last executing test programs: 6.790090419s ago: executing program 3 (id=1645): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x5, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) connect$unix(r3, &(0x7f00000003c0)=@abs={0x1, 0x0, 0x4e20}, 0x6e) syz_open_procfs(0x0, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, @void, @value, @void, @value}, 0x50) syz_emit_ethernet(0x46, &(0x7f0000000140)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x68, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x80, 0x0}, @local}, @redirect={0x5, 0x0, 0x0, @multicast2, {0x5, 0x4, 0x1, 0x5, 0x6, 0x67, 0x3, 0xf4, 0x29, 0x4, @remote, @loopback}, "11b4dce01fa17d63"}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f0000000100)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x8}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x6, 0x0, 0xb, 0xa}, {0xf}}, [@printk={@lu, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x2, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = socket$inet_tcp(0x2, 0x1, 0x0) r6 = fsopen(&(0x7f0000000480)='incremental-fs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000300)='source', &(0x7f00000000c0)='%(,:', 0x0) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xf}) 5.812758088s ago: executing program 3 (id=1650): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r4, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) ioctl$EVIOCGKEYCODE_V2(r5, 0x80284504, &(0x7f0000000040)=""/185) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r9, 0x84, 0x4, &(0x7f0000000080)=0x3, 0x4) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r8], 0x54}}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) r11 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000250800170000000000000a000000", @ANYRES32=r12, @ANYBLOB="0174dfdb0d"], 0x20}}, 0x0) r13 = socket(0x1, 0x803, 0x0) getsockname$packet(r13, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r1, 0x0, 0x0) r14 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x20, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000900c0000000000000000000018010000646c6c250000000000200000bfa10000000000000701000028958e46f574c7f8ffffffb702000008000000b7030000040000008d0000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r14}, 0x10) r15 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r15, 0x8933, &(0x7f0000000240)={'vxcan1\x00'}) sendmsg$nl_route(r15, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4400000010004b04000023dc5ad93c5c2b7b0000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800500160003000000080004"], 0x44}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB='@\x00'/20, @ANYRES32=0x0, @ANYBLOB], 0x40}}, 0x2) 5.168034734s ago: executing program 2 (id=1656): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESHEX]) read$FUSE(0xffffffffffffffff, &(0x7f0000004180)={0x2020, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008400)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9474a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x90, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4000, 0x0, {0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x6000, 0x0, 0x0, 0x0, 0x800}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000340)={0x50, 0x0, r4, {0x7, 0x29, 0xffffff81, 0x22000b02, 0x2, 0x0, 0x6, 0x3e9f6a88}}, 0x50) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x1d0) ioctl$FIBMAP(r5, 0x401070ca, &(0x7f0000000000)) ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000400)={0xf0f020}) syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00') socket(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) openat$ttynull(0xffffff9c, &(0x7f00000000c0), 0x20000, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="030e82634f3ddfa1ccc857216e95f8dcf83108a5960c7af7810f1cde995f1e4579eb58d8b482ff80fa2e5cb9ec9ba222f0ac6a0710813ef910aa97cba9e2cd065c47c1920e8eda63856c716fe228e033f726bd7360608c7d13ae43880e04f604780dce6dee36069e3c07e0be1b24dc8ecf8c5cd2ec2a64090fd050d00dd1b4c75ef4383a7527872432addfd29031831f2f3e7cd20e093f5c370e37f3834c82f98342622e2ef2d34507b69a", 0xab}, {&(0x7f0000000700)="c4755e9db224dd81d433d0470bf81e3a599c41cb6d819e0db3", 0x19}], 0x2}, 0x8041) r9 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x2000, 0xfffffffd, 0x0, 0x0, r7}, &(0x7f0000000140)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {0x2100}, 0x1}) io_uring_enter(r9, 0x2ded, 0x4000, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r12, 0x6, &(0x7f0000002000)={0x1, 0x0, 0x0, 0x1}) fcntl$lock(0xffffffffffffffff, 0x21, &(0x7f0000000280)={0x1, 0x1, 0x80}) 4.6802952s ago: executing program 2 (id=1658): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000000)) r1 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) close(r1) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1) fcntl$setlease(r2, 0x400, 0x1) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000040)={0x5a, 0x0, '\x00', [@ra={0x5, 0x2, 0x81}]}, 0x10) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) 4.187431001s ago: executing program 1 (id=1659): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x5, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) connect$unix(r3, &(0x7f00000003c0)=@abs={0x1, 0x0, 0x4e20}, 0x6e) syz_open_procfs(0x0, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, @void, @value, @void, @value}, 0x50) syz_emit_ethernet(0x46, &(0x7f0000000140)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x68, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x80, 0x0}, @local}, @redirect={0x5, 0x0, 0x0, @multicast2, {0x5, 0x4, 0x1, 0x5, 0x6, 0x67, 0x3, 0xf4, 0x29, 0x4, @remote, @loopback}, "11b4dce01fa17d63"}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f0000000100)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x8}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x6, 0x0, 0xb, 0xa}, {0xf}}, [@printk={@lu, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x2, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = socket$inet_tcp(0x2, 0x1, 0x0) r6 = fsopen(&(0x7f0000000480)='incremental-fs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000300)='source', &(0x7f00000000c0)='%(,:', 0x0) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xf}) 4.187289364s ago: executing program 3 (id=1660): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x880, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0x8090ae81, 0x0) 4.182990384s ago: executing program 0 (id=1667): r0 = epoll_create1(0x0) r1 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket(0x2, 0x1, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0x933, 0x0) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r1) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=0x0]) mount(0x0, 0x0, &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_EXPIRE(r3, 0x810c9365, 0x0) r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r6) r7 = socket(0x2b, 0x1, 0x1) bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r6, 0x0) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) accept4$unix(r7, &(0x7f0000000100), 0x0, 0x80000) sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newqdisc={0x7c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x50, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}, {{0x1c, 0x1, {0x7, 0x7, 0xaca, 0x3, 0x1, 0x5, 0x7, 0x3}}, {0xa, 0x2, [0x2, 0x0, 0xffff]}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$AUTOFS_IOC_READY(r4, 0x9360, 0xfffffffd) close_range(r0, 0xffffffffffffffff, 0x0) 4.074097883s ago: executing program 3 (id=1661): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[], 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000080)=""/1) 3.470145989s ago: executing program 2 (id=1662): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000040)={'wg0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000240)={'syztnl2\x00', r1, 0x29, 0x0, 0x80, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x44}, @loopback={0xff00, 0xffff888101827518}, 0x80, 0x8000, 0x9, 0x40}}) 3.420593019s ago: executing program 2 (id=1663): r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x40801, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0xa}}, 0x20) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e85"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r5, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000008003000000", 0x58}], 0x1) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x7, @remote}, r2}}, 0x48) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@updpolicy={0xb8, 0x19, 0x1, 0xfffffffc, 0x0, {{@in=@remote, @in6=@local, 0x4e22, 0x0, 0x4e24, 0x8002, 0xa, 0x0, 0x50}, {0x0, 0x1000000000000401, 0xfffffffffffffffe, 0x3ffffffd, 0x8, 0x1a, 0x1, 0xfffffffffffffffe}, {0x7a, 0x5, 0x0, 0x7fff}, 0x8, 0x0, 0x1, 0x1, 0x3}}, 0xb8}}, 0x40) syz_emit_ethernet(0x4a, &(0x7f0000000ac0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3286dd608a37f200142c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa"], 0x0) io_uring_enter(0xffffffffffffffff, 0x567, 0x0, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f0000000080)={0x12, 0x10, 0xfa00, {&(0x7f0000000000), r2, r1}}, 0x18) socket(0x10, 0x3, 0x0) syz_open_dev$usbmon(&(0x7f0000000140), 0x9f, 0x408003) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) 3.269902736s ago: executing program 0 (id=1664): openat$cdrom(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x80000002, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f000000000000000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$cdrom(0xffffff9c, &(0x7f00000012c0), 0x42880, 0x0) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) socket$l2tp6(0xa, 0x2, 0x73) ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {0x2000000, 0x2}, {}, {}, {0x2000}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, 0x5, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x0, 0xc}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) syz_usbip_server_init(0x3) 3.269300293s ago: executing program 2 (id=1665): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r0) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x8, 0x0, &(0x7f0000000040)) io_uring_setup(0x2d58, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newtaction={0xcc, 0x30, 0x1, 0x0, 0x0, {}, [{0xb8, 0x1, [@m_ct={0x6c, 0x1a, 0x0, 0x0, {{0x7}, {0x44, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e76, 0x20000000, 0x0, 0xf}}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @dev={0xfe, 0x80, '\x00', 0x26}}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @private0}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xc, 0x40}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x880}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) acct(&(0x7f00000001c0)='./file0\x00') memfd_create(0x0, 0x4) acct(0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600, 0x0, 0x2000]}}], 0xffc8) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000580)=ANY=[@ANYBLOB="140100001f00010d0de6fd0000000000020100800c000100000000000051aeb0655127a49b01000000000000000000000000000250bb2d6f67d29d6fabadb107d0def49c88ea0463f6abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e88f33fc26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c6fbe81010000dd01000003009482565856555e0c23c6b0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce918b55ac64337803f5eb4e5842f4d98fe3fa370d4706000000061dc35817c8a66c29be82fddb000038c30985817a6e1bb8f524b03d115132b194f15282cc623bb36ab8043f37c1283083d7873af02469d285f9b87b036abcf0fe65c483195ed0ab3e9d66226c2af58808d4dbf67b6d1292664a17fab03e3af3337c17b8ee101fcc8a2bba69418c74a44555b27c97b1af280875324f8090a79eafe2336ca876f7b2e835a5f8eaf20c6b2c27c942a602c1d8691ec8bd0429516edda52f6304acce4fd96699ccedeaae5557a0fa3b2207c57a98d0882435740b6ba61088de636b7a50384a224a0abb0798f8ff1c4d66aafd25a79696645e57ec81a3a58ff2a3b1995e2aaf5ccca33968fb38511d23c0a56277b81d9e8eee2fc0d1dfb6118ab1d1e18d545e19aeefd48fed99762f3f13ef56bb905c84f9aeb782291a08"], 0x114}], 0x1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 3.191941013s ago: executing program 1 (id=1666): r0 = syz_open_pts(0xffffffffffffffff, 0x200681) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000003c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) (async) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x8, 0x5, &(0x7f0000000740)=ANY=[@ANYBLOB="687706000800000018350000030000000000000000000000181a0000", @ANYRES32, @ANYBLOB="00000000000a000032ae199ab0b7afd76339a6b28644ee56467c9b3ab2dd3558958317db15566f26779948e9904ec540be5b66cf21b1aa3113ea6e52ae54755d4b1d02ddf03180c4e35b83f59129a8aa106d7ab1b158cf121706f784773b60d97e27056c80156069932d0e358290f51abd382b720537f7c8db2f320ada715bb562edad9e11701f54304f22e81aee7dd4830cd55586239dc334d121e8c6f8d32f283cc5b97c7816c95b28"], &(0x7f0000000540)='GPL\x00', 0x4, 0x91, &(0x7f0000000580)=""/145, 0x40f00, 0x8, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x8, &(0x7f00000006c0)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000700)={0x4, 0x9, 0xfff, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x3, &(0x7f0000000b80)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000bc0)=[{0x4, 0x2, 0x10, 0x3}, {0x2, 0x1, 0xf, 0x7}, {0x2, 0x4, 0xa}], 0x10, 0x10, @void, @value}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x8, 0x5, &(0x7f0000000740)=ANY=[@ANYBLOB="687706000800000018350000030000000000000000000000181a0000", @ANYRES32, @ANYBLOB="00000000000a000032ae199ab0b7afd76339a6b28644ee56467c9b3ab2dd3558958317db15566f26779948e9904ec540be5b66cf21b1aa3113ea6e52ae54755d4b1d02ddf03180c4e35b83f59129a8aa106d7ab1b158cf121706f784773b60d97e27056c80156069932d0e358290f51abd382b720537f7c8db2f320ada715bb562edad9e11701f54304f22e81aee7dd4830cd55586239dc334d121e8c6f8d32f283cc5b97c7816c95b28"], &(0x7f0000000540)='GPL\x00', 0x4, 0x91, &(0x7f0000000580)=""/145, 0x40f00, 0x8, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x8, &(0x7f00000006c0)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000700)={0x4, 0x9, 0xfff, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x3, &(0x7f0000000b80)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000bc0)=[{0x4, 0x2, 0x10, 0x3}, {0x2, 0x1, 0xf, 0x7}, {0x2, 0x4, 0xa}], 0x10, 0x10, @void, @value}, 0x94) r2 = accept4(r1, 0x0, 0x0, 0x80000) syz_genetlink_get_family_id$fou(&(0x7f0000000040), r2) sendmsg$alg(r2, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@assoc={0x0, 0x117, 0x4, 0x6}, @assoc={0x0, 0x117, 0x4, 0x3}, @op={0x0, 0x117, 0x3, 0x1}], 0x35, 0x810}, 0x20044000) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000000200)={'syztnl2\x00', 0x0, 0x2f, 0x32, 0x0, 0x3, 0x20, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8, 0x20, 0x8, 0x40000}}) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x5, 0x2}, {0x1, 0xe}}}, 0x24}}, 0x0) sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@dellink={0x20, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r6, 0x10820, 0x400}}, 0x20}}, 0x4084) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r2, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000227bd7000fddbdf250600000022000180080003000100000008000100", @ANYRES32=r3, @ANYBLOB="08021700", @ANYRES32=r6, @ANYBLOB="140002006d616373656330000000000000000000"], 0x44}, 0x1, 0x0, 0x0, 0x400a000}, 0x880) sendmsg$NL80211_CMD_SET_PMK(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x0, 0x20, 0x70bd27, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "721fc6cc2973ae87c6a0a499d2c0803a"}]}, 0x28}}, 0x4000000) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)) (async) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) fcntl$lock(r0, 0x5, &(0x7f0000000040)={0x2, 0x3, 0x0, 0x9, r7}) (async) fcntl$lock(r0, 0x5, &(0x7f0000000040)={0x2, 0x3, 0x0, 0x9, r7}) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r8, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r8, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f00000002c0), 0x4) (async) setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f00000002c0), 0x4) socket$alg(0x26, 0x5, 0x0) (async) r9 = socket$alg(0x26, 0x5, 0x0) r10 = accept4(r9, 0x0, 0x0, 0x0) recvmmsg$unix(r10, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x2, &(0x7f0000000140)=@ccm_128={{0x304}, "68c4502393926b50", "09f700", "1ab6c0e5"}, 0x28) (async) setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x2, &(0x7f0000000140)=@ccm_128={{0x304}, "68c4502393926b50", "09f700", "1ab6c0e5"}, 0x28) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f0000000480)={0x1c, 0x9}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000640)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) (async) r11 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000640)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r11, 0xffffffffffffffff, 0x0) (async) close_range(r11, 0xffffffffffffffff, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) 2.900723567s ago: executing program 1 (id=1668): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) read$nci(r0, 0x0, 0x0) close(0x3) syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r1) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000", @ANYBLOB], 0x1c}}, 0x0) accept4$tipc(0xffffffffffffffff, 0x0, 0x0, 0x800) mmap(&(0x7f000027a000/0x1000)=nil, 0x1000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r2 = fanotify_init(0x40, 0x101000) mmap(&(0x7f00000e5000/0x4000)=nil, 0x4000, 0x100000a, 0x20010, r2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18) 2.320558704s ago: executing program 2 (id=1669): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x21}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @empty}, 0x10) sendto$inet(r6, 0x0, 0x218, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r6, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) sendmsg$NFT_BATCH(r1, 0x0, 0x0) 2.040384425s ago: executing program 1 (id=1670): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x880, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r0, 0x8090ae81, 0x0) 2.040103404s ago: executing program 1 (id=1671): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8) recvmsg$kcm(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{0x0}, {&(0x7f0000000600)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/32, 0x20}], 0x3, &(0x7f0000000380)=""/40, 0x28}, 0x2140) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x90}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x4, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x89}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x8002) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r4) sendmsg$IEEE802154_LLSEC_SETPARAMS(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x14, r5, 0x1}, 0x14}}, 0x0) r6 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)={0x1c, r6, 0xf01, 0xfffffffc, 0x0, {0x5}, [@BATADV_ATTR_MESH_IFINDEX={0x51}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) ioctl$USBDEVFS_FREE_STREAMS(r9, 0x8008551d, &(0x7f0000000240)={0xc408, 0x1, [{}]}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo={{0xa}, {0x8}}]}, 0x38}}, 0x4004010) sendmmsg$inet(r7, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)={0x44, 0x2, 0x6, 0x301, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x93}]}]}, 0x44}}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000004c0)={r1, 0x58, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bind$xdp(r1, &(0x7f0000000500)={0x2c, 0x2, r12, 0x22, r1}, 0x10) r13 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a0b04000000000000000002000000300004802c0001800b00010074617267657400001c13028010000100434f4e4e5345434d41524b0008000240000000000900010073797a3000000000090002007300010000000000000000000000000a00000000000000000000000069d465897ce28f1b916efb9fe733f355ddf98bda1317278969a89704c5cd3e851ac367d13b12b1d6c08b96eff2"], 0x84}}, 0x0) 1.83042178s ago: executing program 0 (id=1672): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x8200) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffdd2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELOBJ={0x2c, 0x14, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x24, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x98}}, 0x0) setresgid(0xee00, 0x0, 0xffffffffffffffff) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000080)={0x0, @initdev, @initdev}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xff, 0x0, 0xff, 0x9}}, 0x1c}, 0x1, 0x0, 0x0, 0x84}, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x29, 0x0, 0x80, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x44}, @loopback={0xff00, 0xffff888101827518}, 0x80, 0x8000, 0x9, 0x40}}) 1.830108422s ago: executing program 0 (id=1673): r0 = epoll_create1(0x0) r1 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket(0x2, 0x1, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0x933, 0x0) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r1) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=0x0]) mount(0x0, 0x0, &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_EXPIRE(r3, 0x810c9365, 0x0) r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r6) r7 = socket(0x2b, 0x1, 0x1) bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r6, 0x0) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) accept4$unix(r7, &(0x7f0000000100), 0x0, 0x80000) sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newqdisc={0x7c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x50, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}, {{0x1c, 0x1, {0x7, 0x7, 0xaca, 0x3, 0x1, 0x5, 0x7, 0x3}}, {0xa, 0x2, [0x2, 0x0, 0xffff]}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$AUTOFS_IOC_READY(r4, 0x9360, 0xfffffffd) close_range(r0, 0xffffffffffffffff, 0x0) 974.432193ms ago: executing program 0 (id=1674): r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x40801, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0xa}}, 0x20) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e85"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000008003000000", 0x58}], 0x1) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x7, @remote}, r2}}, 0x48) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@updpolicy={0xb8, 0x19, 0x1, 0xfffffffc, 0x0, {{@in=@remote, @in6=@local, 0x4e22, 0x0, 0x4e24, 0x8002, 0xa, 0x0, 0x50}, {0x0, 0x1000000000000401, 0xfffffffffffffffe, 0x3ffffffd, 0x8, 0x1a, 0x1, 0xfffffffffffffffe}, {0x7a, 0x5, 0x0, 0x7fff}, 0x8, 0x0, 0x1, 0x1, 0x3}}, 0xb8}}, 0x40) syz_emit_ethernet(0x4a, &(0x7f0000000ac0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3286dd608a37f200142c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa"], 0x0) io_uring_enter(0xffffffffffffffff, 0x567, 0x0, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f0000000080)={0x12, 0x10, 0xfa00, {&(0x7f0000000000), r2, r1}}, 0x18) socket(0x10, 0x3, 0x0) syz_open_dev$usbmon(&(0x7f0000000140), 0x9f, 0x408003) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) 973.986434ms ago: executing program 3 (id=1675): r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x5, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) connect$unix(r4, &(0x7f00000003c0)=@abs={0x1, 0x0, 0x4e20}, 0x6e) syz_open_procfs(0x0, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, @void, @value, @void, @value}, 0x50) syz_emit_ethernet(0x46, &(0x7f0000000140)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x68, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x80, 0x0}, @local}, @redirect={0x5, 0x0, 0x0, @multicast2, {0x5, 0x4, 0x1, 0x5, 0x6, 0x67, 0x3, 0xf4, 0x29, 0x4, @remote, @loopback}, "11b4dce01fa17d63"}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f0000000100)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x8}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x6, 0x0, 0xb, 0xa}, {0xf}}, [@printk={@lu, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x2, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = socket$inet_tcp(0x2, 0x1, 0x0) r7 = fsopen(&(0x7f0000000480)='incremental-fs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000300)='source', &(0x7f00000000c0)='%(,:', 0x0) close_range(r6, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xf}) 696.341715ms ago: executing program 0 (id=1676): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x21}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @empty}, 0x10) sendto$inet(r6, 0x0, 0x218, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r6, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) (fail_nth: 1) sendmsg$NFT_BATCH(r1, 0x0, 0x0) 317.084Β΅s ago: executing program 1 (id=1677): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r0) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x8, 0x0, &(0x7f0000000040)) io_uring_setup(0x2d58, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newtaction={0xcc, 0x30, 0x1, 0x0, 0x0, {}, [{0xb8, 0x1, [@m_ct={0x6c, 0x1a, 0x0, 0x0, {{0x7}, {0x44, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e76, 0x20000000, 0x0, 0xf}}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @dev={0xfe, 0x80, '\x00', 0x26}}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @private0}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xc, 0x40}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x880}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) acct(&(0x7f00000001c0)='./file0\x00') memfd_create(0x0, 0x4) acct(0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600, 0x0, 0x2000]}}], 0xffc8) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000580)=ANY=[@ANYBLOB="140100001f00010d0de6fd0000000000020100800c000100000000000051aeb0655127a49b01000000000000000000000000000250bb2d6f67d29d6fabadb107d0def49c88ea0463f6abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e88f33fc26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c6fbe81010000dd01000003009482565856555e0c23c6b0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce918b55ac64337803f5eb4e5842f4d98fe3fa370d4706000000061dc35817c8a66c29be82fddb000038c30985817a6e1bb8f524b03d115132b194f15282cc623bb36ab8043f37c1283083d7873af02469d285f9b87b036abcf0fe65c483195ed0ab3e9d66226c2af58808d4dbf67b6d1292664a17fab03e3af3337c17b8ee101fcc8a2bba69418c74a44555b27c97b1af280875324f8090a79eafe2336ca876f7b2e835a5f8eaf20c6b2c27c942a602c1d8691ec8bd0429516edda52f6304acce4fd96699ccedeaae5557a0fa3b2207c57a98d0882435740b6ba61088de636b7a50384a224a0abb0798f8ff1c4d66aafd25a79696645e57ec81a3a58ff2a3b1995e2aaf5ccca33968fb38511d23c0a56277b81d9e8eee2fc0d1dfb6118ab1d1e18d545e19aeefd48fed99762f3f13ef56bb905c84f9aeb782291a08"], 0x114}], 0x1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 0s ago: executing program 3 (id=1678): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) read$nci(r0, 0x0, 0x0) close(0x3) syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r1) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000", @ANYBLOB], 0x1c}}, 0x0) accept4$tipc(0xffffffffffffffff, 0x0, 0x0, 0x800) mmap(&(0x7f000027a000/0x1000)=nil, 0x1000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r2 = fanotify_init(0x40, 0x101000) mmap(&(0x7f00000e5000/0x4000)=nil, 0x4000, 0x100000a, 0x20010, r2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18) kernel console output (not intermixed with test programs): .190428][ T40] audit: type=1326 audit(1747185015.361:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10236 comm="syz.2.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 267.206274][ T40] audit: type=1326 audit(1747185015.371:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10236 comm="syz.2.1264" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 267.211069][T10231] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 267.216803][T10231] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 267.222906][ T5988] usb 8-1: USB disconnect, device number 59 [ 267.240527][ T6239] rc_core: IR keymap rc-hauppauge not found [ 267.242671][ T6239] Registered IR keymap rc-empty [ 267.245139][ T6239] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 267.249393][ T6239] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input62 [ 267.356356][T10245] netlink: 'syz.1.1266': attribute type 1 has an invalid length. [ 267.358832][T10245] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1266'. [ 267.404068][ T836] usb 7-1: USB disconnect, device number 52 [ 267.810381][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 267.952834][T10259] netlink: 'syz.3.1270': attribute type 13 has an invalid length. [ 267.957282][T10258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1271'. [ 267.991951][ T5947] block nbd3: Receive control failed (result -107) [ 268.011580][T10240] Process accounting resumed [ 268.036169][ T5956] block nbd3: shutting down sockets [ 268.236021][T10266] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1272'. [ 268.311847][T10262] 9pnet_fd: Insufficient options for proto=fd [ 268.481204][T10269] netlink: 'syz.2.1274': attribute type 1 has an invalid length. [ 268.730485][ T6239] usb 7-1: new full-speed USB device number 53 using dummy_hcd [ 268.840488][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 268.848637][T10276] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12) [ 268.850789][T10276] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 268.853342][T10276] vhci_hcd vhci_hcd.0: Device attached [ 268.871606][T10280] netlink: 'syz.1.1277': attribute type 10 has an invalid length. [ 268.875674][T10280] bond0: (slave wlan1): Opening slave failed [ 268.902002][ T6239] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 268.906190][ T6239] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 268.909890][ T6239] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 268.913833][ T6239] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.917516][ T6239] usb 7-1: config 0 descriptor?? [ 268.925947][ T6239] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 268.928066][ T6239] dvb-usb: bulk message failed: -22 (3/0) [ 268.931314][ T6239] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 268.937850][ T6239] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 268.939114][T10282] FAULT_INJECTION: forcing a failure. [ 268.939114][T10282] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 268.940099][ T6239] usb 7-1: media controller created [ 268.944207][T10282] CPU: 0 UID: 0 PID: 10282 Comm: syz.1.1278 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 268.944223][T10282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 268.944229][T10282] Call Trace: [ 268.944234][T10282] [ 268.944238][T10282] dump_stack_lvl+0x16c/0x1f0 [ 268.944258][T10282] should_fail_ex+0x512/0x640 [ 268.944276][T10282] _copy_from_user+0x2e/0xd0 [ 268.944295][T10282] move_addr_to_kernel+0x65/0x170 [ 268.944313][T10282] __get_compat_msghdr+0x3f1/0x4d0 [ 268.944327][T10282] get_compat_msghdr+0xd2/0x170 [ 268.944339][T10282] ? __pfx_get_compat_msghdr+0x10/0x10 [ 268.944352][T10282] ? __pfx__kstrtoull+0x10/0x10 [ 268.944367][T10282] ___sys_sendmsg+0x1ae/0x1d0 [ 268.944382][T10282] ? __pfx____sys_sendmsg+0x10/0x10 [ 268.944401][T10282] ? find_held_lock+0x2b/0x80 [ 268.944420][T10282] __sys_sendmmsg+0x2f9/0x420 [ 268.944435][T10282] ? __pfx___sys_sendmmsg+0x10/0x10 [ 268.944452][T10282] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 268.944474][T10282] ? fput+0x70/0xf0 [ 268.944488][T10282] ? ksys_write+0x1b9/0x240 [ 268.944498][T10282] ? __pfx_ksys_write+0x10/0x10 [ 268.944511][T10282] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 268.944524][T10282] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 268.944541][T10282] __do_fast_syscall_32+0x73/0x120 [ 268.944558][T10282] do_fast_syscall_32+0x32/0x80 [ 268.944574][T10282] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 268.944587][T10282] RIP: 0023:0xf7f47579 [ 268.944596][T10282] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 268.944606][T10282] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 268.944616][T10282] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000440 [ 268.944623][T10282] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 268.944629][T10282] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 268.944635][T10282] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 268.944640][T10282] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 268.944653][T10282] [ 269.015922][ T6239] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 269.021362][ T6239] dvb-usb: bulk message failed: -22 (6/0) [ 269.025628][ T6239] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 269.029991][ T6239] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input63 [ 269.034958][ T6239] dvb-usb: schedule remote query interval to 150 msecs. [ 269.037130][ T6239] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 269.076166][T10284] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 269.079001][T10284] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 269.083996][T10284] vhci_hcd vhci_hcd.0: Device attached [ 269.110684][ T6035] usb 37-1: new high-speed USB device number 9 using vhci_hcd [ 269.123264][T10269] 8021q: adding VLAN 0 to HW filter on device bond7 [ 269.165503][ T6660] usb 7-1: USB disconnect, device number 53 [ 269.178634][ T6660] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 269.340358][ T6001] usb 43-1: new high-speed USB device number 8 using vhci_hcd [ 269.489361][T10277] vhci_hcd: connection reset by peer [ 269.501009][ T8791] vhci_hcd: stop threads [ 269.502751][ T8791] vhci_hcd: release socket [ 269.504672][ T8791] vhci_hcd: disconnect device [ 269.590400][ T5988] usb 6-1: new high-speed USB device number 69 using dummy_hcd [ 269.613241][T10285] vhci_hcd: connection reset by peer [ 269.616414][ T65] vhci_hcd: stop threads [ 269.618234][ T65] vhci_hcd: release socket [ 269.620191][ T65] vhci_hcd: disconnect device [ 269.740816][ T5988] usb 6-1: Using ep0 maxpacket: 8 [ 269.743743][ T5988] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 269.746519][ T5988] usb 6-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 269.750031][ T5988] usb 6-1: config 179 has no interface number 0 [ 269.752138][ T5988] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid wMaxPacketSize 0 [ 269.755144][ T5988] usb 6-1: config 179 interface 65 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 23 [ 269.759363][ T5988] usb 6-1: config 179 interface 65 has no altsetting 0 [ 269.761578][ T5988] usb 6-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 269.764374][ T5988] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.880572][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 269.940631][T10297] netlink: 'syz.2.1281': attribute type 1 has an invalid length. [ 269.943184][T10297] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1281'. [ 270.020984][ T5988] usb 6-1: USB disconnect, device number 69 [ 270.340852][ T5982] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 270.503110][ T5982] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 270.507603][ T5982] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 270.512066][ T5982] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 270.517230][ T5982] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 270.521651][ T5982] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.527085][ T5982] usb 5-1: config 0 descriptor?? [ 270.575605][T10297] Process accounting resumed [ 270.699547][T10307] netlink: 'syz.1.1284': attribute type 13 has an invalid length. [ 270.885502][T10309] 9pnet_fd: Insufficient options for proto=fd [ 270.920425][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 271.134236][T10299] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1282'. [ 271.143597][ T5982] usbhid 5-1:0.0: can't add hid device: -71 [ 271.145678][ T5982] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 271.151321][ T5982] usb 5-1: USB disconnect, device number 66 [ 271.484213][T10316] netlink: 'syz.2.1287': attribute type 13 has an invalid length. [ 271.531048][ T5947] block nbd2: Receive control failed (result -107) [ 271.572842][T10316] block nbd2: shutting down sockets [ 271.601541][T10321] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1289'. [ 271.970346][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 272.008156][T10329] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12) [ 272.010258][T10329] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 272.013395][T10329] vhci_hcd vhci_hcd.0: Device attached [ 272.158252][T10334] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1292'. [ 272.389432][T10339] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1293'. [ 272.585713][T10330] vhci_hcd: connection closed [ 272.586408][ T65] vhci_hcd: stop threads [ 272.594377][ T65] vhci_hcd: release socket [ 272.596809][ T65] vhci_hcd: disconnect device [ 272.821511][T10348] netlink: 'syz.1.1296': attribute type 13 has an invalid length. [ 273.000453][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 273.196142][T10356] netlink: 'syz.2.1298': attribute type 1 has an invalid length. [ 273.220121][T10360] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 273.301388][T10365] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1301'. [ 273.334296][ T40] kauditd_printk_skb: 18 callbacks suppressed [ 273.334308][ T40] audit: type=1326 audit(1747185021.541:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 273.344706][ T40] audit: type=1326 audit(1747185021.541:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 273.354684][ T40] audit: type=1326 audit(1747185021.541:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1302" exe="/syz-executor" sig=0 arch=40000003 syscall=101 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 273.361566][ T40] audit: type=1326 audit(1747185021.541:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 273.368282][ T40] audit: type=1326 audit(1747185021.541:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 273.375306][ T40] audit: type=1326 audit(1747185021.541:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1302" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 273.382114][ T40] audit: type=1326 audit(1747185021.541:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 273.388952][ T40] audit: type=1326 audit(1747185021.541:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 273.395751][ T40] audit: type=1326 audit(1747185021.541:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1302" exe="/syz-executor" sig=0 arch=40000003 syscall=371 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 273.402638][ T40] audit: type=1326 audit(1747185021.541:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 273.460378][ T6660] usb 7-1: new full-speed USB device number 55 using dummy_hcd [ 273.579585][T10370] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1303'. [ 273.582632][ T5988] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 273.635040][ T6660] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 273.639752][ T6660] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 273.644158][ T6660] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 273.647812][ T6660] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.658001][ T6660] usb 7-1: config 0 descriptor?? [ 273.665687][ T6660] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 273.668333][ T6660] dvb-usb: bulk message failed: -22 (3/0) [ 273.677839][ T6660] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 273.684718][ T6660] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 273.687535][ T6660] usb 7-1: media controller created [ 273.695329][T10374] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1304'. [ 273.706790][ T6660] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 273.718622][ T6660] dvb-usb: bulk message failed: -22 (6/0) [ 273.724514][ T6660] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 273.731329][ T6660] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input64 [ 273.741531][ T6660] dvb-usb: schedule remote query interval to 150 msecs. [ 273.745230][ T6660] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 273.763270][ T5988] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 273.766280][ T5988] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 273.771652][ T5988] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 273.774564][ T5988] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 273.777282][ T5988] usb 5-1: Manufacturer: syz [ 273.781425][ T5988] usb 5-1: config 0 descriptor?? [ 273.841752][ T5988] rc_core: IR keymap rc-hauppauge not found [ 273.843721][ T5988] Registered IR keymap rc-empty [ 273.846027][ T5988] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 273.850615][ T5988] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input65 [ 273.865780][T10356] 8021q: adding VLAN 0 to HW filter on device bond8 [ 273.900792][ T6660] dvb-usb: bulk message failed: -22 (1/0) [ 273.907588][ T6660] dvb-usb: error while querying for an remote control event. [ 273.933863][ T58] usb 7-1: USB disconnect, device number 55 [ 273.947570][T10383] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 273.949669][T10383] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 273.952334][T10383] vhci_hcd vhci_hcd.0: Device attached [ 273.971864][ T58] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 273.990772][ T29] usb 5-1: USB disconnect, device number 67 [ 274.040399][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 274.202144][ T6035] vhci_hcd: vhci_device speed not set [ 274.532551][T10392] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1308'. [ 274.536586][T10395] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1308'. [ 274.572076][T10400] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1310'. [ 274.574527][T10384] vhci_hcd: connection reset by peer [ 274.576959][ T1136] vhci_hcd: stop threads [ 274.578536][ T1136] vhci_hcd: release socket [ 274.582022][ T1136] vhci_hcd: disconnect device [ 274.660346][ T6001] vhci_hcd: vhci_device speed not set [ 274.830322][ T6239] usb 7-1: new high-speed USB device number 56 using dummy_hcd [ 274.862938][T10387] 9pnet_fd: Insufficient options for proto=fd [ 275.080378][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 275.790440][ T5988] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 275.840347][ T6660] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 275.920462][ T5988] usb 6-1: device descriptor read/64, error -71 [ 276.038633][ T6660] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 276.048783][ T6660] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.054901][ T6660] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 276.058666][ T6660] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 276.070412][ T6660] usb 5-1: Manufacturer: syz [ 276.090713][ T6660] usb 5-1: config 0 descriptor?? [ 276.130354][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 276.150350][ T6660] rc_core: IR keymap rc-hauppauge not found [ 276.152436][ T6660] Registered IR keymap rc-empty [ 276.155309][ T6660] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 276.160159][ T6660] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input66 [ 276.170617][ T5988] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 276.193197][T10432] netlink: 'syz.3.1320': attribute type 13 has an invalid length. [ 276.298433][ T6660] usb 5-1: USB disconnect, device number 68 [ 276.310569][ T5988] usb 6-1: device descriptor read/64, error -71 [ 276.430648][ T5988] usb usb6-port1: attempt power cycle [ 276.770412][ T5988] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 276.790839][ T5988] usb 6-1: device descriptor read/8, error -71 [ 276.826847][T10439] netlink: 'syz.2.1323': attribute type 10 has an invalid length. [ 276.830120][T10439] bond0: (slave wlan1): Opening slave failed [ 277.040417][ T5988] usb 6-1: new high-speed USB device number 73 using dummy_hcd [ 277.060802][ T5988] usb 6-1: device descriptor read/8, error -71 [ 277.168631][T10445] netlink: 'syz.0.1322': attribute type 1 has an invalid length. [ 277.170402][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 277.171228][T10445] __nla_validate_parse: 2 callbacks suppressed [ 277.171238][T10445] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1322'. [ 277.173490][ T5988] usb usb6-port1: unable to enumerate USB device [ 277.716182][T10440] Process accounting resumed [ 278.200396][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 279.240924][ C2] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 280.280376][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 281.320622][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 282.360438][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 283.400467][ C3] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 284.440380][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 285.480391][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 286.530396][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 287.560545][ C2] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 288.600490][ C2] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 289.640474][ C2] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 290.680481][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 291.720371][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 292.760407][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 293.800551][ C3] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 294.850378][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 295.880546][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 296.930404][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 297.960395][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 299.000381][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 300.040367][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 301.080395][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 302.120439][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 302.317136][T10453] 9pnet_fd: Insufficient options for proto=fd [ 302.319365][T10451] 9pnet_fd: Insufficient options for proto=fd [ 302.377444][T10459] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.1328'. [ 302.378952][T10460] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.1326'. [ 303.160416][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 303.271580][T10466] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1329'. [ 303.309726][T10469] bridge1: entered promiscuous mode [ 303.311899][T10469] bridge1: entered allmulticast mode [ 303.316950][T10469] team0: Port device bridge1 added [ 303.437147][T10474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1332'. [ 303.817890][T10483] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.1334'. [ 304.200395][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 304.743967][T10490] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 304.746076][T10490] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 304.748870][T10490] vhci_hcd vhci_hcd.0: Device attached [ 304.791708][T10494] netlink: 2048 bytes leftover after parsing attributes in process `syz.2.1336'. [ 304.797092][T10494] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1336'. [ 304.903596][T10499] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.1337'. [ 305.000713][ T6001] usb 43-1: new high-speed USB device number 9 using vhci_hcd [ 305.094932][T10497] netlink: 'syz.2.1336': attribute type 1 has an invalid length. [ 305.097591][T10497] nbd: error processing sock list [ 305.240332][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 305.809925][T10492] vhci_hcd: connection reset by peer [ 305.813845][ T1136] vhci_hcd: stop threads [ 305.815527][ T1136] vhci_hcd: release socket [ 305.817039][ T1136] vhci_hcd: disconnect device [ 305.938538][T10507] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.1340'. [ 306.280345][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 306.839566][T10515] netlink: 'syz.2.1339': attribute type 1 has an invalid length. [ 306.842212][T10515] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1339'. [ 307.320353][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 307.374537][T10525] 9pnet_fd: Insufficient options for proto=fd [ 308.172691][T10535] __nla_validate_parse: 3 callbacks suppressed [ 308.172703][T10535] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1346'. [ 308.246429][T10538] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.1348'. [ 308.360383][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 309.265227][T10544] netlink: 'syz.2.1350': attribute type 1 has an invalid length. [ 309.358291][T10549] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12) [ 309.360422][T10549] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 309.363063][T10549] vhci_hcd vhci_hcd.0: Device attached [ 309.400340][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 309.520362][ T10] usb 7-1: new full-speed USB device number 57 using dummy_hcd [ 309.540402][ T58] Process accounting resumed [ 309.587574][T10556] netlink: 'syz.0.1349': attribute type 1 has an invalid length. [ 309.590003][T10556] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1349'. [ 309.639756][T10550] vhci_hcd: connection closed [ 309.639866][ T46] vhci_hcd: stop threads [ 309.642868][ T46] vhci_hcd: release socket [ 309.645687][ T46] vhci_hcd: disconnect device [ 309.650368][ T29] usb 39-1: new high-speed USB device number 5 using vhci_hcd [ 309.652821][ T29] usb 39-1: enqueue for inactive port 0 [ 309.682166][ T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 309.685391][ T10] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 309.688221][ T10] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 309.691221][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.698993][ T10] usb 7-1: config 0 descriptor?? [ 309.702636][ T10] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 309.704958][ T10] dvb-usb: bulk message failed: -22 (3/0) [ 309.709356][ T10] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 309.712464][ T10] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 309.714674][ T10] usb 7-1: media controller created [ 309.717705][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 309.722601][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 309.724375][ T10] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 309.730441][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input67 [ 309.730543][ T29] vhci_hcd: vhci_device speed not set [ 309.735049][ T10] dvb-usb: schedule remote query interval to 150 msecs. [ 309.737801][ T10] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 309.896096][ T58] Process accounting resumed [ 309.900031][T10558] netlink: 'syz.3.1352': attribute type 1 has an invalid length. [ 309.900443][ T10] dvb-usb: bulk message failed: -22 (1/0) [ 309.902680][T10558] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1352'. [ 309.904308][ T10] dvb-usb: error while querying for an remote control event. [ 309.910756][T10544] 8021q: adding VLAN 0 to HW filter on device bond9 [ 309.949645][T10544] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1350'. [ 309.955454][ T6660] usb 7-1: USB disconnect, device number 57 [ 309.971886][ T6660] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 310.120438][ T6001] vhci_hcd: vhci_device speed not set [ 310.263908][T10568] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1354'. [ 310.440453][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 310.459800][T10571] 9pnet_fd: Insufficient options for proto=fd [ 311.132137][T10579] netlink: 'syz.3.1356': attribute type 1 has an invalid length. [ 311.135345][T10579] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1356'. [ 311.220892][ T6043] Process accounting resumed [ 311.224671][T10585] netlink: 'syz.1.1358': attribute type 1 has an invalid length. [ 311.227157][T10585] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1358'. [ 311.466113][T10592] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1361'. [ 311.469401][T10592] netlink: 'syz.2.1361': attribute type 10 has an invalid length. [ 311.478911][T10593] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.1359'. [ 311.480047][T10592] bond0: (slave wlan1): Opening slave failed [ 311.485784][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 312.520389][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 312.553784][T10613] netlink: 'syz.1.1373': attribute type 13 has an invalid length. [ 312.591756][T10615] netlink: 'syz.0.1366': attribute type 1 has an invalid length. [ 312.780748][ T29] Process accounting resumed [ 312.828515][T10619] netlink: 'syz.2.1365': attribute type 1 has an invalid length. [ 312.860557][ T2291] usb 5-1: new full-speed USB device number 69 using dummy_hcd [ 313.022103][ T2291] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 313.025300][ T2291] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 313.028093][ T2291] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 313.031134][ T2291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.035290][ T2291] usb 5-1: config 0 descriptor?? [ 313.041467][ T2291] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 313.043659][ T2291] dvb-usb: bulk message failed: -22 (3/0) [ 313.053216][ T2291] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 313.056253][ T2291] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 313.058512][ T2291] usb 5-1: media controller created [ 313.061318][ T2291] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 313.069120][ T2291] dvb-usb: bulk message failed: -22 (6/0) [ 313.071508][ T2291] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 313.077840][ T2291] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb5/5-1/input/input68 [ 313.083956][ T2291] dvb-usb: schedule remote query interval to 150 msecs. [ 313.086997][ T2291] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 313.241272][ T2291] dvb-usb: bulk message failed: -22 (1/0) [ 313.243352][ T2291] dvb-usb: error while querying for an remote control event. [ 313.248067][T10615] 8021q: adding VLAN 0 to HW filter on device bond7 [ 313.254453][T10615] __nla_validate_parse: 4 callbacks suppressed [ 313.254463][T10615] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1366'. [ 313.261777][ T66] usb 5-1: USB disconnect, device number 69 [ 313.271500][ T66] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 313.442650][T10626] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.1368'. [ 313.560343][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 313.561684][T10627] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1370'. [ 313.960875][T10629] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1371'. [ 313.974902][T10629] netlink: 'syz.0.1371': attribute type 10 has an invalid length. [ 313.990234][T10629] bond0: (slave wlan1): Opening slave failed [ 314.471291][T10633] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1374'. [ 314.474724][T10635] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1375'. [ 314.610344][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 314.637037][T10644] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11) [ 314.639164][T10644] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 314.641628][T10644] vhci_hcd vhci_hcd.0: Device attached [ 314.648633][T10646] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1377'. [ 314.726699][T10651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1378'. [ 314.880599][ T6001] usb 37-1: new high-speed USB device number 10 using vhci_hcd [ 315.072927][T10656] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.1380'. [ 315.433691][T10648] vhci_hcd: connection reset by peer [ 315.448839][ T1139] vhci_hcd: stop threads [ 315.458006][ T1139] vhci_hcd: release socket [ 315.474297][ T1139] vhci_hcd: disconnect device [ 315.650337][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 315.779305][T10659] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1382'. [ 315.799252][T10661] netlink: 'syz.3.1381': attribute type 10 has an invalid length. [ 315.812838][T10661] bond0: (slave wlan1): Opening slave failed [ 316.613415][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.615364][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.647742][ T34] Process accounting resumed [ 316.667089][T10694] netlink: 'syz.0.1389': attribute type 1 has an invalid length. [ 316.680433][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 316.833155][T10699] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 316.835293][T10699] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 316.838642][T10699] vhci_hcd vhci_hcd.0: Device attached [ 316.923888][T10697] 9pnet_fd: Insufficient options for proto=fd [ 317.099740][T10703] netlink: 'syz.3.1394': attribute type 10 has an invalid length. [ 317.102417][ T58] usb 39-1: new high-speed USB device number 6 using vhci_hcd [ 317.105410][T10703] bond0: (slave wlan1): Opening slave failed [ 317.189500][T10707] netlink: 'syz.0.1403': attribute type 10 has an invalid length. [ 317.193775][T10707] bond0: (slave wlan1): Opening slave failed [ 317.381267][T10709] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 317.383388][T10709] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 317.386806][T10709] vhci_hcd vhci_hcd.0: Device attached [ 317.439173][T10700] vhci_hcd: connection reset by peer [ 317.441439][ T1139] vhci_hcd: stop threads [ 317.442808][ T1139] vhci_hcd: release socket [ 317.444239][ T1139] vhci_hcd: disconnect device [ 317.640389][ T29] usb 43-1: new high-speed USB device number 10 using vhci_hcd [ 317.720349][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 318.009685][T10710] vhci_hcd: connection reset by peer [ 318.013532][ T95] vhci_hcd: stop threads [ 318.015092][ T95] vhci_hcd: release socket [ 318.016572][ T95] vhci_hcd: disconnect device [ 318.223898][T10715] 9pnet_fd: Insufficient options for proto=fd [ 318.319307][T10728] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 318.321426][T10728] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 318.324077][T10728] vhci_hcd vhci_hcd.0: Device attached [ 318.560361][ T6035] usb 41-1: new high-speed USB device number 11 using vhci_hcd [ 318.760542][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 318.938306][T10729] vhci_hcd: connection reset by peer [ 318.940082][ T1137] vhci_hcd: stop threads [ 318.942120][ T1137] vhci_hcd: release socket [ 318.945830][ T1137] vhci_hcd: disconnect device [ 318.971818][ T2291] Process accounting resumed [ 318.996917][T10743] netlink: 'syz.0.1404': attribute type 1 has an invalid length. [ 318.997774][T10745] __nla_validate_parse: 8 callbacks suppressed [ 318.997784][T10745] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1406'. [ 318.999422][T10743] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1404'. [ 319.002382][T10745] netlink: 'syz.1.1406': attribute type 10 has an invalid length. [ 319.010121][T10745] bond0: (slave wlan1): Opening slave failed [ 319.248838][T10749] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 319.250957][T10749] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 319.253810][T10749] vhci_hcd vhci_hcd.0: Device attached [ 319.723956][T10761] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.1411'. [ 319.800357][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 319.890324][T10750] vhci_hcd: connection closed [ 319.892834][T10765] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 319.893236][ T1139] vhci_hcd: stop threads [ 319.894378][T10765] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 319.894682][T10765] vhci_hcd vhci_hcd.0: Device attached [ 319.900808][ T1139] vhci_hcd: release socket [ 319.901112][ T1139] vhci_hcd: disconnect device [ 320.033700][ T6001] vhci_hcd: vhci_device speed not set [ 320.170454][ T2291] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 320.300425][ T2291] usb 5-1: device descriptor read/64, error -71 [ 320.477252][T10766] vhci_hcd: connection closed [ 320.477498][ T12] vhci_hcd: stop threads [ 320.482196][ T12] vhci_hcd: release socket [ 320.483815][ T12] vhci_hcd: disconnect device [ 320.541790][ T2291] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 320.680426][ T2291] usb 5-1: device descriptor read/64, error -71 [ 320.754656][T10771] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 320.756737][T10771] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 320.759258][T10771] vhci_hcd vhci_hcd.0: Device attached [ 320.790573][ T2291] usb usb5-port1: attempt power cycle [ 320.850333][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 321.068112][T10775] netlink: 'syz.3.1413': attribute type 10 has an invalid length. [ 321.072224][T10775] bond0: (slave wlan1): Opening slave failed [ 321.099816][T10777] No control pipe specified [ 321.150484][ T2291] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 321.157379][T10780] netlink: 'syz.2.1422': attribute type 13 has an invalid length. [ 321.173804][ T2291] usb 5-1: device descriptor read/8, error -71 [ 321.176629][T10781] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1414'. [ 321.211313][ T5947] block nbd2: Receive control failed (result -107) [ 321.270794][T10780] block nbd2: shutting down sockets [ 321.369640][T10772] vhci_hcd: connection closed [ 321.371639][ T46] vhci_hcd: stop threads [ 321.374599][ T46] vhci_hcd: release socket [ 321.380350][ T46] vhci_hcd: disconnect device [ 321.424647][T10784] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1415'. [ 321.428333][T10784] netlink: 'syz.3.1415': attribute type 10 has an invalid length. [ 321.431873][T10784] bond0: (slave wlan1): Opening slave failed [ 321.445644][ T2291] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 321.471038][ T2291] usb 5-1: device descriptor read/8, error -71 [ 321.580669][ T2291] usb usb5-port1: unable to enumerate USB device [ 321.880362][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 322.022618][ T66] Process accounting resumed [ 322.054634][T10799] netlink: 'syz.3.1420': attribute type 1 has an invalid length. [ 322.057913][T10799] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1420'. [ 322.189560][T10803] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 322.191753][T10803] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 322.194313][T10803] vhci_hcd vhci_hcd.0: Device attached [ 322.198886][ T58] vhci_hcd: vhci_device speed not set [ 322.416517][T10802] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 322.419140][T10802] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 322.421809][T10802] vhci_hcd vhci_hcd.0: Device attached [ 322.676886][T10809] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1424'. [ 322.706258][T10811] FAULT_INJECTION: forcing a failure. [ 322.706258][T10811] name failslab, interval 1, probability 0, space 0, times 0 [ 322.710811][T10811] CPU: 0 UID: 0 PID: 10811 Comm: syz.3.1425 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 322.710827][T10811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 322.710834][T10811] Call Trace: [ 322.710839][T10811] [ 322.710844][T10811] dump_stack_lvl+0x16c/0x1f0 [ 322.710863][T10811] should_fail_ex+0x512/0x640 [ 322.710879][T10811] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 322.710894][T10811] should_failslab+0xc2/0x120 [ 322.710909][T10811] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 322.710922][T10811] ? __alloc_skb+0x2b2/0x380 [ 322.710936][T10811] __alloc_skb+0x2b2/0x380 [ 322.710948][T10811] ? __pfx___alloc_skb+0x10/0x10 [ 322.710962][T10811] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 322.710978][T10811] netlink_alloc_large_skb+0x69/0x130 [ 322.710994][T10811] netlink_sendmsg+0x6a1/0xdd0 [ 322.711010][T10811] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.711025][T10811] ? __import_iovec+0x1c8/0x660 [ 322.711038][T10811] ____sys_sendmsg+0xa98/0xc70 [ 322.711056][T10811] ? __pfx_____sys_sendmsg+0x10/0x10 [ 322.711071][T10811] ? get_compat_msghdr+0x11a/0x170 [ 322.711090][T10811] ___sys_sendmsg+0x134/0x1d0 [ 322.711104][T10811] ? __pfx____sys_sendmsg+0x10/0x10 [ 322.711133][T10811] __sys_sendmsg+0x16d/0x220 [ 322.711146][T10811] ? __pfx___sys_sendmsg+0x10/0x10 [ 322.711165][T10811] ? rcu_is_watching+0x12/0xc0 [ 322.711177][T10811] __do_fast_syscall_32+0x73/0x120 [ 322.711195][T10811] do_fast_syscall_32+0x32/0x80 [ 322.711211][T10811] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 322.711225][T10811] RIP: 0023:0xf7f78579 [ 322.711234][T10811] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 322.711244][T10811] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 322.711254][T10811] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 322.711261][T10811] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 322.711267][T10811] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 322.711273][T10811] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 322.711279][T10811] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 322.711292][T10811] [ 322.770648][ T29] vhci_hcd: vhci_device speed not set [ 322.798336][ T58] usb 39-1: device descriptor read/64, error -110 [ 322.804507][T10804] vhci_hcd: connection closed [ 322.806789][ T1139] vhci_hcd: stop threads [ 322.810781][ T1139] vhci_hcd: release socket [ 322.815246][ T1139] vhci_hcd: disconnect device [ 322.820605][T10813] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1426'. [ 322.828229][T10806] vhci_hcd: connection closed [ 322.828573][ T46] vhci_hcd: stop threads [ 322.832350][ T46] vhci_hcd: release socket [ 322.834149][T10813] netlink: 'syz.3.1426': attribute type 10 has an invalid length. [ 322.834326][ T46] vhci_hcd: disconnect device [ 322.841377][T10813] bond0: (slave wlan1): Opening slave failed [ 322.890128][T10817] FAULT_INJECTION: forcing a failure. [ 322.890128][T10817] name failslab, interval 1, probability 0, space 0, times 0 [ 322.895885][T10817] CPU: 0 UID: 0 PID: 10817 Comm: syz.3.1428 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 322.895902][T10817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 322.895909][T10817] Call Trace: [ 322.895914][T10817] [ 322.895919][T10817] dump_stack_lvl+0x16c/0x1f0 [ 322.895939][T10817] should_fail_ex+0x512/0x640 [ 322.895955][T10817] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 322.895970][T10817] should_failslab+0xc2/0x120 [ 322.895985][T10817] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 322.895997][T10817] ? __alloc_skb+0x2b2/0x380 [ 322.896012][T10817] __alloc_skb+0x2b2/0x380 [ 322.896024][T10817] ? __pfx___alloc_skb+0x10/0x10 [ 322.896041][T10817] tcp_stream_alloc_skb+0x34/0x570 [ 322.896059][T10817] tcp_sendmsg_locked+0xec1/0x3930 [ 322.896085][T10817] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 322.896102][T10817] ? do_raw_spin_lock+0x12c/0x2b0 [ 322.896119][T10817] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 322.896139][T10817] ? __local_bh_enable_ip+0xa4/0x120 [ 322.896154][T10817] tcp_sendmsg+0x2e/0x50 [ 322.896168][T10817] ? __pfx_tcp_sendmsg+0x10/0x10 [ 322.896183][T10817] inet_sendmsg+0xb9/0x140 [ 322.896200][T10817] __sys_sendto+0x431/0x510 [ 322.896212][T10817] ? __pfx___sys_sendto+0x10/0x10 [ 322.896235][T10817] ? ksys_write+0x1b9/0x240 [ 322.896247][T10817] ? __pfx_ksys_write+0x10/0x10 [ 322.896259][T10817] __ia32_sys_sendto+0xdd/0x1b0 [ 322.896270][T10817] ? lockdep_hardirqs_on+0x7c/0x110 [ 322.896285][T10817] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 322.896301][T10817] __do_fast_syscall_32+0x73/0x120 [ 322.896318][T10817] do_fast_syscall_32+0x32/0x80 [ 322.896334][T10817] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 322.896347][T10817] RIP: 0023:0xf7f78579 [ 322.896356][T10817] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 322.896366][T10817] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 322.896377][T10817] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 322.896383][T10817] RDX: 00000000ffffffe4 RSI: 0000000000000000 RDI: 0000000000000000 [ 322.896390][T10817] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 322.896396][T10817] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 322.896402][T10817] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 322.896423][T10817] [ 322.925618][T10818] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1427'. [ 322.927207][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 323.000569][ T58] vhci_hcd: vhci_device speed not set [ 323.079890][T10822] autofs: Bad value for 'fd' [ 323.137476][T10823] netlink: 'syz.3.1430': attribute type 13 has an invalid length. [ 323.191315][ T5947] block nbd3: Receive control failed (result -107) [ 323.236818][T10823] block nbd3: shutting down sockets [ 323.480864][T10831] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.1433'. [ 323.562152][ T10] Process accounting resumed [ 323.572487][T10832] netlink: 'syz.2.1432': attribute type 1 has an invalid length. [ 323.710512][ T6035] vhci_hcd: vhci_device speed not set [ 323.966609][T10839] netlink: 'syz.3.1436': attribute type 10 has an invalid length. [ 323.969684][T10839] bond0: (slave wlan1): Opening slave failed [ 323.971809][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 324.283450][T10845] 9pnet_fd: Insufficient options for proto=fd [ 324.390535][ T58] usb 8-1: new high-speed USB device number 60 using dummy_hcd [ 324.452052][T10850] netlink: 'syz.2.1440': attribute type 1 has an invalid length. [ 324.520391][ T58] usb 8-1: device descriptor read/64, error -71 [ 324.700761][ T2291] usb 7-1: new full-speed USB device number 59 using dummy_hcd [ 324.843048][ T58] usb 8-1: new high-speed USB device number 61 using dummy_hcd [ 324.853497][ T2291] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 324.857652][ T2291] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 324.862040][ T2291] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 324.865734][ T2291] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.871126][ T2291] usb 7-1: config 0 descriptor?? [ 324.875819][ T2291] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 324.878509][ T2291] dvb-usb: bulk message failed: -22 (3/0) [ 324.884742][ T2291] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 324.888753][ T2291] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 324.895136][ T2291] usb 7-1: media controller created [ 324.898387][ T2291] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 324.903740][ T2291] dvb-usb: bulk message failed: -22 (6/0) [ 324.905556][ T2291] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 324.920942][ T2291] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input69 [ 324.925098][ T2291] dvb-usb: schedule remote query interval to 150 msecs. [ 324.927280][ T2291] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 324.975094][T10857] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 324.977272][T10857] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 324.979975][T10857] vhci_hcd vhci_hcd.0: Device attached [ 324.984719][ T58] usb 8-1: device descriptor read/64, error -71 [ 325.000359][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 325.080551][ T2291] dvb-usb: bulk message failed: -22 (1/0) [ 325.082444][T10850] 8021q: adding VLAN 0 to HW filter on device bond10 [ 325.082925][ T2291] dvb-usb: error while querying for an remote control event. [ 325.093509][ T58] usb usb8-port1: attempt power cycle [ 325.230369][ T6035] usb 39-1: new high-speed USB device number 8 using vhci_hcd [ 325.240381][ T2291] dvb-usb: bulk message failed: -22 (1/0) [ 325.242254][ T2291] dvb-usb: error while querying for an remote control event. [ 325.275122][ T29] usb 7-1: USB disconnect, device number 59 [ 325.285653][ T29] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 325.290499][ T66] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 325.430367][ T58] usb 8-1: new high-speed USB device number 62 using dummy_hcd [ 325.440376][ T66] usb 5-1: Using ep0 maxpacket: 8 [ 325.444406][ T66] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 325.447126][ T66] usb 5-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 325.450482][ T66] usb 5-1: config 179 has no interface number 0 [ 325.450840][ T58] usb 8-1: device descriptor read/8, error -71 [ 325.452473][ T66] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid wMaxPacketSize 0 [ 325.457581][ T66] usb 5-1: config 179 interface 65 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 23 [ 325.461863][ T66] usb 5-1: config 179 interface 65 has no altsetting 0 [ 325.464028][ T66] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 325.466918][ T66] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.588981][T10858] vhci_hcd: connection reset by peer [ 325.591727][ T1139] vhci_hcd: stop threads [ 325.593121][ T1139] vhci_hcd: release socket [ 325.594645][ T1139] vhci_hcd: disconnect device [ 325.689453][ T40] kauditd_printk_skb: 89 callbacks suppressed [ 325.689463][ T40] audit: type=1804 audit(1747185073.891:808): pid=10855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1442" name="/newroot/348/file0/file0" dev="9p" ino=35913898 res=1 errno=0 [ 325.700412][ T58] usb 8-1: new high-speed USB device number 63 using dummy_hcd [ 325.720810][ T58] usb 8-1: device descriptor read/8, error -71 [ 325.743568][ T2291] usb 5-1: USB disconnect, device number 75 [ 325.807063][T10864] FAULT_INJECTION: forcing a failure. [ 325.807063][T10864] name failslab, interval 1, probability 0, space 0, times 0 [ 325.811406][T10864] CPU: 0 UID: 0 PID: 10864 Comm: syz.2.1443 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 325.811421][T10864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 325.811428][T10864] Call Trace: [ 325.811444][T10864] [ 325.811449][T10864] dump_stack_lvl+0x16c/0x1f0 [ 325.811469][T10864] should_fail_ex+0x512/0x640 [ 325.811485][T10864] ? fs_reclaim_acquire+0xae/0x150 [ 325.811502][T10864] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 325.811518][T10864] should_failslab+0xc2/0x120 [ 325.811533][T10864] __kmalloc_noprof+0xd2/0x510 [ 325.811548][T10864] tomoyo_realpath_from_path+0xc2/0x6e0 [ 325.811565][T10864] ? tomoyo_profile+0x47/0x60 [ 325.811576][T10864] tomoyo_path_number_perm+0x245/0x580 [ 325.811589][T10864] ? tomoyo_path_number_perm+0x237/0x580 [ 325.811603][T10864] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 325.811631][T10864] ? find_held_lock+0x2b/0x80 [ 325.811641][T10864] ? hook_file_ioctl_common+0x145/0x410 [ 325.811654][T10864] ? __fget_files+0x204/0x3c0 [ 325.811666][T10864] ? __fget_files+0x20e/0x3c0 [ 325.811674][T10864] ? fput+0x10/0xf0 [ 325.811689][T10864] security_file_ioctl_compat+0x9b/0x240 [ 325.811704][T10864] __ia32_compat_sys_ioctl+0xc3/0x360 [ 325.811722][T10864] __do_fast_syscall_32+0x73/0x120 [ 325.811739][T10864] do_fast_syscall_32+0x32/0x80 [ 325.811756][T10864] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 325.811769][T10864] RIP: 0023:0xf7f92579 [ 325.811778][T10864] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 325.811789][T10864] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 325.811800][T10864] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c020aa07 [ 325.811806][T10864] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 325.811813][T10864] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 325.811818][T10864] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 325.811824][T10864] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 325.811838][T10864] [ 325.811853][T10864] ERROR: Out of memory at tomoyo_realpath_from_path. [ 325.830678][ T58] usb usb8-port1: unable to enumerate USB device [ 325.900717][T10868] netlink: 'syz.2.1445': attribute type 10 has an invalid length. [ 325.903742][T10868] bond0: (slave wlan1): Opening slave failed [ 326.019974][T10875] netlink: 'syz.2.1447': attribute type 13 has an invalid length. [ 326.040511][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 326.080429][T10875] block nbd2: shutting down sockets [ 326.212517][T10879] __nla_validate_parse: 2 callbacks suppressed [ 326.212530][T10879] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1448'. [ 326.415310][T10885] netlink: 'syz.1.1451': attribute type 1 has an invalid length. [ 326.421685][T10888] FAULT_INJECTION: forcing a failure. [ 326.421685][T10888] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 326.425790][T10888] CPU: 1 UID: 0 PID: 10888 Comm: syz.0.1452 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 326.425805][T10888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 326.425812][T10888] Call Trace: [ 326.425816][T10888] [ 326.425820][T10888] dump_stack_lvl+0x16c/0x1f0 [ 326.425840][T10888] should_fail_ex+0x512/0x640 [ 326.425859][T10888] _copy_from_user+0x2e/0xd0 [ 326.425877][T10888] __sys_bpf+0x21d/0x4d80 [ 326.425896][T10888] ? __pfx___sys_bpf+0x10/0x10 [ 326.425912][T10888] ? ksys_write+0x190/0x240 [ 326.425925][T10888] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 326.425980][T10888] ? fput+0x70/0xf0 [ 326.425993][T10888] ? ksys_write+0x1b9/0x240 [ 326.426004][T10888] ? __pfx_ksys_write+0x10/0x10 [ 326.426016][T10888] __ia32_sys_bpf+0x76/0xe0 [ 326.426033][T10888] __do_fast_syscall_32+0x73/0x120 [ 326.426051][T10888] do_fast_syscall_32+0x32/0x80 [ 326.426067][T10888] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 326.426081][T10888] RIP: 0023:0xf702e579 [ 326.426090][T10888] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 326.426100][T10888] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 326.426110][T10888] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000080 [ 326.426117][T10888] RDX: 0000000000000028 RSI: 0000000000000000 RDI: 0000000000000000 [ 326.426124][T10888] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 326.426130][T10888] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 326.426136][T10888] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 326.426149][T10888] [ 326.537212][T10892] netlink: 'syz.0.1454': attribute type 10 has an invalid length. [ 326.540156][T10892] bond0: (slave wlan1): Opening slave failed [ 326.670422][ T6043] usb 6-1: new full-speed USB device number 75 using dummy_hcd [ 326.831934][ T6043] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 326.835501][ T6043] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 326.840879][ T6043] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 326.843993][ T6043] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.853120][ T6043] usb 6-1: config 0 descriptor?? [ 326.867713][ T6043] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 326.870466][ T6043] dvb-usb: bulk message failed: -22 (3/0) [ 326.874530][ T6043] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 326.878398][ T6043] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 326.881515][ T6043] usb 6-1: media controller created [ 326.883800][ T6043] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 326.888073][ T6043] dvb-usb: bulk message failed: -22 (6/0) [ 326.890160][ T6043] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 326.893748][ T6043] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input71 [ 326.898132][ T6043] dvb-usb: schedule remote query interval to 150 msecs. [ 326.901053][ T6043] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 326.964971][T10904] xt_CT: You must specify a L4 protocol and not use inversions on it [ 327.060352][ T6043] dvb-usb: bulk message failed: -22 (1/0) [ 327.062272][ T6043] dvb-usb: error while querying for an remote control event. [ 327.080371][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 327.099318][T10885] 8021q: adding VLAN 0 to HW filter on device bond13 [ 327.159793][T10910] FAULT_INJECTION: forcing a failure. [ 327.159793][T10910] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 327.165195][T10910] CPU: 0 UID: 0 PID: 10910 Comm: syz.3.1459 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 327.165235][T10910] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 327.165243][T10910] Call Trace: [ 327.165247][T10910] [ 327.165252][T10910] dump_stack_lvl+0x16c/0x1f0 [ 327.165272][T10910] should_fail_ex+0x512/0x640 [ 327.165291][T10910] _copy_from_user+0x2e/0xd0 [ 327.165309][T10910] get_compat_msghdr+0xa7/0x170 [ 327.165322][T10910] ? __pfx_get_compat_msghdr+0x10/0x10 [ 327.165335][T10910] ? __pfx__kstrtoull+0x10/0x10 [ 327.165350][T10910] ___sys_sendmsg+0x1ae/0x1d0 [ 327.165365][T10910] ? __pfx____sys_sendmsg+0x10/0x10 [ 327.165384][T10910] ? find_held_lock+0x2b/0x80 [ 327.165404][T10910] __sys_sendmmsg+0x2f9/0x420 [ 327.165419][T10910] ? __pfx___sys_sendmmsg+0x10/0x10 [ 327.165436][T10910] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 327.165458][T10910] ? fput+0x70/0xf0 [ 327.165471][T10910] ? ksys_write+0x1b9/0x240 [ 327.165482][T10910] ? __pfx_ksys_write+0x10/0x10 [ 327.165494][T10910] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 327.165508][T10910] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 327.165524][T10910] __do_fast_syscall_32+0x73/0x120 [ 327.165541][T10910] do_fast_syscall_32+0x32/0x80 [ 327.165557][T10910] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 327.165571][T10910] RIP: 0023:0xf7f78579 [ 327.165580][T10910] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 327.165591][T10910] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 327.165601][T10910] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080003040 [ 327.165608][T10910] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 327.165614][T10910] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 327.165620][T10910] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 327.165626][T10910] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 327.165639][T10910] [ 327.230466][ T6043] dvb-usb: bulk message failed: -22 (1/0) [ 327.238510][ T6043] dvb-usb: error while querying for an remote control event. [ 327.336968][ T6043] usb 6-1: USB disconnect, device number 75 [ 327.361664][ T6043] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 327.377436][T10914] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1460'. [ 327.601369][T10918] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1462'. [ 327.657951][T10920] validate_nla: 1 callbacks suppressed [ 327.657964][T10920] netlink: 'syz.0.1463': attribute type 10 has an invalid length. [ 327.667084][T10920] bond0: (slave wlan1): Opening slave failed [ 327.815374][T10927] autofs: Bad value for 'fd' [ 327.862938][T10928] netlink: 'syz.2.1465': attribute type 13 has an invalid length. [ 327.920407][T10928] block nbd2: shutting down sockets [ 327.922921][T10931] netlink: 'syz.0.1466': attribute type 13 has an invalid length. [ 327.959900][T10934] netlink: 'syz.1.1475': attribute type 1 has an invalid length. [ 328.120425][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 328.203305][T10938] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 328.205409][T10938] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 328.208438][T10938] vhci_hcd vhci_hcd.0: Device attached [ 328.210496][ T6043] usb 6-1: new full-speed USB device number 76 using dummy_hcd [ 328.372036][ T6043] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 328.375379][ T6043] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 328.378331][ T6043] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 328.381275][ T6043] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.385131][ T6043] usb 6-1: config 0 descriptor?? [ 328.391191][ T6043] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 328.393354][ T6043] dvb-usb: bulk message failed: -22 (3/0) [ 328.397259][ T6043] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 328.401232][ T6043] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 328.403565][ T6043] usb 6-1: media controller created [ 328.405959][ T6043] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 328.412002][ T6043] dvb-usb: bulk message failed: -22 (6/0) [ 328.413933][ T6043] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 328.418303][ T6043] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input72 [ 328.423984][ T6043] dvb-usb: schedule remote query interval to 150 msecs. [ 328.426380][ T6043] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 328.452005][ T58] usb 43-1: new high-speed USB device number 11 using vhci_hcd [ 328.580959][ T29] dvb-usb: bulk message failed: -22 (1/0) [ 328.582903][ T29] dvb-usb: error while querying for an remote control event. [ 328.591312][T10934] 8021q: adding VLAN 0 to HW filter on device bond14 [ 328.740553][ T29] dvb-usb: bulk message failed: -22 (1/0) [ 328.744435][ T29] dvb-usb: error while querying for an remote control event. [ 328.753789][T10950] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1469'. [ 328.781803][ T66] usb 6-1: USB disconnect, device number 76 [ 328.825986][T10939] vhci_hcd: connection reset by peer [ 328.835018][ T1137] vhci_hcd: stop threads [ 328.836503][ T1137] vhci_hcd: release socket [ 328.837988][ T1137] vhci_hcd: disconnect device [ 328.870772][ T66] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 328.978672][T10955] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1471'. [ 329.008767][T10957] netlink: 'syz.0.1472': attribute type 10 has an invalid length. [ 329.013366][T10957] bond0: (slave wlan1): Opening slave failed [ 329.038084][T10961] FAULT_INJECTION: forcing a failure. [ 329.038084][T10961] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 329.043151][T10961] CPU: 1 UID: 0 PID: 10961 Comm: syz.0.1474 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 329.043176][T10961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 329.043187][T10961] Call Trace: [ 329.043194][T10961] [ 329.043201][T10961] dump_stack_lvl+0x16c/0x1f0 [ 329.043231][T10961] should_fail_ex+0x512/0x640 [ 329.043260][T10961] _copy_from_user+0x2e/0xd0 [ 329.043289][T10961] get_compat_msghdr+0xa7/0x170 [ 329.043311][T10961] ? __pfx_get_compat_msghdr+0x10/0x10 [ 329.043340][T10961] ___sys_sendmsg+0x1ae/0x1d0 [ 329.043363][T10961] ? __pfx____sys_sendmsg+0x10/0x10 [ 329.043413][T10961] __sys_sendmsg+0x16d/0x220 [ 329.043434][T10961] ? __pfx___sys_sendmsg+0x10/0x10 [ 329.043472][T10961] ? rcu_is_watching+0x12/0xc0 [ 329.043494][T10961] __do_fast_syscall_32+0x73/0x120 [ 329.043523][T10961] do_fast_syscall_32+0x32/0x80 [ 329.043549][T10961] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 329.043570][T10961] RIP: 0023:0xf702e579 [ 329.043584][T10961] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 329.043601][T10961] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 329.043617][T10961] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140 [ 329.043630][T10961] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000 [ 329.043640][T10961] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 329.043649][T10961] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 329.043659][T10961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 329.043681][T10961] [ 329.152886][T10966] No control pipe specified [ 329.160495][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 329.259184][T10968] netlink: 'syz.0.1477': attribute type 13 has an invalid length. [ 329.320510][ T6043] usb 7-1: new high-speed USB device number 60 using dummy_hcd [ 329.400561][T10972] netlink: 'syz.1.1486': attribute type 1 has an invalid length. [ 329.450436][ T6043] usb 7-1: device descriptor read/64, error -71 [ 329.624940][T10975] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 329.627121][T10975] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 329.629752][T10975] vhci_hcd vhci_hcd.0: Device attached [ 329.690374][ T66] usb 6-1: new full-speed USB device number 77 using dummy_hcd [ 329.692358][ T6043] usb 7-1: new high-speed USB device number 61 using dummy_hcd [ 329.820479][ T6043] usb 7-1: device descriptor read/64, error -71 [ 329.843184][ T66] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 329.847539][ T66] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 329.851538][ T66] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 329.855402][ T66] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.861342][ T66] usb 6-1: config 0 descriptor?? [ 329.866877][ T66] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 329.869779][ T66] dvb-usb: bulk message failed: -22 (3/0) [ 329.876336][ T66] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 329.880622][ T66] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 329.883700][ T66] usb 6-1: media controller created [ 329.887358][ T66] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 329.893951][ T66] dvb-usb: bulk message failed: -22 (6/0) [ 329.895860][ T66] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 329.900656][ T66] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input73 [ 329.906488][ T66] dvb-usb: schedule remote query interval to 150 msecs. [ 329.909273][ T66] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 329.940796][ T6043] usb usb7-port1: attempt power cycle [ 330.060679][ T66] dvb-usb: bulk message failed: -22 (1/0) [ 330.063176][ T66] dvb-usb: error while querying for an remote control event. [ 330.070785][T10972] 8021q: adding VLAN 0 to HW filter on device bond15 [ 330.074938][T10980] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1479'. [ 330.200491][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 330.220433][ T66] dvb-usb: bulk message failed: -22 (1/0) [ 330.222353][ T66] dvb-usb: error while querying for an remote control event. [ 330.258557][T10976] vhci_hcd: connection closed [ 330.261644][ T1139] vhci_hcd: stop threads [ 330.263083][ T836] usb 6-1: USB disconnect, device number 77 [ 330.263258][ T1139] vhci_hcd: release socket [ 330.268878][ T1139] vhci_hcd: disconnect device [ 330.279019][ T836] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 330.282997][ T6043] usb 7-1: new high-speed USB device number 62 using dummy_hcd [ 330.313600][ T6043] usb 7-1: device descriptor read/8, error -71 [ 330.334660][T10987] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1481'. [ 330.351664][ T6035] vhci_hcd: vhci_device speed not set [ 330.560439][ T6043] usb 7-1: new high-speed USB device number 63 using dummy_hcd [ 330.580787][ T6043] usb 7-1: device descriptor read/8, error -71 [ 330.690655][ T6043] usb usb7-port1: unable to enumerate USB device [ 331.061053][T11000] FAULT_INJECTION: forcing a failure. [ 331.061053][T11000] name failslab, interval 1, probability 0, space 0, times 0 [ 331.066545][T11000] CPU: 1 UID: 0 PID: 11000 Comm: syz.1.1483 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 331.066569][T11000] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 331.066579][T11000] Call Trace: [ 331.066587][T11000] [ 331.066594][T11000] dump_stack_lvl+0x16c/0x1f0 [ 331.066622][T11000] should_fail_ex+0x512/0x640 [ 331.066644][T11000] ? fs_reclaim_acquire+0xae/0x150 [ 331.066669][T11000] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 331.066691][T11000] should_failslab+0xc2/0x120 [ 331.066710][T11000] __kmalloc_noprof+0xd2/0x510 [ 331.066727][T11000] ? rcu_is_watching+0x12/0xc0 [ 331.066748][T11000] tomoyo_realpath_from_path+0xc2/0x6e0 [ 331.066772][T11000] ? tomoyo_profile+0x47/0x60 [ 331.066789][T11000] tomoyo_path_number_perm+0x245/0x580 [ 331.066807][T11000] ? tomoyo_path_number_perm+0x237/0x580 [ 331.066828][T11000] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 331.066872][T11000] ? find_held_lock+0x2b/0x80 [ 331.066886][T11000] ? hook_file_ioctl_common+0x145/0x410 [ 331.066904][T11000] ? __fget_files+0x204/0x3c0 [ 331.066924][T11000] ? __fget_files+0x20e/0x3c0 [ 331.066954][T11000] ? fput+0x10/0xf0 [ 331.066977][T11000] security_file_ioctl_compat+0x9b/0x240 [ 331.066999][T11000] __ia32_compat_sys_ioctl+0xc3/0x360 [ 331.067024][T11000] __do_fast_syscall_32+0x73/0x120 [ 331.067048][T11000] do_fast_syscall_32+0x32/0x80 [ 331.067070][T11000] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 331.067089][T11000] RIP: 0023:0xf7f47579 [ 331.067103][T11000] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 331.067118][T11000] RSP: 002b:00000000f502455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 331.067134][T11000] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000c0845657 [ 331.067144][T11000] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 331.067154][T11000] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 331.067164][T11000] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 331.067174][T11000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 331.067196][T11000] [ 331.067241][T11000] ERROR: Out of memory at tomoyo_realpath_from_path. [ 331.240413][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 331.315212][T11005] ip6t_srh: unknown srh invflags 6BE9 [ 331.319673][T11005] ubi31: attaching mtd0 [ 331.324236][T11005] ubi31: scanning is finished [ 331.325770][T11005] ubi31: empty MTD device detected [ 331.591375][T11005] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 331.594572][T11005] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 331.597480][T11005] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 331.600205][T11005] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 331.603984][T11005] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 331.606219][T11005] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 331.608795][T11005] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1326045937 [ 331.616178][T11005] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 331.619497][T11008] ubi31: background thread "ubi_bgt31d" started, PID 11008 [ 331.688605][T11014] No control pipe specified [ 331.798093][T11019] netlink: 'syz.0.1488': attribute type 13 has an invalid length. [ 332.086707][T11028] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1491'. [ 332.122393][T11033] netlink: 'syz.1.1493': attribute type 1 has an invalid length. [ 332.280390][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 332.380556][ T2291] usb 6-1: new full-speed USB device number 78 using dummy_hcd [ 332.430398][ T6043] usb 7-1: new high-speed USB device number 64 using dummy_hcd [ 332.543940][ T2291] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 332.548135][ T2291] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 332.552413][ T2291] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 332.556086][ T2291] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.562092][ T2291] usb 6-1: config 0 descriptor?? [ 332.566995][ T2291] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 332.569930][ T2291] dvb-usb: bulk message failed: -22 (3/0) [ 332.577915][ T2291] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 332.581806][ T6043] usb 7-1: Using ep0 maxpacket: 8 [ 332.584838][ T2291] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 332.587944][ T2291] usb 6-1: media controller created [ 332.591545][ T2291] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 332.592978][ T6043] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 332.602574][ T6043] usb 7-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 332.606584][ T2291] dvb-usb: bulk message failed: -22 (6/0) [ 332.606791][ T6043] usb 7-1: config 179 has no interface number 0 [ 332.609306][ T2291] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 332.613482][ T6043] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid wMaxPacketSize 0 [ 332.617953][ T2291] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input74 [ 332.625277][ T6043] usb 7-1: config 179 interface 65 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 23 [ 332.628878][ T2291] dvb-usb: schedule remote query interval to 150 msecs. [ 332.633742][ T2291] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 332.636275][T11037] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.1495'. [ 332.645556][ T6043] usb 7-1: config 179 interface 65 has no altsetting 0 [ 332.652217][ T6043] usb 7-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 332.656071][ T6043] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.768162][T11033] 8021q: adding VLAN 0 to HW filter on device bond16 [ 332.790372][ T2291] dvb-usb: bulk message failed: -22 (1/0) [ 332.792259][ T2291] dvb-usb: error while querying for an remote control event. [ 332.916976][ T40] audit: type=1804 audit(1747185081.121:809): pid=11032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1494" name="/newroot/404/file0/file0" dev="9p" ino=35913898 res=1 errno=0 [ 332.950626][ T2291] dvb-usb: bulk message failed: -22 (1/0) [ 332.952649][ T2291] dvb-usb: error while querying for an remote control event. [ 333.034867][ T6043] usb 6-1: USB disconnect, device number 78 [ 333.035017][T11043] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.1496'. [ 333.068704][ T2291] usb 7-1: USB disconnect, device number 64 [ 333.259818][ T6043] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 333.320377][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 333.606845][ T58] vhci_hcd: vhci_device speed not set [ 333.821080][T11045] ip6t_srh: unknown srh invflags 6BE9 [ 333.823483][T11045] FAULT_INJECTION: forcing a failure. [ 333.823483][T11045] name failslab, interval 1, probability 0, space 0, times 0 [ 333.827391][T11045] CPU: 1 UID: 0 PID: 11045 Comm: syz.0.1497 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 333.827406][T11045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 333.827413][T11045] Call Trace: [ 333.827417][T11045] [ 333.827422][T11045] dump_stack_lvl+0x16c/0x1f0 [ 333.827442][T11045] should_fail_ex+0x512/0x640 [ 333.827458][T11045] ? fs_reclaim_acquire+0xae/0x150 [ 333.827476][T11045] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 333.827492][T11045] should_failslab+0xc2/0x120 [ 333.827506][T11045] __kmalloc_noprof+0xd2/0x510 [ 333.827522][T11045] tomoyo_realpath_from_path+0xc2/0x6e0 [ 333.827539][T11045] ? tomoyo_profile+0x47/0x60 [ 333.827550][T11045] tomoyo_path_number_perm+0x245/0x580 [ 333.827563][T11045] ? tomoyo_path_number_perm+0x237/0x580 [ 333.827577][T11045] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 333.827604][T11045] ? find_held_lock+0x2b/0x80 [ 333.827614][T11045] ? hook_file_ioctl_common+0x145/0x410 [ 333.827627][T11045] ? __fget_files+0x204/0x3c0 [ 333.827639][T11045] ? __fget_files+0x20e/0x3c0 [ 333.827648][T11045] ? fput+0x10/0xf0 [ 333.827662][T11045] security_file_ioctl_compat+0x9b/0x240 [ 333.827678][T11045] __ia32_compat_sys_ioctl+0xc3/0x360 [ 333.827695][T11045] __do_fast_syscall_32+0x73/0x120 [ 333.827713][T11045] do_fast_syscall_32+0x32/0x80 [ 333.827729][T11045] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 333.827743][T11045] RIP: 0023:0xf702e579 [ 333.827752][T11045] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 333.827762][T11045] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 333.827773][T11045] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000040186f40 [ 333.827780][T11045] RDX: 0000000080000440 RSI: 0000000000000000 RDI: 0000000000000000 [ 333.827786][T11045] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 333.827792][T11045] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 333.827798][T11045] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 333.827811][T11045] [ 333.827816][T11045] ERROR: Out of memory at tomoyo_realpath_from_path. [ 333.898796][T11048] ip6t_srh: unknown srh invflags 6BE9 [ 333.901198][T11048] ubi: mtd0 is already attached to ubi31 [ 333.912918][T11045] ubi: mtd0 is already attached to ubi31 [ 333.927246][T11054] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 334.130456][ T29] Process accounting resumed [ 334.140532][ T66] usb 6-1: new high-speed USB device number 79 using dummy_hcd [ 334.151534][T11064] netlink: 'syz.0.1501': attribute type 1 has an invalid length. [ 334.153989][T11064] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1501'. [ 334.270383][ T66] usb 6-1: device descriptor read/64, error -71 [ 334.361227][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 334.413101][T11072] xt_CT: You must specify a L4 protocol and not use inversions on it [ 334.437025][ T2291] Process accounting resumed [ 334.510477][ T66] usb 6-1: new high-speed USB device number 80 using dummy_hcd [ 334.563315][T11071] netlink: 'syz.3.1503': attribute type 1 has an invalid length. [ 334.566639][T11071] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1503'. [ 334.640354][ T66] usb 6-1: device descriptor read/64, error -71 [ 334.751025][ T66] usb usb6-port1: attempt power cycle [ 335.090546][ T66] usb 6-1: new high-speed USB device number 81 using dummy_hcd [ 335.111075][ T66] usb 6-1: device descriptor read/8, error -71 [ 335.224945][T11087] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1508'. [ 335.269691][T11089] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 335.282660][T11089] FAULT_INJECTION: forcing a failure. [ 335.282660][T11089] name failslab, interval 1, probability 0, space 0, times 0 [ 335.287412][T11089] CPU: 3 UID: 0 PID: 11089 Comm: syz.2.1510 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 335.287428][T11089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 335.287435][T11089] Call Trace: [ 335.287439][T11089] [ 335.287444][T11089] dump_stack_lvl+0x16c/0x1f0 [ 335.287465][T11089] should_fail_ex+0x512/0x640 [ 335.287480][T11089] ? fs_reclaim_acquire+0xae/0x150 [ 335.287498][T11089] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 335.287514][T11089] should_failslab+0xc2/0x120 [ 335.287529][T11089] __kmalloc_noprof+0xd2/0x510 [ 335.287545][T11089] tomoyo_realpath_from_path+0xc2/0x6e0 [ 335.287562][T11089] ? tomoyo_profile+0x47/0x60 [ 335.287573][T11089] tomoyo_path_number_perm+0x245/0x580 [ 335.287586][T11089] ? tomoyo_path_number_perm+0x237/0x580 [ 335.287600][T11089] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 335.287627][T11089] ? find_held_lock+0x2b/0x80 [ 335.287637][T11089] ? hook_file_ioctl_common+0x145/0x410 [ 335.287650][T11089] ? __fget_files+0x204/0x3c0 [ 335.287662][T11089] ? __fget_files+0x20e/0x3c0 [ 335.287670][T11089] ? fput+0x10/0xf0 [ 335.287685][T11089] security_file_ioctl_compat+0x9b/0x240 [ 335.287701][T11089] __ia32_compat_sys_ioctl+0xc3/0x360 [ 335.287718][T11089] __do_fast_syscall_32+0x73/0x120 [ 335.287735][T11089] do_fast_syscall_32+0x32/0x80 [ 335.287752][T11089] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 335.287765][T11089] RIP: 0023:0xf7f92579 [ 335.287774][T11089] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 335.287785][T11089] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 335.287795][T11089] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 000000004048aecb [ 335.287801][T11089] RDX: 0000000080000480 RSI: 0000000000000000 RDI: 0000000000000000 [ 335.287808][T11089] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 335.287814][T11089] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 335.287820][T11089] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 335.287833][T11089] [ 335.287838][T11089] ERROR: Out of memory at tomoyo_realpath_from_path. [ 335.400342][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 335.403659][ T2291] usb 8-1: new high-speed USB device number 64 using dummy_hcd [ 335.420386][ T66] usb 6-1: new high-speed USB device number 82 using dummy_hcd [ 335.441090][ T66] usb 6-1: device descriptor read/8, error -71 [ 335.462339][T11094] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 335.470901][T11096] autofs: Unknown parameter '0x0000000000000000' [ 335.526478][T11098] netlink: 'syz.2.1513': attribute type 13 has an invalid length. [ 335.550855][ T66] usb usb6-port1: unable to enumerate USB device [ 335.561569][ T5947] block nbd2: Receive control failed (result -107) [ 335.564649][ T2291] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 335.567915][ T2291] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 335.573764][ T2291] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 335.577281][ T2291] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 335.580587][ T2291] usb 8-1: Manufacturer: syz [ 335.584113][ T2291] usb 8-1: config 0 descriptor?? [ 335.630369][ T2291] rc_core: IR keymap rc-hauppauge not found [ 335.632387][ T2291] Registered IR keymap rc-empty [ 335.634729][ T2291] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0 [ 335.639004][ T2291] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input75 [ 335.660841][T11098] block nbd2: shutting down sockets [ 335.794104][ T66] usb 8-1: USB disconnect, device number 64 [ 336.337955][T11104] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 336.440386][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 336.563823][T11118] FAULT_INJECTION: forcing a failure. [ 336.563823][T11118] name failslab, interval 1, probability 0, space 0, times 0 [ 336.567866][T11118] CPU: 1 UID: 0 PID: 11118 Comm: syz.3.1518 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 336.567892][T11118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 336.567899][T11118] Call Trace: [ 336.567904][T11118] [ 336.567909][T11118] dump_stack_lvl+0x16c/0x1f0 [ 336.567929][T11118] should_fail_ex+0x512/0x640 [ 336.567946][T11118] ? fs_reclaim_acquire+0xae/0x150 [ 336.567964][T11118] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 336.567980][T11118] should_failslab+0xc2/0x120 [ 336.567994][T11118] __kmalloc_noprof+0xd2/0x510 [ 336.568010][T11118] tomoyo_realpath_from_path+0xc2/0x6e0 [ 336.568027][T11118] ? tomoyo_profile+0x47/0x60 [ 336.568039][T11118] tomoyo_path_number_perm+0x245/0x580 [ 336.568051][T11118] ? tomoyo_path_number_perm+0x237/0x580 [ 336.568065][T11118] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 336.568079][T11118] ? finish_task_switch.isra.0+0x221/0xc10 [ 336.568104][T11118] ? find_held_lock+0x2b/0x80 [ 336.568114][T11118] ? hook_file_ioctl_common+0x145/0x410 [ 336.568131][T11118] ? __fget_files+0x204/0x3c0 [ 336.568143][T11118] ? __fget_files+0x20e/0x3c0 [ 336.568154][T11118] security_file_ioctl_compat+0x9b/0x240 [ 336.568170][T11118] __ia32_compat_sys_ioctl+0xc3/0x360 [ 336.568188][T11118] __do_fast_syscall_32+0x73/0x120 [ 336.568206][T11118] do_fast_syscall_32+0x32/0x80 [ 336.568222][T11118] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 336.568235][T11118] RIP: 0023:0xf7f78579 [ 336.568244][T11118] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 336.568255][T11118] RSP: 002b:00000000f505455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 336.568265][T11118] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c004743e [ 336.568272][T11118] RDX: 000000000e22fff6 RSI: 0000000000000000 RDI: 0000000000000000 [ 336.568278][T11118] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 336.568284][T11118] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 336.568290][T11118] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 336.568303][T11118] [ 336.569232][T11118] ERROR: Out of memory at tomoyo_realpath_from_path. [ 336.621036][ T58] Process accounting resumed [ 336.651625][T11115] netlink: 'syz.0.1517': attribute type 1 has an invalid length. [ 336.654173][T11115] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1517'. [ 336.739513][T11121] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1520'. [ 336.887409][T11128] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1523'. [ 336.891794][T11128] netlink: 'syz.2.1523': attribute type 10 has an invalid length. [ 336.895418][T11128] bond0: (slave wlan1): Opening slave failed [ 336.927616][T11133] autofs: Unknown parameter '0x0000000000000000' [ 336.983039][T11137] netlink: 'syz.2.1525': attribute type 13 has an invalid length. [ 337.041093][ T5947] block nbd2: Receive control failed (result -107) [ 337.150730][T11138] block nbd2: shutting down sockets [ 337.181592][T11140] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 337.183733][T11140] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 337.186944][T11140] vhci_hcd vhci_hcd.0: Device attached [ 337.480418][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 337.669143][T11145] syzkaller1: entered promiscuous mode [ 337.671022][T11145] syzkaller1: entered allmulticast mode [ 337.673462][ T58] usb 43-1: new high-speed USB device number 12 using vhci_hcd [ 337.739670][T11141] vhci_hcd: connection reset by peer [ 337.742208][ T1139] vhci_hcd: stop threads [ 337.743595][ T1139] vhci_hcd: release socket [ 337.745029][ T1139] vhci_hcd: disconnect device [ 337.923749][T11153] FAULT_INJECTION: forcing a failure. [ 337.923749][T11153] name failslab, interval 1, probability 0, space 0, times 0 [ 337.928148][T11153] CPU: 3 UID: 0 PID: 11153 Comm: syz.1.1529 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 337.928164][T11153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 337.928170][T11153] Call Trace: [ 337.928175][T11153] [ 337.928180][T11153] dump_stack_lvl+0x16c/0x1f0 [ 337.928200][T11153] should_fail_ex+0x512/0x640 [ 337.928216][T11153] ? fs_reclaim_acquire+0xae/0x150 [ 337.928233][T11153] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 337.928249][T11153] should_failslab+0xc2/0x120 [ 337.928263][T11153] __kmalloc_noprof+0xd2/0x510 [ 337.928279][T11153] tomoyo_realpath_from_path+0xc2/0x6e0 [ 337.928296][T11153] ? tomoyo_profile+0x47/0x60 [ 337.928307][T11153] tomoyo_path_number_perm+0x245/0x580 [ 337.928319][T11153] ? tomoyo_path_number_perm+0x237/0x580 [ 337.928333][T11153] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 337.928361][T11153] ? find_held_lock+0x2b/0x80 [ 337.928371][T11153] ? hook_file_ioctl_common+0x145/0x410 [ 337.928384][T11153] ? __fget_files+0x204/0x3c0 [ 337.928397][T11153] ? __fget_files+0x20e/0x3c0 [ 337.928405][T11153] ? fput+0x10/0xf0 [ 337.928420][T11153] security_file_ioctl_compat+0x9b/0x240 [ 337.928436][T11153] __ia32_compat_sys_ioctl+0xc3/0x360 [ 337.928453][T11153] __do_fast_syscall_32+0x73/0x120 [ 337.928470][T11153] do_fast_syscall_32+0x32/0x80 [ 337.928486][T11153] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 337.928499][T11153] RIP: 0023:0xf7f47579 [ 337.928508][T11153] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 337.928518][T11153] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 337.928529][T11153] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000004048aec9 [ 337.928536][T11153] RDX: 0000000080000740 RSI: 0000000000000000 RDI: 0000000000000000 [ 337.928542][T11153] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 337.928548][T11153] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 337.928554][T11153] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 337.928567][T11153] [ 337.928571][T11153] ERROR: Out of memory at tomoyo_realpath_from_path. [ 338.345181][T11167] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1533'. [ 338.349054][T11167] netlink: 'syz.1.1533': attribute type 10 has an invalid length. [ 338.352629][T11167] bond0: (slave wlan1): Opening slave failed [ 338.530381][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 338.543482][T11175] autofs: Unknown parameter '0x0000000000000000' [ 338.601075][T11176] netlink: 'syz.2.1536': attribute type 13 has an invalid length. [ 338.630586][ T6004] usb 8-1: new high-speed USB device number 65 using dummy_hcd [ 338.651128][ T5947] block nbd2: Receive control failed (result -107) [ 338.714972][T10467] block nbd2: shutting down sockets [ 338.760523][ T6004] usb 8-1: device descriptor read/64, error -71 [ 339.000670][ T6004] usb 8-1: new high-speed USB device number 66 using dummy_hcd [ 339.131658][ T6004] usb 8-1: device descriptor read/64, error -71 [ 339.207920][T11190] autofs: Bad value for 'fd' [ 339.240754][ T6004] usb usb8-port1: attempt power cycle [ 339.314306][T11192] netlink: 'syz.0.1539': attribute type 13 has an invalid length. [ 339.501423][T11200] netlink: 'syz.1.1543': attribute type 10 has an invalid length. [ 339.505402][T11200] bond0: (slave wlan1): Opening slave failed [ 339.570336][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 339.590467][ T6004] usb 8-1: new high-speed USB device number 67 using dummy_hcd [ 339.610827][ T6004] usb 8-1: device descriptor read/8, error -71 [ 339.640454][ T34] usb 7-1: new high-speed USB device number 65 using dummy_hcd [ 339.791867][ T34] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 339.794508][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 339.798447][ T34] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 339.801620][ T34] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 339.804104][ T34] usb 7-1: Manufacturer: syz [ 339.806880][ T34] usb 7-1: config 0 descriptor?? [ 339.850375][ T34] rc_core: IR keymap rc-hauppauge not found [ 339.850498][ T6004] usb 8-1: new high-speed USB device number 68 using dummy_hcd [ 339.852338][ T34] Registered IR keymap rc-empty [ 339.853121][ T34] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 339.862621][ T34] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input76 [ 339.872301][ T6004] usb 8-1: device descriptor read/8, error -71 [ 339.981118][ T6004] usb usb8-port1: unable to enumerate USB device [ 340.015125][ T6239] usb 7-1: USB disconnect, device number 65 [ 340.135427][T11209] fuse: Bad value for 'fd' [ 340.457978][T11214] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.1546'. [ 340.610347][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 340.791042][T11217] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1547'. [ 341.374134][T11222] autofs: Unknown parameter '0x0000000000000000' [ 341.383549][T11222] netlink: 'syz.3.1548': attribute type 13 has an invalid length. [ 341.471141][ T5947] block nbd3: Receive control failed (result -107) [ 341.571272][T11225] block nbd3: shutting down sockets [ 341.603237][T11226] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11) [ 341.605830][T11226] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 341.608267][T11231] netlink: 'syz.1.1552': attribute type 10 has an invalid length. [ 341.608923][T11226] vhci_hcd vhci_hcd.0: Device attached [ 341.622671][T11231] bond0: (slave wlan1): Opening slave failed [ 341.640334][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 341.655238][T11235] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1553'. [ 341.695234][T11240] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1554'. [ 341.747724][T11244] autofs: Unknown parameter 'fd0x0000000000000000' [ 341.806158][T11245] netlink: 'syz.1.1562': attribute type 13 has an invalid length. [ 341.881478][ T5947] block nbd1: Receive control failed (result -107) [ 341.882631][ T34] usb 37-1: new high-speed USB device number 11 using vhci_hcd [ 341.916581][T11245] block nbd1: shutting down sockets [ 342.212537][T11232] vhci_hcd: connection reset by peer [ 342.214441][ T1136] vhci_hcd: stop threads [ 342.215817][ T1136] vhci_hcd: release socket [ 342.217721][ T1136] vhci_hcd: disconnect device [ 342.640370][ T10] usb 7-1: new high-speed USB device number 66 using dummy_hcd [ 342.680812][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 342.750377][ T58] vhci_hcd: vhci_device speed not set [ 342.761581][T11259] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.1558'. [ 342.800442][ T10] usb 7-1: device descriptor read/64, error -71 [ 343.080346][ T10] usb 7-1: new high-speed USB device number 67 using dummy_hcd [ 343.220361][ T10] usb 7-1: device descriptor read/64, error -71 [ 343.296696][T11262] FAULT_INJECTION: forcing a failure. [ 343.296696][T11262] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 343.305603][T11262] CPU: 2 UID: 0 PID: 11262 Comm: syz.0.1559 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 343.305631][T11262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 343.305638][T11262] Call Trace: [ 343.305643][T11262] [ 343.305648][T11262] dump_stack_lvl+0x16c/0x1f0 [ 343.305668][T11262] should_fail_ex+0x512/0x640 [ 343.305686][T11262] _copy_from_user+0x2e/0xd0 [ 343.305703][T11262] get_compat_msghdr+0xa7/0x170 [ 343.305716][T11262] ? __pfx_get_compat_msghdr+0x10/0x10 [ 343.305729][T11262] ? __pfx__kstrtoull+0x10/0x10 [ 343.305745][T11262] ___sys_sendmsg+0x1ae/0x1d0 [ 343.305760][T11262] ? __pfx____sys_sendmsg+0x10/0x10 [ 343.305793][T11262] ? find_held_lock+0x2b/0x80 [ 343.305815][T11262] __sys_sendmmsg+0x2f9/0x420 [ 343.305830][T11262] ? __pfx___sys_sendmmsg+0x10/0x10 [ 343.305854][T11262] ? fput+0x70/0xf0 [ 343.305868][T11262] ? ksys_write+0x1b9/0x240 [ 343.305882][T11262] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 343.305895][T11262] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 343.305912][T11262] __do_fast_syscall_32+0x73/0x120 [ 343.305929][T11262] do_fast_syscall_32+0x32/0x80 [ 343.305945][T11262] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 343.305959][T11262] RIP: 0023:0xf702e579 [ 343.305968][T11262] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 343.305979][T11262] RSP: 002b:00000000f4ffd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 343.305990][T11262] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 0000000080000440 [ 343.305997][T11262] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 343.306003][T11262] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 343.306009][T11262] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 343.306015][T11262] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 343.306028][T11262] [ 343.424981][ T10] usb usb7-port1: attempt power cycle [ 343.716139][T11271] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1563'. [ 343.720350][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 343.732564][T11272] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.1561'. [ 343.790353][ T10] usb 7-1: new high-speed USB device number 68 using dummy_hcd [ 344.561103][ T10] usb 7-1: device descriptor read/8, error -71 [ 344.597071][ T5983] Process accounting resumed [ 344.670893][T11274] netlink: 'syz.1.1564': attribute type 1 has an invalid length. [ 344.673997][T11274] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1564'. [ 344.683917][T11282] autofs: Unknown parameter 'fd0x0000000000000000' [ 344.739942][T11283] netlink: 'syz.3.1566': attribute type 13 has an invalid length. [ 344.745990][T11285] autofs: Unknown parameter '0x0000000000000000' [ 344.760422][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 344.781411][ T5947] block nbd3: Receive control failed (result -107) [ 344.800874][ T10] usb 7-1: new high-speed USB device number 69 using dummy_hcd [ 344.801138][T11286] netlink: 'syz.1.1567': attribute type 13 has an invalid length. [ 344.831170][ T10] usb 7-1: device descriptor read/8, error -71 [ 344.840899][T11283] block nbd3: shutting down sockets [ 344.841133][T11286] block nbd1: shutting down sockets [ 344.940720][ T10] usb usb7-port1: unable to enumerate USB device [ 344.958195][T11289] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 344.960794][T11289] IPv6: NLM_F_CREATE should be set when creating new route [ 345.447124][T11298] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.1571'. [ 345.525352][T11302] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1573'. [ 345.551790][ T40] audit: type=1326 audit(1747185093.761:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11303 comm="syz.0.1574" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x0 [ 345.778874][ T10] libceph: connect (1)[c::]:6789 error -101 [ 345.783126][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 345.800376][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 345.807982][T11313] serio: Serial port ptm0 [ 345.901427][T11313] afs: Unknown parameter 'ύ' [ 346.004144][ T5983] Process accounting resumed [ 346.006472][T11308] netlink: 'syz.3.1576': attribute type 1 has an invalid length. [ 346.008932][T11308] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1576'. [ 346.033532][T11310] ceph: No mds server is up or the cluster is laggy [ 346.045585][ T10] libceph: connect (1)[c::]:6789 error -101 [ 346.047644][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 346.561329][T11331] fuse: Unknown parameter 'group_ΕΜ00000000000000000000' [ 346.564644][T11333] fuse: Unknown parameter 'group_ΕΜ00000000000000000000' [ 346.702643][T11338] netlink: 1024 bytes leftover after parsing attributes in process `syz.0.1582'. [ 346.840367][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 346.990434][ T34] vhci_hcd: vhci_device speed not set [ 347.181259][T11341] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1583'. [ 347.222536][T11343] autofs: Unknown parameter '0x0000000000000000' [ 347.273170][T11345] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1592'. [ 347.281823][T11346] netlink: 'syz.3.1584': attribute type 13 has an invalid length. [ 347.360805][T11346] block nbd3: shutting down sockets [ 347.387176][T11351] autofs: Unknown parameter '0x0000000000000000' [ 347.447231][T11353] netlink: 'syz.1.1585': attribute type 13 has an invalid length. [ 347.448399][T11352] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.1586'. [ 347.501915][ T5947] block nbd1: Receive control failed (result -107) [ 347.617174][T10467] block nbd1: shutting down sockets [ 347.880334][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 348.570573][ T5983] usb 6-1: new high-speed USB device number 83 using dummy_hcd [ 348.650538][ T34] usb 7-1: new high-speed USB device number 70 using dummy_hcd [ 348.727883][ T5983] usb 6-1: config 1 interface 0 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 32 [ 348.740423][ T5983] usb 6-1: config 1 interface 0 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 348.780589][ T5983] usb 6-1: config 1 interface 0 has no altsetting 0 [ 348.796280][ T5983] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 348.810541][ T5983] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.812662][ T34] usb 7-1: config 1 interface 0 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 32 [ 348.816234][ T34] usb 7-1: config 1 interface 0 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 348.820665][ T34] usb 7-1: config 1 interface 0 has no altsetting 0 [ 348.824349][ T34] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 348.827390][ T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.829878][ T34] usb 7-1: Product: syz [ 348.831377][ T34] usb 7-1: Manufacturer: syz [ 348.832844][ T34] usb 7-1: SerialNumber: syz [ 348.836093][T11369] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 348.836515][ T5983] usb 6-1: Product: syz [ 348.840586][T11369] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 348.884505][ T5983] usb 6-1: Manufacturer: syz [ 348.886296][ T5983] usb 6-1: SerialNumber: syz [ 348.898675][T11362] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 348.901348][T11362] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 348.920342][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 349.058262][ T34] usb 7-1: USB disconnect, device number 70 [ 349.111515][ T5983] usb 6-1: USB disconnect, device number 83 [ 349.399702][T11387] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1594'. [ 349.715297][T11369] xt_CT: You must specify a L4 protocol and not use inversions on it [ 349.772974][T11362] xt_CT: You must specify a L4 protocol and not use inversions on it [ 349.970417][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 350.003608][T11397] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 350.006006][T11397] IPv6: NLM_F_CREATE should be set when creating new route [ 350.400408][T11401] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 350.402533][T11401] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 350.404952][T11401] vhci_hcd vhci_hcd.0: Device attached [ 350.528707][T11407] autofs: Unknown parameter '0x0000000000000000' [ 350.601952][T11411] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1599'. [ 350.636119][T11412] netlink: 'syz.0.1598': attribute type 13 has an invalid length. [ 350.650403][ T5983] usb 43-1: new high-speed USB device number 13 using vhci_hcd [ 350.739112][T11414] netlink: 'syz.2.1600': attribute type 10 has an invalid length. [ 350.742276][T11414] bond0: (slave wlan1): Opening slave failed [ 350.750488][ T2291] usb 6-1: new high-speed USB device number 84 using dummy_hcd [ 350.902505][ T2291] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 350.907040][ T2291] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 350.911828][ T2291] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 350.914996][ T2291] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 350.917503][ T2291] usb 6-1: Manufacturer: syz [ 350.927465][ T2291] usb 6-1: config 0 descriptor?? [ 350.958839][T11402] vhci_hcd: connection reset by peer [ 350.961330][ T12] vhci_hcd: stop threads [ 350.962786][ T12] vhci_hcd: release socket [ 350.964336][ T12] vhci_hcd: disconnect device [ 350.970411][ T2291] rc_core: IR keymap rc-hauppauge not found [ 350.972291][ T2291] Registered IR keymap rc-empty [ 350.980657][ T2291] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 350.985164][ T2291] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input77 [ 351.000397][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 351.028356][T11420] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 351.030463][T11420] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 351.036084][T11420] vhci_hcd vhci_hcd.0: Device attached [ 351.137268][ T2291] usb 6-1: USB disconnect, device number 84 [ 351.280386][ T6035] usb 41-1: new high-speed USB device number 12 using vhci_hcd [ 351.394825][T11424] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1603'. [ 351.634396][T11421] vhci_hcd: connection reset by peer [ 351.636863][ T46] vhci_hcd: stop threads [ 351.638252][ T46] vhci_hcd: release socket [ 351.639793][ T46] vhci_hcd: disconnect device [ 351.682194][T11435] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 351.852812][T11443] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1609'. [ 352.040337][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 352.239186][T11451] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.1611'. [ 352.278259][T11453] autofs: Unknown parameter '0x0000000000000000' [ 352.307972][T11455] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1613'. [ 352.335876][T11457] netlink: 'syz.2.1612': attribute type 13 has an invalid length. [ 352.344638][ T58] Process accounting resumed [ 352.347343][T11458] netlink: 'syz.0.1614': attribute type 1 has an invalid length. [ 352.349874][T11458] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1614'. [ 352.372155][T11457] block nbd2: shutting down sockets [ 352.583935][T11463] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 352.699304][T11466] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.1617'. [ 353.080373][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 353.105988][T11469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1618'. [ 354.120393][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 354.151821][T11490] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1623'. [ 354.166577][ T58] Process accounting resumed [ 354.183035][T11492] netlink: 'syz.1.1624': attribute type 1 has an invalid length. [ 354.187092][T11494] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 354.189374][T11494] IPv6: NLM_F_CREATE should be set when creating new route [ 354.822401][T11504] autofs: Unknown parameter '0x0000000000000000' [ 354.912349][T11505] netlink: 'syz.3.1629': attribute type 13 has an invalid length. [ 354.982980][T11505] block nbd3: shutting down sockets [ 355.160365][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 355.422168][T11513] fuse: Unknown parameter 'group_ΕΜ00000000000000000000' [ 355.495685][T11516] __nla_validate_parse: 3 callbacks suppressed [ 355.495697][T11516] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1633'. [ 355.562204][T11522] netlink: 'syz.1.1632': attribute type 13 has an invalid length. [ 355.643744][ T5947] block nbd1: Receive control failed (result -107) [ 355.680200][T11522] block nbd1: shutting down sockets [ 355.748928][T11528] FAULT_INJECTION: forcing a failure. [ 355.748928][T11528] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 355.779686][T11528] CPU: 1 UID: 0 PID: 11528 Comm: syz.2.1634 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 355.779714][T11528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 355.779721][T11528] Call Trace: [ 355.779726][T11528] [ 355.779730][T11528] dump_stack_lvl+0x16c/0x1f0 [ 355.779750][T11528] should_fail_ex+0x512/0x640 [ 355.779769][T11528] _copy_from_user+0x2e/0xd0 [ 355.779788][T11528] sctp_getsockopt+0x8d5/0x6b10 [ 355.779802][T11528] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 355.779817][T11528] ? __pfx_sctp_getsockopt+0x10/0x10 [ 355.779831][T11528] ? __lock_acquire+0xaa4/0x1ba0 [ 355.779852][T11528] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 355.779873][T11528] ? lock_acquire+0x179/0x350 [ 355.779886][T11528] ? __pfx___might_resched+0x10/0x10 [ 355.779902][T11528] ? aa_sk_perm+0x2f4/0xb10 [ 355.779916][T11528] ? __pfx_aa_sk_perm+0x10/0x10 [ 355.779930][T11528] ? __schedule+0x1186/0x5de0 [ 355.779945][T11528] ? sock_common_getsockopt+0x21/0xb0 [ 355.779960][T11528] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 355.779976][T11528] do_sock_getsockopt+0x3ff/0x800 [ 355.779994][T11528] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 355.780009][T11528] ? __fget_files+0x204/0x3c0 [ 355.780026][T11528] __sys_getsockopt+0x123/0x1a0 [ 355.780041][T11528] __ia32_sys_getsockopt+0xbc/0x160 [ 355.780053][T11528] ? lockdep_hardirqs_on+0x7c/0x110 [ 355.780068][T11528] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 355.780084][T11528] __do_fast_syscall_32+0x73/0x120 [ 355.780101][T11528] do_fast_syscall_32+0x32/0x80 [ 355.780118][T11528] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 355.780131][T11528] RIP: 0023:0xf7f92579 [ 355.780140][T11528] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 355.780151][T11528] RSP: 002b:00000000f507455c EFLAGS: 00000296 ORIG_RAX: 000000000000016d [ 355.780161][T11528] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000084 [ 355.780168][T11528] RDX: 0000000000000066 RSI: 0000000080000080 RDI: 0000000080000000 [ 355.780174][T11528] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 355.780180][T11528] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 355.780186][T11528] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 355.780200][T11528] [ 355.832919][T11526] 9pnet_fd: Insufficient options for proto=fd [ 355.839937][ T5983] vhci_hcd: vhci_device speed not set [ 355.891661][ T6004] Process accounting resumed [ 355.908036][T11529] netlink: 'syz.0.1635': attribute type 1 has an invalid length. [ 355.911901][T11529] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1635'. [ 356.200398][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 356.430451][ T6035] vhci_hcd: vhci_device speed not set [ 356.460211][T11538] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.1638'. [ 356.783692][T11549] fuse: Unknown parameter 'group_ΕΜ00000000000000000000' [ 357.240470][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 357.422789][T11557] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1644'. [ 357.725404][T11563] 9pnet_fd: Insufficient options for proto=fd [ 358.280357][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 358.315680][T11574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1649'. [ 358.436251][T11577] netlink: 'syz.3.1650': attribute type 1 has an invalid length. [ 358.541613][ T29] Process accounting resumed [ 358.566185][T11581] netlink: 'syz.1.1648': attribute type 1 has an invalid length. [ 358.568648][T11581] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1648'. [ 358.663655][T11584] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1652'. [ 358.680553][ T6004] usb 8-1: new full-speed USB device number 70 using dummy_hcd [ 358.745343][T11589] FAULT_INJECTION: forcing a failure. [ 358.745343][T11589] name failslab, interval 1, probability 0, space 0, times 0 [ 358.749281][T11589] CPU: 2 UID: 0 PID: 11589 Comm: syz.2.1654 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 358.749298][T11589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 358.749305][T11589] Call Trace: [ 358.749309][T11589] [ 358.749314][T11589] dump_stack_lvl+0x16c/0x1f0 [ 358.749334][T11589] should_fail_ex+0x512/0x640 [ 358.749351][T11589] ? fs_reclaim_acquire+0xae/0x150 [ 358.749369][T11589] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 358.749384][T11589] should_failslab+0xc2/0x120 [ 358.749399][T11589] __kmalloc_noprof+0xd2/0x510 [ 358.749415][T11589] tomoyo_realpath_from_path+0xc2/0x6e0 [ 358.749431][T11589] ? tomoyo_profile+0x47/0x60 [ 358.749445][T11589] tomoyo_path_number_perm+0x245/0x580 [ 358.749458][T11589] ? tomoyo_path_number_perm+0x237/0x580 [ 358.749472][T11589] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 358.749500][T11589] ? find_held_lock+0x2b/0x80 [ 358.749510][T11589] ? hook_file_ioctl_common+0x145/0x410 [ 358.749523][T11589] ? __fget_files+0x204/0x3c0 [ 358.749535][T11589] ? __fget_files+0x20e/0x3c0 [ 358.749544][T11589] ? fput+0x10/0xf0 [ 358.749559][T11589] security_file_ioctl_compat+0x9b/0x240 [ 358.749575][T11589] __ia32_compat_sys_ioctl+0xc3/0x360 [ 358.749592][T11589] __do_fast_syscall_32+0x73/0x120 [ 358.749610][T11589] do_fast_syscall_32+0x32/0x80 [ 358.749626][T11589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 358.749655][T11589] RIP: 0023:0xf7f92579 [ 358.749665][T11589] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 358.749675][T11589] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 358.749685][T11589] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c008561c [ 358.749692][T11589] RDX: 0000000080000400 RSI: 0000000000000000 RDI: 0000000000000000 [ 358.749698][T11589] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 358.749704][T11589] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 358.749710][T11589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 358.749723][T11589] [ 358.749728][T11589] ERROR: Out of memory at tomoyo_realpath_from_path. [ 358.832005][ T6004] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 358.835174][ T6004] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 358.838005][ T6004] usb 8-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 358.840983][ T6004] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.845021][ T6004] usb 8-1: config 0 descriptor?? [ 358.853371][ T6004] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 358.855599][ T6004] dvb-usb: bulk message failed: -22 (3/0) [ 358.858697][ T6004] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 358.862183][ T6004] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 358.865782][ T6004] usb 8-1: media controller created [ 358.868097][ T6004] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 358.874281][ T6004] dvb-usb: bulk message failed: -22 (6/0) [ 358.876234][ T6004] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 358.879760][ T6004] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb8/8-1/input/input78 [ 358.886200][ T6004] dvb-usb: schedule remote query interval to 150 msecs. [ 358.888983][ T6004] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 359.040380][ T6004] dvb-usb: bulk message failed: -22 (1/0) [ 359.042263][ T6004] dvb-usb: error while querying for an remote control event. [ 359.060469][T11577] 8021q: adding VLAN 0 to HW filter on device bond19 [ 359.210441][ T6004] dvb-usb: bulk message failed: -22 (1/0) [ 359.212268][ T6004] dvb-usb: error while querying for an remote control event. [ 359.235429][ T5982] usb 8-1: USB disconnect, device number 70 [ 359.245279][ T5982] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 359.320344][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 359.347712][T11607] FAULT_INJECTION: forcing a failure. [ 359.347712][T11607] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 359.352205][T11607] CPU: 1 UID: 0 PID: 11607 Comm: syz.1.1657 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 359.352231][T11607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 359.352238][T11607] Call Trace: [ 359.352243][T11607] [ 359.352248][T11607] dump_stack_lvl+0x16c/0x1f0 [ 359.352268][T11607] should_fail_ex+0x512/0x640 [ 359.352286][T11607] strncpy_from_user+0x3b/0x2e0 [ 359.352303][T11607] __do_sys_add_key+0xce/0x470 [ 359.352315][T11607] ? __pfx___do_sys_add_key+0x10/0x10 [ 359.352324][T11607] ? ksys_write+0x1b9/0x240 [ 359.352337][T11607] ? rcu_is_watching+0x12/0xc0 [ 359.352351][T11607] __do_fast_syscall_32+0x73/0x120 [ 359.352368][T11607] do_fast_syscall_32+0x32/0x80 [ 359.352384][T11607] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 359.352403][T11607] RIP: 0023:0xf7f47579 [ 359.352415][T11607] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 359.352431][T11607] RSP: 002b:00000000f502455c EFLAGS: 00000296 ORIG_RAX: 000000000000011e [ 359.352446][T11607] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000000000 [ 359.352455][T11607] RDX: 00000000800002c0 RSI: 00000000000fffff RDI: 00000000fffffffe [ 359.352464][T11607] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 359.352473][T11607] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 359.352482][T11607] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 359.352505][T11607] [ 360.182180][T11620] netlink: 'syz.0.1667': attribute type 13 has an invalid length. [ 360.360412][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 360.400524][ T6239] usb 8-1: new high-speed USB device number 71 using dummy_hcd [ 360.540477][ T6239] usb 8-1: device descriptor read/64, error -71 [ 360.780390][ T6239] usb 8-1: new high-speed USB device number 72 using dummy_hcd [ 360.848399][T11628] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1663'. [ 360.910421][ T6239] usb 8-1: device descriptor read/64, error -71 [ 361.020525][ T6239] usb usb8-port1: attempt power cycle [ 361.119029][T11639] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 361.190428][T11639] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 361.283240][ T6035] Process accounting resumed [ 361.321434][T11645] netlink: 'syz.2.1665': attribute type 1 has an invalid length. [ 361.323922][T11645] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1665'. [ 361.333598][T11644] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12) [ 361.335728][T11644] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 361.338265][T11644] vhci_hcd vhci_hcd.0: Device attached [ 361.360516][ T6239] usb 8-1: new high-speed USB device number 73 using dummy_hcd [ 361.380846][ T6239] usb 8-1: device descriptor read/8, error -71 [ 361.400425][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 361.590438][ T6035] usb 37-1: new high-speed USB device number 12 using vhci_hcd [ 361.640382][ T6239] usb 8-1: new high-speed USB device number 74 using dummy_hcd [ 361.660884][ T6239] usb 8-1: device descriptor read/8, error -71 [ 361.770928][ T6239] usb usb8-port1: unable to enumerate USB device [ 361.786127][T11651] vhci_hcd: connection reset by peer [ 361.788153][ T1139] vhci_hcd: stop threads [ 361.789773][ T1139] vhci_hcd: release socket [ 361.791483][ T1139] vhci_hcd: disconnect device [ 362.120512][ T5983] usb 7-1: new high-speed USB device number 71 using dummy_hcd [ 362.263501][T11660] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1671'. [ 362.282139][ T5983] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 362.286775][ T5983] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 362.291620][ T5983] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 362.296185][ T5983] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 362.330399][ T29] usb 8-1: new high-speed USB device number 75 using dummy_hcd [ 362.333290][ T5983] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 362.336182][ T5983] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.341832][ T5983] usb 7-1: config 0 descriptor?? [ 362.343940][T11655] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 362.387065][T11662] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 362.440364][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 362.460501][ T29] usb 8-1: device descriptor read/64, error -71 [ 362.522089][T11666] netlink: 'syz.0.1673': attribute type 13 has an invalid length. [ 362.700380][ T29] usb 8-1: new high-speed USB device number 76 using dummy_hcd [ 362.755947][ T5983] plantronics 0003:047F:FFFF.0004: reserved main item tag 0xd [ 362.759537][ T5983] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 362.767072][ T5983] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 362.840413][ T29] usb 8-1: device descriptor read/64, error -71 [ 363.039619][ T29] usb usb8-port1: attempt power cycle [ 363.368189][T11674] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1674'. [ 363.480374][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 363.790587][ T5982] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 363.942634][ T5982] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 363.946323][ T5982] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 363.949799][ T5982] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 363.953850][ T5982] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 363.958838][ T5982] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 363.962886][ T5982] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.967518][ T5982] usb 5-1: config 0 descriptor?? [ 363.969975][T11679] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 364.376020][ T5982] plantronics 0003:047F:FFFF.0005: reserved main item tag 0xd [ 364.380066][ T5982] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 364.390537][ T5982] plantronics 0003:047F:FFFF.0005: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 364.436682][ T29] Process accounting resumed [ 364.454764][T11690] netlink: 'syz.1.1677': attribute type 1 has an invalid length. [ 364.457345][T11690] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1677'. [ 364.520446][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 364.771449][T11692] FAULT_INJECTION: forcing a failure. [ 364.771449][T11692] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 364.772710][T11692] [ 364.772717][T11692] ====================================================== [ 364.772722][T11692] WARNING: possible circular locking dependency detected [ 364.772729][T11692] 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 Not tainted [ 364.772737][T11692] ------------------------------------------------------ [ 364.772743][T11692] syz.0.1676/11692 is trying to acquire lock: [ 364.772751][T11692] ffffffff8e2ccec0 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0 [ 364.772790][T11692] [ 364.772790][T11692] but task is already holding lock: [ 364.772793][T11692] ffff88802b239f18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 364.772814][T11692] [ 364.772814][T11692] which lock already depends on the new lock. [ 364.772814][T11692] [ 364.772817][T11692] [ 364.772817][T11692] the existing dependency chain (in reverse order) is: [ 364.772821][T11692] [ 364.772821][T11692] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 364.772833][T11692] _raw_spin_lock_nested+0x31/0x40 [ 364.772847][T11692] raw_spin_rq_lock_nested+0x29/0x130 [ 364.772856][T11692] task_rq_lock+0xcf/0x490 [ 364.772865][T11692] cgroup_move_task+0x81/0x2a0 [ 364.772878][T11692] css_set_move_task+0x288/0x5f0 [ 364.772890][T11692] cgroup_post_fork+0x201/0x9e0 [ 364.772904][T11692] copy_process+0x5006/0x91a0 [ 364.772917][T11692] kernel_clone+0xfc/0x960 [ 364.772929][T11692] user_mode_thread+0xc7/0x110 [ 364.772941][T11692] rest_init+0x23/0x2b0 [ 364.772950][T11692] start_kernel+0x3e9/0x4d0 [ 364.772965][T11692] x86_64_start_reservations+0x18/0x30 [ 364.772979][T11692] x86_64_start_kernel+0xb0/0xc0 [ 364.772993][T11692] common_startup_64+0x13e/0x148 [ 364.773004][T11692] [ 364.773004][T11692] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 364.773016][T11692] _raw_spin_lock_irqsave+0x3a/0x60 [ 364.773029][T11692] try_to_wake_up+0xb2/0x1680 [ 364.773038][T11692] __wake_up_common+0x132/0x1f0 [ 364.773051][T11692] __wake_up+0x31/0x60 [ 364.773061][T11692] tty_port_default_wakeup+0x2a/0x40 [ 364.773075][T11692] serial8250_tx_chars+0x68e/0x860 [ 364.773088][T11692] serial8250_handle_irq+0x761/0xcb0 [ 364.773102][T11692] serial8250_default_handle_irq+0x9a/0x210 [ 364.773116][T11692] serial8250_interrupt+0x106/0x210 [ 364.773136][T11692] __handle_irq_event_percpu+0x22c/0x7d0 [ 364.773146][T11692] handle_irq_event+0xab/0x1e0 [ 364.773154][T11692] handle_edge_irq+0x263/0xd10 [ 364.773169][T11692] __common_interrupt+0xe2/0x250 [ 364.773183][T11692] common_interrupt+0xba/0xe0 [ 364.773193][T11692] asm_common_interrupt+0x26/0x40 [ 364.773202][T11692] pv_native_safe_halt+0xf/0x20 [ 364.773215][T11692] default_idle+0x13/0x20 [ 364.773223][T11692] default_idle_call+0x6d/0xb0 [ 364.773231][T11692] do_idle+0x391/0x510 [ 364.773241][T11692] cpu_startup_entry+0x4f/0x60 [ 364.773250][T11692] start_secondary+0x21d/0x2b0 [ 364.773265][T11692] common_startup_64+0x13e/0x148 [ 364.773276][T11692] [ 364.773276][T11692] -> #2 (&tty->write_wait){-...}-{3:3}: [ 364.773288][T11692] _raw_spin_lock_irqsave+0x3a/0x60 [ 364.773300][T11692] __wake_up+0x1c/0x60 [ 364.773310][T11692] tty_port_default_wakeup+0x2a/0x40 [ 364.773323][T11692] serial8250_tx_chars+0x68e/0x860 [ 364.773335][T11692] __start_tx+0x3e9/0x4a0 [ 364.773348][T11692] serial8250_start_tx+0x368/0x530 [ 364.773361][T11692] __uart_start+0x292/0x4c0 [ 364.773369][T11692] uart_write+0x218/0xb30 [ 364.773381][T11692] n_tty_write+0x40f/0x1160 [ 364.773395][T11692] file_tty_write.constprop.0+0x502/0x9b0 [ 364.773407][T11692] redirected_tty_write+0xd4/0x150 [ 364.773418][T11692] vfs_write+0x5bd/0x1180 [ 364.773428][T11692] ksys_write+0x12a/0x240 [ 364.773436][T11692] do_syscall_64+0xcd/0x230 [ 364.773451][T11692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.773460][T11692] [ 364.773460][T11692] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 364.773472][T11692] _raw_spin_lock_irqsave+0x3a/0x60 [ 364.773484][T11692] serial8250_console_write+0x181/0x1890 [ 364.773499][T11692] console_flush_all+0x801/0xc60 [ 364.773507][T11692] console_unlock+0xd8/0x210 [ 364.773515][T11692] vprintk_emit+0x418/0x6d0 [ 364.773523][T11692] _printk+0xc7/0x100 [ 364.773535][T11692] register_console+0xc2d/0x11b0 [ 364.773544][T11692] univ8250_console_init+0x5f/0x90 [ 364.773557][T11692] console_init+0x14f/0x680 [ 364.773571][T11692] start_kernel+0x29f/0x4d0 [ 364.773611][T11692] x86_64_start_reservations+0x18/0x30 [ 364.773626][T11692] x86_64_start_kernel+0xb0/0xc0 [ 364.773639][T11692] common_startup_64+0x13e/0x148 [ 364.773650][T11692] [ 364.773650][T11692] -> #0 (console_owner){-.-.}-{0:0}: [ 364.773663][T11692] __lock_acquire+0x1173/0x1ba0 [ 364.773675][T11692] lock_acquire+0x179/0x350 [ 364.773687][T11692] console_lock_spinning_enable+0xb0/0xd0 [ 364.773702][T11692] console_flush_all+0x7aa/0xc60 [ 364.773710][T11692] console_unlock+0xd8/0x210 [ 364.773717][T11692] vprintk_emit+0x418/0x6d0 [ 364.773726][T11692] _printk+0xc7/0x100 [ 364.773737][T11692] should_fail_ex+0x4e7/0x640 [ 364.773751][T11692] strncpy_from_user+0x3b/0x2e0 [ 364.773764][T11692] strncpy_from_user_nofault+0x7f/0x180 [ 364.773779][T11692] bpf_probe_read_compat_str+0xf1/0x170 [ 364.773790][T11692] bpf_prog_c1796171ffc7efef+0x3e/0x44 [ 364.773798][T11692] bpf_trace_run4+0x24c/0x5a0 [ 364.773809][T11692] __bpf_trace_sched_switch+0x145/0x190 [ 364.773819][T11692] __traceiter_sched_switch+0x6c/0xc0 [ 364.773834][T11692] __schedule+0x1bf3/0x5de0 [ 364.773845][T11692] schedule+0xe7/0x3a0 [ 364.773857][T11692] syscall_exit_to_user_mode+0xf5/0x2a0 [ 364.773871][T11692] __do_fast_syscall_32+0x80/0x120 [ 364.773887][T11692] do_fast_syscall_32+0x32/0x80 [ 364.773901][T11692] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 364.773913][T11692] [ 364.773913][T11692] other info that might help us debug this: [ 364.773913][T11692] [ 364.773916][T11692] Chain exists of: [ 364.773916][T11692] console_owner --> &p->pi_lock --> &rq->__lock [ 364.773916][T11692] [ 364.773929][T11692] Possible unsafe locking scenario: [ 364.773929][T11692] [ 364.773932][T11692] CPU0 CPU1 [ 364.773935][T11692] ---- ---- [ 364.773938][T11692] lock(&rq->__lock); [ 364.773943][T11692] lock(&p->pi_lock); [ 364.773950][T11692] lock(&rq->__lock); [ 364.773956][T11692] lock(console_owner); [ 364.773962][T11692] [ 364.773962][T11692] *** DEADLOCK *** [ 364.773962][T11692] [ 364.773964][T11692] 4 locks held by syz.0.1676/11692: [ 364.773970][T11692] #0: ffff88802b239f18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 364.773991][T11692] #1: ffffffff8e3bfa80 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1cf/0x5a0 [ 364.774015][T11692] #2: ffffffff8e3ad300 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100 [ 364.774039][T11692] #3: ffffffff8e3ad370 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60 [ 364.774060][T11692] [ 364.774060][T11692] stack backtrace: [ 364.774065][T11692] CPU: 1 UID: 0 PID: 11692 Comm: syz.0.1676 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 364.774078][T11692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 364.774085][T11692] Call Trace: [ 364.774088][T11692] [ 364.774092][T11692] dump_stack_lvl+0x116/0x1f0 [ 364.774108][T11692] print_circular_bug+0x275/0x350 [ 364.774122][T11692] check_noncircular+0x14c/0x170 [ 364.774142][T11692] __lock_acquire+0x1173/0x1ba0 [ 364.774158][T11692] lock_acquire+0x179/0x350 [ 364.774171][T11692] ? console_lock_spinning_enable+0x9f/0xd0 [ 364.774188][T11692] ? console_lock_spinning_enable+0x88/0xd0 [ 364.774205][T11692] console_lock_spinning_enable+0xb0/0xd0 [ 364.774221][T11692] ? console_lock_spinning_enable+0x9f/0xd0 [ 364.774237][T11692] console_flush_all+0x7aa/0xc60 [ 364.774248][T11692] ? __pfx_console_flush_all+0x10/0x10 [ 364.774259][T11692] ? is_printk_cpu_sync_owner+0x32/0x40 [ 364.774271][T11692] console_unlock+0xd8/0x210 [ 364.774280][T11692] ? __pfx_console_unlock+0x10/0x10 [ 364.774288][T11692] ? do_raw_spin_unlock+0x100/0x230 [ 364.774305][T11692] ? _printk+0xc7/0x100 [ 364.774318][T11692] ? __down_trylock_console_sem+0xb0/0x140 [ 364.774333][T11692] vprintk_emit+0x418/0x6d0 [ 364.774342][T11692] ? __pfx_vprintk_emit+0x10/0x10 [ 364.774354][T11692] _printk+0xc7/0x100 [ 364.774366][T11692] ? __pfx__printk+0x10/0x10 [ 364.774380][T11692] ? ___ratelimit+0x24c/0x570 [ 364.774394][T11692] ? __pfx____ratelimit+0x10/0x10 [ 364.774409][T11692] should_fail_ex+0x4e7/0x640 [ 364.774424][T11692] strncpy_from_user+0x3b/0x2e0 [ 364.774438][T11692] strncpy_from_user_nofault+0x7f/0x180 [ 364.774454][T11692] bpf_probe_read_compat_str+0xf1/0x170 [ 364.774466][T11692] bpf_prog_c1796171ffc7efef+0x3e/0x44 [ 364.774474][T11692] bpf_trace_run4+0x24c/0x5a0 [ 364.774487][T11692] ? __pfx_bpf_trace_run4+0x10/0x10 [ 364.774502][T11692] __bpf_trace_sched_switch+0x145/0x190 [ 364.774513][T11692] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 364.774523][T11692] ? dl_scaled_delta_exec+0xdb/0x2e0 [ 364.774538][T11692] ? plist_check_prev_next+0x12a/0x1a0 [ 364.774551][T11692] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 364.774567][T11692] __traceiter_sched_switch+0x6c/0xc0 [ 364.774582][T11692] ? set_next_task_rt+0x2eb/0x6a0 [ 364.774595][T11692] __schedule+0x1bf3/0x5de0 [ 364.774608][T11692] ? ksys_write+0x190/0x240 [ 364.774621][T11692] ? __pfx___schedule+0x10/0x10 [ 364.774634][T11692] ? __fget_files+0x20e/0x3c0 [ 364.774644][T11692] ? fput+0x70/0xf0 [ 364.774656][T11692] ? ksys_write+0x1b9/0x240 [ 364.774667][T11692] schedule+0xe7/0x3a0 [ 364.774680][T11692] syscall_exit_to_user_mode+0xf5/0x2a0 [ 364.774695][T11692] __do_fast_syscall_32+0x80/0x120 [ 364.774711][T11692] do_fast_syscall_32+0x32/0x80 [ 364.774727][T11692] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 364.774739][T11692] RIP: 0023:0xf702e579 [ 364.774747][T11692] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 364.774758][T11692] RSP: 002b:00000000f4fdc590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 364.774767][T11692] RAX: 0000000000000001 RBX: 000000000000000b RCX: 00000000f4fdc610 [ 364.774773][T11692] RDX: 0000000000000001 RSI: 00000000f7392ff4 RDI: 0000000000000000 [ 364.774779][T11692] RBP: 00000000f73c50a0 R08: 0000000000000000 R09: 0000000000000000 [ 364.774785][T11692] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 364.774791][T11692] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 364.774800][T11692] [ 365.106589][T11692] CPU: 1 UID: 0 PID: 11692 Comm: syz.0.1676 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 365.106605][T11692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 365.106612][T11692] Call Trace: [ 365.106617][T11692] [ 365.106623][T11692] dump_stack_lvl+0x116/0x1f0 [ 365.106651][T11692] should_fail_ex+0x512/0x640 [ 365.106669][T11692] strncpy_from_user+0x3b/0x2e0 [ 365.106684][T11692] strncpy_from_user_nofault+0x7f/0x180 [ 365.106700][T11692] bpf_probe_read_compat_str+0xf1/0x170 [ 365.106714][T11692] bpf_prog_c1796171ffc7efef+0x3e/0x44 [ 365.106723][T11692] bpf_trace_run4+0x24c/0x5a0 [ 365.106736][T11692] ? __pfx_bpf_trace_run4+0x10/0x10 [ 365.106751][T11692] __bpf_trace_sched_switch+0x145/0x190 [ 365.106763][T11692] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 365.106773][T11692] ? dl_scaled_delta_exec+0xdb/0x2e0 [ 365.106790][T11692] ? plist_check_prev_next+0x12a/0x1a0 [ 365.106803][T11692] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 365.106819][T11692] __traceiter_sched_switch+0x6c/0xc0 [ 365.106836][T11692] ? set_next_task_rt+0x2eb/0x6a0 [ 365.106849][T11692] __schedule+0x1bf3/0x5de0 [ 365.106863][T11692] ? ksys_write+0x190/0x240 [ 365.106876][T11692] ? __pfx___schedule+0x10/0x10 [ 365.106889][T11692] ? __fget_files+0x20e/0x3c0 [ 365.106900][T11692] ? fput+0x70/0xf0 [ 365.106912][T11692] ? ksys_write+0x1b9/0x240 [ 365.106923][T11692] schedule+0xe7/0x3a0 [ 365.106936][T11692] syscall_exit_to_user_mode+0xf5/0x2a0 [ 365.106952][T11692] __do_fast_syscall_32+0x80/0x120 [ 365.106969][T11692] do_fast_syscall_32+0x32/0x80 [ 365.106984][T11692] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 365.106998][T11692] RIP: 0023:0xf702e579 [ 365.107007][T11692] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 365.107017][T11692] RSP: 002b:00000000f4fdc590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 365.107027][T11692] RAX: 0000000000000001 RBX: 000000000000000b RCX: 00000000f4fdc610 [ 365.107033][T11692] RDX: 0000000000000001 RSI: 00000000f7392ff4 RDI: 0000000000000000 [ 365.107039][T11692] RBP: 00000000f73c50a0 R08: 0000000000000000 R09: 0000000000000000 [ 365.107045][T11692] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 365.107051][T11692] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 365.107060][T11692] [ 365.193337][ T29] usb 7-1: USB disconnect, device number 71 [ 365.560464][ C2] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 366.569216][ T29] usb 5-1: USB disconnect, device number 77 [ 366.600365][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 366.680805][ T6035] vhci_hcd: vhci_device speed not set [ 367.640323][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 368.690407][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 369.720429][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 370.770415][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 371.800526][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 372.840400][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 373.880469][ C0] IPVS: wrr: UDP 224.0.0.2:0 - no destination available VM DIAGNOSIS: 01:11:53 Registers: info registers vcpu 0 CPU#0 RAX=0000000080010003 RBX=0000000000000003 RCX=ffffffff8168f4f6 RDX=ffffffff8e097740 RSI=ffffffff8169254c RDI=0000000000000000 RBP=ffff88802b239f00 RSP=ffffc90000007b18 R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=ffffc90000007ff8 R12=0000000000000003 R13=0000000000000003 R14=ffff88802b23ae40 R15=ffffed10056473e0 RIP=ffffffff8169254d RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977ea000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000002116f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854c3af5 RDI=ffffffff9ade1c40 RBP=ffffffff9ade1c00 RSP=ffffc90006b5f568 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000020 R14=ffffffff9ade1c00 R15=ffffffff854c3a90 RIP=ffffffff854c3b1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978ea000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000006d7e9000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff888029c8fb80 RCX=0000000000000000 RDX=ffffc90006b2fd70 RSI=0000000000000000 RDI=ffff888029c8fb80 RBP=0000000000000000 RSP=ffffc90006b2f730 R8 =0000000000000000 R9 =ffffffff894171b0 R10=0000000000000001 R11=0000000000000000 R12=0000000000000000 R13=ffffc90006b2fd70 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff89417276 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880979ea000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000006d7e9000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a ffffffff86795fbd 0000000100000004 0000000600040008 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000696 0000001400000000 0000000000000000 0000000000000017 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1404000c80030008 0004080014080006 006fb02e00000821 0000000d00000001 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 49b40072656d6974 2f646e732f766564 2f01ffffffffffff ffffe10800030008 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000c800220a08208 000008000fffffff ff02010000000806 0c0167a80008000c ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 b0030202000cae03 0000000000000000 000000000001ffff ffffffffffffe508 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0c94030202000c92 0303fe02000c9003 000488000c880302 b8c00484000c8403 ZMM24=923e1f3b923e1f3b 923e1f3b923e1f3b 923e1f3b923e1f3b 923e1f3b923e1f3b 923e1f3b923e1f3b 923e1f3b923e1f3b 923e1f3b923e1f3b 923e1f3b923e1f3b ZMM25=622551fd622551fd 622551fd622551fd 622551fd622551fd 622551fd622551fd 622551fd622551fd 622551fd622551fd 622551fd622551fd 622551fd622551fd ZMM26=298af0f2298af0f2 298af0f2298af0f2 298af0f2298af0f2 298af0f2298af0f2 298af0f2298af0f2 298af0f2298af0f2 298af0f2298af0f2 298af0f2298af0f2 ZMM27=0f2b1e5e0f2b1e5e 0f2b1e5e0f2b1e5e 0f2b1e5e0f2b1e5e 0f2b1e5e0f2b1e5e 0f2b1e5e0f2b1e5e 0f2b1e5e0f2b1e5e 0f2b1e5e0f2b1e5e 0f2b1e5e0f2b1e5e ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=f00c0000f00c0000 f00c0000f00c0000 f00c0000f00c0000 f00c0000f00c0000 f00c0000f00c0000 f00c0000f00c0000 f00c0000f00c0000 f00c0000f00c0000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff8168f4f6 RDX=ffff88801bf20000 RSI=ffffffff8169254c RDI=0000000000000000 RBP=ffff88802b53ae54 RSP=ffffc900005e8920 R8 =0000000000000000 R9 =0000000000000001 R10=0000000000000001 R11=ffffffff93a4ff00 R12=0000000000000001 R13=0000000000000001 R14=ffff88802b53ae40 R15=ffff88802b53ae48 RIP=ffffffff8169254d RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097aea000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=00000000232d2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000