0x10/0x10 [ 999.129977][T20533] ? fput+0x70/0xf0 [ 999.129993][T20533] ? do_user_addr_fault+0x843/0x1370 [ 999.130008][T20533] ? rcu_is_watching+0x12/0xc0 [ 999.130027][T20533] __do_fast_syscall_32+0xe8/0x680 [ 999.130049][T20533] do_fast_syscall_32+0x32/0x80 [ 999.130067][T20533] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 999.130083][T20533] RIP: 0023:0xf700d579 [ 999.130093][T20533] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 999.130105][T20533] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000104 [ 999.130116][T20533] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000001 [ 999.130123][T20533] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 999.130130][T20533] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 999.130136][T20533] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 999.130143][T20533] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 999.130157][T20533] [ 999.145341][T20535] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3470'. [ 999.638763][T20547] 9pnet_virtio: no channels available for device syz [ 999.644484][T20547] overlayfs: overlapping lowerdir path [ 999.650253][T20547] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 999.653390][T20547] overlayfs: overlapping lowerdir path [ 1000.052650][T20552] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3474'. [ 1000.645483][T18270] usb 38-1: device descriptor read/8, error -110 [ 1001.036859][T18270] usb usb38-port1: attempt power cycle [ 1001.198211][T20571] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 1001.200395][T20571] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1001.226690][T20571] vhci_hcd vhci_hcd.0: Device attached [ 1001.289270][T20571] rdma_rxe: rxe_newlink: failed to add wg2 [ 1001.347182][T20575] wg2 speed is unknown, defaulting to 1000 [ 1001.356563][T20570] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 1001.358792][T20570] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1001.364334][T20570] vhci_hcd vhci_hcd.0: Device attached [ 1001.457266][T20578] wg2 speed is unknown, defaulting to 1000 [ 1001.635586][T18270] usb usb38-port1: unable to enumerate USB device [ 1001.645302][ T24] usb 44-1: SetAddress Request (114) to port 0 [ 1001.647822][ T24] usb 44-1: new SuperSpeed USB device number 114 using vhci_hcd [ 1001.697584][T20570] rdma_rxe: rxe_newlink: failed to add wg2 [ 1001.889070][T20572] vhci_hcd: connection closed [ 1001.895751][T19862] vhci_hcd vhci_hcd.2: stop threads [ 1001.899701][T19862] vhci_hcd vhci_hcd.2: release socket [ 1001.907683][T19862] vhci_hcd vhci_hcd.2: disconnect device [ 1002.160196][T20576] vhci_hcd: connection reset by peer [ 1002.162438][ T8946] vhci_hcd vhci_hcd.3: stop threads [ 1002.164463][ T8946] vhci_hcd vhci_hcd.3: release socket [ 1002.166647][ T8946] vhci_hcd vhci_hcd.3: disconnect device [ 1002.169971][T20579] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1002.172430][T20579] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1002.175001][T20579] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1002.409560][ T53] usb 40-1: device descriptor read/8, error -110 [ 1002.806076][ T53] usb usb40-port1: unable to enumerate USB device [ 1003.067718][ T6034] usb 42-1: device descriptor read/8, error -110 [ 1003.486305][ T6034] usb usb42-port1: attempt power cycle [ 1003.605674][T13148] Bluetooth: hci4: command 0x040f tx timeout [ 1004.066901][ T6034] usb usb42-port1: unable to enumerate USB device [ 1004.099484][T20621] FAULT_INJECTION: forcing a failure. [ 1004.099484][T20621] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1004.103909][T20621] CPU: 3 UID: 0 PID: 20621 Comm: syz.0.3489 Tainted: G L syzkaller #0 PREEMPT(full) [ 1004.103928][T20621] Tainted: [L]=SOFTLOCKUP [ 1004.103932][T20621] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1004.103939][T20621] Call Trace: [ 1004.103945][T20621] [ 1004.103951][T20621] dump_stack_lvl+0x16c/0x1f0 [ 1004.103972][T20621] should_fail_ex+0x512/0x640 [ 1004.103987][T20621] _copy_to_user+0x32/0xd0 [ 1004.104000][T20621] simple_read_from_buffer+0xcb/0x170 [ 1004.104018][T20621] proc_fail_nth_read+0x197/0x240 [ 1004.104037][T20621] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1004.104056][T20621] ? rw_verify_area+0xcf/0x6c0 [ 1004.104070][T20621] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1004.104092][T20621] vfs_read+0x1e4/0xcf0 [ 1004.104109][T20621] ? __pfx___mutex_lock+0x10/0x10 [ 1004.104127][T20621] ? __pfx_vfs_read+0x10/0x10 [ 1004.104141][T20621] ? find_held_lock+0x2b/0x80 [ 1004.104160][T20621] ? __fget_files+0x20e/0x3c0 [ 1004.104179][T20621] ksys_read+0x12a/0x250 [ 1004.104195][T20621] ? __pfx_ksys_read+0x10/0x10 [ 1004.104214][T20621] __do_fast_syscall_32+0xe8/0x680 [ 1004.104233][T20621] do_fast_syscall_32+0x32/0x80 [ 1004.104250][T20621] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1004.104265][T20621] RIP: 0023:0xf700d579 [ 1004.104274][T20621] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1004.104285][T20621] RSP: 002b:00000000f53fd590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1004.104295][T20621] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f53fd620 [ 1004.104302][T20621] RDX: 000000000000000f RSI: 00000000f73a6ff4 RDI: 0000000000000000 [ 1004.104309][T20621] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1004.104315][T20621] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1004.104322][T20621] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1004.104336][T20621] [ 1004.233852][T20626] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 1004.237183][T20626] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1004.246451][T13148] Bluetooth: hci1: command 0x0c1a tx timeout [ 1004.246503][T16703] Bluetooth: hci3: command 0x0c1a tx timeout [ 1004.256506][T20626] vhci_hcd vhci_hcd.0: Device attached [ 1004.653167][ T62] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1004.656915][ T62] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1004.800198][T16703] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1004.802678][ T62] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1004.807873][T16703] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1004.811485][T16703] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1004.814243][T16703] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1004.817294][T16703] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1004.820564][ T62] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1004.869290][T20627] vhci_hcd: connection closed [ 1004.869520][T19367] vhci_hcd vhci_hcd.3: stop threads [ 1004.873081][T19367] vhci_hcd vhci_hcd.3: release socket [ 1004.875248][T20641] wg2 speed is unknown, defaulting to 1000 [ 1004.878038][T19367] vhci_hcd vhci_hcd.3: disconnect device [ 1004.920844][T20644] FAULT_INJECTION: forcing a failure. [ 1004.920844][T20644] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1004.928221][T20644] CPU: 0 UID: 0 PID: 20644 Comm: syz.1.3497 Tainted: G L syzkaller #0 PREEMPT(full) [ 1004.928252][T20644] Tainted: [L]=SOFTLOCKUP [ 1004.928259][T20644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1004.928270][T20644] Call Trace: [ 1004.928277][T20644] [ 1004.928285][T20644] dump_stack_lvl+0x16c/0x1f0 [ 1004.928317][T20644] should_fail_ex+0x512/0x640 [ 1004.928343][T20644] _copy_from_user+0x2e/0xd0 [ 1004.928365][T20644] memdup_user+0x6b/0xe0 [ 1004.928388][T20644] strndup_user+0x78/0xe0 [ 1004.928411][T20644] __ia32_sys_mount+0x17f/0x310 [ 1004.928430][T20644] ? __pfx___ia32_sys_mount+0x10/0x10 [ 1004.928447][T20644] ? do_user_addr_fault+0x843/0x1370 [ 1004.928470][T20644] __do_fast_syscall_32+0xe8/0x680 [ 1004.928499][T20644] do_fast_syscall_32+0x32/0x80 [ 1004.928524][T20644] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1004.928546][T20644] RIP: 0023:0xf700d579 [ 1004.928559][T20644] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1004.928575][T20644] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 1004.928592][T20644] RAX: ffffffffffffffda RBX: 0000000080000100 RCX: 0000000080000180 [ 1004.928604][T20644] RDX: 0000000000000000 RSI: 00000000018e5811 RDI: 0000000000000000 [ 1004.928614][T20644] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1004.928623][T20644] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1004.928634][T20644] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1004.928657][T20644] [ 1004.997429][ T6012] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 1005.073455][ T62] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1005.078629][ T62] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.125293][ T59] syz1: Port: 1 Link DOWN [ 1005.158293][ T6012] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1005.162587][ T6012] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1005.176628][ T6012] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1005.178968][ T62] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1005.181107][ T6012] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1005.184853][ T62] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.196537][ T6012] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1005.207330][ T6012] usb 7-1: config 0 descriptor?? [ 1005.245355][T19367] smc: removing ib device syz1 [ 1005.538683][T20641] chnl_net:caif_netlink_parms(): no params data found [ 1005.642149][ T6012] hid_parser_main: 86 callbacks suppressed [ 1005.642163][ T6012] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1005.644146][ T62] bridge_slave_1: left allmulticast mode [ 1005.644189][ T6012] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1005.647499][ T62] bridge_slave_1: left promiscuous mode [ 1005.648996][ T6012] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1005.653845][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 1005.656343][ T6012] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1005.676512][ T6012] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1005.686801][ T6012] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1005.690381][ T6012] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1005.693347][ T6012] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1005.695886][ T6012] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1005.713755][ T6012] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1005.733393][ T6012] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1005.890121][T20653] netlink: 'syz.3.3500': attribute type 2 has an invalid length. [ 1005.911763][ T59] usb 7-1: USB disconnect, device number 9 [ 1006.140866][T19367] ------------[ cut here ]------------ [ 1006.142951][T19367] GID entry ref leak for dev syz1 index 2 ref=1 [ 1006.145370][T19367] WARNING: drivers/infiniband/core/cache.c:806 at gid_table_release_one+0x1ad/0x450, CPU#2: kworker/u32:17/19367 [ 1006.149464][T19367] Modules linked in: [ 1006.151649][T19367] CPU: 2 UID: 0 PID: 19367 Comm: kworker/u32:17 Tainted: G L syzkaller #0 PREEMPT(full) [ 1006.155412][T19367] Tainted: [L]=SOFTLOCKUP SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1006.156961][T19367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1006.161103][T19367] Workqueue: ib-unreg-wq ib_unregister_work [ 1006.163168][T19367] RIP: 0010:gid_table_release_one+0x1b6/0x450 [ 1006.165562][T19367] Code: 4c 24 38 48 c1 e8 03 4d 01 fc 48 89 44 24 08 eb 54 48 89 34 24 e8 0a 67 4f f9 48 8d 3d c3 87 26 08 48 8b 34 24 89 e9 44 89 f2 <67> 48 0f b9 3a e8 f0 66 4f f9 48 89 d8 41 83 c6 01 48 c1 e8 03 42 [ 1006.174277][T19367] RSP: 0018:ffffc9000417fac8 EFLAGS: 00010293 [ 1006.176933][T19367] RAX: 0000000000000000 RBX: ffff888045449400 RCX: 0000000000000001 [ 1006.179685][T19367] RDX: 0000000000000002 RSI: ffff8880291f1a00 RDI: ffffffff90958bb0 [ 1006.182434][T19367] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffed100a45f320 [ 1006.185236][T19367] R10: ffff8880522f9903 R11: 0000000000002ba1 R12: ffffed1008a8929b [ 1006.188270][T19367] R13: ffff888028f18000 R14: 0000000000000002 R15: dffffc0000000000 [ 1006.190943][T19367] FS: 0000000000000000(0000) GS:ffff8880978fc000(0000) knlGS:0000000000000000 [ 1006.194036][T19367] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1006.197448][T19367] CR2: 000000003420bffc CR3: 0000000024f7e000 CR4: 0000000000352ef0 [ 1006.200468][T19367] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1006.203242][T19367] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1006.206736][T19367] Call Trace: [ 1006.208254][T19367] [ 1006.209229][T19367] ib_device_release+0xef/0x1e0 [ 1006.211012][T19367] ? __pfx_ib_device_release+0x10/0x10 [ 1006.212806][T19367] device_release+0xa4/0x240 [ 1006.214413][T19367] kobject_put+0x1ef/0x6f0 [ 1006.215946][T19367] put_device+0x1f/0x30 [ 1006.217519][T19367] process_one_work+0x9ba/0x1b20 [ 1006.219407][T19367] ? __pfx_process_one_work+0x10/0x10 [ 1006.221403][T19367] ? assign_work+0x1a0/0x250 [ 1006.223898][T19367] worker_thread+0x6c8/0xf10 [ 1006.225689][T19367] ? __kthread_parkme+0x19e/0x250 [ 1006.227973][T19367] ? __pfx_worker_thread+0x10/0x10 [ 1006.229661][T19367] kthread+0x3c5/0x780 [ 1006.231056][T19367] ? __pfx_kthread+0x10/0x10 [ 1006.232550][T19367] ? rcu_is_watching+0x12/0xc0 [ 1006.234173][T19367] ? __pfx_kthread+0x10/0x10 [ 1006.235793][T19367] ret_from_fork+0x983/0xb10 [ 1006.237466][T19367] ? __pfx_ret_from_fork+0x10/0x10 [ 1006.239210][T19367] ? __switch_to+0x7af/0x10d0 [ 1006.240847][T19367] ? __pfx_kthread+0x10/0x10 [ 1006.242411][T19367] ret_from_fork_asm+0x1a/0x30 [ 1006.244236][T19367] [ 1006.245340][T19367] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1006.247810][T19367] CPU: 2 UID: 0 PID: 19367 Comm: kworker/u32:17 Tainted: G L syzkaller #0 PREEMPT(full) [ 1006.251509][T19367] Tainted: [L]=SOFTLOCKUP [ 1006.252955][T19367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1006.256643][T19367] Workqueue: ib-unreg-wq ib_unregister_work [ 1006.258816][T19367] Call Trace: [ 1006.259917][T19367] [ 1006.260998][T19367] dump_stack_lvl+0x3d/0x1f0 [ 1006.262579][T19367] vpanic+0x640/0x6f0 [ 1006.264043][T19367] ? gid_table_release_one+0x1ad/0x450 [ 1006.266006][T19367] panic+0xca/0xd0 [ 1006.267339][T19367] ? __pfx_panic+0x10/0x10 [ 1006.268900][T19367] ? check_panic_on_warn+0x1f/0xb0 [ 1006.270777][T19367] check_panic_on_warn+0xab/0xb0 [ 1006.272479][T19367] __warn+0x108/0x3c0 [ 1006.273918][T19367] __report_bug+0x2a0/0x520 [ 1006.275535][T19367] ? gid_table_release_one+0x1ad/0x450 [ 1006.277488][T19367] ? __pfx___report_bug+0x10/0x10 [ 1006.279230][T19367] report_bug_entry+0xe1/0x290 [ 1006.280845][T19367] ? gid_table_release_one+0x1b6/0x450 [ 1006.282687][T19367] handle_bug+0x18a/0x260 [ 1006.284290][T19367] exc_invalid_op+0x17/0x50 [ 1006.285877][T19367] asm_exc_invalid_op+0x1a/0x20 [ 1006.287641][T19367] RIP: 0010:gid_table_release_one+0x1b6/0x450 [ 1006.289694][T19367] Code: 4c 24 38 48 c1 e8 03 4d 01 fc 48 89 44 24 08 eb 54 48 89 34 24 e8 0a 67 4f f9 48 8d 3d c3 87 26 08 48 8b 34 24 89 e9 44 89 f2 <67> 48 0f b9 3a e8 f0 66 4f f9 48 89 d8 41 83 c6 01 48 c1 e8 03 42 [ 1006.296206][T19367] RSP: 0018:ffffc9000417fac8 EFLAGS: 00010293 [ 1006.298569][T19367] RAX: 0000000000000000 RBX: ffff888045449400 RCX: 0000000000000001 [ 1006.301226][T19367] RDX: 0000000000000002 RSI: ffff8880291f1a00 RDI: ffffffff90958bb0 [ 1006.303806][T19367] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffed100a45f320 [ 1006.306333][T19367] R10: ffff8880522f9903 R11: 0000000000002ba1 R12: ffffed1008a8929b [ 1006.308936][T19367] R13: ffff888028f18000 R14: 0000000000000002 R15: dffffc0000000000 [ 1006.311486][T19367] ? gid_table_release_one+0x1a6/0x450 [ 1006.313389][T19367] ib_device_release+0xef/0x1e0 [ 1006.315237][T19367] ? __pfx_ib_device_release+0x10/0x10 [ 1006.317257][T19367] device_release+0xa4/0x240 [ 1006.318805][T19367] kobject_put+0x1ef/0x6f0 [ 1006.320279][T19367] put_device+0x1f/0x30 [ 1006.321636][T19367] process_one_work+0x9ba/0x1b20 [ 1006.323237][T19367] ? __pfx_process_one_work+0x10/0x10 [ 1006.325031][T19367] ? assign_work+0x1a0/0x250 [ 1006.326556][T19367] worker_thread+0x6c8/0xf10 [ 1006.328206][T19367] ? __kthread_parkme+0x19e/0x250 [ 1006.329865][T19367] ? __pfx_worker_thread+0x10/0x10 [ 1006.331528][T19367] kthread+0x3c5/0x780 [ 1006.332891][T19367] ? __pfx_kthread+0x10/0x10 [ 1006.334502][T19367] ? rcu_is_watching+0x12/0xc0 [ 1006.336138][T19367] ? __pfx_kthread+0x10/0x10 [ 1006.337849][T19367] ret_from_fork+0x983/0xb10 [ 1006.339463][T19367] ? __pfx_ret_from_fork+0x10/0x10 [ 1006.341189][T19367] ? __switch_to+0x7af/0x10d0 [ 1006.342789][T19367] ? __pfx_kthread+0x10/0x10 [ 1006.344365][T19367] ret_from_fork_asm+0x1a/0x30 [ 1006.346009][T19367] [ 1006.347899][T19367] Kernel Offset: disabled [ 1006.349954][T19367] Rebooting in 86400 seconds..