last executing test programs: 4.76374621s ago: executing program 2 (id=1265): syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x102) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x16, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f00000001c0)=ANY=[@ANYRESHEX=0x0], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r1, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec088941"], 0xb0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$dsp1(0xffffff9c, 0x0, 0x30002, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) readv(r3, &(0x7f0000000040)=[{&(0x7f0000000100)=""/144, 0x90}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) io_uring_setup(0x29d5, &(0x7f0000000100)={0x0, 0x9255}) r6 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r6, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) (fail_nth: 3) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000010140)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x37, '\x00', 0x0, 0x2, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0) 4.328851403s ago: executing program 2 (id=1267): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000200)={0x9}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$MRT(0xffffffffffffffff, 0x0, 0xcf, &(0x7f00000001c0), &(0x7f0000000200)=0x4) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, &(0x7f0000000180)={'tunl0\x00', {0x2, 0x4e23, @multicast1}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r5 = io_uring_setup(0x4668, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1}) io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0xc2c45513, &(0x7f00000000c0)={0x9}) 3.885285041s ago: executing program 1 (id=1269): socket$can_j1939(0x1d, 0x2, 0x7) socket$inet_dccp(0x2, 0x6, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd74) syz_io_uring_setup(0x41bd, &(0x7f0000000400)={0x0, 0xab80, 0x2000, 0x0, 0x28b}, 0x0, &(0x7f0000000180)) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) gettid() r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x2, 0x0, 0x40, 0x0, 0x0, 0x6, 0x44a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x180d, 0x80000000, 0x9, 0x0, 0x0, 0xffff82ee, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x80, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_SETUP(r2, 0x5501, 0x0) write$input_event(r2, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) ioctl$UI_END_FF_UPLOAD(r1, 0x406055c9, &(0x7f0000000580)={0xe, 0x2, {0x56, 0x5, 0x0, {0x7ff, 0x3}, {0xa7, 0x7}, @cond=[{0x7, 0x7, 0xfffb, 0x5, 0x8, 0x8}, {0x9, 0xcee5, 0x9, 0x687f, 0xfc00, 0x9c}]}, {0x51, 0xf326, 0x1, {0xa, 0x4}, {0x7, 0xfff}, @cond=[{0x0, 0x7, 0x8, 0x605e, 0x11f, 0x10}, {0x6, 0x5, 0xe624, 0xfffb, 0x0, 0x2}]}}) 3.4735457s ago: executing program 0 (id=1270): r0 = socket$alg(0x26, 0x5, 0x0) (async) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtaction={0x6c, 0x30, 0x709, 0x0, 0x0, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{}, 0x2}}, @TCA_VLAN_PUSH_VLAN_ID={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) (async) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) sendmsg$inet(r2, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@ip_tos_int={{0x10, 0x0, 0x1, 0x6000}}], 0x10}, 0x480c1) (async) fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f0000000600)='key_or_keyring:', &(0x7f0000000640)="3b5f2ceba4892dd63500fb4a30ba717b6b9dcd0a35bb04d939d77c282bfc2c950de224a8a71580f03738bc1afea97355e5594d37111a78de960b21eccb71174d0e2f258a3d8fa92726582711a39a39fbe2d150a140de49ea0f6d2aea0a825e41ac5bcfb6f031b3ebb998ae495814ffd932eab5c0c408bd1cb83796477dffbc5c766876514b65f620b413aaec0f3557eab19335d3d1007b7af5c6218f6057a23fa0da1a6b62447285ad837ae6ec38de", 0xaf) (async) connect$unix(r2, &(0x7f00000002c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) (async) openat$btrfs_control(0xffffff9c, &(0x7f0000000080), 0x6241, 0x0) (async) r4 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r4) (async) ptrace(0x10, 0x1) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000030000000000000002000013020000000100000000000000000040000100000000000000000000000061"], 0x0, 0x3f, 0x0, 0x6, 0x2, 0x0, @void, @value}, 0x28) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58) timer_create(0x1, &(0x7f0000000140)={0x0, 0x200011}, &(0x7f0000000180)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) (async) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) (async) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000907000/0x1000)=nil, 0x1000, 0xb) 3.395024199s ago: executing program 2 (id=1271): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x6c, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x40, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'batadv_slave_0\x00'}, {0x14, 0x1, 'veth1_macvtap\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14}}, 0x94}}, 0x0) ioprio_set$pid(0x2, 0x0, 0x6000) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xc, 0x0, 0x7ffc1ffb}]}) r5 = timerfd_create(0x0, 0x0) timerfd_gettime(r5, &(0x7f00000001c0)) r6 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) ppoll(0x0, 0x0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0, 0x0) socket(0x2, 0x80805, 0x0) sendfile(r1, r1, 0x0, 0x200000) 3.336219923s ago: executing program 0 (id=1273): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = epoll_create1(0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) read(0xffffffffffffffff, &(0x7f0000000640)=""/4096, 0x1000) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x20002015}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) keyctl$read(0xb, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x24}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) recvmmsg(r0, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) 2.456084135s ago: executing program 2 (id=1275): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x6c, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x40, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'batadv_slave_0\x00'}, {0x14, 0x1, 'veth1_macvtap\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14}}, 0x94}}, 0x0) ioprio_set$pid(0x2, 0x0, 0x6000) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xc, 0x0, 0x7ffc1ffb}]}) r5 = timerfd_create(0x0, 0x0) timerfd_gettime(r5, &(0x7f00000001c0)) r6 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) ppoll(0x0, 0x0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0, 0x0) socket(0x2, 0x80805, 0x0) sendfile(r1, r1, 0x0, 0x200000) 2.446916014s ago: executing program 1 (id=1283): r0 = socket(0x1d, 0x6, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x8}, 0x14) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@multicast2, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x80}, {0x0, 0x0, 0x1000, 0x1, 0x0, 0x7fffffffffffffff, 0x0, 0x5}, {0x0, 0x4, 0x200}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1}, {{@in6=@mcast1}, 0x0, @in=@multicast1, 0x3507, 0x0, 0x0, 0x0, 0xfffffffe, 0x4000000, 0xb9}}, 0xe4) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@x86={0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x80, 0x0, 0x0, 0x0, 0x2}) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @pic={0x7, 0x5, 0x2f, 0x5, 0x7, 0x0, 0x5, 0x4, 0x1, 0x2, 0x24, 0xfc, 0x5f, 0x0, 0x3, 0x80}}) r8 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r8, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x1) mount$nfs4(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="6673633d8f"]) setsockopt$SO_BINDTODEVICE_wg(r8, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r8, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 2.380876104s ago: executing program 0 (id=1277): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x6c, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x40, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'batadv_slave_0\x00'}, {0x14, 0x1, 'veth1_macvtap\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14}}, 0x94}}, 0x0) ioprio_set$pid(0x2, 0x0, 0x6000) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xc, 0x0, 0x7ffc1ffb}]}) r5 = timerfd_create(0x0, 0x0) timerfd_gettime(r5, &(0x7f00000001c0)) r6 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) ppoll(0x0, 0x0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0, 0x0) socket(0x2, 0x80805, 0x0) sendfile(r1, r1, 0x0, 0x200000) pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) sendmsg$NFT_MSG_GETCHAIN(r7, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x6c, 0x4, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_CHAIN_COUNTERS={0x4c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x2}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x7}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x9}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x5091}]}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20040040}, 0x44001) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)={0x78, 0x7, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x58, 0x4, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xf}, @NFTA_META_SREG={0x8}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x18}, @NFTA_META_SREG={0x8}]}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x4000) socket$nl_generic(0x10, 0x3, 0x10) 2.190731003s ago: executing program 3 (id=1279): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x4034542f, &(0x7f0000000300)={{0x0, 0x2}}) (fail_nth: 2) 1.955984581s ago: executing program 3 (id=1280): r0 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6(0xa, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000180)={@multicast1, @loopback}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 1.955583984s ago: executing program 3 (id=1281): r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, r0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000280)={r1, r1, 0xc, 0x0, 0x0, 0x9, 0x1, 0x458, 0x9, 0x9, 0x2, 0x7, 'syz0\x00'}) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f0000000000)={0x2, 0x2, 0x73, 0xffffffff}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) mkdir(0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x9) r6 = dup(r5) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="5b00000000000000f1000040"]) r7 = getpid() sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca300000000000024030000c0feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) mount(0x0, &(0x7f00000008c0)='.\x00', &(0x7f0000000900)='erofs\x00', 0x0, 0x0) 1.532598249s ago: executing program 2 (id=1282): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000050000008c0000000c00000088a40400", @ANYRES32, @ANYBLOB="000000020000000000000000000000000000fff9", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00"/11], 0x48) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lblcr\x00'}, 0x2c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r5, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000004c0)={0xffffffffffffffff, r3, 0x1d, 0x0, @val=@uprobe_multi={&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)=[0x7f60a9f3], &(0x7f0000000480)=[0x4, 0x1], 0x7, 0x1, 0x1, r4}}, 0x3c) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="400000001000010001000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="850b0100006163736563300000000000000000000a000100aaaaaaaaaaaa00006106f9fa5b72524c3b024a9af918baaa46d32c1b6bdb257aeb115248a754031b164852d14bb514566c6e6b384d6cd29a250701b85500bcda4a0480485c41d14d08a5fcec54aab62f719e58e40ea257dd22cccf5f6b51806affbd"], 0x40}, 0x1, 0x0, 0x0, 0x90}, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={r8, 0x0, 0x0}, 0x10) r9 = syz_open_dev$tty1(0xc, 0x4, 0x1) r10 = dup(r9) write$UHID_INPUT(r10, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d1bf91b4d090955f70e06d038e7ff7fc6e5539b0d3f0e8b089b3f35076e090890e0878f0e1ac6e7049b3346959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x96d) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.446215296s ago: executing program 0 (id=1284): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r0, r0, 0x0, 0x200000) 1.375231897s ago: executing program 0 (id=1285): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000200)={0x9}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3fff, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xa1, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x7}, 0x4}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$MRT(0xffffffffffffffff, 0x0, 0xcf, &(0x7f00000001c0), &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = io_uring_setup(0x4668, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010062726964676500000c1002800500290004000000"], 0x3c}}, 0x4000000) 1.302436258s ago: executing program 1 (id=1286): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socket$kcm(0x29, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, 0x1, 0x4, 0x201, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFULA_CFG_FLAGS={0x6}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x101}, @NFULA_CFG_CMD={0x5, 0x1, 0x3}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x2}, @NFULA_CFG_MODE={0xa, 0x2, {0x6}}, @NFULA_CFG_CMD={0x5, 0x1, 0x2}, @NFULA_CFG_FLAGS={0x6}]}, 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x8000) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={0xffffffffffffffff}, 0x17, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f00000004c0)=[{0x8, 0x0, [0x2, 0x3ff, 0x4, 0x5a, 0x1, 0x0, 0x5, 0xffff8001, 0x0, 0x7, 0x2, 0xd, 0x7, 0x0, 0x9, 0x9]}, {0x19, 0x0, [0x2, 0x4, 0x2f, 0x2, 0x40, 0x1000, 0xf, 0x5887, 0x7, 0xe4b0, 0x2, 0x3, 0x20000000, 0x7, 0x92da, 0x4]}, {0x34, 0x0, [0x3, 0xe4000000, 0x7fff, 0x8000, 0xf, 0x10000, 0x0, 0x1, 0x0, 0x4, 0x3, 0x7555, 0x7, 0x2, 0xfff, 0xe]}, {0x10, 0x0, [0x9, 0x6, 0x3ff, 0xfff, 0xd, 0x87, 0x4, 0x5, 0xdf, 0x919b, 0x4, 0x7f, 0x8, 0xe6, 0x2, 0x7]}, {0x6, 0x0, [0x5, 0x8, 0x4, 0x100, 0x8, 0x10000, 0x101, 0x1, 0x8, 0x7, 0x3, 0x1, 0x6, 0x401, 0x7, 0x8]}, {0xc, 0x0, [0x8, 0x0, 0xa2, 0x9, 0x1, 0x9, 0x3, 0xd540, 0x1c000, 0x7f, 0x2, 0xfffffffe, 0x2, 0xd, 0x7]}, {0x0, 0x0, [0x8, 0x6, 0xb, 0x5, 0x5968, 0x5, 0x4, 0xccd6, 0x5, 0x40, 0x2, 0x6, 0x7ff, 0x4, 0x9a, 0x8]}], r4, 0x1, 0x1, 0x1f8}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f00000003c0)={0x7, 0x8, 0xfa00, {r3, 0x6}}, 0x10) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) socketpair$unix(0x1, 0x2, 0x0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x6, 0x8010, r0, 0xc1cc2000) ioperm(0xffffffff, 0x1000000d7e2, 0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x4034542f, &(0x7f0000000300)={{0x0, 0x2}}) 1.295352602s ago: executing program 1 (id=1287): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000140)='blkio.throttle.io_serviced\x00', 0x0, 0x0) preadv2(r1, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/205, 0xcd}, {&(0x7f0000000040)=""/120, 0x78}, {&(0x7f0000000200)=""/79, 0x4f}], 0x3, 0x400, 0x0, 0x3f) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r0, &(0x7f0000000140)='blkio.throttle.io_serviced\x00', 0x0, 0x0) (async) preadv2(r1, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/205, 0xcd}, {&(0x7f0000000040)=""/120, 0x78}, {&(0x7f0000000200)=""/79, 0x4f}], 0x3, 0x400, 0x0, 0x3f) (async) 1.096139412s ago: executing program 1 (id=1288): r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, r0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000280)={r1, r1, 0xc, 0x0, 0x0, 0x9, 0x1, 0x458, 0x9, 0x9, 0x2, 0x7, 'syz0\x00'}) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f0000000000)={0x2, 0x2, 0x73, 0xffffffff}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) mkdir(0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca300000000000024030000c0feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) mount(0x0, &(0x7f00000008c0)='.\x00', &(0x7f0000000900)='erofs\x00', 0x0, 0x0) 946.068726ms ago: executing program 3 (id=1289): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0x3, 0x3, 0x0, 0x2, 0x10001}, 0xfffffffc, 0x100000, 'id1\x00', 'timer1\x00'}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x21}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() recvmsg(r0, &(0x7f00000005c0)={&(0x7f0000000340)=@qipcrtr, 0x80, &(0x7f0000000580)=[{&(0x7f00000003c0)=""/181, 0xb5}, {&(0x7f0000000480)=""/252, 0xfc}, {&(0x7f0000001900)=""/4096, 0x1000}], 0x3, &(0x7f0000002900)=""/4096, 0x1000}, 0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4004854) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x1, &(0x7f0000000280)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8012, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x8) r6 = openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) ioctl$mixer_OSS_GETVERSION(r6, 0x40086602, &(0x7f0000000300)) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e25, @local}, 0x10) sendto$inet(r5, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 595.779804ms ago: executing program 2 (id=1290): socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0x3, 0x3, 0x0, 0x2, 0x10001}, 0xfffffffc, 0x100000, 'id1\x00', 'timer1\x00'}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x21}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4004854) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000280)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8012, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x8) r5 = openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) ioctl$mixer_OSS_GETVERSION(r5, 0x40086602, &(0x7f0000000300)) sendto$inet(r4, 0x0, 0x218, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 476.138563ms ago: executing program 0 (id=1291): pipe(&(0x7f00000001c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/4\x00') socket$kcm(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000100)={0x66, 0xfe, 0x4, 0x0, 0x40, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0xe) shutdown(r1, 0x1) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) rt_sigprocmask(0x1, &(0x7f0000000240)={[0xabeb]}, &(0x7f0000000480), 0x8) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000064d564b0000000000f7"]) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 198.107499ms ago: executing program 1 (id=1292): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x6c, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x40, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'batadv_slave_0\x00'}, {0x14, 0x1, 'veth1_macvtap\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14}}, 0x94}}, 0x0) ioprio_set$pid(0x2, 0x0, 0x6000) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xc, 0x0, 0x7ffc1ffb}]}) r5 = timerfd_create(0x0, 0x0) timerfd_gettime(r5, &(0x7f00000001c0)) r6 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) ppoll(0x0, 0x0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0, 0x0) socket(0x2, 0x80805, 0x0) sendfile(r1, r1, 0x0, 0x200000) pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) sendmsg$NFT_MSG_GETCHAIN(r7, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x6c, 0x4, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_CHAIN_COUNTERS={0x4c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x2}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x7}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x9}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x5091}]}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20040040}, 0x44001) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)={0x78, 0x7, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x58, 0x4, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xf}, @NFTA_META_SREG={0x8}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x18}, @NFTA_META_SREG={0x8}]}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x4000) socket$nl_generic(0x10, 0x3, 0x10) 122.775661ms ago: executing program 3 (id=1293): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r0, r0, 0x0, 0x200000) 0s ago: executing program 3 (id=1294): r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) (fail_nth: 9) kernel console output (not intermixed with test programs): : 0000000000000000 R15: 0000000000000000 [ 193.955918][ T8728] [ 193.955925][ T8728] block nbd2: device_create_file failed for pid! [ 194.051613][ T8725] block nbd2: shutting down sockets [ 194.757678][ T8743] __nla_validate_parse: 2 callbacks suppressed [ 194.757689][ T8743] netlink: 32 bytes leftover after parsing attributes in process `syz.0.582'. [ 195.562604][ T8755] 9pnet_fd: Insufficient options for proto=fd [ 195.565919][ T40] kauditd_printk_skb: 655 callbacks suppressed [ 195.565929][ T40] audit: type=1326 audit(1743886773.058:1674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8747 comm="syz.1.584" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf740e579 code=0x0 [ 195.581244][ T8752] netlink: 4 bytes leftover after parsing attributes in process `syz.0.585'. [ 196.347997][ T8776] netlink: 12 bytes leftover after parsing attributes in process `syz.2.590'. [ 196.399364][ T8777] netlink: 12 bytes leftover after parsing attributes in process `syz.1.591'. [ 197.012743][ T8787] netlink: 32 bytes leftover after parsing attributes in process `syz.2.594'. [ 197.167855][ T8791] netlink: 216 bytes leftover after parsing attributes in process `syz.1.595'. [ 197.170371][ T8791] netlink: 216 bytes leftover after parsing attributes in process `syz.1.595'. [ 197.228828][ T8792] netlink: 44 bytes leftover after parsing attributes in process `syz.1.595'. [ 197.231455][ T8792] netlink: 43 bytes leftover after parsing attributes in process `syz.1.595'. [ 197.233975][ T8792] netlink: 'syz.1.595': attribute type 6 has an invalid length. [ 197.236160][ T8792] netlink: 'syz.1.595': attribute type 5 has an invalid length. [ 197.243684][ T8792] netlink: 43 bytes leftover after parsing attributes in process `syz.1.595'. [ 198.394250][ T40] audit: type=1326 audit(1743886775.888:1675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8798 comm="syz.2.597" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 198.413176][ T8811] 9pnet_fd: Insufficient options for proto=fd [ 198.416682][ T40] audit: type=1326 audit(1743886775.908:1676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8805 comm="syz.1.599" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf740e579 code=0x0 [ 198.906391][ T8824] netlink: 'syz.2.601': attribute type 6 has an invalid length. [ 198.908744][ T8824] netlink: 'syz.2.601': attribute type 5 has an invalid length. [ 201.120496][ T40] audit: type=1326 audit(1743886778.608:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8852 comm="syz.1.613" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf740e579 code=0x0 [ 201.355655][ T8856] __nla_validate_parse: 8 callbacks suppressed [ 201.355667][ T8856] netlink: 12 bytes leftover after parsing attributes in process `syz.2.608'. [ 201.596696][ T8865] netlink: 16 bytes leftover after parsing attributes in process `syz.3.615'. [ 201.803633][ T8869] input: syz0 as /devices/virtual/input/input38 [ 202.488552][ T8878] netlink: 32 bytes leftover after parsing attributes in process `syz.3.618'. [ 202.572082][ T8879] netlink: 12 bytes leftover after parsing attributes in process `syz.2.625'. [ 202.854690][ T8885] netlink: 32 bytes leftover after parsing attributes in process `syz.0.619'. [ 203.495550][ T8897] netlink: 32 bytes leftover after parsing attributes in process `syz.3.622'. [ 203.655075][ T8895] FAULT_INJECTION: forcing a failure. [ 203.655075][ T8895] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 203.658726][ T8895] CPU: 2 UID: 0 PID: 8895 Comm: syz.1.623 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 203.658742][ T8895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 203.658749][ T8895] Call Trace: [ 203.658753][ T8895] [ 203.658757][ T8895] dump_stack_lvl+0x16c/0x1f0 [ 203.658775][ T8895] should_fail_ex+0x512/0x640 [ 203.658787][ T8895] ? page_copy_sane+0xcd/0x2d0 [ 203.658799][ T8895] copy_page_from_iter_atomic+0x3ad/0x1950 [ 203.658812][ T8895] ? __pfx_lru_add+0x10/0x10 [ 203.658825][ T8895] ? __pfx_filemap_add_folio+0x10/0x10 [ 203.658837][ T8895] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 203.658849][ T8895] ? fault_in_readable+0x1a7/0x200 [ 203.658862][ T8895] ? __filemap_get_folio+0x333/0xc10 [ 203.658873][ T8895] ? zero_user_segments.constprop.0+0x21e/0x2d0 [ 203.658889][ T8895] netfs_perform_write+0xd8e/0x20f0 [ 203.658910][ T8895] ? __pfx_netfs_perform_write+0x10/0x10 [ 203.658940][ T8895] ? inode_needs_update_time.part.0+0x191/0x270 [ 203.658953][ T8895] netfs_file_write_iter+0x495/0x570 [ 203.658968][ T8895] v9fs_file_write_iter+0x9b/0x100 [ 203.658984][ T8895] vfs_write+0x5ba/0x1180 [ 203.658997][ T8895] ? __pfx_v9fs_file_write_iter+0x10/0x10 [ 203.659012][ T8895] ? __pfx___mutex_lock+0x10/0x10 [ 203.659026][ T8895] ? __pfx_vfs_write+0x10/0x10 [ 203.659047][ T8895] ksys_write+0x12a/0x240 [ 203.659060][ T8895] ? __pfx_ksys_write+0x10/0x10 [ 203.659074][ T8895] ? rcu_is_watching+0x12/0xc0 [ 203.659088][ T8895] __do_fast_syscall_32+0x73/0x120 [ 203.659104][ T8895] do_fast_syscall_32+0x32/0x80 [ 203.659118][ T8895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 203.659130][ T8895] RIP: 0023:0xf740e579 [ 203.659138][ T8895] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 203.659147][ T8895] RSP: 002b:00000000f507555c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 203.659157][ T8895] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000100 [ 203.659162][ T8895] RDX: 00000000fffffd9d RSI: 0000000000000000 RDI: 0000000000000000 [ 203.659168][ T8895] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 203.659173][ T8895] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 203.659179][ T8895] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 203.659191][ T8895] [ 203.788906][ T8900] syz.0.624 uses obsolete (PF_INET,SOCK_PACKET) [ 203.793313][ T8902] syz.2.626: attempt to access beyond end of device [ 203.793313][ T8902] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 203.797399][ T8902] syz.2.626: attempt to access beyond end of device [ 203.797399][ T8902] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0 [ 203.802122][ T8902] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 203.805257][ T8902] syz.2.626: attempt to access beyond end of device [ 203.805257][ T8902] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 203.809106][ T8902] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 203.812475][ T8902] syz.2.626: attempt to access beyond end of device [ 203.812475][ T8902] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0 [ 203.816114][ T8902] syz.2.626: attempt to access beyond end of device [ 203.816114][ T8902] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 203.820035][ T8902] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 203.822661][ T8902] syz.2.626: attempt to access beyond end of device [ 203.822661][ T8902] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 203.825891][ T8902] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 203.828542][ T8902] syz.2.626: attempt to access beyond end of device [ 203.828542][ T8902] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 203.831837][ T8902] syz.2.626: attempt to access beyond end of device [ 203.831837][ T8902] nbd2: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 203.835896][ T8902] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 203.838337][ T8902] syz.2.626: attempt to access beyond end of device [ 203.838337][ T8902] nbd2: rw=0, sector=4096, nr_sectors = 8 limit=0 [ 203.841727][ T8902] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 203.844119][ T8902] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 204.675311][ T8919] 9pnet_fd: Insufficient options for proto=fd [ 204.680806][ T40] audit: type=1326 audit(1743886782.168:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8911 comm="syz.3.628" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf742e579 code=0x0 [ 204.949893][ T8918] netlink: 12 bytes leftover after parsing attributes in process `syz.0.636'. [ 206.033032][ T40] audit: type=1326 audit(1743886783.528:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8926 comm="syz.3.631" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf742e579 code=0x0 [ 207.739508][ T8963] netlink: 12 bytes leftover after parsing attributes in process `syz.0.641'. [ 208.116826][ T8970] netlink: 32 bytes leftover after parsing attributes in process `syz.3.643'. [ 208.346999][ T8971] netlink: 12 bytes leftover after parsing attributes in process `syz.2.642'. [ 208.728387][ T8980] netlink: 32 bytes leftover after parsing attributes in process `syz.1.645'. [ 210.017407][ T8991] 9pnet_fd: Insufficient options for proto=fd [ 210.019931][ T40] audit: type=1326 audit(1743886787.508:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8986 comm="syz.2.647" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 210.058722][ T8992] netlink: 28 bytes leftover after parsing attributes in process `syz.0.655'. [ 210.321386][ T7745] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 210.526016][ T9003] netlink: 12 bytes leftover after parsing attributes in process `syz.3.650'. [ 210.568837][ T9008] netlink: 12 bytes leftover after parsing attributes in process `syz.1.652'. [ 210.580765][ T7745] usb 5-1: Using ep0 maxpacket: 8 [ 210.583967][ T7745] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 210.586265][ T7745] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 210.588923][ T7745] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 210.591742][ T7745] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 210.594507][ T7745] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 210.598100][ T7745] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 210.600611][ T7745] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.665233][ T9023] 9pnet_fd: Insufficient options for proto=fd [ 211.668860][ T40] audit: type=1326 audit(1743886789.158:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9016 comm="syz.2.654" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 212.226167][ T9029] netlink: 32 bytes leftover after parsing attributes in process `syz.3.657'. [ 212.396291][ T7745] usb 5-1: usb_control_msg returned -71 [ 212.398033][ T7745] usbtmc 5-1:16.0: can't read capabilities [ 212.401606][ T7745] usb 5-1: USB disconnect, device number 18 [ 212.745593][ T9044] netlink: 32 bytes leftover after parsing attributes in process `syz.0.659'. [ 213.643662][ T9054] netlink: 12 bytes leftover after parsing attributes in process `syz.2.664'. [ 215.180861][ T9088] netlink: 32 bytes leftover after parsing attributes in process `syz.3.670'. [ 215.443460][ T9096] FAULT_INJECTION: forcing a failure. [ 215.443460][ T9096] name failslab, interval 1, probability 0, space 0, times 0 [ 215.448005][ T9096] CPU: 3 UID: 0 PID: 9096 Comm: syz.0.681 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 215.448025][ T9096] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 215.448045][ T9096] Call Trace: [ 215.448052][ T9096] [ 215.448057][ T9096] dump_stack_lvl+0x16c/0x1f0 [ 215.448081][ T9096] should_fail_ex+0x512/0x640 [ 215.448096][ T9096] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 215.448119][ T9096] should_failslab+0xc2/0x120 [ 215.448133][ T9096] __kmalloc_cache_node_noprof+0x6d/0x420 [ 215.448153][ T9096] ? __lock_acquire+0xaa4/0x1ba0 [ 215.448166][ T9096] ? __get_vm_area_node+0x101/0x300 [ 215.448187][ T9096] __get_vm_area_node+0x101/0x300 [ 215.448207][ T9096] __vmalloc_node_range_noprof+0x277/0x1540 [ 215.448226][ T9096] ? create_io_thread+0xbe/0x100 [ 215.448253][ T9096] ? create_io_thread+0xbe/0x100 [ 215.448278][ T9096] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 215.448299][ T9096] ? __memcg_slab_post_alloc_hook+0x4d0/0x940 [ 215.448319][ T9096] ? rcu_is_watching+0x12/0xc0 [ 215.448338][ T9096] ? create_io_thread+0xbe/0x100 [ 215.448356][ T9096] __vmalloc_node_noprof+0x74/0xa0 [ 215.448374][ T9096] ? create_io_thread+0xbe/0x100 [ 215.448395][ T9096] copy_process+0x2ead/0x91a0 [ 215.448414][ T9096] ? do_raw_spin_lock+0x12c/0x2b0 [ 215.448435][ T9096] ? mark_held_locks+0x49/0x80 [ 215.448456][ T9096] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 215.448474][ T9096] ? lockdep_hardirqs_on+0x7c/0x110 [ 215.448498][ T9096] ? __pfx_copy_process+0x10/0x10 [ 215.448519][ T9096] ? kasan_save_stack+0x42/0x60 [ 215.448538][ T9096] ? kasan_save_stack+0x33/0x60 [ 215.448556][ T9096] ? kasan_save_track+0x14/0x30 [ 215.448574][ T9096] ? __kasan_kmalloc+0xaa/0xb0 [ 215.448591][ T9096] ? create_io_worker+0xc9/0x5b0 [ 215.448603][ T9096] ? io_wq_enqueue+0x5c4/0xa10 [ 215.448615][ T9096] ? io_queue_iowq+0x28a/0x5b0 [ 215.448634][ T9096] ? io_req_task_submit+0x142/0x1f0 [ 215.448645][ T9096] ? io_poll_task_func+0x942/0x1320 [ 215.448660][ T9096] ? io_handle_tw_list+0x155/0x500 [ 215.448679][ T9096] ? tctx_task_work_run+0xac/0x380 [ 215.448698][ T9096] ? tctx_task_work+0x7a/0xd0 [ 215.448716][ T9096] ? task_work_run+0x14d/0x240 [ 215.448730][ T9096] ? get_signal+0x1d1/0x26d0 [ 215.448747][ T9096] ? arch_do_signal_or_restart+0x8f/0x7d0 [ 215.448768][ T9096] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 215.448790][ T9096] ? __pfx_io_wq_worker+0x10/0x10 [ 215.448804][ T9096] create_io_thread+0xbe/0x100 [ 215.448823][ T9096] ? __pfx_create_io_thread+0x10/0x10 [ 215.448849][ T9096] ? __pfx_io_wq_worker+0x10/0x10 [ 215.448864][ T9096] ? lockdep_init_map_type+0x5c/0x280 [ 215.448879][ T9096] ? lockdep_init_map_type+0x5c/0x280 [ 215.448893][ T9096] ? __init_swait_queue_head+0xca/0x150 [ 215.448910][ T9096] ? create_io_worker+0x1f/0x5b0 [ 215.448923][ T9096] create_io_worker+0x1d0/0x5b0 [ 215.448938][ T9096] io_wq_enqueue+0x5c4/0xa10 [ 215.448954][ T9096] ? __pfx_io_wq_enqueue+0x10/0x10 [ 215.448967][ T9096] ? __pfx_io_wq_work_match_item+0x10/0x10 [ 215.448988][ T9096] ? io_prep_async_work+0x654/0x770 [ 215.449011][ T9096] io_queue_iowq+0x28a/0x5b0 [ 215.449033][ T9096] io_req_task_submit+0x142/0x1f0 [ 215.449047][ T9096] io_poll_task_func+0x942/0x1320 [ 215.449066][ T9096] ? __pfx_io_poll_task_func+0x10/0x10 [ 215.449084][ T9096] ? find_held_lock+0x2b/0x80 [ 215.449101][ T9096] ? io_handle_tw_list+0x112/0x500 [ 215.449122][ T9096] ? __pfx_io_poll_task_func+0x10/0x10 [ 215.449139][ T9096] io_handle_tw_list+0x155/0x500 [ 215.449163][ T9096] ? __pfx_io_handle_tw_list+0x10/0x10 [ 215.449195][ T9096] tctx_task_work_run+0xac/0x380 [ 215.449216][ T9096] tctx_task_work+0x7a/0xd0 [ 215.449237][ T9096] ? __pfx_tctx_task_work+0x10/0x10 [ 215.449257][ T9096] ? rcu_is_watching+0x12/0xc0 [ 215.449273][ T9096] ? _raw_spin_unlock_irq+0x23/0x50 [ 215.449293][ T9096] ? lockdep_hardirqs_on+0x7c/0x110 [ 215.449312][ T9096] task_work_run+0x14d/0x240 [ 215.449329][ T9096] ? __pfx_task_work_run+0x10/0x10 [ 215.449345][ T9096] ? rcu_is_watching+0x12/0xc0 [ 215.449361][ T9096] ? finish_task_switch.isra.0+0x221/0xc10 [ 215.449382][ T9096] get_signal+0x1d1/0x26d0 [ 215.449400][ T9096] ? trace_sched_exit_tp+0xde/0x130 [ 215.449420][ T9096] ? __schedule+0x1186/0x5de0 [ 215.449437][ T9096] ? ksys_write+0x190/0x240 [ 215.449460][ T9096] ? __pfx_get_signal+0x10/0x10 [ 215.449484][ T9096] arch_do_signal_or_restart+0x8f/0x7d0 [ 215.449503][ T9096] ? __fget_files+0x20e/0x3c0 [ 215.449523][ T9096] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 215.449548][ T9096] ? ksys_write+0x1b9/0x240 [ 215.449572][ T9096] syscall_exit_to_user_mode+0x150/0x2a0 [ 215.449592][ T9096] __do_fast_syscall_32+0x80/0x120 [ 215.449614][ T9096] do_fast_syscall_32+0x32/0x80 [ 215.449634][ T9096] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 215.449650][ T9096] RIP: 0023:0xf7fa7579 [ 215.449662][ T9096] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 215.449675][ T9096] RSP: 002b:00000000f50a5590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 215.449690][ T9096] RAX: 0000000000000001 RBX: 0000000000000006 RCX: 00000000f50a5610 [ 215.449698][ T9096] RDX: 0000000000000001 RSI: 00000000f742cff4 RDI: 0000000000000000 [ 215.449706][ T9096] RBP: 00000000f7465010 R08: 0000000000000000 R09: 0000000000000000 [ 215.449714][ T9096] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 215.449722][ T9096] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 215.449741][ T9096] [ 215.449940][ T9096] syz.0.681: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 215.609773][ T9096] CPU: 3 UID: 0 PID: 9096 Comm: syz.0.681 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 215.609787][ T9096] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 215.609794][ T9096] Call Trace: [ 215.609798][ T9096] [ 215.609801][ T9096] dump_stack_lvl+0x16c/0x1f0 [ 215.609819][ T9096] warn_alloc+0x248/0x3a0 [ 215.609835][ T9096] ? __pfx_warn_alloc+0x10/0x10 [ 215.609849][ T9096] ? rcu_is_watching+0x12/0xc0 [ 215.609861][ T9096] ? trace_kmalloc+0x2b/0xd0 [ 215.609870][ T9096] ? __kmalloc_cache_node_noprof+0x272/0x420 [ 215.609886][ T9096] ? __kasan_kmalloc+0x8a/0xb0 [ 215.609900][ T9096] ? __get_vm_area_node+0x1e5/0x300 [ 215.609916][ T9096] __vmalloc_node_range_noprof+0xd31/0x1540 [ 215.609933][ T9096] ? create_io_thread+0xbe/0x100 [ 215.609950][ T9096] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 215.609962][ T9096] ? __memcg_slab_post_alloc_hook+0x4d0/0x940 [ 215.609976][ T9096] ? rcu_is_watching+0x12/0xc0 [ 215.609988][ T9096] ? create_io_thread+0xbe/0x100 [ 215.610002][ T9096] __vmalloc_node_noprof+0x74/0xa0 [ 215.610014][ T9096] ? create_io_thread+0xbe/0x100 [ 215.610028][ T9096] copy_process+0x2ead/0x91a0 [ 215.610042][ T9096] ? do_raw_spin_lock+0x12c/0x2b0 [ 215.610056][ T9096] ? mark_held_locks+0x49/0x80 [ 215.610071][ T9096] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 215.610084][ T9096] ? lockdep_hardirqs_on+0x7c/0x110 [ 215.610100][ T9096] ? __pfx_copy_process+0x10/0x10 [ 215.610115][ T9096] ? kasan_save_stack+0x42/0x60 [ 215.610128][ T9096] ? kasan_save_stack+0x33/0x60 [ 215.610140][ T9096] ? kasan_save_track+0x14/0x30 [ 215.610153][ T9096] ? __kasan_kmalloc+0xaa/0xb0 [ 215.610166][ T9096] ? create_io_worker+0xc9/0x5b0 [ 215.610174][ T9096] ? io_wq_enqueue+0x5c4/0xa10 [ 215.610182][ T9096] ? io_queue_iowq+0x28a/0x5b0 [ 215.610195][ T9096] ? io_req_task_submit+0x142/0x1f0 [ 215.610203][ T9096] ? io_poll_task_func+0x942/0x1320 [ 215.610214][ T9096] ? io_handle_tw_list+0x155/0x500 [ 215.610227][ T9096] ? tctx_task_work_run+0xac/0x380 [ 215.610240][ T9096] ? tctx_task_work+0x7a/0xd0 [ 215.610253][ T9096] ? task_work_run+0x14d/0x240 [ 215.610263][ T9096] ? get_signal+0x1d1/0x26d0 [ 215.610275][ T9096] ? arch_do_signal_or_restart+0x8f/0x7d0 [ 215.610296][ T9096] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 215.610312][ T9096] ? __pfx_io_wq_worker+0x10/0x10 [ 215.610321][ T9096] create_io_thread+0xbe/0x100 [ 215.610335][ T9096] ? __pfx_create_io_thread+0x10/0x10 [ 215.610352][ T9096] ? __pfx_io_wq_worker+0x10/0x10 [ 215.610362][ T9096] ? lockdep_init_map_type+0x5c/0x280 [ 215.610372][ T9096] ? lockdep_init_map_type+0x5c/0x280 [ 215.610381][ T9096] ? __init_swait_queue_head+0xca/0x150 [ 215.610393][ T9096] ? create_io_worker+0x1f/0x5b0 [ 215.610402][ T9096] create_io_worker+0x1d0/0x5b0 [ 215.610412][ T9096] io_wq_enqueue+0x5c4/0xa10 [ 215.610422][ T9096] ? __pfx_io_wq_enqueue+0x10/0x10 [ 215.610431][ T9096] ? __pfx_io_wq_work_match_item+0x10/0x10 [ 215.610446][ T9096] ? io_prep_async_work+0x654/0x770 [ 215.610462][ T9096] io_queue_iowq+0x28a/0x5b0 [ 215.610476][ T9096] io_req_task_submit+0x142/0x1f0 [ 215.610486][ T9096] io_poll_task_func+0x942/0x1320 [ 215.610499][ T9096] ? __pfx_io_poll_task_func+0x10/0x10 [ 215.610527][ T9096] ? find_held_lock+0x2b/0x80 [ 215.610540][ T9096] ? io_handle_tw_list+0x112/0x500 [ 215.610565][ T9096] ? __pfx_io_poll_task_func+0x10/0x10 [ 215.610578][ T9096] io_handle_tw_list+0x155/0x500 [ 215.610594][ T9096] ? __pfx_io_handle_tw_list+0x10/0x10 [ 215.610611][ T9096] tctx_task_work_run+0xac/0x380 [ 215.610627][ T9096] tctx_task_work+0x7a/0xd0 [ 215.610641][ T9096] ? __pfx_tctx_task_work+0x10/0x10 [ 215.610655][ T9096] ? rcu_is_watching+0x12/0xc0 [ 215.610666][ T9096] ? _raw_spin_unlock_irq+0x23/0x50 [ 215.610688][ T9096] ? lockdep_hardirqs_on+0x7c/0x110 [ 215.610701][ T9096] task_work_run+0x14d/0x240 [ 215.610713][ T9096] ? __pfx_task_work_run+0x10/0x10 [ 215.610724][ T9096] ? rcu_is_watching+0x12/0xc0 [ 215.610735][ T9096] ? finish_task_switch.isra.0+0x221/0xc10 [ 215.610751][ T9096] get_signal+0x1d1/0x26d0 [ 215.610763][ T9096] ? trace_sched_exit_tp+0xde/0x130 [ 215.610778][ T9096] ? __schedule+0x1186/0x5de0 [ 215.610789][ T9096] ? ksys_write+0x190/0x240 [ 215.610804][ T9096] ? __pfx_get_signal+0x10/0x10 [ 215.610820][ T9096] arch_do_signal_or_restart+0x8f/0x7d0 [ 215.610834][ T9096] ? __fget_files+0x20e/0x3c0 [ 215.610848][ T9096] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 215.610866][ T9096] ? ksys_write+0x1b9/0x240 [ 215.610882][ T9096] syscall_exit_to_user_mode+0x150/0x2a0 [ 215.610896][ T9096] __do_fast_syscall_32+0x80/0x120 [ 215.610911][ T9096] do_fast_syscall_32+0x32/0x80 [ 215.610925][ T9096] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 215.610936][ T9096] RIP: 0023:0xf7fa7579 [ 215.610944][ T9096] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 215.610953][ T9096] RSP: 002b:00000000f50a5590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 215.610963][ T9096] RAX: 0000000000000001 RBX: 0000000000000006 RCX: 00000000f50a5610 [ 215.610968][ T9096] RDX: 0000000000000001 RSI: 00000000f742cff4 RDI: 0000000000000000 [ 215.610974][ T9096] RBP: 00000000f7465010 R08: 0000000000000000 R09: 0000000000000000 [ 215.610980][ T9096] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 215.610985][ T9096] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 215.610997][ T9096] [ 215.613224][ T9100] netlink: 16 bytes leftover after parsing attributes in process `syz.0.681'. [ 215.786188][ T9101] 9pnet_fd: Insufficient options for proto=fd [ 215.808887][ T9096] Mem-Info: [ 215.820931][ T9096] active_anon:12866 inactive_anon:1176 isolated_anon:0 [ 215.820931][ T9096] active_file:4368 inactive_file:24068 isolated_file:0 [ 215.820931][ T9096] unevictable:1768 dirty:449 writeback:0 [ 215.820931][ T9096] slab_reclaimable:10817 slab_unreclaimable:68632 [ 215.820931][ T9096] mapped:32591 shmem:11074 pagetables:2059 [ 215.820931][ T9096] sec_pagetables:300 bounce:0 [ 215.820931][ T9096] kernel_misc_reclaimable:0 [ 215.820931][ T9096] free:40348 free_pcp:5348 free_cma:0 [ 215.834464][ T9096] Node 0 active_anon:1264kB inactive_anon:0kB active_file:64kB inactive_file:13192kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:4788kB dirty:0kB writeback:0kB shmem:3916kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8880kB pagetables:524kB sec_pagetables:1108kB all_unreclaimable? yes Balloon:0kB [ 215.843992][ T9096] Node 1 active_anon:50200kB inactive_anon:4704kB active_file:17408kB inactive_file:83080kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:123576kB dirty:1796kB writeback:0kB shmem:40380kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5296kB pagetables:7712kB sec_pagetables:92kB all_unreclaimable? no Balloon:0kB [ 215.853514][ T9096] Node 0 DMA free:2952kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:280kB local_pcp:32kB free_cma:0kB [ 215.861283][ T9096] lowmem_reserve[]: 0 290 290 290 290 [ 215.862961][ T9096] Node 0 DMA32 free:27396kB boost:16384kB min:29720kB low:33052kB high:36384kB reserved_highatomic:4096KB active_anon:1264kB inactive_anon:0kB active_file:64kB inactive_file:13192kB unevictable:3536kB writepending:0kB present:1032196kB managed:297488kB mlocked:0kB bounce:0kB free_pcp:4792kB local_pcp:272kB free_cma:0kB [ 215.872902][ T40] audit: type=1326 audit(1743886793.308:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9092 comm="syz.1.671" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf740e579 code=0x0 [ 215.878440][ T9096] lowmem_reserve[]: 0 0 0 0 0 [ 215.879862][ T9096] Node 1 DMA32 free:131044kB boost:0kB min:47148kB low:58932kB high:70716kB reserved_highatomic:6144KB active_anon:50200kB inactive_anon:4704kB active_file:17408kB inactive_file:83080kB unevictable:3536kB writepending:1796kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:16300kB local_pcp:1012kB free_cma:0kB [ 215.888299][ T9096] lowmem_reserve[]: 0 0 0 0 0 [ 215.889684][ T9096] Node 0 DMA: 64*4kB (U) 15*8kB (U) 15*16kB (UE) 11*32kB (U) 3*64kB (UE) 0*128kB 1*256kB (E) 1*512kB (E) 1*1024kB (E) 0*2048kB 0*4096kB = 2952kB [ 215.894602][ T9096] Node 0 DMA32: 431*4kB (UMEH) 177*8kB (UMH) 32*16kB (UMH) 238*32kB (UMH) 88*64kB (UMH) 28*128kB (UMH) 9*256kB (UM) 7*512kB (UMH) 1*1024kB (H) 0*2048kB 0*4096kB = 27396kB [ 215.899302][ T9096] Node 1 DMA32: 6*4kB (UEH) 46*8kB (UEH) 77*16kB (UEH) 230*32kB (UMEH) 451*64kB (UMEH) 35*128kB (UME) 42*256kB (UME) 20*512kB (UME) 12*1024kB (UME) 11*2048kB (UME) 8*4096kB (UM) = 130904kB [ 215.904795][ T9096] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 215.907527][ T9096] Node 0 hugepages_total=68 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 215.910086][ T9096] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 215.913478][ T9096] Node 1 hugepages_total=4294967233 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB [ 215.916424][ T9096] 39510 total pagecache pages [ 215.917835][ T9096] 0 pages in swap cache [ 215.919067][ T9096] Free swap = 124996kB [ 215.920322][ T9096] Total swap = 124996kB [ 215.923327][ T9096] 524155 pages RAM [ 215.924465][ T9096] 0 pages HighMem/MovableOnly [ 215.925825][ T9096] 208872 pages reserved [ 215.932163][ T9096] 0 pages cma reserved [ 216.574650][ T9116] kernel profiling enabled (shift: 7) [ 216.663178][ T9120] netlink: 16 bytes leftover after parsing attributes in process `syz.2.678'. [ 217.386340][ T9133] sp0: Synchronizing with TNC [ 217.700818][ T7745] usb 5-1: new low-speed USB device number 19 using dummy_hcd [ 217.858015][ T9142] netlink: 12 bytes leftover after parsing attributes in process `syz.2.684'. [ 217.872607][ T7745] usb 5-1: unable to get BOS descriptor or descriptor too short [ 217.875581][ T7745] usb 5-1: config 1 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 64, setting to 8 [ 217.878346][ T7745] usb 5-1: config 1 interface 0 has no altsetting 0 [ 217.887237][ T9144] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 217.922630][ T7745] usb 5-1: string descriptor 0 read error: -22 [ 217.924378][ T7745] usb 5-1: New USB device found, idVendor=24b8, idProduct=0020, bcdDevice= 0.40 [ 217.926766][ T7745] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.932860][ T9136] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 217.991053][ T9148] netlink: 4 bytes leftover after parsing attributes in process `syz.1.686'. [ 218.000516][ T9148] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.041611][ T9148] bridge_slave_1 (unregistering): left allmulticast mode [ 218.043693][ T9148] bridge_slave_1 (unregistering): left promiscuous mode [ 218.047238][ T9148] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.140743][ T7745] usbhid 5-1:1.0: can't add hid device: -71 [ 218.142443][ T7745] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 218.150194][ T7745] usb 5-1: USB disconnect, device number 19 [ 218.375117][ T9157] netlink: 32 bytes leftover after parsing attributes in process `syz.3.688'. [ 218.766776][ T9164] netlink: 32 bytes leftover after parsing attributes in process `syz.1.689'. [ 218.900904][ T9162] [U] R5¡JCÒ°~V6“˜|‡7§¤Á…KXVZZËG—RÙÔ $¨ [ 219.093106][ T9171] netlink: 216 bytes leftover after parsing attributes in process `syz.3.693'. [ 219.095572][ T9171] netlink: 216 bytes leftover after parsing attributes in process `syz.3.693'. [ 219.774778][ T9181] netlink: 12 bytes leftover after parsing attributes in process `syz.2.694'. [ 220.231312][ T9189] netlink: 32 bytes leftover after parsing attributes in process `syz.3.697'. [ 220.876584][ T9202] netlink: 12 bytes leftover after parsing attributes in process `syz.2.699'. [ 221.105597][ T40] audit: type=1326 audit(1743886798.598:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.3.701" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 221.110902][ T40] audit: type=1326 audit(1743886798.598:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.3.701" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 221.116001][ T40] audit: type=1326 audit(1743886798.598:1685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.3.701" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 221.121177][ T40] audit: type=1326 audit(1743886798.598:1686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.3.701" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 221.127312][ T40] audit: type=1326 audit(1743886798.598:1687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.3.701" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 221.132629][ T40] audit: type=1326 audit(1743886798.598:1688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.3.701" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 221.137913][ T40] audit: type=1326 audit(1743886798.618:1689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.3.701" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 221.143148][ T40] audit: type=1326 audit(1743886798.628:1690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.3.701" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 221.148313][ T40] audit: type=1326 audit(1743886798.628:1691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.3.701" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf742e5a7 code=0x7ffc0000 [ 221.153610][ T40] audit: type=1326 audit(1743886798.628:1692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.3.701" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 221.213179][ T9208] netlink: 216 bytes leftover after parsing attributes in process `syz.3.702'. [ 221.234993][ T9208] netlink: 'syz.3.702': attribute type 6 has an invalid length. [ 221.237149][ T9208] netlink: 'syz.3.702': attribute type 5 has an invalid length. [ 224.011707][ T9250] __nla_validate_parse: 6 callbacks suppressed [ 224.011776][ T9250] netlink: 12 bytes leftover after parsing attributes in process `syz.1.709'. [ 224.878973][ T9264] netlink: 12 bytes leftover after parsing attributes in process `syz.0.713'. [ 224.917294][ T9263] netlink: 56 bytes leftover after parsing attributes in process `syz.2.715'. [ 226.035619][ T9279] netlink: 12 bytes leftover after parsing attributes in process `syz.0.720'. [ 226.048703][ T9286] netlink: 32 bytes leftover after parsing attributes in process `syz.1.721'. [ 226.278976][ T40] kauditd_printk_skb: 124 callbacks suppressed [ 226.278988][ T40] audit: type=1326 audit(1743886803.768:1817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9281 comm="syz.2.722" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 227.195905][ T9304] netlink: 32 bytes leftover after parsing attributes in process `syz.2.725'. [ 227.356841][ T9306] netlink: 32 bytes leftover after parsing attributes in process `syz.1.726'. [ 227.839355][ T9315] netlink: 12 bytes leftover after parsing attributes in process `syz.3.728'. [ 228.261599][ T34] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 228.422465][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 228.426260][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 228.429650][ T34] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 228.433803][ T34] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 228.436468][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.439883][ T34] usb 6-1: config 0 descriptor?? [ 228.700128][ T34] usbhid 6-1:0.0: can't add hid device: -71 [ 228.704235][ T34] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 228.708158][ T34] usb 6-1: USB disconnect, device number 5 [ 228.760791][ T65] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 228.900784][ T65] usb 8-1: device descriptor read/64, error -71 [ 229.160894][ T65] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 229.310806][ T65] usb 8-1: device descriptor read/64, error -71 [ 229.420894][ T65] usb usb8-port1: attempt power cycle [ 229.551915][ T5956] block nbd1: Receive control failed (result -32) [ 229.594694][ T9337] block nbd1: shutting down sockets [ 229.770796][ T65] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 229.791667][ T65] usb 8-1: device descriptor read/8, error -71 [ 230.030809][ T65] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 230.061501][ T65] usb 8-1: device descriptor read/8, error -71 [ 230.172289][ T65] usb usb8-port1: unable to enumerate USB device [ 230.770932][ T40] audit: type=1326 audit(1743886808.268:1818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9347 comm="syz.2.738" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 231.177393][ T9360] netlink: 12 bytes leftover after parsing attributes in process `syz.1.739'. [ 231.388098][ T9357] netlink: 28 bytes leftover after parsing attributes in process `syz.0.740'. [ 231.547985][ T9365] netlink: 28 bytes leftover after parsing attributes in process `syz.3.742'. [ 231.551167][ T9365] netlink: 28 bytes leftover after parsing attributes in process `syz.3.742'. [ 231.558040][ T9365] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 231.562790][ T9365] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 231.604834][ T9367] macvlan0: entered promiscuous mode [ 231.606250][ T9367] macvlan0: left promiscuous mode [ 233.427234][ T9397] netlink: 28 bytes leftover after parsing attributes in process `syz.0.749'. [ 234.385485][ T9420] FAULT_INJECTION: forcing a failure. [ 234.385485][ T9420] name failslab, interval 1, probability 0, space 0, times 0 [ 234.387678][ T9421] netlink: 12 bytes leftover after parsing attributes in process `syz.1.753'. [ 234.389004][ T9420] CPU: 1 UID: 0 PID: 9420 Comm: syz.0.752 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 234.389027][ T9420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 234.389033][ T9420] Call Trace: [ 234.389037][ T9420] [ 234.389041][ T9420] dump_stack_lvl+0x16c/0x1f0 [ 234.389058][ T9420] should_fail_ex+0x512/0x640 [ 234.389069][ T9420] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 234.389085][ T9420] should_failslab+0xc2/0x120 [ 234.389095][ T9420] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 234.389113][ T9420] ? alloc_empty_file+0x55/0x1e0 [ 234.389126][ T9420] alloc_empty_file+0x55/0x1e0 [ 234.389137][ T9420] path_openat+0xe0/0x2d40 [ 234.389150][ T9420] ? __ia32_compat_sys_openat+0x16d/0x210 [ 234.389161][ T9420] ? __do_fast_syscall_32+0x73/0x120 [ 234.389175][ T9420] ? do_fast_syscall_32+0x32/0x80 [ 234.389188][ T9420] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 234.389204][ T9420] ? __pfx_path_openat+0x10/0x10 [ 234.389222][ T9420] do_filp_open+0x20b/0x470 [ 234.389236][ T9420] ? __pfx_do_filp_open+0x10/0x10 [ 234.389259][ T9420] ? alloc_fd+0x471/0x7d0 [ 234.389276][ T9420] do_sys_openat2+0x11b/0x1d0 [ 234.389286][ T9420] ? __pfx_do_sys_openat2+0x10/0x10 [ 234.389297][ T9420] ? __pfx___schedule+0x10/0x10 [ 234.389308][ T9420] ? __fget_files+0x20e/0x3c0 [ 234.389320][ T9420] ? __rcu_read_unlock+0x1f0/0x580 [ 234.389338][ T9420] __ia32_compat_sys_openat+0x16d/0x210 [ 234.389349][ T9420] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 234.389360][ T9420] ? ksys_write+0x1b9/0x240 [ 234.389375][ T9420] ? rcu_is_watching+0x12/0xc0 [ 234.389388][ T9420] __do_fast_syscall_32+0x73/0x120 [ 234.389403][ T9420] do_fast_syscall_32+0x32/0x80 [ 234.389417][ T9420] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 234.389428][ T9420] RIP: 0023:0xf7fa7579 [ 234.389437][ T9420] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 234.389446][ T9420] RSP: 002b:00000000f508455c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 234.389456][ T9420] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000800000c0 [ 234.389462][ T9420] RDX: 000000000000275a RSI: 0000000000000000 RDI: 0000000000000000 [ 234.389467][ T9420] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 234.389472][ T9420] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 234.389478][ T9420] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 234.389489][ T9420] [ 235.049681][ T9430] netlink: 32 bytes leftover after parsing attributes in process `syz.0.755'. [ 235.126998][ T9433] syz.2.757: attempt to access beyond end of device [ 235.126998][ T9433] loop5: rw=0, sector=0, nr_sectors = 1 limit=0 [ 235.131358][ T9433] FAT-fs (loop5): unable to read boot sector [ 235.407097][ T9441] netlink: 12 bytes leftover after parsing attributes in process `syz.2.758'. [ 236.690767][ T9457] netlink: 12 bytes leftover after parsing attributes in process `syz.3.764'. [ 237.473080][ T9472] netlink: 32 bytes leftover after parsing attributes in process `syz.3.766'. [ 237.744867][ T9479] netlink: 32 bytes leftover after parsing attributes in process `syz.1.769'. [ 238.640945][ T9494] netlink: 12 bytes leftover after parsing attributes in process `syz.0.772'. [ 238.684085][ T9495] netlink: 32 bytes leftover after parsing attributes in process `syz.3.780'. [ 239.348275][ T9504] netlink: 12 bytes leftover after parsing attributes in process `syz.2.774'. [ 239.779598][ T9513] 9pnet_fd: Insufficient options for proto=fd [ 239.849610][ T40] audit: type=1326 audit(1743886817.278:1819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9505 comm="syz.3.776" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf742e579 code=0x0 [ 239.892782][ T9516] netlink: 12 bytes leftover after parsing attributes in process `syz.0.775'. [ 240.187666][ T9520] netlink: 28 bytes leftover after parsing attributes in process `syz.2.778'. [ 241.552513][ T9534] netlink: 28 bytes leftover after parsing attributes in process `syz.0.790'. [ 242.008253][ T9545] netlink: 12 bytes leftover after parsing attributes in process `syz.2.784'. [ 242.419794][ T9556] netlink: 12 bytes leftover after parsing attributes in process `syz.1.785'. [ 243.324010][ T9568] netlink: 32 bytes leftover after parsing attributes in process `syz.1.788'. [ 243.812428][ T9572] netlink: 12 bytes leftover after parsing attributes in process `syz.3.789'. [ 244.486373][ T9585] 9pnet_fd: Insufficient options for proto=fd [ 244.492173][ T40] audit: type=1326 audit(1743886821.988:1820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9575 comm="syz.1.800" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf740e579 code=0x0 [ 244.959187][ T9594] syz.0.804: attempt to access beyond end of device [ 244.959187][ T9594] loop1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 244.963966][ T9594] FAT-fs (loop1): unable to read boot sector [ 246.106240][ T9611] netlink: 20 bytes leftover after parsing attributes in process `syz.2.798'. [ 246.370769][ T1487] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 246.520757][ T1487] usb 7-1: Using ep0 maxpacket: 8 [ 246.524034][ T1487] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 246.526272][ T1487] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 246.529579][ T1487] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 246.532260][ T1487] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 246.534841][ T1487] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 246.538208][ T1487] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 246.540595][ T1487] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.936913][ T9616] netlink: 12 bytes leftover after parsing attributes in process `syz.0.801'. [ 247.367482][ T9620] netlink: 12 bytes leftover after parsing attributes in process `syz.1.802'. [ 247.464745][ T9628] netlink: 12 bytes leftover after parsing attributes in process `syz.0.812'. [ 248.254374][ T9634] 9pnet_fd: Insufficient options for proto=fd [ 248.258847][ T40] audit: type=1326 audit(1743886825.748:1821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9630 comm="syz.1.805" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf740e579 code=0x0 [ 248.919023][ T1487] usb 7-1: usb_control_msg returned -71 [ 248.921504][ T1487] usbtmc 7-1:16.0: can't read capabilities [ 248.931593][ T1487] usb 7-1: USB disconnect, device number 8 [ 248.992621][ T40] audit: type=1326 audit(1743886826.488:1822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.2.809" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 248.998458][ T40] audit: type=1326 audit(1743886826.488:1823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.2.809" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 249.004526][ T40] audit: type=1326 audit(1743886826.488:1824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.2.809" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 249.010265][ T40] audit: type=1326 audit(1743886826.488:1825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.2.809" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 249.016404][ T40] audit: type=1326 audit(1743886826.488:1826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.2.809" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 249.022212][ T40] audit: type=1326 audit(1743886826.488:1827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.2.809" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 249.028058][ T40] audit: type=1326 audit(1743886826.498:1828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.2.809" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 249.033949][ T40] audit: type=1326 audit(1743886826.508:1829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.2.809" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 249.039501][ T40] audit: type=1326 audit(1743886826.508:1830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.2.809" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf73ee5a7 code=0x7ffc0000 [ 249.273134][ T9653] netlink: 32 bytes leftover after parsing attributes in process `syz.0.808'. [ 249.329056][ T9654] netlink: 32 bytes leftover after parsing attributes in process `syz.2.810'. [ 250.451470][ T9671] netlink: 32 bytes leftover after parsing attributes in process `syz.0.822'. [ 250.525893][ T9669] 9pnet_fd: Insufficient options for proto=fd [ 251.273494][ T9677] netlink: 12 bytes leftover after parsing attributes in process `syz.3.815'. [ 252.266773][ T9702] netlink: 216 bytes leftover after parsing attributes in process `syz.0.820'. [ 252.269308][ T9702] netlink: 216 bytes leftover after parsing attributes in process `syz.0.820'. [ 252.529923][ T9697] 9pnet_fd: Insufficient options for proto=fd [ 252.589873][ T9699] 9pnet_fd: Insufficient options for proto=fd [ 252.622750][ T9702] netlink: 116 bytes leftover after parsing attributes in process `syz.0.820'. [ 253.206438][ T9719] netlink: 12 bytes leftover after parsing attributes in process `syz.2.821'. [ 254.307828][ T9734] netlink: 32 bytes leftover after parsing attributes in process `syz.2.829'. [ 254.400510][ T9736] netlink: 12 bytes leftover after parsing attributes in process `syz.3.827'. [ 255.042951][ T9742] netlink: 216 bytes leftover after parsing attributes in process `syz.3.833'. [ 255.043218][ T9737] netlink: 12 bytes leftover after parsing attributes in process `syz.0.830'. [ 255.045486][ T9742] netlink: 216 bytes leftover after parsing attributes in process `syz.3.833'. [ 255.083915][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.086224][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.136450][ T9743] netlink: 116 bytes leftover after parsing attributes in process `syz.3.833'. [ 256.631789][ T9774] netlink: 32 bytes leftover after parsing attributes in process `syz.0.838'. [ 256.755460][ T9777] netlink: 32 bytes leftover after parsing attributes in process `syz.2.840'. [ 258.215648][ T9799] netlink: 12 bytes leftover after parsing attributes in process `syz.3.845'. [ 258.490794][ T24] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 258.640896][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 258.644658][ T24] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 258.647806][ T24] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 258.651717][ T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 258.655431][ T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 258.659185][ T24] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 258.664155][ T24] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 258.667617][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.865029][ T9806] netlink: 12 bytes leftover after parsing attributes in process `syz.1.846'. [ 259.227606][ T9813] 9pnet_fd: Insufficient options for proto=fd [ 259.559146][ T40] kauditd_printk_skb: 142 callbacks suppressed [ 259.559158][ T40] audit: type=1326 audit(1743886837.048:1973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9803 comm="syz.0.847" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa7579 code=0x0 [ 260.508091][ T24] usb 7-1: usb_control_msg returned -71 [ 260.509713][ T24] usbtmc 7-1:16.0: can't read capabilities [ 260.513532][ T24] usb 7-1: USB disconnect, device number 9 [ 260.654234][ T9830] netlink: 32 bytes leftover after parsing attributes in process `syz.3.852'. [ 262.004592][ T9845] netlink: 32 bytes leftover after parsing attributes in process `syz.1.855'. [ 262.286386][ T9843] netlink: 12 bytes leftover after parsing attributes in process `syz.3.863'. [ 262.718720][ T9855] netlink: 216 bytes leftover after parsing attributes in process `syz.3.858'. [ 262.718734][ T9855] netlink: 216 bytes leftover after parsing attributes in process `syz.3.858'. [ 262.792132][ T9858] netlink: 44 bytes leftover after parsing attributes in process `syz.3.858'. [ 262.794679][ T9858] netlink: 43 bytes leftover after parsing attributes in process `syz.3.858'. [ 262.797123][ T9858] netlink: 'syz.3.858': attribute type 6 has an invalid length. [ 262.799304][ T9858] netlink: 43 bytes leftover after parsing attributes in process `syz.3.858'. [ 263.592283][ T9868] netlink: 12 bytes leftover after parsing attributes in process `syz.0.860'. [ 263.613798][ T9867] netlink: 12 bytes leftover after parsing attributes in process `syz.3.859'. [ 264.553482][ T9882] netlink: 12 bytes leftover after parsing attributes in process `syz.1.872'. [ 265.263695][ T9897] netlink: 12 bytes leftover after parsing attributes in process `syz.0.866'. [ 265.594479][ T9901] netlink: 32 bytes leftover after parsing attributes in process `syz.1.877'. [ 266.240894][ T9910] netlink: 32 bytes leftover after parsing attributes in process `syz.0.870'. [ 266.450830][ T58] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 266.600836][ T58] usb 7-1: Using ep0 maxpacket: 8 [ 266.604512][ T58] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 266.606788][ T58] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 266.609404][ T58] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 266.612115][ T58] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 266.614774][ T58] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 266.618289][ T58] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 266.620797][ T58] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.287288][ T9919] netlink: 12 bytes leftover after parsing attributes in process `syz.1.873'. [ 268.378936][ T9930] netlink: 12 bytes leftover after parsing attributes in process `syz.0.875'. [ 268.757524][ T58] usb 7-1: usb_control_msg returned -71 [ 268.759441][ T58] usbtmc 7-1:16.0: can't read capabilities [ 268.783359][ T58] usb 7-1: USB disconnect, device number 10 [ 269.209452][ T9944] netlink: 12 bytes leftover after parsing attributes in process `syz.2.878'. [ 269.495965][ T9936] 9pnet_fd: Insufficient options for proto=fd [ 269.498593][ T40] audit: type=1326 audit(1743886846.988:1974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.3.886" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf742e579 code=0x0 [ 270.426541][ T9957] netlink: 12 bytes leftover after parsing attributes in process `syz.1.883'. [ 270.493688][ T9959] 9pnet_fd: Insufficient options for proto=fd [ 270.496325][ T40] audit: type=1326 audit(1743886847.988:1975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9950 comm="syz.2.881" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 270.989839][ T9976] netlink: 12 bytes leftover after parsing attributes in process `syz.0.885'. [ 272.209833][ T9989] netlink: 12 bytes leftover after parsing attributes in process `syz.0.890'. [ 272.315238][ T9997] netlink: 28 bytes leftover after parsing attributes in process `syz.2.891'. [ 273.243119][T10010] netlink: 12 bytes leftover after parsing attributes in process `syz.1.893'. [ 273.464661][T10012] netlink: 12 bytes leftover after parsing attributes in process `syz.3.902'. [ 274.204806][T10027] netlink: 12 bytes leftover after parsing attributes in process `syz.3.898'. [ 274.561291][T10029] netlink: 12 bytes leftover after parsing attributes in process `syz.2.896'. [ 275.375749][T10049] input: syz0 as /devices/virtual/input/input39 [ 276.466783][T10064] netlink: 12 bytes leftover after parsing attributes in process `syz.1.908'. [ 276.654615][T10065] netlink: 12 bytes leftover after parsing attributes in process `syz.3.906'. [ 277.528845][T10073] netlink: 12 bytes leftover after parsing attributes in process `syz.0.918'. [ 277.760769][ T65] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 277.920908][ T65] usb 7-1: Using ep0 maxpacket: 8 [ 277.931683][ T65] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 277.934158][ T65] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 277.937087][ T65] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 277.939785][ T65] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 277.943902][ T65] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 277.947589][ T65] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 277.950042][ T65] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.165740][T10086] netlink: 12 bytes leftover after parsing attributes in process `syz.3.912'. [ 278.694992][T10091] netlink: 32 bytes leftover after parsing attributes in process `syz.1.913'. [ 279.037226][T10096] input: syz0 as /devices/virtual/input/input40 [ 280.458241][ T65] usb 7-1: usb_control_msg returned -71 [ 280.459658][ T65] usbtmc 7-1:16.0: can't read capabilities [ 280.463496][ T65] usb 7-1: USB disconnect, device number 11 [ 280.657573][T10110] netlink: 12 bytes leftover after parsing attributes in process `syz.1.919'. [ 280.857697][T10119] netlink: 32 bytes leftover after parsing attributes in process `syz.2.922'. [ 280.969779][T10113] netlink: 12 bytes leftover after parsing attributes in process `syz.3.920'. [ 281.837076][T10124] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 281.839491][T10124] overlayfs: missing 'lowerdir' [ 281.925655][T10138] input: syz0 as /devices/virtual/input/input41 [ 281.956618][T10139] netlink: 12 bytes leftover after parsing attributes in process `syz.2.926'. [ 282.080776][ T1487] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 282.230734][ T1487] usb 6-1: Using ep0 maxpacket: 8 [ 282.233515][ T1487] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 282.236181][ T1487] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 282.239205][ T1487] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 282.242003][ T1487] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 282.244623][ T1487] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 282.247336][ T1487] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 282.250884][ T1487] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 282.253346][ T1487] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.258980][ T1487] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22 [ 282.995447][T10152] netlink: 32 bytes leftover after parsing attributes in process `syz.2.929'. [ 283.413426][T10145] netlink: 12 bytes leftover after parsing attributes in process `syz.0.936'. [ 284.118089][T10166] netlink: 12 bytes leftover after parsing attributes in process `syz.2.931'. [ 284.329212][ T58] usb 6-1: USB disconnect, device number 6 [ 284.925187][T10175] netlink: 12 bytes leftover after parsing attributes in process `syz.2.933'. [ 285.607476][T10183] input: syz0 as /devices/virtual/input/input42 [ 286.365351][T10193] netlink: 32 bytes leftover after parsing attributes in process `syz.0.940'. [ 286.371653][ T58] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 286.431909][T10196] input: syz0 as /devices/virtual/input/input43 [ 286.520809][ T58] usb 6-1: device descriptor read/64, error -71 [ 286.760796][ T58] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 286.890797][ T58] usb 6-1: device descriptor read/64, error -71 [ 287.011240][ T58] usb usb6-port1: attempt power cycle [ 287.039725][T10200] input: syz0 as /devices/virtual/input/input44 [ 287.340612][T10209] netlink: 32 bytes leftover after parsing attributes in process `syz.0.941'. [ 287.431014][T10210] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 287.433518][T10210] overlayfs: missing 'lowerdir' [ 287.490804][ T58] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 287.495199][T10211] netlink: 12 bytes leftover after parsing attributes in process `syz.2.942'. [ 287.521178][ T58] usb 6-1: device descriptor read/8, error -71 [ 287.710990][ T10] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 287.760809][ T58] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 287.791217][ T58] usb 6-1: device descriptor read/8, error -71 [ 287.860784][ T10] usb 8-1: Using ep0 maxpacket: 8 [ 287.863559][ T10] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 287.865997][ T10] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 287.868647][ T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 287.871420][ T10] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 287.874072][ T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 287.876814][ T10] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 287.880372][ T10] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 287.882908][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.887392][ T10] usbtmc 8-1:16.0: probe with driver usbtmc failed with error -22 [ 287.903184][ T58] usb usb6-port1: unable to enumerate USB device [ 288.100273][ T40] audit: type=1326 audit(1743886865.588:1976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10212 comm="syz.2.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 288.109144][ T40] audit: type=1326 audit(1743886865.588:1977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10212 comm="syz.2.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 288.116419][ T40] audit: type=1326 audit(1743886865.598:1978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10212 comm="syz.2.945" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 288.123759][ T40] audit: type=1326 audit(1743886865.598:1979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10212 comm="syz.2.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 288.130177][ T40] audit: type=1326 audit(1743886865.598:1980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10212 comm="syz.2.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 288.136572][ T40] audit: type=1326 audit(1743886865.598:1981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10212 comm="syz.2.945" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 288.144499][ T40] audit: type=1326 audit(1743886865.598:1982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10212 comm="syz.2.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 288.150554][ T40] audit: type=1326 audit(1743886865.598:1983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10212 comm="syz.2.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 288.156340][ T40] audit: type=1326 audit(1743886865.598:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10212 comm="syz.2.945" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 288.164124][ T40] audit: type=1326 audit(1743886865.598:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10212 comm="syz.2.945" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 288.306973][ T58] hid-generic C98F:0003:0000.0002: item fetching failed at offset 0/2 [ 288.309816][ T58] hid-generic C98F:0003:0000.0002: probe with driver hid-generic failed with error -22 [ 289.127974][T10227] netlink: 32 bytes leftover after parsing attributes in process `syz.1.949'. [ 289.922038][T10235] input: syz0 as /devices/virtual/input/input45 [ 290.024671][T10237] 9pnet_fd: Insufficient options for proto=fd [ 290.209174][ T1925] usb 8-1: USB disconnect, device number 21 [ 290.435569][T10244] netlink: 32 bytes leftover after parsing attributes in process `syz.3.953'. [ 291.112632][T10251] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 291.290051][T10259] netlink: 12 bytes leftover after parsing attributes in process `syz.2.954'. [ 291.630833][ T58] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 291.770754][ T58] usb 8-1: device descriptor read/64, error -71 [ 292.021754][ T58] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 292.161843][ T58] usb 8-1: device descriptor read/64, error -71 [ 292.243039][T10268] netlink: 12 bytes leftover after parsing attributes in process `syz.0.959'. [ 292.271183][ T58] usb usb8-port1: attempt power cycle [ 292.620758][ T58] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 292.641194][ T58] usb 8-1: device descriptor read/8, error -71 [ 292.699188][T10274] netlink: 32 bytes leftover after parsing attributes in process `syz.2.960'. [ 292.910901][ T58] usb 8-1: new high-speed USB device number 25 using dummy_hcd [ 292.941939][ T58] usb 8-1: device descriptor read/8, error -71 [ 293.074705][ T58] usb usb8-port1: unable to enumerate USB device [ 293.240091][T10280] netlink: 12 bytes leftover after parsing attributes in process `syz.0.961'. [ 293.518128][T10283] input: syz0 as /devices/virtual/input/input46 [ 293.900398][T10288] FAULT_INJECTION: forcing a failure. [ 293.900398][T10288] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 293.903976][T10288] CPU: 2 UID: 0 PID: 10288 Comm: syz.1.964 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 293.903990][T10288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 293.903996][T10288] Call Trace: [ 293.904000][T10288] [ 293.904004][T10288] dump_stack_lvl+0x16c/0x1f0 [ 293.904021][T10288] should_fail_ex+0x512/0x640 [ 293.904035][T10288] _copy_to_user+0x32/0xd0 [ 293.904048][T10288] simple_read_from_buffer+0xcb/0x170 [ 293.904064][T10288] proc_fail_nth_read+0x197/0x270 [ 293.904077][T10288] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 293.904091][T10288] ? rw_verify_area+0xcf/0x680 [ 293.904103][T10288] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 293.904116][T10288] vfs_read+0x1de/0xc70 [ 293.904130][T10288] ? __pfx___mutex_lock+0x10/0x10 [ 293.904144][T10288] ? __pfx_vfs_read+0x10/0x10 [ 293.904161][T10288] ? __fget_files+0x20e/0x3c0 [ 293.904178][T10288] ksys_read+0x12a/0x240 [ 293.904191][T10288] ? __pfx_ksys_read+0x10/0x10 [ 293.904205][T10288] ? rcu_is_watching+0x12/0xc0 [ 293.904219][T10288] __do_fast_syscall_32+0x73/0x120 [ 293.904234][T10288] do_fast_syscall_32+0x32/0x80 [ 293.904248][T10288] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 293.904262][T10288] RIP: 0023:0xf740e579 [ 293.904269][T10288] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 293.904279][T10288] RSP: 002b:00000000f5096590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 293.904288][T10288] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5096620 [ 293.904294][T10288] RDX: 000000000000000f RSI: 00000000f73fcff4 RDI: 0000000000000000 [ 293.904299][T10288] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 293.904304][T10288] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 293.904310][T10288] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 293.904321][T10288] [ 294.443495][T10295] 9pnet_fd: Insufficient options for proto=fd [ 294.445890][ T40] kauditd_printk_skb: 11 callbacks suppressed [ 294.445900][ T40] audit: type=1326 audit(1743886871.938:1997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10291 comm="syz.2.966" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 294.594677][T10301] 9pnet_fd: Insufficient options for proto=fd [ 294.601438][ T40] audit: type=1326 audit(1743886872.098:1998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10284 comm="syz.0.963" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa7579 code=0x0 [ 295.063802][T10312] netlink: 12 bytes leftover after parsing attributes in process `syz.1.970'. [ 295.590860][ T1487] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 295.741491][ T1487] usb 7-1: Using ep0 maxpacket: 8 [ 295.744314][ T1487] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 295.746607][ T1487] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 295.749390][ T1487] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 295.751880][ T1487] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.016967][T10321] netlink: 12 bytes leftover after parsing attributes in process `syz.3.971'. [ 296.820946][T10331] netlink: 32 bytes leftover after parsing attributes in process `syz.3.973'. [ 297.418244][T10334] netlink: 12 bytes leftover after parsing attributes in process `syz.1.974'. [ 297.750837][ T40] audit: type=1326 audit(1743886875.238:1999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10335 comm="syz.3.975" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 297.756709][ T40] audit: type=1326 audit(1743886875.238:2000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10335 comm="syz.3.975" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 297.762791][ T40] audit: type=1326 audit(1743886875.238:2001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10335 comm="syz.3.975" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 297.768997][ T40] audit: type=1326 audit(1743886875.238:2002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10335 comm="syz.3.975" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 297.775063][ T40] audit: type=1326 audit(1743886875.238:2003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10335 comm="syz.3.975" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 297.780968][ T40] audit: type=1326 audit(1743886875.238:2004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10335 comm="syz.3.975" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 297.787632][ T40] audit: type=1326 audit(1743886875.248:2005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10335 comm="syz.3.975" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 297.793518][ T40] audit: type=1326 audit(1743886875.248:2006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10335 comm="syz.3.975" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 298.082448][ T1925] usb 7-1: USB disconnect, device number 12 [ 298.298751][T10348] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 298.644177][T10353] 9pnet_fd: Insufficient options for proto=fd [ 298.676899][T10354] ieee802154 phy0 wpan0: encryption failed: -22 [ 298.843222][T10357] netlink: 12 bytes leftover after parsing attributes in process `syz.3.982'. [ 299.060785][ T57] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 299.079098][T10348] FAULT_INJECTION: forcing a failure. [ 299.079098][T10348] name fail_futex, interval 1, probability 0, space 0, times 1 [ 299.082676][T10348] CPU: 0 UID: 0 PID: 10348 Comm: syz.1.980 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 299.082690][T10348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 299.082696][T10348] Call Trace: [ 299.082700][T10348] [ 299.082703][T10348] dump_stack_lvl+0x16c/0x1f0 [ 299.082721][T10348] should_fail_ex+0x512/0x640 [ 299.082738][T10348] get_futex_key+0x49e/0x1000 [ 299.082754][T10348] ? __pfx_get_futex_key+0x10/0x10 [ 299.082770][T10348] futex_wake+0xe7/0x4e0 [ 299.082779][T10348] ? rcu_is_watching+0x12/0xc0 [ 299.082792][T10348] ? __pfx_futex_wake+0x10/0x10 [ 299.082806][T10348] do_futex+0x1e3/0x350 [ 299.082820][T10348] ? __pfx_do_futex+0x10/0x10 [ 299.082832][T10348] ? __might_fault+0xe3/0x190 [ 299.082851][T10348] mm_release+0x24e/0x300 [ 299.082864][T10348] do_exit+0x898/0x2c30 [ 299.082872][T10348] ? __pfx___might_resched+0x10/0x10 [ 299.082888][T10348] ? __pfx_do_exit+0x10/0x10 [ 299.082896][T10348] ? do_raw_spin_lock+0x12c/0x2b0 [ 299.082907][T10348] ? find_held_lock+0x2b/0x80 [ 299.082921][T10348] do_group_exit+0xd3/0x2a0 [ 299.082930][T10348] get_signal+0x2673/0x26d0 [ 299.082943][T10348] ? fput+0xcf/0xf0 [ 299.082954][T10348] ? __pfx___sys_sendto+0x10/0x10 [ 299.082967][T10348] ? __pfx_get_signal+0x10/0x10 [ 299.082982][T10348] arch_do_signal_or_restart+0x8f/0x7d0 [ 299.082998][T10348] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 299.083015][T10348] ? ksys_write+0x1b9/0x240 [ 299.083028][T10348] ? __pfx_ksys_write+0x10/0x10 [ 299.083043][T10348] syscall_exit_to_user_mode+0x150/0x2a0 [ 299.083058][T10348] __do_fast_syscall_32+0x80/0x120 [ 299.083073][T10348] do_fast_syscall_32+0x32/0x80 [ 299.083087][T10348] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 299.083099][T10348] RIP: 0023:0xf740e579 [ 299.083107][T10348] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 299.083116][T10348] RSP: 002b:00000000f507555c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 299.083125][T10348] RAX: fffffffffffffe00 RBX: 0000000000000009 RCX: 00000000800012c0 [ 299.083131][T10348] RDX: 00000000000020c8 RSI: 0000000000000011 RDI: 0000000000000000 [ 299.083137][T10348] RBP: 0000000000000027 R08: 0000000000000000 R09: 0000000000000000 [ 299.083142][T10348] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 299.083148][T10348] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 299.083159][T10348] [ 299.190821][ T57] usb 7-1: device descriptor read/64, error -71 [ 299.430863][ T57] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 299.560802][ T57] usb 7-1: device descriptor read/64, error -71 [ 299.671283][ T57] usb usb7-port1: attempt power cycle [ 299.805419][T10370] netlink: 32 bytes leftover after parsing attributes in process `syz.3.986'. [ 300.040851][ T57] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 300.071860][ T57] usb 7-1: device descriptor read/8, error -71 [ 300.320798][ T57] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 300.556293][ T57] usb 7-1: device descriptor read/8, error -71 [ 300.653579][T10376] netlink: 12 bytes leftover after parsing attributes in process `syz.0.987'. [ 300.660966][ T57] usb usb7-port1: unable to enumerate USB device [ 300.883121][T10382] netlink: 12 bytes leftover after parsing attributes in process `syz.3.989'. [ 301.324090][T10391] FAULT_INJECTION: forcing a failure. [ 301.324090][T10391] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 301.327810][T10391] CPU: 1 UID: 0 PID: 10391 Comm: syz.1.990 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 301.327834][T10391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 301.327841][T10391] Call Trace: [ 301.327845][T10391] [ 301.327849][T10391] dump_stack_lvl+0x16c/0x1f0 [ 301.327866][T10391] should_fail_ex+0x512/0x640 [ 301.327880][T10391] _copy_to_user+0x32/0xd0 [ 301.327894][T10391] simple_read_from_buffer+0xcb/0x170 [ 301.327909][T10391] proc_fail_nth_read+0x197/0x270 [ 301.327923][T10391] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 301.327937][T10391] ? rw_verify_area+0xcf/0x680 [ 301.327948][T10391] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 301.327962][T10391] vfs_read+0x1de/0xc70 [ 301.327976][T10391] ? __pfx___mutex_lock+0x10/0x10 [ 301.327990][T10391] ? __pfx_vfs_read+0x10/0x10 [ 301.328006][T10391] ? __fget_files+0x20e/0x3c0 [ 301.328024][T10391] ksys_read+0x12a/0x240 [ 301.328037][T10391] ? __pfx_ksys_read+0x10/0x10 [ 301.328051][T10391] ? rcu_is_watching+0x12/0xc0 [ 301.328065][T10391] __do_fast_syscall_32+0x73/0x120 [ 301.328080][T10391] do_fast_syscall_32+0x32/0x80 [ 301.328094][T10391] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 301.328106][T10391] RIP: 0023:0xf740e579 [ 301.328115][T10391] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 301.328124][T10391] RSP: 002b:00000000f5054590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 301.328134][T10391] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000f5054620 [ 301.328139][T10391] RDX: 000000000000000f RSI: 00000000f73fcff4 RDI: 0000000000000000 [ 301.328145][T10391] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 301.328150][T10391] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 301.328156][T10391] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 301.328168][T10391] [ 301.437741][ T34] hid-generic C98F:0003:0000.0003: item fetching failed at offset 0/2 [ 301.447448][ T34] hid-generic C98F:0003:0000.0003: probe with driver hid-generic failed with error -22 [ 301.550785][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 301.570536][ T40] audit: type=1326 audit(1743886879.018:2020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10386 comm="syz.0.991" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 301.657327][ T40] audit: type=1326 audit(1743886879.018:2021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10386 comm="syz.0.991" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 301.665168][ T40] audit: type=1326 audit(1743886879.018:2022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10386 comm="syz.0.991" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 301.673213][ T40] audit: type=1326 audit(1743886879.018:2023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10386 comm="syz.0.991" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 301.682355][ T40] audit: type=1326 audit(1743886879.018:2024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10386 comm="syz.0.991" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 301.689970][ T40] audit: type=1326 audit(1743886879.018:2025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10386 comm="syz.0.991" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 301.698136][ T40] audit: type=1326 audit(1743886879.018:2026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10386 comm="syz.0.991" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 301.705798][ T40] audit: type=1326 audit(1743886879.018:2027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10386 comm="syz.0.991" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 301.713380][ T40] audit: type=1326 audit(1743886879.018:2028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10386 comm="syz.0.991" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 301.720376][ T40] audit: type=1326 audit(1743886879.018:2029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10386 comm="syz.0.991" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 302.013284][T10404] netlink: 12 bytes leftover after parsing attributes in process `syz.3.994'. [ 302.686576][T10412] netlink: 12 bytes leftover after parsing attributes in process `syz.1.996'. [ 303.650765][ T6014] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 303.696055][T10423] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1005'. [ 303.774564][T10424] netlink: 28 bytes leftover after parsing attributes in process `syz.1.998'. [ 303.810815][ T6014] usb 5-1: Using ep0 maxpacket: 8 [ 303.816393][ T6014] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 303.818867][ T6014] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 303.821830][ T6014] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 303.839534][ T6014] usb 5-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 304.002349][ T6014] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 304.009048][ T6014] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 304.013661][ T6014] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.022309][ T6014] usbtmc 5-1:16.0: bulk endpoints not found [ 304.543895][T10434] netlink: 32 bytes leftover after parsing attributes in process `syz.2.999'. [ 304.729199][T10436] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1001'. [ 305.402681][T10443] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1003'. [ 306.173385][ T6014] usb 5-1: USB disconnect, device number 20 [ 306.363680][T10457] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1007'. [ 307.476554][T10473] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1009'. [ 307.570769][T10474] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1010'. [ 307.872076][T10472] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1012'. [ 308.679471][T10478] 9pnet_fd: Insufficient options for proto=fd [ 308.682003][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 308.682013][ T40] audit: type=1326 audit(1743886886.178:2040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10463 comm="syz.3.1011" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf742e579 code=0x0 [ 308.880786][ T6014] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 309.071247][ T6014] usb 5-1: Using ep0 maxpacket: 8 [ 309.081200][ T6014] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 309.083964][ T6014] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 309.088031][ T6014] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 309.091882][ T6014] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 309.095688][ T6014] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 309.100864][ T6014] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 309.104309][ T6014] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.255360][ T6014] usbtmc 5-1:16.0: bulk endpoints not found [ 309.466970][ T40] audit: type=1326 audit(1743886886.958:2041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10495 comm="syz.1.1016" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf740e579 code=0x0 [ 309.490827][ T6025] usb 8-1: new high-speed USB device number 26 using dummy_hcd [ 309.650765][ T6025] usb 8-1: Using ep0 maxpacket: 8 [ 309.654322][ T6025] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 309.657229][ T6025] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 309.660745][ T6025] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 309.664436][ T6025] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 309.668202][ T6025] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 309.672647][T10503] 9pnet_fd: Insufficient options for proto=fd [ 309.676078][ T6025] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 309.676503][ T40] audit: type=1326 audit(1743886887.168:2042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10491 comm="syz.2.1023" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 309.679508][ T6025] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.291616][T10510] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1017'. [ 311.233702][ T6014] usb 5-1: USB disconnect, device number 21 [ 311.909735][ T6025] usb 8-1: usb_control_msg returned -71 [ 311.911455][ T6025] usbtmc 8-1:16.0: can't read capabilities [ 311.914947][ T6025] usb 8-1: USB disconnect, device number 26 [ 312.399184][T10529] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1022'. [ 312.606417][T10536] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1024'. [ 313.214110][T10545] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1027'. [ 314.146790][T10562] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1029'. [ 314.570767][ T1925] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 314.822019][ T1925] usb 6-1: Using ep0 maxpacket: 8 [ 314.825962][ T1925] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 314.828336][ T1925] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 314.911848][ T1925] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 314.914717][ T1925] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 314.918582][ T1925] usb 6-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 314.925376][ T1925] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 314.928249][ T1925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.942578][ T1925] usbtmc 6-1:16.0: bulk endpoints not found [ 315.196778][T10577] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1034'. [ 316.192938][T10588] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1036'. [ 316.524139][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.526027][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.971148][ T1925] usb 6-1: USB disconnect, device number 11 [ 317.750200][T10600] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1040'. [ 317.750807][T10603] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1041'. [ 317.844428][T10601] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1039'. [ 318.611792][T10619] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1046'. [ 319.153576][T10627] input: syz0 as /devices/virtual/input/input47 [ 319.389649][T10632] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1048'. [ 320.455026][T10642] 9pnet_fd: Insufficient options for proto=fd [ 320.639015][ T40] audit: type=1326 audit(1743886898.128:2043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10629 comm="syz.2.1049" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 321.229848][T10655] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 321.234191][T10655] overlayfs: missing 'lowerdir' [ 321.431716][T10652] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1052'. [ 321.672489][ T57] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 321.724115][T10660] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1053'. [ 321.823116][ T57] usb 6-1: Using ep0 maxpacket: 8 [ 321.830803][ T57] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 321.833865][ T57] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 321.849915][ T57] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 321.852639][ T57] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 321.855229][ T57] usb 6-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 321.858594][ T57] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 321.862041][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.867494][ T57] usbtmc 6-1:16.0: bulk endpoints not found [ 322.593076][ T40] audit: type=1326 audit(1743886900.088:2044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10663 comm="syz.0.1056" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa7579 code=0x0 [ 322.900766][ T6014] usb 8-1: new high-speed USB device number 27 using dummy_hcd [ 323.050779][ T6014] usb 8-1: Using ep0 maxpacket: 8 [ 323.056881][ T6014] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 323.064473][ T6014] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 323.072997][ T6014] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 323.074694][ T6014] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 323.074715][ T6014] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 323.074748][ T6014] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 323.074766][ T6014] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.961259][ T58] usb 6-1: USB disconnect, device number 12 [ 324.360897][ T5991] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 324.520792][ T5991] usb 5-1: Using ep0 maxpacket: 8 [ 324.525294][ T5991] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 324.527622][ T5991] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 324.530313][ T5991] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 324.532901][ T5991] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 324.535557][ T5991] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 324.539085][ T5991] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 324.541702][ T5991] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.209745][ T6014] usb 8-1: usb_control_msg returned -71 [ 325.211429][ T6014] usbtmc 8-1:16.0: can't read capabilities [ 325.218350][ T6014] usb 8-1: USB disconnect, device number 27 [ 325.537739][T10699] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1072'. [ 325.715231][T10700] 9pnet_fd: Insufficient options for proto=fd [ 325.750647][ T40] audit: type=1326 audit(1743886903.238:2045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10692 comm="syz.3.1061" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf742e579 code=0x0 [ 326.710450][ T40] audit: type=1326 audit(1743886904.198:2046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10701 comm="syz.3.1062" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf742e579 code=0x0 [ 326.756591][T10709] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1063'. [ 326.877063][ T5991] usb 5-1: usb_control_msg returned -71 [ 326.878640][ T5991] usbtmc 5-1:16.0: can't read capabilities [ 326.885697][ T5991] usb 5-1: USB disconnect, device number 22 [ 326.934964][T10715] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1074'. [ 328.610827][T10734] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1070'. [ 328.809978][T10737] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1073'. [ 328.811873][T10740] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1068'. [ 328.873398][T10735] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1080'. [ 329.736739][ T40] audit: type=1326 audit(1743886907.228:2047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10743 comm="syz.2.1076" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 329.772843][T10752] 9pnet_fd: Insufficient options for proto=fd [ 329.778994][ T40] audit: type=1326 audit(1743886907.268:2048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10741 comm="syz.0.1075" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa7579 code=0x0 [ 330.090782][ T5991] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 330.448812][T10766] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1081'. [ 331.055344][ T5991] usb 6-1: Using ep0 maxpacket: 8 [ 331.092048][ T40] audit: type=1326 audit(1743886908.588:2049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10775 comm="syz.2.1083" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 331.120662][T10769] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1079'. [ 331.135612][ T5991] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 331.137927][ T5991] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 331.140568][ T5991] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 331.143302][ T5991] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 331.146017][ T5991] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 331.149525][ T5991] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 331.152031][ T5991] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.443343][T10783] sp0: Synchronizing with TNC [ 332.080831][ T6025] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 332.230792][ T6025] usb 5-1: Using ep0 maxpacket: 8 [ 332.233995][ T6025] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 332.236991][ T6025] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 332.240553][ T6025] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 332.243718][ T6025] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 332.246438][ T6025] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 332.250043][ T6025] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 332.252575][ T6025] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.417731][T10798] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1095'. [ 332.511863][ T5991] usb 6-1: usb_control_msg returned -71 [ 332.514119][ T5991] usbtmc 6-1:16.0: can't read capabilities [ 332.518421][ T5991] usb 6-1: USB disconnect, device number 13 [ 332.954647][ T40] audit: type=1326 audit(1743886910.448:2050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10803 comm="syz.1.1087" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf740e579 code=0x0 [ 333.743686][T10821] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1089'. [ 333.877387][T10823] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1088'. [ 334.066894][T10818] netlink: 'syz.3.1090': attribute type 11 has an invalid length. [ 334.069352][T10818] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1090'. [ 334.475660][ T6025] usb 5-1: usb_control_msg returned -71 [ 334.477274][ T6025] usbtmc 5-1:16.0: can't read capabilities [ 334.512533][ T6025] usb 5-1: USB disconnect, device number 23 [ 334.611243][T10835] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1091'. [ 335.062710][ T40] audit: type=1326 audit(1743886912.558:2051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10830 comm="syz.3.1094" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf742e579 code=0x0 [ 336.044661][T10864] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1100'. [ 336.421515][T10860] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1101'. [ 336.422213][T10858] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1102'. [ 336.811258][T10869] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1105'. [ 337.383409][ T40] audit: type=1326 audit(1743886914.878:2052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10879 comm="syz.3.1107" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf742e579 code=0x0 [ 337.520799][ T5991] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 337.690820][ T5991] usb 6-1: Using ep0 maxpacket: 8 [ 337.695131][ T5991] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 337.697664][ T5991] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 337.700237][ T5991] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 337.703471][ T5991] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 337.706246][ T5991] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 337.709818][ T5991] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 337.712465][ T5991] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.010752][T10895] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1109'. [ 338.198390][ T40] audit: type=1326 audit(1743886915.688:2053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.2.1111" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 338.204683][ T40] audit: type=1326 audit(1743886915.688:2054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.2.1111" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 338.210797][ T40] audit: type=1326 audit(1743886915.698:2055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.2.1111" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 338.217252][ T40] audit: type=1326 audit(1743886915.698:2056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.2.1111" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 338.224267][ T40] audit: type=1326 audit(1743886915.698:2057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.2.1111" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 338.230364][ T40] audit: type=1326 audit(1743886915.698:2058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.2.1111" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 338.236329][ T40] audit: type=1326 audit(1743886915.708:2059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.2.1111" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 338.242189][ T40] audit: type=1326 audit(1743886915.708:2060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.2.1111" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf73ee5a7 code=0x7ffc0000 [ 338.248085][ T40] audit: type=1326 audit(1743886915.708:2061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.2.1111" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000 [ 338.482030][T10904] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1113'. [ 338.974123][T10907] 9pnet_fd: Insufficient options for proto=fd [ 339.357166][T10919] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1116'. [ 339.612846][T10918] 9pnet_fd: Insufficient options for proto=fd [ 339.841045][ T5991] usb 6-1: usb_control_msg returned -71 [ 339.854222][ T5991] usbtmc 6-1:16.0: can't read capabilities [ 339.866780][ T5991] usb 6-1: USB disconnect, device number 14 [ 340.243727][T10931] sp0: Synchronizing with TNC [ 340.576791][T10939] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1121'. [ 341.807613][T10966] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1130'. [ 341.837983][T10965] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1129'. [ 342.421631][T10971] input: syz0 as /devices/virtual/input/input49 [ 343.024679][T10972] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1131'. [ 343.391614][ T5301] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 343.561103][ T5301] usb 6-1: Using ep0 maxpacket: 8 [ 343.565404][ T5301] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 343.567885][ T5301] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 343.570776][ T5301] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 343.573536][ T5301] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 343.576366][ T5301] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 343.580045][ T5301] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 343.583936][ T5301] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.638467][T10984] netlink: 'syz.2.1134': attribute type 11 has an invalid length. [ 343.641662][T10984] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1134'. [ 344.283527][T10996] sp0: Synchronizing with TNC [ 344.640805][ T40] kauditd_printk_skb: 158 callbacks suppressed [ 344.640817][ T40] audit: type=1326 audit(1743886922.088:2220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10990 comm="syz.3.1145" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf742e579 code=0x0 [ 345.392224][ T40] audit: type=1326 audit(1743886922.888:2221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10999 comm="syz.2.1136" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 345.586966][T11012] 9pnet_fd: Insufficient options for proto=fd [ 345.592014][ T40] audit: type=1326 audit(1743886923.088:2222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11007 comm="syz.3.1137" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf742e579 code=0x0 [ 345.820193][ T5301] usb 6-1: usb_control_msg returned -71 [ 345.821846][ T5301] usbtmc 6-1:16.0: can't read capabilities [ 345.825275][ T5301] usb 6-1: USB disconnect, device number 15 [ 345.996241][T11005] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1147'. [ 346.626509][T11028] 9pnet_fd: Insufficient options for proto=fd [ 346.628994][ T40] audit: type=1326 audit(1743886924.118:2223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11014 comm="syz.2.1138" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 346.736670][T11030] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1141'. [ 346.948099][T11027] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1142'. [ 347.191527][T11037] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1143'. [ 347.575800][T11039] 9pnet_fd: Insufficient options for proto=fd [ 347.580584][ T40] audit: type=1326 audit(1743886925.068:2224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11034 comm="syz.2.1146" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0 [ 347.966903][T11046] sp0: Synchronizing with TNC [ 347.978684][T11049] input: syz0 as /devices/virtual/input/input50 [ 348.110796][ T40] audit: type=1326 audit(1743886925.598:2225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11042 comm="syz.1.1148" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 348.118240][ T40] audit: type=1326 audit(1743886925.598:2226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11042 comm="syz.1.1148" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 348.124252][ T40] audit: type=1326 audit(1743886925.598:2227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11042 comm="syz.1.1148" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 348.129992][ T40] audit: type=1326 audit(1743886925.598:2228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11042 comm="syz.1.1148" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 348.135726][ T40] audit: type=1326 audit(1743886925.598:2229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11042 comm="syz.1.1148" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 348.283595][T11053] netlink: 216 bytes leftover after parsing attributes in process `syz.0.1159'. [ 348.286809][T11053] netlink: 216 bytes leftover after parsing attributes in process `syz.0.1159'. [ 348.491175][ T5996] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 349.473358][T11074] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1154'. [ 349.577122][T11077] input: syz0 as /devices/virtual/input/input51 [ 349.651914][ T40] kauditd_printk_skb: 237 callbacks suppressed [ 349.651925][ T40] audit: type=1326 audit(1743886927.148:2467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.0.1158" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 349.662272][ T40] audit: type=1326 audit(1743886927.148:2468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.0.1158" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 349.669011][ T40] audit: type=1326 audit(1743886927.158:2469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.0.1158" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 349.675528][ T40] audit: type=1326 audit(1743886927.158:2470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.0.1158" exe="/syz-executor" sig=0 arch=40000003 syscall=177 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 349.681640][ T40] audit: type=1326 audit(1743886927.158:2471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.0.1158" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 349.687724][ T40] audit: type=1326 audit(1743886927.158:2472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.0.1158" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7fa75a7 code=0x7ffc0000 [ 349.693893][ T40] audit: type=1326 audit(1743886927.158:2473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.0.1158" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 349.700291][ T40] audit: type=1326 audit(1743886927.158:2474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.0.1158" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7fa75a7 code=0x7ffc0000 [ 349.706190][ T40] audit: type=1326 audit(1743886927.158:2475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.0.1158" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fa7579 code=0x7ffc0000 [ 349.714143][ T40] audit: type=1326 audit(1743886927.158:2476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.0.1158" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7fa75a7 code=0x7ffc0000 [ 350.111456][T11091] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1161'. [ 350.908219][T11095] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1163'. [ 351.634884][T11099] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1164'. [ 351.637940][T11099] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1164'. [ 351.718632][T11088] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1160'. [ 352.041136][ T57] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 352.326999][T11115] input: syz0 as /devices/virtual/input/input52 [ 352.607815][T11122] sp0: Synchronizing with TNC [ 352.653212][T11123] input: syz0 as /devices/virtual/input/input53 [ 352.980980][T11130] __nla_validate_parse: 1 callbacks suppressed [ 352.981025][T11130] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1173'. [ 353.216870][T11134] input: syz0 as /devices/virtual/input/input54 [ 355.030133][T11158] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1178'. [ 355.197256][T11160] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1180'. [ 355.983971][T11172] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1182'. [ 356.769127][T11182] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1184'. [ 356.917508][T11183] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1193'. [ 357.023738][T11186] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1186'. [ 357.190784][ T58] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 357.350788][ T58] usb 7-1: Using ep0 maxpacket: 8 [ 357.353980][ T58] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 357.356401][ T58] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 357.359274][ T58] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 357.362540][ T58] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 357.366124][ T58] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 357.371262][ T58] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 357.374967][ T58] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.628269][ T40] kauditd_printk_skb: 323 callbacks suppressed [ 357.628282][ T40] audit: type=1326 audit(1743886935.118:2800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11190 comm="syz.1.1188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 357.646476][ T40] audit: type=1326 audit(1743886935.118:2801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11190 comm="syz.1.1188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 357.654847][ T40] audit: type=1326 audit(1743886935.118:2802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11190 comm="syz.1.1188" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 357.664500][ T40] audit: type=1326 audit(1743886935.118:2803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11190 comm="syz.1.1188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 357.670629][ T40] audit: type=1326 audit(1743886935.118:2804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11190 comm="syz.1.1188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 357.677858][ T40] audit: type=1326 audit(1743886935.118:2805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11190 comm="syz.1.1188" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 357.685357][ T40] audit: type=1326 audit(1743886935.118:2806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11190 comm="syz.1.1188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 357.692328][ T40] audit: type=1326 audit(1743886935.118:2807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11190 comm="syz.1.1188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 357.697998][ T40] audit: type=1326 audit(1743886935.118:2808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11190 comm="syz.1.1188" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 357.703989][ T40] audit: type=1326 audit(1743886935.118:2809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11190 comm="syz.1.1188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 358.395369][T11205] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1190'. [ 358.502168][T11206] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1191'. [ 359.018040][T11212] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1192'. [ 359.566208][ T58] usb 7-1: usb_control_msg returned -71 [ 359.568246][ T58] usbtmc 7-1:16.0: can't read capabilities [ 359.575993][ T58] usb 7-1: USB disconnect, device number 17 [ 359.589153][T11218] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1195'. [ 359.878395][T11229] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1196'. [ 360.743510][T11245] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1201'. [ 361.602250][T11260] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1205'. [ 361.833869][ C0] vkms_vblank_simulate: vblank timer overrun [ 361.904469][ C0] vkms_vblank_simulate: vblank timer overrun [ 362.765780][T11285] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1213'. [ 363.084722][T11291] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1215'. [ 363.360811][ T29] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 363.487301][T11299] sp0: Synchronizing with TNC [ 363.540751][ T29] usb 7-1: Using ep0 maxpacket: 8 [ 363.545250][ T29] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 363.547629][ T29] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 363.550260][ T29] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 363.552961][ T29] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 363.555660][ T29] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 363.559967][ T29] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 363.562792][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.592945][ T40] kauditd_printk_skb: 30 callbacks suppressed [ 363.592960][ T40] audit: type=1326 audit(1743886941.078:2840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11292 comm="syz.1.1216" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 363.603312][ T40] audit: type=1326 audit(1743886941.088:2841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11292 comm="syz.1.1216" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 363.611386][ T40] audit: type=1326 audit(1743886941.088:2842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11292 comm="syz.1.1216" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 363.621000][ T40] audit: type=1326 audit(1743886941.088:2843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11292 comm="syz.1.1216" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 363.626844][ T40] audit: type=1326 audit(1743886941.098:2844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11292 comm="syz.1.1216" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 363.632779][ T40] audit: type=1326 audit(1743886941.098:2845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11292 comm="syz.1.1216" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 363.638722][ T40] audit: type=1326 audit(1743886941.098:2846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11292 comm="syz.1.1216" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 363.645090][ T40] audit: type=1326 audit(1743886941.098:2847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11292 comm="syz.1.1216" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 363.652784][ T40] audit: type=1326 audit(1743886941.098:2848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11292 comm="syz.1.1216" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 363.661422][ T40] audit: type=1326 audit(1743886941.098:2849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11292 comm="syz.1.1216" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 364.196005][T11306] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 364.198514][T11306] overlayfs: missing 'lowerdir' [ 364.356922][T11312] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1222'. [ 364.497084][ T6025] usb 8-1: new high-speed USB device number 28 using dummy_hcd [ 364.890792][ T6025] usb 8-1: Using ep0 maxpacket: 8 [ 364.892168][ T6025] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 364.892192][ T6025] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 364.892203][ T6025] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 364.892214][ T6025] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 364.892224][ T6025] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 364.892242][ T6025] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 364.892252][ T6025] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.997784][T11320] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1224'. [ 365.775812][T11327] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1227'. [ 365.852019][ T29] usb 7-1: usb_control_msg returned -71 [ 365.853731][ T29] usbtmc 7-1:16.0: can't read capabilities [ 365.859220][ T29] usb 7-1: USB disconnect, device number 18 [ 365.888572][T11333] sp0: Synchronizing with TNC [ 366.162403][T11342] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1232'. [ 366.279865][T11343] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1231'. [ 366.721562][ T6025] usb 8-1: usb_control_msg returned -71 [ 366.723178][ T6025] usbtmc 8-1:16.0: can't read capabilities [ 366.726843][ T6025] usb 8-1: USB disconnect, device number 28 [ 367.362375][T11357] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1236'. [ 367.379234][T11356] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1234'. [ 368.206639][T11384] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1242'. [ 368.402612][T11386] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1243'. [ 369.136348][T11399] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1245'. [ 369.375897][T11403] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1246'. [ 369.435561][T11405] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1247'. [ 369.979383][T11414] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 370.227257][T11412] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1250'. [ 370.241471][T11418] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1251'. [ 370.243984][T11418] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1251'. [ 370.246855][T11419] sp0: Synchronizing with TNC [ 370.249709][T11418] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 370.252760][T11418] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 370.296403][T11420] macvlan0: entered promiscuous mode [ 370.298882][T11420] macvlan0: left promiscuous mode [ 370.625426][T11426] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1254'. [ 370.933513][T11435] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1256'. [ 371.070591][T11432] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1257'. [ 371.518278][T11442] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1258'. [ 371.993996][T11450] sp0: Synchronizing with TNC [ 372.044761][T11451] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1260'. [ 372.568038][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 372.568050][ T40] audit: type=1326 audit(1743886950.038:2857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11455 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 372.586987][ T40] audit: type=1326 audit(1743886950.038:2858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11455 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 372.596043][ T40] audit: type=1326 audit(1743886950.038:2859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11455 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 372.602623][ T40] audit: type=1326 audit(1743886950.048:2860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11455 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 372.609020][ T40] audit: type=1326 audit(1743886950.048:2861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11455 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 372.615608][ T40] audit: type=1326 audit(1743886950.048:2862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11455 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 372.622648][ T40] audit: type=1326 audit(1743886950.048:2863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11455 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 372.628732][ T40] audit: type=1326 audit(1743886950.048:2864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11455 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 372.635580][ T40] audit: type=1326 audit(1743886950.048:2865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11455 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 372.641958][ T40] audit: type=1326 audit(1743886950.048:2866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11455 comm="syz.1.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 373.286622][T11465] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 373.486447][T11470] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 373.490036][T11470] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 373.545597][T11476] macvlan0: entered promiscuous mode [ 373.623417][T11476] macvlan0: left promiscuous mode [ 373.879392][T11481] 9pnet_fd: Insufficient options for proto=fd [ 374.040485][T11487] input: syz0 as /devices/virtual/input/input55 [ 375.048751][T11503] __nla_validate_parse: 3 callbacks suppressed [ 375.048763][T11503] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1272'. [ 375.622418][T11522] FAULT_INJECTION: forcing a failure. [ 375.622418][T11522] name failslab, interval 1, probability 0, space 0, times 0 [ 375.625865][T11522] CPU: 0 UID: 0 PID: 11522 Comm: syz.3.1279 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 375.625879][T11522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 375.625885][T11522] Call Trace: [ 375.625889][T11522] [ 375.625892][T11522] dump_stack_lvl+0x16c/0x1f0 [ 375.625910][T11522] should_fail_ex+0x512/0x640 [ 375.625922][T11522] ? fs_reclaim_acquire+0xae/0x150 [ 375.625935][T11522] ? tomoyo_encode2+0x100/0x3e0 [ 375.625948][T11522] should_failslab+0xc2/0x120 [ 375.625958][T11522] __kmalloc_noprof+0xd2/0x510 [ 375.625972][T11522] ? d_absolute_path+0x136/0x1a0 [ 375.625985][T11522] tomoyo_encode2+0x100/0x3e0 [ 375.626000][T11522] tomoyo_encode+0x29/0x50 [ 375.626012][T11522] tomoyo_realpath_from_path+0x18f/0x6e0 [ 375.626029][T11522] tomoyo_path_number_perm+0x245/0x580 [ 375.626040][T11522] ? tomoyo_path_number_perm+0x237/0x580 [ 375.626052][T11522] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 375.626064][T11522] ? find_held_lock+0x2b/0x80 [ 375.626088][T11522] ? find_held_lock+0x2b/0x80 [ 375.626099][T11522] ? hook_file_ioctl_common+0x145/0x410 [ 375.626112][T11522] ? __fget_files+0x20e/0x3c0 [ 375.626128][T11522] security_file_ioctl_compat+0x9b/0x240 [ 375.626142][T11522] __do_compat_sys_ioctl+0x4e/0x2c0 [ 375.626155][T11522] __do_fast_syscall_32+0x73/0x120 [ 375.626170][T11522] do_fast_syscall_32+0x32/0x80 [ 375.626184][T11522] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 375.626196][T11522] RIP: 0023:0xf742e579 [ 375.626204][T11522] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 375.626213][T11522] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 375.626222][T11522] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004034542f [ 375.626228][T11522] RDX: 0000000080000300 RSI: 0000000000000000 RDI: 0000000000000000 [ 375.626234][T11522] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 375.626239][T11522] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 375.626245][T11522] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 375.626256][T11522] [ 375.626266][T11522] ERROR: Out of memory at tomoyo_realpath_from_path. [ 375.853484][T11527] netlink: 'syz.3.1280': attribute type 4 has an invalid length. [ 376.492987][T11541] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1282'. [ 376.630385][T11550] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1285'. [ 377.306594][T11562] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 377.797830][ T40] kauditd_printk_skb: 56 callbacks suppressed [ 377.797848][ T40] audit: type=1326 audit(1743886955.288:2923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11566 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 377.808573][ T40] audit: type=1326 audit(1743886955.288:2924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11566 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 377.816111][ T40] audit: type=1326 audit(1743886955.288:2925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11566 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 377.823586][ T40] audit: type=1326 audit(1743886955.288:2926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11566 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 377.823609][T11573] FAULT_INJECTION: forcing a failure. [ 377.823609][T11573] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 377.824430][T11573] [ 377.824436][T11573] ====================================================== [ 377.824441][T11573] WARNING: possible circular locking dependency detected [ 377.824447][T11573] 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 Not tainted [ 377.824455][T11573] ------------------------------------------------------ [ 377.824460][T11573] syz.3.1294/11573 is trying to acquire lock: [ 377.824467][T11573] ffffffff8e2ce9c0 (console_owner){-.-.}-{0:0}, at: vprintk_emit+0x4d4/0x6d0 [ 377.824506][T11573] [ 377.824506][T11573] but task is already holding lock: [ 377.824510][T11573] ffff88802b539f18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 377.824544][T11573] [ 377.824544][T11573] which lock already depends on the new lock. [ 377.824544][T11573] [ 377.824549][T11573] [ 377.824549][T11573] the existing dependency chain (in reverse order) is: [ 377.824554][T11573] [ 377.824554][T11573] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 377.824572][T11573] _raw_spin_lock_nested+0x31/0x40 [ 377.824589][T11573] raw_spin_rq_lock_nested+0x29/0x130 [ 377.824606][T11573] task_rq_lock+0xcf/0x490 [ 377.824622][T11573] cgroup_move_task+0x81/0x2a0 [ 377.824641][T11573] css_set_move_task+0x288/0x5f0 [ 377.824660][T11573] cgroup_post_fork+0x201/0x9d0 [ 377.824676][T11573] copy_process+0x5006/0x91a0 [ 377.824694][T11573] kernel_clone+0xfc/0x960 [ 377.824711][T11573] user_mode_thread+0xc7/0x110 [ 377.824728][T11573] rest_init+0x23/0x2b0 [ 377.824741][T11573] start_kernel+0x3e9/0x4d0 [ 377.824758][T11573] x86_64_start_reservations+0x18/0x30 [ 377.824775][T11573] x86_64_start_kernel+0xb0/0xc0 [ 377.824797][T11573] common_startup_64+0x13e/0x148 [ 377.824813][T11573] [ 377.824813][T11573] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 377.824831][T11573] _raw_spin_lock_irqsave+0x3a/0x60 [ 377.824846][T11573] try_to_wake_up+0xb2/0x1680 [ 377.824862][T11573] __wake_up_common+0x132/0x1f0 [ 377.824874][T11573] __wake_up+0x31/0x60 [ 377.824891][T11573] tty_port_default_wakeup+0x2a/0x40 [ 377.824905][T11573] serial8250_tx_chars+0x68e/0x860 [ 377.824919][T11573] serial8250_handle_irq+0x761/0xcb0 [ 377.824933][T11573] serial8250_default_handle_irq+0x9a/0x210 [ 377.824948][T11573] serial8250_interrupt+0x103/0x210 [ 377.824963][T11573] __handle_irq_event_percpu+0x229/0x7d0 [ 377.824979][T11573] handle_irq_event+0xab/0x1e0 [ 377.824994][T11573] handle_edge_irq+0x263/0xd10 [ 377.825008][T11573] __common_interrupt+0xdf/0x250 [ 377.825040][T11573] common_interrupt+0x61/0xe0 [ 377.825054][T11573] asm_common_interrupt+0x26/0x40 [ 377.825067][T11573] lock_release+0x183/0x2f0 [ 377.825078][T11573] unwind_next_frame+0x3f9/0x20a0 [ 377.825095][T11573] arch_stack_walk+0x94/0x100 [ 377.825111][T11573] stack_trace_save+0x8e/0xc0 [ 377.825128][T11573] kasan_save_stack+0x33/0x60 [ 377.825147][T11573] kasan_save_track+0x14/0x30 [ 377.825164][T11573] kasan_save_free_info+0x3b/0x60 [ 377.825178][T11573] __kasan_slab_free+0x51/0x70 [ 377.825196][T11573] kfree+0x2b6/0x4d0 [ 377.825212][T11573] slab_free_after_rcu_debug+0x69/0x350 [ 377.825230][T11573] rcu_core+0x799/0x14e0 [ 377.825243][T11573] handle_softirqs+0x216/0x8e0 [ 377.825260][T11573] __irq_exit_rcu+0x109/0x170 [ 377.825275][T11573] irq_exit_rcu+0x9/0x30 [ 377.825291][T11573] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 377.825307][T11573] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 377.825321][T11573] pv_native_safe_halt+0xf/0x20 [ 377.825337][T11573] default_idle+0x13/0x20 [ 377.825355][T11573] default_idle_call+0x6d/0xb0 [ 377.825367][T11573] do_idle+0x391/0x510 [ 377.825382][T11573] cpu_startup_entry+0x4f/0x60 [ 377.825398][T11573] start_secondary+0x21d/0x2b0 [ 377.825411][T11573] common_startup_64+0x13e/0x148 [ 377.825426][T11573] [ 377.825426][T11573] -> #2 (&tty->write_wait){-.-.}-{3:3}: [ 377.825444][T11573] _raw_spin_lock_irqsave+0x3a/0x60 [ 377.825460][T11573] __wake_up+0x1c/0x60 [ 377.825476][T11573] tty_port_default_wakeup+0x2a/0x40 [ 377.825489][T11573] serial8250_tx_chars+0x68e/0x860 [ 377.825501][T11573] __start_tx+0x3e9/0x4a0 [ 377.825513][T11573] serial8250_start_tx+0x368/0x530 [ 377.825526][T11573] __uart_start+0x292/0x4c0 [ 377.825542][T11573] uart_write+0x218/0xb30 [ 377.825553][T11573] n_tty_write+0x40f/0x1160 [ 377.825566][T11573] file_tty_write.constprop.0+0x4ff/0x9b0 [ 377.825586][T11573] redirected_tty_write+0xd4/0x150 [ 377.825605][T11573] vfs_write+0x5ba/0x1180 [ 377.825622][T11573] ksys_write+0x12a/0x240 [ 377.825652][T11573] do_syscall_64+0xcd/0x260 [ 377.825669][T11573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.825682][T11573] [ 377.825682][T11573] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 377.825700][T11573] _raw_spin_lock_irqsave+0x3a/0x60 [ 377.825715][T11573] serial8250_console_write+0x181/0x1890 [ 377.825730][T11573] console_flush_all+0x801/0xc60 [ 377.825744][T11573] console_unlock+0xd8/0x210 [ 377.825758][T11573] vprintk_emit+0x418/0x6d0 [ 377.825772][T11573] _printk+0xc7/0x100 [ 377.825787][T11573] register_console+0xc2d/0x11b0 [ 377.825803][T11573] univ8250_console_init+0x5f/0x90 [ 377.825818][T11573] console_init+0x14f/0x680 [ 377.825835][T11573] start_kernel+0x29f/0x4d0 [ 377.825851][T11573] x86_64_start_reservations+0x18/0x30 [ 377.825867][T11573] x86_64_start_kernel+0xb0/0xc0 [ 377.825884][T11573] common_startup_64+0x13e/0x148 [ 377.825899][T11573] [ 377.825899][T11573] -> #0 (console_owner){-.-.}-{0:0}: [ 377.825916][T11573] __lock_acquire+0x1173/0x1ba0 [ 377.825928][T11573] lock_acquire+0x179/0x350 [ 377.825938][T11573] vprintk_emit+0x4e5/0x6d0 [ 377.825953][T11573] _printk+0xc7/0x100 [ 377.825964][T11573] should_fail_ex+0x4e7/0x640 [ 377.825978][T11573] strncpy_from_user+0x3b/0x2e0 [ 377.825991][T11573] strncpy_from_user_nofault+0x7f/0x180 [ 377.826006][T11573] bpf_probe_read_compat_str+0xf1/0x170 [ 377.826026][T11573] bpf_prog_c1796171ffc7efef+0x3e/0x40 [ 377.826036][T11573] bpf_trace_run4+0x249/0x5a0 [ 377.826047][T11573] __bpf_trace_sched_switch+0x145/0x190 [ 377.826063][T11573] __schedule+0x1bf3/0x5de0 [ 377.826078][T11573] schedule+0xe7/0x3a0 [ 377.826092][T11573] schedule_timeout+0x257/0x290 [ 377.826105][T11573] __wait_for_common+0x2fc/0x4e0 [ 377.826122][T11573] rdmsr_safe_on_cpu+0x1dc/0x210 [ 377.826141][T11573] msr_read+0x19d/0x250 [ 377.826158][T11573] vfs_read+0x1de/0xc70 [ 377.826174][T11573] ksys_read+0x12a/0x240 [ 377.826189][T11573] __do_fast_syscall_32+0x73/0x120 [ 377.826207][T11573] do_fast_syscall_32+0x32/0x80 [ 377.826225][T11573] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 377.826240][T11573] [ 377.826240][T11573] other info that might help us debug this: [ 377.826240][T11573] [ 377.826244][T11573] Chain exists of: [ 377.826244][T11573] console_owner --> &p->pi_lock --> &rq->__lock [ 377.826244][T11573] [ 377.826263][T11573] Possible unsafe locking scenario: [ 377.826263][T11573] [ 377.826267][T11573] CPU0 CPU1 [ 377.826271][T11573] ---- ---- [ 377.826274][T11573] lock(&rq->__lock); [ 377.826282][T11573] lock(&p->pi_lock); [ 377.826291][T11573] lock(&rq->__lock); [ 377.826300][T11573] lock(console_owner); [ 377.826308][T11573] [ 377.826308][T11573] *** DEADLOCK *** [ 377.826308][T11573] [ 377.826311][T11573] 2 locks held by syz.3.1294/11573: [ 377.826319][T11573] #0: ffff88802b539f18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 377.826353][T11573] #1: ffffffff8e3c1580 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1cf/0x5a0 [ 377.826382][T11573] [ 377.826382][T11573] stack backtrace: [ 377.826389][T11573] CPU: 3 UID: 0 PID: 11573 Comm: syz.3.1294 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 377.826406][T11573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 377.826414][T11573] Call Trace: [ 377.826419][T11573] [ 377.826424][T11573] dump_stack_lvl+0x116/0x1f0 [ 377.826443][T11573] print_circular_bug+0x275/0x350 [ 377.826464][T11573] check_noncircular+0x14c/0x170 [ 377.826486][T11573] __lock_acquire+0x1173/0x1ba0 [ 377.826502][T11573] lock_acquire+0x179/0x350 [ 377.826514][T11573] ? vprintk_emit+0x4d4/0x6d0 [ 377.826531][T11573] ? vprintk_emit+0x4c2/0x6d0 [ 377.826548][T11573] vprintk_emit+0x4e5/0x6d0 [ 377.826564][T11573] ? vprintk_emit+0x4d4/0x6d0 [ 377.826580][T11573] ? __pfx_vprintk_emit+0x10/0x10 [ 377.826598][T11573] ? do_user_addr_fault+0x927/0x1370 [ 377.826615][T11573] _printk+0xc7/0x100 [ 377.826626][T11573] ? __pfx__printk+0x10/0x10 [ 377.826639][T11573] ? ___ratelimit+0x24c/0x570 [ 377.826657][T11573] ? __pfx____ratelimit+0x10/0x10 [ 377.826675][T11573] should_fail_ex+0x4e7/0x640 [ 377.826691][T11573] strncpy_from_user+0x3b/0x2e0 [ 377.826706][T11573] strncpy_from_user_nofault+0x7f/0x180 [ 377.826722][T11573] bpf_probe_read_compat_str+0xf1/0x170 [ 377.826743][T11573] bpf_prog_c1796171ffc7efef+0x3e/0x40 [ 377.826754][T11573] bpf_trace_run4+0x249/0x5a0 [ 377.826767][T11573] ? __pfx_bpf_trace_run4+0x10/0x10 [ 377.826786][T11573] ? find_held_lock+0x2b/0x80 [ 377.826803][T11573] ? psi_task_switch+0x201/0x8e0 [ 377.826822][T11573] __bpf_trace_sched_switch+0x145/0x190 [ 377.826839][T11573] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 377.826860][T11573] ? psi_task_switch+0x201/0x8e0 [ 377.826880][T11573] __schedule+0x1bf3/0x5de0 [ 377.826895][T11573] ? page_table_check_set+0x979/0xb50 [ 377.826918][T11573] ? __lock_acquire+0x5ca/0x1ba0 [ 377.826936][T11573] ? __pfx___schedule+0x10/0x10 [ 377.826954][T11573] ? find_held_lock+0x2b/0x80 [ 377.826971][T11573] ? schedule+0x2d7/0x3a0 [ 377.826988][T11573] schedule+0xe7/0x3a0 [ 377.827005][T11573] schedule_timeout+0x257/0x290 [ 377.827019][T11573] ? __pfx_schedule_timeout+0x10/0x10 [ 377.827037][T11573] ? rcu_is_watching+0x12/0xc0 [ 377.827053][T11573] ? _raw_spin_unlock_irq+0x23/0x50 [ 377.827070][T11573] __wait_for_common+0x2fc/0x4e0 [ 377.827088][T11573] ? __pfx_schedule_timeout+0x10/0x10 [ 377.827104][T11573] ? __pfx___wait_for_common+0x10/0x10 [ 377.827123][T11573] ? generic_exec_single+0xbb/0x390 [ 377.827141][T11573] rdmsr_safe_on_cpu+0x1dc/0x210 [ 377.827161][T11573] ? __pfx_rdmsr_safe_on_cpu+0x10/0x10 [ 377.827182][T11573] ? __pfx___rdmsr_safe_on_cpu+0x10/0x10 [ 377.827208][T11573] ? _copy_to_user+0x48/0xd0 [ 377.827225][T11573] msr_read+0x19d/0x250 [ 377.827244][T11573] ? __pfx_msr_read+0x10/0x10 [ 377.827262][T11573] ? bpf_lsm_file_permission+0x9/0x10 [ 377.827279][T11573] ? security_file_permission+0x71/0x210 [ 377.827298][T11573] ? rw_verify_area+0xcf/0x680 [ 377.827314][T11573] ? __pfx_msr_read+0x10/0x10 [ 377.827333][T11573] vfs_read+0x1de/0xc70 [ 377.827352][T11573] ? __pfx_vfs_read+0x10/0x10 [ 377.827368][T11573] ? find_held_lock+0x2b/0x80 [ 377.827384][T11573] ? __fget_files+0x204/0x3c0 [ 377.827404][T11573] ? __fget_files+0x20e/0x3c0 [ 377.827425][T11573] ksys_read+0x12a/0x240 [ 377.827443][T11573] ? __pfx_ksys_read+0x10/0x10 [ 377.827461][T11573] ? rcu_is_watching+0x12/0xc0 [ 377.827478][T11573] __do_fast_syscall_32+0x73/0x120 [ 377.827497][T11573] do_fast_syscall_32+0x32/0x80 [ 377.827517][T11573] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 377.827533][T11573] RIP: 0023:0xf742e579 [ 377.827543][T11573] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 377.827557][T11573] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 377.827570][T11573] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080019680 [ 377.827579][T11573] RDX: 0000000000018ff8 RSI: 0000000000000000 RDI: 0000000000000000 [ 377.827587][T11573] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 377.827595][T11573] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 377.827603][T11573] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 377.827616][T11573] [ 377.831133][ T40] audit: type=1326 audit(1743886955.288:2927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11566 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 377.835149][T11573] CPU: 3 UID: 0 PID: 11573 Comm: syz.3.1294 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 377.835169][T11573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 377.835178][T11573] Call Trace: [ 377.835182][T11573] [ 377.835188][T11573] dump_stack_lvl+0x116/0x1f0 [ 377.835208][T11573] should_fail_ex+0x512/0x640 [ 377.835224][T11573] strncpy_from_user+0x3b/0x2e0 [ 377.835239][T11573] strncpy_from_user_nofault+0x7f/0x180 [ 377.835256][T11573] bpf_probe_read_compat_str+0xf1/0x170 [ 377.835276][T11573] bpf_prog_c1796171ffc7efef+0x3e/0x40 [ 377.835287][T11573] bpf_trace_run4+0x249/0x5a0 [ 377.835300][T11573] ? __pfx_bpf_trace_run4+0x10/0x10 [ 377.835313][T11573] ? find_held_lock+0x2b/0x80 [ 377.835329][T11573] ? psi_task_switch+0x201/0x8e0 [ 377.835348][T11573] __bpf_trace_sched_switch+0x145/0x190 [ 377.835366][T11573] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 377.835385][T11573] ? psi_task_switch+0x201/0x8e0 [ 377.835404][T11573] __schedule+0x1bf3/0x5de0 [ 377.835420][T11573] ? page_table_check_set+0x979/0xb50 [ 377.835442][T11573] ? __lock_acquire+0x5ca/0x1ba0 [ 377.835456][T11573] ? __pfx___schedule+0x10/0x10 [ 377.835473][T11573] ? find_held_lock+0x2b/0x80 [ 377.835489][T11573] ? schedule+0x2d7/0x3a0 [ 377.835505][T11573] schedule+0xe7/0x3a0 [ 377.835521][T11573] schedule_timeout+0x257/0x290 [ 377.835535][T11573] ? __pfx_schedule_timeout+0x10/0x10 [ 377.835552][T11573] ? rcu_is_watching+0x12/0xc0 [ 377.835568][T11573] ? _raw_spin_unlock_irq+0x23/0x50 [ 377.835585][T11573] __wait_for_common+0x2fc/0x4e0 [ 377.835602][T11573] ? __pfx_schedule_timeout+0x10/0x10 [ 377.835618][T11573] ? __pfx___wait_for_common+0x10/0x10 [ 377.835637][T11573] ? generic_exec_single+0xbb/0x390 [ 377.835654][T11573] rdmsr_safe_on_cpu+0x1dc/0x210 [ 377.835675][T11573] ? __pfx_rdmsr_safe_on_cpu+0x10/0x10 [ 377.835695][T11573] ? __pfx___rdmsr_safe_on_cpu+0x10/0x10 [ 377.835721][T11573] ? _copy_to_user+0x48/0xd0 [ 377.835737][T11573] msr_read+0x19d/0x250 [ 377.835756][T11573] ? __pfx_msr_read+0x10/0x10 [ 377.835774][T11573] ? bpf_lsm_file_permission+0x9/0x10 [ 377.835795][T11573] ? security_file_permission+0x71/0x210 [ 377.835812][T11573] ? rw_verify_area+0xcf/0x680 [ 377.835828][T11573] ? __pfx_msr_read+0x10/0x10 [ 377.835846][T11573] vfs_read+0x1de/0xc70 [ 377.835865][T11573] ? __pfx_vfs_read+0x10/0x10 [ 377.835881][T11573] ? find_held_lock+0x2b/0x80 [ 377.835897][T11573] ? __fget_files+0x204/0x3c0 [ 377.835917][T11573] ? __fget_files+0x20e/0x3c0 [ 377.835937][T11573] ksys_read+0x12a/0x240 [ 377.835955][T11573] ? __pfx_ksys_read+0x10/0x10 [ 377.835972][T11573] ? rcu_is_watching+0x12/0xc0 [ 377.835989][T11573] __do_fast_syscall_32+0x73/0x120 [ 377.836009][T11573] do_fast_syscall_32+0x32/0x80 [ 377.836028][T11573] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 377.836044][T11573] RIP: 0023:0xf742e579 [ 377.836055][T11573] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 377.836067][T11573] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 377.836080][T11573] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080019680 [ 377.836089][T11573] RDX: 0000000000018ff8 RSI: 0000000000000000 RDI: 0000000000000000 [ 377.836097][T11573] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 377.836105][T11573] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 377.836114][T11573] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 377.836126][T11573] [ 377.952844][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.953433][ T40] audit: type=1326 audit(1743886955.298:2928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11566 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 377.954437][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 377.955906][ T40] audit: type=1326 audit(1743886955.298:2929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11566 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 378.330937][ T40] audit: type=1326 audit(1743886955.298:2930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11566 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 378.336856][ T40] audit: type=1326 audit(1743886955.298:2931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11566 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 378.342871][ T40] audit: type=1326 audit(1743886955.298:2932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11566 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 VM DIAGNOSIS: 21:02:35 Registers: info registers vcpu 0 CPU#0 RAX=00000002000008fd RBX=ffff88806be24880 RCX=0000000000000830 RDX=0000000000000002 RSI=00000000000000fd RDI=0000000000000002 RBP=0000000000000008 RSP=ffffc9000d4ff560 R8 =0000000000000000 R9 =fffffbfff210ce62 R10=ffffffff90867317 R11=ffff88802b33a7d8 R12=0000000000000003 R13=1ffff92001a9fead R14=0000000000000001 R15=ffffc9000d4ff588 RIP=ffffffff81688cd8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977b9000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000000000 CR3=00000000566c0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff84fecd98 RDX=ffff88801dab2440 RSI=ffffffff84fecda2 RDI=0000000000000007 RBP=0000000000000008 RSP=ffffc9000046f970 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000008 R11=0000000000000000 R12=0000000000000000 R13=ffffc9000046fa40 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81001280 RFL=00040046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978b9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000078b9c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854bd545 RDI=ffffffff9ae12bc0 RBP=ffffffff9ae12b80 RSP=ffffc900006bf888 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000020 R14=ffffffff9ae12b80 R15=ffffffff854bd4e0 RIP=ffffffff854bd56f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979b9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000004d456000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000002a9cdc RBX=0000000000000003 RCX=ffffffff8b700439 RDX=ffffed10056a65be RSI=ffffffff8bf45100 RDI=ffffffff8191a841 RBP=ffffed1003b59000 RSP=ffffc9000048fdf8 R8 =0000000000000000 R9 =ffffed10056a65bd R10=ffff88802b532deb R11=0000000000000000 R12=0000000000000003 R13=ffff88801dac8000 R14=ffffffff90867310 R15=0000000000000000 RIP=ffffffff8b6feccf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097ab9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000006c2fc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000