last executing test programs: 1m24.617677324s ago: executing program 3 (id=405): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet(0x2, 0x3, 0x2) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0) ftruncate(r3, 0x8800000) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) sendfile(r4, r3, 0x0, 0x558410e9) sendto$inet(r2, 0x0, 0x0, 0x800, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000450000000010"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000340)={r6}, 0xc) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1e, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x7, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x10000000}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x240080c0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r7 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) fsmount(r7, 0x0, 0x0) 1m23.635617904s ago: executing program 3 (id=410): socket$rxrpc(0x21, 0x2, 0x2) socket(0x2, 0x80805, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) fcntl$getownex(r2, 0x10, &(0x7f0000000100)={0x0, 0x0}) ptrace$PTRACE_SETSIGMASK(0x420b, r3, 0x8, &(0x7f0000000300)={[0xfffffff9, 0x7]}) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) close(0x3) socket$kcm(0x2b, 0x1, 0x0) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa43d, 0x80, 0x2, 0x3b9}, &(0x7f0000000000), &(0x7f0000000280)) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)={0x20001, 0x0, 0x11}, 0x18) r5 = io_uring_setup(0x1133, &(0x7f0000000080)={0x0, 0x0, 0x1000, 0x1, 0x119}) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r5, 0x11, &(0x7f00000002c0), 0x2) 1m21.72539528s ago: executing program 3 (id=420): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYBLOB="0000000000000000b702000014000000b70200000000000085"], 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000000) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fbbfaae60080000000000001000000000000000000007efff10000400000000a00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd0000008019000000000000000000000000000000008000", [0x8000000000008, 0xffffffff9673e35d]}}) (fail_nth: 4) 1m21.144143518s ago: executing program 3 (id=423): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x8ad01, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0xf27, 0xd7b, 0x1, 0x4, 0x5, 0x5, 0x4, 0x7, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x6, 0x6a, 0x0, 0xc7c, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e57, 0x3, 0x2000e66, 0x3, 0x1, 0x10004086, 0x0, 0xfffffff8]}) write(r0, 0x0, 0x0) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x168) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000400)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2263804, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000500)={'pcmmio\x00', [0xffffffff, 0x0, 0x8000fffd, 0x4, 0x6, 0x5, 0x4, 0x7, 0x54c6cfee, 0x4, 0xe3d, 0x775, 0x1, 0xffffffff, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x4, 0xffff, 0x1, 0x0, 0x20001e58, 0x400004, 0xe64, 0x3, 0x9, 0x3, 0xb546, 0xfffffff8, 0x1]}) 1m20.79004301s ago: executing program 3 (id=426): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) 1m20.539261731s ago: executing program 3 (id=427): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x34, 0x2c, 0xd3f, 0x30bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r9, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r10, 0x3c}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000840)='\'', 0x1c}], 0x1}, 0x4) (fail_nth: 4) 1m20.451038282s ago: executing program 32 (id=427): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x34, 0x2c, 0xd3f, 0x30bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r9, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r10, 0x3c}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000840)='\'', 0x1c}], 0x1}, 0x4) (fail_nth: 4) 6.763092471s ago: executing program 2 (id=902): socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) landlock_restrict_self(0xffffffffffffffff, 0x0) r2 = landlock_create_ruleset(&(0x7f0000000000)={0x10, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r2, 0x2) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) 6.443511457s ago: executing program 1 (id=903): write(0xffffffffffffffff, &(0x7f0000000340)="1c0000005e001f3814584707f9f4ffffff00000023", 0x15) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[], 0x188}}], 0x1, 0x810) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a050000000000000000010000000900010073797a300000000040000000030a01010000000000000000010000000900030073797a310000090000000480080002400000000008000140000000000900010000008000000000004c000000060a0104000000000000000001000000240004802000018007000100727400001400028008000240ce31b6cf080001400000000308000b40000000000900010073797a3000e9ffff130000000100010000000000000aeeb9c7da275615ac46ea6889d53c4ae599307c3ebec1699a88c01503d6fa07347deedf1ea28f6f72f6f980cf56d609aa0aa2aba830c53cbb6f3d7823e6d132c066dd4c9ee3ec9c0b34dbefe68fa35363bb4c4fdded806dd29f43897acc350256c77f4e6e63466d3481f6bc59325ad99a551a874b901ed7478d589452109e200940bc27d0efb7bbce0bf88495c5e550beba28b917ea48cbb9"], 0xd4}}, 0x0) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 6.284889797s ago: executing program 1 (id=905): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x68, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x58, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x6}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x34, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x56}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xb9}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0xdb}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x4}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xb4}, 0x1, 0x0, 0x0, 0x819}, 0x44040) 6.214301777s ago: executing program 1 (id=906): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000001fc0)=""/4115, 0x1a, 0x1013, 0x1}, 0x28) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x44, 0x0, 0x0) bpf$ENABLE_STATS(0x20, &(0x7f0000000300), 0x4) r3 = add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, 0xffffffffffffffff) keyctl$search(0xa, r3, 0x0, &(0x7f00000003c0)={'syz', 0x3}, 0x0) add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) bpf$ITER_CREATE(0xb, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) syz_emit_ethernet(0x86, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x1b59, 0x64, 0x0, @wg=@response={0x2, 0x0, 0xe0, "00ab08653904030401c50900000009c5000000efffffffff00", "9384bbeb3018ad591b661fe808b21b77", {"694c875dfb1be5d2a0057a62022a1564", "a329d3a13bd5b6cc6a9471314a1d8c69"}}}}}}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000680)=""/170, 0x4d, 0xaa, 0x1}, 0x28) 5.204728409s ago: executing program 1 (id=909): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'vlan0\x00', 0x7c2}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt(0xffffffffffffffff, 0x200000000114, 0x2721, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) bind$unix(r4, &(0x7f0000000a00)=@file={0x1, './file1\x00'}, 0x6e) listen(r4, 0x3) bpf$LINK_DETACH(0x22, &(0x7f0000000100), 0x4) r5 = syz_io_uring_setup(0x51e, &(0x7f0000000000)={0x0, 0x9e92, 0x10100}, &(0x7f0000000400)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000280)=@IORING_OP_ACCEPT={0xd, 0x0, 0x4, r4, 0x0}) io_uring_enter(r5, 0xa3d, 0x0, 0x0, 0x0, 0x0) shutdown(r4, 0x0) 4.494569513s ago: executing program 2 (id=911): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x2f6, @dev={0xfe, 0x80, '\x00', 0x39}}], 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x4000900) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000002100010027bd7000fedbdf250a202080000000001000000014000100ff"], 0x44}, 0x1, 0x0, 0x0, 0x24000000}, 0x48000) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffff9c, 0xc0406619, &(0x7f0000000380)={@desc={0x1, 0x0, @desc2}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x6f, 0x0, 0x9, 0x0, 0xe999, 0xfa11, 0xffffffff}, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x101040) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)=ANY=[@ANYRESDEC=r3, @ANYBLOB="64484edef48c765bda3b937bc332b7ce6d4f70ee1e9190fcedd9cbf72bb2a8c2a96fafdebb04e98fb2bb802814616a823ec57496e9016974bf13f7a3c3c81fd7f594d92f900153599d9c89216b9a8563323cb260b572dba06b0dd7b9b7f1cedd1b531fa0861fa96c676344d6e530f356a020597c2d3725e8babb24c9c10c"], 0x48}, 0x1, 0x0, 0x0, 0x4080}, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0xd, 0x3, 0x0, 'queue0\x00', 0x6}) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001c0001000000", @ANYRES32], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) gettid() ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f00000003c0)={0x0, 0x3, 0x46, 0x0, 0x5}) 4.074346249s ago: executing program 1 (id=915): r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d810009050f1f05e13f000009058303"], 0x0) syz_open_dev$evdev(0x0, 0x4cc6, 0x2) syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0xdb, &(0x7f0000000100)=ANY=[@ANYBLOB="080000d3f2cd62"]) 3.573670376s ago: executing program 2 (id=916): bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x3, @loopback, 0x8}, 0x1c) setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r4, &(0x7f00000000c0)="b2", 0x1, 0x24008844, &(0x7f0000000040)={0xa, 0x2, 0x80398, @empty, 0xfffffffe}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000440)={&(0x7f000047b000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f0000000340)=0x40) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x10, 0x14, &(0x7f0000000380)=ANY=[@ANYRESOCT=r0, @ANYRESDEC], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.304729625s ago: executing program 0 (id=917): r0 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000000)=0x9, 0x4) 3.304527066s ago: executing program 0 (id=918): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0xf) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) r4 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80}) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) 2.694973488s ago: executing program 2 (id=919): r0 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000100)=0x1, 0x4) 2.694814481s ago: executing program 2 (id=920): r0 = socket(0x2, 0x3, 0xff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) 2.634585337s ago: executing program 2 (id=921): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) 2.327155927s ago: executing program 0 (id=922): r0 = syz_open_dev$loop(&(0x7f00000006c0), 0x8000000000082, 0x0) setuid(0xee01) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) 2.234665033s ago: executing program 0 (id=923): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000080)="36450f6fe3c74424020600000088442406000000000f01142466b87a000f00d066b876000f00d0400f9ce4660f38823d00300000410f01dfb9800000c00f3235000400000f3045f7b300000000430f21e3420f00d5", 0x56}], 0x1, 0x0, 0x0, 0xb7) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$BTRFS_IOC_RM_DEV(r0, 0x5000940b, &(0x7f0000000880)={{}, "57b79254c76b96c6313c738f345a647a5a42145930f6c11fe9f28ad836b0e7d90ced722c65139bf79adfe1c5644f17867ff317f8233ce0c07d8428f7b94422a2aacf58d41de937c1cd4cab4667752e6cec30482c41160d8dc984af1b1396d711a1e6076363d1a6663b0f331421a6a581f2464f4a79aaa2866ed7ea4a096ef58f952e13c0acd7f90e63318b7deaa47af65da0e66053f36f6aa66303de0f044bb32678864b066fb9fdc56ff5327707e84bac3a627b87212a3b65828dbebdd5ef36e8eed4e9ad9caaf28809b1473225f6f5060a03326272edf6116cd364d371a55df27b5ee4ddac1f2367922d179715ba3d1e575f965b9f6b35fd4c810d555ae6fee72ea4c3a0d6671f5cfafbd1fdcb7c72844928b58faf4cef64f56c2e94b4e6f7d63220235dd2a686fe035c260f893fd310feec82f1eb57004797d02d05b109c0be6e0a676ea10297206455b665f2dbcd0aa6388197bab4ab541a6c0e0eccfdb8a795b4ce426f286d3a4f0d2ea69b985ae1a17c6c403716c5f1f22d2901a3817f8a28058cb63d54ae15e90cbebe1595dd1d7012040ce40dcca9a16c3637007d5fff522577ce23d14a78c7f1918c620f873c94a2c2e3f12e5ec4411dfa174ee6f09dea16bf26fb2def8c37ac8abd501fcbb6e8a57a48c2c3139a3004e834aee7d4ef44e7892c884485a013ad752c2f0a6f420b1e40b6e00c7cac2f430266f37251b1e515f21644c79dd302b25d8e41e4e0206aa8e3054cf073dfb2cd1d1938bab93b4d0d2b89128c983ee0470b0f2d62058f792bcd4c2c995b243ce8bafbd43318b0ae68dfd00402bdb8656febcf9f088bb9acba109b5ff01222abe4ec39a98033859cfbffed2d81e6e8c7aaa068724757fabbeee4c4038f1160c42744de8e74a44754cee280db2fb0a5d2b8927819290072a22128c896fdd2333ee0c602e0b83fac75442fed44a5db1855e8d4ab656d6990477e668edcb09ace28e305286473b16e44f706938a576a6df7553ea0bcd0d937ec35906ac9829cc77782b6f9b2dfb4fac9a9525141d0274426aeee8daea44474d6a43b7c9cf2eae8a3f2bc7a77e331e7c85725af6fded1eca162bb094f3f1f8b13619d13417f2d2060c170337d78cccff5545580af3f787d91f900430f2dc1c43f7f709e76099d0411451a7cb48b5581ed5e08796b4f00ed525380d0b511526f1045c47e3c3aff0a3973c446b59df0b95d6f5be6027f4c0d1d7ce1b8b51b057cad528aae391ce6db54f63e544f6a1d8a1adf4cb76a8a8d14bdea37cd1e6185a234d6bfcdd8dc76487500bd4382dae86f7d098fc9cb2e1d3788f445b9deadc2e6e4f7dbeaa2f0faf58463f6a1a91e15ff4515c0d6b649ebeadc5689a1c0be5552ebb0373ea950495c9b2057e2223c5a013c79ebcdbf779885d43541cb8e8ffd250dceb5365f0e7ac9b15ce5ef0a0ea3969a4d735e4ee66bb2da347e1e8aff1fc68a8b3a16decea213099c7909f040dc09a2d2879841310c65ccea7ec053492eb575709c1843c2d9a9817a2eae2be31d06abc8abf8e2fba9b1b187724a8724cd60a02d14e985e8fc2f3154ba734207c23784035b0846d90d02bc9701052b96be5a624175a7d7765ffeda3b9619736f575289d9db9c3bd15ac72260066bb754f997b6e82b7850c6afc9fc77e50b013612330b14a6c3d09594dcb761cf5c4b0e9395298da4efb9dd51c81b752def3911325fe1e4e4096c88d9c29f25cc69e80019d0ee2adac466c7aaaf12203518156506a920cd31136d5af51c142d99710c22affd22654282cb91aad6669b372184ce3b73693dbbfadc3a26cfb186084b5d749fea1501db4f0fe9b49395e05de3923b6d63bd901ec56e483c9969483d35d9c977c93e323c501bddf883e882e430a00844f85ec7c2dee96b0700576f07dd526f58f3abe64547ebcde44ca36e01e92db90b96b7c5dd84c857d49d92ec5e09b36192d59821169d8874f96dc32dca7e7df865b3aeb7c124e650f3f0f8da7fa547343396d1fa7752a5d9d66c0d3ddcbaf60dd6e6f5bf6296c850b4011d7c489b1d53a62378d093e3fdcf9fcd4f7ca785fa3bc8f0048574a76e06eb6f45fd2ee30b3e8de0b16b931d2552642db9de791bd3068a33b03ae1454ef3dc679a49ed54799b083b7fe09b09f0e4a36b1cd2701c4bf4912c06b22e0db1e9c933caac5415ce47b41f6a45275eebd730ab32a827b1697273e500d5d79299fad390ea1f811ea2e88e5914f5cec815b7a5d7bac02a5f7234cbb3432a00fbc8b363ccb8294e72bf9d2d51c614fd21ec6334b95c3d5f12ecf606f3411e45932d567fbf81228d8be94d7f9521f2dbbb536a6add3a0bf54f4a8f6b35a820ba58ce94d9c55841ee1dc8acadda234bd005e7c0f9756b2789aa89653adf5f7df2594e4f8a88f37f8864dec46e76130aa8e77ec480e556d8f08aa2df8b2a26d4d9d9bc0bd15c655081d31bb8962a32792c4b1ece05c5aadb17a153629117b98d08ceef8019878ebf4a3070cc9e401cdbb3310bfdbdd9df7f55ef8b8ccf134f26a36b9f85c05bcceb2fbc2ade89bbbaaba1e8eb02b2e4a9f89c8d2701a795034f4e93e7c499cfd0fe1110b18243610fda9a3d5944a9e5b11f379784a891ae2645093c230ad3b904533236822131ee1885adcb8d7389ca68f04ad240fb11978e820eda5c1333e63f6588bc868be01cf41d6e557ce2ea149fdf0520c656b03d2640b749048f04d3257741cf19c159aa67e570d536c717c1483c728e260ca40ba1e52ab971efc051e47204dc1ae258e5c6a4c4dd27339b2ef6f568b61dea5b263cf18e713f526212d2b5e1a3ec35b5244c3d72614db679958a2fcfffcb816c45e2f49e139b11bffea029815fd586f9621130dfaea7c5ed26c56a7a403d46b393ff7e717c82c0ffdb55281b724231b047e4e209a13b3f5210d774712af8f2cf8e402f520fefd671f7e2d7dba7ccb4e15901976c74e64bf253ad4a19e5163cb6f39cf120e83135ab432e9e73b1328ce4118fc14ff921c675f08c756f7d2b134e38a047935eb456a65477bc06191af51b7bdcb6e1f9b18cbf658e6716f12efa70e1f1ccaf074f5073d43421fda70854afc532f409cd01a966be9450d6b304e5749cd468e139899994d0ea96af322c535d6b1f9f07171da5a91d8f4484f0d220d599040b38f234a6f21d50848051039c7f7d1818ace1dba9309c1ec8042b33576a5d44079541f5277cd1d7784d97ab785b8f91b2fa86d395872a2529d30bc4106658df038a2efd324ee0a54dce5805abbdc79ea866f04103a555b346b2be52cd5cd61cbdbcc6ac0c9bb86158478ce38f1d02086d7b71def59c1cd2f9782e0a5dcb9ae60a655cf5ffd38012f77b8ab2b57dd2ce50232ce6ef0f8bc3848eff3d01a03337332dee7ee22142dcbc329a5cb5cf09e341307e60663b504c13492d1bc18a1eca2b49c8bd4b5b9064a077c874715c80bc8c0a084bf93524f36bb881509a03d60a3c312cd7d4636b12c68659d436d38d2182336eac1264fcc03569f02d3deaeced2e7a632a508ce98217000b7cb33ccab67260b5d41ebb92fc55a447a8b3daa5bdd061b071e07c56145f971ded8d02d243b5ddcb080de8c40e490673a44f84fd75bb6c6b7694e76b9d2a06eded1cf52cfca4e1b161996044d60e03ec4360d2f9b82c19a543a416770a95ea9ff307f1a8148f1e0a7c25a225e73057120d4fd4fff6a78016829df33c4554584eb503c0ddcbc6b80c22e22698ea8c38b8d065487d5140cca5ece5ca64b3dff6d030ed49841641d4682dd1f2f9b64de62a8d2b430f3836512055d25e1d2828ba16e1fc1a8cb6379f3014b09e09da7e858e052a65f871dc743b3ef73d64c3671cea0e34ab93985a3552f34dc5efe18244b16c236e74d5b4e0e8c55366dbb8c74e83e549b9c6a2ce282befe9b61a5099092f05ed942e96667ab00548f2efb3fafdad9c58790c9ac69d6359d79f11a7ea129c026229d63a24ee66659cddd35bbe7c33c601bba39d7dd28a111fb177b0211bd80ec3b6f9383597155853b7b0c957600689c2deea11650ef54f7440343f0ec11df75e6536b0aad01431f9f7799d35c8038b69df65b2f02e54ac09c71966195f1d5e1c5ba0e056f4b63e70c3cce6b9e53e648e2ce726b7310da9913a7dab669d499e8cc46641d2078175c9895352fddac9baaa2d4c7db3a73015f1ee3017a057c574ad9701961b94942fe830b1015508384383fd334994085a2a4e8301e851665aebae68e2c6c548b434158fa1ab131da0673c2c51b60633414f01a3b3ee02f46945706884f2ec97e6774b7a1abac8617da0616d50baa06fc6aa3b6ce65b6b7c4d47a02f8349ccf37538bd43b1d72d43e7d2d6ef4b596e939a79c9999e08c4aeaa71b1eea8d217e0fddb9d09348eb02d988b4b8d6d6c99ea6c3314e5b3066e9e09ba63689bbb73157fd6ccca5493d72caeabf931a8eb8e75d8221abd06c3a4a96c530f6755201e5ca4e9947564446c074c3a54485844c207554f9fb599dae9a6289f3687e513405d74b2bf094512950691509035d8f560dd84a717ee7184a910e7188eaa24f4feca2acd092e34856fee0dc8348a63c74e28b67756801b3d3a0ed89d8c004e74153af440f4b337e0df21974835327e249b2d7586270e46ee923eaaccab4c658808268814ad1ecbdba919d6665ffc1ebb911cac9616555498405667a7055ade2d2fdbaebee79f2f4e77568a81f333c7dd7f1ee6c3fdac24341bdfb00a404ac500395758ede0a45166574893f32a789077fa43d0e791b859cd97df3285207a24d3e649f0b4260499ad031b3b623370036259d66f5775dd713fa6732e10d4d06bcddaf5db7500ed19c43fd7706e0eb305d2f3a86dc49a0b25865f441510f04e818ddbd860a9064f7ef03bf02feb7d21994a2236ace9f2f44954d3b3fdefb6c6e583c5740e7d9e918ca74dad9b51f8f45c15225277349522944de48d4d2924d46bb9bc0467263a2266d423797366ca732706a523e3867b725e9d7d28c0230d9b74512b1ca23f107b6044c85bf855f9f7c9192f383b7902de366c336e8d84fe6092394f264c94c6c757aaa1789aeaa539a373368a06fc41e98880b4d24238e9d5f98d263353fb539e583751bc46ec379201cb337ba659919493545bc18d035bae6a7d0fe0bb1c61ac72222e158094f27135c443adf32b200c5f052a5163dc91b7b9cf55cf0f2c9a27b59f838d4604002029da60746ea50e9ff6de73ea49215cb7851db3f0830bcece9ad6b3f7d0619e5eba1a78470c758fba55ec8f44aa925319dd0c5fa20c78b447872080825ef6205fb273f99e96293ba5543150b900aab94d157b71c73b0caafa66015431c7a1717c192ec1115406dbd3fd507a4b18aaeeaf8767631ad5a390c084f4a30e795058e690d42eb0c3ba2e81ff0a54b07486ff1eecc7e45a0644a83663a55b4037c10f6128e161059ea215e10592b97a1627ebf3adb9ad2bcafbaf78c968a24c1a776b68fa94ba9cb97b0a998deb75fc88f1389c1b09f1bc8f54785c703c6d3227ed00796afc99bc76d171b645b37896bd86efd19e64a0f16bdbcb4f5ad75bb4d3560f599538ed3b920cd9be5bd17f3498874fc5206331b8624f4960054d2607dd7399ed2f7f6183d715c3289b32b5e67df0dbc232a16369fb327928685908cba6de03577b37e3cffa815526872e94ae9233c78c2c8c68d4149716546a9409c0280e5dbe1f0824df8cd618cf81c6466a41b7eff20af40622bb5b555ac43840aa3796cc87f9aa9e1003c897d9"}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.124903099s ago: executing program 0 (id=924): gettid() timer_create(0x0, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x25, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x3) ftruncate(r4, 0x2007ffb) sendfile(r4, r4, 0x0, 0x1000000201005) 1.159285975s ago: executing program 4 (id=925): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000004900010928bd700018dcdf250a"], 0x54}}, 0x0) 1.15614718s ago: executing program 0 (id=926): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xffffffffffffff15, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x1, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r2}) 1.06447153s ago: executing program 4 (id=927): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000500)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x2, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4040000) 1.064178015s ago: executing program 4 (id=928): r0 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) sendmsg$rds(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x20000800}, 0x4000008) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x11, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40000000}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000280)={0x0, r3, 0xd, {0x7, 0xa42}, 0x80}, 0x1) io_uring_enter(r0, 0x141, 0xab23, 0x2, 0x0, 0x0) 984.674161ms ago: executing program 4 (id=929): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [0x0, 0x519, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0xffffffff, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x81, 0x0, 0xfffffff1, 0x800, 0x0, 0x0, 0x4, 0x7ff, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000000, 0x0, 0x1, 0x100, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x40], [0x1, 0x4, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x80, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x9, 0xfffffffd, 0x0, 0xfff, 0x4, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x200, 0x0, 0x0, 0x2, 0x0, 0x0, 0x31c, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xc8a], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x20000000, 0x40, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffff, 0x4, 0x0, 0x7fffffff, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x7], [0x0, 0xfffffffe, 0xff, 0x0, 0x0, 0x0, 0x200, 0x4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x3f35e3b2, 0x200000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, 0x0) 939.561363ms ago: executing program 4 (id=930): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = msgget$private(0x0, 0x0) msgsnd(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x8, 0x800) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, 0x0, 0x0) syz_open_dev$usbmon(0x0, 0x7, 0x0) r4 = socket(0x10, 0x3, 0x0) write(r4, 0x0, 0x0) recvmmsg(r4, 0x0, 0x0, 0x10122, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f4, {}, {}, @raw32={[0x2600]}}], 0xffc8) sendmsg$nl_generic(r0, 0x0, 0xc000) socket$nl_generic(0x10, 0x3, 0x10) 744.022829ms ago: executing program 1 (id=931): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getrlimit(0x5, &(0x7f0000000040)) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0x7101}) r1 = memfd_create(&(0x7f00000025c0)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1cs1F59\xcdR\xc1\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9b\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\xe7\xd6\xa3', 0x6) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = openat$pfkey(0xffffff9c, &(0x7f0000000180), 0x48401, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xc, 0x0, r3}, 0x50) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) 0s ago: executing program 4 (id=932): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x48200, 0x0) io_uring_setup(0x4685, &(0x7f0000000440)={0x0, 0x2078, 0x20, 0x0, 0x3a3}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000841, 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@mcast2, 0xd402, 0x1, 0x0, 0x4d55ba80e15bd3d8, 0xb5a, 0x8}, 0x20) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000340)}) socket$inet6_udp(0xa, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 0s ago: executing program 2 (id=933): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2) r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) kernel console output (not intermixed with test programs): bd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 109.116862][ T6891] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000100 [ 109.116868][ T6891] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000 [ 109.116874][ T6891] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 109.116880][ T6891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.116885][ T6891] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 109.116899][ T6891] [ 109.293960][ T6894] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 109.854230][ T6914] FAULT_INJECTION: forcing a failure. [ 109.854230][ T6914] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.865918][ T6914] CPU: 3 UID: 0 PID: 6914 Comm: syz.2.261 Tainted: G L syzkaller #0 PREEMPT(full) [ 109.865943][ T6914] Tainted: [L]=SOFTLOCKUP [ 109.865948][ T6914] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 109.865957][ T6914] Call Trace: [ 109.865962][ T6914] [ 109.865969][ T6914] dump_stack_lvl+0x100/0x190 [ 109.865996][ T6914] should_fail_ex.cold+0x5/0xa [ 109.866014][ T6914] _copy_from_user+0x2e/0xd0 [ 109.866040][ T6914] move_addr_to_kernel+0x65/0x170 [ 109.866064][ T6914] __sys_sendto+0x1c9/0x520 [ 109.866081][ T6914] ? __pfx___sys_sendto+0x10/0x10 [ 109.866106][ T6914] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 109.866136][ T6914] ? fput+0x79/0x100 [ 109.866154][ T6914] ? ksys_write+0x1ac/0x250 [ 109.866179][ T6914] __ia32_sys_sendto+0xdd/0x1b0 [ 109.866195][ T6914] ? __do_fast_syscall_32+0x94/0x8c0 [ 109.866214][ T6914] ? lockdep_hardirqs_on+0x78/0x100 [ 109.866231][ T6914] __do_fast_syscall_32+0xe3/0x8c0 [ 109.866252][ T6914] do_fast_syscall_32+0x32/0x70 [ 109.866272][ T6914] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 109.866291][ T6914] RIP: 0023:0xf704ef6c [ 109.866304][ T6914] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 109.866319][ T6914] RSP: 002b:00000000f541c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000171 [ 109.866334][ T6914] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000200 [ 109.866343][ T6914] RDX: 000000000000000e RSI: 0000000004000050 RDI: 00000000800001c0 [ 109.866352][ T6914] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000000 [ 109.866361][ T6914] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 109.866370][ T6914] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 109.866391][ T6914] [ 110.293430][ T5944] Bluetooth: hci0: command tx timeout [ 110.398983][ T6921] Cannot find del_set index 3 as target [ 111.088959][ T6930] netlink: 24 bytes leftover after parsing attributes in process `syz.1.266'. [ 111.183427][ T5987] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 111.251548][ T6937] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 111.290429][ T6940] 9pnet_fd: Insufficient options for proto=fd [ 111.302976][ T6944] ptrace attach of "/syz-executor exec"[5933] was attempted by "/syz-executor exec"[6944] [ 111.396351][ T5987] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 111.404958][ T5987] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 111.412430][ T5987] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 111.439290][ T5987] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 111.448905][ T5987] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 111.452605][ T5987] usb 5-1: Product: syz [ 111.454874][ T5987] usb 5-1: Manufacturer: syz [ 111.457023][ T5987] usb 5-1: SerialNumber: syz [ 111.481985][ T6950] FAULT_INJECTION: forcing a failure. [ 111.481985][ T6950] name failslab, interval 1, probability 0, space 0, times 0 [ 111.487758][ T6950] CPU: 2 UID: 0 PID: 6950 Comm: syz.3.271 Tainted: G L syzkaller #0 PREEMPT(full) [ 111.487782][ T6950] Tainted: [L]=SOFTLOCKUP [ 111.487789][ T6950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 111.487799][ T6950] Call Trace: [ 111.487807][ T6950] [ 111.487814][ T6950] dump_stack_lvl+0x100/0x190 [ 111.487844][ T6950] should_fail_ex.cold+0x5/0xa [ 111.487862][ T6950] should_failslab+0xc2/0x120 [ 111.487882][ T6950] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 111.487908][ T6950] ? skb_clone+0x190/0x400 [ 111.487935][ T6950] skb_clone+0x190/0x400 [ 111.487955][ T6950] netlink_deliver_tap+0xaed/0xcc0 [ 111.487981][ T6950] netlink_unicast+0x650/0x870 [ 111.488005][ T6950] ? __pfx_netlink_unicast+0x10/0x10 [ 111.488036][ T6950] netlink_sendmsg+0x8b0/0xda0 [ 111.488061][ T6950] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.488087][ T6950] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 111.488114][ T6950] ____sys_sendmsg+0xa54/0xc30 [ 111.488139][ T6950] ? __pfx_____sys_sendmsg+0x10/0x10 [ 111.488172][ T6950] ___sys_sendmsg+0x190/0x1e0 [ 111.488199][ T6950] ? __pfx____sys_sendmsg+0x10/0x10 [ 111.488257][ T6950] __sys_sendmsg+0x170/0x220 [ 111.488277][ T6950] ? __pfx___sys_sendmsg+0x10/0x10 [ 111.488304][ T6950] ? __pfx_ksys_write+0x10/0x10 [ 111.488336][ T6950] __do_fast_syscall_32+0xe3/0x8c0 [ 111.488361][ T6950] do_fast_syscall_32+0x32/0x70 [ 111.488382][ T6950] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 111.488404][ T6950] RIP: 0023:0xf7f04f6c [ 111.488418][ T6950] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 111.488433][ T6950] RSP: 002b:00000000f53c650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 111.488450][ T6950] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000540 [ 111.488460][ T6950] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 111.488471][ T6950] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 111.488480][ T6950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.488488][ T6950] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 111.488509][ T6950] [ 111.649595][ T6955] FAULT_INJECTION: forcing a failure. [ 111.649595][ T6955] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.652228][ T6947] infiniband syz1: set down [ 111.660736][ T6947] infiniband syz1: added syz_tun [ 111.664015][ T6955] CPU: 1 UID: 0 PID: 6955 Comm: syz.3.274 Tainted: G L syzkaller #0 PREEMPT(full) [ 111.664059][ T6955] Tainted: [L]=SOFTLOCKUP [ 111.664065][ T6955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 111.664075][ T6955] Call Trace: [ 111.664081][ T6955] [ 111.664088][ T6955] dump_stack_lvl+0x100/0x190 [ 111.664119][ T6955] should_fail_ex.cold+0x5/0xa [ 111.664141][ T6955] _copy_from_iter+0x1f4/0x1690 [ 111.664162][ T6955] ? __asan_memset+0x23/0x50 [ 111.664187][ T6955] ? __pfx__copy_from_iter+0x10/0x10 [ 111.664214][ T6955] ? __pfx___alloc_skb+0x10/0x10 [ 111.664245][ T6955] netlink_sendmsg+0x808/0xda0 [ 111.664272][ T6955] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.664297][ T6955] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 111.664326][ T6955] ____sys_sendmsg+0xa54/0xc30 [ 111.664355][ T6955] ? __pfx_____sys_sendmsg+0x10/0x10 [ 111.664393][ T6955] ___sys_sendmsg+0x190/0x1e0 [ 111.664422][ T6955] ? __pfx____sys_sendmsg+0x10/0x10 [ 111.664482][ T6955] __sys_sendmsg+0x170/0x220 [ 111.664504][ T6955] ? __pfx___sys_sendmsg+0x10/0x10 [ 111.664533][ T6955] ? __pfx_ksys_write+0x10/0x10 [ 111.664562][ T6955] __do_fast_syscall_32+0xe3/0x8c0 [ 111.664589][ T6955] do_fast_syscall_32+0x32/0x70 [ 111.664612][ T6955] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 111.664634][ T6955] RIP: 0023:0xf7f04f6c [ 111.664649][ T6955] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 111.664664][ T6955] RSP: 002b:00000000f53c650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 111.664681][ T6955] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800002c0 [ 111.664692][ T6955] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 111.664702][ T6955] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 111.664711][ T6955] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 111.664721][ T6955] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 111.664744][ T6955] [ 111.702084][ T6947] RDS/IB: syz1: added [ 111.762465][ T6947] smc: adding ib device syz1 with port count 1 [ 111.765543][ T6947] smc: ib device syz1 port 1 has no pnetid [ 111.783556][ T5987] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 112.720078][ T6982] FAULT_INJECTION: forcing a failure. [ 112.720078][ T6982] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 112.725995][ T6982] CPU: 1 UID: 0 PID: 6982 Comm: syz.1.282 Tainted: G L syzkaller #0 PREEMPT(full) [ 112.726024][ T6982] Tainted: [L]=SOFTLOCKUP [ 112.726030][ T6982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 112.726039][ T6982] Call Trace: [ 112.726047][ T6982] [ 112.726054][ T6982] dump_stack_lvl+0x100/0x190 [ 112.726087][ T6982] should_fail_ex.cold+0x5/0xa [ 112.726110][ T6982] _copy_from_iter+0x1f4/0x1690 [ 112.726132][ T6982] ? __asan_memset+0x23/0x50 [ 112.726158][ T6982] ? __pfx__copy_from_iter+0x10/0x10 [ 112.726186][ T6982] ? __pfx___alloc_skb+0x10/0x10 [ 112.726218][ T6982] netlink_sendmsg+0x808/0xda0 [ 112.726247][ T6982] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.726274][ T6982] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 112.726303][ T6982] ____sys_sendmsg+0xa54/0xc30 [ 112.726332][ T6982] ? __pfx_____sys_sendmsg+0x10/0x10 [ 112.726370][ T6982] ___sys_sendmsg+0x190/0x1e0 [ 112.726398][ T6982] ? __pfx____sys_sendmsg+0x10/0x10 [ 112.726456][ T6982] __sys_sendmsg+0x170/0x220 [ 112.726480][ T6982] ? __pfx___sys_sendmsg+0x10/0x10 [ 112.726510][ T6982] ? __pfx_ksys_write+0x10/0x10 [ 112.726544][ T6982] __do_fast_syscall_32+0xe3/0x8c0 [ 112.726571][ T6982] do_fast_syscall_32+0x32/0x70 [ 112.726594][ T6982] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 112.726617][ T6982] RIP: 0023:0xf70cef6c [ 112.726633][ T6982] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 112.726649][ T6982] RSP: 002b:00000000f54bd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 112.726667][ T6982] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800002c0 [ 112.726677][ T6982] RDX: 0000000004000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 112.726688][ T6982] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 112.726699][ T6982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.726708][ T6982] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 112.726733][ T6982] [ 113.182470][ T6988] netlink: 12 bytes leftover after parsing attributes in process `syz.1.284'. [ 113.419466][ T5944] Bluetooth: hci2: unexpected subevent 0x19 length: 25 < 28 [ 113.478838][ T29] usb 5-1: USB disconnect, device number 3 [ 113.485999][ T29] usblp0: removed [ 113.579415][ T5944] Bluetooth: unknown link type 3 [ 113.581247][ T5944] Bluetooth: hci3: connection err: -111 [ 114.359544][ T6997] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 114.364607][ T6997] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 114.373231][ T6997] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 114.379613][ T6997] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 114.382694][ T6997] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 114.388819][ T6997] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 114.393699][ T6997] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 114.396477][ T6997] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 114.400259][ T6997] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 114.406881][ T6997] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 114.409734][ T6997] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 114.424120][ T6997] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 115.531181][ T7023] netlink: 24 bytes leftover after parsing attributes in process `syz.1.293'. [ 115.535616][ T7023] netlink: 24 bytes leftover after parsing attributes in process `syz.1.293'. [ 115.643453][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout [ 115.793091][ T7027] syz.2.294 (7027) used greatest stack depth: 16984 bytes left [ 116.445691][ T5942] Bluetooth: hci3: command 0x0c1a tx timeout [ 116.448605][ T5942] Bluetooth: hci2: command 0x0c1a tx timeout [ 116.451597][ T5942] Bluetooth: hci1: command 0x0c1a tx timeout [ 117.527306][ T40] audit: type=1326 audit(1772415565.362:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.3.305" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 117.539422][ T40] audit: type=1326 audit(1772415565.362:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.3.305" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 117.559906][ T40] audit: type=1326 audit(1772415565.372:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.3.305" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 117.567230][ T40] audit: type=1326 audit(1772415565.372:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.3.305" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 117.577387][ T40] audit: type=1326 audit(1772415565.372:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.3.305" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 117.587130][ T40] audit: type=1326 audit(1772415565.372:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.3.305" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 117.596535][ T40] audit: type=1326 audit(1772415565.372:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.3.305" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 117.606202][ T40] audit: type=1326 audit(1772415565.372:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.3.305" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 117.615731][ T40] audit: type=1326 audit(1772415565.372:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.3.305" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 117.625209][ T40] audit: type=1326 audit(1772415565.372:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.3.305" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 117.725939][ T5950] Bluetooth: hci0: command 0x0c1a tx timeout [ 118.278257][ T7074] PKCS8: Unsupported PKCS#8 version [ 118.333438][ T7076] evm: overlay not supported [ 118.441303][ T7083] netlink: 24 bytes leftover after parsing attributes in process `syz.0.312'. [ 118.523592][ T5950] Bluetooth: hci1: command 0x0c1a tx timeout [ 118.533414][ T5950] Bluetooth: hci2: command 0x0c1a tx timeout [ 118.533458][ T5942] Bluetooth: hci3: command 0x0c1a tx timeout [ 119.643441][ T7102] FAULT_INJECTION: forcing a failure. [ 119.643441][ T7102] name failslab, interval 1, probability 0, space 0, times 0 [ 119.651613][ T7102] CPU: 0 UID: 0 PID: 7102 Comm: syz.0.319 Tainted: G L syzkaller #0 PREEMPT(full) [ 119.651641][ T7102] Tainted: [L]=SOFTLOCKUP [ 119.651647][ T7102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 119.651657][ T7102] Call Trace: [ 119.651663][ T7102] [ 119.651670][ T7102] dump_stack_lvl+0x100/0x190 [ 119.651700][ T7102] should_fail_ex.cold+0x5/0xa [ 119.651721][ T7102] should_failslab+0xc2/0x120 [ 119.651740][ T7102] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 119.651765][ T7102] ? __d_alloc+0x34/0xa80 [ 119.651789][ T7102] __d_alloc+0x34/0xa80 [ 119.651811][ T7102] d_alloc_parallel+0x111/0x14e0 [ 119.651839][ T7102] ? __lock_acquire+0x4a5/0x2630 [ 119.651867][ T7102] ? __pfx_d_alloc_parallel+0x10/0x10 [ 119.651894][ T7102] ? lockdep_init_map_type+0x5c/0x250 [ 119.651917][ T7102] ? lockdep_init_map_type+0x5c/0x250 [ 119.651944][ T7102] __lookup_slow+0x193/0x460 [ 119.651967][ T7102] ? __pfx___lookup_slow+0x10/0x10 [ 119.651992][ T7102] ? irq_entries_start+0xd0/0xcb0 [ 119.652016][ T7102] ? irq_entries_start+0xd0/0xcb0 [ 119.652041][ T7102] lookup_slow+0x50/0x70 [ 119.652063][ T7102] lookup_one_unlocked+0xb8/0xd0 [ 119.652081][ T7102] ovl_lookup_single+0x3df/0x1280 [ 119.652108][ T7102] ? __pfx_ovl_lookup_single+0x10/0x10 [ 119.652124][ T7102] ? __lock_acquire+0x4a5/0x2630 [ 119.652144][ T7102] ? css_rstat_updated+0x1ce/0x5a0 [ 119.652169][ T7102] ovl_lookup_layer+0x3f1/0x4b0 [ 119.652190][ T7102] ? __lock_acquire+0x4a5/0x2630 [ 119.652210][ T7102] ? __pfx_ovl_lookup_layer+0x10/0x10 [ 119.652226][ T7102] ? mod_memcg_lruvec_state+0x1a6/0x630 [ 119.652250][ T7102] ? find_held_lock+0x2b/0x80 [ 119.652265][ T7102] ? rcu_read_unlock+0x17/0x60 [ 119.652282][ T7102] ? rcu_read_unlock+0x17/0x60 [ 119.652303][ T7102] ovl_lookup_layers+0x355/0x2ac0 [ 119.652323][ T7102] ? find_held_lock+0x2b/0x80 [ 119.652340][ T7102] ? rcu_read_unlock+0x17/0x60 [ 119.652366][ T7102] ? __pfx_ovl_lookup_layers+0x10/0x10 [ 119.652396][ T7102] ? find_held_lock+0x2b/0x80 [ 119.652410][ T7102] ? d_alloc_parallel+0xb4e/0x14e0 [ 119.652437][ T7102] ovl_lookup+0x4a8/0x6b0 [ 119.652456][ T7102] ? d_alloc_parallel+0x864/0x14e0 [ 119.652480][ T7102] ? __pfx_ovl_lookup+0x10/0x10 [ 119.652514][ T7102] ? lockdep_init_map_type+0x5c/0x250 [ 119.652546][ T7102] __lookup_slow+0x251/0x460 [ 119.652569][ T7102] ? __pfx___lookup_slow+0x10/0x10 [ 119.652613][ T7102] lookup_slow+0x50/0x70 [ 119.652635][ T7102] path_lookupat+0x5e8/0xc40 [ 119.652665][ T7102] filename_lookup+0x202/0x590 [ 119.652695][ T7102] ? __pfx_filename_lookup+0x10/0x10 [ 119.652740][ T7102] ? strncpy_from_user+0x19d/0x2d0 [ 119.652769][ T7102] ? do_getname+0x191/0x390 [ 119.652792][ T7102] do_utimes_path+0xea/0x1b0 [ 119.652814][ T7102] ? __pfx_do_utimes_path+0x10/0x10 [ 119.652835][ T7102] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 119.652862][ T7102] do_utimes+0x34/0x100 [ 119.652882][ T7102] do_compat_futimesat+0x217/0x280 [ 119.652904][ T7102] ? __pfx_do_compat_futimesat+0x10/0x10 [ 119.652927][ T7102] ? __pfx_ksys_write+0x10/0x10 [ 119.652959][ T7102] __do_fast_syscall_32+0xe3/0x8c0 [ 119.652984][ T7102] do_fast_syscall_32+0x32/0x70 [ 119.653006][ T7102] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 119.653027][ T7102] RIP: 0023:0xf7fa3f6c [ 119.653041][ T7102] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 119.653057][ T7102] RSP: 002b:00000000f546650c EFLAGS: 00000292 ORIG_RAX: 000000000000010f [ 119.653074][ T7102] RAX: ffffffffffffffda RBX: 0000000080000040 RCX: 0000000000000000 [ 119.653085][ T7102] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 119.653094][ T7102] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 119.653104][ T7102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.653113][ T7102] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 119.653138][ T7102] [ 119.804196][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout [ 119.951761][ T7113] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 120.603538][ T5950] Bluetooth: hci3: command 0x0c1a tx timeout [ 120.606225][ T5944] Bluetooth: hci1: command 0x0c1a tx timeout [ 120.608885][ T5942] Bluetooth: hci2: command 0x0c1a tx timeout [ 121.648431][ T7140] x_tables: ip6_tables: recent.0 match: invalid size 216 (kernel) != (user) 232 [ 122.240334][ T7155] syzkaller0: entered promiscuous mode [ 122.242023][ T7155] syzkaller0: entered allmulticast mode [ 123.378657][ T7176] rdma_rxe: rxe_newlink: failed to add syz_tun [ 124.145920][ T7182] tipc: Started in network mode [ 124.147577][ T7182] tipc: Node identity 02260035a8a3, cluster identity 4711 [ 124.150032][ T7182] tipc: Enabled bearer , priority 0 [ 124.152892][ T7182] syzkaller0: entered promiscuous mode [ 124.154913][ T7182] syzkaller0: entered allmulticast mode [ 124.160031][ T7182] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 124.168472][ T7181] tipc: Resetting bearer [ 124.178296][ T7181] tipc: Disabling bearer [ 125.348963][ T7204] FAULT_INJECTION: forcing a failure. [ 125.348963][ T7204] name failslab, interval 1, probability 0, space 0, times 0 [ 125.354671][ T7204] CPU: 3 UID: 0 PID: 7204 Comm: syz.3.350 Tainted: G L syzkaller #0 PREEMPT(full) [ 125.354698][ T7204] Tainted: [L]=SOFTLOCKUP [ 125.354704][ T7204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 125.354715][ T7204] Call Trace: [ 125.354721][ T7204] [ 125.354729][ T7204] dump_stack_lvl+0x100/0x190 [ 125.354759][ T7204] should_fail_ex.cold+0x5/0xa [ 125.354779][ T7204] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc2/0x280 [ 125.354806][ T7204] should_failslab+0xc2/0x120 [ 125.354826][ T7204] __kmalloc_noprof+0xe0/0x850 [ 125.354851][ T7204] ? rcu_is_watching+0x12/0xc0 [ 125.354881][ T7204] genl_family_rcv_msg_attrs_parse.isra.0+0xc2/0x280 [ 125.354912][ T7204] genl_family_rcv_msg_doit+0xc7/0x300 [ 125.354939][ T7204] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 125.354964][ T7204] ? genl_get_cmd+0x3ef/0x720 [ 125.354996][ T7204] ? bpf_lsm_capable+0x9/0x10 [ 125.355014][ T7204] ? security_capable+0x80/0x260 [ 125.355043][ T7204] genl_rcv_msg+0x560/0x800 [ 125.355071][ T7204] ? __pfx_genl_rcv_msg+0x10/0x10 [ 125.355095][ T7204] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 125.355121][ T7204] ? __pfx_nl802154_set_llsec_params+0x10/0x10 [ 125.355152][ T7204] ? __pfx_nl802154_post_doit+0x10/0x10 [ 125.355179][ T7204] ? __lock_acquire+0x4a5/0x2630 [ 125.355206][ T7204] netlink_rcv_skb+0x159/0x420 [ 125.355227][ T7204] ? __pfx_genl_rcv_msg+0x10/0x10 [ 125.355253][ T7204] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 125.355286][ T7204] ? netlink_deliver_tap+0x1ae/0xcc0 [ 125.355313][ T7204] genl_rcv+0x28/0x40 [ 125.355334][ T7204] netlink_unicast+0x5aa/0x870 [ 125.355360][ T7204] ? __pfx_netlink_unicast+0x10/0x10 [ 125.355392][ T7204] netlink_sendmsg+0x8b0/0xda0 [ 125.355419][ T7204] ? __pfx_netlink_sendmsg+0x10/0x10 [ 125.355445][ T7204] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 125.355473][ T7204] ____sys_sendmsg+0xa54/0xc30 [ 125.355501][ T7204] ? __pfx_____sys_sendmsg+0x10/0x10 [ 125.355538][ T7204] ___sys_sendmsg+0x190/0x1e0 [ 125.355566][ T7204] ? __pfx____sys_sendmsg+0x10/0x10 [ 125.355625][ T7204] __sys_sendmsg+0x170/0x220 [ 125.355646][ T7204] ? __pfx___sys_sendmsg+0x10/0x10 [ 125.355675][ T7204] ? __pfx_ksys_write+0x10/0x10 [ 125.355708][ T7204] __do_fast_syscall_32+0xe3/0x8c0 [ 125.355735][ T7204] do_fast_syscall_32+0x32/0x70 [ 125.355756][ T7204] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 125.355777][ T7204] RIP: 0023:0xf7f04f6c [ 125.355791][ T7204] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 125.355807][ T7204] RSP: 002b:00000000f53c650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 125.355825][ T7204] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000300 [ 125.355835][ T7204] RDX: 0000000000004080 RSI: 0000000000000000 RDI: 0000000000000000 [ 125.355845][ T7204] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 125.355854][ T7204] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 125.355864][ T7204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 125.355890][ T7204] [ 125.868294][ T7219] netlink: 8 bytes leftover after parsing attributes in process `syz.1.355'. [ 126.773867][ T7237] comedi comedi2: aio_aio12_8: I/O port conflict (0x4f27,32) [ 126.786763][ T7237] netlink: 200 bytes leftover after parsing attributes in process `syz.1.359'. [ 128.325859][ T7265] syzkaller0: entered promiscuous mode [ 128.328178][ T7265] syzkaller0: entered allmulticast mode [ 128.646967][ T7284] process 'syz.1.365' launched './file1' with NULL argv: empty string added [ 128.725887][ T5942] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 128.727927][ T7286] netlink: 'syz.1.366': attribute type 4 has an invalid length. [ 130.826730][ T7309] tmpfs: Bad value for 'mpol' [ 132.783584][ T7328] FAULT_INJECTION: forcing a failure. [ 132.783584][ T7328] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 132.788130][ T7328] CPU: 1 UID: 0 PID: 7328 Comm: syz.0.379 Tainted: G L syzkaller #0 PREEMPT(full) [ 132.788158][ T7328] Tainted: [L]=SOFTLOCKUP [ 132.788164][ T7328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 132.788174][ T7328] Call Trace: [ 132.788181][ T7328] [ 132.788189][ T7328] dump_stack_lvl+0x100/0x190 [ 132.788214][ T7328] should_fail_ex.cold+0x5/0xa [ 132.788227][ T7328] _copy_from_iter+0x43a/0x1690 [ 132.788241][ T7328] ? __pfx__copy_from_iter+0x10/0x10 [ 132.788257][ T7328] ? __pfx___alloc_skb+0x10/0x10 [ 132.788269][ T7328] ? __pfx___might_resched+0x10/0x10 [ 132.788290][ T7328] netlink_sendmsg+0x808/0xda0 [ 132.788307][ T7328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 132.788323][ T7328] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 132.788340][ T7328] ____sys_sendmsg+0xa54/0xc30 [ 132.788357][ T7328] ? __pfx_____sys_sendmsg+0x10/0x10 [ 132.788381][ T7328] ___sys_sendmsg+0x190/0x1e0 [ 132.788397][ T7328] ? __pfx____sys_sendmsg+0x10/0x10 [ 132.788430][ T7328] __sys_sendmsg+0x170/0x220 [ 132.788443][ T7328] ? __pfx___sys_sendmsg+0x10/0x10 [ 132.788460][ T7328] ? __pfx_ksys_write+0x10/0x10 [ 132.788479][ T7328] __do_fast_syscall_32+0xe3/0x8c0 [ 132.788495][ T7328] do_fast_syscall_32+0x32/0x70 [ 132.788508][ T7328] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.788522][ T7328] RIP: 0023:0xf7fa3f6c [ 132.788531][ T7328] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 132.788554][ T7328] RSP: 002b:00000000f546650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 132.788565][ T7328] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000 [ 132.788572][ T7328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 132.788578][ T7328] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 132.788583][ T7328] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 132.788589][ T7328] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 132.788608][ T7328] [ 133.242485][ T7334] ptrace attach of "/syz-executor exec"[7340] was attempted by "/syz-executor exec"[7334] [ 134.067282][ T7349] netlink: 4 bytes leftover after parsing attributes in process `syz.2.385'. [ 134.076390][ T7349] ip6tnl1: entered promiscuous mode [ 134.078155][ T7349] ip6tnl1: entered allmulticast mode [ 134.387449][ T7361] FAULT_INJECTION: forcing a failure. [ 134.387449][ T7361] name failslab, interval 1, probability 0, space 0, times 0 [ 134.391663][ T7361] CPU: 3 UID: 0 PID: 7361 Comm: syz.1.389 Tainted: G L syzkaller #0 PREEMPT(full) [ 134.391680][ T7361] Tainted: [L]=SOFTLOCKUP [ 134.391684][ T7361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 134.391691][ T7361] Call Trace: [ 134.391695][ T7361] [ 134.391700][ T7361] dump_stack_lvl+0x100/0x190 [ 134.391719][ T7361] should_fail_ex.cold+0x5/0xa [ 134.391732][ T7361] ? tomoyo_encode2+0xfb/0x3c0 [ 134.391743][ T7361] should_failslab+0xc2/0x120 [ 134.391755][ T7361] __kmalloc_noprof+0xe0/0x850 [ 134.391769][ T7361] ? d_absolute_path+0x136/0x1b0 [ 134.391786][ T7361] tomoyo_encode2+0xfb/0x3c0 [ 134.391799][ T7361] tomoyo_encode+0x29/0x50 [ 134.391809][ T7361] tomoyo_realpath_from_path+0x18c/0x690 [ 134.391824][ T7361] tomoyo_path_number_perm+0x23c/0x580 [ 134.391842][ T7361] ? tomoyo_path_number_perm+0x22e/0x580 [ 134.391859][ T7361] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 134.391890][ T7361] ? find_held_lock+0x2b/0x80 [ 134.391900][ T7361] ? hook_file_ioctl_common+0x146/0x410 [ 134.391916][ T7361] ? __fget_files+0x215/0x3d0 [ 134.391929][ T7361] ? __fget_files+0x21f/0x3d0 [ 134.391940][ T7361] security_file_ioctl_compat+0xd3/0x230 [ 134.391957][ T7361] __ia32_compat_sys_ioctl+0xc2/0x360 [ 134.391975][ T7361] __do_fast_syscall_32+0xe3/0x8c0 [ 134.391991][ T7361] do_fast_syscall_32+0x32/0x70 [ 134.392004][ T7361] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 134.392018][ T7361] RIP: 0023:0xf70cef6c [ 134.392027][ T7361] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 134.392037][ T7361] RSP: 002b:00000000f54bd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 134.392048][ T7361] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c2c45512 [ 134.392054][ T7361] RDX: 0000000080000a00 RSI: 0000000000000000 RDI: 0000000000000000 [ 134.392060][ T7361] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 134.392066][ T7361] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 134.392072][ T7361] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 134.392086][ T7361] [ 134.392096][ T7361] ERROR: Out of memory at tomoyo_realpath_from_path. [ 134.433437][ T40] kauditd_printk_skb: 23 callbacks suppressed [ 134.433450][ T40] audit: type=1804 audit(1772415582.232:142): pid=7357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.387" name="/newroot/93/bus/bus" dev="overlay" ino=514 res=1 errno=0 [ 134.535646][ T40] audit: type=1804 audit(1772415582.372:143): pid=7365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.387" name="/newroot/93/bus/bus" dev="overlay" ino=514 res=1 errno=0 [ 135.668578][ T7357] syzkaller0: entered promiscuous mode [ 135.670704][ T7357] syzkaller0: entered allmulticast mode [ 136.893714][ T7388] rdma_rxe: rxe_newlink: failed to add syz_tun [ 137.183663][ T7395] FAULT_INJECTION: forcing a failure. [ 137.183663][ T7395] name failslab, interval 1, probability 0, space 0, times 0 [ 137.187769][ T7395] CPU: 3 UID: 0 PID: 7395 Comm: syz.1.397 Tainted: G L syzkaller #0 PREEMPT(full) [ 137.187786][ T7395] Tainted: [L]=SOFTLOCKUP [ 137.187790][ T7395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 137.187797][ T7395] Call Trace: [ 137.187801][ T7395] [ 137.187806][ T7395] dump_stack_lvl+0x100/0x190 [ 137.187824][ T7395] should_fail_ex.cold+0x5/0xa [ 137.187837][ T7395] should_failslab+0xc2/0x120 [ 137.187849][ T7395] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 137.187864][ T7395] ? __alloc_skb+0x140/0x710 [ 137.187878][ T7395] __alloc_skb+0x140/0x710 [ 137.187888][ T7395] ? __alloc_skb+0x5b7/0x710 [ 137.187899][ T7395] ? __pfx___alloc_skb+0x10/0x10 [ 137.187914][ T7395] hci_sock_sendmsg+0x1b01/0x2620 [ 137.187932][ T7395] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 137.187944][ T7395] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 137.187962][ T7395] sock_write_iter+0x566/0x610 [ 137.187977][ T7395] ? __pfx_sock_write_iter+0x10/0x10 [ 137.187992][ T7395] ? get_pid_task+0xfc/0x250 [ 137.188010][ T7395] ? bpf_lsm_file_permission+0x9/0x10 [ 137.188034][ T7395] ? security_file_permission+0x76/0x210 [ 137.188050][ T7395] ? rw_verify_area+0xce/0x6d0 [ 137.188066][ T7395] vfs_write+0x6ac/0x1070 [ 137.188083][ T7395] ? __pfx_sock_write_iter+0x10/0x10 [ 137.188099][ T7395] ? __pfx_vfs_write+0x10/0x10 [ 137.188113][ T7395] ? find_held_lock+0x2b/0x80 [ 137.188132][ T7395] ksys_write+0x1f8/0x250 [ 137.188148][ T7395] ? __pfx_ksys_write+0x10/0x10 [ 137.188164][ T7395] ? __pfx_ksys_write+0x10/0x10 [ 137.188182][ T7395] __do_fast_syscall_32+0xe3/0x8c0 [ 137.188198][ T7395] do_fast_syscall_32+0x32/0x70 [ 137.188211][ T7395] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 137.188225][ T7395] RIP: 0023:0xf70cef6c [ 137.188234][ T7395] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 137.188245][ T7395] RSP: 002b:00000000f54bd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000004 [ 137.188255][ T7395] RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 0000000080000000 [ 137.188262][ T7395] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000 [ 137.188267][ T7395] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 137.188273][ T7395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 137.188279][ T7395] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 137.188293][ T7395] [ 137.312215][ T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 137.473424][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 137.477391][ T9] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 137.480987][ T9] usb 7-1: config 0 has no interface number 0 [ 137.484560][ T7401] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 137.486801][ T7401] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 137.490399][ T7401] vhci_hcd vhci_hcd.0: Device attached [ 137.491226][ T9] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 137.493967][ T7401] tmpfs: Unknown parameter 'qunT!±!Íot' [ 137.497686][ T9] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 137.504624][ T9] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 137.509429][ T9] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 137.516613][ T9] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 137.520775][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.533313][ T9] usb 7-1: config 0 descriptor?? [ 137.542787][ T9] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 137.577210][ T1412] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.579310][ T1412] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.753488][ T9] usb 40-1: SetAddress Request (6) to port 0 [ 137.756229][ T9] usb 40-1: new SuperSpeed USB device number 6 using vhci_hcd [ 137.811833][ T5987] usb 7-1: USB disconnect, device number 3 [ 137.811936][ C2] ldusb 7-1:0.55: usb_submit_urb failed (-19) [ 137.818403][ T5987] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 137.820374][ T7393] ldusb: No device or device unplugged -19 [ 138.129731][ T7403] vhci_hcd: connection reset by peer [ 138.132371][ T1139] vhci_hcd vhci_hcd.1: stop threads [ 138.134554][ T1139] vhci_hcd vhci_hcd.1: release socket [ 138.136828][ T1139] vhci_hcd vhci_hcd.1: disconnect device [ 138.646507][ T7423] netlink: 16 bytes leftover after parsing attributes in process `syz.2.407'. [ 138.894000][ T7428] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 138.896193][ T7428] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 138.909385][ T7428] vhci_hcd vhci_hcd.0: Device attached [ 138.960197][ T7436] rdma_rxe: rxe_newlink: failed to add syz_tun [ 139.203564][ T828] usb 42-1: SetAddress Request (10) to port 0 [ 139.205713][ T828] usb 42-1: new SuperSpeed USB device number 10 using vhci_hcd [ 139.575297][ T7429] vhci_hcd: connection reset by peer [ 139.577818][ T1139] vhci_hcd vhci_hcd.2: stop threads [ 139.580293][ T1139] vhci_hcd vhci_hcd.2: release socket [ 139.583158][ T1139] vhci_hcd vhci_hcd.2: disconnect device [ 141.097880][ T7461] comedi comedi2: aio_aio12_8: I/O port conflict (0x4f27,32) [ 141.136043][ T7465] FAULT_INJECTION: forcing a failure. [ 141.136043][ T7465] name failslab, interval 1, probability 0, space 0, times 0 [ 141.140417][ T7465] CPU: 1 UID: 0 PID: 7465 Comm: syz.2.417 Tainted: G L syzkaller #0 PREEMPT(full) [ 141.140444][ T7465] Tainted: [L]=SOFTLOCKUP [ 141.140450][ T7465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 141.140461][ T7465] Call Trace: [ 141.140467][ T7465] [ 141.140473][ T7465] dump_stack_lvl+0x100/0x190 [ 141.140496][ T7465] should_fail_ex.cold+0x5/0xa [ 141.140509][ T7465] ? tomoyo_realpath_from_path+0xb6/0x690 [ 141.140521][ T7465] should_failslab+0xc2/0x120 [ 141.140536][ T7465] __kmalloc_noprof+0xe0/0x850 [ 141.140565][ T7465] tomoyo_realpath_from_path+0xb6/0x690 [ 141.140590][ T7465] tomoyo_path_number_perm+0x23c/0x580 [ 141.140615][ T7465] ? tomoyo_path_number_perm+0x22e/0x580 [ 141.140641][ T7465] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 141.140679][ T7465] ? find_held_lock+0x2b/0x80 [ 141.140689][ T7465] ? hook_file_ioctl_common+0x146/0x410 [ 141.140705][ T7465] ? __fget_files+0x215/0x3d0 [ 141.140718][ T7465] ? __fget_files+0x21f/0x3d0 [ 141.140729][ T7465] security_file_ioctl_compat+0xd3/0x230 [ 141.140747][ T7465] __ia32_compat_sys_ioctl+0xc2/0x360 [ 141.140764][ T7465] __do_fast_syscall_32+0xe3/0x8c0 [ 141.140780][ T7465] do_fast_syscall_32+0x32/0x70 [ 141.140793][ T7465] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 141.140807][ T7465] RIP: 0023:0xf704ef6c [ 141.140821][ T7465] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 141.140832][ T7465] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 141.140843][ T7465] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400 [ 141.140849][ T7465] RDX: 0000000080000500 RSI: 0000000000000000 RDI: 0000000000000000 [ 141.140855][ T7465] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 141.140861][ T7465] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 141.140867][ T7465] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 141.140881][ T7465] [ 141.140885][ T7465] ERROR: Out of memory at tomoyo_realpath_from_path. [ 141.217651][ T7465] comedi comedi3: pcmmio: I/O port conflict (0xfffffffffffffffe,32) [ 141.328261][ T7471] binder: 7469:7471 ioctl c0306201 0 returned -14 [ 141.781460][ T7474] FAULT_INJECTION: forcing a failure. [ 141.781460][ T7474] name failslab, interval 1, probability 0, space 0, times 0 [ 141.788282][ T7474] CPU: 0 UID: 0 PID: 7474 Comm: syz.3.420 Tainted: G L syzkaller #0 PREEMPT(full) [ 141.788310][ T7474] Tainted: [L]=SOFTLOCKUP [ 141.788331][ T7474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 141.788342][ T7474] Call Trace: [ 141.788348][ T7474] [ 141.788355][ T7474] dump_stack_lvl+0x100/0x190 [ 141.788387][ T7474] should_fail_ex.cold+0x5/0xa [ 141.788407][ T7474] ? tomoyo_realpath_from_path+0xb6/0x690 [ 141.788427][ T7474] should_failslab+0xc2/0x120 [ 141.788445][ T7474] __kmalloc_noprof+0xe0/0x850 [ 141.788476][ T7474] tomoyo_realpath_from_path+0xb6/0x690 [ 141.788503][ T7474] tomoyo_path_perm+0x276/0x460 [ 141.788527][ T7474] ? tomoyo_path_perm+0x262/0x460 [ 141.788556][ T7474] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 141.788614][ T7474] ? rcu_is_watching+0x12/0xc0 [ 141.788640][ T7474] ? trace_contention_end+0x140/0x180 [ 141.788667][ T7474] security_inode_getattr+0x116/0x280 [ 141.788695][ T7474] vfs_getattr+0x25/0x60 [ 141.788715][ T7474] loop_query_min_dio_size.isra.0+0x117/0x250 [ 141.788737][ T7474] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 141.788774][ T7474] ? filemap_write_and_wait_range+0x7d/0x130 [ 141.788800][ T7474] ? bdev_mark_dead+0xfb/0x1d0 [ 141.788820][ T7474] loop_configure+0x6e4/0x15b0 [ 141.788847][ T7474] ? lock_acquire+0x1cf/0x380 [ 141.788868][ T7474] ? find_held_lock+0x2b/0x80 [ 141.788888][ T7474] ? __lock_acquire+0x4a5/0x2630 [ 141.788916][ T7474] ? lockdep_hardirqs_on+0x78/0x100 [ 141.788937][ T7474] ? __pfx_loop_configure+0x10/0x10 [ 141.788981][ T7474] lo_ioctl+0xcf3/0x1bc0 [ 141.789002][ T7474] ? preempt_schedule_irq+0x7b/0x90 [ 141.789026][ T7474] ? __pfx_lo_ioctl+0x10/0x10 [ 141.789047][ T7474] ? irqentry_exit+0x180/0x670 [ 141.789109][ T7474] ? tomoyo_path_number_perm+0x28f/0x580 [ 141.789139][ T7474] ? blk_get_meta_cap+0xd4/0x6c0 [ 141.789161][ T7474] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 141.789226][ T7474] lo_compat_ioctl+0xf3/0x160 [ 141.789247][ T7474] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 141.789266][ T7474] compat_blkdev_ioctl+0x682/0x7b0 [ 141.789306][ T7474] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 141.789333][ T7474] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 141.789355][ T7474] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 141.789385][ T7474] __do_fast_syscall_32+0xe3/0x8c0 [ 141.789409][ T7474] do_fast_syscall_32+0x32/0x70 [ 141.789432][ T7474] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 141.789454][ T7474] RIP: 0023:0xf7f04f6c [ 141.789471][ T7474] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 141.789486][ T7474] RSP: 002b:00000000f53c650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 141.789505][ T7474] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c0a [ 141.789515][ T7474] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 141.789523][ T7474] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 141.789531][ T7474] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 141.789541][ T7474] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 141.789567][ T7474] [ 141.863607][ T7474] ERROR: Out of memory at tomoyo_realpath_from_path. [ 141.916515][ T7474] loop2: detected capacity change from 0 to 7 [ 141.920832][ T6329] Dev loop2: unable to read RDB block 7 [ 141.923615][ T6329] loop2: unable to read partition table [ 141.925781][ T6329] loop2: partition table beyond EOD, truncated [ 141.935121][ T7474] Dev loop2: unable to read RDB block 7 [ 141.938352][ T7474] loop2: unable to read partition table [ 141.942995][ T7474] loop2: partition table beyond EOD, truncated [ 141.960957][ T7474] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 142.309634][ T7487] comedi comedi3: comedi_config --init_data is deprecated [ 142.651316][ T212] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.730972][ T212] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.805385][ T212] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.843909][ T9] usb 40-1: device descriptor read/8, error -110 [ 142.852875][ T5950] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 142.858774][ T5950] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 142.862005][ T5950] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 142.867820][ T5950] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 142.870981][ T5950] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 142.891002][ T212] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.947304][ T7496] syzkaller0: entered promiscuous mode [ 142.949331][ T7496] syzkaller0: entered allmulticast mode [ 143.113985][ T212] bridge_slave_1: left allmulticast mode [ 143.116682][ T212] bridge_slave_1: left promiscuous mode [ 143.121745][ T212] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.135450][ T212] bridge_slave_0: left allmulticast mode [ 143.143562][ T212] bridge_slave_0: left promiscuous mode [ 143.146366][ T212] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.312013][ T9] usb usb40-port1: attempt power cycle [ 143.501430][ T212] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 143.508771][ T212] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 143.514444][ T212] bond0 (unregistering): Released all slaves [ 143.601878][ T212] tipc: Left network mode [ 143.758571][ T7493] chnl_net:caif_netlink_parms(): no params data found [ 143.873825][ T9] usb usb40-port1: unable to enumerate USB device [ 143.887389][ T7493] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.890686][ T7493] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.893659][ T7493] bridge_slave_0: entered allmulticast mode [ 143.906205][ T7493] bridge_slave_0: entered promiscuous mode [ 143.914468][ T7493] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.919892][ T7493] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.925757][ T7493] bridge_slave_1: entered allmulticast mode [ 143.930901][ T7493] bridge_slave_1: entered promiscuous mode [ 143.980890][ T7493] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 143.990411][ T7493] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 144.017741][ T212] hsr_slave_0: left promiscuous mode [ 144.020125][ T212] hsr_slave_1: left promiscuous mode [ 144.022409][ T212] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 144.034472][ T212] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 144.038285][ T212] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.040855][ T212] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 144.070485][ T212] veth1_macvtap: left promiscuous mode [ 144.073151][ T212] veth0_macvtap: left promiscuous mode [ 144.080354][ T212] veth1_vlan: left promiscuous mode [ 144.082253][ T212] veth0_vlan: left promiscuous mode [ 144.160088][ T7538] syz1: rxe_newlink: already configured on syz_tun [ 144.259419][ T212] team0 (unregistering): Port device team_slave_1 removed [ 144.266418][ T212] team0 (unregistering): Port device team_slave_0 removed [ 144.283542][ T828] usb 42-1: device descriptor read/8, error -110 [ 144.338556][ T7493] team0: Port device team_slave_0 added [ 144.342467][ T7493] team0: Port device team_slave_1 added [ 144.355598][ T7493] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 144.357943][ T7493] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 144.366456][ T7493] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 144.374204][ T7493] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 144.376610][ T7493] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 144.384992][ T7493] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 144.430662][ T7493] hsr_slave_0: entered promiscuous mode [ 144.433226][ T7493] hsr_slave_1: entered promiscuous mode [ 144.436138][ T7493] debugfs: 'hsr0' already exists in 'hsr' [ 144.438366][ T7493] Cannot create hsr debugfs directory [ 144.562068][ T7493] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 144.575016][ T7493] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 144.587004][ T7493] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 144.611873][ T7493] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 144.646935][ T7557] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 144.684210][ T828] usb usb42-port1: attempt power cycle [ 144.822474][ T7493] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.833824][ T7493] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.838969][ T212] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.841593][ T212] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.852818][ T212] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.855934][ T212] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.924361][ T5950] Bluetooth: hci2: command tx timeout [ 145.073086][ T7493] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.273911][ T828] usb usb42-port1: unable to enumerate USB device [ 145.281174][ T7493] veth0_vlan: entered promiscuous mode [ 145.287683][ T7493] veth1_vlan: entered promiscuous mode [ 145.303688][ T7493] veth0_macvtap: entered promiscuous mode [ 145.308812][ T7493] veth1_macvtap: entered promiscuous mode [ 145.318942][ T7493] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 145.326647][ T7493] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 145.334803][ T1147] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.339120][ T1147] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.344825][ T1147] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.347695][ T1147] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.542794][ T7597] rdma_rxe: rxe_newlink: failed to add syz_tun [ 146.005852][ T1191] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.013420][ T1191] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.060413][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.064597][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.013447][ T5950] Bluetooth: hci2: command tx timeout [ 147.592653][ T7626] FAULT_INJECTION: forcing a failure. [ 147.592653][ T7626] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 147.597120][ T7626] CPU: 3 UID: 0 PID: 7626 Comm: syz.4.449 Tainted: G L syzkaller #0 PREEMPT(full) [ 147.597137][ T7626] Tainted: [L]=SOFTLOCKUP [ 147.597141][ T7626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 147.597147][ T7626] Call Trace: [ 147.597152][ T7626] [ 147.597156][ T7626] dump_stack_lvl+0x100/0x190 [ 147.597175][ T7626] should_fail_ex.cold+0x5/0xa [ 147.597188][ T7626] _copy_from_iter+0x1f4/0x1690 [ 147.597200][ T7626] ? __asan_memset+0x23/0x50 [ 147.597215][ T7626] ? __pfx__copy_from_iter+0x10/0x10 [ 147.597231][ T7626] ? __pfx___alloc_skb+0x10/0x10 [ 147.597249][ T7626] netlink_sendmsg+0x808/0xda0 [ 147.597266][ T7626] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.597282][ T7626] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 147.597299][ T7626] ____sys_sendmsg+0xa54/0xc30 [ 147.597316][ T7626] ? __pfx_____sys_sendmsg+0x10/0x10 [ 147.597338][ T7626] ___sys_sendmsg+0x190/0x1e0 [ 147.597355][ T7626] ? __pfx____sys_sendmsg+0x10/0x10 [ 147.597387][ T7626] __sys_sendmsg+0x170/0x220 [ 147.597400][ T7626] ? __pfx___sys_sendmsg+0x10/0x10 [ 147.597424][ T7626] ? __pfx_ksys_write+0x10/0x10 [ 147.597446][ T7626] __do_fast_syscall_32+0xe3/0x8c0 [ 147.597465][ T7626] do_fast_syscall_32+0x32/0x70 [ 147.597482][ T7626] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 147.597500][ T7626] RIP: 0023:0xf70aef6c [ 147.597509][ T7626] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 147.597519][ T7626] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 147.597535][ T7626] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800006c0 [ 147.597542][ T7626] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 147.597551][ T7626] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 147.597556][ T7626] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 147.597562][ T7626] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 147.597576][ T7626] [ 147.703124][ T7628] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 148.541440][ T7641] FAULT_INJECTION: forcing a failure. [ 148.541440][ T7641] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 148.549927][ T7641] CPU: 1 UID: 0 PID: 7641 Comm: syz.1.452 Tainted: G L syzkaller #0 PREEMPT(full) [ 148.549956][ T7641] Tainted: [L]=SOFTLOCKUP [ 148.549963][ T7641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 148.549973][ T7641] Call Trace: [ 148.549980][ T7641] [ 148.549987][ T7641] dump_stack_lvl+0x100/0x190 [ 148.550020][ T7641] should_fail_ex.cold+0x5/0xa [ 148.550042][ T7641] _copy_from_iter+0x1f4/0x1690 [ 148.550064][ T7641] ? __asan_memset+0x23/0x50 [ 148.550091][ T7641] ? __pfx__copy_from_iter+0x10/0x10 [ 148.550119][ T7641] ? __pfx___alloc_skb+0x10/0x10 [ 148.550152][ T7641] netlink_sendmsg+0x808/0xda0 [ 148.550181][ T7641] ? __pfx_netlink_sendmsg+0x10/0x10 [ 148.550208][ T7641] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 148.550237][ T7641] ____sys_sendmsg+0xa54/0xc30 [ 148.550266][ T7641] ? __pfx_____sys_sendmsg+0x10/0x10 [ 148.550304][ T7641] ___sys_sendmsg+0x190/0x1e0 [ 148.550332][ T7641] ? __pfx____sys_sendmsg+0x10/0x10 [ 148.550389][ T7641] __sys_sendmsg+0x170/0x220 [ 148.550412][ T7641] ? __pfx___sys_sendmsg+0x10/0x10 [ 148.550442][ T7641] ? __pfx_ksys_write+0x10/0x10 [ 148.550476][ T7641] __do_fast_syscall_32+0xe3/0x8c0 [ 148.550503][ T7641] do_fast_syscall_32+0x32/0x70 [ 148.550526][ T7641] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 148.550549][ T7641] RIP: 0023:0xf70cef6c [ 148.550565][ T7641] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 148.550582][ T7641] RSP: 002b:00000000f54bd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 148.550600][ T7641] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800006c0 [ 148.550612][ T7641] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 148.550622][ T7641] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 148.550632][ T7641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.550642][ T7641] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 148.550667][ T7641] [ 149.103441][ T5942] Bluetooth: hci2: command tx timeout [ 149.113894][ T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 149.275402][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 149.279930][ T10] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 149.284471][ T10] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 149.291853][ T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 149.296304][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.299528][ T10] usb 5-1: Product: syz [ 149.301569][ T10] usb 5-1: Manufacturer: syz [ 149.303272][ T10] usb 5-1: SerialNumber: syz [ 149.314273][ T10] hub 5-1:1.0: bad descriptor, ignoring hub [ 149.316474][ T10] hub 5-1:1.0: probe with driver hub failed with error -5 [ 149.521622][ T10] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 149.846235][ T7664] netlink: 20 bytes leftover after parsing attributes in process `syz.4.460'. [ 149.849660][ T7664] netlink: 20 bytes leftover after parsing attributes in process `syz.4.460'. [ 149.863511][ T6000] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 150.037018][ T6000] usb 6-1: Using ep0 maxpacket: 16 [ 150.047979][ T6000] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 150.056614][ T6000] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 150.060828][ T6000] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.064469][ T6000] usb 6-1: Product: syz [ 150.066342][ T6000] usb 6-1: Manufacturer: syz [ 150.068398][ T6000] usb 6-1: SerialNumber: syz [ 150.072754][ T6000] usb 6-1: config 0 descriptor?? [ 150.078173][ T6000] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 150.083150][ T6000] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 150.443190][ T29] usb 5-1: USB disconnect, device number 4 [ 150.455029][ T29] usblp0: removed [ 150.574159][ T7676] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 150.576260][ T7676] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 150.579999][ T7676] vhci_hcd vhci_hcd.0: Device attached [ 150.583470][ T29] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 150.588500][ T7676] random: crng reseeded on system resumption [ 150.613909][ T7676] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 150.678925][ T6000] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 150.763149][ T29] usb 5-1: unable to get BOS descriptor or descriptor too short [ 150.767985][ T29] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 150.770510][ T29] usb 5-1: can't read configurations, error -71 [ 150.873645][ T828] usb 42-1: SetAddress Request (14) to port 0 [ 150.875712][ T828] usb 42-1: new SuperSpeed USB device number 14 using vhci_hcd [ 151.091618][ T6000] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 151.098341][ T7659] FAULT_INJECTION: forcing a failure. [ 151.098341][ T7659] name failslab, interval 1, probability 0, space 0, times 0 [ 151.098432][ T7659] CPU: 1 UID: 0 PID: 7659 Comm: syz.1.458 Tainted: G L syzkaller #0 PREEMPT(full) [ 151.098459][ T7659] Tainted: [L]=SOFTLOCKUP [ 151.098465][ T7659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 151.098475][ T7659] Call Trace: [ 151.098482][ T7659] [ 151.098489][ T7659] dump_stack_lvl+0x100/0x190 [ 151.098518][ T7659] should_fail_ex.cold+0x5/0xa [ 151.098538][ T7659] ? compat_i2cdev_ioctl+0x284/0x540 [ 151.098561][ T7659] should_failslab+0xc2/0x120 [ 151.098581][ T7659] __kmalloc_noprof+0xe0/0x850 [ 151.098612][ T7659] compat_i2cdev_ioctl+0x284/0x540 [ 151.098641][ T7659] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 151.098666][ T7659] ? __fget_files+0x21f/0x3d0 [ 151.098688][ T7659] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 151.098713][ T7659] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 151.098741][ T7659] __do_fast_syscall_32+0xe3/0x8c0 [ 151.098767][ T7659] do_fast_syscall_32+0x32/0x70 [ 151.098789][ T7659] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 151.098812][ T7659] RIP: 0023:0xf70cef6c [ 151.098826][ T7659] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 151.098842][ T7659] RSP: 002b:00000000f54bd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 151.098859][ T7659] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000707 [ 151.098884][ T7659] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 151.098896][ T7659] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 151.098907][ T7659] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 151.098916][ T7659] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 151.098941][ T7659] [ 151.153489][ T7683] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 151.171250][ T7683] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 151.184753][ T5950] Bluetooth: hci2: command tx timeout [ 151.188248][ T7683] vhci_hcd vhci_hcd.0: Device attached [ 151.193392][ T7677] vhci_hcd: connection reset by peer [ 151.195377][ T13] vhci_hcd vhci_hcd.2: stop threads [ 151.197715][ T13] vhci_hcd vhci_hcd.2: release socket [ 151.200325][ T13] vhci_hcd vhci_hcd.2: disconnect device [ 151.204020][ T6000] em28xx 6-1:0.0: board has no eeprom [ 151.258121][ T7684] vhci_hcd: connection closed [ 151.258432][ T13] vhci_hcd vhci_hcd.4: stop threads [ 151.263046][ T13] vhci_hcd vhci_hcd.4: release socket [ 151.265701][ T13] vhci_hcd vhci_hcd.4: disconnect device [ 151.493383][ T6000] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 151.495986][ T6000] em28xx 6-1:0.0: dvb set to bulk mode. [ 151.498161][ T56] em28xx 6-1:0.0: Binding DVB extension [ 151.506463][ T6000] usb 6-1: USB disconnect, device number 2 [ 151.509171][ T6000] em28xx 6-1:0.0: Disconnecting em28xx [ 151.523551][ T56] em28xx 6-1:0.0: Registering input extension [ 151.527139][ T6000] em28xx 6-1:0.0: Closing input extension [ 151.547243][ T6000] em28xx 6-1:0.0: Freeing device [ 151.551682][ T7499] udevd[7499]: setting mode of /dev/bus/usb/006/002 to 020664 failed: No such file or directory [ 151.560932][ T7499] udevd[7499]: setting owner of /dev/bus/usb/006/002 to uid=0, gid=0 failed: No such file or directory [ 152.718288][ T7723] overlay: Unknown parameter '/' [ 153.168261][ T7733] netlink: 48 bytes leftover after parsing attributes in process `syz.2.481'. [ 153.453493][ T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 153.613416][ T10] usb 7-1: Using ep0 maxpacket: 32 [ 153.618243][ T10] usb 7-1: config 0 has no interfaces? [ 153.620462][ T10] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 153.624504][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.629841][ T10] usb 7-1: config 0 descriptor?? [ 153.771487][ T7740] netlink: 12 bytes leftover after parsing attributes in process `syz.4.483'. [ 153.844578][ T7735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 153.848692][ T7735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 153.864435][ T10] usb 7-1: USB disconnect, device number 4 [ 154.303519][ T6000] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 154.483433][ T6000] usb 7-1: Using ep0 maxpacket: 16 [ 154.486742][ T6000] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 154.490601][ T6000] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 154.504533][ T6000] usb 7-1: string descriptor 0 read error: -22 [ 154.507185][ T6000] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 154.510963][ T6000] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.517228][ T6000] usb 7-1: config 0 descriptor?? [ 154.532493][ T6000] em28xx 7-1:0.0: New device @ 480 Mbps (2040:0264, interface 0, class 0) [ 154.538864][ T6000] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class) [ 154.745922][ T7753] netlink: 8 bytes leftover after parsing attributes in process `syz.1.488'. [ 154.774906][ T7753] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.777807][ T7753] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.793912][ T6000] em28xx 7-1:0.0: unknown em28xx chip ID (0) [ 154.796768][ T6000] em28xx 7-1:0.0: Config register raw data: 0xfffffffb [ 154.800305][ T6000] em28xx 7-1:0.0: AC97 chip type couldn't be determined [ 154.804859][ T6000] em28xx 7-1:0.0: No AC97 audio processor [ 154.815984][ T6000] usb 7-1: USB disconnect, device number 5 [ 154.824281][ T6000] em28xx 7-1:0.0: Disconnecting em28xx [ 154.833587][ T6000] em28xx 7-1:0.0: Freeing device [ 154.866976][ T7753] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.875022][ T7753] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.944842][ T7754] team0: No ports can be present during mode change [ 154.947330][ T13] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.950318][ T13] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.954149][ T46] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.958106][ T46] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.348292][ T40] audit: type=1326 audit(1772415603.182:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7768 comm="syz.2.495" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 155.358730][ T40] audit: type=1326 audit(1772415603.182:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7768 comm="syz.2.495" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 155.367735][ T40] audit: type=1326 audit(1772415603.192:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7768 comm="syz.2.495" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 155.380053][ T40] audit: type=1326 audit(1772415603.192:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7768 comm="syz.2.495" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 155.389237][ T40] audit: type=1326 audit(1772415603.192:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7768 comm="syz.2.495" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 155.399910][ T40] audit: type=1326 audit(1772415603.192:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7768 comm="syz.2.495" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 155.409381][ T40] audit: type=1326 audit(1772415603.192:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7768 comm="syz.2.495" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 155.413682][ T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 155.418996][ T40] audit: type=1326 audit(1772415603.192:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7768 comm="syz.2.495" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 155.430809][ T40] audit: type=1326 audit(1772415603.192:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7768 comm="syz.2.495" exe="/syz-executor" sig=0 arch=40000003 syscall=378 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 155.440087][ T40] audit: type=1326 audit(1772415603.192:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7768 comm="syz.2.495" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 155.585038][ T9] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 155.589458][ T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 155.600902][ T9] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 155.647577][ T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 155.655952][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.683438][ T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 155.687367][ T9] usb 5-1: invalid MIDI out EP 0 [ 155.838432][ T9] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 155.897281][ T34] usb 5-1: USB disconnect, device number 7 [ 156.133568][ T828] usb 42-1: device descriptor read/8, error -110 [ 156.524311][ T828] usb usb42-port1: attempt power cycle [ 157.082146][ T7814] netlink: 4 bytes leftover after parsing attributes in process `syz.0.508'. [ 157.104199][ T828] usb usb42-port1: unable to enumerate USB device [ 157.233612][ T2370] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 157.404018][ T2370] usb 9-1: Using ep0 maxpacket: 16 [ 157.416071][ T2370] usb 9-1: config 1 has an invalid interface number: 105 but max is 0 [ 157.419829][ T2370] usb 9-1: config 1 has no interface number 0 [ 157.422480][ T2370] usb 9-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 157.429985][ T2370] usb 9-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 157.437043][ T2370] usb 9-1: config 1 interface 105 has no altsetting 0 [ 157.444615][ T2370] usb 9-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 157.448793][ T2370] usb 9-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 157.452345][ T2370] usb 9-1: Product: syz [ 157.454646][ T2370] usb 9-1: Manufacturer: syz [ 157.456644][ T2370] usb 9-1: SerialNumber: syz [ 157.469205][ T7811] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 157.472461][ T7811] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 157.882242][ T7811] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 157.885202][ T7811] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 158.290612][ T2370] aqc111 9-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32 [ 158.296380][ T2370] aqc111 9-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32 [ 158.311870][ T2370] aqc111 9-1:1.105 eth6: register 'aqc111' at usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 5e:c4:c3:0c:7b:a1 [ 158.456439][ T7864] overlay: Unknown parameter '/' [ 158.506017][ T5644] aqc111 9-1:1.105 eth6: Failed to write(0x61) reg index 0x0000: -71 [ 158.509963][ T10] usb 9-1: USB disconnect, device number 2 [ 158.520477][ T5644] aqc111 9-1:1.105 eth6: Failed to write(0x1) reg index 0x0006: -19 [ 158.526489][ T5644] aqc111 9-1:1.105 eth6: Failed to write(0x1) reg index 0x0001: -19 [ 158.530479][ T5644] aqc111 9-1:1.105 eth6: Failed to write(0x1) reg index 0x0001: -19 [ 158.535746][ T5644] aqc111 9-1:1.105 eth6: Failed to read(0x1) reg index 0x0001: -19 [ 158.539247][ T5644] aqc111 9-1:1.105 eth6: Failed to write(0x1) reg index 0x0001: -19 [ 158.542486][ T5644] aqc111 9-1:1.105 eth6: Failed to write(0x61) reg index 0x0000: -19 [ 158.547463][ T5644] aqc111 9-1:1.105 eth6: Error submitting the control message: status=-19 [ 158.551109][ T5644] aqc111 9-1:1.105 eth6: Error submitting the control message: status=-19 [ 158.555381][ T5644] aqc111 9-1:1.105 eth6: Error submitting the control message: status=-19 [ 158.558863][ T5644] aqc111 9-1:1.105 eth6: Error submitting the control message: status=-19 [ 158.564886][ T10] aqc111 9-1:1.105 eth6: unregister 'aqc111' usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 158.617988][ T10] aqc111 9-1:1.105 eth6: Failed to read(0x1) reg index 0x0002: -19 [ 158.633836][ T10] aqc111 9-1:1.105 eth6: Failed to write(0x1) reg index 0x0002: -19 [ 158.638092][ T10] aqc111 9-1:1.105 eth6: Failed to write(0x1) reg index 0x0002: -19 [ 158.641935][ T10] aqc111 9-1:1.105 eth6: Failed to write(0x61) reg index 0x0000: -19 [ 158.768134][ T10] aqc111 9-1:1.105 eth6 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 158.771518][ T10] aqc111 9-1:1.105 eth6 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 158.775398][ T10] aqc111 9-1:1.105 eth6 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 159.055356][ T7885] netlink: 'syz.4.524': attribute type 2 has an invalid length. [ 160.722065][ T7927] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 160.724961][ T7927] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 160.728664][ T7927] vhci_hcd vhci_hcd.0: Device attached [ 160.734844][ T7927] random: crng reseeded on system resumption [ 160.869305][ T7939] netlink: 4 bytes leftover after parsing attributes in process `syz.0.544'. [ 160.996131][ T828] usb 42-1: SetAddress Request (18) to port 0 [ 161.000442][ T828] usb 42-1: new SuperSpeed USB device number 18 using vhci_hcd [ 161.398109][ T5950] Bluetooth: hci1: unexpected event for opcode 0x201c [ 161.417338][ T7928] vhci_hcd: connection reset by peer [ 161.419781][ T88] vhci_hcd vhci_hcd.2: stop threads [ 161.421558][ T88] vhci_hcd vhci_hcd.2: release socket [ 161.423399][ T88] vhci_hcd vhci_hcd.2: disconnect device [ 162.147764][ T40] audit: type=1326 audit(1772415609.982:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7973 comm="syz.4.557" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 162.157534][ T40] audit: type=1326 audit(1772415609.982:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7973 comm="syz.4.557" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 162.159025][ T7978] netlink: 24 bytes leftover after parsing attributes in process `syz.4.557'. [ 162.165484][ T7975] netlink: 4 bytes leftover after parsing attributes in process `syz.0.556'. [ 162.166298][ T40] audit: type=1326 audit(1772415609.982:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7973 comm="syz.4.557" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 162.166322][ T40] audit: type=1326 audit(1772415609.982:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7973 comm="syz.4.557" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 162.166343][ T40] audit: type=1326 audit(1772415609.982:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7973 comm="syz.4.557" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 162.166363][ T40] audit: type=1326 audit(1772415609.982:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7973 comm="syz.4.557" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 162.166384][ T40] audit: type=1326 audit(1772415609.982:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7973 comm="syz.4.557" exe="/syz-executor" sig=0 arch=40000003 syscall=358 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 162.166405][ T40] audit: type=1326 audit(1772415609.982:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7973 comm="syz.4.557" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 162.166426][ T40] audit: type=1326 audit(1772415609.982:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7973 comm="syz.4.557" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 162.166445][ T40] audit: type=1326 audit(1772415609.982:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7973 comm="syz.4.557" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 162.733493][ T5923] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 162.923680][ T5923] usb 9-1: Using ep0 maxpacket: 32 [ 163.326427][ T5923] usb 9-1: config 0 has an invalid interface number: 196 but max is 0 [ 163.329106][ T5923] usb 9-1: config 0 has no interface number 0 [ 163.331100][ T5923] usb 9-1: config 0 interface 196 altsetting 1 has an endpoint descriptor with address 0x9E, changing to 0x8E [ 163.336159][ T5923] usb 9-1: config 0 interface 196 altsetting 1 bulk endpoint 0x8E has invalid maxpacket 528 [ 163.339452][ T5923] usb 9-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 163.343097][ T5923] usb 9-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 163.346704][ T5923] usb 9-1: config 0 interface 196 has no altsetting 0 [ 163.354616][ T5923] usb 9-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 163.357506][ T5923] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.360051][ T5923] usb 9-1: Product: syz [ 163.361426][ T5923] usb 9-1: Manufacturer: syz [ 163.363018][ T5923] usb 9-1: SerialNumber: syz [ 163.368514][ T5923] usb 9-1: config 0 descriptor?? [ 163.373812][ T7978] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 163.795245][ T8004] usb usb7: usbfs: process 8004 (syz.1.565) did not claim interface 63 before use [ 164.454842][ T5950] Bluetooth: hci3: unknown advertising packet type: 0x75 [ 164.454876][ T5950] Bluetooth: hci3: unknown advertising packet type: 0x6c [ 164.458006][ T5950] Bluetooth: hci3: Malformed LE Event: 0x02 [ 165.033583][ T5923] ipheth 9-1:0.196: Unable to find endpoints [ 165.055055][ T5923] usb 9-1: USB disconnect, device number 3 [ 165.414263][ T8028] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 165.483482][ T2370] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 165.633524][ T2370] usb 5-1: Using ep0 maxpacket: 16 [ 165.638061][ T2370] usb 5-1: unable to get BOS descriptor or descriptor too short [ 165.642520][ T2370] usb 5-1: config 143 interface 0 has no altsetting 0 [ 165.647744][ T2370] usb 5-1: New USB device found, idVendor=0572, idProduct=6831, bcdDevice=9e.51 [ 165.651864][ T2370] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.655242][ T2370] usb 5-1: Product: syz [ 165.656958][ T2370] usb 5-1: Manufacturer: syz [ 165.658869][ T2370] usb 5-1: SerialNumber: syz [ 165.879664][ T2370] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 165.903399][ T2370] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 165.907255][ T2370] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 166.013495][ T2370] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 166.016246][ T2370] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 166.053456][ T828] usb 42-1: device descriptor read/8, error -110 [ 166.073632][ T2370] usb 5-1: dvb_usb_v2: found a 'DVBSky S960/S860' in warm state [ 166.104344][ T2370] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 166.109921][ T2370] dvbdev: DVB: registering new adapter (DVBSky S960/S860) [ 166.113291][ T2370] usb 5-1: media controller created [ 166.116164][ T2370] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 166.119083][ T2370] usb 5-1: dvb_usb_v2: MAC address: 00:00:00:00:00:00 [ 166.133225][ T2370] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 166.295683][ T2370] usb 5-1: USB disconnect, device number 8 [ 166.454820][ T828] usb usb42-port1: attempt power cycle [ 166.843473][ T6000] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 166.993415][ T6000] usb 5-1: Using ep0 maxpacket: 8 [ 166.997502][ T6000] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 167.001563][ T6000] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 167.005613][ T6000] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.011832][ T6000] usb 5-1: config 0 descriptor?? [ 167.018250][ T6000] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 167.045146][ T828] usb usb42-port1: unable to enumerate USB device [ 168.053489][ T5950] Bluetooth: hci2: command 0x0406 tx timeout [ 168.241257][ T6000] gspca_vc032x: reg_w err -71 [ 168.243538][ T6000] vc032x 5-1:0.0: probe with driver vc032x failed with error -71 [ 168.256628][ T6000] usb 5-1: USB disconnect, device number 9 [ 168.503471][ T56] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 168.656669][ T56] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 168.659714][ T56] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.662380][ T56] usb 9-1: Product: syz [ 168.663813][ T56] usb 9-1: Manufacturer: syz [ 168.665493][ T56] usb 9-1: SerialNumber: syz [ 168.674532][ T56] usb 9-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 168.698829][ T56] usb 9-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 168.918616][ T6000] usb 9-1: USB disconnect, device number 4 [ 169.023447][ T828] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 169.183788][ T828] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 169.186880][ T828] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.190381][ T828] usb 5-1: Product: syz [ 169.192326][ T828] usb 5-1: Manufacturer: syz [ 169.194577][ T828] usb 5-1: SerialNumber: syz [ 169.201111][ T828] usb 5-1: config 0 descriptor?? [ 169.208071][ T828] ch341 5-1:0.0: ch341-uart converter detected [ 169.733579][ T56] ath9k_htc 9-1:1.0: ath9k_htc: Target is unresponsive [ 169.738284][ T56] ath9k_htc: Failed to initialize the device [ 169.742686][ T6000] usb 9-1: ath9k_htc: USB layer deinitialized [ 170.014161][ T828] usb 5-1: failed to send control message: -71 [ 170.016239][ T828] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 170.023141][ T828] usb 5-1: USB disconnect, device number 10 [ 170.027404][ T828] ch341 5-1:0.0: device disconnected [ 170.063512][ T6000] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 170.223401][ T6000] usb 9-1: Using ep0 maxpacket: 8 [ 170.226397][ T6000] usb 9-1: config 179 has an invalid interface number: 65 but max is 0 [ 170.228874][ T6000] usb 9-1: config 179 has no interface number 0 [ 170.230897][ T6000] usb 9-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 170.234642][ T6000] usb 9-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 170.238075][ T6000] usb 9-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 170.241816][ T6000] usb 9-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 170.246098][ T6000] usb 9-1: config 179 interface 65 has no altsetting 0 [ 170.248256][ T6000] usb 9-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 170.251057][ T6000] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.262281][ T6000] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:179.65/input/input13 [ 170.303798][ T5326] input input13: unable to receive magic message: -110 [ 170.321656][ T5326] input input13: unable to receive magic message: -32 [ 170.334025][ T5326] input input13: unable to receive magic message: -32 [ 170.349482][ T5326] input input13: unable to receive magic message: -32 [ 170.364056][ T5326] input input13: unable to receive magic message: -32 [ 170.367245][ T5326] input input13: unable to receive magic message: -32 [ 170.460385][ T8070] input input13: unable to receive magic message: -32 [ 170.463833][ T2370] usb 9-1: USB disconnect, device number 5 [ 170.465979][ C2] xpad 9-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 170.537194][ T8104] netlink: 8 bytes leftover after parsing attributes in process `syz.1.600'. [ 171.116725][ T8135] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 171.374605][ T5950] Bluetooth: hci1: unknown advertising packet type: 0x75 [ 171.374657][ T5950] Bluetooth: hci1: unknown advertising packet type: 0x6c [ 171.383770][ T5950] Bluetooth: hci1: Malformed LE Event: 0x02 [ 171.993756][ T8145] sg_write: data in/out 28/14 bytes for SCSI command 0x0-- guessing data in; [ 171.993756][ T8145] program syz.0.615 not setting count and/or reply_len properly [ 172.118082][ T6000] IPVS: starting estimator thread 0... [ 172.214823][ T8148] IPVS: using max 28 ests per chain, 67200 per kthread [ 172.545459][ T8165] syzkaller0: entered promiscuous mode [ 172.547203][ T8165] syzkaller0: entered allmulticast mode [ 172.633456][ T6000] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 172.681871][ T8167] rdma_rxe: rxe_newlink: failed to add syz_tun [ 172.803467][ T6000] usb 6-1: Using ep0 maxpacket: 32 [ 172.807891][ T6000] usb 6-1: config 0 has an invalid interface number: 196 but max is 0 [ 172.811368][ T6000] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 172.823467][ T6000] usb 6-1: config 0 has no interface number 0 [ 172.826191][ T6000] usb 6-1: config 0 interface 196 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 172.831993][ T6000] usb 6-1: config 0 interface 196 has no altsetting 0 [ 172.838214][ T6000] usb 6-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 172.842384][ T6000] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.846021][ T6000] usb 6-1: Product: syz [ 172.847806][ T6000] usb 6-1: Manufacturer: syz [ 172.849844][ T6000] usb 6-1: SerialNumber: syz [ 172.863678][ T6000] usb 6-1: config 0 descriptor?? [ 173.089972][ T5950] Bluetooth: hci2: hcon ffff888024908000 sent 1 < count 6121 [ 173.094293][ T5950] Bluetooth: hci2: hcon ffff888024908000 sent 0 < count 12 [ 175.264669][ T6000] usb 6-1: USB disconnect, device number 3 [ 175.318876][ T8223] netlink: 28 bytes leftover after parsing attributes in process `syz.4.640'. [ 175.322934][ T8223] netlink: 2 bytes leftover after parsing attributes in process `syz.4.640'. [ 175.330318][ T8223] netlink: 28 bytes leftover after parsing attributes in process `syz.4.640'. [ 175.334738][ T8223] netlink: 28 bytes leftover after parsing attributes in process `syz.4.640'. [ 175.338836][ T8223] netlink: 2 bytes leftover after parsing attributes in process `syz.4.640'. [ 175.343228][ T8223] netlink: 28 bytes leftover after parsing attributes in process `syz.4.640'. [ 175.347944][ T8223] netlink: 28 bytes leftover after parsing attributes in process `syz.4.640'. [ 175.352037][ T8223] netlink: 2 bytes leftover after parsing attributes in process `syz.4.640'. [ 175.356541][ T8223] netlink: 28 bytes leftover after parsing attributes in process `syz.4.640'. [ 176.302091][ T8238] overlay: Unknown parameter '/' [ 177.111438][ T8254] netlink: 'syz.2.653': attribute type 3 has an invalid length. [ 177.693451][ T56] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 177.843412][ T56] usb 7-1: Using ep0 maxpacket: 32 [ 177.847675][ T56] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 177.854975][ T56] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 177.858750][ T56] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 177.862398][ T56] usb 7-1: Product: syz [ 177.864410][ T56] usb 7-1: Manufacturer: syz [ 177.866375][ T56] usb 7-1: SerialNumber: syz [ 177.870979][ T56] usb 7-1: config 0 descriptor?? [ 177.873948][ T8272] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 177.878586][ T56] hub 7-1:0.0: bad descriptor, ignoring hub [ 177.881189][ T56] hub 7-1:0.0: probe with driver hub failed with error -5 [ 178.335822][ T56] usb 7-1: reset high-speed USB device number 6 using dummy_hcd [ 178.510655][ T8272] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 178.543532][ T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 178.703505][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 178.710531][ T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 178.715162][ T10] usb 6-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 178.723726][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 178.731482][ T10] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 178.735513][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.739075][ T10] usb 6-1: Product: syz [ 178.741240][ T10] usb 6-1: Manufacturer: syz [ 178.743603][ T10] usb 6-1: SerialNumber: syz [ 178.761141][ T10] usb 6-1: config 0 descriptor?? [ 178.834162][ T34] usb 7-1: USB disconnect, device number 6 [ 179.093528][ T5950] Bluetooth: hci0: command 0x0c1a tx timeout [ 179.170782][ T10] gs_usb 6-1:0.0: Configuring for 158 interfaces [ 179.578393][ T10] gs_usb 6-1:0.0: Disabling termination support for channel 0 (-EPROTO) [ 179.671060][ T10] gs_usb 6-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO) [ 179.787552][ T10] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -71 [ 179.831044][ T10] usb 6-1: USB disconnect, device number 4 [ 180.241132][ T8302] __nla_validate_parse: 21 callbacks suppressed [ 180.241149][ T8302] netlink: 44 bytes leftover after parsing attributes in process `syz.1.670'. [ 181.163663][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout [ 181.227399][ T8315] hsr0: entered promiscuous mode [ 181.393895][ T8322] dlm: no local IP address has been set [ 181.396626][ T8322] dlm: cannot start dlm midcomms -107 [ 181.427595][ T8308] hsr0: left promiscuous mode [ 183.788809][ T8358] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 183.791686][ T8358] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 183.808422][ T8358] vhci_hcd vhci_hcd.0: Device attached [ 183.815522][ T8358] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(5) [ 183.817906][ T8358] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 183.820843][ T8358] vhci_hcd vhci_hcd.0: Device attached [ 183.826924][ T8358] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(7) [ 183.829021][ T8358] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 183.831894][ T8358] vhci_hcd vhci_hcd.0: Device attached [ 183.839303][ T8364] vhci_hcd: connection closed [ 183.839395][ T8359] vhci_hcd: connection closed [ 183.839440][ T8362] vhci_hcd: connection closed [ 183.845447][ T46] vhci_hcd vhci_hcd.4: stop threads [ 183.849786][ T46] vhci_hcd vhci_hcd.4: release socket [ 183.852131][ T46] vhci_hcd vhci_hcd.4: disconnect device [ 183.863662][ T46] vhci_hcd vhci_hcd.4: stop threads [ 183.865409][ T46] vhci_hcd vhci_hcd.4: release socket [ 183.867123][ T46] vhci_hcd vhci_hcd.4: disconnect device [ 183.873392][ T46] vhci_hcd vhci_hcd.4: stop threads [ 183.875219][ T46] vhci_hcd vhci_hcd.4: release socket [ 183.877105][ T46] vhci_hcd vhci_hcd.4: disconnect device [ 184.088161][ T8371] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4068521576 (4068521576 ns) > initial count (2794446801 ns). Using initial count to start timer. [ 184.333690][ T9] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 184.506256][ T9] usb 7-1: config 27 has an invalid descriptor of length 46, skipping remainder of the config [ 184.511969][ T9] usb 7-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 184.517465][ T9] usb 7-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d [ 184.520708][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.333450][ T5923] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 185.372355][ T6000] usb 7-1: USB disconnect, device number 7 [ 185.493399][ T5923] usb 5-1: Using ep0 maxpacket: 32 [ 185.497988][ T5923] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 185.501699][ T5923] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 185.505244][ T5923] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 185.508324][ T5923] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.528882][ T5923] usb 5-1: config 0 descriptor?? [ 185.543490][ T5923] hub 5-1:0.0: USB hub found [ 185.706631][ T8397] netlink: 8 bytes leftover after parsing attributes in process `syz.2.701'. [ 185.736511][ T5923] hub 5-1:0.0: 1 port detected [ 185.770920][ T8402] bridge_slave_0: left allmulticast mode [ 185.772741][ T8402] bridge_slave_0: left promiscuous mode [ 185.776764][ T8402] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.780798][ T8402] bridge_slave_1: left allmulticast mode [ 185.782663][ T8402] bridge_slave_1: left promiscuous mode [ 185.784684][ T8402] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.789030][ T8402] bond0: (slave bond_slave_0): Releasing backup interface [ 185.792878][ T8402] bond0: (slave bond_slave_1): Releasing backup interface [ 185.796894][ T8402] team0: Port device team_slave_0 removed [ 185.799674][ T8402] team0: Port device team_slave_1 removed [ 185.801722][ T8402] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 185.804737][ T8402] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 185.807816][ T8402] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 186.339297][ T5923] hub 5-1:0.0: activate --> -90 [ 186.743783][ T5987] usb 5-1: USB disconnect, device number 11 [ 186.745825][ T5923] hub 5-1:0.0: hub_ext_port_status failed (err = -71) [ 186.748246][ T5923] hub_port_connect: 55 callbacks suppressed [ 186.748256][ T5923] usb 5-1-port1: connect-debounce failed [ 186.953662][ T9] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 187.103404][ T9] usb 9-1: Using ep0 maxpacket: 16 [ 187.107293][ T9] usb 9-1: config 127 has an invalid interface number: 124 but max is 0 [ 187.109960][ T9] usb 9-1: config 127 has no interface number 0 [ 187.112085][ T9] usb 9-1: config 127 interface 124 has no altsetting 0 [ 187.116142][ T9] usb 9-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=36.87 [ 187.119129][ T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.121752][ T9] usb 9-1: Product: syz [ 187.123222][ T9] usb 9-1: Manufacturer: syz [ 187.124895][ T9] usb 9-1: SerialNumber: syz [ 187.964378][ T9] usb 9-1: reset high-speed USB device number 6 using dummy_hcd [ 188.183629][ T8435] syzkaller0: entered promiscuous mode [ 188.185431][ T8435] syzkaller0: entered allmulticast mode [ 188.529395][ T5987] usb 9-1: USB disconnect, device number 6 [ 188.587223][ T40] audit: type=1326 audit(1772415636.422:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8446 comm="syz.1.720" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 188.610434][ T40] audit: type=1326 audit(1772415636.422:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8446 comm="syz.1.720" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 188.623472][ T40] audit: type=1326 audit(1772415636.422:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8446 comm="syz.1.720" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 188.632445][ T40] audit: type=1326 audit(1772415636.422:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8446 comm="syz.1.720" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 188.643555][ T40] audit: type=1326 audit(1772415636.422:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8446 comm="syz.1.720" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 188.652684][ T40] audit: type=1326 audit(1772415636.422:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8446 comm="syz.1.720" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 188.662519][ T40] audit: type=1326 audit(1772415636.422:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8446 comm="syz.1.720" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 188.671899][ T40] audit: type=1326 audit(1772415636.422:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8446 comm="syz.1.720" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 188.682074][ T40] audit: type=1326 audit(1772415636.422:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8446 comm="syz.1.720" exe="/syz-executor" sig=0 arch=40000003 syscall=358 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 189.323798][ T2370] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 189.503903][ T2370] usb 9-1: unable to get BOS descriptor or descriptor too short [ 189.509034][ T2370] usb 9-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 189.523736][ T2370] usb 9-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 189.527593][ T2370] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.531155][ T2370] usb 9-1: Product: syz [ 189.533001][ T2370] usb 9-1: Manufacturer: syz [ 189.538725][ T2370] usb 9-1: SerialNumber: syz [ 189.722387][ T8477] syz.1.724 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 189.772604][ T2370] usb 9-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 189.779077][ T2370] usb 9-1: unit 13 not found! [ 189.826006][ T2370] usb 9-1: USB disconnect, device number 7 [ 189.861174][ T6329] udevd[6329]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 190.603394][ T5987] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 190.763410][ T5987] usb 9-1: Using ep0 maxpacket: 32 [ 190.766421][ T5987] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 190.770116][ T5987] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 190.773480][ T5987] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 190.777776][ T5987] usb 9-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 190.780914][ T5987] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.788124][ T5987] usb 9-1: config 0 descriptor?? [ 191.173428][ T9] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 191.198454][ T5987] hid (null): unknown global tag 0xc [ 191.200223][ T5987] hid (null): unknown global tag 0xe [ 191.201970][ T5987] hid (null): unknown global tag 0xd [ 191.213402][ T5987] hid (null): invalid report_size 24548 [ 191.225663][ T5987] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/0003:0458:5011.0004/input/input14 [ 191.297234][ T5987] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/0003:0458:5011.0004/input/input15 [ 191.321656][ T5987] kye 0003:0458:5011.0004: input,hiddev0,hidraw1: USB HID v0.04 Mouse [HID 0458:5011] on usb-dummy_hcd.4-1/input0 [ 191.324602][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 191.337192][ T9] usb 5-1: New USB device found, idVendor=1235, idProduct=8014, bcdDevice= 0.40 [ 191.340419][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.344361][ T9] usb 5-1: Product: syz [ 191.346855][ T9] usb 5-1: Manufacturer: syz [ 191.349076][ T9] usb 5-1: SerialNumber: syz [ 191.397596][ T7601] usb 9-1: USB disconnect, device number 8 [ 191.721599][ T9] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 191.732559][ T9] usb 5-1: USB disconnect, device number 12 [ 191.743264][ T7499] udevd[7499]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 192.134597][ T8501] netlink: 'syz.0.738': attribute type 29 has an invalid length. [ 192.138994][ T8501] netlink: 'syz.0.738': attribute type 29 has an invalid length. [ 192.143161][ T8501] netlink: 600 bytes leftover after parsing attributes in process `syz.0.738'. [ 192.898197][ T8521] input: syz1 as /devices/virtual/input/input16 [ 193.002303][ T8527] lo speed is unknown, defaulting to 1000 [ 193.005635][ T8527] lo speed is unknown, defaulting to 1000 [ 193.008301][ T8527] lo speed is unknown, defaulting to 1000 [ 193.012082][ T8527] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 193.022327][ T8527] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 193.040364][ T8527] lo speed is unknown, defaulting to 1000 [ 193.044947][ T8527] lo speed is unknown, defaulting to 1000 [ 193.047683][ T8527] lo speed is unknown, defaulting to 1000 [ 193.050947][ T8527] lo speed is unknown, defaulting to 1000 [ 193.059528][ T8527] smc: removing ib device syz1 [ 193.110268][ T8530] netlink: 'syz.0.748': attribute type 3 has an invalid length. [ 193.393507][ T9] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 193.545233][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 193.550413][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 193.556176][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 193.560833][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 193.568119][ T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 193.572279][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.586776][ T9] usb 5-1: config 0 descriptor?? [ 194.005907][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 194.041275][ T9] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 195.150051][ T8575] mmap: syz.4.759 (8575) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 196.016528][ T6000] usb 5-1: USB disconnect, device number 13 [ 196.241865][ T8591] syzkaller0: entered promiscuous mode [ 196.244041][ T8591] syzkaller0: entered allmulticast mode [ 196.546053][ T8598] netlink: 28 bytes leftover after parsing attributes in process `syz.0.769'. [ 196.549974][ T8598] netlink: 44 bytes leftover after parsing attributes in process `syz.0.769'. [ 196.997662][ T40] kauditd_printk_skb: 22 callbacks suppressed [ 196.997674][ T40] audit: type=1326 audit(1772415644.832:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8613 comm="syz.2.775" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 197.028094][ T40] audit: type=1326 audit(1772415644.832:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8613 comm="syz.2.775" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 197.037437][ T40] audit: type=1326 audit(1772415644.832:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8613 comm="syz.2.775" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 197.049229][ T40] audit: type=1326 audit(1772415644.852:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8613 comm="syz.2.775" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 197.057495][ T40] audit: type=1326 audit(1772415644.852:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8613 comm="syz.2.775" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 197.065870][ T40] audit: type=1326 audit(1772415644.852:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8613 comm="syz.2.775" exe="/syz-executor" sig=0 arch=40000003 syscall=358 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 197.072914][ T40] audit: type=1326 audit(1772415644.852:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8613 comm="syz.2.775" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 197.085747][ T40] audit: type=1326 audit(1772415644.852:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8613 comm="syz.2.775" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 197.100481][ T40] audit: type=1326 audit(1772415644.852:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8613 comm="syz.2.775" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 197.114976][ T40] audit: type=1326 audit(1772415644.852:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8613 comm="syz.2.775" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 197.450868][ T8622] netlink: 8 bytes leftover after parsing attributes in process `syz.4.776'. [ 197.453412][ T2370] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 197.603404][ T2370] usb 7-1: Using ep0 maxpacket: 32 [ 197.619837][ T2370] usb 7-1: config 0 has an invalid interface number: 196 but max is 0 [ 197.623910][ T2370] usb 7-1: config 0 has no interface number 0 [ 197.626793][ T2370] usb 7-1: config 0 interface 196 altsetting 1 has an endpoint descriptor with address 0x9E, changing to 0x8E [ 197.632087][ T2370] usb 7-1: config 0 interface 196 altsetting 1 bulk endpoint 0x8E has invalid maxpacket 528 [ 197.636923][ T2370] usb 7-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 197.642286][ T2370] usb 7-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 197.648496][ T2370] usb 7-1: config 0 interface 196 has no altsetting 0 [ 197.881321][ T2370] usb 7-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 197.891259][ T2370] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.894044][ T2370] usb 7-1: Product: syz [ 197.895427][ T2370] usb 7-1: Manufacturer: syz [ 197.896972][ T2370] usb 7-1: SerialNumber: syz [ 197.912843][ T2370] usb 7-1: config 0 descriptor?? [ 197.963432][ T5987] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 197.973615][ T8618] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 198.053568][ T5923] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 198.133450][ T5987] usb 6-1: Using ep0 maxpacket: 32 [ 198.143903][ T5987] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 198.147378][ T5987] usb 6-1: config 0 has no interface number 0 [ 198.152334][ T5987] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 198.156846][ T5987] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.160677][ T5987] usb 6-1: Product: syz [ 198.162247][ T5987] usb 6-1: Manufacturer: syz [ 198.164643][ T5987] usb 6-1: SerialNumber: syz [ 198.167103][ T8644] lo speed is unknown, defaulting to 1000 [ 198.169423][ T5987] usb 6-1: config 0 descriptor?? [ 198.234910][ T5923] usb 5-1: not running at top speed; connect to a high speed hub [ 198.239812][ T5923] usb 5-1: config 9 has an invalid interface number: 173 but max is 0 [ 198.243545][ T5923] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 198.247885][ T5923] usb 5-1: config 9 has no interface number 0 [ 198.250785][ T5923] usb 5-1: config 9 interface 173 altsetting 129 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 198.255507][ T5923] usb 5-1: config 9 interface 173 altsetting 129 has 1 endpoint descriptor, different from the interface descriptor's value: 10 [ 198.272059][ T5923] usb 5-1: config 9 interface 173 has no altsetting 0 [ 198.280498][ T5923] usb 5-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=60.1b [ 198.284687][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.287502][ T5923] usb 5-1: Product: syz [ 198.288934][ T5923] usb 5-1: SerialNumber: syz [ 198.293830][ T8639] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 198.355925][ T56] IPVS: starting estimator thread 0... [ 198.410069][ T8647] IPVS: set_ctl: invalid protocol: 159 10.1.1.2:20004 [ 198.463588][ T8648] IPVS: using max 44 ests per chain, 105600 per kthread [ 198.514835][ T5923] usb 5-1: USB disconnect, device number 14 [ 198.978960][ T5987] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout [ 199.016520][ T1412] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.018677][ T1412] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.117851][ T8653] netlink: 32 bytes leftover after parsing attributes in process `syz.4.786'. [ 199.179528][ T5987] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 199.186839][ T5987] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 199.195183][ T5987] usb 6-1: USB disconnect, device number 5 [ 199.403411][ T9] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 199.553479][ T9] usb 9-1: Using ep0 maxpacket: 8 [ 199.556737][ T9] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 199.560335][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 199.565115][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 199.568569][ T9] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 199.573010][ T9] usb 9-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 199.576656][ T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.581254][ T9] usb 9-1: config 0 descriptor?? [ 199.788576][ T34] usb 9-1: USB disconnect, device number 9 [ 199.928951][ T2370] ipheth 7-1:0.196: Unable to find endpoints [ 199.934522][ T2370] usb 7-1: USB disconnect, device number 8 [ 199.980555][ T8671] team0: Port device dummy0 removed [ 199.985413][ T8671] bridge_slave_0: left allmulticast mode [ 199.987252][ T8671] bridge_slave_0: left promiscuous mode [ 199.989252][ T8671] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.997278][ T8671] bridge_slave_1: left allmulticast mode [ 199.999618][ T8671] bridge_slave_1: left promiscuous mode [ 200.002091][ T8671] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.010640][ T8671] bond0: (slave bond_slave_0): Releasing backup interface [ 200.015451][ T8671] bond0: (slave bond_slave_1): Releasing backup interface [ 200.020819][ T8671] team0: Port device team_slave_0 removed [ 200.026161][ T8671] team0: Port device team_slave_1 removed [ 200.029077][ T8671] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 200.031598][ T8671] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 200.036464][ T8671] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 200.039541][ T8671] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 200.045715][ T8671] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 202.114303][ T5923] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 202.273470][ T5923] usb 6-1: Using ep0 maxpacket: 32 [ 202.278005][ T5923] usb 6-1: config 0 has no interfaces? [ 202.283250][ T5923] usb 6-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=b8.a2 [ 202.287558][ T5923] usb 6-1: New USB device strings: Mfr=1, Product=18, SerialNumber=3 [ 202.290914][ T5923] usb 6-1: Product: syz [ 202.292433][ T5923] usb 6-1: Manufacturer: syz [ 202.294430][ T5923] usb 6-1: SerialNumber: syz [ 202.298032][ T5923] usb 6-1: config 0 descriptor?? [ 202.517822][ T9] usb 6-1: USB disconnect, device number 6 [ 202.561479][ T8710] netlink: 'syz.2.803': attribute type 1 has an invalid length. [ 204.437172][ T40] kauditd_printk_skb: 60 callbacks suppressed [ 204.437183][ T40] audit: type=1326 audit(1772415652.272:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.4.813" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70aef6c code=0x0 [ 204.675184][ T8748] netlink: 12 bytes leftover after parsing attributes in process `syz.1.818'. [ 206.565069][ T8781] netlink: 'syz.0.829': attribute type 10 has an invalid length. [ 206.704382][ T8783] 8021q: adding VLAN 0 to HW filter on device bond1 [ 206.707880][ T8781] bond_slave_0: entered promiscuous mode [ 206.707919][ T8781] bond_slave_1: entered promiscuous mode [ 206.708290][ T8781] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 206.711463][ T8781] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 206.977626][ T8796] pim6reg0: tun_chr_ioctl cmd 2147767521 [ 207.007932][ T40] audit: type=1326 audit(1772415654.842:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8792 comm="syz.0.833" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 207.018497][ T40] audit: type=1326 audit(1772415654.842:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8792 comm="syz.0.833" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 207.033540][ T40] audit: type=1326 audit(1772415654.852:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8792 comm="syz.0.833" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 207.046755][ T40] audit: type=1326 audit(1772415654.852:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8792 comm="syz.0.833" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 207.065555][ T40] audit: type=1326 audit(1772415654.852:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8792 comm="syz.0.833" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 207.083475][ T40] audit: type=1326 audit(1772415654.852:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8792 comm="syz.0.833" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 207.102808][ T40] audit: type=1326 audit(1772415654.852:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8792 comm="syz.0.833" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 207.117887][ T8797] netlink: 24 bytes leftover after parsing attributes in process `syz.0.833'. [ 207.131808][ T40] audit: type=1326 audit(1772415654.852:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8792 comm="syz.0.833" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 207.174732][ T40] audit: type=1326 audit(1772415654.852:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8792 comm="syz.0.833" exe="/syz-executor" sig=0 arch=40000003 syscall=358 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 207.443488][ T6000] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 207.593544][ T6000] usb 5-1: Using ep0 maxpacket: 32 [ 207.597830][ T6000] usb 5-1: config 0 has an invalid interface number: 196 but max is 0 [ 207.605306][ T6000] usb 5-1: config 0 has no interface number 0 [ 207.608189][ T6000] usb 5-1: config 0 interface 196 altsetting 1 has an endpoint descriptor with address 0x9E, changing to 0x8E [ 207.619314][ T6000] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x8E has invalid maxpacket 528 [ 207.624102][ T6000] usb 5-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 207.628590][ T6000] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 207.632644][ T6000] usb 5-1: config 0 interface 196 has no altsetting 0 [ 207.642058][ T6000] usb 5-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 207.646902][ T6000] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.650576][ T6000] usb 5-1: Product: syz [ 207.652689][ T6000] usb 5-1: Manufacturer: syz [ 207.655001][ T6000] usb 5-1: SerialNumber: syz [ 207.662262][ T6000] usb 5-1: config 0 descriptor?? [ 207.668392][ T8804] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 208.759458][ T8827] wlan0 speed is unknown, defaulting to 1000 [ 208.762302][ T8827] wlan0 speed is unknown, defaulting to 1000 [ 208.766807][ T8827] wlan0 speed is unknown, defaulting to 1000 [ 208.779934][ T8827] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 208.800164][ T8827] wlan0 speed is unknown, defaulting to 1000 [ 208.805903][ T8827] wlan0 speed is unknown, defaulting to 1000 [ 208.816489][ T8827] wlan0 speed is unknown, defaulting to 1000 [ 208.822866][ T8827] wlan0 speed is unknown, defaulting to 1000 [ 209.717292][ T8845] netlink: 4 bytes leftover after parsing attributes in process `syz.4.849'. [ 209.921559][ T6000] ipheth 5-1:0.196: Unable to find endpoints [ 209.929033][ T6000] usb 5-1: USB disconnect, device number 15 [ 210.974191][ T6000] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 211.123547][ T6000] usb 6-1: Using ep0 maxpacket: 16 [ 211.126906][ T6000] usb 6-1: config 82 has an invalid interface number: 243 but max is 0 [ 211.130712][ T6000] usb 6-1: config 82 has no interface number 0 [ 211.133099][ T6000] usb 6-1: config 82 interface 243 has no altsetting 0 [ 211.137858][ T6000] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice=f3.37 [ 211.153459][ T6000] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.157077][ T6000] usb 6-1: Product: syz [ 211.158895][ T6000] usb 6-1: Manufacturer: syz [ 211.161096][ T6000] usb 6-1: SerialNumber: syz [ 211.365976][ T40] kauditd_printk_skb: 27 callbacks suppressed [ 211.365993][ T40] audit: type=1326 audit(1772415659.202:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 211.379002][ T40] audit: type=1326 audit(1772415659.202:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.875" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 211.391148][ T40] audit: type=1326 audit(1772415659.202:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 211.400380][ T6000] usbtest 6-1:82.243: couldn't get endpoints, -71 [ 211.402470][ T6000] usbtest 6-1:82.243: probe with driver usbtest failed with error -71 [ 211.406645][ T40] audit: type=1326 audit(1772415659.202:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 211.414328][ T6000] usb 6-1: USB disconnect, device number 7 [ 211.417903][ T40] audit: type=1326 audit(1772415659.202:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.875" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 211.425095][ T40] audit: type=1326 audit(1772415659.202:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 211.431923][ T40] audit: type=1326 audit(1772415659.202:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.875" exe="/syz-executor" sig=0 arch=40000003 syscall=358 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 211.440298][ T40] audit: type=1326 audit(1772415659.202:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 211.447386][ T40] audit: type=1326 audit(1772415659.202:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.875" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 211.488045][ T40] audit: type=1326 audit(1772415659.262:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.875" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fa3f6c code=0x7ffc0000 [ 211.723550][ T5950] Bluetooth: hci2: command 0x0406 tx timeout [ 211.753399][ T6000] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 211.923447][ T6000] usb 5-1: Using ep0 maxpacket: 32 [ 211.927034][ T6000] usb 5-1: config 0 has an invalid interface number: 196 but max is 0 [ 211.929911][ T6000] usb 5-1: config 0 has no interface number 0 [ 211.932038][ T6000] usb 5-1: config 0 interface 196 altsetting 1 has an endpoint descriptor with address 0x9E, changing to 0x8E [ 211.936499][ T6000] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x8E has invalid maxpacket 528 [ 211.939788][ T6000] usb 5-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 211.943202][ T6000] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 211.949385][ T6000] usb 5-1: config 0 interface 196 has no altsetting 0 [ 211.954817][ T6000] usb 5-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 211.957768][ T6000] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.960389][ T6000] usb 5-1: Product: syz [ 211.961780][ T6000] usb 5-1: Manufacturer: syz [ 211.963605][ T6000] usb 5-1: SerialNumber: syz [ 211.970149][ T6000] usb 5-1: config 0 descriptor?? [ 211.974266][ T8912] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 212.423372][ T828] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 212.583419][ T828] usb 7-1: Using ep0 maxpacket: 32 [ 212.586997][ T828] usb 7-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 212.590827][ T828] usb 7-1: config 0 interface 0 has no altsetting 0 [ 212.593142][ T828] usb 7-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 212.596495][ T828] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.602392][ T828] usb 7-1: config 0 descriptor?? [ 213.372848][ T828] corsair-cpro 0003:1B1C:0C10.0006: hidraw1: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.2-1/input0 [ 213.574332][ T828] corsair-cpro 0003:1B1C:0C10.0006: probe with driver corsair-cpro failed with error -71 [ 213.773813][ T56] usb 7-1: USB disconnect, device number 9 [ 213.803481][ T5942] Bluetooth: hci2: command 0x0406 tx timeout [ 213.805476][ T8945] syzkaller0: entered promiscuous mode [ 213.808839][ T8945] syzkaller0: entered allmulticast mode [ 213.815885][ T8945] 0: reclassify loop, rule prio 0, protocol 800 [ 214.314786][ T6000] ipheth 5-1:0.196: Unable to find endpoints [ 214.328770][ T6000] usb 5-1: USB disconnect, device number 16 [ 214.355809][ T8952] kvm: pic: non byte read [ 215.244136][ T8962] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 215.833419][ T2370] usb 9-1: new full-speed USB device number 10 using dummy_hcd [ 215.995778][ T2370] usb 9-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 216.005769][ T2370] usb 9-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 216.013615][ T2370] usb 9-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 216.025115][ T2370] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 216.030535][ T2370] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 216.036305][ T2370] usb 9-1: SerialNumber: syz [ 216.258136][ T2370] rndis_host 9-1:253.0: RNDIS init failed, -71 [ 216.261248][ T2370] rndis_host 9-1:253.0: probe with driver rndis_host failed with error -71 [ 216.270594][ T2370] usb 9-1: USB disconnect, device number 10 [ 216.899790][ T8996] netlink: 16 bytes leftover after parsing attributes in process `syz.4.904'. [ 216.903767][ T8996] netlink: 20 bytes leftover after parsing attributes in process `syz.4.904'. [ 216.910409][ T8996] netlink: 4 bytes leftover after parsing attributes in process `syz.4.904'. [ 218.528262][ T9020] No control pipe specified [ 218.821096][ T9024] netlink: 20 bytes leftover after parsing attributes in process `syz.2.911'. [ 219.353498][ T2370] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 219.508497][ T2370] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 219.511584][ T2370] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.514582][ T2370] usb 6-1: Product: syz [ 219.516051][ T2370] usb 6-1: Manufacturer: syz [ 219.517753][ T2370] usb 6-1: SerialNumber: syz [ 219.525886][ T2370] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 219.550360][ T2370] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 219.775328][ T9] usb 6-1: USB disconnect, device number 8 [ 220.613603][ T2370] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 220.616004][ T2370] ath9k_htc: Failed to initialize the device [ 220.618343][ T9] usb 6-1: ath9k_htc: USB layer deinitialized [ 220.913492][ T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 221.073482][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 221.077716][ T9] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 221.081216][ T9] usb 6-1: config 179 has no interface number 0 [ 221.084406][ T9] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 221.089068][ T9] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 221.094172][ T9] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 221.098631][ T9] usb 6-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 221.104569][ T9] usb 6-1: config 179 interface 65 has no altsetting 0 [ 221.107568][ T9] usb 6-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 221.111306][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.130366][ T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:179.65/input/input18 [ 221.193678][ T5326] input input18: unable to receive magic message: -110 [ 221.202604][ T5326] input input18: unable to receive magic message: -32 [ 221.215308][ T5326] input input18: unable to receive magic message: -32 [ 221.223282][ T5326] input input18: unable to receive magic message: -32 [ 221.234994][ T5326] input input18: unable to receive magic message: -32 [ 222.178989][ T9073] input: syz0 as /devices/virtual/input/input19 [ 222.399807][ T9] usb 6-1: USB disconnect, device number 9 [ 222.402030][ C0] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 223.337303][ T9085] ------------[ cut here ]------------ [ 223.340398][ T9085] ((d_inode(path->dentry))->i_flags & (1 << 19)) && !(path->mnt->mnt_sb->s_iflags & 0x00000002) [ 223.340419][ T9085] WARNING: fs/exec.c:118 at path_noexec+0x1cf/0x230, CPU#3: syz.2.933/9085 [ 223.350519][ T9085] Modules linked in: [ 223.352858][ T9085] CPU: 3 UID: 0 PID: 9085 Comm: syz.2.933 Tainted: G L syzkaller #0 PREEMPT(full) [ 223.358202][ T9085] Tainted: [L]=SOFTLOCKUP [ 223.360175][ T9085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 223.365028][ T9085] RIP: 0010:path_noexec+0x1cf/0x230 [ 223.367420][ T9085] Code: 58 31 ff 83 e3 02 48 89 de 48 d1 eb e8 ca f4 7e ff 83 e3 01 e8 e2 f9 7e ff 89 d8 5b 5d 41 5c e9 d7 5a 07 09 e8 d2 f9 7e ff 90 <0f> 0b 90 e9 46 ff ff ff e8 74 7a ea ff e9 a3 fe ff ff e8 6a 7a ea SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 223.376306][ T9085] RSP: 0018:ffffc9000744fc08 EFLAGS: 00010283 [ 223.379369][ T9085] RAX: 00000000000000ae RBX: 0000000000000000 RCX: ffffc9000c001000 [ 223.383070][ T9085] RDX: 0000000000080000 RSI: ffffffff828900ce RDI: ffff888024c10000 [ 223.387116][ T9085] RBP: ffff888020c5b360 R08: 0000000000000007 R09: 0000000000000000 [ 223.390727][ T9085] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000080000 [ 223.394426][ T9085] R13: 0000000000000001 R14: ffff888023da1388 R15: 0000000000000000 [ 223.398081][ T9085] FS: 0000000000000000(0000) GS:ffff88809744c000(0063) knlGS:00000000f543db40 [ 223.402450][ T9085] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 223.405776][ T9085] CR2: 00000000f543cff4 CR3: 000000004b880000 CR4: 0000000000352ef0 [ 223.409634][ T9085] Call Trace: [ 223.411208][ T9085] [ 223.412596][ T9085] do_mmap+0x857/0x12f0 [ 223.414592][ T9085] ? __pfx_do_mmap+0x10/0x10 [ 223.416724][ T9085] ? __pfx_down_write_killable+0x10/0x10 [ 223.419558][ T9085] vm_mmap_pgoff+0x29e/0x470 [ 223.421810][ T9085] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 223.424143][ T9085] ? __fget_files+0x215/0x3d0 [ 223.426313][ T9085] ? __fget_files+0x21f/0x3d0 [ 223.428458][ T9085] ksys_mmap_pgoff+0x3c8/0x650 [ 223.430594][ T9085] ? __pfx___ia32_sys_futex_time32+0x10/0x10 [ 223.433292][ T9085] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 223.435733][ T9085] __do_fast_syscall_32+0xe3/0x8c0 [ 223.438048][ T9085] do_fast_syscall_32+0x32/0x70 [ 223.440459][ T9085] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 223.443665][ T9085] RIP: 0023:0xf704ef6c [ 223.445801][ T9085] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 223.454762][ T9085] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 00000000000000c0 [ 223.458431][ T9085] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000003000 [ 223.462322][ T9085] RDX: 0000000003000007 RSI: 0000000000000011 RDI: 0000000000000005 [ 223.465784][ T9085] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 223.468514][ T9085] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 223.471117][ T9085] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 223.473830][ T9085] [ 223.474953][ T9085] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 223.477559][ T9085] CPU: 3 UID: 0 PID: 9085 Comm: syz.2.933 Tainted: G L syzkaller #0 PREEMPT(full) [ 223.481140][ T9085] Tainted: [L]=SOFTLOCKUP [ 223.482679][ T9085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 223.486171][ T9085] Call Trace: [ 223.487357][ T9085] [ 223.488330][ T9085] dump_stack_lvl+0x100/0x190 [ 223.489889][ T9085] vpanic+0x552/0x970 [ 223.491223][ T9085] ? __pfx_vpanic+0x10/0x10 [ 223.492800][ T9085] panic+0xd1/0xe0 [ 223.494046][ T9085] ? __pfx_panic+0x10/0x10 [ 223.495595][ T9085] check_panic_on_warn.cold+0x19/0x34 [ 223.497383][ T9085] ? path_noexec+0x1cf/0x230 [ 223.498938][ T9085] __warn.cold+0x191/0x348 [ 223.500540][ T9085] __report_bug+0x296/0x3d0 [ 223.502264][ T9085] ? path_noexec+0x1cf/0x230 [ 223.503879][ T9085] ? __pfx___report_bug+0x10/0x10 [ 223.505658][ T9085] ? __lock_acquire+0x4a5/0x2630 [ 223.507386][ T9085] ? arch_get_unmapped_area_topdown+0x3e6/0x9b0 [ 223.509580][ T9085] ? path_noexec+0x1cf/0x230 [ 223.511638][ T9085] report_bug+0xb2/0x220 [ 223.513101][ T9085] ? path_noexec+0x1cf/0x230 [ 223.514640][ T9085] handle_bug+0x166/0x2a0 [ 223.516127][ T9085] exc_invalid_op+0x17/0x50 [ 223.517686][ T9085] asm_exc_invalid_op+0x1a/0x20 [ 223.519569][ T9085] RIP: 0010:path_noexec+0x1cf/0x230 [ 223.521444][ T9085] Code: 58 31 ff 83 e3 02 48 89 de 48 d1 eb e8 ca f4 7e ff 83 e3 01 e8 e2 f9 7e ff 89 d8 5b 5d 41 5c e9 d7 5a 07 09 e8 d2 f9 7e ff 90 <0f> 0b 90 e9 46 ff ff ff e8 74 7a ea ff e9 a3 fe ff ff e8 6a 7a ea [ 223.527681][ T9085] RSP: 0018:ffffc9000744fc08 EFLAGS: 00010283 [ 223.529660][ T9085] RAX: 00000000000000ae RBX: 0000000000000000 RCX: ffffc9000c001000 [ 223.532235][ T9085] RDX: 0000000000080000 RSI: ffffffff828900ce RDI: ffff888024c10000 [ 223.534893][ T9085] RBP: ffff888020c5b360 R08: 0000000000000007 R09: 0000000000000000 [ 223.538354][ T9085] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000080000 [ 223.541300][ T9085] R13: 0000000000000001 R14: ffff888023da1388 R15: 0000000000000000 [ 223.544156][ T9085] ? path_noexec+0x1ce/0x230 [ 223.545718][ T9085] ? path_noexec+0x1ce/0x230 [ 223.547265][ T9085] do_mmap+0x857/0x12f0 [ 223.548659][ T9085] ? __pfx_do_mmap+0x10/0x10 [ 223.550224][ T9085] ? __pfx_down_write_killable+0x10/0x10 [ 223.552105][ T9085] vm_mmap_pgoff+0x29e/0x470 [ 223.553658][ T9085] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 223.555338][ T9085] ? __fget_files+0x215/0x3d0 [ 223.556948][ T9085] ? __fget_files+0x21f/0x3d0 [ 223.558505][ T9085] ksys_mmap_pgoff+0x3c8/0x650 [ 223.560155][ T9085] ? __pfx___ia32_sys_futex_time32+0x10/0x10 [ 223.562351][ T9085] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 223.564411][ T9085] __do_fast_syscall_32+0xe3/0x8c0 [ 223.566551][ T9085] do_fast_syscall_32+0x32/0x70 [ 223.568585][ T9085] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 223.571144][ T9085] RIP: 0023:0xf704ef6c [ 223.572633][ T9085] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 223.578968][ T9085] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 00000000000000c0 [ 223.581793][ T9085] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000003000 [ 223.584479][ T9085] RDX: 0000000003000007 RSI: 0000000000000011 RDI: 0000000000000005 [ 223.587052][ T9085] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 223.589647][ T9085] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 223.592238][ T9085] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 223.594845][ T9085] [ 223.596660][ T9085] Kernel Offset: disabled [ 223.598194][ T9085] Rebooting in 86400 seconds..