last executing test programs: 8.906581007s ago: executing program 3 (id=2444): mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000001900)=0x4, 0x938, 0x1) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES8, @ANYRESOCT], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0xc0) ioctl$TIOCL_BLANKSCREEN(r1, 0x560e, &(0x7f0000000000)) ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f0000000040)={0x9, 0x2, 0x1000, 0x5}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x1000001, 0x38011, 0xffffffffffffffff, 0x2c9ab000) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000003c0)=[{&(0x7f00000009c0)=""/71, 0x47}, {&(0x7f00000004c0)=""/175, 0xaf}, {&(0x7f0000000580)=""/3, 0x3}, {&(0x7f00000005c0)=""/192, 0xc0}, {&(0x7f0000000680)}, {&(0x7f00000006c0)=""/71, 0x47}, {&(0x7f0000000800)=""/159, 0x9f}, {&(0x7f00000008c0)=""/197, 0xc5}], 0x8) open_tree(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x800) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000ffffffff00000000000300"/24], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r5 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r5, &(0x7f0000000080)={0x1d, r4, 0x0, {0x0, 0xf0, 0x5}}, 0x18) sendmsg$can_j1939(r5, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) close(r5) sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x1, 0x70bd25, 0x100000, {0x0, 0x0, 0x74, r4, {0x6, 0x8}, {0x5, 0xfff3}, {0xfff1, 0xffe0}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4010}, 0xc4) 8.202990939s ago: executing program 3 (id=2447): madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf) socket$phonet_pipe(0x23, 0x5, 0x2) socket$inet6(0xa, 0x3, 0x3a) syz_open_procfs(0x0, &(0x7f0000000240)='fdinfo/3\x00') close(0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd74) mkdir(&(0x7f0000000140)='./file0\x00', 0x12) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="64796e2c0072e8c40f1fb620707bfd5a02af870c1208bd33d92b0e057dfde2cc6682c36c04ebce5faa444e2de1bb5423e396cfdcd909e7b2"]) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x2, 0x80) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) prctl$PR_CAPBSET_READ(0x17, 0x22) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) (fail_nth: 1) openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x4c880, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x109442, 0x0) r3 = dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x13, r3, 0x1e) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) r6 = openat$cuse(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) splice(r5, 0x0, r6, 0x0, 0x7fff, 0x6) syz_open_procfs(0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) 7.869954137s ago: executing program 3 (id=2448): r0 = epoll_create1(0x80000) r1 = syz_open_procfs(0x0, &(0x7f0000000280)='fdinfo/3\x00') socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000003c0)=ANY=[@ANYRES8=r0, @ANYRES64=r1, @ANYBLOB="f8e2952ca6b0c8e88cf86105f0c828bf54f8b2814851b35f2a974829d3b1a92d0667ddbfa1363989e9aeb4b0fda319a181c899056117158764b71694c66e2e2b4b627cf027f84523459093cf5b6ef8b52289ebc84ff9fbc3597dc610c9208aec1e1a5d0eb6af9db065a2e255cba48e1405a576a7c942f0c18f5e14dc4b0100000000000000a46b", @ANYRESDEC=r1], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x36, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x6, &(0x7f0000000200)=0x20000009) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket(0x10, 0x3, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r7) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r7, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="0100"}) read(r5, &(0x7f0000000380)=""/1, 0x1) 7.471378741s ago: executing program 0 (id=2453): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000080)=0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) open_by_handle_at(r2, &(0x7f0000000480)=ANY=[@ANYRESDEC, @ANYRESHEX=r2, @ANYRES32=r0], 0x6fd3d0b4f5cc8e94) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCSMRU(r5, 0x40047452, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24006000}, 0x488c0) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRESDEC], 0x7c}}, 0x1) r6 = signalfd(r3, &(0x7f0000000180)={[0x1b33d2db, 0x80000001]}, 0x8) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x55, 0x101, 0x870, {0x3, 0x1}, {0x41, 0x402}, @period={0x5c, 0x780, 0x10, 0x2, 0x5, {0x0, 0x0, 0x860, 0x5}, 0x0, &(0x7f0000000140)}}) r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) syz_emit_ethernet(0x11c, &(0x7f0000000000)={@random="cf702e8cf675", @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0xe6, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @dev, [{0x2, 0x17, "703b744dc5c6a05fed0c0a28a5c04ec93b15911c51d9f1f265deed8eccd95784a601a0b0e6a4c3111b910f0173045fa2141e5b4595c5c99a9e655650a618f1e1b87d92c6bdc8822504781c5a026526818ceac3312187ff298ddd0b51e329a0555c732fabd5572626bc738bf5440cf57f442ac9bd7656e69c22df50f22d2bbe513c01be63f88b0536f418ebe0bf8f7e1c7ec73cf47ec436ed1d6060a46f881e8d701f56440e5259da2369e350ab54d342e18ac1fc323c56eee2eef13f"}]}}}}}}, 0x0) write$char_usb(r7, &(0x7f0000000040)="e2", 0x12d8) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x13, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vm(r8, 0x4018aee2, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000180)={0xac1d, 0x4}}) r9 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_ENUM_DV_TIMINGS(r9, 0xc0945662, &(0x7f0000000500)={0x1, 0x0, '\x00', {0x0, @bt={0xfffffff1, 0x8, 0x0, 0x0, 0xfff, 0x6, 0x280000, 0x3, 0x0, 0x5, 0xd, 0x9, 0x93f, 0x0, 0x4, 0x34, {0x4, 0xe2a4}, 0xca, 0x8}}}) ioctl$EVIOCGKEY(r7, 0x80404518, 0x0) ioctl$EVIOCSREP(r7, 0x40084503, &(0x7f0000000100)=[0xe16b, 0x4]) sendmsg$IPCTNL_MSG_CT_DELETE(r6, &(0x7f00000002c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x41) 7.230048034s ago: executing program 0 (id=2455): socket$can_raw(0x1d, 0x3, 0x1) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) syz_emit_ethernet(0x1a, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x4000000000002) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x13, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207baaf8ff00000000bda107000000000007010000f8ffffffb702000008000000b703000000000000850000000500000018010000202070250000000000202020c31af8ff00000000bfa100000000000007010000b8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x15) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="71756f7461c667727071756f74615f626c6f636b5f68646c69"]) read$FUSE(r4, &(0x7f0000000300)={0x2020}, 0x2020) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000380)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r6, 0x2}}, 0x18) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) socket$inet(0x2, 0x4000000000080001, 0x0) 6.335407367s ago: executing program 0 (id=2457): socket$kcm(0x2d, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x5885, 0x80, 0x10000000}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) 5.372465833s ago: executing program 0 (id=2462): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0x6}, {0xffff, 0x14}, {0xffff, 0x7}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}, @TCA_RATE={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48801}, 0x0) 5.279710938s ago: executing program 0 (id=2463): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000080)=0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) open_by_handle_at(r2, &(0x7f0000000480)=ANY=[@ANYRESDEC, @ANYRESHEX=r2, @ANYRES32=r0], 0x6fd3d0b4f5cc8e94) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCSMRU(r5, 0x40047452, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24006000}, 0x488c0) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRESDEC], 0x7c}}, 0x1) r6 = signalfd(r3, &(0x7f0000000180)={[0x1b33d2db, 0x80000001]}, 0x8) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x55, 0x101, 0x870, {0x3, 0x1}, {0x41, 0x402}, @period={0x5c, 0x780, 0x10, 0x2, 0x5, {0x0, 0x0, 0x860, 0x5}, 0x4, &(0x7f0000000140)=[0x7, 0x7ff, 0x9, 0x7fff]}}) r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) syz_emit_ethernet(0x11c, &(0x7f0000000000)={@random="cf702e8cf675", @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0xe6, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @dev, [{0x2, 0x17, "703b744dc5c6a05fed0c0a28a5c04ec93b15911c51d9f1f265deed8eccd95784a601a0b0e6a4c3111b910f0173045fa2141e5b4595c5c99a9e655650a618f1e1b87d92c6bdc8822504781c5a026526818ceac3312187ff298ddd0b51e329a0555c732fabd5572626bc738bf5440cf57f442ac9bd7656e69c22df50f22d2bbe513c01be63f88b0536f418ebe0bf8f7e1c7ec73cf47ec436ed1d6060a46f881e8d701f56440e5259da2369e350ab54d342e18ac1fc323c56eee2eef13f"}]}}}}}}, 0x0) write$char_usb(r7, &(0x7f0000000040)="e2", 0x12d8) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x13, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vm(r8, 0x4018aee2, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000180)={0xac1d, 0x4}}) r9 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_ENUM_DV_TIMINGS(r9, 0xc0945662, &(0x7f0000000500)={0x1, 0x0, '\x00', {0x0, @bt={0xfffffff1, 0x8, 0x0, 0x0, 0xfff, 0x6, 0x280000, 0x3, 0x0, 0x5, 0xd, 0x9, 0x93f, 0x0, 0x4, 0x34, {0x4, 0xe2a4}, 0xca, 0x8}}}) ioctl$EVIOCGKEY(r7, 0x80404518, 0x0) ioctl$EVIOCSREP(r7, 0x40084503, &(0x7f0000000100)=[0xe16b, 0x4]) sendmsg$IPCTNL_MSG_CT_DELETE(r6, &(0x7f00000002c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x41) 5.118001163s ago: executing program 0 (id=2464): r0 = epoll_create1(0x80000) r1 = syz_open_procfs(0x0, &(0x7f0000000280)='fdinfo/3\x00') socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000003c0)=ANY=[@ANYRES8=r0, @ANYRES64=r1, @ANYBLOB="f8e2952ca6b0c8e88cf86105f0c828bf54f8b2814851b35f2a974829d3b1a92d0667ddbfa1363989e9aeb4b0fda319a181c899056117158764b71694c66e2e2b4b627cf027f84523459093cf5b6ef8b52289ebc84ff9fbc3597dc610c9208aec1e1a5d0eb6af9db065a2e255cba48e1405a576a7c942f0c18f5e14dc4b0100000000000000a46b", @ANYRESDEC=r1], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x36, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x6, &(0x7f0000000200)=0x20000009) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket(0x10, 0x3, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r7) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r7, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="0100"}) read(r5, &(0x7f0000000380)=""/1, 0x1) 4.87053325s ago: executing program 3 (id=2456): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0) recvmmsg$unix(r1, &(0x7f0000003800)=[{{0x0, 0x0, &(0x7f0000003740)=[{&(0x7f0000001600)=""/4086, 0x10b8c}], 0x1}}], 0x1, 0x0, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty, 0x2}, 0x1c) r3 = socket$pppl2tp(0x18, 0x1, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) connect$pppl2tp(r3, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @multicast2}, 0x4, 0x0, 0x3}}, 0x2e) ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f0000000080)) syz_usb_connect(0x2, 0xaf4, &(0x7f0000002600)={{0x12, 0x1, 0x201, 0x50, 0x1, 0xb9, 0x8, 0xbfd, 0x3, 0x3cb8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xae2, 0x4, 0x4a, 0x4, 0xd0, 0x20, [{{0x9, 0x4, 0xd8, 0x7, 0x4, 0x9b, 0x8f, 0xe1, 0x83, [], [{{0x9, 0x5, 0xa, 0x10, 0x10, 0x3, 0x4, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x99, 0xfffa}, @generic={0xc9, 0x7, "6f22daeac8742629d912adeb640fc057236ac1f82824da0ad3b3d6782df47e4520ecd86ec25c4b879a9f9d79610b66980337f4ef3db51d324cb7cb3af9631567bfa5b32b3a5237a57948ed2bbded52a0936f3c2d2e35c521238fa2e0ae0fee77d0430bc513ee010cffb9dae40b7ff3791212b3a3379777f6eec66ecc1316ddff8b19369b9ae8ad1e7adb0bb17bfe686ed39e1834d1da53a5dfe8ce62c9773faaba8542157df2f4a30e69b0d4adfc746350115e413d9a2fa5d9d796d043af2b25ba913a4cf6e50c"}]}}, {{0x9, 0x5, 0xe, 0x4, 0x400, 0x2, 0x61, 0x6, [@generic={0x29, 0x30, "9ee35f47b044540f398c7aa85cb5dd843d6a7ed2ab22d08e2e695c61b172d22e2b2b6c898ebaa8"}]}}, {{0x9, 0x5, 0xf, 0x10, 0x8, 0x0, 0x2, 0x4f}}, {{0x9, 0x5, 0x8, 0x1, 0x200, 0x6, 0x3, 0x2c}}]}}, {{0x9, 0x4, 0xe5, 0x9, 0x9, 0x2d, 0x1a, 0xe4, 0x0, [], [{{0x9, 0x5, 0x80, 0x3, 0x8, 0x6, 0x2, 0x8, [@generic={0x82, 0xabf273a09f0c8edb, "6f49b8069640a13425dcfe480c9c1d6354744bfa993903155a6fe0344f527e1c1e8af8224069d1b1089aeacc49ca92d41d46102c500dcfae52fcdcf754c2844749e6c6f21f45b1d9f8fa2ce4c3e1f612460c2a389124bc3b14d07fedaa2c2c7f941611d35bcf58bc8905f797e2375e35a194967958aa980d175323fd1165fb9b"}]}}, {{0x9, 0x5, 0xf, 0x0, 0x10, 0x6, 0x4, 0x5}}, {{0x9, 0x5, 0xe, 0x1, 0x10, 0x81, 0x5, 0x7, [@generic={0xc, 0x22, "7df2221972a4ce7d59b4"}, @generic={0x87, 0x5, "196c2282eecd61d6eabdfd9d3693374f8f83415fb29afc7dd24701da22517cc25fa74dbfa088c9df3fbfcf15b855c4b2dfcd40a743e0f09b6165a3686d70112566eb524d0bdb2d88f26507b24f489ea6abf173e2262ed247c181c8be8eab4b544f1a46d00cb1601789629d8cd558e70c481c2c09e7b3bad2f056096775277ee05ebce0e6b4"}]}}, {{0x9, 0x5, 0x2, 0x0, 0x8, 0x3, 0xf4, 0x6, [@generic={0xd0, 0x11, "0045a151687a74b393893987c25a6cbb14c7864d22c43cd9a036c90ba4fc5e2290b0f3433fa0755690d8823a0f3bdc33fb1bf9c30168c2b3c525293409b8e05cd605c765898f91ce116de6c93890b3023451cf7f1dba969a8c2baf931a01835bdef175d2fdb04d9e4f1583c88433619f9002162a872bf13c7b1b65030003bf90ba3e510d11a5693baaf1f9288cf1f0046745ce3f956f27355fdd1a35423bfe26356f8092f7028ad23c69578683cddcb279176dc2b1202bb0f80ef8f6227a9440c22531e121122c30e8cd5be4566b"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x9, 0xa}]}}, {{0x9, 0x5, 0x1, 0x19, 0x8, 0x3, 0x3, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x1, 0x9}, @generic={0x102, 0x1, "81c969a7f64a50acb2e9c525f080fcd8c59980f88dc541e6536ee7fec4bf3026648bc6906145a706263162347ab9c09ebebef81521f9e10928679fdbfa5d5b19d0d30ca4f9d13983cb95d918cf72f3a4d67e0ddabf707d5b2ca0737a0a6e8e25dfad2a364e51a8a3f0871bd891dbec1958784fbe04c094b2318a9a84bcc5c371eba88bd975512fb39c36150bf945587a3f7c4f58a9bc7612130a270c04728eef8f901a1b84df34d6b29996c7fad953dcccfbf4f7057288130feb16893cfa4d0bd7223942085d48624d505e9718d6df13b1ea9c35a9e554d19e180f46ceebb1b83b63d87a2d3757beded26a1b413c24a403e1ece32e0a2a7f59ee1583bff9e8ee"}]}}, {{0x9, 0x5, 0xc, 0x10, 0x20, 0x8, 0xb, 0xc}}, {{0x9, 0x5, 0x3, 0x10, 0x40, 0x1, 0xfa, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x58, 0xa0ee}, @generic={0x4c, 0xe, "c459da819126b9c9ffb31692a0cd5360f306fd099c3c9f93c57762c70253ddf4c007389327757944070b69bf871b73a4a75c9734096412866e70100dd6f0bfb6b3609c37ea81d396a57f"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x200, 0x1, 0x40, 0x40, [@generic={0x62, 0x22, "8bc7cc8a742ea9bd10e510c17aba1210b84387d821aae0beb03e2517f6cffa3159fa1b9a8597472fe624aa31859115edaa6c29515853a37e7ba5b9b1f27abd9fc0a56a20d57758f4569d95545a164273935ad1f83e8e4d3357604099ab6ddfea"}]}}, {{0x9, 0x5, 0x4, 0xc, 0x8, 0x4, 0x1, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x82}, @generic={0xde, 0x5, "5bf905663181b61e63ea495b7e6aeb534af840dcd48621c147f2cabc3ac3a12b5955d8a76f097a0f56f582f253c633383d1c2c62a19144da448257f48f2234e6931369e14659bc548fcc2f0f2a8f5851a3803fc0d9c379d2c4de22a740928ce70abf07f8b518d52437586907233b662a08a635f8c7b6cb481c143ad34f38b83200081e0e3f98acf78fc60b5510bec7547002897b275039211edcffa3e8eaab2aa0b3cc0e1bfb5cca1c580fc7fd49f64d4d4ba9f104b8c99d0803fa990eb042430fba61529f00e2a5b8ad5a49726d82e2dac4f718ac31deb1bbb4aed6"}]}}]}}, {{0x9, 0x4, 0x8, 0x2, 0x6, 0xf5, 0x6c, 0x96, 0xc0, [@hid_hid={0x9, 0x21, 0x8000, 0x8, 0x1, {0x22, 0xfa6}}], [{{0x9, 0x5, 0x0, 0x2, 0x400, 0x47, 0x7f, 0x9, [@generic={0x65, 0x5, "b21781976b042ffe723e3de240a7a82bd7278edcee3984b49bbb02da2eac7e124b618623fdc7a87b1486f5b0f43fe57bf881ae694dc135e4595805ba13df8e2c236cd8c1e8bee4e025525e6c86094c930d952b70eb917d9c7f6e367265bd133b5a72a5"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x2, 0x2}]}}, {{0x9, 0x5, 0x3, 0x0, 0x40, 0xc, 0x0, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xfd, 0x8}, @generic={0x1f, 0x6, "c166982471eccccb4662607a9db8c9659dd04b8f2cc39974353ec328ae"}]}}, {{0x9, 0x5, 0x2, 0x0, 0x3ff, 0x9, 0x7, 0x9}}, {{0x9, 0x5, 0x7, 0x0, 0x8, 0x8, 0x8b, 0x7, [@generic={0x42, 0x0, "a90140d436b4e523d846e7990672cccd28e4256c7925237cf96582fb23a8dcd9de41f2c21edfcbf515b6a7c75288f63485e9f97a526c5560b8de316f80fa1725"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x2, 0x3ff}]}}, {{0x9, 0x5, 0x2, 0x10, 0x10, 0xf6, 0x4, 0x42, [@generic={0x73, 0x11, "6b47533a0cf15c4ebc53dd2c883b27852f35f8ec138037b5412a657c5afecfffdd08d4f3ea40755ac9dc4e350d50b26c3cdb0b83b37c4664560c576d55eadefa1eca25790adb0adf0f580a63c31e765c979f002e4c149b8677e4478bab8ff5939de9acc3901469eb100f9d67b42e7d5901"}]}}, {{0x9, 0x5, 0xc, 0x0, 0x8, 0xa, 0x6, 0xa, [@generic={0x89, 0x24, "356288b3fb88e48a0ba952c3bc00d27ddfc9a5739e421d06d431f17df267361d01f170c9cf31d529a4ea72430e2fac4a7b3e90cec5fb321d86d8e5df63a050647fba28f263cdc093f0b5d88ad7b4e1cfbefd17c77003caa7ad21f4c44962e8debd20eaee314079e7e7f3f46bd797b910531a9aba9cc2f2c350547bf23d032e4cd7d7463d02477a"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x3, 0x5}]}}]}}, {{0x9, 0x4, 0x37, 0x8, 0x8, 0x32, 0x6, 0x88, 0x1, [@uac_control={{0xa, 0x24, 0x1, 0x8, 0x5}, [@feature_unit={0xf, 0x24, 0x6, 0x6, 0x4, 0x4, [0x7, 0x5, 0x2, 0x9], 0x4}, @input_terminal={0xc, 0x24, 0x2, 0x1, 0x204, 0x1, 0x6c, 0x100, 0x4, 0x1}, @mixer_unit={0x9, 0x24, 0x4, 0x4, 0x4, "8d7ccab5"}, @processing_unit={0x8, 0x24, 0x7, 0x3, 0x3, 0xa3, "fc"}, @feature_unit={0xf, 0x24, 0x6, 0x6, 0x3, 0x4, [0x5, 0x8, 0x4, 0x6], 0x7}]}], [{{0x9, 0x5, 0x5, 0x3, 0x3ff, 0x6, 0x6, 0xff}}, {{0x9, 0x5, 0x7, 0x0, 0x250, 0x9, 0x2, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x6, 0x2}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x1, 0x7}]}}, {{0x9, 0x5, 0xd, 0x2, 0x400, 0x7, 0x0, 0x50, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x1f, 0x7}, @generic={0x7c, 0x2, "40096762805d5c78c2bb04bee4147efb9ba055e13382666e1f167d3afb04ab7bef71365f1c3e8f0135ddd2c20c788b2019b4612619d6b8af4233e81ccb333f8712259bd59ec33a6043490f8c4c619e3dd4d98fd871164b9dd9d6bf80778c9613a4bc1f1e73485ee59635f7860da2be8cbefb597264c761799d16"}]}}, {{0x9, 0x5, 0x0, 0xc, 0x400, 0xed, 0x44, 0x1}}, {{0x9, 0x5, 0x6, 0x8, 0x20, 0xc9, 0x7f}}, {{0x9, 0x5, 0x2, 0xc, 0x20, 0x5, 0x1, 0xf}}, {{0x9, 0x5, 0xb, 0x2, 0x8, 0x6, 0x6, 0x7, [@generic={0x9c, 0xf, "942f050f455e03f83eea1be54cf1edde388b6d0f757e36beb6e00d8b70335e709c8fc7b49bb6fa052cf3e5f7ec5b1b83284afb71dc2559a17eeb8155aaebddd9b22fe5ce12b1376de3f1f27cecb22fea0d94d8392b4ddd736d3c023634ff260910b00ea5b497e4674ad58c4a12ee055770cd95df1b9a1f884121831bc027f885c4512dc6898daed1b8cfca79a60d5b17b0aad52d4014184e0eb8"}]}}, {{0x9, 0x5, 0x80, 0x2, 0x20, 0x1, 0x3, 0x5, [@generic={0x59, 0x37, "a6a75bcede1ce21e70b13c3a01ee336b68f3fd2b01d47134387d59605ef878d8a1874ca5d7d30f7a13d9c8597e2ce956e4c724c9b0b415ad6118ba30a655811ce72190373db1d77596481bc2057fc347c36088b25b82f6"}, @generic={0x89, 0x1, "95d6e46d38b05039a3b5dc730fc63e17c0b0b0398aa318aed70353a404bc0377764b5372d9492af2a51153bc4daa497913c31d35b89a6d46208dea0aa95f12d4d98135a989a1f03b35438fa157a6bb393da3479df278d63bb9ac6df9f9c814c1f654a5683ce06d9e61bf36228ede51ed289e917c2924ac24368f587869b6bf690dd920affb142b"}]}}]}}]}}]}}, &(0x7f0000000540)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x250, 0x9, 0x6, 0x5, 0x20, 0x2}, 0x7f, &(0x7f0000000340)={0x5, 0xf, 0x7f, 0x5, [@wireless={0xb, 0x10, 0x1, 0xc, 0x8, 0x6, 0x2, 0xe, 0x9}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x8, 0x4, 0xe}, @wireless={0xb, 0x10, 0x1, 0x1186d70df440637d, 0x4b, 0x3, 0xf0, 0x1, 0x8}, @generic={0x46, 0x10, 0x4, "69ff59214e8d68170a0ad5e74286c0a3653fc8bf782204a425198631b56cc6b0483924bef9f189cf52896a9e7b80ab3136f7b2e8d0911b6bca7b3339f862706c52bf29"}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "45340d0f4e1e093f9923329e016c9c0d"}]}, 0x2, [{0xfa, &(0x7f00000003c0)=@string={0xfa, 0x3, "19dab30ff13b26a0a837ee8d45b5a43d4e4fc15d7d3f629fe711aeb4c048401939c192ae69205038db1bedd4a19c2729e6527e07a9fd42e11a3d66f5cb31e192f405465993aee457c1395f95ccce0412753c2a54340bdaede646a977884cf1dfece61273f7f032bf677b2ce5f3f97bfa5565370a000f2322525049875ca27c8592b654add7abbc995232df8ec2503279b761cd6beea19a62530ef697443e588ad128832268dc159f9cf9c62ee4ceba47b0c3baa900e9ea0dd8b301e86aaab6c3fb15ac2db1d255dec8ce62a4c43204c809ead5f88395a17e298cbd43803caea9ac43065baadb455e708d87f5460db9e56682465f8d5fea96"}}, {0x9, &(0x7f0000000500)=ANY=[@ANYBLOB="09036d2223788b74"]}]}) syz_emit_ethernet(0x4c, &(0x7f0000000140)=ANY=[@ANYBLOB="99177fa54f29ece65fbcee5586dd60000002001611fffe8000000000000000000000000000bbfe8000000000000000000000000000aa00000e2200169078020300000000000030b00afe4e70"], 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000030428bd70020000000000000000", @ANYRES32=0x0, @ANYBLOB="b010040000000100200200ff7f0000000000000014000280080002000a01010106000e0006000000"], 0x40}, 0x1, 0xba01, 0x0, 0x4004}, 0x810) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r5, 0x0, 0x40000}, 0x18) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x800001, 0x0, 0x0, 0x0) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0xfffffffe}, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) 3.709217549s ago: executing program 2 (id=2471): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000080)=0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) open_by_handle_at(r2, &(0x7f0000000480)=ANY=[@ANYRESDEC, @ANYRESHEX=r2, @ANYRES32=r0], 0x6fd3d0b4f5cc8e94) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCSMRU(r5, 0x40047452, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24006000}, 0x488c0) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRESDEC], 0x7c}}, 0x1) r6 = signalfd(r3, &(0x7f0000000180)={[0x1b33d2db, 0x80000001]}, 0x8) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x55, 0x101, 0x870, {0x3, 0x1}, {0x41, 0x402}, @period={0x5c, 0x780, 0x10, 0x2, 0x5, {0x0, 0x0, 0x860, 0x5}, 0x4, &(0x7f0000000140)=[0x7, 0x7ff, 0x9, 0x7fff]}}) r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) syz_emit_ethernet(0x11c, &(0x7f0000000000)={@random="cf702e8cf675", @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0xe6, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @dev, [{0x2, 0x17, "703b744dc5c6a05fed0c0a28a5c04ec93b15911c51d9f1f265deed8eccd95784a601a0b0e6a4c3111b910f0173045fa2141e5b4595c5c99a9e655650a618f1e1b87d92c6bdc8822504781c5a026526818ceac3312187ff298ddd0b51e329a0555c732fabd5572626bc738bf5440cf57f442ac9bd7656e69c22df50f22d2bbe513c01be63f88b0536f418ebe0bf8f7e1c7ec73cf47ec436ed1d6060a46f881e8d701f56440e5259da2369e350ab54d342e18ac1fc323c56eee2eef13f"}]}}}}}}, 0x0) write$char_usb(r7, &(0x7f0000000040)="e2", 0x12d8) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x13, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vm(r8, 0x4018aee2, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000180)={0xac1d, 0x4}}) r9 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_ENUM_DV_TIMINGS(r9, 0xc0945662, &(0x7f0000000500)={0x1, 0x0, '\x00', {0x0, @bt={0xfffffff1, 0x8, 0x0, 0x0, 0xfff, 0x6, 0x280000, 0x3, 0x0, 0x5, 0xd, 0x9, 0x93f, 0x0, 0x4, 0x34, {0x4, 0xe2a4}, 0xca, 0x8}}}) ioctl$EVIOCGKEY(r7, 0x80404518, 0x0) ioctl$EVIOCSREP(r7, 0x40084503, &(0x7f0000000100)=[0xe16b, 0x4]) sendmsg$IPCTNL_MSG_CT_DELETE(r6, &(0x7f00000002c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x41) 3.38978599s ago: executing program 2 (id=2472): socket$can_raw(0x1d, 0x3, 0x1) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) syz_emit_ethernet(0x1a, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x4000000000002) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x13, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207baaf8ff00000000bda107000000000007010000f8ffffffb702000008000000b703000000000000850000000500000018010000202070250000000000202020c31af8ff00000000bfa100000000000007010000b8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x15) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="71756f7461c667727071756f74615f626c6f636b5f68646c69"]) read$FUSE(r4, &(0x7f0000000300)={0x2020}, 0x2020) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000380)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r6, 0x2}}, 0x18) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) socket$inet(0x2, 0x4000000000080001, 0x0) 2.344051098s ago: executing program 1 (id=2474): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)="d800000018008111e00212ba0d8105040a020000030f000b067c55a1bc000900b80006990e00000015000500fe808178a8001500030001400200000901ac040000d67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92", 0xb7}, {&(0x7f00000000c0)="38e3c9cd0ccb3770cc45b415fd812b54b056e4d73829624011", 0x19}], 0x2}, 0x0) r3 = syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2) prctl$PR_SET_SECUREBITS(0x1c, 0x0) syz_usb_disconnect(0xffffffffffffffff) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)='R', 0x1}], 0x1) syz_io_uring_setup(0x238, &(0x7f0000000740)={0x0, 0xe950, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r7 = accept4(r6, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc04c560f, &(0x7f0000001c00)=@overlay={0x5, 0x2, 0x4, 0x1, 0x1000, {0x77359400}, {0x1, 0x8, 0x8, 0x6, 0x0, 0x81, "daf6f826"}, 0xfff, 0x3, {}, 0x3, 0x0, r1}) recvmmsg(r6, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000100)=""/31, 0x1f}, {&(0x7f0000001d80)=""/71, 0x47}, {&(0x7f0000000340)=""/136, 0x88}, {&(0x7f0000001400)=""/234, 0xea}], 0x4, &(0x7f0000001540)=""/220, 0xdc}, 0x5}, {{&(0x7f0000001640)=@x25, 0x80, &(0x7f00000018c0)=[{&(0x7f00000016c0)=""/255, 0xff}, {&(0x7f00000017c0)=""/139, 0x8b}, {&(0x7f0000001880)=""/3, 0x3}], 0x3, &(0x7f0000001900)=""/47, 0x2f}, 0x37}, {{&(0x7f0000001940)=@pppoe={0x18, 0x0, {0x0, @multicast}}, 0x80, &(0x7f0000001a40)=[{&(0x7f00000019c0)}, {&(0x7f0000001a00)=""/17, 0x11}], 0x2, &(0x7f0000001a80)=""/183, 0xb7}, 0x4}], 0x3, 0x0, &(0x7f0000001bc0)) getdents(0xffffffffffffffff, &(0x7f0000000080)=""/48, 0x30) pipe2(&(0x7f0000001d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80040) r10 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000001cc0), 0x218000, 0x0) renameat(r8, &(0x7f0000001c80)='./file0\x00', r10, &(0x7f0000001d00)='./file0\x00') recvmmsg(r7, &(0x7f0000000700)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000180)=""/151, 0x97}, {&(0x7f0000000240)=""/32, 0x20}], 0x2}}], 0x2, 0x0, 0x0) io_uring_enter(r9, 0x2002deb, 0x5f8b, 0x32, 0x0, 0xfffffffffffffc1b) r11 = userfaultfd(0x1) recvmsg$kcm(r7, 0x0, 0x40000000) ioctl$UFFDIO_API(r11, 0xc018aa3f, &(0x7f00000000c0)) socket$igmp6(0xa, 0x3, 0x2) readv(r11, &(0x7f00000001c0)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1) 2.197565175s ago: executing program 2 (id=2475): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x74) bind$tipc(r0, &(0x7f0000000180)=@name={0x1e, 0x2, 0x3, {{0x42, 0x2}, 0x4}}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='timers\x00') connect$bt_l2cap(r1, &(0x7f0000000180)={0x1f, 0x9, @any, 0xfff, 0x1}, 0xe) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_GET(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)={0x30, r6, 0x1, 0x0, 0xffffffff, {0x7}, [@L2TP_ATTR_IFNAME={0x14}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0xff}]}, 0x30}}, 0x0) renameat2(r2, &(0x7f0000000140)='./file0\x00', r2, &(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) read$FUSE(r2, &(0x7f00000045c0)={0x2020}, 0x2020) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) 2.089927491s ago: executing program 2 (id=2476): add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000140)="1e4ea861a32adce984fdbf4447738b1392e54d8a321302485cdea2e2c2e43ea34fb9fa393e1a700f7b56c748316f884115dfbcd8821408d520b082c92b07211607bfa709ab2d1b2b6c60d5a653589679a47890164328a8af07591a0f54a3be1a50e74ac07cabefca074718936189fd39c807da8bf8851ffacaa1fc516894c5170e37d77500a6f76d", 0x88, 0xfffffffffffffffa) syz_emit_ethernet(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085000000080000"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f00006c6000/0x400000)=nil, &(0x7f0000685000/0x4000)=nil, 0x400000, 0x0, 0x18100}) 1.868119417s ago: executing program 2 (id=2477): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000480)={{}, 'syz0\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/devices\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000002340)={0x2020}, 0x2020) socket$inet6_sctp(0xa, 0x1, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x10001, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r2, 0xc02c564a, &(0x7f0000000080)={0xfffffff8, 0x43353039, 0x3, @stepwise={0x5, 0xffff, 0x8000, 0xc5, 0x10001, 0x2}}) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, 0x0, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8911, &(0x7f0000000280)={'vxcan1\x00', @ifru_addrs=@sco}) ioperm(0x0, 0x6, 0x2da3b9f3) timer_create(0x38b88a1f4391e3f6, 0x0, 0x0) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000000)={0x27}, 0x62) (fail_nth: 1) r7 = socket$nl_route(0x10, 0x3, 0x0) mknodat$null(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x2000, 0x103) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010025bd70000600000001"], 0x30}, 0x1, 0x0, 0x0, 0x4880}, 0x40090) sendmsg$nl_route(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=ANY=[], 0x44}}, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c8098000"}) openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) 1.679676746s ago: executing program 3 (id=2478): madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf) socket$phonet_pipe(0x23, 0x5, 0x2) socket$inet6(0xa, 0x3, 0x3a) syz_open_procfs(0x0, &(0x7f0000000240)='fdinfo/3\x00') close(0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd74) mkdir(&(0x7f0000000140)='./file0\x00', 0x12) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="64796e2c0072e8c40f1fb620707bfd5a02af870c1208bd33d92b0e057dfde2cc6682c36c04ebce5faa444e2de1bb5423e396cfdcd909e7b2"]) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x2, 0x80) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) prctl$PR_CAPBSET_READ(0x17, 0x22) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x4c880, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x109442, 0x0) dup(r3) mmap(&(0x7f0000aa8000/0x1000)=nil, 0x1000, 0x1000002, 0x50, r2, 0xfffff01e) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) r6 = openat$cuse(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) splice(r5, 0x0, r6, 0x0, 0x7fff, 0x6) syz_open_procfs(0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) 1.409928661s ago: executing program 2 (id=2479): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000080)=0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) open_by_handle_at(r2, &(0x7f0000000480)=ANY=[@ANYRESDEC, @ANYRESHEX=r2, @ANYRES32=r0], 0x6fd3d0b4f5cc8e94) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCSMRU(r5, 0x40047452, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24006000}, 0x488c0) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRESDEC], 0x7c}}, 0x1) r6 = signalfd(r3, &(0x7f0000000180)={[0x1b33d2db, 0x80000001]}, 0x8) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x55, 0x101, 0x870, {0x3, 0x1}, {0x41, 0x402}, @period={0x5c, 0x780, 0x10, 0x2, 0x5, {0x0, 0x0, 0x860, 0x5}, 0x4, &(0x7f0000000140)=[0x7, 0x7ff, 0x9, 0x7fff]}}) r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) syz_emit_ethernet(0x11c, &(0x7f0000000000)={@random="cf702e8cf675", @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0xe6, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @dev, [{0x2, 0x17, "703b744dc5c6a05fed0c0a28a5c04ec93b15911c51d9f1f265deed8eccd95784a601a0b0e6a4c3111b910f0173045fa2141e5b4595c5c99a9e655650a618f1e1b87d92c6bdc8822504781c5a026526818ceac3312187ff298ddd0b51e329a0555c732fabd5572626bc738bf5440cf57f442ac9bd7656e69c22df50f22d2bbe513c01be63f88b0536f418ebe0bf8f7e1c7ec73cf47ec436ed1d6060a46f881e8d701f56440e5259da2369e350ab54d342e18ac1fc323c56eee2eef13f"}]}}}}}}, 0x0) write$char_usb(r7, &(0x7f0000000040)="e2", 0x12d8) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x13, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vm(r8, 0x4018aee2, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000180)={0xac1d, 0x4}}) r9 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_ENUM_DV_TIMINGS(r9, 0xc0945662, &(0x7f0000000500)={0x1, 0x0, '\x00', {0x0, @bt={0xfffffff1, 0x8, 0x0, 0x0, 0xfff, 0x6, 0x280000, 0x3, 0x0, 0x5, 0xd, 0x9, 0x93f, 0x0, 0x4, 0x34, {0x4, 0xe2a4}, 0xca, 0x8}}}) ioctl$EVIOCGKEY(r7, 0x80404518, 0x0) ioctl$EVIOCSREP(r7, 0x40084503, &(0x7f0000000100)=[0xe16b, 0x4]) sendmsg$IPCTNL_MSG_CT_DELETE(r6, &(0x7f00000002c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x41) 1.134931333s ago: executing program 3 (id=2480): socket$can_raw(0x1d, 0x3, 0x1) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) syz_emit_ethernet(0x1a, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x4000000000002) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x13, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207baaf8ff00000000bda107000000000007010000f8ffffffb702000008000000b703000000000000850000000500000018010000202070250000000000202020c31af8ff00000000bfa100000000000007010000b8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x15) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="71756f7461c667727071756f74615f626c6f636b5f68646c69"]) read$FUSE(r4, &(0x7f0000000300)={0x2020}, 0x2020) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000380)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), 0xffffffffffffffff, 0x2}}, 0x18) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) socket$inet(0x2, 0x4000000000080001, 0x0) 938.041232ms ago: executing program 1 (id=2481): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000006200)='./bus\x00', &(0x7f0000000000), 0x4002, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x11a) mknodat(r0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43) (fail_nth: 1) 784.99723ms ago: executing program 1 (id=2482): r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x145040, 0x0) r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x42}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x4}}}]}, 0x38}}, 0x6044850) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x42}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x4}}}]}, 0x38}}, 0x6044850) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0xff8e}}, 0x40) ioctl$CDROM_DEBUG(r0, 0x5330, 0x0) (async) ioctl$CDROM_DEBUG(r0, 0x5330, 0x0) ioctl$CDROM_LOCKDOOR(r1, 0x5329, 0x1) 689.555739ms ago: executing program 1 (id=2483): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$TCFLSH(r2, 0x400455c8, 0x2) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x3, 0x0) add_key(&(0x7f0000000ac0)='asymmetric\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000380), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000b40)='./file1\x00', 0x0, 0x100, 0x12345}) r7 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0x0, 0x10, 0x1, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffff9, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x0, 0x0}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, 0x0, 0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r7, 0x47bc, 0x0, 0x21, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0) 200.053908ms ago: executing program 1 (id=2484): add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000140)="1e4ea861a32adce984fdbf4447738b1392e54d8a321302485cdea2e2c2e43ea34fb9fa393e1a700f7b56c748316f884115dfbcd8821408d520b082c92b07211607bfa709ab2d1b2b6c60d5a653589679a47890164328a8af07591a0f54a3be1a50e74ac07cabefca074718936189fd39c807da8bf8851ffacaa1fc516894c5170e37d77500a6f76d", 0x88, 0xfffffffffffffffa) syz_emit_ethernet(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085000000080000"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f00006c6000/0x400000)=nil, &(0x7f0000685000/0x4000)=nil, 0x400000, 0x0, 0x18100}) 0s ago: executing program 1 (id=2485): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x100, 0x4, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x2b, 0x83, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x7}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x804) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff}) sendmmsg$inet(r3, &(0x7f0000001540)=[{{0x0, 0x5b, 0x0}}], 0x581a58385c57f9f, 0x20000001) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000003e000701feffffff00000000017c0000040042800c00018006000600800a00000800028004001280da15ff25f0d8e4847c21a39e5b0ec321f1539cd0fc5520872624fbc3315b09df4a9ff11f75808c85f0894c0e8315363d0780cff1466ea03aff6fa958e7c38d5ff9ae42575237a20212f8467df08b67db2cc02dc94075a2699e1fe132b7bb405bbec22a32bb5085783d19b52645c4840c6ff426d5e4d3cac5ad50f709c18e015876b08aed035d0efe8b"], 0x2c}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) openat$nullb(0xffffff9c, &(0x7f00000000c0), 0x224400, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0) io_setup(0x4007, &(0x7f0000000300)=0x0) pipe2$9p(&(0x7f0000000280), 0x84800) r6 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) io_submit(r5, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r6, &(0x7f00000000c0)="01", 0x24}]) kernel console output (not intermixed with test programs): 372.856613][ T5979] usblp0: removed [ 372.928406][T11640] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 372.929427][T11639] IPVS: stopping backup sync thread 11640 ... [ 373.411749][T11644] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1514'. [ 373.832650][T11660] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 375.534167][ T5979] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 375.687041][ T5979] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 375.690801][ T5979] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 375.694913][ T5979] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 375.701609][ T5979] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 375.705350][ T5979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.708414][ T5979] usb 5-1: Product: syz [ 375.710123][ T5979] usb 5-1: Manufacturer: syz [ 375.711971][ T5979] usb 5-1: SerialNumber: syz [ 375.717298][T11673] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 375.929830][ T5979] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 22 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 375.981287][T11681] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 375.982226][T11680] IPVS: stopping backup sync thread 11681 ... [ 376.131401][ C3] usblp0: nonzero read bulk status received: -71 [ 376.136550][T11673] usblp0: error -71 reading from printer [ 376.139321][ C3] usblp0: nonzero read bulk status received: -71 [ 376.144606][ T5979] usb 5-1: USB disconnect, device number 22 [ 376.149767][ T5979] usblp0: removed [ 376.335563][T11685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1525'. [ 378.887596][T11721] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 379.377850][T11725] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 379.382541][T11724] IPVS: stopping backup sync thread 11725 ... [ 379.546602][ T61] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 379.682188][T11733] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1539'. [ 379.718968][ T61] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 379.723390][ T61] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 379.729116][ T61] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 379.748043][ T61] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 379.750912][ T61] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.757073][ T61] usb 5-1: Product: syz [ 379.759362][ T61] usb 5-1: Manufacturer: syz [ 379.761665][ T61] usb 5-1: SerialNumber: syz [ 379.781288][T11723] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 379.988789][ T61] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 23 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 380.189493][ C3] usblp0: nonzero read bulk status received: -71 [ 380.192436][T11723] usblp0: error -71 reading from printer [ 380.195058][ C3] usblp0: nonzero read bulk status received: -71 [ 380.200339][ T61] usb 5-1: USB disconnect, device number 23 [ 380.205739][ T61] usblp0: removed [ 382.128522][T11761] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 382.509066][T11763] hid-generic 0003:0627:0001.0001: pid 11763 passed too short report [ 382.707312][T11773] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 383.137173][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.084115][ T5980] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 384.236928][ T5980] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 384.240171][ T5980] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 384.243215][ T5980] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 384.248130][ T5980] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 384.251033][ T5980] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.253587][ T5980] usb 7-1: Product: syz [ 384.255079][ T5980] usb 7-1: Manufacturer: syz [ 384.256623][ T5980] usb 7-1: SerialNumber: syz [ 384.260519][T11795] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 384.479841][ T5980] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 31 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 384.705260][ C3] usblp0: nonzero read bulk status received: -71 [ 384.708472][T11795] usblp0: error -71 reading from printer [ 384.711057][ C3] usblp0: nonzero read bulk status received: -71 [ 384.715805][ T5979] usb 7-1: USB disconnect, device number 31 [ 384.724161][ T5979] usblp0: removed [ 386.054280][T11808] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 386.102799][T11818] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 387.881935][T11842] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 388.084128][ T6002] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 389.126720][ T6002] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 389.129690][ T6002] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 389.132529][ T6002] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 389.146382][ T6002] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 389.149125][ T6002] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.151620][ T6002] usb 7-1: Product: syz [ 389.152973][ T6002] usb 7-1: Manufacturer: syz [ 389.154750][ T6002] usb 7-1: SerialNumber: syz [ 389.158156][T11837] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 389.373966][ T6002] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 32 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 389.566995][ C3] usblp0: nonzero read bulk status received: -71 [ 389.569164][T11837] usblp0: error -71 reading from printer [ 389.571351][ C1] usblp0: nonzero read bulk status received: -71 [ 389.574230][ T5979] usb 7-1: USB disconnect, device number 32 [ 389.581373][ T5979] usblp0: removed [ 389.844074][ C0] vkms_vblank_simulate: vblank timer overrun [ 389.904086][ C0] vkms_vblank_simulate: vblank timer overrun [ 390.970778][T11869] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 392.143773][T11880] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 392.153480][T11879] IPVS: stopping backup sync thread 11880 ... [ 392.441334][T11890] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.1579'. [ 393.260390][T11900] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 393.261418][T11899] IPVS: stopping backup sync thread 11900 ... [ 393.504194][ T6212] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 393.695942][ T6212] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 393.698962][ T6212] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 393.784798][ T6212] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 393.826986][ T6212] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 393.834192][ T6212] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.836643][ T6212] usb 5-1: Product: syz [ 393.837953][ T6212] usb 5-1: Manufacturer: syz [ 393.839401][ T6212] usb 5-1: SerialNumber: syz [ 393.861663][T11898] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 394.082281][ T6212] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 24 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 394.280928][ C0] usblp0: nonzero read bulk status received: -71 [ 394.283227][T11898] usblp0: error -71 reading from printer [ 394.285515][ C0] usblp0: nonzero read bulk status received: -71 [ 394.287939][ T6212] usb 5-1: USB disconnect, device number 24 [ 394.292791][ T6212] usblp0: removed [ 394.947778][T11932] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.1589'. [ 396.684376][ T5980] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 396.855599][ T5980] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 396.858679][ T5980] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 396.861843][ T5980] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 396.867277][ T5980] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 396.870105][ T5980] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 396.872666][ T5980] usb 7-1: Product: syz [ 396.874011][ T5980] usb 7-1: Manufacturer: syz [ 396.875690][ T5980] usb 7-1: SerialNumber: syz [ 396.907162][T11962] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 397.113590][ T5980] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 33 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 397.314979][ C3] usblp0: nonzero read bulk status received: -71 [ 397.318267][T11962] usblp0: error -71 reading from printer [ 397.321110][ C3] usblp0: nonzero read bulk status received: -71 [ 397.329384][ T5979] usb 7-1: USB disconnect, device number 33 [ 397.337299][ T5979] usblp0: removed [ 397.464340][T11969] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 397.587875][T11978] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.1599'. [ 400.411986][T12025] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.1610'. [ 400.504120][ T34] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 400.679855][T12035] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 400.691224][ T34] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 400.701038][ T34] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 400.708841][ T34] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 400.713754][ T34] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 400.717241][ T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.719943][ T34] usb 6-1: Product: syz [ 400.721310][ T34] usb 6-1: Manufacturer: syz [ 400.722779][ T34] usb 6-1: SerialNumber: syz [ 400.726607][T12018] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 400.939009][ T34] usblp 6-1:1.0: usblp0: USB Bidirectional printer dev 26 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 401.136475][ C1] usblp0: nonzero read bulk status received: -71 [ 401.139275][T12018] usblp0: error -71 reading from printer [ 401.141418][ C0] usblp0: nonzero read bulk status received: -71 [ 401.143966][ T5978] usb 6-1: USB disconnect, device number 26 [ 401.152884][ T5978] usblp0: removed [ 404.647826][T12086] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 404.755012][ T34] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 404.906048][ T34] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 404.909233][ T34] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 404.913666][ T34] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 404.920360][ T34] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 404.923347][ T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.926285][ T34] usb 5-1: Product: syz [ 404.927702][ T34] usb 5-1: Manufacturer: syz [ 404.929165][ T34] usb 5-1: SerialNumber: syz [ 404.934185][T12084] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 405.144110][ T34] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 25 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 405.340318][ C0] usblp0: nonzero read bulk status received: -71 [ 405.344181][T12084] usblp0: error -71 reading from printer [ 405.349820][ C1] usblp0: nonzero read bulk status received: -71 [ 405.352948][ T4241] usb 5-1: USB disconnect, device number 25 [ 405.372622][ T4241] usblp0: removed [ 407.537802][T12123] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.1635'. [ 408.178764][T12142] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 409.354736][T12145] hid-generic 0003:0627:0001.0001: pid 12145 passed too short report [ 409.879812][T12159] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 409.879945][T12155] IPVS: stopping backup sync thread 12159 ... [ 410.585593][T12171] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 410.857021][T12174] IPVS: stopping backup sync thread 11842 ... [ 411.336077][T12183] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.1647'. [ 412.734279][ T5979] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 412.965323][ T5979] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 412.968510][ T5979] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 412.972020][ T5979] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 412.977050][ T5979] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 412.979900][ T5979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.982386][ T5979] usb 5-1: Product: syz [ 412.983720][ T5979] usb 5-1: Manufacturer: syz [ 412.985395][ T5979] usb 5-1: SerialNumber: syz [ 412.988747][T12203] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 413.060944][T12208] hid-generic 0003:0627:0001.0001: pid 12208 passed too short report [ 413.206062][ T5979] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 26 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 413.401279][ C3] usblp0: nonzero read bulk status received: -71 [ 413.403390][T12203] usblp0: error -71 reading from printer [ 413.405719][ C2] usblp0: nonzero read bulk status received: -71 [ 413.408170][ T5979] usb 5-1: USB disconnect, device number 26 [ 413.413620][ T5979] usblp0: removed [ 413.787432][T12221] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 413.789149][T12210] IPVS: stopping backup sync thread 12221 ... [ 416.615691][ T34] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 416.775387][ T34] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 416.778534][ T34] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 416.781571][ T34] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 416.786591][ T34] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 416.790415][ T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.793679][ T34] usb 7-1: Product: syz [ 416.795848][ T34] usb 7-1: Manufacturer: syz [ 416.797778][ T34] usb 7-1: SerialNumber: syz [ 416.802417][T12259] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 417.008800][ T34] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 34 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 417.209971][ C3] usblp0: nonzero read bulk status received: -71 [ 417.212186][T12259] usblp0: error -71 reading from printer [ 417.214138][ C3] usblp0: nonzero read bulk status received: -71 [ 417.217109][ T34] usb 7-1: USB disconnect, device number 34 [ 417.221765][ T34] usblp0: removed [ 417.539490][T12270] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 417.541612][T12269] IPVS: stopping backup sync thread 12270 ... [ 417.805574][T12280] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1671'. [ 417.937351][T12272] hid-generic 0003:0627:0001.0001: pid 12272 passed too short report [ 420.255657][ T34] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 420.405789][ T34] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 420.409982][ T34] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 420.413661][ T34] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 420.422715][ T34] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 420.426526][ T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.429865][ T34] usb 5-1: Product: syz [ 420.435998][ T34] usb 5-1: Manufacturer: syz [ 420.438537][ T34] usb 5-1: SerialNumber: syz [ 420.445704][T12310] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 420.453129][T12323] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 420.453279][T12312] IPVS: stopping backup sync thread 12323 ... [ 420.652330][ T34] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 27 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 420.852188][ C3] usblp0: nonzero read bulk status received: -71 [ 420.854385][T12310] usblp0: error -71 reading from printer [ 420.856484][ C1] usblp0: nonzero read bulk status received: -71 [ 420.858844][ T6002] usb 5-1: USB disconnect, device number 27 [ 420.862671][ T6002] usblp0: removed [ 421.939923][T12333] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 423.321711][T12359] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 423.824449][T12365] IPVS: stopping backup sync thread 12366 ... [ 426.313657][T12384] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 426.440290][T12392] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1702'. [ 427.520384][T12409] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 427.520610][T12405] IPVS: stopping backup sync thread 12409 ... [ 428.519373][T12426] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 428.521892][T12425] IPVS: stopping backup sync thread 12426 ... [ 429.973159][T12443] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 429.973493][T12442] IPVS: stopping backup sync thread 12443 ... [ 431.007424][T12453] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 431.068599][T12457] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 431.257072][T12461] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 431.258720][T12460] IPVS: stopping backup sync thread 12461 ... [ 432.046003][T12469] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1722'. [ 432.664959][T12475] hid-generic 0003:0627:0001.0001: pid 12475 passed too short report [ 433.974469][T12493] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.1726'. [ 434.873554][T12505] IPVS: stopping backup sync thread 12507 ... [ 434.874357][T12507] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 435.674214][ T6002] usb 7-1: new high-speed USB device number 35 using dummy_hcd [ 437.195386][ T6002] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 437.198367][ T6002] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 437.201493][ T6002] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 437.206134][ T6002] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 437.209168][ T6002] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.211894][ T6002] usb 7-1: Product: syz [ 437.213391][ T6002] usb 7-1: Manufacturer: syz [ 437.215170][ T6002] usb 7-1: SerialNumber: syz [ 437.218639][T12511] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 437.337373][T12529] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 437.342769][T12512] IPVS: stopping backup sync thread 12529 ... [ 437.969493][ T6002] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 35 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 437.975986][ T6002] usb 7-1: USB disconnect, device number 35 [ 437.984941][ T6002] usblp0: removed [ 438.532933][T12543] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 439.875194][T12559] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 440.845984][T12563] hid-generic 0003:0627:0001.0001: pid 12563 passed too short report [ 440.878658][T12570] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 440.880108][T12569] IPVS: stopping backup sync thread 12570 ... [ 441.998059][T12587] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 442.048294][ T6002] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 442.262952][ T6002] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 442.271777][ T6002] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 442.294768][ T6002] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 442.306105][ T6002] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 442.308907][ T6002] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 442.311408][ T6002] usb 5-1: Product: syz [ 442.312733][ T6002] usb 5-1: Manufacturer: syz [ 442.316424][ T6002] usb 5-1: SerialNumber: syz [ 442.335054][T12573] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 442.350108][T12592] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 442.350206][T12591] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 442.568149][ T6002] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 28 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 442.744125][ C3] usblp0: nonzero read bulk status received: -71 [ 442.746307][T12573] usblp0: error -71 reading from printer [ 442.748278][ C3] usblp0: nonzero read bulk status received: -71 [ 442.750753][ T34] usb 5-1: USB disconnect, device number 28 [ 442.763312][ T34] usblp0: removed [ 443.412274][T12600] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 444.466647][T12615] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 444.577999][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.051679][T12638] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.1759'. [ 446.091288][T12629] hid-generic 0003:0627:0001.0001: pid 12629 passed too short report [ 446.294102][ T60] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 446.389644][T12640] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 446.459962][ T60] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 446.470106][ T60] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 446.473452][ T60] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 446.502756][ T60] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 446.515312][ T60] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.517886][ T60] usb 6-1: Product: syz [ 446.519252][ T60] usb 6-1: Manufacturer: syz [ 446.520799][ T60] usb 6-1: SerialNumber: syz [ 446.528838][T12635] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 446.741203][ T60] usblp 6-1:1.0: usblp0: USB Bidirectional printer dev 27 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 446.760440][T12648] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1763'. [ 446.938131][ C1] usblp0: nonzero read bulk status received: -71 [ 446.940742][T12635] usblp0: error -71 reading from printer [ 446.943267][ C0] usblp0: nonzero read bulk status received: -71 [ 446.946364][ T60] usb 6-1: USB disconnect, device number 27 [ 446.952026][ T60] usblp0: removed [ 447.133962][T12655] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.1764'. [ 447.737495][T12658] hid-generic 0003:0627:0001.0001: pid 12658 passed too short report [ 447.767285][T12668] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 449.668368][T12693] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1772'. [ 449.881063][T12700] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.1771'. [ 450.115959][T12702] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 450.942267][T12713] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 451.086220][T12718] hid-generic 0003:0627:0001.0001: pid 12718 passed too short report [ 452.130083][T12736] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1782'. [ 452.179325][T12738] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1783'. [ 454.793516][T12769] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 454.795641][T12768] IPVS: stopping backup sync thread 12769 ... [ 454.905457][T12772] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.1789'. [ 455.262459][T12777] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 455.565313][T12778] hid-generic 0003:0627:0001.0001: pid 12778 passed too short report [ 457.229419][T12801] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 459.771362][T12818] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 459.905540][T12827] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 460.310157][T12850] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.1805'. [ 460.378622][T12842] hid-generic 0003:0627:0001.0001: pid 12842 passed too short report [ 460.862950][T12865] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 461.037854][T12862] lo speed is unknown, defaulting to 1000 [ 461.050747][T12870] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.1807'. [ 462.153159][T12888] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 462.364424][T12890] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 462.701642][T12893] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1813'. [ 463.203982][T12907] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 463.247056][T12908] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.1816'. [ 463.344267][ T34] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 463.515575][ T34] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 463.518676][ T34] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 463.521632][ T34] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 463.529565][ T34] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 463.532359][ T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.534980][ T34] usb 6-1: Product: syz [ 463.536868][ T34] usb 6-1: Manufacturer: syz [ 463.538983][ T34] usb 6-1: SerialNumber: syz [ 463.547058][T12900] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 463.752985][ T34] usblp 6-1:1.0: usblp0: USB Bidirectional printer dev 28 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 463.901904][T12911] hid-generic 0003:0627:0001.0001: pid 12911 passed too short report [ 463.952556][ C3] usblp0: nonzero read bulk status received: -71 [ 463.954779][T12900] usblp0: error -71 reading from printer [ 463.956739][ C3] usblp0: nonzero read bulk status received: -71 [ 463.961639][ T34] usb 6-1: USB disconnect, device number 28 [ 463.965331][ T34] usblp0: removed [ 464.247464][T12929] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 465.789748][T12950] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.1826'. [ 466.654214][ T4241] usb 7-1: new high-speed USB device number 36 using dummy_hcd [ 466.709310][T12969] hid-generic 0003:0627:0001.0001: pid 12969 passed too short report [ 466.785403][T12974] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 466.806437][ T4241] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 466.809452][ T4241] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 466.812699][ T4241] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 466.888920][ T4241] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 466.891851][ T4241] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.894518][ T4241] usb 7-1: Product: syz [ 466.895859][ T4241] usb 7-1: Manufacturer: syz [ 466.898171][ T4241] usb 7-1: SerialNumber: syz [ 466.911466][T12964] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 467.135437][ T4241] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 36 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 467.326967][ C2] usblp0: nonzero read bulk status received: -71 [ 467.329445][T12964] usblp0: error -71 reading from printer [ 467.331841][ C2] usblp0: nonzero read bulk status received: -71 [ 467.335404][ T2296] usb 7-1: USB disconnect, device number 36 [ 467.341136][ T2296] usblp0: removed [ 467.495198][T12978] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 467.774215][ T4241] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 467.904114][ T4241] usb 6-1: device descriptor read/64, error -71 [ 468.129652][T12988] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 468.156423][ T4241] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 468.475002][ T4241] usb 6-1: device descriptor read/64, error -71 [ 468.605768][ T4241] usb usb6-port1: attempt power cycle [ 468.975057][ T4241] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 468.997646][ T4241] usb 6-1: device descriptor read/8, error -71 [ 469.284878][ T4241] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 469.315317][ T4241] usb 6-1: device descriptor read/8, error -71 [ 469.424831][ T4241] usb usb6-port1: unable to enumerate USB device [ 470.333539][T13014] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 470.335421][T13013] IPVS: stopping backup sync thread 13014 ... [ 471.258885][T13020] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 471.654520][ T34] usb 7-1: new high-speed USB device number 37 using dummy_hcd [ 472.014268][ T34] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 472.018306][ T34] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 472.022381][ T34] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 472.136233][ T34] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 472.139145][ T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.141672][ T34] usb 7-1: Product: syz [ 472.143029][ T34] usb 7-1: Manufacturer: syz [ 472.144590][ T34] usb 7-1: SerialNumber: syz [ 472.153593][T13027] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 472.363080][ T34] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 37 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 472.402123][T13042] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 472.559543][ C2] usblp0: nonzero read bulk status received: -71 [ 472.562143][T13027] usblp0: error -71 reading from printer [ 472.564940][ C2] usblp0: nonzero read bulk status received: -71 [ 472.568088][T11756] usb 7-1: USB disconnect, device number 37 [ 472.576690][T11756] usblp0: removed [ 474.021014][ T5981] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 474.334206][ T5981] usb 5-1: device descriptor read/64, error -71 [ 474.565769][T13071] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1856'. [ 474.574256][ T5981] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 474.724181][ T5981] usb 5-1: device descriptor read/64, error -71 [ 474.834770][ T5981] usb usb5-port1: attempt power cycle [ 475.246448][ T5981] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 475.274956][ T5981] usb 5-1: device descriptor read/8, error -71 [ 475.544425][ T5981] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 475.574851][ T5981] usb 5-1: device descriptor read/8, error -71 [ 475.684510][ T5981] usb usb5-port1: unable to enumerate USB device [ 475.722364][T13093] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.1858'. [ 475.858321][T13097] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.1859'. [ 476.459554][T13108] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.1861'. [ 476.484326][ T5981] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 476.635460][ T5981] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 476.638453][ T5981] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 476.641465][ T5981] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 476.648161][ T5981] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 476.651066][ T5981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.653525][ T5981] usb 5-1: Product: syz [ 476.655022][ T5981] usb 5-1: Manufacturer: syz [ 476.656487][ T5981] usb 5-1: SerialNumber: syz [ 476.660216][T13100] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 476.930976][ T5981] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 33 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 477.096981][ C2] usblp0: nonzero read bulk status received: -71 [ 477.099934][T13100] usblp0: error -71 reading from printer [ 477.102502][ C2] usblp0: nonzero read bulk status received: -71 [ 477.108232][ T2296] usb 5-1: USB disconnect, device number 33 [ 477.118499][ T2296] usblp0: removed [ 477.803548][T13127] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 478.394280][ T5979] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 478.544141][ T5979] usb 5-1: device descriptor read/64, error -71 [ 478.794248][ T5979] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 478.944172][ T5979] usb 5-1: device descriptor read/64, error -71 [ 479.056542][ T5979] usb usb5-port1: attempt power cycle [ 479.394196][ T5979] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 479.426854][ T5979] usb 5-1: device descriptor read/8, error -71 [ 479.674130][ T5979] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 479.694843][ T5979] usb 5-1: device descriptor read/8, error -71 [ 479.805828][ T5979] usb usb5-port1: unable to enumerate USB device [ 480.510593][T13152] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.1872'. [ 481.212667][T13171] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.1875'. [ 481.244377][T13159] hid-generic 0003:0627:0001.0001: pid 13159 passed too short report [ 481.834423][ T2296] usb 7-1: new high-speed USB device number 38 using dummy_hcd [ 481.995496][ T2296] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 481.999510][ T2296] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 482.002560][ T2296] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 482.009225][ T2296] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 482.011992][ T2296] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.014759][ T2296] usb 7-1: Product: syz [ 482.016092][ T2296] usb 7-1: Manufacturer: syz [ 482.017639][ T2296] usb 7-1: SerialNumber: syz [ 482.024862][T13175] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 482.234154][ T2296] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 38 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 482.388956][T13185] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.1879'. [ 482.438256][ C2] usblp0: nonzero read bulk status received: -71 [ 482.441755][T13175] usblp0: error -71 reading from printer [ 482.451297][ C2] usblp0: nonzero read bulk status received: -71 [ 482.457651][ T2296] usb 7-1: USB disconnect, device number 38 [ 482.479548][ T2296] usblp0: removed [ 483.206054][T13197] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 483.464226][ T2296] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 483.607437][ T2296] usb 5-1: device descriptor read/64, error -71 [ 483.844228][ T2296] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 483.984229][ T2296] usb 5-1: device descriptor read/64, error -71 [ 484.097601][ T2296] usb usb5-port1: attempt power cycle [ 484.113193][T13213] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.1887'. [ 484.431492][T13218] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1889'. [ 484.444126][ T2296] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 484.465068][ T2296] usb 5-1: device descriptor read/8, error -71 [ 484.994242][ T2296] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 485.014601][ T2296] usb 5-1: device descriptor read/8, error -71 [ 485.124540][ T2296] usb usb5-port1: unable to enumerate USB device [ 485.784179][T13234] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 485.815238][ T5979] usb 7-1: new high-speed USB device number 39 using dummy_hcd [ 485.986764][ T5979] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 485.989683][ T5979] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 485.992556][ T5979] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 485.997372][ T5979] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 486.000164][ T5979] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 486.002552][ T5979] usb 7-1: Product: syz [ 486.003828][ T5979] usb 7-1: Manufacturer: syz [ 486.005621][ T5979] usb 7-1: SerialNumber: syz [ 486.015252][T13230] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 486.221831][ T5979] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 39 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 486.421851][ C2] usblp0: nonzero read bulk status received: -71 [ 486.423776][T13230] usblp0: error -71 reading from printer [ 486.426525][ C2] usblp0: nonzero read bulk status received: -71 [ 486.428841][ T2296] usb 7-1: USB disconnect, device number 39 [ 486.435247][ T2296] usblp0: removed [ 487.132257][T13256] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.1897'. [ 487.475323][T13264] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 488.046099][T13274] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 488.318868][ T6212] usb 7-1: new high-speed USB device number 40 using dummy_hcd [ 488.814148][ T6212] usb 7-1: Using ep0 maxpacket: 16 [ 488.818501][ T6212] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 488.823652][ T6212] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 488.834732][ T6212] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 488.844189][ T6212] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.848405][ T6212] usb 7-1: config 0 descriptor?? [ 489.125908][ T6212] usb 7-1: USB disconnect, device number 40 [ 489.207405][T13290] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1907'. [ 490.078823][T13301] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 490.079131][T13300] IPVS: stopping backup sync thread 13301 ... [ 491.058638][T13314] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 491.826828][T13322] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1916'. [ 491.934211][ T4241] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 492.085409][ T4241] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 492.088437][ T4241] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 492.091443][ T4241] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 492.107192][ T4241] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 492.110058][ T4241] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.112521][ T4241] usb 5-1: Product: syz [ 492.113834][ T4241] usb 5-1: Manufacturer: syz [ 492.115632][ T4241] usb 5-1: SerialNumber: syz [ 492.125760][T13320] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 492.355395][T13339] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 492.447199][ T4241] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 42 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 492.541184][ C3] usblp0: nonzero read bulk status received: -71 [ 492.543913][T13320] usblp0: error -71 reading from printer [ 492.546142][ C3] usblp0: nonzero read bulk status received: -71 [ 492.548909][T12641] usb 5-1: USB disconnect, device number 42 [ 492.560298][T12641] usblp0: removed [ 492.955647][T13341] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1921'. [ 493.553867][T13345] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 494.917077][T13366] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 495.164227][T12641] usb 7-1: new high-speed USB device number 41 using dummy_hcd [ 495.344078][T12641] usb 7-1: Using ep0 maxpacket: 16 [ 495.348056][T12641] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 495.351334][T12641] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 495.355439][T12641] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 495.358433][T12641] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.362645][T12641] usb 7-1: config 0 descriptor?? [ 495.646866][T12641] usb 7-1: USB disconnect, device number 41 [ 496.034208][ T34] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 496.189539][ T34] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 496.192692][ T34] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 496.195730][ T34] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 496.200312][ T34] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 496.203187][ T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.205777][ T34] usb 6-1: Product: syz [ 496.207188][ T34] usb 6-1: Manufacturer: syz [ 496.208599][ T34] usb 6-1: SerialNumber: syz [ 496.212538][T13377] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 496.373975][T13390] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 496.697343][ T34] usblp 6-1:1.0: usblp0: USB Bidirectional printer dev 33 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 496.714365][ T34] usb 6-1: USB disconnect, device number 33 [ 496.728319][ T34] usblp0: removed [ 498.093567][T13417] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.1941'. [ 498.364586][T13422] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 498.614182][ T6212] usb 7-1: new high-speed USB device number 42 using dummy_hcd [ 498.764136][ T6212] usb 7-1: Using ep0 maxpacket: 16 [ 498.768357][ T6212] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 498.772017][ T6212] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 498.778057][ T6212] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 498.781238][ T6212] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 498.786906][ T6212] usb 7-1: config 0 descriptor?? [ 498.794565][ T6212] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 498.882267][T13431] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 499.153478][ T6212] usb 7-1: USB disconnect, device number 42 [ 501.294187][T13465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1953'. [ 502.830882][T13482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1959'. [ 502.937563][T13484] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 506.015343][T13521] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1968'. [ 506.017333][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.920331][T13540] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 507.426539][T13549] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 507.426757][T13548] IPVS: stopping backup sync thread 13549 ... [ 515.438996][T13632] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 515.664161][ T60] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 515.715912][T13636] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1996'. [ 515.899542][ T60] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 515.902551][ T60] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 515.905631][ T60] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 515.910314][ T60] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 515.913137][ T60] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.915765][ T60] usb 6-1: Product: syz [ 515.917075][ T60] usb 6-1: Manufacturer: syz [ 515.918817][ T60] usb 6-1: SerialNumber: syz [ 515.923105][T13634] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 516.750871][ T60] usblp 6-1:1.0: usblp0: USB Bidirectional printer dev 34 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 516.756922][ T60] usb 6-1: USB disconnect, device number 34 [ 516.760870][ T60] usblp0: removed [ 518.801069][T13670] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2006'. [ 520.090070][T13688] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.2008'. [ 521.510993][T13716] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2016'. [ 521.565970][T13708] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.2014'. [ 523.039698][T13740] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.2021'. [ 523.662873][T13748] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 523.663146][T13743] IPVS: stopping backup sync thread 13748 ... [ 524.398439][T13765] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.2025'. [ 525.363486][T13789] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.2029'. [ 526.618115][T13793] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 528.742612][T13817] hid-generic 0003:0627:0001.0001: pid 13817 passed too short report [ 530.495006][T13840] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 531.017486][T13851] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.2047'. [ 531.100182][T13855] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 531.114496][T13854] IPVS: stopping backup sync thread 13855 ... [ 531.905635][T13869] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.2050'. [ 532.741559][T13874] hid-generic 0003:0627:0001.0001: pid 13874 passed too short report [ 533.181890][T13882] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 534.160661][T13890] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2056'. [ 534.892521][T13906] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.2060'. [ 535.634435][T13916] hid-generic 0003:0627:0001.0001: pid 13916 passed too short report [ 535.905757][T13923] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 535.907214][T13922] IPVS: stopping backup sync thread 13923 ... [ 536.970679][T13937] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 536.971872][T13936] IPVS: stopping backup sync thread 13937 ... [ 537.243547][T13948] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.2070'. [ 537.507843][T13950] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 538.765333][T13971] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 538.767909][T13970] IPVS: stopping backup sync thread 13971 ... [ 539.467012][ T5979] usb 7-1: new high-speed USB device number 43 using dummy_hcd [ 539.558733][T13983] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 539.628859][ T5979] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 539.632788][ T5979] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 539.636096][ T5979] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 539.641126][ T5979] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 539.645366][ T5979] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 539.647974][ T5979] usb 7-1: Product: syz [ 539.649324][ T5979] usb 7-1: Manufacturer: syz [ 539.650868][ T5979] usb 7-1: SerialNumber: syz [ 539.656611][T13976] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 539.866906][ T5979] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 43 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 540.068511][ C2] usblp0: nonzero read bulk status received: -71 [ 540.071803][T13976] usblp0: error -71 reading from printer [ 540.074601][ C2] usblp0: nonzero read bulk status received: -71 [ 540.078118][ T5979] usb 7-1: USB disconnect, device number 43 [ 540.086426][ T5979] usblp0: removed [ 540.924140][T12641] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 541.104665][T14005] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 541.116147][T12641] usb 5-1: Using ep0 maxpacket: 16 [ 541.120561][T12641] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 541.125937][T12641] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 541.136016][T12641] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 541.142504][T12641] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 541.184764][T12641] usb 5-1: config 0 descriptor?? [ 541.189681][T12641] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 541.258434][T14010] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 541.464880][ T5979] usb 5-1: USB disconnect, device number 43 [ 544.671100][ T5979] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 544.840813][ T5979] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 544.845201][ T5979] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 544.848850][ T5979] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 544.854841][ T5979] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 544.857860][ T5979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.864158][ T5979] usb 5-1: Product: syz [ 544.865573][ T5979] usb 5-1: Manufacturer: syz [ 544.867173][ T5979] usb 5-1: SerialNumber: syz [ 545.196850][T14038] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 545.393386][T14058] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2096'. [ 545.407327][ T5979] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 44 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 545.612129][ C2] usblp0: nonzero read bulk status received: -71 [ 545.622330][T14038] usblp0: error -71 reading from printer [ 545.632330][ C2] usblp0: nonzero read bulk status received: -71 [ 545.637349][ T5980] usb 5-1: USB disconnect, device number 44 [ 545.647749][ T5980] usblp0: removed [ 547.425983][T14076] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2100'. [ 547.790119][T14088] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 547.856367][T14092] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.2102'. [ 549.532054][T14110] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2105'. [ 549.733516][T14116] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.2107'. [ 550.503059][T14127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2110'. [ 556.430793][T14170] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2121'. [ 556.864550][T14158] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 557.068738][T14175] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 557.774769][T14185] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 559.887709][T14203] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 560.727952][T14206] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 560.785138][T14208] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2130'. [ 561.588893][T14214] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.2132'. [ 563.115595][T14235] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 563.205567][T14239] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 563.362898][T14244] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.2138'. [ 563.364931][T14245] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 563.480667][ T6002] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 563.634335][ T6002] usb 6-1: Using ep0 maxpacket: 16 [ 563.641803][ T6002] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 563.648972][ T6002] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 563.666321][ T6002] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 563.670171][ T6002] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.699139][ T6002] usb 6-1: config 0 descriptor?? [ 563.705788][ T6002] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 563.859979][T14254] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2141'. [ 564.676918][T11756] usb 6-1: USB disconnect, device number 35 [ 564.766947][T14259] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 564.914245][T14263] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.2143'. [ 565.834492][T14277] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.2146'. [ 565.868402][T14278] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 565.920310][T14265] IPVS: stopping backup sync thread 14278 ... [ 566.909646][T14295] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.2150'. [ 567.456679][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.608915][T14306] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2153'. [ 567.730937][T14310] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 569.464140][T14319] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 570.007324][T14337] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 570.246219][T14339] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 570.702895][T14344] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2162'. [ 570.739044][T14341] hid-generic 0003:0627:0001.0001: pid 14341 passed too short report [ 571.381528][T14349] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 572.126701][T14361] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.2165'. [ 573.958708][T14382] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 574.373594][T14388] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 574.373977][T14384] IPVS: stopping backup sync thread 14388 ... [ 575.289987][T14404] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.2174'. [ 576.915177][T14425] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 576.919363][T14424] IPVS: stopping backup sync thread 14425 ... [ 577.696886][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 578.911737][T14445] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 579.028362][T14448] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 579.130971][T14439] IPVS: stopping backup sync thread 14445 ... [ 579.180764][T14453] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.2185'. [ 579.255306][T14456] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 579.256532][T14455] IPVS: stopping backup sync thread 14456 ... [ 580.431975][T14481] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.2191'. [ 580.805052][T14486] IPVS: stopping backup sync thread 14489 ... [ 580.859769][T14488] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.2192'. [ 581.997300][T14508] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 582.074524][T14515] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 582.074772][T14514] IPVS: stopping backup sync thread 14515 ... [ 583.804785][T14534] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.2203'. [ 585.134531][T14547] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 585.705744][T14564] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.2210'. [ 585.745804][T14565] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 586.229501][T14574] hid-generic 0003:0627:0001.0001: pid 14574 passed too short report [ 586.305997][T14585] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.2214'. [ 588.207330][T14621] ip6t_srh: unknown srh invflags 6BE9 [ 588.267685][T14622] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.2223'. [ 589.638458][T14638] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 589.695312][T14639] IPVS: stopping backup sync thread 14640 ... [ 589.695592][T14640] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 590.024183][T14648] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 590.034993][T14646] IPVS: stopping backup sync thread 14648 ... [ 590.213887][T14654] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.2229'. [ 591.755066][T14677] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.2234'. [ 592.319595][T14690] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2238'. [ 595.177819][T14707] lo speed is unknown, defaulting to 1000 [ 595.728123][T14710] trusted_key: encrypted_key: insufficient parameters specified [ 595.816082][T14711] syz.2.2243: attempt to access beyond end of device [ 595.816082][T14711] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 598.496173][ T5980] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 598.506695][T14738] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 598.507833][T14737] IPVS: stopping backup sync thread 14738 ... [ 598.654134][ T5980] usb 5-1: Using ep0 maxpacket: 32 [ 598.660334][ T5980] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 598.667696][ T5980] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 598.671704][ T5980] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 598.675675][ T5980] usb 5-1: Product: syz [ 598.677512][ T5980] usb 5-1: Manufacturer: syz [ 598.679517][ T5980] usb 5-1: SerialNumber: syz [ 598.683753][ T5980] usb 5-1: config 0 descriptor?? [ 598.693950][T14736] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 598.700239][ T5980] hub 5-1:0.0: bad descriptor, ignoring hub [ 598.702844][ T5980] hub 5-1:0.0: probe with driver hub failed with error -5 [ 598.781524][T14740] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 599.097234][T14745] syzkaller0: entered promiscuous mode [ 599.099077][T14745] syzkaller0: entered allmulticast mode [ 599.437751][T14747] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 599.602373][T14750] ip6t_srh: unknown srh invflags 6BE9 [ 599.605685][T14736] usb 5-1: reset high-speed USB device number 45 using dummy_hcd [ 599.759038][T14736] usb 5-1: device firmware changed [ 599.762456][ T34] usb 5-1: USB disconnect, device number 45 [ 599.904306][ T34] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 600.084131][ T34] usb 5-1: Using ep0 maxpacket: 32 [ 600.087919][ T34] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 600.094866][ T34] usb 5-1: string descriptor 0 read error: -22 [ 600.097520][ T34] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 600.101036][ T34] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 600.108773][ T34] usb 5-1: config 0 descriptor?? [ 600.111753][T14744] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 600.116076][ T34] hub 5-1:0.0: bad descriptor, ignoring hub [ 600.118839][ T34] hub 5-1:0.0: probe with driver hub failed with error -5 [ 600.452004][ T34] usb 5-1: USB disconnect, device number 46 [ 601.176835][T14776] block device autoloading is deprecated and will be removed. [ 601.665856][T14781] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2261'. [ 601.747969][T14784] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 602.180513][T14799] lo speed is unknown, defaulting to 1000 [ 602.732294][T14809] lo speed is unknown, defaulting to 1000 [ 602.736041][T14809] lo speed is unknown, defaulting to 1000 [ 602.738591][T14809] lo speed is unknown, defaulting to 1000 [ 602.747896][T14809] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 602.761045][T14809] lo speed is unknown, defaulting to 1000 [ 602.766108][T14809] lo speed is unknown, defaulting to 1000 [ 602.768903][T14809] lo speed is unknown, defaulting to 1000 [ 602.771850][T14809] lo speed is unknown, defaulting to 1000 [ 602.774955][T14809] lo speed is unknown, defaulting to 1000 [ 603.654413][ T40] audit: type=1326 audit(1748846727.506:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14821 comm="syz.0.2270" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x0 [ 603.713536][T14824] loop2: detected capacity change from 0 to 7 [ 603.755764][T14824] Dev loop2: unable to read RDB block 7 [ 603.758365][T14824] loop2: AHDI p1 [ 603.759897][T14824] loop2: partition table partially beyond EOD, truncated [ 604.086516][ T5350] Dev loop2: unable to read RDB block 7 [ 604.088431][ T5350] loop2: AHDI p1 [ 604.089785][ T5350] loop2: partition table partially beyond EOD, truncated [ 604.195298][ T5350] Dev loop2: unable to read RDB block 7 [ 604.197091][ T5350] loop2: AHDI p1 [ 604.198266][ T5350] loop2: partition table partially beyond EOD, truncated [ 604.238198][T14836] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2273'. [ 604.257379][ T5350] Dev loop2: unable to read RDB block 7 [ 604.259340][ T5350] loop2: AHDI p1 [ 604.260627][ T5350] loop2: partition table partially beyond EOD, truncated [ 606.572317][T14866] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 606.665475][T14869] netlink: 1004 bytes leftover after parsing attributes in process `syz.1.2281'. [ 606.703723][T14860] syz.0.2277 (14860) used greatest stack depth: 19048 bytes left [ 606.805210][T14874] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2282'. [ 607.536572][T14885] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 607.541611][T14886] IPVS: stopping backup sync thread 14885 ... [ 608.420470][T14902] Context (ID=0x0) not attached to queue pair (handle=0x0:0xfffffffa) [ 608.515813][T14904] FAULT_INJECTION: forcing a failure. [ 608.515813][T14904] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 608.520017][T14904] CPU: 1 UID: 0 PID: 14904 Comm: syz.1.2290 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 608.520032][T14904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 608.520039][T14904] Call Trace: [ 608.520043][T14904] [ 608.520048][T14904] dump_stack_lvl+0x16c/0x1f0 [ 608.520068][T14904] should_fail_ex+0x512/0x640 [ 608.520088][T14904] _copy_from_iter+0x29f/0x16f0 [ 608.520102][T14904] ? __alloc_skb+0x200/0x380 [ 608.520117][T14904] ? __pfx__copy_from_iter+0x10/0x10 [ 608.520129][T14904] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 608.520151][T14904] netlink_sendmsg+0x829/0xdd0 [ 608.520163][T14904] ? __pfx_netlink_sendmsg+0x10/0x10 [ 608.520182][T14904] ? __import_iovec+0x1dd/0x650 [ 608.520196][T14904] ____sys_sendmsg+0xa95/0xc70 [ 608.520208][T14904] ? __pfx_____sys_sendmsg+0x10/0x10 [ 608.520218][T14904] ? get_compat_msghdr+0x11a/0x170 [ 608.520241][T14904] ___sys_sendmsg+0x134/0x1d0 [ 608.520257][T14904] ? __pfx____sys_sendmsg+0x10/0x10 [ 608.520279][T14904] ? find_held_lock+0x2b/0x80 [ 608.520303][T14904] __sys_sendmsg+0x16d/0x220 [ 608.520318][T14904] ? __pfx___sys_sendmsg+0x10/0x10 [ 608.520338][T14904] ? rcu_is_watching+0x12/0xc0 [ 608.520356][T14904] __do_fast_syscall_32+0x7c/0x3a0 [ 608.520373][T14904] do_fast_syscall_32+0x32/0x80 [ 608.520388][T14904] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 608.520402][T14904] RIP: 0023:0xf7f97579 [ 608.520411][T14904] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 608.520421][T14904] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 608.520432][T14904] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 608.520438][T14904] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 608.520444][T14904] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 608.520450][T14904] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 608.520456][T14904] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 608.520476][T14904] [ 608.654640][T14906] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2291'. [ 608.792922][T14917] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.2293'. [ 608.939057][T14909] hid-generic 0003:0627:0001.0001: pid 14909 passed too short report [ 609.544754][T14930] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 611.484114][ T4241] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 611.664125][ T4241] usb 5-1: Using ep0 maxpacket: 16 [ 611.676219][T14958] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.2303'. [ 611.905609][ T4241] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 611.908305][ T4241] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 611.911161][ T4241] usb 5-1: Product: syz [ 611.912815][ T4241] usb 5-1: Manufacturer: syz [ 611.914767][ T4241] usb 5-1: SerialNumber: syz [ 611.922765][ T4241] r8152-cfgselector 5-1: Unknown version 0x0000 [ 612.029916][ T4241] r8152-cfgselector 5-1: config 0 descriptor?? [ 612.300189][ T4241] r8152-cfgselector 5-1: Unknown version 0x0000 [ 612.306718][ T4241] r8152-cfgselector 5-1: bad CDC descriptors [ 612.311098][ T4241] r8152-cfgselector 5-1: USB disconnect, device number 47 [ 613.705666][T15000] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.2314'. [ 614.730901][T15003] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 614.736690][T15003] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 614.741758][T15003] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 614.744630][T15003] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 614.750746][T15003] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 614.766447][ T5949] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 614.780126][ T5949] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 614.784529][ T5949] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 614.793091][ T5949] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 614.797754][ T5949] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 614.831497][T15002] lo speed is unknown, defaulting to 1000 [ 614.834725][T15002] lo speed is unknown, defaulting to 1000 [ 614.948942][T15002] chnl_net:caif_netlink_parms(): no params data found [ 615.001342][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.062516][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.130486][T15002] bridge0: port 1(bridge_slave_0) entered blocking state [ 615.133179][T15002] bridge0: port 1(bridge_slave_0) entered disabled state [ 615.136827][T15002] bridge_slave_0: entered allmulticast mode [ 615.141198][T15002] bridge_slave_0: entered promiscuous mode [ 615.146337][T15002] bridge0: port 2(bridge_slave_1) entered blocking state [ 615.148827][T15002] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.151225][T15002] bridge_slave_1: entered allmulticast mode [ 615.157409][T15002] bridge_slave_1: entered promiscuous mode [ 615.205786][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.248021][T15002] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 615.281124][T15002] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 615.325144][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.347004][T15022] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 615.392551][T15002] team0: Port device team_slave_0 added [ 615.401597][T15002] team0: Port device team_slave_1 added [ 615.447862][T15002] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 615.450103][T15002] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 615.458401][T15002] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 615.482001][T15002] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 615.485715][T15002] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 615.494368][T15002] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 615.520846][ T12] bridge_slave_1: left allmulticast mode [ 615.522836][ T12] bridge_slave_1: left promiscuous mode [ 615.526466][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.536137][ T12] bridge_slave_0: left allmulticast mode [ 615.538098][ T12] bridge_slave_0: left promiscuous mode [ 615.540108][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 616.196105][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 616.207896][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 616.214003][ T12] bond0 (unregistering): Released all slaves [ 616.369578][ T12] bond1 (unregistering): Released all slaves [ 616.584755][T15043] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 616.703033][T15002] hsr_slave_0: entered promiscuous mode [ 616.710727][T15002] hsr_slave_1: entered promiscuous mode [ 616.714406][T15002] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 616.723698][T15002] Cannot create hsr debugfs directory [ 616.977028][ T5949] Bluetooth: hci4: command tx timeout [ 617.041190][ T12] hsr_slave_0: left promiscuous mode [ 617.061092][ T12] hsr_slave_1: left promiscuous mode [ 617.083366][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 617.087393][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 617.091766][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 617.094200][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 617.130818][ T12] veth0_macvtap: left promiscuous mode [ 617.133049][ T12] veth1_vlan: left promiscuous mode [ 617.134788][ T12] veth0_vlan: left promiscuous mode [ 619.056128][ T5949] Bluetooth: hci4: command tx timeout [ 619.748493][T15077] Driver unsupported XDP return value 0 on prog (id 191) dev N/A, expect packet loss! [ 620.655704][ T34] lo speed is unknown, defaulting to 1000 [ 620.657597][ T34] infiniband syz2: ib_query_port failed (-19) [ 620.804333][T15088] syzkaller0: entered promiscuous mode [ 620.806640][T15088] syzkaller0: entered allmulticast mode [ 620.949965][T15106] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.2332'. [ 621.144294][ T5949] Bluetooth: hci4: command tx timeout [ 621.235808][T15002] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 621.245879][T15002] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 621.821129][T15002] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 621.830023][T15002] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 621.936561][T15002] 8021q: adding VLAN 0 to HW filter on device bond0 [ 621.957303][T15002] 8021q: adding VLAN 0 to HW filter on device team0 [ 621.966170][ T1041] bridge0: port 1(bridge_slave_0) entered blocking state [ 621.969149][ T1041] bridge0: port 1(bridge_slave_0) entered forwarding state [ 622.017913][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 622.021934][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 622.228370][T15002] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 622.278407][T15002] veth0_vlan: entered promiscuous mode [ 622.295870][T15002] veth1_vlan: entered promiscuous mode [ 622.319027][T15002] veth0_macvtap: entered promiscuous mode [ 622.326388][T15002] veth1_macvtap: entered promiscuous mode [ 622.340827][T15002] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 622.350774][T15002] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 622.357221][T15002] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 622.361039][T15002] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 622.364709][T15002] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 622.368315][T15002] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 622.429048][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 622.431532][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 622.435696][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 622.438559][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 622.466316][T15132] hid-generic 0003:0627:0001.0001: pid 15132 passed too short report [ 623.214235][ T5949] Bluetooth: hci4: command tx timeout [ 623.594346][ T6212] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 623.895937][ T6212] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.900009][ T6212] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 623.902529][ T6212] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.985474][ T6212] usb 5-1: config 0 descriptor?? [ 624.280580][ T6212] usbhid 5-1:0.0: can't add hid device: -71 [ 624.282469][ T6212] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 624.292725][ T6212] usb 5-1: USB disconnect, device number 48 [ 624.794217][ T6212] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 624.924141][ T6212] usb 5-1: device descriptor read/64, error -71 [ 625.244273][ T6212] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 625.394302][ T6212] usb 5-1: device descriptor read/64, error -71 [ 625.519338][ T6212] usb usb5-port1: attempt power cycle [ 626.793278][ T6212] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 626.796359][ T6002] usb 7-1: new high-speed USB device number 44 using dummy_hcd [ 626.876689][ T6212] usb 5-1: device descriptor read/8, error -71 [ 627.185187][ T6002] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 627.543162][ T6002] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 627.550704][ T6002] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 627.558031][ T6002] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 627.560802][ T6002] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.563189][ T6002] usb 7-1: Product: syz [ 627.564739][ T6002] usb 7-1: Manufacturer: syz [ 627.566177][ T6002] usb 7-1: SerialNumber: syz [ 627.595411][T15179] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 627.842862][ T6002] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 44 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 628.042805][ C0] usblp0: nonzero read bulk status received: -71 [ 628.046479][T15179] usblp0: error -71 reading from printer [ 628.051452][T15219] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2355'. [ 628.071099][ C2] usblp0: nonzero read bulk status received: -71 [ 628.074765][ T5980] usb 7-1: USB disconnect, device number 44 [ 628.079182][ T5980] usblp0: removed [ 628.906203][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.196119][ T40] audit: type=1326 audit(1748846753.056:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15235 comm="syz.1.2361" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 629.254402][ T40] audit: type=1326 audit(1748846753.056:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15235 comm="syz.1.2361" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 629.261289][ T40] audit: type=1326 audit(1748846753.056:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15235 comm="syz.1.2361" exe="/syz-executor" sig=0 arch=40000003 syscall=317 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 629.267339][T15238] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 629.268489][ T40] audit: type=1326 audit(1748846753.056:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15235 comm="syz.1.2361" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 629.282585][ T40] audit: type=1326 audit(1748846753.056:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15235 comm="syz.1.2361" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 629.289697][ T40] audit: type=1326 audit(1748846753.056:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15235 comm="syz.1.2361" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 629.289723][ T40] audit: type=1326 audit(1748846753.056:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15235 comm="syz.1.2361" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 629.289745][ T40] audit: type=1326 audit(1748846753.056:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15235 comm="syz.1.2361" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 629.289767][ T40] audit: type=1326 audit(1748846753.066:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15235 comm="syz.1.2361" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 629.289789][ T40] audit: type=1326 audit(1748846753.066:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15235 comm="syz.1.2361" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 629.637820][T15241] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2363'. [ 629.706966][T15003] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 629.711923][T15003] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 629.716796][T15003] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 629.721711][T15003] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 629.725684][T15003] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 629.788365][T15245] lo speed is unknown, defaulting to 1000 [ 629.906731][T15245] chnl_net:caif_netlink_parms(): no params data found [ 630.027017][T15245] bridge0: port 1(bridge_slave_0) entered blocking state [ 630.027172][T15245] bridge0: port 1(bridge_slave_0) entered disabled state [ 630.027301][T15245] bridge_slave_0: entered allmulticast mode [ 630.028613][T15267] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2368'. [ 630.042195][T15245] bridge_slave_0: entered promiscuous mode [ 630.047584][T15261] lo speed is unknown, defaulting to 1000 [ 630.048060][T15245] bridge0: port 2(bridge_slave_1) entered blocking state [ 630.052685][T15245] bridge0: port 2(bridge_slave_1) entered disabled state [ 630.055345][T15245] bridge_slave_1: entered allmulticast mode [ 630.058138][T15245] bridge_slave_1: entered promiscuous mode [ 630.119791][T15245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 630.127526][T15245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 630.180446][T15245] team0: Port device team_slave_0 added [ 630.186093][T15245] team0: Port device team_slave_1 added [ 630.244991][T15245] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 630.247200][T15245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 630.256007][T15245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 630.260725][T15245] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 630.262998][T15245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 630.271680][T15245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 630.313756][T15245] hsr_slave_0: entered promiscuous mode [ 630.316448][T15245] hsr_slave_1: entered promiscuous mode [ 630.318665][T15245] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 630.321157][T15245] Cannot create hsr debugfs directory [ 630.441287][T15245] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 630.530036][T15245] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 630.609727][T15245] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 630.703361][T15245] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 630.888432][T15279] FAULT_INJECTION: forcing a failure. [ 630.888432][T15279] name failslab, interval 1, probability 0, space 0, times 0 [ 630.892883][T15279] CPU: 0 UID: 0 PID: 15279 Comm: syz.3.2371 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 630.892900][T15279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 630.892907][T15279] Call Trace: [ 630.892911][T15279] [ 630.892916][T15279] dump_stack_lvl+0x16c/0x1f0 [ 630.892935][T15279] should_fail_ex+0x512/0x640 [ 630.892955][T15279] should_failslab+0xc2/0x120 [ 630.892972][T15279] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 630.892987][T15279] ? skb_clone+0x190/0x3f0 [ 630.893004][T15279] skb_clone+0x190/0x3f0 [ 630.893050][T15279] ip6_finish_output2+0x1468/0x2020 [ 630.893065][T15279] ? ip6_mtu+0x1a3/0x4a0 [ 630.893079][T15279] ? skb_gso_transport_seglen+0x1a5/0x3b0 [ 630.893100][T15279] ip6_finish_output+0x3f9/0x1360 [ 630.893114][T15279] ip6_output+0x1f9/0x540 [ 630.893125][T15279] ? __pfx_ip6_output+0x10/0x10 [ 630.893137][T15279] ip6_local_out+0xcd/0x4a0 [ 630.893154][T15279] ip6_send_skb+0x112/0x460 [ 630.893169][T15279] udp_v6_send_skb+0x96f/0x1910 [ 630.893197][T15279] udpv6_sendmsg+0x252a/0x3050 [ 630.893217][T15279] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 630.893249][T15279] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 630.893281][T15279] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 630.893338][T15279] ? __pfx_aa_sk_perm+0x10/0x10 [ 630.893356][T15279] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 630.893372][T15279] ? inet6_sendmsg+0x105/0x140 [ 630.893386][T15279] inet6_sendmsg+0x105/0x140 [ 630.893402][T15279] ____sys_sendmsg+0x705/0xc70 [ 630.893412][T15279] ? gfs2_pin+0x180/0x460 [ 630.893431][T15279] ? __pfx_____sys_sendmsg+0x10/0x10 [ 630.893441][T15279] ? get_compat_msghdr+0x11a/0x170 [ 630.893459][T15279] ? __pfx__kstrtoull+0x10/0x10 [ 630.893476][T15279] ___sys_sendmsg+0x134/0x1d0 [ 630.893492][T15279] ? __pfx____sys_sendmsg+0x10/0x10 [ 630.893505][T15279] ? __lock_acquire+0x622/0x1c90 [ 630.893534][T15279] __sys_sendmmsg+0x2f9/0x420 [ 630.893551][T15279] ? __pfx___sys_sendmmsg+0x10/0x10 [ 630.893571][T15279] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 630.893592][T15279] ? fput+0x70/0xf0 [ 630.893608][T15279] ? ksys_write+0x1ac/0x250 [ 630.893621][T15279] ? __pfx_ksys_write+0x10/0x10 [ 630.893637][T15279] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 630.893653][T15279] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 630.893669][T15279] __do_fast_syscall_32+0x7c/0x3a0 [ 630.893685][T15279] do_fast_syscall_32+0x32/0x80 [ 630.893700][T15279] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 630.893714][T15279] RIP: 0023:0xf7f08579 [ 630.893723][T15279] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 630.893734][T15279] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 630.893745][T15279] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080003cc0 [ 630.893752][T15279] RDX: 0000000000000172 RSI: 0000000004001c00 RDI: 0000000000000000 [ 630.893758][T15279] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 630.893764][T15279] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 630.893770][T15279] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 630.893784][T15279] [ 630.893826][T15279] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 631.004732][T15279] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 631.008312][T15279] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 631.014429][T15279] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 631.019830][T15279] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 631.023399][T15279] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 631.028164][T15279] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 631.031694][T15279] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 631.053715][T15285] overlay: Bad value for 'workdir' [ 631.063169][T15279] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 631.120542][T15245] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 631.127460][T15245] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 631.136664][T15245] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 631.149224][T15245] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 631.221721][T15245] 8021q: adding VLAN 0 to HW filter on device bond0 [ 631.243547][T15245] 8021q: adding VLAN 0 to HW filter on device team0 [ 631.281600][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 631.284701][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 631.309513][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 631.312009][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 631.440627][ T1149] bridge_slave_1: left allmulticast mode [ 631.449081][ T1149] bridge_slave_1: left promiscuous mode [ 631.451360][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 631.456928][ T1149] bridge_slave_0: left allmulticast mode [ 631.459609][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 631.775388][T15003] Bluetooth: hci3: command tx timeout [ 632.247676][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 632.252621][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 632.263638][ T1149] bond0 (unregistering): Released all slaves [ 632.278706][T15245] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 632.281967][T15245] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 632.383312][T15245] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 632.423519][T15299] lo speed is unknown, defaulting to 1000 [ 632.450055][T15299] lo speed is unknown, defaulting to 1000 [ 632.452936][T15299] lo speed is unknown, defaulting to 1000 [ 632.459743][T15299] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 632.469357][T15245] veth0_vlan: entered promiscuous mode [ 632.471736][T15299] lo speed is unknown, defaulting to 1000 [ 632.474879][T15299] lo speed is unknown, defaulting to 1000 [ 632.477064][T15245] veth1_vlan: entered promiscuous mode [ 632.486662][T15299] lo speed is unknown, defaulting to 1000 [ 632.489301][T15299] lo speed is unknown, defaulting to 1000 [ 632.495066][T15299] lo speed is unknown, defaulting to 1000 [ 632.581053][T15301] lo speed is unknown, defaulting to 1000 [ 632.583922][T15301] lo speed is unknown, defaulting to 1000 [ 632.588853][T15245] veth0_macvtap: entered promiscuous mode [ 632.623993][ T1149] hsr_slave_0: left promiscuous mode [ 632.626925][ T1149] hsr_slave_1: left promiscuous mode [ 632.629027][ T1149] batman_adv: batadv0: Interface deactivated: dummy0 [ 632.631159][ T1149] batman_adv: batadv0: Removing interface: dummy0 [ 632.635832][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 632.638605][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 632.642594][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 632.646161][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 632.665945][ T1149] veth1_macvtap: left promiscuous mode [ 632.667947][ T1149] veth0_macvtap: left promiscuous mode [ 632.669723][ T1149] veth1_vlan: left promiscuous mode [ 633.864732][T15003] Bluetooth: hci3: command tx timeout [ 633.992114][T15245] veth1_macvtap: entered promiscuous mode [ 634.049163][T15245] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 634.102434][T15245] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 634.125343][T15245] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.128309][T15245] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.131179][T15245] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.133624][T15245] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.175987][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 634.179105][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 634.205660][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 634.208131][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 634.324657][T15329] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.2362'. [ 634.878124][T15337] net_ratelimit: 361 callbacks suppressed [ 634.878137][T15337] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 634.978524][ T1149] IPVS: stop unused estimator thread 0... [ 635.934485][T15003] Bluetooth: hci3: command tx timeout [ 636.354291][T15364] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2390'. [ 636.436298][T15359] hid-generic 0003:0627:0001.0001: pid 15359 passed too short report [ 636.600720][T15368] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 636.602580][T15367] IPVS: stopping backup sync thread 15368 ... [ 637.085188][T15373] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.2391'. [ 637.771711][T15003] Bluetooth: hci4: ACL packet for unknown connection handle 1 [ 638.014360][T15003] Bluetooth: hci3: command tx timeout [ 639.366661][ T60] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 639.374656][ T60] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 639.377364][ T60] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 639.380004][ T60] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 639.383516][ T60] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 639.386860][ T60] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 639.389358][ T60] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 639.391734][ T60] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 639.394820][ T60] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 639.397329][ T60] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 639.407389][ T60] hid-generic 00A0:0008:0003.0007: hidraw1: HID v0.05 Device [syz1] on syz0 [ 639.531519][T15420] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2404'. [ 640.497118][T15439] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 640.501641][T15439] overlayfs: missing 'lowerdir' [ 641.263117][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 641.265830][T15449] Bluetooth: hci1: Frame reassembly failed (-84) [ 641.380443][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 641.380454][ T40] audit: type=1326 audit(1748846765.236:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15452 comm="syz.1.2415" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 641.389288][ T40] audit: type=1326 audit(1748846765.236:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15452 comm="syz.1.2415" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 641.399700][ T40] audit: type=1326 audit(1748846765.246:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15452 comm="syz.1.2415" exe="/syz-executor" sig=0 arch=40000003 syscall=384 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 641.409842][ T40] audit: type=1326 audit(1748846765.246:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15452 comm="syz.1.2415" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 641.436025][ T40] audit: type=1326 audit(1748846765.246:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15452 comm="syz.1.2415" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 641.443241][ T40] audit: type=1326 audit(1748846765.246:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15452 comm="syz.1.2415" exe="/syz-executor" sig=0 arch=40000003 syscall=363 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 641.451732][ T40] audit: type=1326 audit(1748846765.246:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15452 comm="syz.1.2415" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 641.460736][ T40] audit: type=1326 audit(1748846765.246:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15452 comm="syz.1.2415" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 641.467640][ T40] audit: type=1326 audit(1748846765.246:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15452 comm="syz.1.2415" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 641.474621][ T40] audit: type=1326 audit(1748846765.246:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15452 comm="syz.1.2415" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 641.791472][T15465] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 641.792888][T15464] IPVS: stopping backup sync thread 15465 ... [ 642.462347][T15472] loop3: detected capacity change from 0 to 1 [ 642.466957][T15472] Dev loop3: unable to read RDB block 1 [ 642.468844][T15472] loop3: unable to read partition table [ 642.470915][T15472] loop3: partition table beyond EOD, truncated [ 642.473176][T15472] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5) [ 642.477565][T15472] Dev loop3: unable to read RDB block 1 [ 642.479357][T15472] loop3: unable to read partition table [ 642.481538][T15472] loop3: partition table beyond EOD, truncated [ 642.687904][T15474] syzkaller0: entered promiscuous mode [ 642.689988][T15474] syzkaller0: entered allmulticast mode [ 643.294174][ T5949] Bluetooth: hci1: command 0x1003 tx timeout [ 643.294215][T15003] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 644.237062][T15506] (unnamed net_device) (uninitialized): ARP target 9.0.0.0 is already present [ 644.239960][T15506] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (9) [ 644.325633][T15507] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 644.410708][T15511] futex_wake_op: syz.3.2430 tries to shift op by 144; fix this program [ 644.597727][T15511] lo speed is unknown, defaulting to 1000 [ 644.600536][T15511] lo speed is unknown, defaulting to 1000 [ 645.269240][T15523] syzkaller0: entered promiscuous mode [ 645.270980][T15523] syzkaller0: entered allmulticast mode [ 645.297238][T15530] FAULT_INJECTION: forcing a failure. [ 645.297238][T15530] name failslab, interval 1, probability 0, space 0, times 0 [ 645.301619][T15530] CPU: 2 UID: 0 PID: 15530 Comm: syz.2.2435 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 645.301635][T15530] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 645.301642][T15530] Call Trace: [ 645.301646][T15530] [ 645.301651][T15530] dump_stack_lvl+0x16c/0x1f0 [ 645.301669][T15530] should_fail_ex+0x512/0x640 [ 645.301687][T15530] ? fs_reclaim_acquire+0xae/0x150 [ 645.301703][T15530] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 645.301726][T15530] should_failslab+0xc2/0x120 [ 645.301752][T15530] __kmalloc_noprof+0xd2/0x510 [ 645.301780][T15530] tomoyo_realpath_from_path+0xc2/0x6e0 [ 645.301808][T15530] ? tomoyo_profile+0x47/0x60 [ 645.301827][T15530] tomoyo_path_number_perm+0x245/0x580 [ 645.301848][T15530] ? tomoyo_path_number_perm+0x237/0x580 [ 645.301874][T15530] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 645.301925][T15530] ? find_held_lock+0x2b/0x80 [ 645.301950][T15530] ? hook_file_ioctl_common+0x145/0x410 [ 645.301978][T15530] ? __fget_files+0x20e/0x3c0 [ 645.301995][T15530] ? fput+0x10/0xf0 [ 645.302022][T15530] security_file_ioctl_compat+0x9b/0x240 [ 645.302039][T15530] __ia32_compat_sys_ioctl+0xc3/0x370 [ 645.302052][T15530] __do_fast_syscall_32+0x7c/0x3a0 [ 645.302071][T15530] do_fast_syscall_32+0x32/0x80 [ 645.302103][T15530] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 645.302127][T15530] RIP: 0023:0xf7f07579 [ 645.302141][T15530] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 645.302160][T15530] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 645.302178][T15530] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0844123 [ 645.302191][T15530] RDX: 0000000080000300 RSI: 0000000000000000 RDI: 0000000000000000 [ 645.302202][T15530] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 645.302212][T15530] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 645.302224][T15530] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 645.302248][T15530] [ 645.302513][T15530] ERROR: Out of memory at tomoyo_realpath_from_path. [ 645.425165][T15532] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2436'. [ 645.430292][T15532] dlm: plock device version mismatch: kernel (1.2.0), user (4207673345.1574799195.3139252685) [ 645.588567][T15538] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 645.834297][ T6002] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 646.037517][T15555] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2444'. [ 646.041418][ C0] vcan0: j1939_session_tx_dat: 0xffff8880601d9800: queue data error: -100 [ 646.044606][ C0] vcan0 (unregistering): j1939_xtp_rx_dpo: no connection found [ 646.047761][ C0] vcan0 (unregistering): j1939_xtp_rx_dpo: no connection found [ 646.050184][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 646.052612][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 646.055199][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 646.057628][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 646.060094][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 646.062528][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 646.065048][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 646.067467][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 646.069914][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 646.072336][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 646.074846][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 646.077257][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 646.079739][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 646.082128][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 646.084637][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 646.087061][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 646.089517][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 646.091928][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 646.094480][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 646.096929][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 646.099471][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 646.101910][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 646.104435][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 646.106889][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 646.109372][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 646.111823][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 646.134115][ T6002] usb 6-1: Using ep0 maxpacket: 16 [ 646.137153][ T6002] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 646.140311][ T6002] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 646.144652][ T6002] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 646.147661][ T6002] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.152108][ T6002] usb 6-1: config 0 descriptor?? [ 646.157396][ T6002] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 646.631819][T15564] FAULT_INJECTION: forcing a failure. [ 646.631819][T15564] name failslab, interval 1, probability 0, space 0, times 0 [ 646.634965][ T6002] usb 6-1: USB disconnect, device number 36 [ 646.637505][T15564] CPU: 3 UID: 0 PID: 15564 Comm: syz.3.2447 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 646.637527][T15564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 646.637537][T15564] Call Trace: [ 646.637543][T15564] [ 646.637561][T15564] dump_stack_lvl+0x16c/0x1f0 [ 646.637591][T15564] should_fail_ex+0x512/0x640 [ 646.637618][T15564] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 646.637643][T15564] should_failslab+0xc2/0x120 [ 646.637668][T15564] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 646.637692][T15564] ? getname_flags.part.0+0x4c/0x550 [ 646.637722][T15564] getname_flags.part.0+0x4c/0x550 [ 646.637751][T15564] getname_flags+0x93/0xf0 [ 646.637770][T15564] do_sys_openat2+0xb8/0x1d0 [ 646.637785][T15564] ? __pfx_do_sys_openat2+0x10/0x10 [ 646.637826][T15564] ? __fget_files+0x20e/0x3c0 [ 646.637852][T15564] __ia32_compat_sys_openat+0x16d/0x210 [ 646.637869][T15564] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 646.637885][T15564] ? ksys_write+0x1ac/0x250 [ 646.637910][T15564] ? rcu_is_watching+0x12/0xc0 [ 646.637951][T15564] __do_fast_syscall_32+0x7c/0x3a0 [ 646.637977][T15564] do_fast_syscall_32+0x32/0x80 [ 646.637999][T15564] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 646.638021][T15564] RIP: 0023:0xf7f08579 [ 646.638034][T15564] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 646.638049][T15564] RSP: 002b:00000000f500555c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 646.638064][T15564] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000100 [ 646.638075][T15564] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 646.638084][T15564] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 646.638093][T15564] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 646.638102][T15564] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 646.638129][T15564] [ 647.471556][ T6002] usb 7-1: new full-speed USB device number 45 using dummy_hcd [ 647.627987][ T6002] usb 7-1: not running at top speed; connect to a high speed hub [ 647.632523][ T6002] usb 7-1: config 74 has an invalid interface number: 216 but max is 3 [ 647.635333][ T6002] usb 7-1: config 74 has an invalid interface number: 229 but max is 3 [ 647.638749][ T6002] usb 7-1: config 74 contains an unexpected descriptor of type 0x1, skipping [ 647.641615][ T6002] usb 7-1: config 74 has an invalid descriptor of length 0, skipping remainder of the config [ 647.645563][ T6002] usb 7-1: config 74 has 2 interfaces, different from the descriptor's value: 4 [ 647.648343][ T6002] usb 7-1: config 74 has no interface number 0 [ 647.650321][ T6002] usb 7-1: config 74 has no interface number 1 [ 647.652644][ T6002] usb 7-1: config 74 interface 216 altsetting 7 endpoint 0xE has invalid maxpacket 1024, setting to 64 [ 647.656136][ T6002] usb 7-1: config 74 interface 229 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 647.659493][ T6002] usb 7-1: config 74 interface 229 altsetting 9 has a duplicate endpoint with address 0xF, skipping [ 647.663523][ T6002] usb 7-1: config 74 interface 229 altsetting 9 has a duplicate endpoint with address 0xE, skipping [ 647.667433][ T6002] usb 7-1: config 74 interface 229 altsetting 9 has an endpoint descriptor with address 0x19, changing to 0x9 [ 647.671171][ T6002] usb 7-1: config 74 interface 229 altsetting 9 endpoint 0x9 has invalid maxpacket 33314, setting to 64 [ 647.674840][ T6002] usb 7-1: config 74 interface 229 altsetting 9 has 6 endpoint descriptors, different from the interface descriptor's value: 9 [ 647.678825][ T6002] usb 7-1: config 74 interface 216 has no altsetting 0 [ 647.680287][T15591] syzkaller0: entered promiscuous mode [ 647.680943][ T6002] usb 7-1: config 74 interface 229 has no altsetting 0 [ 647.682866][ T6002] usb 7-1: New USB device found, idVendor=0bfd, idProduct=0003, bcdDevice=3c.b8 [ 647.683244][T15591] syzkaller0: entered allmulticast mode [ 647.685855][ T6002] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 647.692545][ T6002] usb 7-1: Product: syz [ 647.693875][ T6002] usb 7-1: Manufacturer: ≭砣璋 [ 647.695771][ T6002] usb 7-1: SerialNumber: syz [ 648.060242][ T6002] kvaser_usb 7-1:74.216: error -ENODEV: Cannot get usb endpoint(s) [ 648.067273][ T6002] kvaser_usb 7-1:74.229: error -ENODEV: Cannot get usb endpoint(s) [ 648.073439][ T6002] usb 7-1: USB disconnect, device number 45 [ 648.306143][ T5949] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 648.310436][ T5949] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 648.313481][ T5949] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 648.319543][ T5949] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 648.324276][ T5949] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 648.348486][T15594] lo speed is unknown, defaulting to 1000 [ 648.351976][T15594] lo speed is unknown, defaulting to 1000 [ 648.427808][T15594] chnl_net:caif_netlink_parms(): no params data found [ 648.606630][T15610] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2460'. [ 648.609751][T15594] bridge0: port 1(bridge_slave_0) entered blocking state [ 648.612000][T15594] bridge0: port 1(bridge_slave_0) entered disabled state [ 648.615783][T15594] bridge_slave_0: entered allmulticast mode [ 648.618471][T15594] bridge_slave_0: entered promiscuous mode [ 648.625893][T15594] bridge0: port 2(bridge_slave_1) entered blocking state [ 648.628279][T15594] bridge0: port 2(bridge_slave_1) entered disabled state [ 648.631092][T15594] bridge_slave_1: entered allmulticast mode [ 648.634402][T15594] bridge_slave_1: entered promiscuous mode [ 648.676269][T15594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 648.680837][T15594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 648.719136][T15594] team0: Port device team_slave_0 added [ 648.722993][T15594] team0: Port device team_slave_1 added [ 648.774379][T15594] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 648.777016][T15594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 648.786231][T15594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 648.790763][T15594] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 648.792894][T15594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 648.801072][T15594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 648.857221][T15594] hsr_slave_0: entered promiscuous mode [ 648.859610][T15594] hsr_slave_1: entered promiscuous mode [ 648.861873][T15594] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 648.866504][T15594] Cannot create hsr debugfs directory [ 648.915523][T15608] hid-generic 0003:0627:0001.0001: pid 15608 passed too short report [ 648.984995][T15594] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.988450][T15594] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 649.046220][T15594] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.049584][T15594] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 649.136874][T15594] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.140289][T15594] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 649.231663][T15594] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.235361][T15594] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 649.386004][T15594] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 649.393168][T15594] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 649.400080][T15594] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 649.405882][T15594] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 649.469533][T15594] 8021q: adding VLAN 0 to HW filter on device bond0 [ 649.480453][T15594] 8021q: adding VLAN 0 to HW filter on device team0 [ 649.486525][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 649.488882][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 649.498563][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.500892][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 649.630136][T15594] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 649.667564][T15594] veth0_vlan: entered promiscuous mode [ 649.675524][T15594] veth1_vlan: entered promiscuous mode [ 649.698007][T15594] veth0_macvtap: entered promiscuous mode [ 649.704118][T15594] veth1_macvtap: entered promiscuous mode [ 649.719048][T15594] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 649.727287][T15594] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 649.733944][T15594] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.737844][T15594] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.741650][T15594] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.747201][T15594] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.810719][ T1041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 649.815806][ T1041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 649.836496][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 649.839134][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 650.334492][ T5949] Bluetooth: hci1: command tx timeout [ 650.585571][T15639] sp0: Synchronizing with TNC [ 650.599143][T15639] [U] è [ 650.885809][T15003] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 650.890280][T15003] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 650.893381][T15003] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 650.897172][T15003] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 650.900284][T15003] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 650.920998][T15648] lo speed is unknown, defaulting to 1000 [ 650.923622][T15648] lo speed is unknown, defaulting to 1000 [ 651.031072][T15648] chnl_net:caif_netlink_parms(): no params data found [ 651.150254][T15648] bridge0: port 1(bridge_slave_0) entered blocking state [ 651.152531][T15648] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.155773][T15648] bridge_slave_0: entered allmulticast mode [ 651.158430][T15648] bridge_slave_0: entered promiscuous mode [ 651.162275][T15648] bridge0: port 2(bridge_slave_1) entered blocking state [ 651.165580][T15648] bridge0: port 2(bridge_slave_1) entered disabled state [ 651.167946][T15648] bridge_slave_1: entered allmulticast mode [ 651.170570][T15648] bridge_slave_1: entered promiscuous mode [ 651.201748][T15648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 651.207043][T15648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 651.247434][T15648] team0: Port device team_slave_0 added [ 651.255047][T15648] team0: Port device team_slave_1 added [ 651.284695][T15648] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 651.286929][T15648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 651.297740][T15648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 651.302931][T15648] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 651.306888][T15648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 651.316525][T15648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 651.487189][ T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.582963][ T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.596964][T15648] hsr_slave_0: entered promiscuous mode [ 651.600170][T15648] hsr_slave_1: entered promiscuous mode [ 651.603512][T15648] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 651.606698][T15648] Cannot create hsr debugfs directory [ 651.779999][ T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.856490][ T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.966002][ T59] bridge_slave_1: left allmulticast mode [ 651.970403][ T59] bridge_slave_1: left promiscuous mode [ 651.974878][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 651.985210][ T59] bridge_slave_0: left allmulticast mode [ 651.989577][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 652.414495][T15003] Bluetooth: hci1: command tx timeout [ 652.432210][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 652.438322][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 652.442044][ T59] bond0 (unregistering): Released all slaves [ 652.528839][ T59] tipc: Left network mode [ 652.736527][T15668] hid-generic 0003:0627:0001.0001: pid 15668 passed too short report [ 652.821154][ T59] hsr_slave_0: left promiscuous mode [ 652.825794][ T59] hsr_slave_1: left promiscuous mode [ 652.828646][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 652.831138][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 652.834736][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 652.837074][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 652.868375][ T59] veth1_macvtap: left promiscuous mode [ 652.869431][T15688] input: syz0 as /devices/virtual/input/input18 [ 652.870733][ T59] veth0_macvtap: left promiscuous mode [ 652.876363][ T59] veth1_vlan: left promiscuous mode [ 652.878924][ T59] veth0_vlan: left promiscuous mode [ 652.946839][T15690] FAULT_INJECTION: forcing a failure. [ 652.946839][T15690] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 652.952162][T15690] CPU: 1 UID: 0 PID: 15690 Comm: syz.2.2477 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 652.952178][T15690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 652.952185][T15690] Call Trace: [ 652.952192][T15690] [ 652.952197][T15690] dump_stack_lvl+0x16c/0x1f0 [ 652.952228][T15690] should_fail_ex+0x512/0x640 [ 652.952248][T15690] _copy_from_user+0x2e/0xd0 [ 652.952259][T15690] move_addr_to_kernel+0x65/0x170 [ 652.952273][T15690] __sys_bind+0x11b/0x260 [ 652.952285][T15690] ? __pfx___sys_bind+0x10/0x10 [ 652.952296][T15690] ? __fget_files+0x20e/0x3c0 [ 652.952314][T15690] ? __pfx_ksys_write+0x10/0x10 [ 652.952326][T15690] ? __pfx_native_tss_update_io_bitmap+0x10/0x10 [ 652.952346][T15690] __ia32_sys_bind+0x71/0xb0 [ 652.952358][T15690] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 652.952374][T15690] __do_fast_syscall_32+0x7c/0x3a0 [ 652.952390][T15690] do_fast_syscall_32+0x32/0x80 [ 652.952405][T15690] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 652.952419][T15690] RIP: 0023:0xf7f07579 [ 652.952428][T15690] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 652.952439][T15690] RSP: 002b:00000000f500555c EFLAGS: 00000296 ORIG_RAX: 0000000000000169 [ 652.952449][T15690] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000000 [ 652.952456][T15690] RDX: 0000000000000062 RSI: 0000000000000000 RDI: 0000000000000000 [ 652.952462][T15690] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 652.952468][T15690] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 652.952474][T15690] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 652.952488][T15690] [ 653.017749][T15003] Bluetooth: hci0: command tx timeout [ 653.187182][T15695] random: crng reseeded on system resumption [ 653.824957][T15705] FAULT_INJECTION: forcing a failure. [ 653.824957][T15705] name failslab, interval 1, probability 0, space 0, times 0 [ 653.830212][T15705] CPU: 0 UID: 0 PID: 15705 Comm: syz.1.2481 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 653.830250][T15705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 653.830263][T15705] Call Trace: [ 653.830269][T15705] [ 653.830277][T15705] dump_stack_lvl+0x16c/0x1f0 [ 653.830310][T15705] should_fail_ex+0x512/0x640 [ 653.830336][T15705] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 653.830361][T15705] should_failslab+0xc2/0x120 [ 653.830386][T15705] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 653.830407][T15705] ? getname_flags.part.0+0x4c/0x550 [ 653.830437][T15705] getname_flags.part.0+0x4c/0x550 [ 653.830466][T15705] getname_flags+0x93/0xf0 [ 653.830486][T15705] do_sys_openat2+0xb8/0x1d0 [ 653.830502][T15705] ? __pfx_do_sys_openat2+0x10/0x10 [ 653.830529][T15705] ? __fget_files+0x20e/0x3c0 [ 653.830548][T15705] ? handle_mm_fault+0x210/0xd10 [ 653.830571][T15705] __ia32_compat_sys_open+0x146/0x1e0 [ 653.830587][T15705] ? __pfx___ia32_compat_sys_open+0x10/0x10 [ 653.830607][T15705] ? rcu_is_watching+0x12/0xc0 [ 653.830629][T15705] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 653.830654][T15705] __do_fast_syscall_32+0x7c/0x3a0 [ 653.830679][T15705] do_fast_syscall_32+0x32/0x80 [ 653.830702][T15705] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 653.830724][T15705] RIP: 0023:0xf7fa8579 [ 653.830737][T15705] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 653.830754][T15705] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000005 [ 653.830772][T15705] RAX: ffffffffffffffda RBX: 0000000080000040 RCX: 0000000000000400 [ 653.830783][T15705] RDX: 0000000000000043 RSI: 0000000000000000 RDI: 0000000000000000 [ 653.830794][T15705] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 653.830803][T15705] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 653.830814][T15705] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 653.830837][T15705] [ 653.902959][ C0] vkms_vblank_simulate: vblank timer overrun [ 654.504267][T15003] Bluetooth: hci1: command tx timeout [ 654.823380][ T5980] lo speed is unknown, defaulting to 1000 [ 654.825854][ T5980] infiniband syz0: ib_query_port failed (-19) [ 654.829579][T15699] ================================================================== [ 654.832718][T15699] BUG: KASAN: slab-use-after-free in fib6_ifdown+0x7f5/0x8f0 [ 654.835636][T15699] Read of size 8 at addr ffff8880132878c0 by task syz.2.2479/15699 [ 654.840045][T15699] [ 654.841422][T15699] CPU: 2 UID: 0 PID: 15699 Comm: syz.2.2479 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 654.841440][T15699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 654.841448][T15699] Call Trace: [ 654.841453][T15699] [ 654.841458][T15699] dump_stack_lvl+0x116/0x1f0 [ 654.841478][T15699] print_report+0xcd/0x680 [ 654.841496][T15699] ? __virt_addr_valid+0x81/0x610 [ 654.841515][T15699] ? __phys_addr+0xe8/0x180 [ 654.841532][T15699] ? fib6_ifdown+0x7f5/0x8f0 [ 654.841549][T15699] kasan_report+0xe0/0x110 [ 654.841564][T15699] ? fib6_ifdown+0x7f5/0x8f0 [ 654.841582][T15699] fib6_ifdown+0x7f5/0x8f0 [ 654.841599][T15699] ? __pfx_fib6_ifdown+0x10/0x10 [ 654.841616][T15699] fib6_clean_node+0x2a7/0x5b0 [ 654.841635][T15699] ? __pfx_fib6_clean_node+0x10/0x10 [ 654.841655][T15699] fib6_walk_continue+0x452/0x8d0 [ 654.841671][T15699] fib6_walk+0x182/0x370 [ 654.841686][T15699] ? __pfx_fib6_ifdown+0x10/0x10 [ 654.841702][T15699] fib6_clean_tree+0xd4/0x110 [ 654.841718][T15699] ? __pfx_fib6_clean_tree+0x10/0x10 [ 654.841734][T15699] ? __pfx_fib6_clean_node+0x10/0x10 [ 654.841751][T15699] ? __pfx_fib6_ifdown+0x10/0x10 [ 654.841770][T15699] ? __pfx_fib6_ifdown+0x10/0x10 [ 654.841786][T15699] __fib6_clean_all+0x107/0x2d0 [ 654.841804][T15699] rt6_disable_ip+0x2ec/0x990 [ 654.841818][T15699] ? __mutex_trylock_common+0xe9/0x250 [ 654.841831][T15699] ? __pfx___mutex_trylock_common+0x10/0x10 [ 654.841844][T15699] ? __pfx_rt6_disable_ip+0x10/0x10 [ 654.841859][T15699] ? rcu_is_watching+0x12/0xc0 [ 654.841876][T15699] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 654.841896][T15699] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 654.841913][T15699] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 654.841930][T15699] ? tls_dev_event+0xfd/0x10b0 [ 654.841953][T15699] addrconf_notify+0x220/0x19e0 [ 654.841970][T15699] ? ip6mr_device_event+0x1bc/0x230 [ 654.841989][T15699] notifier_call_chain+0xbc/0x410 [ 654.842017][T15699] ? __pfx_addrconf_notify+0x10/0x10 [ 654.842038][T15699] call_netdevice_notifiers_info+0xbe/0x140 [ 654.842058][T15699] unregister_netdevice_many_notify+0xf9a/0x26f0 [ 654.842092][T15699] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 654.842117][T15699] ? __pfx___might_resched+0x10/0x10 [ 654.842142][T15699] ? rcu_is_watching+0x12/0xc0 [ 654.842166][T15699] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 654.842186][T15699] ? ppp_release+0x167/0x230 [ 654.842206][T15699] ? __fsnotify_parent+0x24b/0xc40 [ 654.842222][T15699] ? __pfx___mutex_lock+0x10/0x10 [ 654.842246][T15699] unregister_netdevice_queue+0x305/0x3f0 [ 654.842272][T15699] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 654.842310][T15699] ? __pfx_locks_remove_file+0x10/0x10 [ 654.842330][T15699] ? __pfx_ppp_release+0x10/0x10 [ 654.842352][T15699] ppp_release+0x209/0x230 [ 654.842372][T15699] __fput+0x3ff/0xb70 [ 654.842399][T15699] task_work_run+0x150/0x240 [ 654.842421][T15699] ? __pfx_task_work_run+0x10/0x10 [ 654.842447][T15699] get_signal+0x1d1/0x26d0 [ 654.842475][T15699] ? kick_process+0xf6/0x1b0 [ 654.842498][T15699] ? __pfx_get_signal+0x10/0x10 [ 654.842523][T15699] ? task_work_add+0x1d5/0x360 [ 654.842544][T15699] ? __pfx_task_work_add+0x10/0x10 [ 654.842567][T15699] arch_do_signal_or_restart+0x8f/0x790 [ 654.842595][T15699] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 654.842618][T15699] exit_to_user_mode_loop+0x84/0x110 [ 654.842634][T15699] __do_fast_syscall_32+0x2ac/0x3a0 [ 654.842652][T15699] do_fast_syscall_32+0x32/0x80 [ 654.842669][T15699] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 654.842684][T15699] RIP: 0023:0xf7f07579 [ 654.842693][T15699] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 654.842705][T15699] RSP: 002b:00000000f500555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 654.842717][T15699] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000040047459 [ 654.842724][T15699] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 654.842731][T15699] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 654.842738][T15699] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 654.842745][T15699] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 654.842755][T15699] [ 654.842759][T15699] [ 655.003592][T15699] Allocated by task 59: [ 655.005378][T15699] kasan_save_stack+0x33/0x60 [ 655.007376][T15699] kasan_save_track+0x14/0x30 [ 655.009357][T15699] __kasan_kmalloc+0xaa/0xb0 [ 655.011252][T15699] igmp6_group_dropped+0x4a7/0xe40 [ 655.013204][T15699] __ipv6_dev_mc_dec+0x283/0x3b0 [ 655.014969][T15699] __ipv6_ifa_notify+0x3d8/0xd60 [ 655.016877][T15699] addrconf_ifdown.isra.0+0xe8b/0x1a90 [ 655.019128][T15699] addrconf_notify+0x220/0x19e0 [ 655.021224][T15699] notifier_call_chain+0xbc/0x410 [ 655.023340][T15699] call_netdevice_notifiers_info+0xbe/0x140 [ 655.025369][T15699] dev_close_many+0x319/0x630 [ 655.026963][T15699] unregister_netdevice_many_notify+0x578/0x26f0 [ 655.029017][T15699] default_device_exit_batch+0x853/0xaf0 [ 655.030872][T15699] ops_undo_list+0x360/0xab0 [ 655.032414][T15699] cleanup_net+0x408/0x890 [ 655.033907][T15699] process_one_work+0x9cf/0x1b70 [ 655.035571][T15699] worker_thread+0x6c8/0xf10 [ 655.037115][T15699] kthread+0x3c2/0x780 [ 655.038465][T15699] ret_from_fork+0x5d4/0x6f0 [ 655.040187][T15699] ret_from_fork_asm+0x1a/0x30 [ 655.042098][T15699] [ 655.042921][T15699] Freed by task 1140: [ 655.044256][T15699] kasan_save_stack+0x33/0x60 [ 655.045828][T15699] kasan_save_track+0x14/0x30 [ 655.047466][T15699] kasan_save_free_info+0x3b/0x60 [ 655.049101][T15699] __kasan_slab_free+0x51/0x70 [ 655.050523][T15699] kmem_cache_free_bulk.part.0+0x383/0x7f0 [ 655.052172][T15699] kvfree_rcu_bulk+0x1b7/0x1e0 [ 655.053705][T15699] kfree_rcu_monitor+0x1d0/0x2f0 [ 655.055322][T15699] process_one_work+0x9cf/0x1b70 [ 655.057028][T15699] worker_thread+0x6c8/0xf10 [ 655.058581][T15699] kthread+0x3c2/0x780 [ 655.060071][T15699] ret_from_fork+0x5d4/0x6f0 [ 655.062059][T15699] ret_from_fork_asm+0x1a/0x30 [ 655.064095][T15699] [ 655.064992][T15699] Last potentially related work creation: [ 655.066857][T15699] kasan_save_stack+0x33/0x60 [ 655.068454][T15699] kasan_record_aux_stack+0xa7/0xc0 [ 655.070258][T15699] kvfree_call_rcu+0x76/0x470 [ 655.072013][T15699] mld_clear_delrec+0xab/0x640 [ 655.073604][T15699] ipv6_mc_destroy_dev+0x49/0x690 [ 655.075226][T15699] addrconf_ifdown.isra.0+0x13ef/0x1a90 [ 655.077074][T15699] addrconf_notify+0x220/0x19e0 [ 655.078630][T15699] notifier_call_chain+0xbc/0x410 [ 655.080563][T15699] call_netdevice_notifiers_info+0xbe/0x140 [ 655.082669][T15699] unregister_netdevice_many_notify+0xf9a/0x26f0 [ 655.085234][T15699] default_device_exit_batch+0x853/0xaf0 [ 655.087579][T15699] ops_undo_list+0x360/0xab0 [ 655.089552][T15699] cleanup_net+0x408/0x890 [ 655.091446][T15699] process_one_work+0x9cf/0x1b70 [ 655.093552][T15699] worker_thread+0x6c8/0xf10 [ 655.095528][T15699] kthread+0x3c2/0x780 [ 655.097273][T15699] ret_from_fork+0x5d4/0x6f0 [ 655.099254][T15699] ret_from_fork_asm+0x1a/0x30 [ 655.101196][T15699] [ 655.102230][T15699] The buggy address belongs to the object at ffff888013287800 [ 655.102230][T15699] which belongs to the cache kmalloc-512 of size 512 [ 655.107934][T15699] The buggy address is located 192 bytes inside of [ 655.107934][T15699] freed 512-byte region [ffff888013287800, ffff888013287a00) [ 655.113516][T15699] [ 655.114563][T15699] The buggy address belongs to the physical page: [ 655.117233][T15699] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888013287400 pfn:0x13284 [ 655.121447][T15699] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 655.124972][T15699] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 655.128307][T15699] page_type: f5(slab) [ 655.129893][T15699] raw: 00fff00000000240 ffff88801b442c80 ffffea00008e2210 ffffea0000967c10 [ 655.133417][T15699] raw: ffff888013287400 000000000010000d 00000000f5000000 0000000000000000 [ 655.137020][T15699] head: 00fff00000000240 ffff88801b442c80 ffffea00008e2210 ffffea0000967c10 [ 655.140605][T15699] head: ffff888013287400 000000000010000d 00000000f5000000 0000000000000000 [ 655.144135][T15699] head: 00fff00000000002 ffffea00004ca101 00000000ffffffff 00000000ffffffff [ 655.146997][T15699] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 655.149781][T15699] page dumped because: kasan: bad access detected [ 655.152175][T15699] page_owner tracks the page as allocated [ 655.154541][T15699] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5948, tgid 5948 (syz-executor), ts 48921838344, free_ts 23174962798 [ 655.162402][T15699] post_alloc_hook+0x1c0/0x230 [ 655.163871][T15699] get_page_from_freelist+0x1321/0x3890 [ 655.165619][T15699] __alloc_frozen_pages_noprof+0x58b/0x23f0 [ 655.167513][T15699] new_slab+0x94/0x330 [ 655.168822][T15699] ___slab_alloc+0xd9c/0x1940 [ 655.170611][T15699] __slab_alloc.constprop.0+0x56/0xb0 [ 655.172413][T15699] __kmalloc_node_noprof+0x2ed/0x500 [ 655.174066][T15699] alloc_slab_obj_exts+0x41/0xa0 [ 655.175633][T15699] __memcg_slab_post_alloc_hook+0x255/0x960 [ 655.177564][T15699] __kmalloc_noprof+0x3f9/0x510 [ 655.179220][T15699] lsm_blob_alloc+0x68/0x90 [ 655.181093][T15699] security_prepare_creds+0x30/0x270 [ 655.183228][T15699] prepare_creds+0x56f/0x7d0 [ 655.185152][T15699] copy_creds+0xa7/0xa50 [ 655.186907][T15699] copy_process+0xff6/0x76a0 [ 655.188864][T15699] kernel_clone+0xfc/0x960 [ 655.190464][T15699] page last free pid 5350 tgid 5350 stack trace: [ 655.192448][T15699] __free_frozen_pages+0x7fe/0x1180 [ 655.194627][T15699] qlist_free_all+0x4d/0x120 [ 655.196587][T15699] kasan_quarantine_reduce+0x195/0x1e0 [ 655.198934][T15699] __kasan_slab_alloc+0x69/0x90 [ 655.200748][T15699] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 655.202718][T15699] getname_flags.part.0+0x4c/0x550 [ 655.204628][T15699] getname_flags+0x93/0xf0 [ 655.206479][T15699] do_sys_openat2+0xb8/0x1d0 [ 655.208425][T15699] __x64_sys_openat+0x174/0x210 [ 655.210422][T15699] do_syscall_64+0xcd/0x490 [ 655.212306][T15699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.214673][T15699] [ 655.215694][T15699] Memory state around the buggy address: [ 655.217997][T15699] ffff888013287780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 655.221185][T15699] ffff888013287800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 655.224399][T15699] >ffff888013287880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 655.227659][T15699] ^ [ 655.230200][T15699] ffff888013287900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 655.233467][T15699] ffff888013287980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 655.236714][T15699] ================================================================== [ 655.240400][T15699] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 655.243338][T15699] CPU: 2 UID: 0 PID: 15699 Comm: syz.2.2479 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 655.248103][T15699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 655.252359][T15699] Call Trace: [ 655.253708][T15699] [ 655.254904][T15699] dump_stack_lvl+0x3d/0x1f0 [ 655.256772][T15699] panic+0x71c/0x800 [ 655.258378][T15699] ? __pfx_panic+0x10/0x10 [ 655.260136][T15699] ? mark_held_locks+0x49/0x80 [ 655.262067][T15699] ? fib6_ifdown+0x7f5/0x8f0 [ 655.263523][T15699] ? fib6_ifdown+0x7f5/0x8f0 [ 655.265213][T15699] check_panic_on_warn+0xab/0xb0 [ 655.266744][T15699] end_report+0x107/0x170 [ 655.268124][T15699] kasan_report+0xee/0x110 [ 655.269611][T15699] ? fib6_ifdown+0x7f5/0x8f0 [ 655.271559][T15699] fib6_ifdown+0x7f5/0x8f0 [ 655.273473][T15699] ? __pfx_fib6_ifdown+0x10/0x10 [ 655.275561][T15699] fib6_clean_node+0x2a7/0x5b0 [ 655.277810][T15699] ? __pfx_fib6_clean_node+0x10/0x10 [ 655.280161][T15699] fib6_walk_continue+0x452/0x8d0 [ 655.282318][T15699] fib6_walk+0x182/0x370 [ 655.284145][T15699] ? __pfx_fib6_ifdown+0x10/0x10 [ 655.286273][T15699] fib6_clean_tree+0xd4/0x110 [ 655.288303][T15699] ? __pfx_fib6_clean_tree+0x10/0x10 [ 655.290593][T15699] ? __pfx_fib6_clean_node+0x10/0x10 [ 655.292853][T15699] ? __pfx_fib6_ifdown+0x10/0x10 [ 655.294924][T15699] ? __pfx_fib6_ifdown+0x10/0x10 [ 655.297124][T15699] __fib6_clean_all+0x107/0x2d0 [ 655.299228][T15699] rt6_disable_ip+0x2ec/0x990 [ 655.301247][T15699] ? __mutex_trylock_common+0xe9/0x250 [ 655.303552][T15699] ? __pfx___mutex_trylock_common+0x10/0x10 [ 655.306095][T15699] ? __pfx_rt6_disable_ip+0x10/0x10 [ 655.308334][T15699] ? rcu_is_watching+0x12/0xc0 [ 655.310402][T15699] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 655.312650][T15699] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 655.314498][T15699] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 655.316351][T15699] ? tls_dev_event+0xfd/0x10b0 [ 655.317940][T15699] addrconf_notify+0x220/0x19e0 [ 655.319500][T15699] ? ip6mr_device_event+0x1bc/0x230 [ 655.321129][T15699] notifier_call_chain+0xbc/0x410 [ 655.322699][T15699] ? __pfx_addrconf_notify+0x10/0x10 [ 655.324349][T15699] call_netdevice_notifiers_info+0xbe/0x140 [ 655.326229][T15699] unregister_netdevice_many_notify+0xf9a/0x26f0 [ 655.328259][T15699] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 655.330397][T15699] ? __pfx___might_resched+0x10/0x10 [ 655.332066][T15699] ? rcu_is_watching+0x12/0xc0 [ 655.333592][T15699] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 655.335447][T15699] ? ppp_release+0x167/0x230 [ 655.336919][T15699] ? __fsnotify_parent+0x24b/0xc40 [ 655.338562][T15699] ? __pfx___mutex_lock+0x10/0x10 [ 655.340167][T15699] unregister_netdevice_queue+0x305/0x3f0 [ 655.341972][T15699] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 655.343930][T15699] ? __pfx_locks_remove_file+0x10/0x10 [ 655.345653][T15699] ? __pfx_ppp_release+0x10/0x10 [ 655.347214][T15699] ppp_release+0x209/0x230 [ 655.348646][T15699] __fput+0x3ff/0xb70 [ 655.349930][T15699] task_work_run+0x150/0x240 [ 655.351381][T15699] ? __pfx_task_work_run+0x10/0x10 [ 655.352954][T15699] get_signal+0x1d1/0x26d0 [ 655.354369][T15699] ? kick_process+0xf6/0x1b0 [ 655.355782][T15699] ? __pfx_get_signal+0x10/0x10 [ 655.357284][T15699] ? task_work_add+0x1d5/0x360 [ 655.358839][T15699] ? __pfx_task_work_add+0x10/0x10 [ 655.360449][T15699] arch_do_signal_or_restart+0x8f/0x790 [ 655.362226][T15699] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 655.364180][T15699] exit_to_user_mode_loop+0x84/0x110 [ 655.365900][T15699] __do_fast_syscall_32+0x2ac/0x3a0 [ 655.367594][T15699] do_fast_syscall_32+0x32/0x80 [ 655.369138][T15699] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 655.371083][T15699] RIP: 0023:0xf7f07579 [ 655.372391][T15699] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 655.378962][T15699] RSP: 002b:00000000f500555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 655.381674][T15699] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000040047459 [ 655.384133][T15699] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 655.386602][T15699] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 655.389090][T15699] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 655.391537][T15699] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 655.394117][T15699] [ 655.395861][T15699] Kernel Offset: disabled [ 655.397295][T15699] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:46:18 Registers: info registers vcpu 0 CPU#0 RAX=00000000012b7de1 RBX=0000000000000000 RCX=ffffffff8b799c79 RDX=0000000000000000 RSI=ffffffff8dc02c0a RDI=ffffffff8bf52ee0 RBP=fffffbfff1c12ef0 RSP=ffffffff8e007e08 R8 =0000000000000001 R9 =ffffed100564663d R10=ffff88802b2331eb R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e097780 R14=ffffffff9087ad50 R15=0000000000000000 RIP=ffffffff8b7987df RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097775000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f71d3820 CR3=000000005dd69000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffffc90007280000 RBX=ffff888043d90000 RCX=ffffffff86a420f0 RDX=0000000000000000 RSI=ffff888043d913f8 RDI=1ffff110087b2281 RBP=1ffff920006b5f5c RSP=ffffc900035afa68 R8 =ffff888043d91408 R9 =0000000000000002 R10=0000000000000005 R11=0000000000000001 R12=ffff888043d90f98 R13=ffff888043d91440 R14=ffff888043d914d8 R15=ffff888043d90d80 RIP=ffffffff86a428b8 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097875000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3957ab CR3=0000000067b31000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000039 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85562565 RDI=ffffffff9ae599c0 RBP=ffffffff9ae59980 RSP=ffffc9000627ed70 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3130383838666666 R12=0000000000000000 R13=0000000000000039 R14=ffffffff9ae59980 R15=ffffffff85562500 RIP=ffffffff8556258f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097975000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000006b01d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000f8000000 Opmask01=000000000007ffff Opmask02=000000000007ffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 006b636f732e7669 72706e752f646370 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7834302578302074 6e65766520646574 63657078656e7520 3a7325006b636f73 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5d1115005d150551 4b40534005414051 4640555d404b5005 1f5600004e464a56 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0016000000000003 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055c2f3fa6b60 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000200000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 64205f3668696920 2061636265200036 20365f6e69666564 0a20497465620064 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6420302020362020 206163620a200036 20365f2031372064 0a2049650a620064 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbff52532232d20 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 262821df2e2e33df 3228df3232202b22 df312e232d2435bf 2324353124322431 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=dffffc0000000000 RBX=0000000000000000 RCX=ffffc900074874fc RDX=1ffff11005045511 RSI=ffffffff8dbdd626 RDI=ffff88802822a888 RBP=ffff88802822a440 RSP=ffffc90007487508 R8 =0ac0d5affe09d4ff R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=ffff88802822a440 R13=ffffc90007487658 R14=0000000000000000 R15=ffff88802822a440 RIP=ffffffff81a1a1fc RFL=00000a06 [-O---P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097a75000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f42d0d35a10 CR3=0000000041f0d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00302e6f732e382d 326572637062696c ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00302e6f732e382d 326572637062696c ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001da0 0000000000033260 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000