last executing test programs: 4.886700091s ago: executing program 3 (id=2086): prctl$PR_GET_NO_NEW_PRIVS(0x27) socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) mount(&(0x7f0000000140)=@md0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000040)={0x7, 0x8}, 0x10) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000300)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000340)=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x1}}, 0x20) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETTXFILTER(r2, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB="2e2e000c371303ed6a33fe86890df20e87"]) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) r3 = socket$kcm(0x2, 0x200000000000001, 0x106) setsockopt$sock_attach_bpf(r3, 0x6, 0xd, &(0x7f0000000000), 0x4) openat$tun(0xffffff9c, &(0x7f0000000080), 0x400200, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r5 = dup(r0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) pselect6(0x40, &(0x7f0000000600)={0x11, 0xfffffffffffffffc, 0x2, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad}, 0x0, 0x0) 3.787731783s ago: executing program 3 (id=2091): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfa11, 0xffffffff}, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58) set_mempolicy(0x3, &(0x7f00000000c0)=0x3, 0x5) mount(&(0x7f00000000c0)=@filename='./bus\x00', &(0x7f0000000000)='./bus\x00', &(0x7f0000000140)='btrfs\x00', 0x2800080, &(0x7f00000001c0)='discard') madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) recvmmsg(r3, &(0x7f0000000540)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x40, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x707d, 0x0, 0x4, 0x288}, &(0x7f0000000340), &(0x7f0000000280)) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f0000001240)={'IDLETIMER\x00'}, &(0x7f0000001280)=0x1e) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) 3.787353525s ago: executing program 1 (id=2092): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(0xffffffffffffffff, 0x4068aea3, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r1, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f000000de40)=ANY=[], 0x2000}], 0x1}, 0x80000c0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r2, 0x29, 0x20, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'veth1_to_bond\x00', &(0x7f0000000300)=@ethtool_coalesce={0xe, 0x8, 0xd73, 0x1, 0x6, 0x5, 0x100, 0x2, 0x6, 0x6, 0x0, 0x80000000, 0xa1, 0x7fff, 0x40, 0x0, 0xcabd, 0x3, 0xae76, 0xfffffff8, 0x1, 0xa9, 0x3}}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="50000000100001040000000000000000000000000ec4da9b90ecc69cdaae059790ea069c11b44642a116943cad35f684f9983d02003b4ad72c4f0f33f15f740e51bd4d76f2764912c1be8c2183f4c3aae7e549bf8c9001b5d4da921f7d5dc26463b29188d30628c0a3e857e6a0488b5635feca65e992ad7c0a5e408f4b2aaa43a225833e0a1ed1c10969c073dd804ebecf4f383a987a35e71b77c5f2ea70356beff21dd20dd264ba70735c328cccddfab8682becef44f7fb8a2f6e0c1d01026da58c6ced4603e8124ad0", @ANYRES32=0x0, @ANYBLOB="5d58000000000000140003006970766c616e310000000000000000001c0012800b0001006970766c616e00000c0002800600010000000000"], 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000040)=0xa, 0x4) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="4000000010001fff000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a005124deacb12e68d5b042fd94802e899d13e0374769b03ac3273b6ab1188023b587e473253682146a9f24b52e89b42d3c836c1702078fbba099e45a9ddb039922f65e595e5fb3172b8fc94fe9185633ff84974096e32e8d6ce93ad1488698052714e15b7763bfe3d117e145752db35e4553df3a7d153ee8c27ebc93", @ANYRES32, @ANYBLOB], 0x40}}, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x3) 2.635327497s ago: executing program 1 (id=2099): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0) write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c461c02f9b7ff7f00000000000002000300fffeffffdf020000000000004000000000000000030300000000000000000000080038000100040004000d00030000000080000000000000010000000700000000000000080000000000000005000000000000000204"], 0x78) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_newroute={0x1c, 0x18, 0xffffffffffffffff, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfe, 0x0, 0xfd, 0x9}}, 0x1c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newroute={0x30, 0x18, 0x1ef, 0x0, 0x25dfdbfc, {0xa, 0x0, 0x0, 0x0, 0x0, 0x2}, [@RTA_GATEWAY={0x14, 0x5, @loopback={0x0, 0x2}}]}, 0x30}, 0x1, 0x11}, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SNDCTL_SEQ_SYNC(r1, 0x5101) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000400000002"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r4, 0x0, 0x0}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, 0x0, 0x0) 2.329837193s ago: executing program 3 (id=2100): prctl$PR_GET_NO_NEW_PRIVS(0x27) socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) mount(&(0x7f0000000140)=@md0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000040)={0x7, 0x8}, 0x10) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000300)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000340)=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x1}}, 0x20) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETTXFILTER(r2, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB="2e2e000c371303ed6a33fe86890df20e87"]) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) r3 = socket$kcm(0x2, 0x200000000000001, 0x106) setsockopt$sock_attach_bpf(r3, 0x6, 0xd, &(0x7f0000000000), 0x4) openat$tun(0xffffff9c, &(0x7f0000000080), 0x400200, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r5 = dup(r0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) pselect6(0x40, &(0x7f0000000600)={0x11, 0xfffffffffffffffc, 0x2, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad}, 0x0, 0x0) 2.203849849s ago: executing program 0 (id=2101): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x6}}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x34, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x8, 0x3, 0x0, 0x1, [{0x4}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xac}}, 0x0) 2.149622017s ago: executing program 1 (id=2102): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfa11, 0xffffffff}, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58) set_mempolicy(0x3, &(0x7f00000000c0)=0x3, 0x5) mount(&(0x7f00000000c0)=@filename='./bus\x00', &(0x7f0000000000)='./bus\x00', &(0x7f0000000140)='btrfs\x00', 0x2800080, &(0x7f00000001c0)='discard') madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) recvmmsg(r3, &(0x7f0000000540)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x40, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x707d, 0x0, 0x4, 0x288}, &(0x7f0000000340), &(0x7f0000000280)) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f0000001240)={'IDLETIMER\x00'}, &(0x7f0000001280)=0x1e) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) 2.148753555s ago: executing program 0 (id=2103): socket$kcm(0x2, 0x3, 0x2) socket$igmp(0x2, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18) wait4(0x0, 0x0, 0x1000000, 0x0) r0 = memfd_secret(0x0) r1 = socket$inet6(0xa, 0x6, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x1, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x14, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x5452, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r5 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r1, 0x5) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10) sendmmsg(r5, &(0x7f0000002980), 0x400000000000239, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f00000004c0)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000040)="05000000010001", 0x7) 1.839902096s ago: executing program 2 (id=2106): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x4e1, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) 1.237910816s ago: executing program 3 (id=2107): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x6}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x118, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0xec, 0x3, 0x0, 0x1, [{0xe8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8c, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4}, @NFTA_DATA_VALUE={0x25, 0x1, "f193636f8306b60778228b5b0570e14f592c0723c57ee0ba4d220aa54e8779c2c6"}, @NFTA_DATA_VALUE={0x57, 0x1, "513b67aff52c7d3215dd65490ff255226866d6aa92b417f5252dfda310e89940a626a2e54a2974be8b6a12c31c9c9bdb18edf13daf021979e02fb9ca3bd6c3bc4814414e97dbb165bca13eaea74a4351528920"}, @NFTA_DATA_VERDICT={0x4}]}, @NFTA_SET_ELEM_EXPR={0x58, 0x7, 0x0, 0x1, @target={{0xb}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TARGET_INFO={0x30, 0x3, "b08c674515113085726709225a7547b6f14c1aa7a7202afc0811618e3b5a514fb651ff7360e7749fe5bee390"}, @NFTA_TARGET_NAME={0x9, 0x1, 'SNAT\x00'}]}}}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x19c}}, 0x0) 1.207163543s ago: executing program 3 (id=2108): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfa11, 0xffffffff}, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58) set_mempolicy(0x3, &(0x7f00000000c0)=0x3, 0x5) mount(&(0x7f00000000c0)=@filename='./bus\x00', &(0x7f0000000000)='./bus\x00', &(0x7f0000000140)='btrfs\x00', 0x2800080, &(0x7f00000001c0)='discard') madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) recvmmsg(r3, &(0x7f0000000540)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x40, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x707d, 0x0, 0x4, 0x288}, &(0x7f0000000340), &(0x7f0000000280)) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f0000001240)={'IDLETIMER\x00'}, &(0x7f0000001280)=0x1e) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) 1.199088539s ago: executing program 0 (id=2109): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC2(0xffffffffffffffff, 0x4068aea3, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, r2, 0x0) syz_clone(0x0, 0x0, 0xffffffffffffffc5, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r3 = socket$netlink(0x10, 0x3, 0x15) sendmsg$netlink(r3, 0x0, 0x0) r4 = syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2) syz_io_uring_setup(0x6cd2, &(0x7f00000002c0)={0x0, 0x5fa2, 0x8000, 0x3, 0x8129b}, 0x0, &(0x7f0000000180)) rseq(&(0x7f0000000100)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x1, 0x0) ioctl$VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000080)=@mmap={0x7, 0x8, 0x4, 0x1901, 0x7ff, {0x0, 0x2710}, {0x6, 0x8, 0x0, 0x1, 0x7, 0x4d, "7ac26a7c"}, 0x2, 0x1, {}, 0xe0ee}) rseq(0x0, 0x0, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x2, 0x10) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r5, 0x7ab, &(0x7f0000000200)={&(0x7f00000009c0)={{@hyper}, {@local, 0x5}, 0x400, "697f7ed1074652e2d75c1859f074c43aaf8c106f076d0574c92320f87a66df5f3bf189b05f7f7f53b6da6a51b8d08c0e5582e79d873389dc309606f063356f192ac159896d5a902cc91a27ce773a825c1fd9c1b722c5eb91c32103bd935e1ccf80ea33dbb2c9887c7fc2f88f5c67e08d5d203bd5cbb3d27f518e522c0ce71e5127d3d94e27d39120a153d2e3ac177842d1c2843dd5f4e3f0d1279b6554d6ca09afde828f226faa51797f623ea576b2f50bd669712e985a8d3966dddb00b571581b02a8690fae593ebfb8a3c46d7866c9b49cd656019e152c80e19b9305ca2c515956e07072fd196ce4c10b1be732d0a51a4ce899f079df511cea3cae280d285c449356478f6f02955f1e2dc617bc10efff1a97fb741a8366bdda1fd048918b85b28108f0a550f2ce4be2d75f0ac52f7ea3ec8b8e5f5b449f209cac4f94ac576995c6af97930925159e899f6443f94d063f3053f3ead16582f2c1ec09723475b4ad3d9f25d87b2535f71d082418c99567a60f529315cd0c3ea5f8b97881c636a20c63b925a25f7a0961a1b22b26465ffbc69f360db4cd1d4f3c9933aee36119abaa45e138b22eb697bcb9ef78d8585f0c47ab3cdb4e1e51d2e88226aa8898c0e128b3a8fae1834d7d3a622fbf0e20fd31d6e83d1c2053c9ffab61ad3027ffbdd6039da5d310444d2f77eb789e4b32c643978576bd3e50bc0d47bb67980a95dc3c5186c161305cbb6dc4d4fc2779e3eebf037581026c0dbae567415e617e6ba1e465537e262220325ab18e07053cd58934ccbbeca50701c353cf760e995e9cb465ce5f89ced45622c02c9a6fcbee0c5080702ed0d8ce6abcd69096c2b1f83576b785be025b393cb33ddf0a1bdd7d376e2541bdaca792ddf0ef581816828af829d0582fbfb1139521c2180f4a71480ed58c24f30040582b3cab9f67911661956089bd1f29a36845fae66a6468aae866be39846bfc04fd9dc07ab8bf7683d6f427dff67a86efa5d79ad095e112821169261e01638974adb4039f0c8d8f3ca72c722405af3764f0b2746b527d455a479f418e9987da7bc8f4351f561350cc75153c75211915992de8a2368da9f90c0ebd8be713baf8effa8ae9f4d3a2affcddeb3b09c2abdf90b1c64c799d0b06ccd9e43556803caa7fc5384cb23c4d210dcf6826e28aac2b5fa2206ea715da91f5cc2e41ceb2b7f87948b3a83eaa694997d816699513c7765f48d0001bf4bd5cda6e082475d11db97675bca37118feda636f09bd20a74aad52f784ab3cd230772148b976ccbde4bd1f0c5734415fc55fdf1ea0776b52d48b94497e41db343fccd50fae9c9fba11131374cec8eca8566ddbde5e1a6b762390d47f23d2b798c1e38e4d6b5cceee480e9cbcb11540c94e599449480b3282bb882cd428bd6441beb9b582062838c43bbdeb320e01b105862b28bb614aeb"}, 0x418, 0x6}) r6 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_IPV6_DSTOPTS(r6, 0x29, 0x3b, &(0x7f0000000000)={0x4}, 0x8) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0) r8 = accept4$alg(r7, 0x0, 0x0, 0x800) read$alg(r8, &(0x7f0000000380)=""/235, 0xeb) r9 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x3c1, 0x3, 0x440, 0x270, 0x168, 0x9, 0x0, 0xb, 0x370, 0x250, 0x250, 0x370, 0x250, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00', [], [], 'ip6tnl0\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0x230, 0x270, 0x0, {0x0, 0x28e}, [@common=@inet=@hashlimit3={{0x158}, {'veth1_to_batadv\x00', {0x0, 0x7ff, 0x0, 0x0, 0x0, 0x6, 0x1000}}}, @common=@inet=@ipcomp={{0x30}, {[], 0x12}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "48c01c5140d722edd3fb24545886bbd1be494201b400"}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4a0) 1.17267075s ago: executing program 1 (id=2110): r0 = io_uring_setup(0x2e34, &(0x7f0000000000)={0x0, 0x1adb}) memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup(r2, &(0x7f0000000140)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='pids.current\x00', 0x275a, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) setsockopt(0xffffffffffffffff, 0x800000010d, 0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) close(0xffffffffffffffff) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(0xffffffffffffffff, 0x9) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r4, &(0x7f0000000040)="a6", 0xffffff4c, 0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), r5) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r6, @ANYBLOB="010000020c00fbdbdf25010000000800020000000000050005000000000008000300010000004800018005000200200000000600010002000000080006000a000000080003"], 0x84}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.059084893s ago: executing program 1 (id=2111): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) socketpair(0xb, 0xa, 0xffffffff, &(0x7f0000000080)) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x4e1, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) 910.06339ms ago: executing program 2 (id=2112): openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x18) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305829, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = socket(0x2, 0x80805, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) alarm(0x7) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6f}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x83, 'lc\x00', 0x4, 0x4, 0x7a}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000580)={{0x84, @rand_addr=0x64010102, 0x4e23, 0x3, 'lc\x00', 0x2, 0x4, 0x71}, {@rand_addr=0x64010101, 0x4e20, 0x2, 0x2, 0x12d5c, 0x12d5c}}, 0x44) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x4e1, &(0x7f0000000380)={0x0, 0x11ffffa, 0x10100, 0x3, 0x0, 0x0, r3}, 0x0, &(0x7f00000001c0)=0x0) r6 = socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) sendmsg$nl_route_sched(r6, 0x0, 0x40000c4) syz_io_uring_submit(0x0, r5, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x1b, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r4, 0x708, 0x41e3, 0x0, 0x0, 0x0) socket(0x22, 0x5, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYRES16=r4, @ANYRES64, @ANYBLOB="15010000000000004c00128009000100626f6e64000000003c050001000200000008000a0000000000050001000200000005000c00020000003c000e0002000f", @ANYRES32=0x0, @ANYRES8=r3, @ANYRES32=0x0, @ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTACK(r7, 0x0, 0x0, &(0x7f00000000c0), 0x4) r8 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r8, 0x114, 0x8, &(0x7f00000008c0), 0x4) close(r8) 654.391628ms ago: executing program 0 (id=2113): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket(0x10, 0x80002, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff", @ANYRES16=r2, @ANYRESDEC], 0x52) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}}) (fail_nth: 5) 478.678723ms ago: executing program 0 (id=2114): socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1001, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000440)=0x2) clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001380)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb01000000ff070000010400000002000000430000110400000062b63325afdaf82c2b267f15ffffffff0000610000000000000000000093410373b98d8ecaeae878827584ddd45fbd1ec2dfedeec8ef06"], 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) socket(0x25, 0x80000, 0x0) socket(0x1e, 0x2, 0x0) symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000000)='./file0\x00') openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000240)={0x0, 0x0, 0x8}, 0x18) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r0, 0x29, 0x4b, 0x0, 0x0) mkdir(0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0xa4513f2520f6a866, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x31f) r2 = openat$snapshot(0xffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) recvfrom$l2tp6(r1, &(0x7f0000000280)=""/213, 0xd5, 0x40000100, &(0x7f0000000380)={0xa, 0x0, 0x0, @local}, 0x20) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000001b00)={'syztnl1\x00', 0x0}) sendmsg$nl_route_sched(r1, 0x0, 0x40) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000002480)={r1}, 0x8) 399.660674ms ago: executing program 0 (id=2115): prctl$PR_GET_NO_NEW_PRIVS(0x27) socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) mount(&(0x7f0000000140)=@md0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000040)={0x7, 0x8}, 0x10) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000300)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000340)=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x1}}, 0x20) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETTXFILTER(r2, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB="2e2e000c371303ed6a33fe86890df20e87"]) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) r3 = socket$kcm(0x2, 0x200000000000001, 0x106) setsockopt$sock_attach_bpf(r3, 0x6, 0xd, &(0x7f0000000000), 0x4) openat$tun(0xffffff9c, &(0x7f0000000080), 0x400200, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r5 = dup(r0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) pselect6(0x40, &(0x7f0000000600)={0x11, 0xfffffffffffffffc, 0x2, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad}, 0x0, 0x0) 329.705339ms ago: executing program 2 (id=2116): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x6}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x118, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0xec, 0x3, 0x0, 0x1, [{0xe8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8c, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4}, @NFTA_DATA_VALUE={0x25, 0x1, "f193636f8306b60778228b5b0570e14f592c0723c57ee0ba4d220aa54e8779c2c6"}, @NFTA_DATA_VALUE={0x57, 0x1, "513b67aff52c7d3215dd65490ff255226866d6aa92b417f5252dfda310e89940a626a2e54a2974be8b6a12c31c9c9bdb18edf13daf021979e02fb9ca3bd6c3bc4814414e97dbb165bca13eaea74a4351528920"}, @NFTA_DATA_VERDICT={0x4}]}, @NFTA_SET_ELEM_EXPR={0x58, 0x7, 0x0, 0x1, @target={{0xb}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TARGET_INFO={0x30, 0x3, "b08c674515113085726709225a7547b6f14c1aa7a7202afc0811618e3b5a514fb651ff7360e7749fe5bee390"}, @NFTA_TARGET_NAME={0x9, 0x1, 'SNAT\x00'}]}}}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x19c}}, 0x0) 275.207165ms ago: executing program 2 (id=2117): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x8000) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x14, 0x4, 0x6, 0x101, 0x0, 0x0, {0x1, 0x0, 0x9}}, 0x14}}, 0x800) 273.955193ms ago: executing program 3 (id=2118): socket$kcm(0x2, 0x3, 0x2) socket$igmp(0x2, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f0400000000000000000085"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000, @void, @value}, 0x94) wait4(0x0, 0x0, 0x1000000, 0x0) r0 = memfd_secret(0x0) r1 = socket$inet6(0xa, 0x6, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x1, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x14, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x5452, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r5 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r1, 0x5) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10) sendmmsg(r5, &(0x7f0000002980), 0x400000000000239, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f00000004c0)={0x1f, 0xffff, 0x3}, 0x6) 272.674974ms ago: executing program 2 (id=2119): r0 = io_uring_setup(0x2e34, &(0x7f0000000000)={0x0, 0x1adb}) memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup(r2, &(0x7f0000000140)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='pids.current\x00', 0x275a, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) setsockopt(0xffffffffffffffff, 0x800000010d, 0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) close(0xffffffffffffffff) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(0xffffffffffffffff, 0x9) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r4, &(0x7f0000000040)="a6", 0xffffff4c, 0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), r5) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r6, @ANYBLOB="010000020c00fbdbdf25010000000800020000000000050005000000000008000300010000004800018005000200200000000600010002000000080006000a000000080003"], 0x84}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 179.957174ms ago: executing program 2 (id=2120): socket$kcm(0x2, 0x3, 0x2) socket$igmp(0x2, 0x3, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f0400000000000000000085"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) wait4(0x0, 0x0, 0x1000000, 0x0) r1 = memfd_secret(0x0) r2 = socket$inet6(0xa, 0x6, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x1, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x14, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x5452, 0x0) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r6 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r2, 0x5) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10) sendmmsg(r6, &(0x7f0000002980), 0x400000000000239, 0x0) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r7, &(0x7f00000004c0)={0x1f, 0xffff, 0x3}, 0x6) write(r7, &(0x7f0000000040)="05000000010001", 0x7) 0s ago: executing program 1 (id=2121): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000040), 0x3, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000002180)={0x0, 0x0, {0x0, 0x0, 0x300f}}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x38, 0x1, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_IFE_SMAC={0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r6, 0x0, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) chdir(&(0x7f0000000100)='./file0\x00') syz_open_dev$sndmidi(0x0, 0x2, 0x141101) socket$packet(0x11, 0x3, 0x300) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES64], 0x44}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000073dd0fe1334eea2b8565bc4886428f3742a46d07892460bbcd711bceb5679d931892537f1a4505945c3ec50d4b8add8f5351579fc570bd0e7400ac0ab5a797076f7497e492da1165a9dd32f36479296710fad1a31fc8346cf628ae78edd502d2d72f70c8ada7cf5f7b0992803852d9", @ANYRES16=r4, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c009900000400000b00000008002600b409000008002700010000000800a100000000000500180136000000"], 0x48}, 0x1, 0x0, 0x0, 0x810}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ff9}]}) clock_settime(0x0, &(0x7f00000014c0)={0x77359400}) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c00000011000500000000000000010007000000", @ANYRES32=r3, @ANYBLOB="08000100000000000c001a800800048004000280"], 0x2c}}, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000180)=0x1000000) kernel console output (not intermixed with test programs): 1037] 9pnet_virtio: no channels available for device syz [ 294.534639][T11042] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1241'. [ 295.018071][T11061] nbd: must specify at least one socket [ 296.658401][T11099] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1258'. [ 296.691280][T11101] netlink: 'syz.3.1259': attribute type 10 has an invalid length. [ 296.772909][T11104] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1257'. [ 297.262320][ T5950] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 297.266030][ T5950] Bluetooth: hci2: Injecting HCI hardware error event [ 297.269945][ T5950] Bluetooth: hci2: hardware error 0x00 [ 297.635250][T11123] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1264'. [ 297.825676][T11126] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1265'. [ 297.852516][T11126] program syz.3.1265 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 298.463904][T11141] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1269'. [ 298.576294][T11145] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan0, syncid = 1, id = 0 [ 298.579590][T11140] IPVS: stopping backup sync thread 11145 ... [ 299.105634][T11153] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1271'. [ 299.340418][ T5950] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 299.549654][T11156] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1274'. [ 299.995795][T11170] FAULT_INJECTION: forcing a failure. [ 299.995795][T11170] name failslab, interval 1, probability 0, space 0, times 0 [ 300.001541][T11170] CPU: 0 UID: 0 PID: 11170 Comm: syz.1.1278 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 300.001564][T11170] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 300.001574][T11170] Call Trace: [ 300.001580][T11170] [ 300.001587][T11170] dump_stack_lvl+0x16c/0x1f0 [ 300.001615][T11170] should_fail_ex+0x512/0x640 [ 300.001632][T11170] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 300.001652][T11170] should_failslab+0xc2/0x120 [ 300.001670][T11170] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 300.001688][T11170] ? __alloc_skb+0x2b2/0x380 [ 300.001711][T11170] __alloc_skb+0x2b2/0x380 [ 300.001731][T11170] ? __pfx___alloc_skb+0x10/0x10 [ 300.001752][T11170] ? genl_rcv_msg+0x4bb/0x800 [ 300.001776][T11170] netlink_ack+0x15d/0xb80 [ 300.001797][T11170] ? __lock_acquire+0xaa4/0x1ba0 [ 300.001821][T11170] netlink_rcv_skb+0x347/0x440 [ 300.001844][T11170] ? __pfx_genl_rcv_msg+0x10/0x10 [ 300.001857][T11170] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 300.001891][T11170] ? __pfx_down_read+0x10/0x10 [ 300.001905][T11170] ? netlink_deliver_tap+0x1ae/0xd30 [ 300.001928][T11170] genl_rcv+0x28/0x40 [ 300.001949][T11170] netlink_unicast+0x53a/0x7f0 [ 300.001971][T11170] ? __pfx_netlink_unicast+0x10/0x10 [ 300.002000][T11170] netlink_sendmsg+0x8d1/0xdd0 [ 300.002025][T11170] ? __pfx_netlink_sendmsg+0x10/0x10 [ 300.002048][T11170] ? __import_iovec+0x1c8/0x660 [ 300.002074][T11170] ____sys_sendmsg+0xa95/0xc70 [ 300.002088][T11170] ? __pfx_____sys_sendmsg+0x10/0x10 [ 300.002102][T11170] ? get_compat_msghdr+0x11a/0x170 [ 300.002131][T11170] ___sys_sendmsg+0x134/0x1d0 [ 300.002151][T11170] ? __pfx____sys_sendmsg+0x10/0x10 [ 300.002202][T11170] __sys_sendmsg+0x16d/0x220 [ 300.002225][T11170] ? __pfx___sys_sendmsg+0x10/0x10 [ 300.002248][T11170] ? rcu_is_watching+0x12/0xc0 [ 300.002266][T11170] ? rcu_is_watching+0x12/0xc0 [ 300.002284][T11170] __do_fast_syscall_32+0x73/0x120 [ 300.002309][T11170] do_fast_syscall_32+0x32/0x80 [ 300.002328][T11170] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 300.002346][T11170] RIP: 0023:0xf7fc7579 [ 300.002359][T11170] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 300.002373][T11170] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 300.002385][T11170] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800006c0 [ 300.002395][T11170] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 300.002405][T11170] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 300.002414][T11170] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 300.002422][T11170] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 300.002444][T11170] [ 300.131566][T11171] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1279'. [ 300.138839][T11176] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1281'. [ 300.199545][T11178] capability: warning: `syz.0.1280' uses deprecated v2 capabilities in a way that may be insecure [ 300.430647][ T24] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 300.515137][T11190] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1284'. [ 300.590531][ T24] usb 7-1: Using ep0 maxpacket: 16 [ 300.595225][ T24] usb 7-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 300.599052][ T24] usb 7-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 300.602439][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.611974][ T24] usbhid 7-1:26.0: couldn't find an input interrupt endpoint [ 301.181432][ T1017] usb 7-1: USB disconnect, device number 20 [ 303.431306][T11256] __nla_validate_parse: 4 callbacks suppressed [ 303.431381][T11256] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1298'. [ 303.767711][T11262] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1303'. [ 303.811258][ T34] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 303.970460][ T34] usb 7-1: Using ep0 maxpacket: 16 [ 303.975312][ T34] usb 7-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 303.981921][ T34] usb 7-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 303.985777][ T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.004050][ T34] usbhid 7-1:26.0: couldn't find an input interrupt endpoint [ 304.714709][ T1015] usb 7-1: USB disconnect, device number 21 [ 307.241829][T11347] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1331'. [ 307.700538][T11356] FAULT_INJECTION: forcing a failure. [ 307.700538][T11356] name failslab, interval 1, probability 0, space 0, times 0 [ 307.704568][T11356] CPU: 1 UID: 0 PID: 11356 Comm: syz.2.1333 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 307.704594][T11356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 307.704602][T11356] Call Trace: [ 307.704606][T11356] [ 307.704610][T11356] dump_stack_lvl+0x16c/0x1f0 [ 307.704630][T11356] should_fail_ex+0x512/0x640 [ 307.704643][T11356] ? fs_reclaim_acquire+0xae/0x150 [ 307.704660][T11356] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 307.704675][T11356] should_failslab+0xc2/0x120 [ 307.704689][T11356] __kmalloc_noprof+0xd2/0x510 [ 307.704705][T11356] tomoyo_realpath_from_path+0xc2/0x6e0 [ 307.704721][T11356] ? tomoyo_profile+0x47/0x60 [ 307.704739][T11356] tomoyo_path_number_perm+0x245/0x580 [ 307.704751][T11356] ? tomoyo_path_number_perm+0x237/0x580 [ 307.704764][T11356] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 307.704777][T11356] ? finish_task_switch.isra.0+0x221/0xc10 [ 307.704802][T11356] ? find_held_lock+0x2b/0x80 [ 307.704813][T11356] ? hook_file_ioctl_common+0x145/0x410 [ 307.704825][T11356] ? __fget_files+0x204/0x3c0 [ 307.704837][T11356] ? __fget_files+0x20e/0x3c0 [ 307.704845][T11356] ? __fput_deferred+0x300/0x370 [ 307.704861][T11356] security_file_ioctl_compat+0x9b/0x240 [ 307.704876][T11356] __ia32_compat_sys_ioctl+0xc3/0x360 [ 307.704894][T11356] __do_fast_syscall_32+0x73/0x120 [ 307.704910][T11356] do_fast_syscall_32+0x32/0x80 [ 307.704925][T11356] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 307.704938][T11356] RIP: 0023:0xf7f27579 [ 307.704946][T11356] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 307.704956][T11356] RSP: 002b:00000000f500455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 307.704967][T11356] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c054561d [ 307.704973][T11356] RDX: 0000000080000340 RSI: 0000000000000000 RDI: 0000000000000000 [ 307.704979][T11356] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 307.704985][T11356] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 307.704991][T11356] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 307.705004][T11356] [ 307.705027][T11356] ERROR: Out of memory at tomoyo_realpath_from_path. [ 309.217160][ T5950] Bluetooth: hci3: unexpected event for opcode 0x0c13 [ 310.552705][ T29] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 310.730656][T11422] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 310.738544][ T29] usb 5-1: Using ep0 maxpacket: 16 [ 310.741782][T11422] FAULT_INJECTION: forcing a failure. [ 310.741782][T11422] name failslab, interval 1, probability 0, space 0, times 0 [ 310.753881][T11422] CPU: 0 UID: 0 PID: 11422 Comm: syz.3.1356 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 310.753905][T11422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 310.753916][T11422] Call Trace: [ 310.753923][T11422] [ 310.753929][T11422] dump_stack_lvl+0x16c/0x1f0 [ 310.753958][T11422] should_fail_ex+0x512/0x640 [ 310.753977][T11422] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 310.754001][T11422] should_failslab+0xc2/0x120 [ 310.754022][T11422] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 310.754042][T11422] ? __kernel_text_address+0xd/0x40 [ 310.754059][T11422] ? __d_alloc+0x31/0xaa0 [ 310.754081][T11422] __d_alloc+0x31/0xaa0 [ 310.754102][T11422] d_alloc+0x4a/0x1e0 [ 310.754122][T11422] d_alloc_parallel+0xe3/0x12e0 [ 310.754149][T11422] ? check_path.constprop.0+0x24/0x50 [ 310.754172][T11422] ? save_trace+0x4e/0x380 [ 310.754192][T11422] ? __pfx_d_alloc_parallel+0x10/0x10 [ 310.754217][T11422] ? lockdep_init_map_type+0x5c/0x280 [ 310.754240][T11422] ? lockdep_init_map_type+0x5c/0x280 [ 310.754266][T11422] __lookup_slow+0x193/0x460 [ 310.754289][T11422] ? __pfx___lookup_slow+0x10/0x10 [ 310.754315][T11422] ? __SetPageMovable+0x360/0x4a0 [ 310.754341][T11422] ? __SetPageMovable+0x360/0x4a0 [ 310.754361][T11422] ? d_lookup+0xe7/0x190 [ 310.754382][T11422] lookup_one_unlocked+0x140/0x160 [ 310.754400][T11422] ? __pfx_lookup_one_unlocked+0x10/0x10 [ 310.754424][T11422] ovl_lookup_single+0x1fe/0xfb0 [ 310.754449][T11422] ? __pfx_ovl_lookup_single+0x10/0x10 [ 310.754475][T11422] ovl_lookup_layer+0x3d4/0x480 [ 310.754499][T11422] ? __pfx_ovl_lookup_layer+0x10/0x10 [ 310.754516][T11422] ? trace_kmalloc+0x2b/0xd0 [ 310.754541][T11422] ovl_lookup+0x1417/0x2270 [ 310.754560][T11422] ? __pfx_ovl_lookup+0x10/0x10 [ 310.754571][T11422] ? __lock_acquire+0xaa4/0x1ba0 [ 310.754589][T11422] ? netif_napi_add_weight_locked+0xaef/0xc40 [ 310.754617][T11422] ? do_raw_spin_lock+0x12c/0x2b0 [ 310.754628][T11422] ? find_held_lock+0x2b/0x80 [ 310.754645][T11422] ? do_raw_spin_unlock+0x172/0x230 [ 310.754657][T11422] ? _raw_spin_unlock+0x28/0x50 [ 310.754676][T11422] lookup_one_qstr_excl_raw.part.0+0xec/0x160 [ 310.754718][T11422] ? lookup_dcache+0x66/0x170 [ 310.754737][T11422] lookup_one_qstr_excl+0x3e/0x120 [ 310.754756][T11422] do_renameat2+0x56d/0xc90 [ 310.754778][T11422] ? __pfx_do_renameat2+0x10/0x10 [ 310.754794][T11422] ? find_held_lock+0x2b/0x80 [ 310.754807][T11422] ? __might_fault+0xe3/0x190 [ 310.754823][T11422] ? __might_fault+0x13b/0x190 [ 310.754848][T11422] ? getname_flags.part.0+0x1c5/0x550 [ 310.754870][T11422] __ia32_sys_renameat2+0xe7/0x130 [ 310.754888][T11422] __do_fast_syscall_32+0x73/0x120 [ 310.754908][T11422] do_fast_syscall_32+0x32/0x80 [ 310.754927][T11422] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 310.754946][T11422] RIP: 0023:0xf7f38579 [ 310.754959][T11422] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 310.754974][T11422] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000161 [ 310.754990][T11422] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000a00 [ 310.755000][T11422] RDX: 00000000ffffff9c RSI: 0000000080000600 RDI: 0000000000000002 [ 310.755011][T11422] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 310.755021][T11422] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 310.755031][T11422] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 310.755053][T11422] [ 310.756370][ T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 310.896786][ T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 310.901013][ T29] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 310.905652][ T29] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 310.908580][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.935936][ T29] usb 5-1: config 0 descriptor?? [ 311.187444][T11432] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1359'. [ 311.362292][T11415] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 311.387606][ T29] usbhid 5-1:0.0: can't add hid device: -71 [ 311.389563][ T29] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 311.401455][ T29] usb 5-1: USB disconnect, device number 21 [ 311.870845][ T3228] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 312.020389][ T3228] usb 6-1: Using ep0 maxpacket: 16 [ 312.026896][ T3228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 312.033415][ T3228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 312.047576][ T3228] usb 6-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 312.052858][ T3228] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.057907][ T3228] usb 6-1: config 0 descriptor?? [ 312.310489][ T73] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 312.322727][ T24] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 312.322900][ T3228] usbhid 6-1:0.0: can't add hid device: -71 [ 312.328098][ T3228] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 312.341247][ T3228] usb 6-1: USB disconnect, device number 19 [ 312.448398][T11454] netlink: 'syz.3.1364': attribute type 4 has an invalid length. [ 312.480506][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 312.480698][ T73] usb 7-1: Using ep0 maxpacket: 16 [ 312.486068][ T73] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 312.486097][ T24] usb 5-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 312.489407][ T73] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 312.493197][ T24] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 312.496009][ T73] usb 7-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 312.499267][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.503128][ T73] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.504922][ T73] usb 7-1: config 0 descriptor?? [ 312.510759][ T24] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:26.0/input/input28 [ 312.730911][ T73] usbhid 7-1:0.0: can't add hid device: -71 [ 312.739534][ T73] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 312.747642][ T73] usb 7-1: USB disconnect, device number 22 [ 312.985082][T11463] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1366'. [ 313.302263][T11467] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1367'. [ 313.335547][ T5347] bcm5974 5-1:26.0: could not read from device [ 313.341605][ T5347] bcm5974 5-1:26.0: could not read from device [ 313.343755][ T24] usb 5-1: USB disconnect, device number 22 [ 313.345907][ T5347] bcm5974 5-1:26.0: could not read from device [ 313.348354][ T5347] bcm5974 5-1:26.0: could not read from device [ 313.413303][T11470] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1368'. [ 314.720445][ T24] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 314.898371][ T24] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 314.901987][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 314.906380][ T24] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 314.910430][ T24] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 314.926192][ T24] usb 8-1: Manufacturer: syz [ 314.943476][ T24] usb 8-1: config 0 descriptor?? [ 314.990552][ T24] rc_core: IR keymap rc-hauppauge not found [ 314.992741][ T24] Registered IR keymap rc-empty [ 314.995639][ T24] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0 [ 315.000647][ T24] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input29 [ 315.110602][T11503] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1377'. [ 315.281166][ T58] usb 8-1: USB disconnect, device number 15 [ 316.161595][T11523] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1382'. [ 316.704311][ T1413] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.706353][ T1413] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.884294][T11540] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1387'. [ 317.618524][T11551] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1389'. [ 317.776559][T11555] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1391'. [ 318.528522][T11566] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1394'. [ 318.933324][T11575] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 318.938084][T11575] macsec1: entered allmulticast mode [ 318.940024][T11575] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 318.947202][T11575] batman_adv: batadv0: Adding interface: macsec1 [ 318.949391][T11575] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 318.958161][T11575] batman_adv: batadv0: Interface activated: macsec1 [ 318.979959][T11575] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1397'. [ 319.832804][T11593] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1400'. [ 320.127297][T11596] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1402'. [ 320.448602][T11603] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1404'. [ 321.270463][ T1454] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 321.475649][ T1454] usb 8-1: Using ep0 maxpacket: 16 [ 321.490465][ T1454] usb 8-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 321.494527][ T1454] usb 8-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 321.500857][ T1454] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.512780][ T1454] input: bcm5974 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:26.0/input/input30 [ 322.795189][ T5347] bcm5974 8-1:26.0: could not read from device [ 322.818098][ T5347] bcm5974 8-1:26.0: could not read from device [ 322.825702][ T5347] bcm5974 8-1:26.0: could not read from device [ 322.835314][ T1454] usb 8-1: USB disconnect, device number 16 [ 322.837700][ T5347] bcm5974 8-1:26.0: could not read from device [ 322.859444][ T5961] bcm5974 8-1:26.0: could not read from device [ 322.890253][T11640] netlink: 892 bytes leftover after parsing attributes in process `syz.0.1415'. [ 323.193336][T11651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1418'. [ 323.485354][T11659] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1417'. [ 323.850476][ T1017] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 324.210393][ T1017] usb 6-1: Using ep0 maxpacket: 16 [ 324.213238][ T1017] usb 6-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 324.216267][ T1017] usb 6-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 324.219063][ T1017] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.225506][ T1017] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:26.0/input/input31 [ 324.776957][T11684] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1426'. [ 324.994580][ T5347] bcm5974 6-1:26.0: could not read from device [ 325.000172][ T5347] bcm5974 6-1:26.0: could not read from device [ 325.009002][ T1017] usb 6-1: USB disconnect, device number 20 [ 325.242052][T11693] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1430'. [ 325.431275][T11698] netlink: 892 bytes leftover after parsing attributes in process `syz.3.1432'. [ 325.538413][T11703] lo speed is unknown, defaulting to 1000 [ 325.597323][T11703] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1434'. [ 325.779657][T11711] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1436'. [ 326.103713][T11716] netlink: 'syz.0.1437': attribute type 8 has an invalid length. [ 326.106925][T11716] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1437'. [ 326.297496][T11722] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1438'. [ 326.530449][ T1454] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 326.690598][ T1454] usb 8-1: Using ep0 maxpacket: 16 [ 326.705355][ T1454] usb 8-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 326.709290][ T1454] usb 8-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 326.715157][ T1454] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.787972][ T1454] input: bcm5974 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:26.0/input/input32 [ 327.440218][ T5347] bcm5974 8-1:26.0: could not read from device [ 327.464844][ T5347] bcm5974 8-1:26.0: could not read from device [ 327.511916][ T5347] bcm5974 8-1:26.0: could not read from device [ 327.528605][ T1454] usb 8-1: USB disconnect, device number 17 [ 328.651535][T11779] __nla_validate_parse: 1 callbacks suppressed [ 328.651546][T11779] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1457'. [ 329.037670][T11792] dccp_v4_rcv: dropped packet with invalid checksum [ 329.100478][ T1454] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 329.250439][ T1454] usb 6-1: Using ep0 maxpacket: 16 [ 329.261947][ T1454] usb 6-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 329.266239][ T1454] usb 6-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 329.270059][ T1454] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.281866][ T1454] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:26.0/input/input33 [ 329.409151][T11802] lo speed is unknown, defaulting to 1000 [ 329.679888][T11809] random: crng reseeded on system resumption [ 329.754626][ T5347] bcm5974 6-1:26.0: could not read from device [ 329.757693][ T5347] bcm5974 6-1:26.0: could not read from device [ 329.764541][ T5347] bcm5974 6-1:26.0: could not read from device [ 329.768145][T11809] Restarting kernel threads ... done. [ 329.776934][ T1454] usb 6-1: USB disconnect, device number 21 [ 329.781036][ T5347] bcm5974 6-1:26.0: could not read from device [ 329.809523][ T5961] bcm5974 6-1:26.0: could not read from device [ 329.942578][T11814] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1466'. [ 330.455669][T11838] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1475'. [ 330.725770][T11844] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1476'. [ 331.773383][T11867] netlink: 868 bytes leftover after parsing attributes in process `syz.2.1484'. [ 331.827214][T11869] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 331.829837][T11869] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 331.834058][T11869] vhci_hcd vhci_hcd.0: Device attached [ 331.839331][T11869] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(12) [ 331.841609][T11869] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 331.844127][T11869] vhci_hcd vhci_hcd.0: Device attached [ 331.865512][T11876] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1486'. [ 331.906644][T11877] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 331.914755][T11877] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(21) [ 331.917605][T11877] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 331.920860][T11877] vhci_hcd vhci_hcd.0: Device attached [ 331.963530][T11877] vhci_hcd vhci_hcd.0: pdev(2) rhport(4) sockfd(24) [ 331.966241][T11877] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 331.970688][T11877] vhci_hcd vhci_hcd.0: Device attached [ 331.979705][T11877] vhci_hcd vhci_hcd.0: pdev(2) rhport(5) sockfd(26) [ 331.982423][T11877] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 331.986052][T11877] vhci_hcd vhci_hcd.0: Device attached [ 332.011386][ T3228] vhci_hcd: vhci_device speed not set [ 332.014544][T11877] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 332.070438][ T3228] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 332.081849][T11887] vhci_hcd: connection closed [ 332.082145][T11884] vhci_hcd: connection closed [ 332.082334][T11880] vhci_hcd: connection closed [ 332.085809][ T1141] vhci_hcd: stop threads [ 332.088542][ T1141] vhci_hcd: release socket [ 332.091497][T11873] vhci_hcd: connection closed [ 332.091629][T11871] vhci_hcd: connection reset by peer [ 332.091793][ T1141] vhci_hcd: disconnect device [ 332.110684][ T1141] vhci_hcd: stop threads [ 332.112599][ T1141] vhci_hcd: release socket [ 332.114600][ T1141] vhci_hcd: disconnect device [ 332.116890][ T1141] vhci_hcd: stop threads [ 332.118819][ T1141] vhci_hcd: release socket [ 332.121526][ T1141] vhci_hcd: disconnect device [ 332.150591][ T1141] vhci_hcd: stop threads [ 332.152691][ T1141] vhci_hcd: release socket [ 332.155195][ T1141] vhci_hcd: disconnect device [ 332.157303][ T1141] vhci_hcd: stop threads [ 332.158898][ T1141] vhci_hcd: release socket [ 332.170619][ T1141] vhci_hcd: disconnect device [ 332.470435][ T6050] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 332.620430][ T6050] usb 6-1: Using ep0 maxpacket: 16 [ 332.623706][ T6050] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 332.627356][ T6050] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 332.631184][ T6050] usb 6-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 332.641428][ T6050] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.651789][ T6050] usb 6-1: config 0 descriptor?? [ 333.037050][T11909] netlink: 860 bytes leftover after parsing attributes in process `syz.0.1493'. [ 333.118110][ T6050] usbhid 6-1:0.0: can't add hid device: -71 [ 333.120089][ T6050] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 333.123836][ T6050] usb 6-1: USB disconnect, device number 22 [ 333.169380][T11907] netlink: 'syz.2.1491': attribute type 2 has an invalid length. [ 333.176979][T11907] netlink: 'syz.2.1491': attribute type 1 has an invalid length. [ 333.219915][T11907] bond0: entered promiscuous mode [ 333.222178][T11907] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 333.226544][T11907] bond2: (slave macvlan2): Enslaving as a backup interface with a down link [ 333.717666][T11920] netlink: 'syz.1.1497': attribute type 8 has an invalid length. [ 333.726743][T11920] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1497'. [ 334.380543][T11943] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1502'. [ 334.449829][T11926] syz.2.1500 (11926): drop_caches: 2 [ 334.453689][T11926] syz.2.1500 (11926): drop_caches: 2 [ 334.673076][T11948] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1506'. [ 335.314421][T11967] FAULT_INJECTION: forcing a failure. [ 335.314421][T11967] name failslab, interval 1, probability 0, space 0, times 0 [ 335.318932][T11967] CPU: 1 UID: 0 PID: 11967 Comm: syz.3.1513 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 335.318947][T11967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 335.318954][T11967] Call Trace: [ 335.318958][T11967] [ 335.318962][T11967] dump_stack_lvl+0x16c/0x1f0 [ 335.318980][T11967] should_fail_ex+0x512/0x640 [ 335.318993][T11967] ? fs_reclaim_acquire+0xae/0x150 [ 335.319010][T11967] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 335.319025][T11967] should_failslab+0xc2/0x120 [ 335.319038][T11967] __kmalloc_noprof+0xd2/0x510 [ 335.319067][T11967] tomoyo_realpath_from_path+0xc2/0x6e0 [ 335.319086][T11967] ? tomoyo_profile+0x47/0x60 [ 335.319104][T11967] tomoyo_path_number_perm+0x245/0x580 [ 335.319116][T11967] ? tomoyo_path_number_perm+0x237/0x580 [ 335.319130][T11967] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 335.319156][T11967] ? find_held_lock+0x2b/0x80 [ 335.319166][T11967] ? hook_file_ioctl_common+0x145/0x410 [ 335.319179][T11967] ? __fget_files+0x204/0x3c0 [ 335.319191][T11967] ? __fget_files+0x20e/0x3c0 [ 335.319199][T11967] ? __fput_deferred+0x300/0x370 [ 335.319214][T11967] security_file_ioctl_compat+0x9b/0x240 [ 335.319229][T11967] __ia32_compat_sys_ioctl+0xc3/0x360 [ 335.319246][T11967] __do_fast_syscall_32+0x73/0x120 [ 335.319262][T11967] do_fast_syscall_32+0x32/0x80 [ 335.319277][T11967] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 335.319290][T11967] RIP: 0023:0xf7f38579 [ 335.319298][T11967] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 335.319308][T11967] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 335.319318][T11967] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040bc5311 [ 335.319324][T11967] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 335.319330][T11967] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 335.319336][T11967] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 335.319342][T11967] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 335.319355][T11967] [ 335.319435][T11967] ERROR: Out of memory at tomoyo_realpath_from_path. [ 336.279526][T11985] netlink: 'syz.0.1517': attribute type 8 has an invalid length. [ 336.282726][T11985] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1517'. [ 336.416534][T11987] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1518'. [ 336.444199][T11989] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1519'. [ 336.926656][T11998] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1522'. [ 337.234394][ T3228] vhci_hcd: vhci_device speed not set [ 337.904681][T12023] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1531'. [ 338.423803][T12039] random: crng reseeded on system resumption [ 338.433706][T12039] Restarting kernel threads ... done. [ 338.540658][ T10] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 338.710408][ T10] usb 7-1: Using ep0 maxpacket: 16 [ 338.716880][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 338.727276][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 338.744298][ T10] usb 7-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 338.754459][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.758778][ T10] usb 7-1: config 0 descriptor?? [ 339.943891][T12068] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1544'. [ 340.040440][ T58] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 340.190463][ T58] usb 5-1: Using ep0 maxpacket: 16 [ 340.201240][ T58] usb 5-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 340.204464][ T58] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 340.207361][ T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.213813][ T58] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:26.0/input/input34 [ 340.779853][ T5347] bcm5974 5-1:26.0: could not read from device [ 340.787799][ T5347] bcm5974 5-1:26.0: could not read from device [ 340.789314][ T58] usb 5-1: USB disconnect, device number 23 [ 340.792782][ T5347] bcm5974 5-1:26.0: could not read from device [ 340.902910][T12082] random: crng reseeded on system resumption [ 340.929630][ T10] usbhid 7-1:0.0: can't add hid device: -71 [ 340.932370][ T10] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 340.936763][T12082] Restarting kernel threads ... done. [ 340.940924][ T10] usb 7-1: USB disconnect, device number 23 [ 341.978684][T12103] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1552'. [ 342.099065][T12111] netlink: 772 bytes leftover after parsing attributes in process `syz.3.1556'. [ 342.312333][T12115] FAULT_INJECTION: forcing a failure. [ 342.312333][T12115] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 342.317844][T12115] CPU: 3 UID: 0 PID: 12115 Comm: syz.3.1557 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 342.317865][T12115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 342.317875][T12115] Call Trace: [ 342.317881][T12115] [ 342.317887][T12115] dump_stack_lvl+0x16c/0x1f0 [ 342.317914][T12115] should_fail_ex+0x512/0x640 [ 342.317938][T12115] save_fsave_header+0x17b/0x2e0 [ 342.317964][T12115] ? __pfx_save_fsave_header+0x10/0x10 [ 342.317999][T12115] ? copy_fpstate_to_sigframe+0x2ca/0xb10 [ 342.318023][T12115] ? rcu_is_watching+0x12/0xc0 [ 342.318041][T12115] ? __local_bh_enable_ip+0xa4/0x120 [ 342.318066][T12115] copy_fpstate_to_sigframe+0x7a0/0xb10 [ 342.318095][T12115] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 342.318119][T12115] ? posixtimer_deliver_signal+0xed/0x6a0 [ 342.318154][T12115] get_sigframe+0x4a8/0x9c0 [ 342.318182][T12115] ? __pfx_get_sigframe+0x10/0x10 [ 342.318204][T12115] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 342.318230][T12115] ? _raw_spin_unlock_irq+0x29/0x50 [ 342.318250][T12115] ? siginfo_layout+0x177/0x290 [ 342.318272][T12115] ia32_setup_rt_frame+0xe3/0xb30 [ 342.318297][T12115] ? __pfx_ia32_setup_rt_frame+0x10/0x10 [ 342.318322][T12115] arch_do_signal_or_restart+0x47b/0x7a0 [ 342.318345][T12115] ? __fget_files+0x20e/0x3c0 [ 342.318361][T12115] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 342.318391][T12115] ? ksys_write+0x1b9/0x240 [ 342.318430][T12115] ? __pfx_ksys_write+0x10/0x10 [ 342.318452][T12115] syscall_exit_to_user_mode+0x150/0x2a0 [ 342.318478][T12115] __do_fast_syscall_32+0x80/0x120 [ 342.318504][T12115] do_fast_syscall_32+0x32/0x80 [ 342.318527][T12115] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 342.318548][T12115] RIP: 0023:0xf7f38579 [ 342.318562][T12115] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 342.318578][T12115] RSP: 002b:00000000f5056590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 342.318594][T12115] RAX: 0000000000000001 RBX: 0000000000000006 RCX: 00000000f5056610 [ 342.318605][T12115] RDX: 0000000000000001 RSI: 00000000f73c2ff4 RDI: 0000000000000000 [ 342.318615][T12115] RBP: 00000000f73f4f80 R08: 0000000000000000 R09: 0000000000000000 [ 342.318626][T12115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 342.318637][T12115] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 342.318659][T12115] [ 343.270873][T12136] kvm: pic: non byte read [ 343.273820][T12136] kvm: pic: level sensitive irq not supported [ 343.274073][T12136] kvm: pic: non byte read [ 343.279415][T12136] kvm: pic: level sensitive irq not supported [ 343.279727][T12136] kvm: pic: non byte read [ 343.284456][T12136] kvm: pic: level sensitive irq not supported [ 343.284684][T12136] kvm: pic: non byte read [ 344.967119][T12181] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1577'. [ 345.626113][T12194] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1580'. [ 345.985227][T12206] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1584'. [ 346.402984][T12218] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1586'. [ 346.435108][T12220] netlink: 'syz.3.1587': attribute type 2 has an invalid length. [ 346.467296][T12224] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1589'. [ 346.750653][ T29] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 346.920406][ T29] usb 6-1: Using ep0 maxpacket: 16 [ 346.923583][ T29] usb 6-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 346.926906][ T29] usb 6-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 346.929886][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.937860][ T29] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:26.0/input/input35 [ 347.195030][T12246] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1595'. [ 347.635613][ T5347] bcm5974 6-1:26.0: could not read from device [ 347.641954][ T5347] bcm5974 6-1:26.0: could not read from device [ 347.651156][ T5347] bcm5974 6-1:26.0: could not read from device [ 347.656979][ T5347] bcm5974 6-1:26.0: could not read from device [ 347.679793][ T29] usb 6-1: USB disconnect, device number 23 [ 347.784295][T12257] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1597'. [ 348.315421][T12278] netlink: 'syz.1.1604': attribute type 8 has an invalid length. [ 348.318074][T12278] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1604'. [ 348.438280][T12279] netlink: 'syz.2.1603': attribute type 2 has an invalid length. [ 349.678824][T12309] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1611'. [ 349.737125][T12311] afs: Unknown parameter 'æ9¶Èv¡B*ž‡_¶‘ímTQ}D© b+Æ'^ùi„ê®GÍE;×_ ßN\b÷¸Xt̨f(¯”Š1ÀA%Qð‘ۨ襽š´ßýsâ±ÍâÛWæCÆå…wFnb' [ 349.898002][T12317] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1613'. [ 350.002171][T12320] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1609'. [ 350.334532][T12327] usb usb1: usbfs: process 12327 () did not claim interface 0 before use [ 350.476157][T12332] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1617'. [ 351.006560][T12343] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1619'. [ 351.255884][T12351] random: crng reseeded on system resumption [ 351.274381][T12351] Restarting kernel threads ... done. [ 351.440518][T11452] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 351.660406][T11452] usb 8-1: Using ep0 maxpacket: 16 [ 351.661227][T12357] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1624'. [ 351.663898][T11452] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 351.669081][T11452] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 351.672486][T11452] usb 8-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 351.675410][T11452] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.679484][T11452] usb 8-1: config 0 descriptor?? [ 351.905953][T11452] usbhid 8-1:0.0: can't add hid device: -71 [ 351.909105][T11452] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 351.931321][T11452] usb 8-1: USB disconnect, device number 18 [ 352.497018][T12377] netlink: 'syz.0.1628': attribute type 2 has an invalid length. [ 352.750415][ T58] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 352.910424][ T58] usb 6-1: Using ep0 maxpacket: 16 [ 352.921908][ T58] usb 6-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 352.925147][ T58] usb 6-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 352.930690][ T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.942296][ T58] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:26.0/input/input36 [ 353.037796][T12384] IPVS: set_ctl: invalid protocol: 59 172.20.20.187:20001 [ 353.217894][T12386] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1633'. [ 353.292079][ T9] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 353.341366][T12392] random: crng reseeded on system resumption [ 353.550386][ T9] usb 8-1: Using ep0 maxpacket: 8 [ 353.553621][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 353.557097][ T9] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 353.561008][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.566479][ T9] usb 8-1: config 0 descriptor?? [ 353.627019][ T5347] bcm5974 6-1:26.0: could not read from device [ 353.629706][ T5347] bcm5974 6-1:26.0: could not read from device [ 353.635241][ T5347] bcm5974 6-1:26.0: could not read from device [ 353.644217][ T5347] bcm5974 6-1:26.0: could not read from device [ 353.646367][ T58] usb 6-1: USB disconnect, device number 24 [ 353.855004][ T9] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 353.863373][T12392] Restarting kernel threads ... done. [ 353.987973][T12399] netlink: 'syz.0.1636': attribute type 8 has an invalid length. [ 353.991341][T12399] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1636'. [ 354.047627][ T9] usb 8-1: USB disconnect, device number 19 [ 354.283804][T12409] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1640'. [ 354.793811][T12419] netlink: 'syz.0.1641': attribute type 2 has an invalid length. [ 355.168727][T12429] Invalid option length (956) for dns_resolver key [ 355.908328][T12447] netlink: 'syz.0.1646': attribute type 2 has an invalid length. [ 356.190731][ T29] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 356.339478][T12453] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1650'. [ 356.350456][ T29] usb 7-1: Using ep0 maxpacket: 16 [ 356.359068][ T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 356.363632][ T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 356.367006][ T29] usb 7-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 356.369954][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.378732][ T29] usb 7-1: config 0 descriptor?? [ 356.592552][ T29] usbhid 7-1:0.0: can't add hid device: -71 [ 356.594508][ T29] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 356.606554][ T29] usb 7-1: USB disconnect, device number 24 [ 356.915477][T12462] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1652'. [ 357.482871][T12472] netlink: 'syz.2.1654': attribute type 2 has an invalid length. [ 357.853428][T12480] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1659'. [ 358.172672][T12490] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1661'. [ 358.990460][ T10] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 359.150401][ T10] usb 7-1: Using ep0 maxpacket: 16 [ 359.153348][ T10] usb 7-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 359.156667][ T10] usb 7-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 359.159561][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.168234][ T10] input: bcm5974 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:26.0/input/input37 [ 359.847234][ T5347] bcm5974 7-1:26.0: could not read from device [ 359.858585][ T5347] bcm5974 7-1:26.0: could not read from device [ 359.870438][ T5347] bcm5974 7-1:26.0: could not read from device [ 359.870485][ T10] usb 7-1: USB disconnect, device number 25 [ 359.876437][ T5347] bcm5974 7-1:26.0: could not read from device [ 360.144445][T12523] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1669'. [ 360.264609][T12531] fuse: Bad value for 'user_id' [ 360.266692][T12531] fuse: Bad value for 'user_id' [ 360.272396][T12531] netlink: 184 bytes leftover after parsing attributes in process `syz.1.1671'. [ 360.275350][T12531] netlink: 3975 bytes leftover after parsing attributes in process `syz.1.1671'. [ 360.323811][T12530] netlink: 'syz.3.1670': attribute type 2 has an invalid length. [ 361.264480][T12554] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1674'. [ 362.076764][T12562] random: crng reseeded on system resumption [ 362.083857][T12562] Restarting kernel threads ... done. [ 362.086505][T12560] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1679'. [ 362.130499][ T10] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 362.300498][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 362.303520][ T10] usb 5-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 362.306719][ T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 362.310044][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.320246][ T10] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:26.0/input/input38 [ 362.530908][T12576] lo speed is unknown, defaulting to 1000 [ 362.537060][T12577] netlink: 'syz.3.1683': attribute type 2 has an invalid length. [ 362.674241][ T5347] bcm5974 5-1:26.0: could not read from device [ 362.677186][ T5347] bcm5974 5-1:26.0: could not read from device [ 362.683443][ T5347] bcm5974 5-1:26.0: could not read from device [ 362.686608][ T10] usb 5-1: USB disconnect, device number 24 [ 363.530850][T12600] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1690'. [ 363.575511][T12602] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1691'. [ 364.492123][T12635] netlink: 'syz.0.1697': attribute type 2 has an invalid length. [ 364.729238][ T29] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 364.836278][T12643] cgroup: name respecified [ 364.838572][T12643] netlink: 'syz.2.1700': attribute type 1 has an invalid length. [ 364.861965][T12643] 8021q: adding VLAN 0 to HW filter on device bond3 [ 364.891928][ T29] usb 8-1: Using ep0 maxpacket: 16 [ 364.896059][ T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 364.899574][ T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 364.902728][ T29] usb 8-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 364.905602][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.909921][ T29] usb 8-1: config 0 descriptor?? [ 365.200640][ T29] usbhid 8-1:0.0: can't add hid device: -71 [ 365.207944][ T29] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 365.219505][ T29] usb 8-1: USB disconnect, device number 20 [ 366.626723][T12679] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1710'. [ 367.052586][T12699] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1709'. [ 367.241711][T12691] netlink: 'syz.2.1711': attribute type 2 has an invalid length. [ 367.434426][T12704] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1716'. [ 368.030429][ T1454] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 368.180470][ T1454] usb 6-1: Using ep0 maxpacket: 8 [ 368.184257][ T1454] usb 6-1: config index 0 descriptor too short (expected 5924, got 36) [ 368.187193][ T1454] usb 6-1: config 250 has an invalid interface number: 228 but max is -1 [ 368.190001][ T1454] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 368.193049][ T1454] usb 6-1: config 250 has no interface number 0 [ 368.195101][ T1454] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 368.198862][ T1454] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 368.202436][ T1454] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 368.205676][ T1454] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 368.208965][ T1454] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 368.213423][ T1454] usb 6-1: config 250 interface 228 has no altsetting 0 [ 368.216887][ T1454] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 368.219801][ T1454] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 368.222899][ T1454] usb 6-1: Product: syz [ 368.224264][ T1454] usb 6-1: SerialNumber: syz [ 368.228688][ T1454] hub 6-1:250.228: bad descriptor, ignoring hub [ 368.230958][ T1454] hub 6-1:250.228: probe with driver hub failed with error -5 [ 368.614439][T12722] FAULT_INJECTION: forcing a failure. [ 368.614439][T12722] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 368.618562][T12722] CPU: 1 UID: 0 PID: 12722 Comm: syz.1.1720 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 368.618586][T12722] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 368.618594][T12722] Call Trace: [ 368.618598][T12722] [ 368.618602][T12722] dump_stack_lvl+0x16c/0x1f0 [ 368.618620][T12722] should_fail_ex+0x512/0x640 [ 368.618635][T12722] _copy_from_user+0x2e/0xd0 [ 368.618649][T12722] io_uring_setup+0xb4/0x1ff0 [ 368.618662][T12722] ? __pfx_io_uring_setup+0x10/0x10 [ 368.618676][T12722] ? __pfx___schedule+0x10/0x10 [ 368.618688][T12722] ? irqentry_exit+0x3b/0x90 [ 368.618711][T12722] __ia32_sys_io_uring_setup+0xc2/0x170 [ 368.618722][T12722] __do_fast_syscall_32+0x73/0x120 [ 368.618738][T12722] do_fast_syscall_32+0x32/0x80 [ 368.618755][T12722] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 368.618768][T12722] RIP: 0023:0xf7fc7579 [ 368.618776][T12722] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 368.618787][T12722] RSP: 002b:00000000f50a450c EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 368.618797][T12722] RAX: ffffffffffffffda RBX: 0000000000000239 RCX: 0000000080000300 [ 368.618803][T12722] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 368.618809][T12722] RBP: 0000000080000180 R08: 0000000000000000 R09: 0000000000000000 [ 368.618815][T12722] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 368.618821][T12722] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 368.618833][T12722] [ 368.670953][ C1] vkms_vblank_simulate: vblank timer overrun [ 368.930418][ T10] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 369.350413][ T29] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 369.390383][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 369.393767][ T10] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 369.396373][ T10] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 369.399026][ T10] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 369.401912][ T10] usb 5-1: config 250 has no interface number 0 [ 369.403928][ T10] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 369.407504][ T10] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 369.410797][ T10] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 369.413970][ T10] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 369.417165][ T10] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 369.422877][ T10] usb 5-1: config 250 interface 228 has no altsetting 0 [ 369.426348][ T10] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 369.428993][ T10] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 369.431624][ T10] usb 5-1: Product: syz [ 369.432968][ T10] usb 5-1: SerialNumber: syz [ 369.437834][ T10] hub 5-1:250.228: bad descriptor, ignoring hub [ 369.439850][ T10] hub 5-1:250.228: probe with driver hub failed with error -5 [ 369.510385][ T29] usb 7-1: Using ep0 maxpacket: 16 [ 369.513419][ T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 369.516834][ T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 369.519938][ T29] usb 7-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 369.522868][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.526884][ T29] usb 7-1: config 0 descriptor?? [ 369.774235][ T29] usbhid 7-1:0.0: can't add hid device: -71 [ 369.776286][ T29] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 369.780045][ T29] usb 7-1: USB disconnect, device number 26 [ 370.808773][ T1454] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 25 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 370.831479][ T1454] usb 6-1: USB disconnect, device number 25 [ 370.835655][ T1454] usblp0: removed [ 370.904247][T12750] netlink: 'syz.3.1727': attribute type 2 has an invalid length. [ 371.405731][T12758] random: crng reseeded on system resumption [ 371.742490][ T10] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 25 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 371.753441][T12758] Restarting kernel threads ... done. [ 371.760743][ T10] usb 5-1: USB disconnect, device number 25 [ 371.773316][ T10] usblp0: removed [ 371.825470][T12769] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1736'. [ 371.860498][ T3228] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 372.040535][ T3228] usb 6-1: Using ep0 maxpacket: 16 [ 372.044190][ T3228] usb 6-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 372.047437][ T3228] usb 6-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 372.050532][ T3228] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.138904][ T3228] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:26.0/input/input39 [ 372.270496][ T29] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 372.440047][ T5347] bcm5974 6-1:26.0: could not read from device [ 372.445579][ T5347] bcm5974 6-1:26.0: could not read from device [ 372.489230][ T5347] bcm5974 6-1:26.0: could not read from device [ 372.490503][ T3228] usb 6-1: USB disconnect, device number 26 [ 372.510405][ T29] usb 8-1: Using ep0 maxpacket: 16 [ 372.516282][ T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.520298][ T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 372.523580][ T29] usb 8-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 372.526839][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.534566][ T29] usb 8-1: config 0 descriptor?? [ 372.791421][ T29] usbhid 8-1:0.0: can't add hid device: -71 [ 372.793438][ T29] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 372.801288][ T29] usb 8-1: USB disconnect, device number 21 [ 372.886641][T12786] lo speed is unknown, defaulting to 1000 [ 373.012995][T12790] blktrace: Concurrent blktraces are not allowed on sg0 [ 373.099380][T12793] random: crng reseeded on system resumption [ 373.114710][T12793] Restarting kernel threads ... done. [ 373.488551][T12807] netlink: 'syz.3.1745': attribute type 8 has an invalid length. [ 373.492202][T12807] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1745'. [ 373.597033][T12809] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1746'. [ 373.980437][ T58] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 374.130445][ T58] usb 8-1: Using ep0 maxpacket: 16 [ 374.134160][ T58] usb 8-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 374.138330][ T58] usb 8-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 374.142471][ T58] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.412015][ T58] input: bcm5974 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:26.0/input/input40 [ 375.032647][ T5347] bcm5974 8-1:26.0: could not read from device [ 375.038460][ T5347] bcm5974 8-1:26.0: could not read from device [ 375.044341][ T5347] bcm5974 8-1:26.0: could not read from device [ 375.053823][ T5347] bcm5974 8-1:26.0: could not read from device [ 375.059654][ T58] usb 8-1: USB disconnect, device number 22 [ 375.373364][T12885] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1761'. [ 375.376094][T12885] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1761'. [ 375.378832][T12885] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1761'. [ 375.381692][T12885] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1761'. [ 375.415442][T12887] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1762'. [ 375.490434][T12891] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1764'. [ 376.426679][T12919] FAULT_INJECTION: forcing a failure. [ 376.426679][T12919] name failslab, interval 1, probability 0, space 0, times 0 [ 376.431335][T12919] CPU: 2 UID: 0 PID: 12919 Comm: syz.2.1769 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 376.431351][T12919] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 376.431359][T12919] Call Trace: [ 376.431362][T12919] [ 376.431366][T12919] dump_stack_lvl+0x16c/0x1f0 [ 376.431385][T12919] should_fail_ex+0x512/0x640 [ 376.431400][T12919] should_failslab+0xc2/0x120 [ 376.431414][T12919] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 376.431428][T12919] ? skb_clone+0x190/0x3f0 [ 376.431445][T12919] skb_clone+0x190/0x3f0 [ 376.431459][T12919] netlink_deliver_tap+0xabd/0xd30 [ 376.431476][T12919] netlink_unicast+0x5df/0x7f0 [ 376.431493][T12919] ? __pfx_netlink_unicast+0x10/0x10 [ 376.431511][T12919] netlink_sendmsg+0x8d1/0xdd0 [ 376.431528][T12919] ? __pfx_netlink_sendmsg+0x10/0x10 [ 376.431543][T12919] ? __import_iovec+0x1c8/0x660 [ 376.431560][T12919] ____sys_sendmsg+0xa95/0xc70 [ 376.431571][T12919] ? __pfx_____sys_sendmsg+0x10/0x10 [ 376.431580][T12919] ? get_compat_msghdr+0x11a/0x170 [ 376.431599][T12919] ___sys_sendmsg+0x134/0x1d0 [ 376.431613][T12919] ? __pfx____sys_sendmsg+0x10/0x10 [ 376.431643][T12919] __sys_sendmsg+0x16d/0x220 [ 376.431657][T12919] ? __pfx___sys_sendmsg+0x10/0x10 [ 376.431676][T12919] ? rcu_is_watching+0x12/0xc0 [ 376.431689][T12919] __do_fast_syscall_32+0x73/0x120 [ 376.431705][T12919] do_fast_syscall_32+0x32/0x80 [ 376.431720][T12919] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 376.431733][T12919] RIP: 0023:0xf7f27579 [ 376.431741][T12919] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 376.431752][T12919] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 376.431769][T12919] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000280 [ 376.431775][T12919] RDX: 0000000020000400 RSI: 0000000000000000 RDI: 0000000000000000 [ 376.431781][T12919] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 376.431787][T12919] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 376.431793][T12919] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 376.431805][T12919] [ 377.610608][T12962] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1775'. [ 378.143514][ T1413] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.145517][ T1413] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.460372][ T3228] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 378.630472][ T3228] usb 8-1: Using ep0 maxpacket: 16 [ 378.635897][ T3228] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 378.639671][ T3228] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 378.653283][ T3228] usb 8-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 378.664826][ T3228] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.682793][ T3228] usb 8-1: config 0 descriptor?? [ 379.109418][ T3228] usbhid 8-1:0.0: can't add hid device: -71 [ 379.111482][ T3228] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 379.125307][ T3228] usb 8-1: USB disconnect, device number 23 [ 379.394870][T12989] kvm: pic: non byte read [ 379.397856][T12989] kvm: pic: level sensitive irq not supported [ 379.398165][T12989] kvm: pic: non byte read [ 379.404395][T12989] kvm: pic: level sensitive irq not supported [ 379.404702][T12989] kvm: pic: non byte read [ 379.409396][T12989] kvm: pic: level sensitive irq not supported [ 379.409630][T12989] kvm: pic: non byte read [ 379.453579][T12994] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 379.509771][T12996] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1785'. [ 379.516392][T12996] ALSA: mixer_oss: invalid OSS volume 'T' [ 379.736669][T13008] FAULT_INJECTION: forcing a failure. [ 379.736669][T13008] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 379.741902][T13008] CPU: 3 UID: 0 PID: 13008 Comm: syz.0.1790 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 379.741924][T13008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 379.741947][T13008] Call Trace: [ 379.741954][T13008] [ 379.741960][T13008] dump_stack_lvl+0x16c/0x1f0 [ 379.741986][T13008] should_fail_ex+0x512/0x640 [ 379.742008][T13008] _copy_from_user+0x2e/0xd0 [ 379.742028][T13008] get_compat_msghdr+0xa7/0x170 [ 379.742048][T13008] ? __pfx_get_compat_msghdr+0x10/0x10 [ 379.742091][T13008] ? __lock_acquire+0x5ca/0x1ba0 [ 379.742116][T13008] ___sys_recvmsg+0x191/0x1a0 [ 379.742136][T13008] ? __pfx____sys_recvmsg+0x10/0x10 [ 379.742175][T13008] __sys_recvmsg+0x16a/0x220 [ 379.742196][T13008] ? __pfx___sys_recvmsg+0x10/0x10 [ 379.742230][T13008] do_int80_emulation+0x104/0x200 [ 379.742254][T13008] asm_int80_emulation+0x1a/0x20 [ 379.742269][T13008] RIP: 0023:0xf709e579 [ 379.742281][T13008] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 379.742296][T13008] RSP: 002b:00000000f506d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000174 [ 379.742312][T13008] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000300 [ 379.742322][T13008] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 379.742331][T13008] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 379.742339][T13008] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 379.742348][T13008] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 379.742369][T13008] [ 379.764503][T13007] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1788'. [ 379.904324][T13015] 9pnet_fd: Insufficient options for proto=fd [ 379.914480][T13015] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 379.916005][T13018] ubi31: attaching mtd0 [ 379.923117][T13018] ubi31: scanning is finished [ 379.925280][T13018] ubi31: empty MTD device detected [ 379.996942][T13018] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 379.999287][T13018] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 380.002040][T13018] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 380.004222][T13018] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 380.006508][T13018] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 380.008654][T13018] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 380.012974][T13018] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2804745673 [ 380.016897][T13018] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 380.021213][T13023] ubi31: background thread "ubi_bgt31d" started, PID 13023 [ 380.021554][T13021] ubi: mtd0 is already attached to ubi31 [ 380.316197][T13031] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1796'. [ 380.425363][T13038] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1795'. [ 380.957144][T13051] ======================================================= [ 380.957144][T13051] WARNING: The mand mount option has been deprecated and [ 380.957144][T13051] and is ignored by this kernel. Remove the mand [ 380.957144][T13051] option from the mount to silence this warning. [ 380.957144][T13051] ======================================================= [ 381.577716][T13068] ubi: mtd0 is already attached to ubi31 [ 381.650529][ T1454] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 381.905577][T13074] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1805'. [ 381.970399][ T1454] usb 7-1: Using ep0 maxpacket: 16 [ 381.975647][ T1454] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 381.979033][ T1454] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 381.986301][ T1454] usb 7-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 381.989144][ T1454] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.998908][ T1454] usb 7-1: config 0 descriptor?? [ 382.118837][T13080] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1807'. [ 382.216075][ T1454] usbhid 7-1:0.0: can't add hid device: -71 [ 382.219082][ T1454] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 382.236774][ T1454] usb 7-1: USB disconnect, device number 27 [ 382.779919][T13083] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1808'. [ 382.980529][ T58] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 383.110508][ T6011] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 383.130491][ T58] usb 8-1: Using ep0 maxpacket: 8 [ 383.133906][ T58] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 383.136873][ T58] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 383.142121][ T58] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 383.146631][ T58] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 383.151222][ T58] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 383.156442][ T58] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 383.159403][ T58] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 383.164147][ T58] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 383.168997][ T58] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 383.180485][ T58] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 383.185957][ T58] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 383.188938][ T58] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 383.193749][ T58] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 383.198308][ T58] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 383.202682][ T58] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 383.209674][ T58] usb 8-1: string descriptor 0 read error: -22 [ 383.214721][ T58] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 383.218302][ T58] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.230550][ T58] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 383.280529][ T6011] usb 5-1: Using ep0 maxpacket: 16 [ 383.284160][ T6011] usb 5-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 383.287895][ T6011] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 383.292983][ T6011] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.301478][ T6011] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:26.0/input/input41 [ 383.368030][T13111] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1818'. [ 383.371566][T13111] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1818'. [ 383.374419][T13111] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1818'. [ 383.444369][T13085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 383.447338][T13085] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 383.872905][ T5347] bcm5974 5-1:26.0: could not read from device [ 383.876948][ T5347] bcm5974 5-1:26.0: could not read from device [ 383.880852][ T5347] bcm5974 5-1:26.0: could not read from device [ 383.883320][ T6011] usb 5-1: USB disconnect, device number 26 [ 383.903796][T13121] ubi: mtd0 is already attached to ubi31 [ 385.210933][T13143] __nla_validate_parse: 1 callbacks suppressed [ 385.210943][T13143] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1826'. [ 385.331567][T13149] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1827'. [ 385.334476][T13149] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1827'. [ 385.337419][T13149] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1827'. [ 385.340223][T13149] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1827'. [ 385.400406][T13150] netlink: 'syz.0.1828': attribute type 8 has an invalid length. [ 385.403530][T13150] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1828'. [ 385.475064][T13155] 9pnet_virtio: no channels available for device 127.0.0.1 [ 385.501415][ T58] usb 8-1: USB disconnect, device number 24 [ 385.990489][ T58] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 386.048224][T13168] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1834'. [ 386.140547][ T58] usb 5-1: Using ep0 maxpacket: 16 [ 386.144627][ T58] usb 5-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 386.148956][ T58] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 386.152906][ T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.163975][ T58] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:26.0/input/input42 [ 386.571933][ T5347] bcm5974 5-1:26.0: could not read from device [ 386.575548][ T5347] bcm5974 5-1:26.0: could not read from device [ 386.578871][ T5347] bcm5974 5-1:26.0: could not read from device [ 386.580490][ T58] usb 5-1: USB disconnect, device number 27 [ 386.662174][T13171] ubi: mtd0 is already attached to ubi31 [ 386.914947][T13178] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1836'. [ 387.219129][T13182] kvm: pic: non byte read [ 387.222625][T13182] kvm: pic: level sensitive irq not supported [ 387.222866][T13182] kvm: pic: non byte read [ 387.228267][T13182] kvm: pic: level sensitive irq not supported [ 387.228501][T13182] kvm: pic: non byte read [ 387.234673][T13182] kvm: pic: level sensitive irq not supported [ 387.234905][T13182] kvm: pic: non byte read [ 387.236760][T13184] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1838'. [ 387.242542][T13184] netlink: 'syz.1.1838': attribute type 5 has an invalid length. [ 387.245884][T13184] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1838'. [ 387.264952][T13184] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 387.269028][T13184] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 387.272859][T13184] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 387.276531][T13184] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 387.281509][T13184] geneve2: entered promiscuous mode [ 387.283350][T13184] geneve2: entered allmulticast mode [ 387.571407][T13193] netlink: 'syz.1.1841': attribute type 8 has an invalid length. [ 387.830479][ T6011] usb 8-1: new high-speed USB device number 25 using dummy_hcd [ 387.849550][T13196] netlink: 'syz.2.1843': attribute type 2 has an invalid length. [ 387.857002][T13198] ubi: mtd0 is already attached to ubi31 [ 387.992213][ T6011] usb 8-1: Using ep0 maxpacket: 32 [ 387.995708][ T6011] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 388.000247][ T6011] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 388.005231][ T6011] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 388.011818][ T6011] usb 8-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 388.014624][ T6011] usb 8-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 388.017735][ T6011] usb 8-1: Product: syz [ 388.019174][ T6011] usb 8-1: Manufacturer: syz [ 388.020911][ T6011] usb 8-1: SerialNumber: syz [ 388.026852][ T6011] input: appletouch as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/input/input43 [ 388.233404][ T6011] usb 8-1: USB disconnect, device number 25 [ 388.235358][ C2] appletouch 8-1:1.0: atp_complete: usb_submit_urb failed with result -19 [ 388.247033][ T6011] appletouch 8-1:1.0: input: appletouch disconnected [ 388.520566][T13213] netlink: 'syz.1.1848': attribute type 2 has an invalid length. [ 388.575979][T13215] kvm: pic: non byte read [ 388.579641][T13215] kvm: pic: level sensitive irq not supported [ 388.579875][T13215] kvm: pic: non byte read [ 388.585555][T13215] kvm: pic: level sensitive irq not supported [ 388.585785][T13215] kvm: pic: non byte read [ 388.590752][T13215] kvm: pic: level sensitive irq not supported [ 388.591075][T13215] kvm: pic: non byte read [ 389.627167][T13245] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 389.759416][ T6050] usb 8-1: new high-speed USB device number 26 using dummy_hcd [ 389.920524][ T6050] usb 8-1: Using ep0 maxpacket: 16 [ 389.925130][ T6050] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 389.958088][ T6050] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 389.976421][ T6050] usb 8-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 389.988465][T13249] lo speed is unknown, defaulting to 1000 [ 389.990655][ T6050] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.016076][ T6050] usb 8-1: config 0 descriptor?? [ 390.250774][ T6050] usbhid 8-1:0.0: can't add hid device: -71 [ 390.254223][ T6050] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 390.258923][ T6050] usb 8-1: USB disconnect, device number 26 [ 390.397794][T13256] bridge9: entered allmulticast mode [ 390.760672][T13264] netlink: 'syz.2.1865': attribute type 2 has an invalid length. [ 390.947079][T13261] netlink: 'syz.1.1864': attribute type 4 has an invalid length. [ 390.956317][ T29] lo speed is unknown, defaulting to 1000 [ 390.958672][ T29] syz0: Port: 1 Link DOWN [ 391.005749][T13265] lo: left promiscuous mode [ 391.074427][T13272] FAULT_INJECTION: forcing a failure. [ 391.074427][T13272] name failslab, interval 1, probability 0, space 0, times 0 [ 391.079381][T13272] CPU: 2 UID: 0 PID: 13272 Comm: syz.0.1868 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 391.079404][T13272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 391.079415][T13272] Call Trace: [ 391.079421][T13272] [ 391.079428][T13272] dump_stack_lvl+0x16c/0x1f0 [ 391.079473][T13272] should_fail_ex+0x512/0x640 [ 391.079504][T13272] should_failslab+0xc2/0x120 [ 391.079535][T13272] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 391.079558][T13272] ? skb_clone+0x190/0x3f0 [ 391.079582][T13272] skb_clone+0x190/0x3f0 [ 391.079604][T13272] netlink_deliver_tap+0xabd/0xd30 [ 391.079633][T13272] netlink_unicast+0x5df/0x7f0 [ 391.079659][T13272] ? __pfx_netlink_unicast+0x10/0x10 [ 391.079689][T13272] netlink_sendmsg+0x8d1/0xdd0 [ 391.079716][T13272] ? __pfx_netlink_sendmsg+0x10/0x10 [ 391.079740][T13272] ? __import_iovec+0x1c8/0x660 [ 391.079766][T13272] ____sys_sendmsg+0xa95/0xc70 [ 391.079785][T13272] ? __pfx_____sys_sendmsg+0x10/0x10 [ 391.079799][T13272] ? get_compat_msghdr+0x11a/0x170 [ 391.079830][T13272] ___sys_sendmsg+0x134/0x1d0 [ 391.079854][T13272] ? __pfx____sys_sendmsg+0x10/0x10 [ 391.079906][T13272] __sys_sendmsg+0x16d/0x220 [ 391.079930][T13272] ? __pfx___sys_sendmsg+0x10/0x10 [ 391.079963][T13272] ? rcu_is_watching+0x12/0xc0 [ 391.079984][T13272] __do_fast_syscall_32+0x73/0x120 [ 391.080009][T13272] do_fast_syscall_32+0x32/0x80 [ 391.080031][T13272] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 391.080051][T13272] RIP: 0023:0xf709e579 [ 391.080064][T13272] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 391.080080][T13272] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 391.080096][T13272] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 391.080106][T13272] RDX: 0000000000048010 RSI: 0000000000000000 RDI: 0000000000000000 [ 391.080115][T13272] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 391.080124][T13272] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 391.080133][T13272] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 391.080155][T13272] [ 391.653973][ T5950] Bluetooth: hci0: unexpected event for opcode 0x0c5b [ 391.676054][T13282] FAULT_INJECTION: forcing a failure. [ 391.676054][T13282] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 391.680868][T13282] CPU: 0 UID: 0 PID: 13282 Comm: syz.2.1871 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 391.680883][T13282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 391.680889][T13282] Call Trace: [ 391.680894][T13282] [ 391.680897][T13282] dump_stack_lvl+0x16c/0x1f0 [ 391.680916][T13282] should_fail_ex+0x512/0x640 [ 391.680931][T13282] _copy_from_user+0x2e/0xd0 [ 391.680945][T13282] get_compat_msghdr+0xa7/0x170 [ 391.680963][T13282] ? __pfx_get_compat_msghdr+0x10/0x10 [ 391.680980][T13282] ? __lock_acquire+0x5ca/0x1ba0 [ 391.680997][T13282] ___sys_recvmsg+0x191/0x1a0 [ 391.681011][T13282] ? __pfx____sys_recvmsg+0x10/0x10 [ 391.681030][T13282] ? get_pid_task+0xb0/0x250 [ 391.681045][T13282] ? __pfx___might_resched+0x10/0x10 [ 391.681060][T13282] do_recvmmsg+0x568/0x740 [ 391.681075][T13282] ? __pfx_do_recvmmsg+0x10/0x10 [ 391.681097][T13282] ? __fget_files+0x20e/0x3c0 [ 391.681109][T13282] __sys_recvmmsg+0x21c/0x280 [ 391.681123][T13282] ? __pfx___sys_recvmmsg+0x10/0x10 [ 391.681137][T13282] ? __pfx_ksys_write+0x10/0x10 [ 391.681148][T13282] ? rcu_is_watching+0x12/0xc0 [ 391.681160][T13282] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 391.681174][T13282] ? lockdep_hardirqs_on+0x7c/0x110 [ 391.681188][T13282] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 391.681203][T13282] __do_fast_syscall_32+0x73/0x120 [ 391.681219][T13282] do_fast_syscall_32+0x32/0x80 [ 391.681233][T13282] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 391.681246][T13282] RIP: 0023:0xf7f27579 [ 391.681255][T13282] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 391.681265][T13282] RSP: 002b:00000000f502555c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 391.681277][T13282] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080005c80 [ 391.681286][T13282] RDX: 0000000000000344 RSI: 0000000000010122 RDI: 0000000000000000 [ 391.681294][T13282] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 391.681302][T13282] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 391.681310][T13282] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 391.681336][T13282] [ 392.434122][T13303] bridge10: entered allmulticast mode [ 392.621681][T13306] netlink: 'syz.1.1879': attribute type 2 has an invalid length. [ 392.862542][ T6050] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 393.004614][T13323] netlink: 'syz.0.1885': attribute type 3 has an invalid length. [ 393.007129][T13323] netlink: 'syz.0.1885': attribute type 3 has an invalid length. [ 393.009525][T13323] netlink: 'syz.0.1885': attribute type 3 has an invalid length. [ 393.010402][ T6050] usb 7-1: Using ep0 maxpacket: 16 [ 393.012429][T13323] netlink: 'syz.0.1885': attribute type 3 has an invalid length. [ 393.015468][ T6050] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 393.016086][T13323] netlink: 'syz.0.1885': attribute type 3 has an invalid length. [ 393.020579][ T6050] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 393.022839][T13323] netlink: 'syz.0.1885': attribute type 3 has an invalid length. [ 393.026739][ T6050] usb 7-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 393.029040][T13323] netlink: 'syz.0.1885': attribute type 3 has an invalid length. [ 393.037341][ T6050] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.048157][ T6050] usb 7-1: config 0 descriptor?? [ 393.254169][ T6050] usbhid 7-1:0.0: can't add hid device: -71 [ 393.256202][ T6050] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 393.259831][ T6050] usb 7-1: USB disconnect, device number 28 [ 393.392632][T13330] __nla_validate_parse: 9 callbacks suppressed [ 393.392647][T13330] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1887'. [ 393.575828][T13332] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1888'. [ 393.931199][T13340] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1890'. [ 394.768262][T13362] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1897'. [ 395.075494][T13379] capability: warning: `syz.1.1901' uses 32-bit capabilities (legacy support in use) [ 395.478859][T13384] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1902'. [ 395.652306][T13387] ubi: mtd0 is already attached to ubi31 [ 395.655614][T13387] ubi: mtd0 is already attached to ubi31 [ 395.696465][T13389] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1904'. [ 395.774124][T13393] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1906'. [ 395.904637][T13396] random: crng reseeded on system resumption [ 395.909806][T13396] Restarting kernel threads ... done. [ 396.164032][T13402] random: crng reseeded on system resumption [ 396.175228][T13402] Restarting kernel threads ... done. [ 396.564793][T13410] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1911'. [ 396.643363][T13417] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1915'. [ 396.794535][T13422] validate_nla: 52 callbacks suppressed [ 396.794552][T13422] netlink: 'syz.2.1917': attribute type 21 has an invalid length. [ 396.850603][ T9] usb 8-1: new high-speed USB device number 27 using dummy_hcd [ 397.010457][ T9] usb 8-1: Using ep0 maxpacket: 16 [ 397.061767][ T9] usb 8-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 397.065083][ T9] usb 8-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 397.068083][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.082123][ T9] input: bcm5974 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:26.0/input/input44 [ 397.233753][T13427] netlink: 'syz.1.1919': attribute type 2 has an invalid length. [ 398.078478][ T5347] bcm5974 8-1:26.0: could not read from device [ 398.093126][ T5347] bcm5974 8-1:26.0: could not read from device [ 398.103828][ T9] usb 8-1: USB disconnect, device number 27 [ 398.103915][ T5347] bcm5974 8-1:26.0: could not read from device [ 398.369924][T13453] ubi: mtd0 is already attached to ubi31 [ 398.372342][T13453] ubi: mtd0 is already attached to ubi31 [ 398.406874][T13456] 9pnet_fd: p9_fd_create_unix (13456): problem connecting socket: ./file0/file0: -2 [ 398.579573][T13460] random: crng reseeded on system resumption [ 398.584970][T13460] Restarting kernel threads ... done. [ 398.973737][T13464] netlink: 'syz.3.1929': attribute type 2 has an invalid length. [ 399.424631][T13475] vlan2: entered allmulticast mode [ 399.426351][T13475] bond0: entered allmulticast mode [ 399.428022][T13475] bond_slave_0: entered allmulticast mode [ 399.429856][T13475] bond_slave_1: entered allmulticast mode [ 399.431783][T13475] team0: entered allmulticast mode [ 399.433398][T13475] team_slave_0: entered allmulticast mode [ 399.435201][T13475] team_slave_1: entered allmulticast mode [ 399.502252][ T5950] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 399.580845][T13478] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1932'. [ 399.587402][T13478] FAULT_INJECTION: forcing a failure. [ 399.587402][T13478] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 399.593025][T13478] CPU: 2 UID: 0 PID: 13478 Comm: syz.0.1932 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 399.593047][T13478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 399.593058][T13478] Call Trace: [ 399.593064][T13478] [ 399.593071][T13478] dump_stack_lvl+0x16c/0x1f0 [ 399.593099][T13478] should_fail_ex+0x512/0x640 [ 399.593124][T13478] _copy_from_user+0x2e/0xd0 [ 399.593147][T13478] cmsghdr_from_user_compat_to_kern+0x355/0x7d0 [ 399.593177][T13478] ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10 [ 399.593206][T13478] ? __might_fault+0xe3/0x190 [ 399.593227][T13478] ? __might_fault+0x13b/0x190 [ 399.593250][T13478] ____sys_sendmsg+0x488/0xc70 [ 399.593269][T13478] ? __pfx_____sys_sendmsg+0x10/0x10 [ 399.593284][T13478] ? get_compat_msghdr+0x11a/0x170 [ 399.593315][T13478] ___sys_sendmsg+0x134/0x1d0 [ 399.593340][T13478] ? __pfx____sys_sendmsg+0x10/0x10 [ 399.593389][T13478] __sys_sendmsg+0x16d/0x220 [ 399.593412][T13478] ? __pfx___sys_sendmsg+0x10/0x10 [ 399.593444][T13478] ? rcu_is_watching+0x12/0xc0 [ 399.593466][T13478] __do_fast_syscall_32+0x73/0x120 [ 399.593492][T13478] do_fast_syscall_32+0x32/0x80 [ 399.593516][T13478] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 399.593536][T13478] RIP: 0023:0xf709e579 [ 399.593550][T13478] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 399.593565][T13478] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 399.593581][T13478] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240 [ 399.593591][T13478] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 399.593602][T13478] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 399.593610][T13478] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 399.593620][T13478] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 399.593641][T13478] [ 400.043922][T13496] random: crng reseeded on system resumption [ 400.048166][T13496] Restarting kernel threads ... done. [ 400.147524][T13499] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1939'. [ 400.470565][ T9] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 400.623820][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 400.627464][ T9] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 400.630785][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.638681][ T9] usb 7-1: config 0 descriptor?? [ 400.847656][T13520] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1945'. [ 400.851884][ T9] usbhid 7-1:0.0: can't add hid device: -71 [ 400.853828][ T9] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 400.857471][ T9] usb 7-1: USB disconnect, device number 29 [ 401.290439][ T1015] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 401.440452][ T1015] usb 7-1: Using ep0 maxpacket: 32 [ 401.444401][ T1015] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 401.449073][ T1015] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 401.453132][ T1015] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 401.458742][ T1015] usb 7-1: config 0 descriptor?? [ 401.463942][ T1015] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 401.470725][ T1015] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 401.518356][T13530] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1947'. [ 401.705817][ T9] usb 7-1: USB disconnect, device number 30 [ 401.705899][ C0] ldusb 7-1:0.0: usb_submit_urb failed (-19) [ 401.720167][ T9] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 401.728774][T13533] random: crng reseeded on system resumption [ 401.738670][T13533] Restarting kernel threads ... done. [ 401.872767][T13535] FAULT_INJECTION: forcing a failure. [ 401.872767][T13535] name failslab, interval 1, probability 0, space 0, times 0 [ 401.876822][T13535] CPU: 0 UID: 0 PID: 13535 Comm: syz.0.1949 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 401.876837][T13535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 401.876844][T13535] Call Trace: [ 401.876848][T13535] [ 401.876852][T13535] dump_stack_lvl+0x16c/0x1f0 [ 401.876870][T13535] should_fail_ex+0x512/0x640 [ 401.876885][T13535] should_failslab+0xc2/0x120 [ 401.876899][T13535] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 401.876913][T13535] ? skb_clone+0x190/0x3f0 [ 401.876929][T13535] skb_clone+0x190/0x3f0 [ 401.876943][T13535] netlink_deliver_tap+0xabd/0xd30 [ 401.876961][T13535] netlink_unicast+0x5df/0x7f0 [ 401.876977][T13535] ? __pfx_netlink_unicast+0x10/0x10 [ 401.876996][T13535] netlink_sendmsg+0x8d1/0xdd0 [ 401.877012][T13535] ? __pfx_netlink_sendmsg+0x10/0x10 [ 401.877028][T13535] ? __import_iovec+0x1c8/0x660 [ 401.877044][T13535] ____sys_sendmsg+0xa95/0xc70 [ 401.877056][T13535] ? __pfx_____sys_sendmsg+0x10/0x10 [ 401.877064][T13535] ? get_compat_msghdr+0x11a/0x170 [ 401.877084][T13535] ___sys_sendmsg+0x134/0x1d0 [ 401.877098][T13535] ? __pfx____sys_sendmsg+0x10/0x10 [ 401.877127][T13535] __sys_sendmsg+0x16d/0x220 [ 401.877141][T13535] ? __pfx___sys_sendmsg+0x10/0x10 [ 401.877160][T13535] ? rcu_is_watching+0x12/0xc0 [ 401.877173][T13535] __do_fast_syscall_32+0x73/0x120 [ 401.877189][T13535] do_fast_syscall_32+0x32/0x80 [ 401.877203][T13535] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 401.877217][T13535] RIP: 0023:0xf709e579 [ 401.877225][T13535] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 401.877235][T13535] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 401.877245][T13535] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 401.877251][T13535] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 401.877257][T13535] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 401.877263][T13535] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 401.877268][T13535] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 401.877281][T13535] [ 401.877346][T13535] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 401.913099][T13537] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1950'. [ 401.913327][T13535] IPv6: NLM_F_CREATE should be set when creating new route [ 401.921345][T13504] ldusb: No device or device unplugged -19 [ 401.922672][T13535] IPv6: NLM_F_CREATE should be set when creating new route [ 402.680494][ T6050] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 402.797994][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 402.805417][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 402.812513][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 402.819504][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 402.938028][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 402.951957][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 402.961937][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 402.967467][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 402.970398][ T6050] usb 6-1: Using ep0 maxpacket: 16 [ 402.973605][ T6050] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 402.980458][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 402.983825][ T6050] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 402.987965][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 402.994671][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 403.000249][ T6050] usb 6-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 403.004252][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 403.006689][ T6050] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.012440][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 403.020571][ T6050] usb 6-1: config 0 descriptor?? [ 403.024366][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 403.030456][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 403.038149][ T3228] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0 [ 403.055067][ T3228] hid-generic FFF9:0000:0203.0003: hidraw1: HID v0.00 Device [syz0] on syz1 [ 403.284629][ T6050] usbhid 6-1:0.0: can't add hid device: -71 [ 403.286914][ T6050] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 403.290480][ T6050] usb 6-1: USB disconnect, device number 27 [ 403.554388][T13564] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1956'. [ 403.901481][T13571] random: crng reseeded on system resumption [ 403.907148][T13571] Restarting kernel threads ... done. [ 403.958081][T13573] netlink: 'syz.2.1959': attribute type 2 has an invalid length. [ 404.313088][T13587] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1961'. [ 404.540506][ T5950] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 405.306505][T13606] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1968'. [ 405.309308][T13606] netlink: 'syz.1.1968': attribute type 5 has an invalid length. [ 405.311756][T13606] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1968'. [ 406.084278][T13621] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1972'. [ 406.224005][T13623] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1973'. [ 406.700408][ T5950] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 406.934409][T13637] netlink: 'syz.0.1978': attribute type 8 has an invalid length. [ 406.936941][T13637] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1978'. [ 408.142778][T11452] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 408.340385][T11452] usb 6-1: Using ep0 maxpacket: 16 [ 408.626867][T11452] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 408.631537][T11452] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 408.640439][T11452] usb 6-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 408.648623][T11452] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.657170][T11452] usb 6-1: config 0 descriptor?? [ 408.924508][T13673] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1988'. [ 409.172426][T11452] usbhid 6-1:0.0: can't add hid device: -71 [ 409.175488][T11452] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 409.181731][T11452] usb 6-1: USB disconnect, device number 28 [ 409.217862][T13675] FAULT_INJECTION: forcing a failure. [ 409.217862][T13675] name failslab, interval 1, probability 0, space 0, times 0 [ 409.222046][T13675] CPU: 3 UID: 0 PID: 13675 Comm: syz.3.1989 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 409.222060][T13675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 409.222068][T13675] Call Trace: [ 409.222071][T13675] [ 409.222075][T13675] dump_stack_lvl+0x16c/0x1f0 [ 409.222094][T13675] should_fail_ex+0x512/0x640 [ 409.222106][T13675] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 409.222120][T13675] should_failslab+0xc2/0x120 [ 409.222134][T13675] __kmalloc_cache_node_noprof+0x6d/0x420 [ 409.222146][T13675] ? __get_vm_area_node+0x101/0x300 [ 409.222165][T13675] __get_vm_area_node+0x101/0x300 [ 409.222182][T13675] __vmalloc_node_range_noprof+0x277/0x1540 [ 409.222193][T13675] ? vhost_task_create+0x1d2/0x2e0 [ 409.222212][T13675] ? __mod_memcg_lruvec_state+0x533/0x760 [ 409.222226][T13675] ? mod_objcg_state+0x5eb/0xa50 [ 409.222237][T13675] ? vhost_task_create+0x1d2/0x2e0 [ 409.222255][T13675] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 409.222268][T13675] ? rcu_is_watching+0x12/0xc0 [ 409.222280][T13675] ? vhost_task_create+0x1d2/0x2e0 [ 409.222295][T13675] __vmalloc_node_noprof+0x74/0xa0 [ 409.222305][T13675] ? vhost_task_create+0x1d2/0x2e0 [ 409.222321][T13675] copy_process+0x2ead/0x91a0 [ 409.222334][T13675] ? kasan_save_track+0x14/0x30 [ 409.222345][T13675] ? __kasan_kmalloc+0xaa/0xb0 [ 409.222355][T13675] ? vhost_task_create+0xe5/0x2e0 [ 409.222369][T13675] ? kvm_mmu_post_init_vm+0x1b7/0x370 [ 409.222378][T13675] ? kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 409.222395][T13675] ? kvm_vcpu_ioctl+0x5e9/0x1680 [ 409.222410][T13675] ? kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 409.222425][T13675] ? __ia32_compat_sys_ioctl+0x24c/0x360 [ 409.222440][T13675] ? __do_fast_syscall_32+0x73/0x120 [ 409.222455][T13675] ? do_fast_syscall_32+0x32/0x80 [ 409.222469][T13675] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 409.222488][T13675] ? __pfx_copy_process+0x10/0x10 [ 409.222508][T13675] ? lockdep_init_map_type+0x5c/0x280 [ 409.222524][T13675] ? lockdep_init_map_type+0x5c/0x280 [ 409.222538][T13675] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 409.222551][T13675] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 409.222566][T13675] vhost_task_create+0x1d2/0x2e0 [ 409.222581][T13675] ? __pfx_vhost_task_create+0x10/0x10 [ 409.222597][T13675] ? register_lock_class+0x41/0x4c0 [ 409.222614][T13675] ? __pfx_vhost_task_fn+0x10/0x10 [ 409.222630][T13675] ? kvm_vcpu_ioctl+0x27e/0x1680 [ 409.222649][T13675] kvm_mmu_post_init_vm+0x1b7/0x370 [ 409.222661][T13675] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 409.222676][T13675] ? kvm_vcpu_ioctl+0x14c2/0x1680 [ 409.222694][T13675] kvm_vcpu_ioctl+0x5e9/0x1680 [ 409.222712][T13675] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 409.222728][T13675] ? tomoyo_path_number_perm+0x18d/0x580 [ 409.222743][T13675] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 409.222755][T13675] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 409.222771][T13675] ? do_vfs_ioctl+0x512/0x1990 [ 409.222785][T13675] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 409.222811][T13675] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 409.222828][T13675] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 409.222844][T13675] ? __fget_files+0x20e/0x3c0 [ 409.222853][T13675] ? __fput_deferred+0x300/0x370 [ 409.222868][T13675] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 409.222884][T13675] __ia32_compat_sys_ioctl+0x24c/0x360 [ 409.222901][T13675] __do_fast_syscall_32+0x73/0x120 [ 409.222916][T13675] do_fast_syscall_32+0x32/0x80 [ 409.222931][T13675] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 409.222944][T13675] RIP: 0023:0xf7f38579 [ 409.222951][T13675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 409.222961][T13675] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 409.222971][T13675] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae80 [ 409.222977][T13675] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 409.222983][T13675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 409.222989][T13675] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 409.222994][T13675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 409.223007][T13675] [ 409.223121][T13675] syz.3.1989: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 409.368607][T13675] CPU: 2 UID: 0 PID: 13675 Comm: syz.3.1989 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 409.368632][T13675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 409.368643][T13675] Call Trace: [ 409.368649][T13675] [ 409.368657][T13675] dump_stack_lvl+0x16c/0x1f0 [ 409.368684][T13675] warn_alloc+0x248/0x3a0 [ 409.368706][T13675] ? __pfx_warn_alloc+0x10/0x10 [ 409.368728][T13675] ? __kmalloc_cache_node_noprof+0x272/0x420 [ 409.368751][T13675] ? __kasan_kmalloc+0x8a/0xb0 [ 409.368771][T13675] ? __get_vm_area_node+0x1e5/0x300 [ 409.368804][T13675] __vmalloc_node_range_noprof+0xd31/0x1540 [ 409.368820][T13675] ? __mod_memcg_lruvec_state+0x533/0x760 [ 409.368844][T13675] ? mod_objcg_state+0x5eb/0xa50 [ 409.368862][T13675] ? vhost_task_create+0x1d2/0x2e0 [ 409.368892][T13675] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 409.368915][T13675] ? rcu_is_watching+0x12/0xc0 [ 409.368935][T13675] ? vhost_task_create+0x1d2/0x2e0 [ 409.368959][T13675] __vmalloc_node_noprof+0x74/0xa0 [ 409.368976][T13675] ? vhost_task_create+0x1d2/0x2e0 [ 409.369003][T13675] copy_process+0x2ead/0x91a0 [ 409.369024][T13675] ? kasan_save_track+0x14/0x30 [ 409.369042][T13675] ? __kasan_kmalloc+0xaa/0xb0 [ 409.369074][T13675] ? vhost_task_create+0xe5/0x2e0 [ 409.369097][T13675] ? kvm_mmu_post_init_vm+0x1b7/0x370 [ 409.369114][T13675] ? kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 409.369140][T13675] ? kvm_vcpu_ioctl+0x5e9/0x1680 [ 409.369163][T13675] ? kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 409.369187][T13675] ? __ia32_compat_sys_ioctl+0x24c/0x360 [ 409.369210][T13675] ? __do_fast_syscall_32+0x73/0x120 [ 409.369233][T13675] ? do_fast_syscall_32+0x32/0x80 [ 409.369255][T13675] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 409.369288][T13675] ? __pfx_copy_process+0x10/0x10 [ 409.369324][T13675] ? lockdep_init_map_type+0x5c/0x280 [ 409.369349][T13675] ? lockdep_init_map_type+0x5c/0x280 [ 409.369373][T13675] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 409.369392][T13675] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 409.369417][T13675] vhost_task_create+0x1d2/0x2e0 [ 409.369446][T13675] ? __pfx_vhost_task_create+0x10/0x10 [ 409.369470][T13675] ? register_lock_class+0x41/0x4c0 [ 409.369499][T13675] ? __pfx_vhost_task_fn+0x10/0x10 [ 409.369526][T13675] ? kvm_vcpu_ioctl+0x27e/0x1680 [ 409.369559][T13675] kvm_mmu_post_init_vm+0x1b7/0x370 [ 409.369578][T13675] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 409.369602][T13675] ? kvm_vcpu_ioctl+0x14c2/0x1680 [ 409.369629][T13675] kvm_vcpu_ioctl+0x5e9/0x1680 [ 409.369658][T13675] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 409.369685][T13675] ? tomoyo_path_number_perm+0x18d/0x580 [ 409.369709][T13675] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 409.369729][T13675] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 409.369754][T13675] ? do_vfs_ioctl+0x512/0x1990 [ 409.369778][T13675] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 409.369843][T13675] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 409.369871][T13675] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 409.369897][T13675] ? __fget_files+0x20e/0x3c0 [ 409.369911][T13675] ? __fput_deferred+0x300/0x370 [ 409.369937][T13675] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 409.369965][T13675] __ia32_compat_sys_ioctl+0x24c/0x360 [ 409.369992][T13675] __do_fast_syscall_32+0x73/0x120 [ 409.370019][T13675] do_fast_syscall_32+0x32/0x80 [ 409.370044][T13675] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 409.370063][T13675] RIP: 0023:0xf7f38579 [ 409.370077][T13675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 409.370093][T13675] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 409.370118][T13675] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae80 [ 409.370130][T13675] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 409.370140][T13675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 409.370149][T13675] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 409.370159][T13675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 409.370181][T13675] [ 409.370203][T13675] Mem-Info: [ 409.516082][T13675] active_anon:10652 inactive_anon:105 isolated_anon:0 [ 409.516082][T13675] active_file:4391 inactive_file:39250 isolated_file:0 [ 409.516082][T13675] unevictable:1768 dirty:331 writeback:0 [ 409.516082][T13675] slab_reclaimable:5632 slab_unreclaimable:59408 [ 409.516082][T13675] mapped:28395 shmem:6098 pagetables:990 [ 409.516082][T13675] sec_pagetables:308 bounce:0 [ 409.516082][T13675] kernel_misc_reclaimable:0 [ 409.516082][T13675] free:42861 free_pcp:7947 free_cma:0 [ 409.531096][T13675] Node 0 active_anon:3364kB inactive_anon:0kB active_file:420kB inactive_file:15844kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:7056kB dirty:0kB writeback:0kB shmem:5648kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8864kB pagetables:864kB sec_pagetables:1132kB all_unreclaimable? yes Balloon:0kB [ 409.541267][T13675] Node 1 active_anon:42344kB inactive_anon:420kB active_file:17144kB inactive_file:141156kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:109624kB dirty:1324kB writeback:0kB shmem:21844kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3420kB pagetables:3096kB sec_pagetables:100kB all_unreclaimable? no Balloon:0kB [ 409.551616][T13675] Node 0 DMA free:2732kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:228kB local_pcp:132kB free_cma:0kB [ 409.560185][T13675] lowmem_reserve[]: 0 290 290 290 290 [ 409.562062][T13675] Node 0 DMA32 free:31760kB boost:14336kB min:27672kB low:31004kB high:34336kB reserved_highatomic:4096KB active_anon:3364kB inactive_anon:0kB active_file:420kB inactive_file:15844kB unevictable:3536kB writepending:0kB present:1032196kB managed:297560kB mlocked:0kB bounce:0kB free_pcp:4132kB local_pcp:0kB free_cma:0kB [ 409.571490][T13675] lowmem_reserve[]: 0 0 0 0 0 [ 409.573000][T13675] Node 1 DMA32 free:129152kB boost:0kB min:47148kB low:58932kB high:70716kB reserved_highatomic:0KB active_anon:47044kB inactive_anon:420kB active_file:17144kB inactive_file:141156kB unevictable:3536kB writepending:1324kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:27232kB local_pcp:3704kB free_cma:0kB [ 409.583406][T13675] lowmem_reserve[]: 0 0 0 0 0 [ 409.584945][T13675] Node 0 DMA: 63*4kB (U) 22*8kB (UE) 16*16kB (UE) 10*32kB (UE) 1*64kB (U) 1*128kB (E) 0*256kB 1*512kB (E) 1*1024kB (E) 0*2048kB 0*4096kB = 2732kB [ 409.589628][T13675] Node 0 DMA32: 364*4kB (UMEH) 318*8kB (UMEH) 81*16kB (UMEH) 151*32kB (UMEH) 116*64kB (UMEH) 29*128kB (UMEH) 15*256kB (UE) 7*512kB (UME) 3*1024kB (ME) 0*2048kB 0*4096kB = 31760kB [ 409.595271][T13675] Node 1 DMA32: 251*4kB (UME) 222*8kB (UME) 277*16kB (UME) 126*32kB (UME) 114*64kB (UME) 75*128kB (UME) 48*256kB (UME) 20*512kB (UME) 25*1024kB (UME) 12*2048kB (U) 10*4096kB (UM) = 141804kB [ 409.601366][T13675] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 409.604349][T13675] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 409.607210][T13675] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 409.610533][T13675] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 409.614659][T13675] 49990 total pagecache pages [ 409.616615][T13675] 1 pages in swap cache [ 409.618377][T13675] Free swap = 124992kB [ 409.620150][T13675] Total swap = 124996kB [ 409.622002][T13675] 524155 pages RAM [ 409.623608][T13675] 0 pages HighMem/MovableOnly [ 409.625592][T13675] 208854 pages reserved [ 409.627951][T13675] 0 pages cma reserved [ 409.930494][ T5950] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 410.162468][T13686] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1992'. [ 410.166403][T13686] netlink: 'syz.2.1992': attribute type 5 has an invalid length. [ 410.172546][T13686] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1992'. [ 410.194414][T13686] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 410.197270][T13686] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 410.200070][T13686] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 410.202887][T13686] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 410.205740][T13686] geneve2: entered promiscuous mode [ 410.207864][T13686] geneve2: entered allmulticast mode [ 410.402944][T13698] ubi: mtd0 is already attached to ubi31 [ 410.513322][T13704] random: crng reseeded on system resumption [ 410.535446][T13704] Restarting kernel threads ... done. [ 410.695726][T13700] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1995'. [ 410.698519][T13700] netlink: 'syz.2.1995': attribute type 5 has an invalid length. [ 410.710453][T13700] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1995'. [ 410.833959][T13710] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1999'. [ 411.257350][T13724] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2003'. [ 411.489394][T13731] ubi: mtd0 is already attached to ubi31 [ 412.017091][T13750] netlink: 'syz.0.2009': attribute type 8 has an invalid length. [ 412.021460][T13750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2009'. [ 412.160460][ T6050] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 412.313802][ T6050] usb 6-1: Using ep0 maxpacket: 16 [ 412.317056][ T6050] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 412.326754][ T6050] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 412.334255][ T6050] usb 6-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 412.343888][ T6050] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.352837][ T6050] usb 6-1: config 0 descriptor?? [ 413.174250][T13769] netlink: 'syz.0.2014': attribute type 2 has an invalid length. [ 413.264775][T13772] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2015'. [ 414.423130][T13789] hub 2-0:1.0: USB hub found [ 414.424990][T13789] hub 2-0:1.0: 2 ports detected [ 414.916437][ T6050] usbhid 6-1:0.0: can't add hid device: -71 [ 414.918953][ T6050] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 414.923014][ T6050] usb 6-1: USB disconnect, device number 29 [ 414.941634][T13792] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2019'. [ 415.270516][ T1017] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 415.431425][ T1017] usb 7-1: Using ep0 maxpacket: 16 [ 415.437951][ T1017] usb 7-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 415.442305][ T1017] usb 7-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 415.446026][ T1017] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.480667][ T1017] input: bcm5974 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:26.0/input/input45 [ 416.027669][T13822] netlink: 'syz.0.2026': attribute type 2 has an invalid length. [ 416.311265][ T5347] bcm5974 7-1:26.0: could not read from device [ 416.334470][ T5347] bcm5974 7-1:26.0: could not read from device [ 416.338459][ T5347] bcm5974 7-1:26.0: could not read from device [ 416.341342][ T1017] usb 7-1: USB disconnect, device number 31 [ 416.343819][ T5347] bcm5974 7-1:26.0: could not read from device [ 416.540507][T13827] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2028'. [ 416.543284][T13827] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2028'. [ 416.546017][T13827] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2028'. [ 416.548761][T13827] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2028'. [ 416.579844][T13828] netlink: 'syz.3.2027': attribute type 8 has an invalid length. [ 416.582953][T13828] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2027'. [ 416.747645][T13836] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2031'. [ 417.267402][T13848] ubi: mtd0 is already attached to ubi31 [ 417.531635][T13854] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2036'. [ 417.534001][T13855] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2035'. [ 417.534516][T13854] netlink: 'syz.0.2036': attribute type 5 has an invalid length. [ 417.539740][T13854] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2036'. [ 417.551504][T13854] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 417.554343][T13854] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 417.557053][T13854] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 417.559812][T13854] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 417.563723][T13854] geneve2: entered promiscuous mode [ 417.565432][T13854] geneve2: entered allmulticast mode [ 417.908988][T13861] random: crng reseeded on system resumption [ 417.917541][T13861] Restarting kernel threads ... done. [ 417.941758][T13858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2037'. [ 417.945355][T13858] netlink: 'syz.0.2037': attribute type 5 has an invalid length. [ 418.218366][T13868] random: crng reseeded on system resumption [ 418.229317][T13868] Restarting kernel threads ... done. [ 418.370441][ T3228] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 418.620406][ T3228] usb 7-1: Using ep0 maxpacket: 16 [ 418.624198][ T3228] usb 7-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 418.627605][ T3228] usb 7-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 418.631003][ T3228] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.652591][ T3228] input: bcm5974 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:26.0/input/input46 [ 419.060459][ T5347] bcm5974 7-1:26.0: could not read from device [ 419.064466][ T5347] bcm5974 7-1:26.0: could not read from device [ 419.066275][ T3228] usb 7-1: USB disconnect, device number 32 [ 419.068887][ T5347] bcm5974 7-1:26.0: could not read from device [ 419.321499][T13887] netlink: 'syz.1.2045': attribute type 2 has an invalid length. [ 419.526999][T13892] netlink: 'syz.3.2047': attribute type 5 has an invalid length. [ 419.534137][T13892] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 419.536865][T13892] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 419.539556][T13892] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 419.542579][T13892] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 419.545498][T13892] geneve2: entered promiscuous mode [ 419.547151][T13892] geneve2: entered allmulticast mode [ 420.780424][ T5950] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 420.801645][T13917] kvm: pic: non byte read [ 420.805235][T13917] kvm: pic: non byte read [ 420.808684][T13917] kvm: pic: non byte read [ 420.812834][T13917] kvm: pic: non byte read [ 421.186088][T13928] netlink: 'syz.1.2057': attribute type 5 has an invalid length. [ 421.338197][T13932] netlink: 'syz.0.2058': attribute type 8 has an invalid length. [ 421.487860][ T3228] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 421.711894][T13941] netlink: 'syz.0.2061': attribute type 8 has an invalid length. [ 421.714486][T13941] __nla_validate_parse: 8 callbacks suppressed [ 421.714494][T13941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2061'. [ 421.720477][ T3228] usb 7-1: Using ep0 maxpacket: 16 [ 421.724306][ T3228] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 421.727690][ T3228] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 421.736126][ T3228] usb 7-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 421.740298][ T3228] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.745834][ T3228] usb 7-1: config 0 descriptor?? [ 421.961725][ T3228] usbhid 7-1:0.0: can't add hid device: -71 [ 421.987059][ T3228] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 421.992600][ T3228] usb 7-1: USB disconnect, device number 33 [ 422.153031][T13945] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2062'. [ 422.155931][T13945] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2062'. [ 422.158887][T13945] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2062'. [ 422.162216][T13945] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2062'. [ 422.506435][T13955] random: crng reseeded on system resumption [ 422.516041][T13955] Restarting kernel threads ... done. [ 422.647025][T13961] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2067'. [ 422.779641][T13952] netlink: zone id is out of range [ 422.781454][T13952] netlink: zone id is out of range [ 422.783091][T13952] netlink: zone id is out of range [ 422.784708][T13952] netlink: zone id is out of range [ 422.786334][T13952] netlink: zone id is out of range [ 422.787952][T13952] netlink: zone id is out of range [ 422.789733][T13952] netlink: zone id is out of range [ 422.792072][T13952] netlink: zone id is out of range [ 422.793975][T13952] netlink: zone id is out of range [ 422.795960][T13952] netlink: zone id is out of range [ 423.900562][ T5950] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 424.740638][T14000] ubi: mtd0 is already attached to ubi31 [ 424.746922][T14000] ubi: mtd0 is already attached to ubi31 [ 425.051841][ T1017] usb 8-1: new high-speed USB device number 28 using dummy_hcd [ 425.200404][ T1017] usb 8-1: Using ep0 maxpacket: 16 [ 425.208219][ T1017] usb 8-1: config 26 has an invalid descriptor of length 0, skipping remainder of the config [ 425.213499][ T1017] usb 8-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 425.217350][ T1017] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.245802][ T1017] input: bcm5974 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:26.0/input/input47 [ 425.705661][T14018] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2082'. [ 425.711036][T14018] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2082'. [ 425.713899][T14018] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2082'. [ 425.729388][T14018] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2082'. [ 426.061333][ T5347] bcm5974 8-1:26.0: could not read from device [ 426.102199][ T5347] bcm5974 8-1:26.0: could not read from device [ 426.106438][ T1017] usb 8-1: USB disconnect, device number 28 [ 426.108851][ T5347] bcm5974 8-1:26.0: could not read from device [ 427.287029][T14031] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2086'. [ 427.740424][ T5950] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 428.111782][T14056] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2092'. [ 428.163761][T14056] wireguard0: entered promiscuous mode [ 428.169178][T14056] wireguard0: entered allmulticast mode [ 428.186511][T14060] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2093'. [ 428.462604][T14065] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2094'. [ 428.465947][T14065] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2094'. [ 428.468709][T14065] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2094'. [ 428.472597][T14065] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2094'. [ 428.577081][T14072] ubi: mtd0 is already attached to ubi31 [ 428.579255][T14072] ubi: mtd0 is already attached to ubi31 [ 429.592894][T14095] nvme_fabrics: unknown parameter or missing value 'À' in ctrl creation request [ 429.808099][T14082] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2100'. [ 430.435100][T14117] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2110'. [ 430.438572][T14117] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2110'. [ 430.936744][T14132] FAULT_INJECTION: forcing a failure. [ 430.936744][T14132] name failslab, interval 1, probability 0, space 0, times 0 [ 430.941767][T14132] CPU: 0 UID: 0 PID: 14132 Comm: syz.0.2113 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 430.941793][T14132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 430.941800][T14132] Call Trace: [ 430.941804][T14132] [ 430.941808][T14132] dump_stack_lvl+0x16c/0x1f0 [ 430.941827][T14132] should_fail_ex+0x512/0x640 [ 430.941840][T14132] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 430.941855][T14132] should_failslab+0xc2/0x120 [ 430.941869][T14132] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 430.941881][T14132] ? getname_flags.part.0+0x4c/0x550 [ 430.941898][T14132] getname_flags.part.0+0x4c/0x550 [ 430.941913][T14132] getname_flags+0x93/0xf0 [ 430.941928][T14132] user_path_at+0x24/0x60 [ 430.941938][T14132] __ia32_sys_mount+0x1fb/0x310 [ 430.941951][T14132] ? __pfx___ia32_sys_mount+0x10/0x10 [ 430.941964][T14132] ? rcu_is_watching+0x12/0xc0 [ 430.941977][T14132] __do_fast_syscall_32+0x73/0x120 [ 430.941993][T14132] do_fast_syscall_32+0x32/0x80 [ 430.942008][T14132] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 430.942022][T14132] RIP: 0023:0xf709e579 [ 430.942030][T14132] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 430.942040][T14132] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 430.942050][T14132] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000040 [ 430.942057][T14132] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000080000200 [ 430.942063][T14132] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 430.942068][T14132] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 430.942074][T14132] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 430.942086][T14132] [ 431.109508][T14134] random: crng reseeded on system resumption [ 431.114018][T14134] Restarting kernel threads ... done. [ 431.830502][ T5950] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 572.700364][ C0] BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=0 stuck for 140s! [ 572.703198][ C0] BUG: workqueue lockup - pool cpus=2 node=0 flags=0x0 nice=0 stuck for 140s! [ 572.707119][ C0] BUG: workqueue lockup - pool cpus=3 node=0 flags=0x0 nice=0 stuck for 140s! [ 572.710508][ C0] Showing busy workqueues and worker pools: [ 572.712410][ C0] workqueue events: flags=0x0 [ 572.713982][ C0] pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=3 refcnt=4 [ 572.714003][ C0] pending: psi_avgs_work, vmstat_shepherd, rht_deferred_worker [ 572.714036][ C0] pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=19 refcnt=20 [ 572.714054][ C0] pending: 4*nsim_dev_hwstats_traffic_work, 2*psi_avgs_work, 5*ovs_dp_masks_rebalance, psi_avgs_work, e1000_watchdog, 6*rht_deferred_worker [ 572.714122][ C0] workqueue events_long: flags=0x0 [ 572.728556][ C0] pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2 [ 572.728578][ C0] pending: br_multicast_gc_work [ 572.728607][ C0] pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=15 refcnt=16 [ 572.728629][ C0] pending: 5*defense_work_handler, 6*br_multicast_gc_work, 4*br_fdb_cleanup [ 572.728691][ C0] workqueue events_unbound: flags=0x2 [ 572.740239][ C0] pwq 32: cpus=0-7 flags=0x4 nice=0 active=4 refcnt=5 [ 572.740257][ C0] in-flight: 1200:nsim_dev_trap_report_work ,13:cfg80211_wiphy_work [ 572.740324][ C0] pending: 2*cfg80211_wiphy_work [ 572.747432][ C0] pwq 32: cpus=0-7 flags=0x4 nice=0 active=3 refcnt=4 [ 572.747455][ C0] in-flight: 217:toggle_allocation_gate [ 572.747479][ C0] pending: 2*nsim_dev_trap_report_work [ 572.747505][ C0] workqueue events_power_efficient: flags=0x80 [ 572.755543][ C0] pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=6 refcnt=7 [ 572.755563][ C0] pending: fb_flashcursor, do_cache_clean, neigh_managed_work, neigh_periodic_work, device_uncache_fw_images_work, gc_worker [ 572.755642][ C0] pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=3 refcnt=4 [ 572.755679][ C0] pending: 3*check_lifetime [ 572.755715][ C0] workqueue kvfree_rcu_reclaim: flags=0xa [ 572.768133][ C0] pwq 32: cpus=0-7 flags=0x4 nice=0 active=2 refcnt=3 [ 572.768153][ C0] pending: kfree_rcu_monitor, fill_page_cache_func [ 572.768176][ C0] pwq 32: cpus=0-7 flags=0x4 nice=0 active=1 refcnt=2 [ 572.768191][ C0] pending: kfree_rcu_monitor [ 572.768206][ C0] workqueue mm_percpu_wq: flags=0x8 [ 572.778577][ C0] pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2 [ 572.778598][ C0] pending: vmstat_update [ 572.778629][ C0] workqueue kblockd: flags=0x18 [ 572.784353][ C0] pwq 7: cpus=1 node=0 flags=0x0 nice=-20 active=1 refcnt=2 [ 572.784372][ C0] in-flight: 1256:blk_mq_timeout_work [ 572.784409][ C0] workqueue gid-cache-wq: flags=0x20002 [ 572.790471][ C0] pwq 32: cpus=0-7 flags=0x4 nice=0 active=1 refcnt=10 [ 572.790489][ C0] pending: netdevice_event_work_handler [ 572.790582][ C0] workqueue dm_bufio_cache: flags=0x8 [ 572.796559][ C0] pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2 [ 572.796582][ C0] pending: work_fn [ 572.796694][ C0] workqueue ipv6_addrconf: flags=0x6000a [ 572.802470][ C0] pwq 32: cpus=0-7 flags=0x4 nice=0 active=1 refcnt=13 [ 572.802500][ C0] pending: addrconf_verify_work [ 572.802523][ C0] inactive: 3*addrconf_verify_work [ 572.802548][ C0] workqueue krxrpcd: flags=0x2001a [ 572.810561][ C0] pwq 33: cpus=0-7 flags=0x4 nice=-20 active=1 refcnt=11 [ 572.810593][ C0] pending: rxrpc_peer_keepalive_worker [ 572.810627][ C0] inactive: rxrpc_peer_keepalive_worker [ 572.810692][ C0] workqueue bat_events: flags=0x6000a [ 572.818641][ C0] pwq 32: cpus=0-7 flags=0x4 nice=0 active=1 refcnt=19 [ 572.818658][ C0] in-flight: 12:batadv_nc_worker [ 572.818678][ C0] inactive: 4*batadv_nc_worker, batadv_mcast_mla_update, batadv_purge_orig, batadv_tt_purge, batadv_dat_purge, batadv_bla_periodic_work [ 572.818742][ C0] workqueue wg-crypt-wg0: flags=0x28 [ 572.828757][ C0] pwq 10: cpus=2 node=0 flags=0x0 nice=0 active=1 refcnt=2 [ 572.828792][ C0] pending: wg_packet_encrypt_worker [ 572.828822][ C0] workqueue wg-crypt-wg1: flags=0x28 [ 572.835143][ C0] pwq 10: cpus=2 node=0 flags=0x0 nice=0 active=1 refcnt=2 [ 572.835162][ C0] pending: wg_packet_encrypt_worker [ 572.835176][ C0] pwq 14: cpus=3 node=0 flags=0x0 nice=0 active=1 refcnt=2 [ 572.835193][ C0] pending: wg_packet_encrypt_worker [ 572.835211][ C0] workqueue wg-crypt-wg0: flags=0x28 [ 572.845361][ C0] pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2 [ 572.845382][ C0] pending: wg_packet_encrypt_worker [ 572.845401][ C0] workqueue wg-crypt-wg1: flags=0x28 [ 572.851226][ C0] pwq 10: cpus=2 node=0 flags=0x0 nice=0 active=1 refcnt=2 [ 572.851261][ C0] pending: wg_packet_encrypt_worker [ 572.851285][ C0] workqueue wg-crypt-wg0: flags=0x28 [ 572.857586][ C0] pwq 14: cpus=3 node=0 flags=0x0 nice=0 active=1 refcnt=2 [ 572.857606][ C0] pending: wg_packet_encrypt_worker [ 572.857629][ C0] workqueue wg-crypt-wg1: flags=0x28 [ 572.863572][ C0] pwq 10: cpus=2 node=0 flags=0x0 nice=0 active=1 refcnt=2 [ 572.863592][ C0] pending: wg_packet_encrypt_worker [ 572.863608][ C0] workqueue wg-crypt-wg2: flags=0x28 [ 572.869465][ C0] pwq 10: cpus=2 node=0 flags=0x0 nice=0 active=1 refcnt=2 [ 572.869484][ C0] pending: wg_packet_encrypt_worker [ 572.869501][ C0] workqueue wg-crypt-wg0: flags=0x28 [ 572.875453][ C0] pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2 [ 572.875473][ C0] pending: wg_packet_encrypt_worker [ 572.875494][ C0] workqueue wg-crypt-wg2: flags=0x28 [ 572.881438][ C0] pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2 [ 572.881458][ C0] pending: wg_packet_encrypt_worker [ 572.881518][ C0] workqueue bond3: flags=0x2000a [ 572.887310][ C0] pwq 32: cpus=0-7 flags=0x4 nice=0 active=1 refcnt=10 [ 572.887329][ C0] pending: bond_alb_monitor [ 572.887351][ C0] pool 7: cpus=1 node=0 flags=0x0 nice=-20 hung=0s workers=2 idle: 30 [ 572.887385][ C0] pool 32: cpus=0-7 flags=0x4 nice=0 hung=95s workers=9 idle: 1141 1135 76 64 43 [ 572.887425][ C0] Showing backtraces of running workers in stalled CPU-bound worker pools: VM DIAGNOSIS: 22:45:33 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000073 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854aebb5 RDI=ffffffff9ae0cb80 RBP=ffffffff9ae0cb40 RSP=ffffc900000076d8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000073 R14=ffffffff9ae0cb40 R15=ffffffff854aeb50 RIP=ffffffff854aebdf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977bf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080cb7000 CR3=0000000024e16000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff88802b441480 RCX=ffffffff81ae9b89 RDX=ffff888021d72440 RSI=ffffffff81ae9b63 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90002cff938 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffffed1005688291 R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b33b180 RIP=ffffffff81ae9b65 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978bf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002f8feffc CR3=000000000e180000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000a60ce07b 00000000cec3662e ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1b0c44cffc0faa92 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff8880672f4340 RCX=ffffffff897f2fed RDX=1ffff1100ce5e867 RSI=ffffffff897f2a46 RDI=0000000000000005 RBP=ffff88806d5a4000 RSP=ffffc90000538d88 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000000000001 R13=0000000000000000 R14=ffff8880672f4340 R15=ffffffff897f28c0 RIP=ffffffff81baa9f0 RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880979bf000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f50a4da4 CR3=0000000024e16000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000013800000000 0000000400000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffff888025b65398 RCX=00000000fffffffe RDX=0000000000000000 RSI=ffff888025b65398 RDI=ffff888025b65398 RBP=ffff888025b65370 RSP=ffffc900005e8ce8 R8 =0000000000080000 R9 =0000000000000001 R10=0000000000000001 R11=0000000000000000 R12=000000000000006d R13=0000000000000001 R14=ffff888025b64880 R15=0000000000000000 RIP=ffffffff81978aad RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097abf000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c24f024 CR3=0000000024e16000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000013800000000 0000000400000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000