last executing test programs: 7m25.026924722s ago: executing program 3 (id=1502): socket$inet_sctp(0x2, 0x5, 0x84) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x801) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) 7m24.866815673s ago: executing program 3 (id=1503): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x4040084) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) socket$inet_sctp(0x2, 0x5, 0x84) r1 = syz_io_uring_setup(0x49b, &(0x7f0000000440)={0x0, 0x237b, 0x400, 0x0, 0x28f}, &(0x7f00000000c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x40f6, 0x4f7c, 0x0, 0x0, 0x0) 7m23.898570244s ago: executing program 3 (id=1506): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000000c0)={0x14, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x1d, {[@global=@item_012={0x2, 0x1, 0x9, "231b"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x0, "0100"}, @local=@item_012={0x2, 0x2, 0x2, "9006"}, @main=@item_4={0x3, 0x0, 0x8, "749e821c"}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @main=@item_4={0x3, 0x0, 0x9, "85900eb7"}]}}, 0x0}, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000000)={0x80, 0x1d, 0x3, 0x7, "5ad7e001b0c91481d4a058654be869d267fd052110ffb581f4798064358a8fe1"}) 7m22.175174194s ago: executing program 3 (id=1514): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x23e9c9e, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x28a5291, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='devpts\x00', 0x101c040, 0x0) umount2(&(0x7f0000000340)='./file0/../file0\x00', 0x1) 7m22.170098799s ago: executing program 3 (id=1515): socket$caif_stream(0x25, 0x1, 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0xa, 0x3, 0xff) r1 = socket$nl_route(0x10, 0x3, 0x0) setrlimit(0x4, &(0x7f0000000000)={0x6bd7, 0x2}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'}) r2 = syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0x400aee2, 0x410, 0x1, 0x317}, &(0x7f0000000200)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x300) 7m21.977413425s ago: executing program 3 (id=1516): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x8e40, 0x0) close(r1) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff5644d, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, r6, {}, {0xb, 0xb}, {0x2, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x808, 0x205, 0x1, 0xc}, 0xb, 0x6, 0x32, 0x5, 0xa, 0x2, 0x9, 0xd, 0x1, 0x1, {0xffff1c72, 0x23, 0x7, 0xc, 0xfffffffe, 0x7583}}}}]}, 0x78}}, 0x8000) sendto$packet(r3, &(0x7f0000000240)="bad33075218151db00316f3a277f953286ddd1dc", 0x14, 0x2000041, &(0x7f0000000080)={0x11, 0x88a8, 0x0, 0x1, 0xda, 0x6, @remote}, 0x14) 7m21.926491181s ago: executing program 32 (id=1516): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x8e40, 0x0) close(r1) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff5644d, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, r6, {}, {0xb, 0xb}, {0x2, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x808, 0x205, 0x1, 0xc}, 0xb, 0x6, 0x32, 0x5, 0xa, 0x2, 0x9, 0xd, 0x1, 0x1, {0xffff1c72, 0x23, 0x7, 0xc, 0xfffffffe, 0x7583}}}}]}, 0x78}}, 0x8000) sendto$packet(r3, &(0x7f0000000240)="bad33075218151db00316f3a277f953286ddd1dc", 0x14, 0x2000041, &(0x7f0000000080)={0x11, 0x88a8, 0x0, 0x1, 0xda, 0x6, @remote}, 0x14) 7.841293037s ago: executing program 1 (id=3558): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) socket$kcm(0x11, 0x3, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x3, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000500)=ANY=[], 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) r3 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f00000000c0)={0x1d, r4, 0x8000000000000003, {}, 0xfd}, 0x18) r5 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x1000, 0x2, 0x1f8}, &(0x7f0000000000)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_SEND={0x1a, 0x40, 0x0, r3, 0x0, 0x0, 0x0, 0x20000000, 0x1}) io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) 5.821626044s ago: executing program 1 (id=3563): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'macvtap0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f40)=@gettclass={0x24, 0x2a, 0x2, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x9, 0xf}, {0x1, 0x9}, {0x2}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x40088}, 0x4008040) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r5, 0x84, 0x73, &(0x7f0000000080)={r6, 0x3, 0x30, 0x9, 0x9}, &(0x7f0000000280)=0x18) read$char_usb(r4, &(0x7f0000000480)=""/74, 0x49) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs2/custom1\x00', 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x84000}, 0x4000050) r7 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r7, &(0x7f0000000000)={0x27}, 0x62) listen(r7, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) syz_open_dev$loop(&(0x7f0000000100), 0xfd, 0x12fa80) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) pselect6(0x40, &(0x7f00000001c0)={0x4, 0x0, 0x5, 0x1, 0xd, 0x80000, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x1, 0x3, 0xffffffffffffffff, 0x9, 0x0, 0x10, 0x80000002, 0xb}, 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)=0x0) timer_settime(r8, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) r9 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCGARP(r9, 0x8954, &(0x7f0000000480)={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x30}}, {0x74c9e7b8c49a9e21}, 0x2, {0x2, 0x4e26, @private=0xa010101}}) socket$xdp(0x2c, 0x3, 0x0) 5.593284337s ago: executing program 4 (id=3564): write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000019340)={0x7, 0x15, 0x2}, 0x7) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x13c0, 0x0, 0x94, 0x1204, 0x1170, 0x0, 0x132c, 0x132c, 0x132c, 0x132c, 0x132c, 0x6, 0x0, {[{{@ip={@broadcast, @dev={0xac, 0x14, 0x14, 0x13}, 0xff, 0xff000000, 'pim6reg1\x00', 'bridge_slave_0\x00', {}, {0xff}, 0x88, 0x3}, 0x0, 0x70, 0x94}, @TTL={0x24, 'TTL\x00', 0x0, {0x1, 0x9}}}, {{@ip={@remote, @local, 0x0, 0x0, 'wg2\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x10a0, 0x10dc, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x1, 0x0, 0x1, 0x1, './cgroup.cpu/syz1\x00', 0x4, {0x5}}}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0xffff0001, 0x751, @ipv4=@local, 0x4e24}}}, {{@uncond, 0x0, 0x70, 0x94}, @unspec=@CHECKSUM={0x24}}, {{@ip={@local, @multicast1, 0x0, 0xffffff00, 'syzkaller0\x00', 'bond0\x00', {}, {}, 0x0, 0x1}, 0x0, 0x70, 0x94}, @unspec=@CHECKSUM={0x24}}, {{@uncond, 0x0, 0x70, 0x94}, @ECN={0x24, 'ECN\x00', 0x0, {0x0, 0xfc}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x141c) r0 = fsopen(&(0x7f0000000200)='adfs\x00', 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x81, 0x5) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x87e, 0x20203843, 0x3, [0x2], [0x800, 0x0, 0x0, 0xfffffffc], [0x101, 0x0, 0x1, 0xb1e5], [0x6, 0xffffffffffffffff, 0x0, 0x8]}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000019480)=@newtaction={0x18, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0xc000004) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000000300)=""/102392, 0x18ff8) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="f8000000190001000000000000000000e0000002000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000007000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000001000001440005002001060000000000000000000000000000000002320000000a000000fc0100000000000000000000080000000000000004000000"], 0xf8}}, 0x0) syz_open_dev$audion(&(0x7f0000019300), 0x6, 0x2) connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000019380)=ANY=[@ANYBLOB="2c0000f70001424b62c900e0000000000200000a1800018014000180080001000000000008000200ac1414003307b3282984bead0129e4deda42df191ebb0dc4f181df5761d03eb550b6f150d467ca53873594da47f25756e1d95a012730b170bf6fb929758289e14ec5cb23044a992124307e2da44e27324b0b4011f28b7f73f2e4fe08088476ecc891a4622d10f7c5efe68b37c132a9211a1d5d093289d91de529d36c3f17fc8357028b1ada6a4d05db09960f5ed5b9ad9ec416ee4edd644b33bf523cedc24c7f110133e6c464a0c4723c4e650751e20bca6aad"], 0x2c}}, 0x0) 4.691559464s ago: executing program 4 (id=3568): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000002b40), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000002bc0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbf7000fbdbdf25070000000a0004007770616e340000000800010001000000"], 0x28}, 0x1, 0x0, 0x0, 0x4090}, 0x40040) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002d80)={r5, r4, 0x25, 0x8, @void}, 0x10) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, 0x0}, 0x8) r7 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000200)=r6, 0x2) bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r7, 0x4) r8 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000001c0), 0x41, 0x0) ioctl$PTP_PEROUT_REQUEST(r8, 0x40383d03, &(0x7f0000000240)={{0xffff, 0x6}, {0x7fffffffffffffff, 0x40}, 0xa}) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000003040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER(r10, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x30, r11, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="7bf24827ed91"}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r12}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20000884) sendmsg$BATADV_CMD_GET_HARDIF(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x420009}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x2c, r11, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="52d9f887d01f"}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="ac34a050e2d7"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x8000) read$dsp(r2, 0x0, 0x0) ioctl$SNDCTL_DSP_NONBLOCK(r2, 0x500e, 0x0) 4.618746926s ago: executing program 4 (id=3570): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a0000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000800000000000003000000000000000000000000000000fdffff"], 0xfc}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, 0x0, 0x0) setresuid(0xee01, 0x0, 0x0) setresuid(0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) r1 = socket$igmp6(0xa, 0x3, 0x2) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff}, 0x80000) creat(&(0x7f00000001c0)='./file0\x00', 0x102) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x94, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYRESHEX=r1, @ANYRESHEX=r0]) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000980)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x6, &(0x7f0000000140)=ANY=[@ANYBLOB="5b400000000000eb951800000004000000000000000700000085100000fbffdfff186400000300000000000000020000009500000000000000000000000000002d5d61c994ae48367519288b35ccdeee8e4c06446269e59a2fdc9e524351541415981949eb82cb315f1c83b9"], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x72, &(0x7f0000000280)=""/123, 0x1f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x10, 0x4}, 0x94) 3.971864363s ago: executing program 1 (id=3575): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c, r0, 0x5, 0x0, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_BSS_BASIC_RATES={0x23, 0x24, [{0x11, 0x1}, {0x18, 0x1}, {0x60, 0x1}, {0x24}, {0x60}, {0x24}, {0x16}, {0x1b, 0x1}, {0x9, 0x1}, {0x1}, {0x60, 0x1}, {0xb, 0x1}, {0x36}, {0x1b, 0x1}, {0x30, 0x1}, {0x36}, {0x1}, {0x6, 0x1}, {0x9}, {0x6c, 0x1}, {0x60, 0x1}, {0x36}, {0x6c}, {0x10}, {0x5, 0x1}, {0x1b}, {0x16}, {0x24, 0x1}, {0x17}, {0x48, 0x1}, {0x48, 0x1}]}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x4c}}, 0x200008d0) 3.9707275s ago: executing program 1 (id=3576): write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000019340)={0x7, 0x15, 0x2}, 0x7) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x13c0, 0x0, 0x94, 0x1204, 0x1170, 0x0, 0x132c, 0x132c, 0x132c, 0x132c, 0x132c, 0x6, 0x0, {[{{@ip={@broadcast, @dev={0xac, 0x14, 0x14, 0x13}, 0xff, 0xff000000, 'pim6reg1\x00', 'bridge_slave_0\x00', {}, {0xff}, 0x88, 0x3}, 0x0, 0x70, 0x94}, @TTL={0x24, 'TTL\x00', 0x0, {0x1, 0x9}}}, {{@ip={@remote, @local, 0x0, 0x0, 'wg2\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x10a0, 0x10dc, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x1, 0x0, 0x1, 0x1, './cgroup.cpu/syz1\x00', 0x4, {0x5}}}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0xffff0001, 0x751, @ipv4=@local, 0x4e24}}}, {{@uncond, 0x0, 0x70, 0x94}, @unspec=@CHECKSUM={0x24}}, {{@ip={@local, @multicast1, 0x0, 0xffffff00, 'syzkaller0\x00', 'bond0\x00', {}, {}, 0x0, 0x1}, 0x0, 0x70, 0x94}, @unspec=@CHECKSUM={0x24}}, {{@uncond, 0x0, 0x70, 0x94}, @ECN={0x24, 'ECN\x00', 0x0, {0x0, 0xfc}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x141c) r0 = fsopen(&(0x7f0000000200)='adfs\x00', 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x81, 0x5) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x87e, 0x20203843, 0x3, [0x2], [0x800, 0x0, 0x0, 0xfffffffc], [0x101, 0x0, 0x1, 0xb1e5], [0x6, 0xffffffffffffffff, 0x0, 0x8]}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000019480)=@newtaction={0x18, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0xc000004) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000000300)=""/102392, 0x18ff8) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="f8000000190001000000000000000000e0000002000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000007000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000001000001440005002001060000000000000000000000000000000002320000000a000000fc0100000000000000000000080000000000000004000000"], 0xf8}}, 0x0) syz_open_dev$audion(&(0x7f0000019300), 0x6, 0x2) connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000019380)=ANY=[@ANYBLOB="2c0000f70001424b62c900e0000000000200000a1800018014000180080001000000000008000200ac1414003307b3282984bead0129e4deda42df191ebb0dc4f181df5761d03eb550b6f150d467ca53873594da47f25756e1d95a012730b170bf6fb929758289e14ec5cb23044a992124307e2da44e27324b0b4011f28b7f73f2e4fe08088476ecc891a4622d10f7c5efe68b37c132a9211a1d5d093289d91de529d36c3f17fc8357028b1ada6a4d05db09960f5ed5b9ad9ec416ee4edd644b33bf523cedc24c7f110133e6c464a0c4723c4e650751e20bca6aad"], 0x2c}}, 0x0) 3.521741695s ago: executing program 4 (id=3577): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x48, 0x0, 0x0, 0x1, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000040)={0x28, 0x1, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0xfffffffffffffffc}) r3 = open(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x6c) fcntl$notify(r3, 0x402, 0x5) ftruncate(0xffffffffffffffff, 0x6000000) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b}) ioctl$IOMMU_IOAS_UNMAP$ALL(r2, 0x3b86, &(0x7f00000012c0)={0x18}) fsopen(0x0, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x2e, &(0x7f0000000580)=ANY=[@ANYBLOB="089e20151ce9937cde0b5db8051766d6dbd34cc8b1b19f13c5abff1099a0077009888d21c32917e0514ec2a7bfdb6c28ddbe56b39053c1526a09ff15df7f7a140ab9e44785f51993e71d1a83df724cf3d17b386822771299ecceaaea94655378aa04feabf3bc82eb6460f926100234ee23720300b9a9cc2c3f6fc2434833a44d129f7c768029403494c6ac75c8e3431ea58deadad8e9cf904a8f0a090f3f308949aaccaca3c98d6187c17b197daa0a1e44b5a98ecebc68d085c7637f11e67d231eb8ff16855fb9aed5ea4d132844423306d13c51ca3c6ed902e03a39b1b90093d09ffe30cf83d0dc138a90679cfe26391353a8821b3918fdecb65f090774c82145fcf4a5a011327b5cdbb3f8e32dbde798ffec4fd6b977935ce5ff0f5261e7242dc39013ab0c6a38e3031ce63e586e61300b45d7a3147ce1e9cd3c08a8a6f4d5edbc502518a09fcf7eeb38d3986101fb54f10b770de54207472f7de07fd2d3860d4e02787103f8694536078e97d3080d39bc7858865e96660daf8499cca393ed942f86a1c2d5cbd80e8eb5eb1e4be2b4e6c20eca090c1ac440020d0ead498de461653b299b09d7d27d9546e16f309890adb2e889142fc9f2e4bce17fc7277b20ad6f2d8d278fe947dec1bf679c9d2f03c444e77534a2fdda249a778e20c2c037bcb2dbcf81ede2bd7a88fcc98d42dee6b0d9f766ecfd7bf8314665f761e8fad04496d636b7062c4980d2ad43a9af539178c54775c2381a9f9d175226b18dc35c0e978642c0b45c4d428f13d1f1adbbe4533cc2ecbb86a6aadb5ae94b381f86bed52a6467e6ebe8e31c59c2bafe8fd203d63e8570cb858f4706f2113b636b36337f345e048c5f266b6d07f0b05ac31377fa3b47fc704158ca8b13ae5b3bfca8b373ba06e6cfccbddba6970e20423303febec7593410034363cfb8908c24462cb33a4b61bd4a5fbbbac3d9681c0d9f4ff0d0b75a0bdb30939333737e9c728a9ee798ac42832c81130b4aada247f5461f214a731950d86c2cb800"/743], 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0300002e00090027bd70000000000004000000480311802e2e"], 0x35c}, 0x1, 0x0, 0x0, 0x42804}, 0x4000010) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6) r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r7, 0x4c82) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRES16=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 3.265907952s ago: executing program 0 (id=3582): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) close(0x4) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, 0x0, 0x0, 0x800, 0x0, 0x0) 3.079945417s ago: executing program 0 (id=3583): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0xc2000, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) pread64(r3, 0x0, 0x0, 0x3) close(r2) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000680)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x4b) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x80000) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000080)="f78d9ca38fff48f3be521634", 0xc}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f", 0xcd}, {&(0x7f00000004c0)="607e78db4bed98ee6fbb4d19e99bf70498e373bc3a99abb6b0c09a7973532e786a5cfa9902bd1569a1da8a6ea1b69ded9b1c5696c8caa78b5ca9f655867e3792a8c66fc27ea2450043ef1a5c0827fe8d6bdb5973a644da6c9b1569d0c6d1b11bb1c6623327f92f1e49bfc74ff5d714925a385f2e88cf0f7c11aefb0c8b341bdbd2068db1e79475a9562c864fc865d9f9eb72846e2cc94c78f35c73a7ee676c0b32d615e34ed429dd58800f276a3a3c3c622b9df67d56c9", 0xb7}], 0x3}], 0x1, 0x40800) recvmsg(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000880)=""/236, 0xec}, {&(0x7f00000005c0)=""/166, 0xa6}], 0x2}, 0x40013063) setsockopt$bt_l2cap_L2CAP_LM(r5, 0x6, 0x3, &(0x7f00000000c0)=0x1a, 0x4) ioctl$KVM_CAP_X86_DISABLE_EXITS(r2, 0x4068aea3, &(0x7f0000000040)={0x8f, 0x0, 0x2}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) close(r2) 2.971776745s ago: executing program 1 (id=3585): socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) r3 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e20, 0x1000040, @private1={0xfc, 0x1, '\x00', 0xa}, 0xae3c}, 0x1c) ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d2, &(0x7f00000002c0)="fd") r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000040)={'vxcan1\x00'}) sendmsg$can_bcm(r5, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000080)=ANY=[@ANYBLOB="050000023008000000000000", @ANYRES32=0x77359400, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x80}, 0x1, 0x0, 0x0, 0x40084}, 0x20000000) r6 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000180)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x100003, {0x0, 0x0, 0x0, r7, {0xb, 0xfff3}, {0x3, 0xfff9}, {0xd}}}, 0xfffffffffffffd03}}, 0x0) close(r5) r8 = memfd_secret(0x0) ftruncate(r8, 0x581) ftruncate(r8, 0x0) 2.791855401s ago: executing program 0 (id=3586): syz_emit_vhci(&(0x7f0000000140)=@HCI_VENDOR_PKT, 0x2) memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6) (async) r0 = memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6) r1 = openat$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x102) openat$dir(0xffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x48) (async) r2 = openat$dir(0xffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x48) renameat2(r1, &(0x7f0000000040)='./file0\x00', r2, &(0x7f00000000c0)='./file0\x00', 0x4) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4, 0x12, r0, 0x0) 2.791692241s ago: executing program 0 (id=3587): syz_usb_connect(0x1, 0x2d, &(0x7f0000000f00)={{0x12, 0x1, 0x300, 0x61, 0xd, 0x9e, 0x8, 0xc016, 0x6da5, 0x1cad, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x7f, 0xfe, 0x0, 0x6, [{{0x9, 0x4, 0xa7, 0x5, 0x1, 0x7, 0x1, 0x3, 0x7f, [], [{{0x9, 0x5, 0xb, 0x3, 0x8, 0xf7, 0x6, 0x7}}]}}]}}]}}, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]}) (fail_nth: 30) 2.621536604s ago: executing program 4 (id=3588): futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f00000002c0), 0x93020007) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) fcntl$setstatus(r0, 0x4, 0x2800) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000002c0)={0x0, 0x8, 0x10}, 0xc) r2 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x400, 0x0, 0x359}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x40, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r2, 0x47ba, 0x3e82, 0x60, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x1) socket$inet6(0x10, 0x3, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000001580)={0x2020}, 0x2020) syz_usb_connect(0x0, 0x36, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)) 1.888364778s ago: executing program 4 (id=3589): futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f00000002c0), 0x93020007) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) fcntl$setstatus(r0, 0x4, 0x2800) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000002c0)={0x0, 0x8, 0x10}, 0xc) r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x400, 0x0, 0x359}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x40, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r3, 0x47ba, 0x3e82, 0x60, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x1) socket$inet6(0x10, 0x3, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000001580)={0x2020}, 0x2020) syz_usb_connect(0x0, 0x36, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)) 1.561563224s ago: executing program 0 (id=3590): r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x109301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x300, 0x0, 0x25dfdbff, {}, [{0x90, 0x1, [@m_ct={0x44, 0x18, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x1) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) chdir(&(0x7f0000001040)='./cgroup/../file0\x00') mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f00000001c0)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0x3, 0x20, 0x0, 0x0, 0x205a, 0x1ff, 0x0, 0x96c, 0x6, 0x0}) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000100)=ANY=[@ANYRESHEX=r4, @ANYRES8=0x0, @ANYRES16=r5, @ANYBLOB="0a001b"], 0x2c}], 0x1, 0x0, 0x0, 0x4008030}, 0x0) open(&(0x7f0000000280)='./cgroup/../file0\x00', 0x80, 0x31) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) r6 = socket$nl_route(0x10, 0x3, 0x0) setrlimit(0xc, &(0x7f0000000f80)={0x57b}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newtaction={0xe68, 0x30, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x4, 0x8001, 0x10000000, 0x8}, 0x92, 0x6}, [{0x4, 0xe, 0x8, 0xe42, 0x4, 0xec87}, {0x6, 0x40, 0x6, 0x458, 0x400, 0x7}, {0x40, 0xa6, 0x8, 0x0, 0x7, 0xf63}, {0x1, 0x2, 0xfc78, 0x3, 0x4, 0x7fff}, {0x0, 0x3c98, 0x1, 0x7fffffff, 0x9, 0xc}, {0x3, 0x7, 0x3, 0x0, 0x6, 0x4}, {0x1, 0x2, 0x0, 0x51, 0x6, 0x6}, {0xf, 0xfff, 0x9, 0x99, 0x6b2b}, {0x8e73, 0x3f8000, 0x1, 0x4, 0x7, 0x7}, {0x4, 0x3, 0x1, 0x4, 0x0, 0x400}, {0xec25, 0x60, 0xffffff00, 0xb45d, 0x552, 0x39f}, {0x100000, 0xfffff317, 0x2, 0x5, 0x974f, 0x17}, {0x4, 0x7, 0x100, 0x9, 0xfff, 0xffffffff}, {0xfffffff7, 0x101, 0x400, 0x6, 0x40, 0xb}, {0x0, 0x4, 0x5, 0x3, 0x81, 0x2}, {0xb2, 0x4c81440c, 0x8, 0x800, 0x2, 0xd66}, {0x4, 0x2bb, 0x80, 0xa, 0xfffffffa, 0x5}, {0xfffffffe, 0x5b92, 0x7, 0x4, 0x88f5, 0x9}, {0x6, 0xc, 0x200, 0x4, 0xfffffff1, 0x26}, {0x9, 0x56, 0x1, 0xd, 0x5, 0x1}, {0x5, 0x3, 0xc, 0xfffffff7, 0x2}, {0xfffffff7, 0xf9f5, 0x8, 0xfff, 0xe1, 0x2d5e}, {0x6, 0x10001, 0x2, 0xcb, 0x5, 0x4}, {0xe, 0x101, 0x80, 0xd, 0xfffffffc, 0x9}, {0x0, 0xb, 0xfffffff4, 0x9, 0xfff, 0x81}, {0x6, 0x4, 0x9, 0x38f5, 0xe, 0xb4}, {0x2, 0x6, 0x9, 0x3, 0xe5, 0x3800}, {0x9, 0x4, 0x1, 0x101, 0x49a, 0x40}, {0x100, 0xffffffff, 0x80000001, 0x3, 0x12ab, 0xbc}, {0xa4a9, 0x3, 0x9, 0x7, 0x9, 0xb}, {0x7fffffff, 0x4, 0x5, 0x3, 0x7fff, 0xc}, {0x5, 0x9, 0x75, 0xffff8001, 0x9, 0x6}, {0xb0, 0x4, 0xffffffff, 0x6d, 0x81, 0xfffffffa}, {0x100, 0x6, 0xffffffff, 0x0, 0x4, 0x9}, {0x6, 0x9, 0x9, 0x1, 0xffff, 0x2}, {0x800, 0x4, 0xfffffffe, 0x10001, 0x7fffffff, 0x100}, {0xb, 0x2, 0x4, 0xfffffff8, 0x6, 0xfffffff9}, {0x1, 0x9, 0x5, 0x6, 0x84, 0x7}, {0xa, 0x0, 0x909d, 0x1, 0x9}, {0xbe0, 0x3, 0x5, 0x2, 0x3, 0x80000001}, {0x6, 0x0, 0x8001, 0xce8, 0xc7f, 0x10001}, {0xcf4, 0xaad, 0x8, 0x6, 0x1, 0x3}, {0x6, 0x5, 0x5, 0x7, 0x7247, 0x2}, {0x80000000, 0xfe9, 0x32b2, 0x7, 0x5, 0x7ff}, {0x40, 0x9, 0x68, 0x0, 0x2, 0x98a}, {0x7, 0x0, 0x5b02, 0x6, 0x8001, 0x2}, {0x6, 0x4, 0x1ff, 0xd, 0x8, 0xfff}, {0x2, 0x9, 0x800, 0x0, 0xfffffff8, 0x3a}, {0x4, 0x9, 0x9, 0xfff, 0x3, 0xd4f}, {0xb44, 0x8, 0x9, 0x7f, 0x3, 0x3}, {0xc1, 0x6, 0x2, 0x6, 0x1, 0x5}, {0x40, 0x6be, 0x4d1, 0x5, 0x2, 0x7}, {0x1ff, 0xb25, 0x80000001, 0x1, 0xf}, {0x4, 0x6, 0x1, 0x32}, {0xe6e1, 0x5, 0xfffffff9, 0x2, 0x60, 0x1a0}, {0x401, 0x0, 0x8000, 0xffff65ca, 0xffffffc0, 0xf9}, {0xf, 0x2, 0x9, 0xa, 0x3, 0xffffffff}, {0x4, 0x3, 0x9, 0x6, 0x4, 0x7ff}, {0x7ff, 0xfffffffc, 0x15e5a53f, 0x67b, 0x1, 0x4}, {0x4, 0x7, 0x5, 0x10001, 0x8, 0x6}, {0x8f2, 0xfff, 0x6, 0x2, 0xc5, 0xfffffff8}, {0x8000, 0xc1, 0x8, 0x7fff, 0x7fff, 0x400}, {0x2900416, 0x10000, 0xe, 0x9, 0x1000, 0x9}, {0x10, 0xfffffff8, 0x0, 0x4, 0xe, 0x9}, {0x8, 0x8, 0x8000, 0x0, 0xd01, 0x3}, {0x800, 0x3, 0x0, 0x0, 0x4, 0xf87b}, {0x1, 0x1ff, 0x3, 0x3, 0x9, 0x3ff}, {0x7, 0xfffffff6, 0x0, 0xde, 0x3, 0x7}, {0x8, 0xaf00, 0x1, 0x1, 0x8, 0x1}, {0x4, 0x2, 0x9, 0xfd, 0x0, 0x7}, {0x0, 0x6, 0x8, 0xc, 0xf15f10b, 0x6}, {0x4d, 0x6, 0x8, 0x7, 0xe582, 0x6}, {0x4, 0x0, 0x40, 0x8, 0x0, 0xffff8000}, {0x9, 0x4, 0x6, 0x6, 0xa, 0x8}, {0x3, 0x401, 0x6, 0xe, 0x1ff000, 0x1}, {0xfffffb2a, 0x8, 0x5, 0xffff, 0x2, 0xffffff00}, {0x400, 0x6, 0x3, 0x9a, 0x1, 0x2000}, {0x5, 0x2, 0x81, 0xf, 0x5, 0x8}, {0x1, 0x4241, 0xfffffff8, 0x9, 0x400, 0xebed}, {0x5, 0x1ed, 0x2, 0x8, 0x707, 0xfc1a}, {0x1d, 0x33, 0xfffffff8, 0x2, 0x6, 0x9}, {0x9b, 0x6, 0x3a438d3b, 0x8000, 0x4}, {0x9, 0x81, 0x7fff, 0x800, 0x9}, {0x10, 0x4, 0x1, 0x622e, 0xd8, 0x9}, {0x33, 0x7, 0x9, 0x6, 0x1e, 0xd}, {0xd2, 0x7, 0x6, 0x2, 0x7, 0x1000}, {0x3, 0x0, 0x7, 0xab7, 0x5, 0x5}, {0xb, 0x7, 0xc, 0x1, 0x6, 0x80000000}, {0x3, 0x1, 0x2, 0x8, 0x2c, 0x10}, {0x50a49641, 0x2, 0x4, 0xef1, 0x8, 0x9a90}, {0x5e300141, 0x0, 0x7, 0x93, 0xa, 0x6e}, {0x36, 0x5, 0x6de, 0x80000001, 0x4}, {0x8, 0x2, 0x5, 0x4, 0x0, 0x57d}, {0x3, 0x6, 0x7fc, 0x6, 0x7, 0x8}, {0x5000, 0x7, 0x0, 0x4, 0x6, 0x4}, {0x4, 0x7fffffff, 0x7fff, 0xfffffffe, 0x100000, 0x5}, {0x7d, 0x343, 0x6, 0x1, 0xa19a, 0x5}, {0x1, 0x4, 0x962, 0xd, 0x1, 0x8}, {0x1a4, 0x2, 0xffff, 0xa, 0x0, 0x1}, {0x800, 0x81, 0x6, 0x3, 0xfffffff9, 0x8001}, {0x8000, 0x3, 0x0, 0x1, 0x2, 0x8}, {0x101, 0x4, 0x7f, 0x3b24, 0xc16, 0x1ff}, {0x80, 0x8, 0x3, 0x2, 0x34c, 0x2}, {0x9, 0x6, 0x2, 0x88, 0x4, 0x3ff}, {0x6, 0x4, 0xf, 0x5, 0xfffff157, 0x7}, {0x400000, 0xbefa, 0x9, 0x6, 0x4, 0xffffffff}, {0x2fd, 0x4, 0x8, 0x3, 0x6, 0x1}, {0xa1, 0x1, 0xd, 0x7, 0x4, 0xe1}, {0x6, 0x101, 0x7, 0x3, 0x0, 0x3}, {0x3, 0x6, 0x7, 0x9}, {0x2, 0xc, 0x23c, 0x8, 0x12, 0x80}, {0x0, 0x292, 0x2, 0x8, 0xffff, 0x2}, {0x9, 0x0, 0x3, 0x4, 0x40, 0xffffffff}, {0x80000000, 0x6f95, 0x23, 0xf9, 0x8, 0x7fff}, {0x5, 0x19de554e, 0xfffff4b2, 0xb97, 0x1, 0x7}, {0x9, 0x0, 0x521, 0x5, 0x3}, {0xffff, 0x4, 0xfb1, 0x3, 0x0, 0xfffffff8}, {0x6, 0x19c1, 0x7ff, 0xa, 0xda8b, 0x9b}, {0x3, 0x8, 0x7fff, 0x6, 0x7, 0x8}, {0x80, 0x5, 0x48, 0xce6, 0x3, 0x4}, {0x9, 0x3ae2, 0x1, 0x7, 0x7, 0xfff}, {0xb5, 0x7f, 0xffffacad, 0x0, 0x4}, {0x3, 0x0, 0x7455, 0xe, 0x8000, 0x4}, {0x8, 0x8, 0x10, 0x0, 0x0, 0x3}, {0x2, 0x8, 0x0, 0x5, 0x1ff, 0x6}, {0xd, 0x4, 0x73f57df3, 0x8, 0xffffff61, 0x8}, {0x7, 0x8, 0x5, 0x5, 0xb, 0x40}, {0x6f, 0x0, 0xffff, 0x81, 0xc, 0x10000}], [{0x5, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x2}, {}, {}, {}, {0x5}, {}, {0x2, 0x1}, {0x0, 0x1}, {0x4}, {0x3, 0x1}, {}, {0x4}, {0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x4}, {0x2, 0x1}, {0x1, 0x1}, {}, {0x4}, {}, {0x1, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x4}, {0x3}, {0x5}, {}, {0x2}, {0x5}, {0x4}, {0x1, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x3}, {0x2, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x3}, {0x3}, {0x5}, {0x5}, {0x7, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x4}, {}, {0x5}, {0x2}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x3}, {0x5}, {0x0, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1}, {0x1, 0x1}, {0x2}, {0x4}, {0x0, 0x1}, {0x4, 0x1}, {0x1}, {0x1}, {0x1}, {0x1}, {0x3, 0x1}, {0x1}, {0x2}, {0x3}, {0x3}, {0x4}, {0x5, 0x1}, {0x5}, {0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x3}, {}, {0x4, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x4}, {0x3}, {0x2}, {0x1, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x5}, {0x4, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1}, {0x2, 0x1}, {0x4}, {}, {0x2}, {0x1}, {0x1}, {0x4}, {0x1, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x3, 0x1}, {0x1}, {0x4, 0x1}, {0x1}, {0x2, 0x1}, {}, {0x2, 0x1}, {0x2, 0x1}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xe68}, 0x1, 0x0, 0x0, 0x4081}, 0x2400c800) ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000fc0)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) 581.639162ms ago: executing program 2 (id=3592): r0 = openat$vim2m(0xffffff9c, &(0x7f0000000b00), 0x2, 0x0) r1 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) sendmsg$inet(r1, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000400)=[{&(0x7f00000000c0)="08001eb3b0335d00", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x8000) r2 = inotify_init1(0x0) inotify_add_watch(r2, &(0x7f0000000000)='.\x00', 0xa4000021) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x124) close(r2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc0f8565c, &(0x7f0000000000)={0x0, 0xbd5, 0x2, {0x2, @raw_data="f91fd2868ba3d9189024fc40809db9e19479c0b5fce2c721330d5771dbf9dbfa9e2ad24622489141b4803cfeb0b70909e75715a13fada32fef53473eb9ce014fbe3929ea41fdeb0ff177dfb9d3227f213a6451b667d35b03b25618d20cea1f072990b86d463a0de7513744a2bb3bf4fb6049e30f7c533837beba9566c9fd8721c48fad424a5fb17bc1419fb85e5e7dce382ba5a1ce182b419becd67c18f0ba055b8d72225df5a5e7917f8a87a52b8c2516745c462e944b0c22a7e71ecf492a0ef916598abba0e732"}}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc04c560f, &(0x7f0000000280)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x100000, 0x1, {}, {0x0, 0x8, 0x0, 0x0, 0x0, 0x0, "5c0a0551"}, 0x5141, 0x1, {0x0}, 0x7, 0x20000000}) 504.437858ms ago: executing program 2 (id=3593): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000}) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_io_uring_setup(0x8d2, 0x0, 0x0, 0x0) keyctl$set_reqkey_keyring(0xe, 0x2) request_key(&(0x7f0000000040)='logon\x00', 0x0, &(0x7f00000002c0)='\xa2\\\x04\xe9\x178\x1b\xda<\x95\x82o\xf8\x06\x1e\xfbPm\x87\xa0E<\x99b\xc2\x9c\xfd\xb5T\xfd\x1e\x82\x83\xbc\xd9\a\xd5\xd3\x88\xe3D~\xbd\xe8\xaa\xfe>\xd8\xa1\xb3M\x00\t\x00\x00\x00\x00\x00\xe5\xff\x00\x00\a\x00\x00\x00\x00\x00\xf0\x00\x00\\Ak\xbe\xec\x0e\x19\xe1\xca@\xb2\xf1', 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000006c0)={&(0x7f00000005c0)={0xa0, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x9, 0x45}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x74fc907d1569ab21) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r4 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/59, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000002c0)={0x1, r4}) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffb2, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x9}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r1, 0x1e, &(0x7f0000000540)={r1}, 0x1) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e21, 0x80000, @dev={0xfe, 0x80, '\x00', 0x19}, 0xfffffffd}, 0x1c, 0x0, 0x0, &(0x7f0000000340)=[@hopopts_2292={{0x18, 0x29, 0x36, {0x2c}}}], 0x18}, 0xc4) syz_open_dev$tty20(0xc, 0x4, 0x0) 492.99812ms ago: executing program 1 (id=3594): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.memory_pressure\x00', 0x26e1, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x2, @mcast2, 0x3e}, 0x1c) socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4e24, 0x1, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000200)=@gcm_128={{0x304}, "941768e6efcc7143", "4c51f5c555851c0400e72bec7a72c358", "8509176b", "7f9cbdcd1d985e6c"}, 0x28) write$binfmt_script(r2, &(0x7f00000003c0), 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) io_submit(0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) writev(r2, &(0x7f0000000080)=[{&(0x7f0000000380)="ac", 0x1}], 0x1) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/custom1\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x1, 0x1cb8c0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141102) r3 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000000)={0x0, 0x0, 0x0}) bind$vsock_stream(r3, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r3, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r4 = socket$inet(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000e15000)={0x2, 0x4e20, @empty}, 0x10) r5 = socket$inet(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000e15000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10) 419.905896ms ago: executing program 2 (id=3595): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) memfd_create(&(0x7f0000000100)='immediate\x00', 0x3) sendmsg$inet(r2, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0xff0f}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='coredump_filter\x00') ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {r1}}, './file0\x00'}) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001000)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_NEWSETELEM={0x14, 0xc, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}}], {0x14}}, 0x9c}}, 0x0) 412.213216ms ago: executing program 2 (id=3603): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000}) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_io_uring_setup(0x8d2, 0x0, 0x0, 0x0) keyctl$set_reqkey_keyring(0xe, 0x2) request_key(&(0x7f0000000040)='logon\x00', 0x0, &(0x7f00000002c0)='\xa2\\\x04\xe9\x178\x1b\xda<\x95\x82o\xf8\x06\x1e\xfbPm\x87\xa0E<\x99b\xc2\x9c\xfd\xb5T\xfd\x1e\x82\x83\xbc\xd9\a\xd5\xd3\x88\xe3D~\xbd\xe8\xaa\xfe>\xd8\xa1\xb3M\x00\t\x00\x00\x00\x00\x00\xe5\xff\x00\x00\a\x00\x00\x00\x00\x00\xf0\x00\x00\\Ak\xbe\xec\x0e\x19\xe1\xca@\xb2\xf1', 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000006c0)={&(0x7f00000005c0)={0xa0, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x9, 0x45}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x74fc907d1569ab21) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r4 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/59, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000002c0)={0x1, r4}) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffb2, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x9}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r1, 0x1e, &(0x7f0000000540)={r1}, 0x1) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e21, 0x80000, @dev={0xfe, 0x80, '\x00', 0x19}, 0xfffffffd}, 0x1c, 0x0, 0x0, &(0x7f0000000340)=[@hopopts_2292={{0x18, 0x29, 0x36, {0x2c}}}], 0x18}, 0xc4) syz_open_dev$tty20(0xc, 0x4, 0x0) 205.326747ms ago: executing program 0 (id=3596): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) r2 = socket$inet(0x2, 0x3, 0x9) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x4b, 0x1, 0xffffffff, 0x6, 0x0) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x8, 0x4) shutdown(r2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100ffffffff000000001a0000001800018030000000000000000000000073065b85f84a19e5fa84224a11ca368f7b341421d18786f7e8f5afcfca08215b3e29000000006128a224be395967125c747fd3b818d4be591fc5c4409cf6c4b544ae89d207e010dbbfe98e57c29f3e1db84b04342e46225bdb9de7149a2a48c4e7f3183729adcf61b776bdf7b275cf11c7bfeee662d15284a6912dbe1b3f0642cad48817f6a9e59152c5d965018f1f24ab1487a0d8e52cff356689a9b8abf51d19403188951dad0276b5a4aa6ff94519d5a2def7ca5e69dd523ddc2566879e8a649eba836ff58acbe8a4ac6dfb0c0fbc5e911333ee7a86e9269188d57cac5a31258958f93abeb0740d933a90ef1e4c6e63d38104ebd89389efa5396b15cace52bd7da3d5171d1232068b8039c5b8a11208ef6e461827"], 0x2c}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000080)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) sendfile(r6, r6, 0x0, 0x4) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mlock(&(0x7f0000449000/0x3000)=nil, 0x3000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r7 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r7, 0x6, 0x0, 0x0, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000040)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000180)=0x14) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f00000002c0)={r8, @in={{0x2, 0x4e23, @private=0xa0100fe}}}, &(0x7f00000001c0)=0x84) 204.985377ms ago: executing program 2 (id=3597): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x0, 0x9, 0x2, 0xfffffffe, 0xc0ff, [{0x2, 0x4, 0x3}, {0x9, 0x8, 0x9, '\x00', 0xf}, {0xff, 0x7f, 0xd3, '\x00', 0xe9}, {0xfd, 0x5, 0xf5, '\x00', 0xf}, {0x7, 0x9, 0xf5, '\x00', 0xb4}, {0xf, 0x4, 0x54, '\x00', 0xff}, {0x75, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x5, 0xc}, {0x7f, 0x5, 0x4a, '\x00', 0x8}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x80, '\x00', 0xdc}, {0xfb, 0x58, 0xff, '\x00', 0x1}, {0xfe, 0x7, 0x26}, {0xcf, 0xf, 0x8, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x39, 0x2, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x9}, {0x4, 0xc, 0x2, '\x00', 0xe9}, {0x7, 0x2, 0x7, '\x00', 0xc2}, {0x2, 0x80, 0xe, '\x00', 0x7f}, {0x1, 0xc, 0x83, '\x00', 0x7c}, {0x10, 0x6, 0x92, '\x00', 0x10}, {0x1, 0x3, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x4}]}}) 0s ago: executing program 2 (id=3598): syz_open_procfs(0x0, &(0x7f0000000040)='clear_refs\x00') syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x8, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0xa, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c57, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x9, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x0, 0x400, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x81, 0x6, 0xffff8001, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0x388000, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2b, 0xe, 0x312, 0x78, 0xea4, 0x0, 0xfff, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xfe, 0x0, 0xa, 0x5, 0x1000005, 0x5f31, 0xf, 0xd86, 0x2, 0x4, 0x8, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x200004, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x5, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x8, 0x8, 0x86, 0x3, 0x3038, 0xff, 0xb, 0x2, 0x2, 0x2, 0x7, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x7, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x3, 0x5, 0x1b, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x80000000], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x400002, 0x57, 0x4, 0x3, 0x3, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x10000016, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x3, 0x100, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0x40b1e, 0xd7, 0x200, 0xffff3441, 0x4]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x10, 0x3, 0x0) rseq(0x0, 0x0, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63) write$P9_RLERRORu(r2, &(0x7f0000000300)=ANY=[@ANYRESHEX], 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x3], 0x0, 0x0, 0x1, 0x1}}, 0x40) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="81"], 0x650) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r2, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xb}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0xf, 0xe15, 0x3, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00) socket$nl_generic(0x10, 0x3, 0x10) kernel console output (not intermixed with test programs): T10] usb usb46-port1: attempt power cycle [ 622.080743][ T34] usb 7-1: new full-speed USB device number 75 using dummy_hcd [ 622.264122][ T34] usb 7-1: too many endpoints for config 0 interface 0 altsetting 254: 254, using maximum allowed: 30 [ 622.268890][ T34] usb 7-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 622.273380][ T34] usb 7-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 622.279087][ T34] usb 7-1: config 0 interface 0 has no altsetting 0 [ 622.281969][ T34] usb 7-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.00 [ 622.285931][ T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 622.291953][ T34] usb 7-1: config 0 descriptor?? [ 622.563814][ T10] usb usb46-port1: unable to enumerate USB device [ 622.771943][ T34] chicony 0003:04F2:1123.0021: invalid report_count 15576 [ 622.776212][ T34] chicony 0003:04F2:1123.0021: item 0 2 1 9 parsing failed [ 622.783405][ T34] chicony 0003:04F2:1123.0021: Chicony hid parse failed: -22 [ 622.786302][ T34] chicony 0003:04F2:1123.0021: probe with driver chicony failed with error -22 [ 622.841804][T15937] futex_wake_op: syz.4.3165 tries to shift op by 32; fix this program [ 623.005317][ T10] usb 7-1: USB disconnect, device number 75 [ 623.007633][T15944] netlink: 830 bytes leftover after parsing attributes in process `syz.0.3166'. [ 623.695751][T15961] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3171'. [ 624.633069][T15974] netlink: 'syz.0.3175': attribute type 4 has an invalid length. [ 625.258631][ T5980] usb 38-1: device descriptor read/8, error -110 [ 625.661558][ T5980] usb usb38-port1: attempt power cycle [ 626.231458][ T5980] usb usb38-port1: unable to enumerate USB device [ 626.454870][T16030] fuse: Bad value for 'user_id' [ 626.459420][T16030] fuse: Bad value for 'user_id' [ 626.628820][T16042] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3183'. [ 626.638684][T16042] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3183'. [ 627.030646][ T5980] usb 9-1: new full-speed USB device number 44 using dummy_hcd [ 627.394649][T16058] syzkaller0: entered promiscuous mode [ 627.396521][T16058] syzkaller0: entered allmulticast mode [ 627.451980][ T5980] usb 9-1: too many endpoints for config 0 interface 0 altsetting 254: 254, using maximum allowed: 30 [ 627.455495][ T5980] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 627.458722][ T5980] usb 9-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 627.462994][ T5980] usb 9-1: config 0 interface 0 has no altsetting 0 [ 627.465427][ T5980] usb 9-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.00 [ 627.468384][ T5980] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 627.472343][ T5980] usb 9-1: config 0 descriptor?? [ 627.520485][T16062] random: crng reseeded on system resumption [ 627.589169][T16063] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 627.593426][T16063] block device autoloading is deprecated and will be removed. [ 627.663841][T16066] futex_wake_op: syz.2.3188 tries to shift op by 32; fix this program [ 627.798948][ T5980] usbhid 9-1:0.0: can't add hid device: -71 [ 627.801057][ T5980] usbhid 9-1:0.0: probe with driver usbhid failed with error -71 [ 627.826043][ T5980] usb 9-1: USB disconnect, device number 44 [ 628.069373][T16074] wg1 speed is unknown, defaulting to 1000 [ 628.121492][T16078] wg1 speed is unknown, defaulting to 1000 [ 628.721733][T16096] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3197'. [ 628.726012][T16096] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3197'. [ 630.118605][T16100] openvswitch: netlink: IP tunnel dst address not specified [ 630.289162][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.938881][T16119] syzkaller0: entered promiscuous mode [ 630.940916][T16119] syzkaller0: entered allmulticast mode [ 631.217180][T16125] wg1 speed is unknown, defaulting to 1000 [ 631.329139][T16139] futex_wake_op: syz.1.3212 tries to shift op by 32; fix this program [ 632.725742][T16173] Invalid logical block size (65024) [ 632.778203][T16178] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3223'. [ 632.986314][T16183] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 632.988913][T16183] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 633.010785][T16183] vhci_hcd vhci_hcd.0: Device attached [ 633.033252][T16183] random: crng reseeded on system resumption [ 633.280779][ T6018] usb 42-1: SetAddress Request (14) to port 0 [ 633.282823][ T6018] usb 42-1: new SuperSpeed USB device number 14 using vhci_hcd [ 633.424550][T16195] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3225'. [ 633.609247][T16185] vhci_hcd: connection reset by peer [ 633.615064][ T81] vhci_hcd vhci_hcd.2: stop threads [ 633.617025][ T81] vhci_hcd vhci_hcd.2: release socket [ 633.619098][ T81] vhci_hcd vhci_hcd.2: disconnect device [ 633.812283][ T10] usb 9-1: new full-speed USB device number 45 using dummy_hcd [ 633.967054][ T10] usb 9-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x3B, changing to 0xB [ 633.975646][ T10] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0xB has invalid maxpacket 32454, setting to 64 [ 633.979226][ T10] usb 9-1: config 0 interface 0 has no altsetting 0 [ 633.992348][ T10] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 633.995249][ T10] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 633.997877][ T10] usb 9-1: Product: syz [ 633.999494][ T10] usb 9-1: Manufacturer: syz [ 634.002614][ T10] usb 9-1: SerialNumber: syz [ 634.006253][ T10] usb 9-1: config 0 descriptor?? [ 634.008411][T16203] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 634.013363][ T10] usb 9-1: selecting invalid altsetting 0 [ 634.286486][T16196] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 634.289854][T16196] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 634.294433][T16196] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 634.298060][T16196] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 634.303330][T16196] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 634.307087][T16196] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 634.310502][T16196] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 634.314313][T16196] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 634.317650][T16196] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 634.321325][T16196] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 634.324655][T16196] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 634.328600][T16196] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 634.477571][T16216] FAULT_INJECTION: forcing a failure. [ 634.477571][T16216] name failslab, interval 1, probability 0, space 0, times 0 [ 634.483170][T16216] CPU: 3 UID: 0 PID: 16216 Comm: syz.0.3231 Tainted: G L syzkaller #0 PREEMPT(full) [ 634.483189][T16216] Tainted: [L]=SOFTLOCKUP [ 634.483204][T16216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 634.483212][T16216] Call Trace: [ 634.483216][T16216] [ 634.483221][T16216] dump_stack_lvl+0x100/0x190 [ 634.483241][T16216] should_fail_ex.cold+0x5/0xa [ 634.483254][T16216] should_failslab+0xc2/0x120 [ 634.483271][T16216] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 634.483285][T16216] ? skb_clone+0x190/0x400 [ 634.483298][T16216] skb_clone+0x190/0x400 [ 634.483309][T16216] pfkey_process+0xc0/0x810 [ 634.483325][T16216] ? trace_contention_end+0x140/0x180 [ 634.483340][T16216] ? __mutex_lock+0x26a/0x1b90 [ 634.483353][T16216] ? __pfx_pfkey_process+0x10/0x10 [ 634.483369][T16216] ? pfkey_sendmsg+0x41a/0x840 [ 634.483393][T16216] ? __pfx___alloc_skb+0x10/0x10 [ 634.483414][T16216] pfkey_sendmsg+0x428/0x840 [ 634.483432][T16216] ____sys_sendmsg+0xa54/0xc30 [ 634.483447][T16216] ? __pfx_____sys_sendmsg+0x10/0x10 [ 634.483467][T16216] ___sys_sendmsg+0x190/0x1e0 [ 634.483488][T16216] ? __pfx____sys_sendmsg+0x10/0x10 [ 634.483519][T16216] __sys_sendmsg+0x170/0x220 [ 634.483530][T16216] ? __pfx___sys_sendmsg+0x10/0x10 [ 634.483545][T16216] ? __pfx_ksys_write+0x10/0x10 [ 634.483563][T16216] __do_fast_syscall_32+0xe3/0x8c0 [ 634.483577][T16216] do_fast_syscall_32+0x32/0x70 [ 634.483589][T16216] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 634.483602][T16216] RIP: 0023:0xf704ef6c [ 634.483611][T16216] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 634.483622][T16216] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 634.483633][T16216] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000680 [ 634.483640][T16216] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 634.483646][T16216] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 634.483652][T16216] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 634.483658][T16216] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 634.483672][T16216] [ 634.562775][ T67] usb 7-1: new high-speed USB device number 76 using dummy_hcd [ 634.714038][ T67] usb 7-1: Using ep0 maxpacket: 32 [ 634.727336][ T67] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 634.731044][ T67] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 634.743176][ T67] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 634.746567][ T67] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 634.749866][ T67] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 634.758032][ T67] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 634.764300][ T67] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 634.767630][ T67] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.929522][ T67] usb 7-1: config 0 descriptor?? [ 635.364436][ T67] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 76 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 635.440227][ T67] usb 7-1: USB disconnect, device number 76 [ 635.467810][ T67] usblp0: removed [ 635.760663][ T67] usb 7-1: new full-speed USB device number 77 using dummy_hcd [ 635.922560][ T67] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 635.926019][ T67] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 635.928900][ T67] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 635.932379][ T67] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 635.935752][ T67] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 635.939843][ T67] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 635.945048][ T6019] usb 6-1: new high-speed USB device number 67 using dummy_hcd [ 635.948552][ T67] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 635.951800][ T67] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.956889][ T67] usb 7-1: config 0 descriptor?? [ 635.959189][T16208] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 636.090602][ T6019] usb 6-1: Using ep0 maxpacket: 8 [ 636.093763][ T6019] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 636.097436][ T6019] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 636.100934][ T6019] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 636.104159][ T6019] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 636.108494][ T6019] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 636.111461][ T6019] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.168551][ T67] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 77 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 636.372706][ C2] usblp0: nonzero read bulk status received: -71 [ 637.102741][T16194] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 637.107367][ T5980] usb 9-1: USB disconnect, device number 45 [ 637.175521][T16241] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 637.293236][T16243] syzkaller0: entered promiscuous mode [ 637.296781][T16243] syzkaller0: entered allmulticast mode [ 637.556856][ T54] usb 7-1: USB disconnect, device number 77 [ 638.361262][ T6018] usb 42-1: device descriptor read/8, error -110 [ 638.571316][T16233] usblp0: removed [ 638.576311][ T6019] usb 6-1: usb_control_msg returned -71 [ 638.578180][ T6019] usbtmc 6-1:16.0: can't read capabilities [ 638.639328][ T6019] usb 6-1: USB disconnect, device number 67 [ 638.771242][T16266] netlink: 7 bytes leftover after parsing attributes in process `syz.0.3244'. [ 638.778237][T16266] netlink: 7 bytes leftover after parsing attributes in process `syz.0.3244'. [ 638.880778][ T6018] usb usb42-port1: attempt power cycle [ 640.201786][ T6018] usb usb42-port1: unable to enumerate USB device [ 640.212056][T16297] xt_cgroup: invalid path, errno=-2 [ 642.880527][T16329] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 642.882707][T16329] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 642.888059][T16329] vhci_hcd vhci_hcd.0: Device attached [ 643.140801][ T67] usb 39-1: new low-speed USB device number 4 using vhci_hcd [ 643.153867][T16338] xt_cgroup: invalid path, errno=-2 [ 643.274612][T16345] /dev/nullb0: Can't open blockdev [ 643.416416][T16348] vxcan1: entered promiscuous mode [ 643.701983][T16330] vhci_hcd: connection reset by peer [ 643.704904][T12128] vhci_hcd vhci_hcd.1: stop threads [ 643.707279][T12128] vhci_hcd vhci_hcd.1: release socket [ 643.709907][T12128] vhci_hcd vhci_hcd.1: disconnect device [ 644.202148][T16356] overlay: ./bus is not a directory [ 644.341965][T16363] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 644.344686][T16363] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 644.348722][T16363] vhci_hcd vhci_hcd.0: Device attached [ 644.361415][ T6019] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 644.416373][T16363] random: crng reseeded on system resumption [ 644.650724][ T39] usb 42-1: SetAddress Request (18) to port 0 [ 644.652866][ T39] usb 42-1: new SuperSpeed USB device number 18 using vhci_hcd [ 644.800678][ T6019] usb 6-1: new full-speed USB device number 68 using dummy_hcd [ 644.952444][ T6019] usb 6-1: too many endpoints for config 0 interface 0 altsetting 254: 254, using maximum allowed: 30 [ 644.957069][ T6019] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 644.962159][ T6019] usb 6-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 644.966848][ T6019] usb 6-1: config 0 interface 0 has no altsetting 0 [ 644.970525][T16364] vhci_hcd: connection reset by peer [ 644.972461][ T1200] vhci_hcd vhci_hcd.2: stop threads [ 644.972538][ T6019] usb 6-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.00 [ 644.974721][ T1200] vhci_hcd vhci_hcd.2: release socket [ 644.977452][ T6019] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.978922][ T6019] usb 6-1: config 0 descriptor?? [ 644.982269][ T1200] vhci_hcd vhci_hcd.2: disconnect device [ 644.988483][T16370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3273'. [ 645.075088][T16373] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3274'. [ 645.599855][ T6019] chicony 0003:04F2:1123.0022: invalid report_count 15576 [ 645.600623][T16384] xt_cgroup: invalid path, errno=-2 [ 645.602471][ T6019] chicony 0003:04F2:1123.0022: item 0 2 1 9 parsing failed [ 645.607251][ T6019] chicony 0003:04F2:1123.0022: Chicony hid parse failed: -22 [ 645.612589][ T6019] chicony 0003:04F2:1123.0022: probe with driver chicony failed with error -22 [ 645.823101][ T6021] usb 6-1: USB disconnect, device number 68 [ 646.153600][T16388] FAULT_INJECTION: forcing a failure. [ 646.153600][T16388] name failslab, interval 1, probability 0, space 0, times 0 [ 646.158741][T16388] CPU: 0 UID: 0 PID: 16388 Comm: syz.0.3278 Tainted: G L syzkaller #0 PREEMPT(full) [ 646.158771][T16388] Tainted: [L]=SOFTLOCKUP [ 646.158777][T16388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 646.158788][T16388] Call Trace: [ 646.158796][T16388] [ 646.158805][T16388] dump_stack_lvl+0x100/0x190 [ 646.158835][T16388] should_fail_ex.cold+0x5/0xa [ 646.158856][T16388] should_failslab+0xc2/0x120 [ 646.158884][T16388] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 646.158909][T16388] ? __alloc_skb+0x140/0x710 [ 646.158940][T16388] __alloc_skb+0x140/0x710 [ 646.158965][T16388] ? __alloc_skb+0x5b7/0x710 [ 646.158991][T16388] ? __pfx___alloc_skb+0x10/0x10 [ 646.159020][T16388] ? __lock_acquire+0x4a5/0x2630 [ 646.159044][T16388] alloc_skb_with_frags+0xe0/0x810 [ 646.159065][T16388] ? __lock_acquire+0x4a5/0x2630 [ 646.159090][T16388] sock_alloc_send_pskb+0x801/0x980 [ 646.159125][T16388] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 646.159150][T16388] ? is_bpf_text_address+0x8a/0x1a0 [ 646.159175][T16388] ? bpf_ksym_find+0x124/0x1c0 [ 646.159193][T16388] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 646.159223][T16388] ? is_bpf_text_address+0x94/0x1a0 [ 646.159252][T16388] unix_dgram_sendmsg+0x3c7/0x1820 [ 646.159279][T16388] ? tomoyo_socket_sendmsg_permission+0x14e/0x3c0 [ 646.159311][T16388] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 646.159341][T16388] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 646.159370][T16388] ? __might_fault+0xc5/0x140 [ 646.159391][T16388] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 646.159416][T16388] ____sys_sendmsg+0xa54/0xc30 [ 646.159447][T16388] ? __pfx_____sys_sendmsg+0x10/0x10 [ 646.159482][T16388] ___sys_sendmsg+0x190/0x1e0 [ 646.159507][T16388] ? __pfx____sys_sendmsg+0x10/0x10 [ 646.159561][T16388] __sys_sendmsg+0x170/0x220 [ 646.159579][T16388] ? __pfx___sys_sendmsg+0x10/0x10 [ 646.159605][T16388] ? __pfx_ksys_write+0x10/0x10 [ 646.159635][T16388] __do_fast_syscall_32+0xe3/0x8c0 [ 646.159660][T16388] do_fast_syscall_32+0x32/0x70 [ 646.159680][T16388] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 646.159703][T16388] RIP: 0023:0xf704ef6c [ 646.159720][T16388] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 646.159737][T16388] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 646.159755][T16388] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000100 [ 646.159767][T16388] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 646.159778][T16388] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 646.159789][T16388] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 646.159799][T16388] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 646.159824][T16388] [ 646.335052][T16392] FAULT_INJECTION: forcing a failure. [ 646.335052][T16392] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 646.339129][T16392] CPU: 0 UID: 0 PID: 16392 Comm: syz.0.3280 Tainted: G L syzkaller #0 PREEMPT(full) [ 646.339148][T16392] Tainted: [L]=SOFTLOCKUP [ 646.339152][T16392] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 646.339158][T16392] Call Trace: [ 646.339163][T16392] [ 646.339167][T16392] dump_stack_lvl+0x100/0x190 [ 646.339188][T16392] should_fail_ex.cold+0x5/0xa [ 646.339201][T16392] _copy_to_user+0x32/0xd0 [ 646.339218][T16392] mptcp_put_subflow_data+0xbb/0x120 [ 646.339234][T16392] mptcp_getsockopt_subflow_addrs+0x274/0x360 [ 646.339250][T16392] ? __pfx_mptcp_getsockopt_subflow_addrs+0x10/0x10 [ 646.339265][T16392] ? __lock_acquire+0x4a5/0x2630 [ 646.339278][T16392] ? __lock_acquire+0x4a5/0x2630 [ 646.339289][T16392] ? mptcp_can_spool_backlog+0x321/0x3e0 [ 646.339302][T16392] ? mptcp_release_cb+0x495/0x710 [ 646.339321][T16392] ? reacquire_held_locks+0xce/0x1e0 [ 646.339333][T16392] ? release_sock+0x21/0x220 [ 646.339344][T16392] ? do_raw_spin_lock+0x128/0x260 [ 646.339359][T16392] ? mptcp_getsockopt+0x16a/0xe50 [ 646.339371][T16392] ? find_held_lock+0x2b/0x80 [ 646.339387][T16392] ? mptcp_getsockopt+0x16a/0xe50 [ 646.339399][T16392] ? mptcp_getsockopt+0x16a/0xe50 [ 646.339413][T16392] ? __local_bh_enable_ip+0x9e/0x120 [ 646.339426][T16392] mptcp_getsockopt+0x570/0xe50 [ 646.339439][T16392] ? __pfx_mptcp_getsockopt+0x10/0x10 [ 646.339452][T16392] ? __lock_acquire+0x4a5/0x2630 [ 646.339464][T16392] ? find_held_lock+0x2b/0x80 [ 646.339482][T16392] ? aa_sock_opt_perm+0xfe/0x1b0 [ 646.339495][T16392] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 646.339508][T16392] do_sock_getsockopt+0x259/0x3d0 [ 646.339522][T16392] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 646.339541][T16392] __sys_getsockopt+0x133/0x1d0 [ 646.339559][T16392] ? ksys_write+0x1ac/0x250 [ 646.339576][T16392] ? __ia32_sys_getsockopt+0xbc/0x160 [ 646.339591][T16392] __ia32_sys_getsockopt+0xbc/0x160 [ 646.339607][T16392] ? __do_fast_syscall_32+0x94/0x8c0 [ 646.339619][T16392] ? lockdep_hardirqs_on+0x78/0x100 [ 646.339630][T16392] __do_fast_syscall_32+0xe3/0x8c0 [ 646.339643][T16392] do_fast_syscall_32+0x32/0x70 [ 646.339655][T16392] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 646.339670][T16392] RIP: 0023:0xf704ef6c [ 646.339683][T16392] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 646.339694][T16392] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 000000000000016d [ 646.339704][T16392] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000011c [ 646.339711][T16392] RDX: 0000000000000003 RSI: 0000000080000040 RDI: 0000000080000140 [ 646.339718][T16392] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 646.339724][T16392] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 646.339730][T16392] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 646.339743][T16392] [ 646.592408][T16402] FAULT_INJECTION: forcing a failure. [ 646.592408][T16402] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 646.596784][T16402] CPU: 1 UID: 0 PID: 16402 Comm: syz.4.3284 Tainted: G L syzkaller #0 PREEMPT(full) [ 646.596802][T16402] Tainted: [L]=SOFTLOCKUP [ 646.596806][T16402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 646.596813][T16402] Call Trace: [ 646.596817][T16402] [ 646.596822][T16402] dump_stack_lvl+0x100/0x190 [ 646.596842][T16402] should_fail_ex.cold+0x5/0xa [ 646.596855][T16402] _copy_from_user+0x2e/0xd0 [ 646.596871][T16402] kstrtouint_from_user+0xd6/0x1d0 [ 646.596883][T16402] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 646.596894][T16402] ? __lock_acquire+0x4a5/0x2630 [ 646.596909][T16402] ? lock_acquire+0x1cf/0x380 [ 646.596927][T16402] proc_fail_nth_write+0x83/0x220 [ 646.596939][T16402] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 646.596954][T16402] vfs_write+0x2aa/0x1070 [ 646.596969][T16402] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 646.596981][T16402] ? __pfx_vfs_write+0x10/0x10 [ 646.596994][T16402] ? find_held_lock+0x2b/0x80 [ 646.597010][T16402] ? __fget_files+0x215/0x3d0 [ 646.597041][T16402] ? __fget_files+0x21f/0x3d0 [ 646.597059][T16402] ksys_write+0x12a/0x250 [ 646.597073][T16402] ? __pfx_ksys_write+0x10/0x10 [ 646.597092][T16402] do_int80_emulation+0x141/0x6b0 [ 646.597106][T16402] asm_int80_emulation+0x1a/0x20 [ 646.597117][T16402] RIP: 0023:0xf7185b6b [ 646.597127][T16402] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 646.597138][T16402] RSP: 002b:00000000f54464bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 646.597148][T16402] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f54465d0 [ 646.597155][T16402] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 646.597161][T16402] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 646.597167][T16402] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 646.597174][T16402] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 646.597188][T16402] [ 646.707788][T16405] futex_wake_op: syz.4.3286 tries to shift op by 32; fix this program [ 646.723763][T16405] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3286'. [ 647.318476][T16413] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3286'. [ 647.381561][T16414] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3287'. [ 647.590868][T16421] FAULT_INJECTION: forcing a failure. [ 647.590868][T16421] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 647.595923][T16421] CPU: 1 UID: 0 PID: 16421 Comm: syz.1.3289 Tainted: G L syzkaller #0 PREEMPT(full) [ 647.595943][T16421] Tainted: [L]=SOFTLOCKUP [ 647.595947][T16421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 647.595953][T16421] Call Trace: [ 647.595957][T16421] [ 647.595962][T16421] dump_stack_lvl+0x100/0x190 [ 647.595982][T16421] should_fail_ex.cold+0x5/0xa [ 647.595995][T16421] strncpy_from_user+0x3b/0x2d0 [ 647.596013][T16421] do_getname+0x78/0x390 [ 647.596025][T16421] do_sys_openat2+0xc5/0x1e0 [ 647.596037][T16421] ? __pfx_do_sys_openat2+0x10/0x10 [ 647.596048][T16421] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 647.596063][T16421] ? __fget_files+0x21f/0x3d0 [ 647.596080][T16421] __ia32_compat_sys_openat+0x12d/0x210 [ 647.596093][T16421] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 647.596106][T16421] ? ksys_write+0x1ac/0x250 [ 647.596124][T16421] do_int80_emulation+0x141/0x6b0 [ 647.596138][T16421] asm_int80_emulation+0x1a/0x20 [ 647.596150][T16421] RIP: 0023:0xf7115b6b [ 647.596159][T16421] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 647.596169][T16421] RSP: 002b:00000000f53d603c EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 647.596180][T16421] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f53d6100 [ 647.596187][T16421] RDX: 0000000000002201 RSI: 0000000000000000 RDI: 0000000000000000 [ 647.596193][T16421] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 647.596199][T16421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 647.596206][T16421] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 647.596219][T16421] [ 648.270707][ T67] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 648.614962][T16427] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 648.707031][T16405] batadv_slave_1: entered promiscuous mode [ 648.709997][T16405] macsec1: entered promiscuous mode [ 648.712479][T16405] macsec1: entered allmulticast mode [ 648.714752][T16405] batadv_slave_1: entered allmulticast mode [ 648.718937][T16405] batadv_slave_1: left allmulticast mode [ 648.721465][T16405] batadv_slave_1: left promiscuous mode [ 648.801152][T16434] binder: 16433:16434 ioctl c0306201 800002c0 returned -14 [ 648.825004][T16438] xt_cgroup: invalid path, errno=-2 [ 648.846813][T16440] random: crng reseeded on system resumption [ 648.932809][T16447] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 648.940752][T16447] CIFS mount error: No usable UNC path provided in device string! [ 648.940752][T16447] [ 648.943896][T16447] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 649.103906][T16448] fuse: Bad value for 'fd' [ 649.375765][T16451] FAULT_INJECTION: forcing a failure. [ 649.375765][T16451] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 649.381841][T16451] CPU: 2 UID: 0 PID: 16451 Comm: syz.0.3301 Tainted: G L syzkaller #0 PREEMPT(full) [ 649.381871][T16451] Tainted: [L]=SOFTLOCKUP [ 649.381878][T16451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 649.381889][T16451] Call Trace: [ 649.381896][T16451] [ 649.381904][T16451] dump_stack_lvl+0x100/0x190 [ 649.381935][T16451] should_fail_ex.cold+0x5/0xa [ 649.381956][T16451] strncpy_from_user+0x3b/0x2d0 [ 649.381983][T16451] do_getname+0x78/0x390 [ 649.382001][T16451] do_sys_openat2+0xc5/0x1e0 [ 649.382017][T16451] ? __pfx_do_sys_openat2+0x10/0x10 [ 649.382035][T16451] ? __fget_files+0x21f/0x3d0 [ 649.382058][T16451] __ia32_sys_creat+0xcb/0x120 [ 649.382075][T16451] ? __pfx___ia32_sys_creat+0x10/0x10 [ 649.382090][T16451] ? ksys_write+0x1ac/0x250 [ 649.382113][T16451] ? __do_fast_syscall_32+0x94/0x8c0 [ 649.382132][T16451] __do_fast_syscall_32+0xe3/0x8c0 [ 649.382152][T16451] do_fast_syscall_32+0x32/0x70 [ 649.382190][T16451] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 649.382213][T16451] RIP: 0023:0xf704ef6c [ 649.382229][T16451] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 649.382246][T16451] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000008 [ 649.382263][T16451] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 0000000000000090 [ 649.382274][T16451] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 649.382284][T16451] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 649.382294][T16451] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 649.382304][T16451] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 649.382377][T16451] [ 649.626449][T16462] syzkaller0: entered promiscuous mode [ 649.628268][T16462] syzkaller0: entered allmulticast mode [ 649.704066][T16462] FAULT_INJECTION: forcing a failure. [ 649.704066][T16462] name failslab, interval 1, probability 0, space 0, times 0 [ 649.720642][T16462] CPU: 3 UID: 0 PID: 16462 Comm: syz.4.3305 Tainted: G L syzkaller #0 PREEMPT(full) [ 649.720663][T16462] Tainted: [L]=SOFTLOCKUP [ 649.720667][T16462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 649.720673][T16462] Call Trace: [ 649.720678][T16462] [ 649.720682][T16462] dump_stack_lvl+0x100/0x190 [ 649.720717][T16462] should_fail_ex.cold+0x5/0xa [ 649.720730][T16462] should_failslab+0xc2/0x120 [ 649.720747][T16462] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 649.720762][T16462] ? __alloc_skb+0x140/0x710 [ 649.720781][T16462] __alloc_skb+0x140/0x710 [ 649.720796][T16462] ? __alloc_skb+0x5b7/0x710 [ 649.720811][T16462] ? __pfx___alloc_skb+0x10/0x10 [ 649.720831][T16462] alloc_skb_with_frags+0xe0/0x810 [ 649.720846][T16462] sock_alloc_send_pskb+0x801/0x980 [ 649.720863][T16462] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 649.720883][T16462] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 649.720899][T16462] ? find_held_lock+0x2b/0x80 [ 649.720915][T16462] ? dev_get_by_index+0x180/0x380 [ 649.720931][T16462] ? dev_get_by_index+0x180/0x380 [ 649.720951][T16462] packet_sendmsg+0x20e0/0x53c0 [ 649.720973][T16462] ? __pfx___might_resched+0x10/0x10 [ 649.720991][T16462] ? aa_sk_perm+0x2de/0xb40 [ 649.721007][T16462] ? __pfx_packet_sendmsg+0x10/0x10 [ 649.721020][T16462] ? __pfx_aa_sk_perm+0x10/0x10 [ 649.721033][T16462] ? __might_fault+0xc5/0x140 [ 649.721050][T16462] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 649.721065][T16462] __sys_sendto+0x4aa/0x520 [ 649.721082][T16462] ? __pfx___sys_sendto+0x10/0x10 [ 649.721102][T16462] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 649.721120][T16462] ? fput+0x79/0x100 [ 649.721130][T16462] ? ksys_write+0x1ac/0x250 [ 649.721146][T16462] __ia32_sys_sendto+0xdd/0x1b0 [ 649.721161][T16462] ? __do_fast_syscall_32+0x94/0x8c0 [ 649.721173][T16462] ? lockdep_hardirqs_on+0x78/0x100 [ 649.721184][T16462] __do_fast_syscall_32+0xe3/0x8c0 [ 649.721197][T16462] do_fast_syscall_32+0x32/0x70 [ 649.721209][T16462] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 649.721224][T16462] RIP: 0023:0xf7f83f6c [ 649.721233][T16462] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 649.721244][T16462] RSP: 002b:00000000f544650c EFLAGS: 00000292 ORIG_RAX: 0000000000000171 [ 649.721255][T16462] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000240 [ 649.721262][T16462] RDX: 00000000000005ea RSI: 0000000002000041 RDI: 0000000080000080 [ 649.721268][T16462] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000000 [ 649.721274][T16462] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 649.721281][T16462] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 649.721294][T16462] [ 649.722117][ T39] usb 42-1: device descriptor read/8, error -110 [ 649.931070][T16472] random: crng reseeded on system resumption [ 650.069755][T16477] FAULT_INJECTION: forcing a failure. [ 650.069755][T16477] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 650.074267][T16477] CPU: 2 UID: 0 PID: 16477 Comm: syz.2.3308 Tainted: G L syzkaller #0 PREEMPT(full) [ 650.074286][T16477] Tainted: [L]=SOFTLOCKUP [ 650.074290][T16477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 650.074297][T16477] Call Trace: [ 650.074325][T16477] [ 650.074334][T16477] dump_stack_lvl+0x100/0x190 [ 650.074355][T16477] should_fail_ex.cold+0x5/0xa [ 650.074368][T16477] _copy_from_user+0x2e/0xd0 [ 650.074384][T16477] bpf_map_get_info_by_fd.isra.0+0x15b/0x720 [ 650.074402][T16477] ? __pfx_bpf_map_get_info_by_fd.isra.0+0x10/0x10 [ 650.074417][T16477] ? find_held_lock+0x2b/0x80 [ 650.074433][T16477] ? __fget_files+0x215/0x3d0 [ 650.074455][T16477] __sys_bpf+0x3c5b/0x4b90 [ 650.074467][T16477] ? __pfx___sys_bpf+0x10/0x10 [ 650.074478][T16477] ? proc_fail_nth_write+0x9f/0x220 [ 650.074489][T16477] ? find_held_lock+0x2b/0x80 [ 650.074507][T16477] ? find_held_lock+0x2b/0x80 [ 650.074523][T16477] ? ksys_write+0x190/0x250 [ 650.074540][T16477] ? __mutex_unlock_slowpath+0x15c/0x790 [ 650.074560][T16477] ? fput+0x79/0x100 [ 650.074570][T16477] ? ksys_write+0x1ac/0x250 [ 650.074586][T16477] __ia32_sys_bpf+0x79/0xf0 [ 650.074597][T16477] ? lockdep_hardirqs_on+0x78/0x100 [ 650.074608][T16477] __do_fast_syscall_32+0xe3/0x8c0 [ 650.074621][T16477] do_fast_syscall_32+0x32/0x70 [ 650.074633][T16477] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 650.074647][T16477] RIP: 0023:0xf70aef6c [ 650.074670][T16477] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 650.074680][T16477] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 650.074692][T16477] RAX: ffffffffffffffda RBX: 000000000000000f RCX: 0000000080000280 [ 650.074698][T16477] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 650.074704][T16477] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 650.074710][T16477] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 650.074716][T16477] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 650.074730][T16477] [ 650.169604][T16476] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 650.172407][T16476] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 650.178954][T16476] vhci_hcd vhci_hcd.0: Device attached [ 650.205301][T16476] random: crng reseeded on system resumption [ 650.244711][T12356] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 650.253884][T12356] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 650.291115][ T39] usb usb42-port1: attempt power cycle [ 650.373241][T16489] FAULT_INJECTION: forcing a failure. [ 650.373241][T16489] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 650.379986][T16489] CPU: 3 UID: 0 PID: 16489 Comm: syz.2.3313 Tainted: G L syzkaller #0 PREEMPT(full) [ 650.380013][T16489] Tainted: [L]=SOFTLOCKUP [ 650.380019][T16489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 650.380027][T16489] Call Trace: [ 650.380034][T16489] [ 650.380041][T16489] dump_stack_lvl+0x100/0x190 [ 650.380069][T16489] should_fail_ex.cold+0x5/0xa [ 650.380089][T16489] _copy_from_iter+0x1f4/0x1690 [ 650.380117][T16489] ? alloc_pages_mpol+0x25a/0x550 [ 650.380140][T16489] ? __pfx__copy_from_iter+0x10/0x10 [ 650.380161][T16489] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 650.380194][T16489] copy_page_from_iter+0xde/0x180 [ 650.380219][T16489] tun_build_skb.constprop.0+0x2ea/0x15d0 [ 650.380248][T16489] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 650.380272][T16489] ? __lock_acquire+0x4a5/0x2630 [ 650.380303][T16489] ? find_held_lock+0x2b/0x80 [ 650.380326][T16489] ? aa_file_perm+0x268/0x1530 [ 650.380354][T16489] tun_get_user+0x16d0/0x3e10 [ 650.380390][T16489] ? __pfx_tun_get_user+0x10/0x10 [ 650.380411][T16489] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 650.380444][T16489] ? find_held_lock+0x2b/0x80 [ 650.380466][T16489] ? tun_get+0x191/0x370 [ 650.380482][T16489] ? tun_get+0x191/0x370 [ 650.380506][T16489] tun_chr_write_iter+0xdc/0x200 [ 650.380528][T16489] vfs_write+0x6ac/0x1070 [ 650.380566][T16489] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 650.380589][T16489] ? __pfx_vfs_write+0x10/0x10 [ 650.380608][T16489] ? find_held_lock+0x2b/0x80 [ 650.380647][T16489] ksys_write+0x12a/0x250 [ 650.380668][T16489] ? __pfx_ksys_write+0x10/0x10 [ 650.380697][T16489] do_int80_emulation+0x141/0x6b0 [ 650.380719][T16489] asm_int80_emulation+0x1a/0x20 [ 650.380736][T16489] RIP: 0023:0xf71e5b6b [ 650.380750][T16489] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 650.380764][T16489] RSP: 002b:00000000f549d44c EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 650.380780][T16489] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000080 [ 650.380790][T16489] RDX: 0000000000000036 RSI: 0000000000000000 RDI: 0000000000000000 [ 650.380800][T16489] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 650.380809][T16489] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 650.380818][T16489] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 650.380839][T16489] [ 650.510750][ T6021] usb 38-1: SetAddress Request (22) to port 0 [ 650.513065][ T6021] usb 38-1: new SuperSpeed USB device number 22 using vhci_hcd [ 650.592577][ T6018] usb 6-1: new full-speed USB device number 69 using dummy_hcd [ 650.730649][T16481] vhci_hcd: connection reset by peer [ 650.733202][ T81] vhci_hcd vhci_hcd.0: stop threads [ 650.736014][ T81] vhci_hcd vhci_hcd.0: release socket [ 650.738639][ T81] vhci_hcd vhci_hcd.0: disconnect device [ 650.752709][ T6018] usb 6-1: too many endpoints for config 0 interface 0 altsetting 254: 254, using maximum allowed: 30 [ 650.760710][ T6018] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 650.764836][ T6018] usb 6-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 650.781128][ T6018] usb 6-1: config 0 interface 0 has no altsetting 0 [ 650.783960][ T6018] usb 6-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.00 [ 650.787764][ T6018] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.806748][ T6018] usb 6-1: config 0 descriptor?? [ 651.042767][ T39] usb usb42-port1: unable to enumerate USB device [ 651.295778][ T6018] chicony 0003:04F2:1123.0023: invalid report_count 15576 [ 651.310706][ T6018] chicony 0003:04F2:1123.0023: item 0 2 1 9 parsing failed [ 651.314462][ T6018] chicony 0003:04F2:1123.0023: Chicony hid parse failed: -22 [ 651.317779][ T6018] chicony 0003:04F2:1123.0023: probe with driver chicony failed with error -22 [ 651.530143][ T10] usb 6-1: USB disconnect, device number 69 [ 651.782055][T16508] xt_TPROXY: Can be used only with -p tcp or -p udp [ 651.878631][T16517] random: crng reseeded on system resumption [ 652.193954][T16536] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3325'. [ 652.224845][T16538] futex_wake_op: syz.1.3326 tries to shift op by 32; fix this program [ 652.315400][T16547] random: crng reseeded on system resumption [ 654.549969][T16563] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3333'. [ 655.509895][T16581] FAULT_INJECTION: forcing a failure. [ 655.509895][T16581] name failslab, interval 1, probability 0, space 0, times 0 [ 655.514896][T16581] CPU: 3 UID: 0 PID: 16581 Comm: syz.2.3341 Tainted: G L syzkaller #0 PREEMPT(full) [ 655.514915][T16581] Tainted: [L]=SOFTLOCKUP [ 655.514919][T16581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 655.514926][T16581] Call Trace: [ 655.514930][T16581] [ 655.514935][T16581] dump_stack_lvl+0x100/0x190 [ 655.514955][T16581] should_fail_ex.cold+0x5/0xa [ 655.514969][T16581] ? tomoyo_encode2+0xfb/0x3c0 [ 655.514984][T16581] should_failslab+0xc2/0x120 [ 655.515001][T16581] __kmalloc_noprof+0xe0/0x850 [ 655.515014][T16581] ? d_absolute_path+0x136/0x1b0 [ 655.515029][T16581] tomoyo_encode2+0xfb/0x3c0 [ 655.515047][T16581] tomoyo_encode+0x29/0x50 [ 655.515062][T16581] tomoyo_realpath_from_path+0x18c/0x690 [ 655.515082][T16581] tomoyo_path_number_perm+0x23c/0x580 [ 655.515096][T16581] ? tomoyo_path_number_perm+0x22e/0x580 [ 655.515111][T16581] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 655.515139][T16581] ? find_held_lock+0x2b/0x80 [ 655.515155][T16581] ? hook_file_ioctl_common+0x146/0x410 [ 655.515169][T16581] ? __fget_files+0x215/0x3d0 [ 655.515186][T16581] ? __fget_files+0x21f/0x3d0 [ 655.515203][T16581] security_file_ioctl_compat+0xd3/0x230 [ 655.515219][T16581] __ia32_compat_sys_ioctl+0xc2/0x360 [ 655.515235][T16581] __do_fast_syscall_32+0xe3/0x8c0 [ 655.515248][T16581] do_fast_syscall_32+0x32/0x70 [ 655.515266][T16581] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 655.515281][T16581] RIP: 0023:0xf70aef6c [ 655.515290][T16581] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 655.515301][T16581] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 655.515312][T16581] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000720 [ 655.515319][T16581] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 655.515325][T16581] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 655.515331][T16581] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 655.515338][T16581] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 655.515359][T16581] [ 655.515374][T16581] ERROR: Out of memory at tomoyo_realpath_from_path. [ 655.570138][T16583] random: crng reseeded on system resumption [ 655.570874][ T6021] usb 38-1: device descriptor read/8, error -110 [ 655.686639][T16589] FAULT_INJECTION: forcing a failure. [ 655.686639][T16589] name failslab, interval 1, probability 0, space 0, times 0 [ 655.690742][T16589] CPU: 3 UID: 0 PID: 16589 Comm: syz.1.3345 Tainted: G L syzkaller #0 PREEMPT(full) [ 655.690766][T16589] Tainted: [L]=SOFTLOCKUP [ 655.690770][T16589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 655.690777][T16589] Call Trace: [ 655.690782][T16589] [ 655.690786][T16589] dump_stack_lvl+0x100/0x190 [ 655.690809][T16589] should_fail_ex.cold+0x5/0xa [ 655.690829][T16589] should_failslab+0xc2/0x120 [ 655.690853][T16589] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 655.690873][T16589] ? __alloc_skb+0x140/0x710 [ 655.690893][T16589] __alloc_skb+0x140/0x710 [ 655.690915][T16589] ? __alloc_skb+0x5b7/0x710 [ 655.690938][T16589] ? __pfx___alloc_skb+0x10/0x10 [ 655.690979][T16589] netlink_alloc_large_skb+0x69/0x150 [ 655.690997][T16589] netlink_sendmsg+0x680/0xda0 [ 655.691020][T16589] ? __pfx_netlink_sendmsg+0x10/0x10 [ 655.691040][T16589] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 655.691063][T16589] ____sys_sendmsg+0xa54/0xc30 [ 655.691080][T16589] ? __pfx_____sys_sendmsg+0x10/0x10 [ 655.691111][T16589] ___sys_sendmsg+0x190/0x1e0 [ 655.691133][T16589] ? __pfx____sys_sendmsg+0x10/0x10 [ 655.691173][T16589] __sys_sendmsg+0x170/0x220 [ 655.691190][T16589] ? __pfx___sys_sendmsg+0x10/0x10 [ 655.691214][T16589] ? __pfx_ksys_write+0x10/0x10 [ 655.691240][T16589] __do_fast_syscall_32+0xe3/0x8c0 [ 655.691256][T16589] do_fast_syscall_32+0x32/0x70 [ 655.691274][T16589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 655.691295][T16589] RIP: 0023:0xf7f18f6c [ 655.691309][T16589] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 655.691324][T16589] RSP: 002b:00000000f53d650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 655.691337][T16589] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 655.691348][T16589] RDX: 000000000000c000 RSI: 0000000000000000 RDI: 0000000000000000 [ 655.691358][T16589] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 655.691367][T16589] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 655.691377][T16589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 655.691399][T16589] [ 655.737095][T16592] netlink: 168 bytes leftover after parsing attributes in process `syz.1.3346'. [ 656.092521][T16610] FAULT_INJECTION: forcing a failure. [ 656.092521][T16610] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 656.093325][ T6021] usb usb38-port1: attempt power cycle [ 656.099226][T16610] CPU: 0 UID: 0 PID: 16610 Comm: syz.0.3351 Tainted: G L syzkaller #0 PREEMPT(full) [ 656.099277][T16610] Tainted: [L]=SOFTLOCKUP [ 656.099283][T16610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 656.099298][T16610] Call Trace: [ 656.099304][T16610] [ 656.099310][T16610] dump_stack_lvl+0x100/0x190 [ 656.099340][T16610] should_fail_ex.cold+0x5/0xa [ 656.099360][T16610] _copy_from_user+0x2e/0xd0 [ 656.099383][T16610] get_compat_msghdr+0xb3/0x4b0 [ 656.099408][T16610] ? __pfx_get_compat_msghdr+0x10/0x10 [ 656.099435][T16610] ? ___sys_recvmsg+0x177/0x1a0 [ 656.099454][T16610] ? kfree+0x2ec/0x6b0 [ 656.099474][T16610] ___sys_recvmsg+0x193/0x1a0 [ 656.099495][T16610] ? __pfx____sys_recvmsg+0x10/0x10 [ 656.099517][T16610] ? lockdep_hardirqs_on+0x78/0x100 [ 656.099543][T16610] ? __pfx___might_resched+0x10/0x10 [ 656.099564][T16610] ? do_recvmmsg+0x1f8/0x760 [ 656.099583][T16610] ? do_recvmmsg+0x205/0x760 [ 656.099605][T16610] do_recvmmsg+0x563/0x760 [ 656.099628][T16610] ? __pfx_do_recvmmsg+0x10/0x10 [ 656.099651][T16610] ? ksys_write+0x190/0x250 [ 656.099672][T16610] ? ksys_write+0x190/0x250 [ 656.099700][T16610] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 656.099723][T16610] __sys_recvmmsg+0x21f/0x270 [ 656.099740][T16610] ? __pfx___sys_recvmmsg+0x10/0x10 [ 656.099758][T16610] ? ksys_write+0x1ac/0x250 [ 656.099781][T16610] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 656.099799][T16610] ? __do_fast_syscall_32+0x94/0x8c0 [ 656.099817][T16610] ? lockdep_hardirqs_on+0x78/0x100 [ 656.099832][T16610] __do_fast_syscall_32+0xe3/0x8c0 [ 656.099852][T16610] do_fast_syscall_32+0x32/0x70 [ 656.099870][T16610] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 656.099890][T16610] RIP: 0023:0xf704ef6c [ 656.099904][T16610] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 656.099919][T16610] RSP: 002b:00000000f541c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000151 [ 656.099936][T16610] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000400 [ 656.099946][T16610] RDX: 0000000000000f00 RSI: 0000000000000000 RDI: 0000000000000000 [ 656.099955][T16610] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 656.099965][T16610] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 656.099974][T16610] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 656.099995][T16610] [ 656.806851][ T6021] usb usb38-port1: unable to enumerate USB device [ 656.900285][T16619] FAULT_INJECTION: forcing a failure. [ 656.900285][T16619] name failslab, interval 1, probability 0, space 0, times 0 [ 656.936365][T16619] CPU: 3 UID: 0 PID: 16619 Comm: syz.0.3355 Tainted: G L syzkaller #0 PREEMPT(full) [ 656.936397][T16619] Tainted: [L]=SOFTLOCKUP [ 656.936403][T16619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 656.936414][T16619] Call Trace: [ 656.936420][T16619] [ 656.936428][T16619] dump_stack_lvl+0x100/0x190 [ 656.936459][T16619] should_fail_ex.cold+0x5/0xa [ 656.936480][T16619] ? tomoyo_encode2+0xfb/0x3c0 [ 656.936505][T16619] should_failslab+0xc2/0x120 [ 656.936537][T16619] __kmalloc_noprof+0xe0/0x850 [ 656.936557][T16619] ? d_absolute_path+0x136/0x1b0 [ 656.936582][T16619] tomoyo_encode2+0xfb/0x3c0 [ 656.936612][T16619] tomoyo_encode+0x29/0x50 [ 656.936638][T16619] tomoyo_realpath_from_path+0x18c/0x690 [ 656.936670][T16619] tomoyo_path_number_perm+0x23c/0x580 [ 656.936692][T16619] ? tomoyo_path_number_perm+0x22e/0x580 [ 656.936717][T16619] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 656.936764][T16619] ? find_held_lock+0x2b/0x80 [ 656.936790][T16619] ? hook_file_ioctl_common+0x146/0x410 [ 656.936812][T16619] ? __fget_files+0x215/0x3d0 [ 656.936840][T16619] ? __fget_files+0x21f/0x3d0 [ 656.936866][T16619] security_file_ioctl_compat+0xd3/0x230 [ 656.936892][T16619] __ia32_compat_sys_ioctl+0xc2/0x360 [ 656.936917][T16619] __do_fast_syscall_32+0xe3/0x8c0 [ 656.936938][T16619] do_fast_syscall_32+0x32/0x70 [ 656.936958][T16619] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 656.936980][T16619] RIP: 0023:0xf704ef6c [ 656.936995][T16619] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 656.937011][T16619] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 656.937028][T16619] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040383d0c [ 656.937039][T16619] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 656.937050][T16619] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 656.937060][T16619] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 656.937071][T16619] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 656.937095][T16619] [ 656.937114][T16619] ERROR: Out of memory at tomoyo_realpath_from_path. [ 657.025362][T16623] FAULT_INJECTION: forcing a failure. [ 657.025362][T16623] name failslab, interval 1, probability 0, space 0, times 0 [ 657.028113][T12128] Bluetooth: hci2: received HCILL_GO_TO_SLEEP_ACK in state 1 [ 657.031120][T16623] CPU: 0 UID: 0 PID: 16623 Comm: syz.1.3357 Tainted: G L syzkaller #0 PREEMPT(full) [ 657.031139][T16623] Tainted: [L]=SOFTLOCKUP [ 657.031143][T16623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 657.031150][T16623] Call Trace: [ 657.031155][T16623] [ 657.031159][T16623] dump_stack_lvl+0x100/0x190 [ 657.031179][T16623] should_fail_ex.cold+0x5/0xa [ 657.031192][T16623] ? tomoyo_encode2+0xfb/0x3c0 [ 657.031208][T16623] should_failslab+0xc2/0x120 [ 657.031225][T16623] __kmalloc_noprof+0xe0/0x850 [ 657.031238][T16623] ? d_absolute_path+0x136/0x1b0 [ 657.031253][T16623] tomoyo_encode2+0xfb/0x3c0 [ 657.031271][T16623] tomoyo_encode+0x29/0x50 [ 657.031290][T16623] tomoyo_realpath_from_path+0x18c/0x690 [ 657.031310][T16623] tomoyo_path_number_perm+0x23c/0x580 [ 657.031324][T16623] ? tomoyo_path_number_perm+0x22e/0x580 [ 657.031340][T16623] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 657.031368][T16623] ? find_held_lock+0x2b/0x80 [ 657.031384][T16623] ? hook_file_ioctl_common+0x146/0x410 [ 657.031398][T16623] ? __fget_files+0x215/0x3d0 [ 657.031415][T16623] ? __fget_files+0x21f/0x3d0 [ 657.031431][T16623] security_file_ioctl_compat+0xd3/0x230 [ 657.031448][T16623] __ia32_compat_sys_ioctl+0xc2/0x360 [ 657.031463][T16623] __do_fast_syscall_32+0xe3/0x8c0 [ 657.031477][T16623] do_fast_syscall_32+0x32/0x70 [ 657.031489][T16623] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 657.031503][T16623] RIP: 0023:0xf7f18f6c [ 657.031512][T16623] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 657.031523][T16623] RSP: 002b:00000000f53d650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 657.031533][T16623] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005412 [ 657.031540][T16623] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 657.031546][T16623] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 657.031552][T16623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 657.031558][T16623] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 657.031572][T16623] [ 657.031584][T16623] ERROR: Out of memory at tomoyo_realpath_from_path. [ 657.036423][T12128] Bluetooth: hci2: Frame reassembly failed (-84) [ 657.063243][T16625] FAULT_INJECTION: forcing a failure. [ 657.063243][T16625] name failslab, interval 1, probability 0, space 0, times 0 [ 657.075129][T16623] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 657.075365][T16625] CPU: 2 UID: 0 PID: 16625 Comm: syz.4.3358 Tainted: G L syzkaller #0 PREEMPT(full) [ 657.075383][T16625] Tainted: [L]=SOFTLOCKUP [ 657.075387][T16625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 657.075394][T16625] Call Trace: [ 657.075399][T16625] [ 657.075403][T16625] dump_stack_lvl+0x100/0x190 [ 657.075424][T16625] should_fail_ex.cold+0x5/0xa [ 657.075437][T16625] ? tomoyo_encode2+0xfb/0x3c0 [ 657.075453][T16625] should_failslab+0xc2/0x120 [ 657.075470][T16625] __kmalloc_noprof+0xe0/0x850 [ 657.075483][T16625] ? d_absolute_path+0x136/0x1b0 [ 657.075498][T16625] tomoyo_encode2+0xfb/0x3c0 [ 657.075516][T16625] tomoyo_encode+0x29/0x50 [ 657.075532][T16625] tomoyo_realpath_from_path+0x18c/0x690 [ 657.075552][T16625] tomoyo_path_number_perm+0x23c/0x580 [ 657.075566][T16625] ? tomoyo_path_number_perm+0x22e/0x580 [ 657.075583][T16625] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 657.075611][T16625] ? find_held_lock+0x2b/0x80 [ 657.075628][T16625] ? hook_file_ioctl_common+0x146/0x410 [ 657.075642][T16625] ? __fget_files+0x215/0x3d0 [ 657.075659][T16625] ? __fget_files+0x21f/0x3d0 [ 657.075676][T16625] security_file_ioctl_compat+0xd3/0x230 [ 657.075692][T16625] __ia32_compat_sys_ioctl+0xc2/0x360 [ 657.075708][T16625] __do_fast_syscall_32+0xe3/0x8c0 [ 657.075723][T16625] do_fast_syscall_32+0x32/0x70 [ 657.075735][T16625] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 657.075749][T16625] RIP: 0023:0xf7f83f6c [ 657.075758][T16625] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 657.075769][T16625] RSP: 002b:00000000f544650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 657.075780][T16625] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000000007a8 [ 657.075787][T16625] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000 [ 657.075793][T16625] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 657.075799][T16625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 657.075805][T16625] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 657.075825][T16625] [ 657.075840][T16625] ERROR: Out of memory at tomoyo_realpath_from_path. [ 657.246602][T16635] random: crng reseeded on system resumption [ 657.474116][T16644] FAULT_INJECTION: forcing a failure. [ 657.474116][T16644] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 657.484139][T16644] CPU: 0 UID: 0 PID: 16644 Comm: syz.0.3363 Tainted: G L syzkaller #0 PREEMPT(full) [ 657.484195][T16644] Tainted: [L]=SOFTLOCKUP [ 657.484202][T16644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 657.484213][T16644] Call Trace: [ 657.484220][T16644] [ 657.484227][T16644] dump_stack_lvl+0x100/0x190 [ 657.484256][T16644] should_fail_ex.cold+0x5/0xa [ 657.484276][T16644] strncpy_from_user+0x3b/0x2d0 [ 657.484302][T16644] do_getname+0x78/0x390 [ 657.484321][T16644] do_sys_openat2+0xc5/0x1e0 [ 657.484339][T16644] ? __pfx_do_sys_openat2+0x10/0x10 [ 657.484360][T16644] ? __fget_files+0x21f/0x3d0 [ 657.484388][T16644] __ia32_sys_creat+0xcb/0x120 [ 657.484408][T16644] ? __pfx___ia32_sys_creat+0x10/0x10 [ 657.484427][T16644] ? ksys_write+0x1ac/0x250 [ 657.484454][T16644] ? __do_fast_syscall_32+0x94/0x8c0 [ 657.484484][T16644] __do_fast_syscall_32+0xe3/0x8c0 [ 657.484505][T16644] do_fast_syscall_32+0x32/0x70 [ 657.484524][T16644] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 657.484545][T16644] RIP: 0023:0xf704ef6c [ 657.484560][T16644] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 657.484575][T16644] RSP: 002b:00000000f541c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000008 [ 657.484590][T16644] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 0000000000000090 [ 657.484599][T16644] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 657.484607][T16644] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 657.484615][T16644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 657.484623][T16644] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 657.484641][T16644] [ 657.653850][T16645] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 657.655961][T16645] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 657.659025][T16645] vhci_hcd vhci_hcd.0: Device attached [ 657.940732][ T6021] usb 46-1: SetAddress Request (18) to port 0 [ 657.942790][ T6021] usb 46-1: new SuperSpeed USB device number 18 using vhci_hcd [ 658.100584][T16649] vhci_hcd: connection reset by peer [ 658.103024][T12356] vhci_hcd vhci_hcd.4: stop threads [ 658.105125][T12356] vhci_hcd vhci_hcd.4: release socket [ 658.111441][T12356] vhci_hcd vhci_hcd.4: disconnect device [ 658.318844][T16655] FAULT_INJECTION: forcing a failure. [ 658.318844][T16655] name failslab, interval 1, probability 0, space 0, times 0 [ 658.324186][T16655] CPU: 2 UID: 0 PID: 16655 Comm: syz.2.3365 Tainted: G L syzkaller #0 PREEMPT(full) [ 658.324216][T16655] Tainted: [L]=SOFTLOCKUP [ 658.324221][T16655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 658.324227][T16655] Call Trace: [ 658.324231][T16655] [ 658.324236][T16655] dump_stack_lvl+0x100/0x190 [ 658.324255][T16655] should_fail_ex.cold+0x5/0xa [ 658.324268][T16655] ? tomoyo_encode2+0xfb/0x3c0 [ 658.324284][T16655] should_failslab+0xc2/0x120 [ 658.324300][T16655] __kmalloc_noprof+0xe0/0x850 [ 658.324317][T16655] tomoyo_encode2+0xfb/0x3c0 [ 658.324337][T16655] tomoyo_encode+0x29/0x50 [ 658.324353][T16655] tomoyo_realpath_from_path+0x18c/0x690 [ 658.324373][T16655] tomoyo_path_number_perm+0x23c/0x580 [ 658.324386][T16655] ? tomoyo_path_number_perm+0x22e/0x580 [ 658.324402][T16655] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 658.324430][T16655] ? find_held_lock+0x2b/0x80 [ 658.324446][T16655] ? hook_file_ioctl_common+0x146/0x410 [ 658.324461][T16655] ? __fget_files+0x215/0x3d0 [ 658.324478][T16655] ? __fget_files+0x21f/0x3d0 [ 658.324495][T16655] security_file_ioctl_compat+0xd3/0x230 [ 658.324511][T16655] __ia32_compat_sys_ioctl+0xc2/0x360 [ 658.324527][T16655] __do_fast_syscall_32+0xe3/0x8c0 [ 658.324542][T16655] do_fast_syscall_32+0x32/0x70 [ 658.324553][T16655] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 658.324567][T16655] RIP: 0023:0xf70aef6c [ 658.324581][T16655] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 658.324591][T16655] RSP: 002b:00000000f547c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 658.324603][T16655] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c018aa06 [ 658.324609][T16655] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 658.324616][T16655] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 658.324622][T16655] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 658.324628][T16655] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 658.324642][T16655] [ 658.324667][T16655] ERROR: Out of memory at tomoyo_realpath_from_path. [ 658.498750][T16657] smc: net device hsr0 applied user defined pnetid SYZ2 [ 658.502814][T16658] smc: net device hsr0 erased user defined pnetid SYZ2 [ 659.070193][T16674] random: crng reseeded on system resumption [ 659.080726][ T63] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 659.080842][ T5936] Bluetooth: hci2: command 0x1003 tx timeout [ 661.328017][T16702] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3379'. [ 661.334824][T16702] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3379'. [ 661.338806][T16702] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 661.723613][T16710] random: crng reseeded on system resumption [ 661.993842][T16719] FAULT_INJECTION: forcing a failure. [ 661.993842][T16719] name failslab, interval 1, probability 0, space 0, times 0 [ 661.998636][T16719] CPU: 2 UID: 0 PID: 16719 Comm: syz.0.3385 Tainted: G L syzkaller #0 PREEMPT(full) [ 661.998666][T16719] Tainted: [L]=SOFTLOCKUP [ 661.998672][T16719] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 661.998683][T16719] Call Trace: [ 661.998691][T16719] [ 661.998698][T16719] dump_stack_lvl+0x100/0x190 [ 661.998730][T16719] should_fail_ex.cold+0x5/0xa [ 661.998752][T16719] should_failslab+0xc2/0x120 [ 661.998778][T16719] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 661.998801][T16719] ? io_submit_one+0x124/0x1fb0 [ 661.998833][T16719] io_submit_one+0x124/0x1fb0 [ 661.998864][T16719] ? __lock_acquire+0x4a5/0x2630 [ 661.998885][T16719] ? irqentry_exit+0x180/0x670 [ 661.998905][T16719] ? lockdep_hardirqs_on+0x78/0x100 [ 661.998923][T16719] ? __pfx_io_submit_one+0x10/0x10 [ 661.998959][T16719] ? __might_fault+0xc5/0x140 [ 661.998987][T16719] ? __ia32_compat_sys_io_submit+0x1a7/0x3b0 [ 661.999031][T16719] __ia32_compat_sys_io_submit+0x1a7/0x3b0 [ 661.999064][T16719] ? __pfx___ia32_compat_sys_io_submit+0x10/0x10 [ 661.999098][T16719] ? __pfx_ksys_write+0x10/0x10 [ 661.999128][T16719] __do_fast_syscall_32+0xe3/0x8c0 [ 661.999151][T16719] do_fast_syscall_32+0x32/0x70 [ 661.999171][T16719] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 661.999193][T16719] RIP: 0023:0xf704ef6c [ 661.999209][T16719] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 661.999225][T16719] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 00000000000000f8 [ 661.999243][T16719] RAX: ffffffffffffffda RBX: 00000000f5414000 RCX: 0000000000000001 [ 661.999255][T16719] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000 [ 661.999265][T16719] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 661.999276][T16719] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 661.999286][T16719] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 661.999310][T16719] [ 662.092665][T16720] team0: No ports can be present during mode change [ 662.098495][T16720] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3383'. [ 662.108013][T16720] team0 (unregistering): left allmulticast mode [ 662.110031][T16720] team_slave_0: left allmulticast mode [ 662.112491][T16720] team_slave_1: left allmulticast mode [ 662.120054][T16720] team0 (unregistering): Port device team_slave_0 removed [ 662.126648][T16720] team0 (unregistering): Port device team_slave_1 removed [ 662.733054][T16729] program syz.4.3388 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 663.000827][ T6021] usb 46-1: device descriptor read/8, error -110 [ 663.047397][T16736] xt_cgroup: invalid path, errno=-2 [ 663.752681][T16742] xt_cgroup: invalid path, errno=-2 [ 664.354071][T16751] IPVS: set_ctl: invalid protocol: 1 0.0.0.0:1536 [ 664.484198][ T6021] usb usb46-port1: attempt power cycle [ 664.697647][T16753] FAULT_INJECTION: forcing a failure. [ 664.697647][T16753] name failslab, interval 1, probability 0, space 0, times 0 [ 664.702471][T16753] CPU: 1 UID: 0 PID: 16753 Comm: syz.4.3395 Tainted: G L syzkaller #0 PREEMPT(full) [ 664.702499][T16753] Tainted: [L]=SOFTLOCKUP [ 664.702505][T16753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 664.702516][T16753] Call Trace: [ 664.702523][T16753] [ 664.702530][T16753] dump_stack_lvl+0x100/0x190 [ 664.702559][T16753] should_fail_ex.cold+0x5/0xa [ 664.702581][T16753] ? tomoyo_encode2+0xfb/0x3c0 [ 664.702606][T16753] should_failslab+0xc2/0x120 [ 664.702630][T16753] __kmalloc_noprof+0xe0/0x850 [ 664.702653][T16753] ? d_absolute_path+0x136/0x1b0 [ 664.702676][T16753] tomoyo_encode2+0xfb/0x3c0 [ 664.702703][T16753] tomoyo_encode+0x29/0x50 [ 664.702726][T16753] tomoyo_realpath_from_path+0x18c/0x690 [ 664.702756][T16753] tomoyo_path_number_perm+0x23c/0x580 [ 664.702776][T16753] ? tomoyo_path_number_perm+0x22e/0x580 [ 664.702799][T16753] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 664.702843][T16753] ? find_held_lock+0x2b/0x80 [ 664.702867][T16753] ? hook_file_ioctl_common+0x146/0x410 [ 664.702888][T16753] ? __fget_files+0x215/0x3d0 [ 664.702914][T16753] ? __fget_files+0x21f/0x3d0 [ 664.702939][T16753] security_file_ioctl_compat+0xd3/0x230 [ 664.702964][T16753] __ia32_compat_sys_ioctl+0xc2/0x360 [ 664.702987][T16753] __do_fast_syscall_32+0xe3/0x8c0 [ 664.703009][T16753] do_fast_syscall_32+0x32/0x70 [ 664.703028][T16753] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 664.703048][T16753] RIP: 0023:0xf7f83f6c [ 664.703062][T16753] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 664.703077][T16753] RSP: 002b:00000000f544650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 664.703094][T16753] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005646 [ 664.703105][T16753] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 664.703114][T16753] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 664.703124][T16753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 664.703133][T16753] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 664.703161][T16753] [ 664.703177][T16753] ERROR: Out of memory at tomoyo_realpath_from_path. [ 664.785916][T16753] vivid-007: ================= START STATUS ================= [ 664.788574][T16753] vivid-007: Enable Output Cropping: true grabbed [ 664.790721][T16753] vivid-007: Enable Output Composing: true grabbed [ 664.792764][T16753] vivid-007: Enable Output Scaler: true grabbed [ 664.794746][T16753] vivid-007: Tx RGB Quantization Range: Automatic grabbed [ 664.797005][T16753] vivid-007: Transmit Mode: HDMI grabbed [ 664.798839][T16753] vivid-007: Hotplug Present: 0x00000000 [ 664.800711][T16753] vivid-007: RxSense Present: 0x00000000 [ 664.802515][T16753] vivid-007: EDID Present: 0x00000000 [ 664.804221][T16753] vivid-007: ================== END STATUS ================== [ 664.905143][T16761] FAULT_INJECTION: forcing a failure. [ 664.905143][T16761] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 664.912182][T16761] CPU: 2 UID: 0 PID: 16761 Comm: syz.4.3399 Tainted: G L syzkaller #0 PREEMPT(full) [ 664.912217][T16761] Tainted: [L]=SOFTLOCKUP [ 664.912223][T16761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 664.912233][T16761] Call Trace: [ 664.912239][T16761] [ 664.912247][T16761] dump_stack_lvl+0x100/0x190 [ 664.912278][T16761] should_fail_ex.cold+0x5/0xa [ 664.912299][T16761] _copy_from_user+0x2e/0xd0 [ 664.912326][T16761] snd_seq_write+0x413/0x6d0 [ 664.912354][T16761] ? __pfx_snd_seq_write+0x10/0x10 [ 664.912378][T16761] ? bpf_lsm_file_permission+0x9/0x10 [ 664.912400][T16761] ? security_file_permission+0x76/0x210 [ 664.912425][T16761] ? rw_verify_area+0xce/0x6d0 [ 664.912448][T16761] vfs_write+0x2aa/0x1070 [ 664.912472][T16761] ? __pfx_snd_seq_write+0x10/0x10 [ 664.912496][T16761] ? __pfx_vfs_write+0x10/0x10 [ 664.912517][T16761] ? find_held_lock+0x2b/0x80 [ 664.912543][T16761] ? __fget_files+0x215/0x3d0 [ 664.912566][T16761] ? __fget_files+0x215/0x3d0 [ 664.912594][T16761] ? __fget_files+0x21f/0x3d0 [ 664.912625][T16761] ksys_write+0x1f8/0x250 [ 664.912649][T16761] ? __pfx_ksys_write+0x10/0x10 [ 664.912672][T16761] ? __pfx_ksys_write+0x10/0x10 [ 664.912702][T16761] __do_fast_syscall_32+0xe3/0x8c0 [ 664.912725][T16761] do_fast_syscall_32+0x32/0x70 [ 664.912745][T16761] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 664.912768][T16761] RIP: 0023:0xf7f83f6c [ 664.912784][T16761] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 664.912801][T16761] RSP: 002b:00000000f544650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004 [ 664.912819][T16761] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 664.912830][T16761] RDX: 000000000000ffc8 RSI: 0000000000000000 RDI: 0000000000000000 [ 664.912841][T16761] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 664.912851][T16761] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 664.912862][T16761] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 664.912886][T16761] [ 665.062720][ T6021] usb usb46-port1: unable to enumerate USB device [ 665.080741][T16774] xt_cgroup: invalid path, errno=-2 [ 665.163592][T16781] program syz.0.3404 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 665.601310][T16801] FAULT_INJECTION: forcing a failure. [ 665.601310][T16801] name failslab, interval 1, probability 0, space 0, times 0 [ 665.605218][T16801] CPU: 3 UID: 0 PID: 16801 Comm: syz.0.3410 Tainted: G L syzkaller #0 PREEMPT(full) [ 665.605236][T16801] Tainted: [L]=SOFTLOCKUP [ 665.605239][T16801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 665.605246][T16801] Call Trace: [ 665.605251][T16801] [ 665.605256][T16801] dump_stack_lvl+0x100/0x190 [ 665.605276][T16801] should_fail_ex.cold+0x5/0xa [ 665.605289][T16801] should_failslab+0xc2/0x120 [ 665.605305][T16801] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 665.605320][T16801] ? __alloc_skb+0x140/0x710 [ 665.605339][T16801] __alloc_skb+0x140/0x710 [ 665.605354][T16801] ? __alloc_skb+0x5b7/0x710 [ 665.605369][T16801] ? __pfx___alloc_skb+0x10/0x10 [ 665.605388][T16801] netlink_alloc_large_skb+0x69/0x150 [ 665.605402][T16801] netlink_sendmsg+0x680/0xda0 [ 665.605415][T16801] ? __pfx_netlink_sendmsg+0x10/0x10 [ 665.605429][T16801] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 665.605444][T16801] ____sys_sendmsg+0xa54/0xc30 [ 665.605459][T16801] ? __pfx_____sys_sendmsg+0x10/0x10 [ 665.605478][T16801] ___sys_sendmsg+0x190/0x1e0 [ 665.605492][T16801] ? __pfx____sys_sendmsg+0x10/0x10 [ 665.605521][T16801] __sys_sendmsg+0x170/0x220 [ 665.605532][T16801] ? __pfx___sys_sendmsg+0x10/0x10 [ 665.605547][T16801] ? __pfx_ksys_write+0x10/0x10 [ 665.605564][T16801] __do_fast_syscall_32+0xe3/0x8c0 [ 665.605579][T16801] do_fast_syscall_32+0x32/0x70 [ 665.605591][T16801] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 665.605604][T16801] RIP: 0023:0xf704ef6c [ 665.605614][T16801] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 665.605624][T16801] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 665.605635][T16801] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 665.605641][T16801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 665.605648][T16801] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 665.605654][T16801] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 665.605660][T16801] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 665.605673][T16801] [ 665.763424][T16802] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3408'. [ 665.843289][T16802] batadv1: entered allmulticast mode [ 665.877031][ T10] usb 7-1: new full-speed USB device number 78 using dummy_hcd [ 665.918909][T16804] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3411'. [ 666.133619][ T10] usb 7-1: too many endpoints for config 0 interface 0 altsetting 254: 254, using maximum allowed: 30 [ 666.138434][ T10] usb 7-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 666.142901][ T10] usb 7-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 666.149332][ T10] usb 7-1: config 0 interface 0 has no altsetting 0 [ 666.152931][ T10] usb 7-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.00 [ 666.156845][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 666.176461][ T10] usb 7-1: config 0 descriptor?? [ 666.282337][T16814] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 666.285095][T16814] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 666.320682][T16814] vhci_hcd vhci_hcd.0: Device attached [ 666.590843][ T6018] usb 38-1: SetAddress Request (26) to port 0 [ 666.593540][ T6018] usb 38-1: new SuperSpeed USB device number 26 using vhci_hcd [ 666.635604][ T10] chicony 0003:04F2:1123.0024: invalid report_count 15576 [ 666.637927][ T10] chicony 0003:04F2:1123.0024: item 0 2 1 9 parsing failed [ 666.640471][ T10] chicony 0003:04F2:1123.0024: Chicony hid parse failed: -22 [ 666.653545][ T10] chicony 0003:04F2:1123.0024: probe with driver chicony failed with error -22 [ 666.836738][T16815] vhci_hcd: connection reset by peer [ 666.838873][T12358] vhci_hcd vhci_hcd.0: stop threads [ 666.841436][T12358] vhci_hcd vhci_hcd.0: release socket [ 666.845938][T12358] vhci_hcd vhci_hcd.0: disconnect device [ 666.846094][ T54] usb 7-1: USB disconnect, device number 78 [ 666.914211][T16824] FAULT_INJECTION: forcing a failure. [ 666.914211][T16824] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 666.918422][T16824] CPU: 3 UID: 0 PID: 16824 Comm: syz.1.3415 Tainted: G L syzkaller #0 PREEMPT(full) [ 666.918441][T16824] Tainted: [L]=SOFTLOCKUP [ 666.918445][T16824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 666.918451][T16824] Call Trace: [ 666.918456][T16824] [ 666.918461][T16824] dump_stack_lvl+0x100/0x190 [ 666.918481][T16824] should_fail_ex.cold+0x5/0xa [ 666.918494][T16824] _copy_from_iter+0x1f4/0x1690 [ 666.918511][T16824] ? alloc_pages_mpol+0x25a/0x550 [ 666.918527][T16824] ? __pfx__copy_from_iter+0x10/0x10 [ 666.918542][T16824] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 666.918562][T16824] copy_page_from_iter+0xde/0x180 [ 666.918579][T16824] tun_build_skb.constprop.0+0x2ea/0x15d0 [ 666.918597][T16824] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 666.918612][T16824] ? __lock_acquire+0x4a5/0x2630 [ 666.918632][T16824] ? find_held_lock+0x2b/0x80 [ 666.918647][T16824] ? aa_file_perm+0x268/0x1530 [ 666.918665][T16824] tun_get_user+0x16d0/0x3e10 [ 666.918684][T16824] ? __pfx_tun_get_user+0x10/0x10 [ 666.918697][T16824] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 666.918718][T16824] ? find_held_lock+0x2b/0x80 [ 666.918733][T16824] ? tun_get+0x191/0x370 [ 666.918744][T16824] ? tun_get+0x191/0x370 [ 666.918758][T16824] tun_chr_write_iter+0xdc/0x200 [ 666.918772][T16824] vfs_write+0x6ac/0x1070 [ 666.918788][T16824] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 666.918802][T16824] ? __pfx_vfs_write+0x10/0x10 [ 666.918815][T16824] ? find_held_lock+0x2b/0x80 [ 666.918838][T16824] ksys_write+0x12a/0x250 [ 666.918852][T16824] ? __pfx_ksys_write+0x10/0x10 [ 666.918870][T16824] do_int80_emulation+0x141/0x6b0 [ 666.918884][T16824] asm_int80_emulation+0x1a/0x20 [ 666.918895][T16824] RIP: 0023:0xf7115b6b [ 666.918905][T16824] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 666.918916][T16824] RSP: 002b:00000000f53d644c EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 666.918926][T16824] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000080 [ 666.918933][T16824] RDX: 000000000000002a RSI: 0000000000000000 RDI: 0000000000000000 [ 666.918939][T16824] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 666.918946][T16824] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 666.918951][T16824] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 666.918964][T16824] [ 667.049624][ T40] kauditd_printk_skb: 16 callbacks suppressed [ 667.049641][ T40] audit: type=1326 audit(2000000528.225:1228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16827 comm="syz.4.3416" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f83f6c code=0x7ffb0000 [ 667.438370][T16842] FAULT_INJECTION: forcing a failure. [ 667.438370][T16842] name failslab, interval 1, probability 0, space 0, times 0 [ 667.442756][T16842] CPU: 3 UID: 0 PID: 16842 Comm: syz.2.3421 Tainted: G L syzkaller #0 PREEMPT(full) [ 667.442776][T16842] Tainted: [L]=SOFTLOCKUP [ 667.442779][T16842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 667.442796][T16842] Call Trace: [ 667.442803][T16842] [ 667.442807][T16842] dump_stack_lvl+0x100/0x190 [ 667.442828][T16842] should_fail_ex.cold+0x5/0xa [ 667.442842][T16842] ? io_cache_alloc_new+0x45/0xe0 [ 667.442854][T16842] should_failslab+0xc2/0x120 [ 667.442871][T16842] __kmalloc_noprof+0xe0/0x850 [ 667.442888][T16842] io_cache_alloc_new+0x45/0xe0 [ 667.442901][T16842] __io_prep_rw+0x21d/0xfa0 [ 667.442916][T16842] ? __pfx___io_prep_rw+0x10/0x10 [ 667.442932][T16842] ? __io_alloc_req_refill+0x2dc/0x330 [ 667.442950][T16842] io_prep_rw+0x76/0x2c0 [ 667.442963][T16842] ? __pfx_io_prep_rw+0x10/0x10 [ 667.442981][T16842] io_submit_sqes+0x99b/0x22f0 [ 667.443004][T16842] __do_sys_io_uring_enter+0x9c0/0x1a20 [ 667.443022][T16842] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 667.443037][T16842] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 667.443057][T16842] ? fput+0x79/0x100 [ 667.443067][T16842] ? ksys_write+0x1ac/0x250 [ 667.443081][T16842] ? __pfx_ksys_write+0x10/0x10 [ 667.443098][T16842] __do_fast_syscall_32+0xe3/0x8c0 [ 667.443112][T16842] do_fast_syscall_32+0x32/0x70 [ 667.443124][T16842] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 667.443138][T16842] RIP: 0023:0xf70aef6c [ 667.443147][T16842] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 667.443163][T16842] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 00000000000001aa [ 667.443174][T16842] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000007a98 [ 667.443180][T16842] RDX: 0000000000000500 RSI: 0000000000000000 RDI: 0000000000000000 [ 667.443187][T16842] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 667.443193][T16842] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 667.443199][T16842] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 667.443213][T16842] [ 667.537992][T16847] xt_cgroup: invalid path, errno=-2 [ 668.189779][T16854] ceph: No mds server is up or the cluster is laggy [ 668.195121][ T6021] libceph: connect (1)[c::]:6789 error -101 [ 668.198326][ T6021] libceph: mon0 (1)[c::]:6789 connect error [ 668.590830][T16871] random: crng reseeded on system resumption [ 669.080741][ T10] usb 9-1: new full-speed USB device number 46 using dummy_hcd [ 669.242781][ T10] usb 9-1: too many endpoints for config 0 interface 0 altsetting 254: 254, using maximum allowed: 30 [ 669.254406][ T10] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 669.267978][ T10] usb 9-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 669.288451][ T10] usb 9-1: config 0 interface 0 has no altsetting 0 [ 669.297932][ T10] usb 9-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.00 [ 669.305231][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.309049][ T10] usb 9-1: config 0 descriptor?? [ 669.757871][ T10] chicony 0003:04F2:1123.0025: invalid report_count 15576 [ 669.760099][ T10] chicony 0003:04F2:1123.0025: item 0 2 1 9 parsing failed [ 669.768943][ T10] chicony 0003:04F2:1123.0025: Chicony hid parse failed: -22 [ 669.771648][ T10] chicony 0003:04F2:1123.0025: probe with driver chicony failed with error -22 [ 669.970262][ T54] usb 9-1: USB disconnect, device number 46 [ 670.998538][T16908] FAULT_INJECTION: forcing a failure. [ 670.998538][T16908] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 671.002679][T16908] CPU: 1 UID: 0 PID: 16908 Comm: syz.4.3437 Tainted: G L syzkaller #0 PREEMPT(full) [ 671.002708][T16908] Tainted: [L]=SOFTLOCKUP [ 671.002711][T16908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 671.002718][T16908] Call Trace: [ 671.002723][T16908] [ 671.002727][T16908] dump_stack_lvl+0x100/0x190 [ 671.002746][T16908] should_fail_ex.cold+0x5/0xa [ 671.002759][T16908] _copy_to_user+0x32/0xd0 [ 671.002777][T16908] simple_read_from_buffer+0xcb/0x170 [ 671.002793][T16908] proc_fail_nth_read+0x1af/0x230 [ 671.002811][T16908] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 671.002829][T16908] ? rw_verify_area+0xce/0x6d0 [ 671.002843][T16908] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 671.002860][T16908] vfs_read+0x1e4/0xb30 [ 671.002876][T16908] ? __pfx_vfs_read+0x10/0x10 [ 671.002889][T16908] ? find_held_lock+0x2b/0x80 [ 671.002906][T16908] ? __fget_files+0x215/0x3d0 [ 671.002922][T16908] ? __fget_files+0x21f/0x3d0 [ 671.002940][T16908] ksys_read+0x12a/0x250 [ 671.002954][T16908] ? __pfx_ksys_read+0x10/0x10 [ 671.002973][T16908] do_int80_emulation+0x141/0x6b0 [ 671.002987][T16908] asm_int80_emulation+0x1a/0x20 [ 671.002998][T16908] RIP: 0023:0xf7185b6b [ 671.003007][T16908] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 671.003017][T16908] RSP: 002b:00000000f54254bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 671.003029][T16908] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f54255d0 [ 671.003035][T16908] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 671.003042][T16908] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 671.003048][T16908] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 671.003054][T16908] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 671.003068][T16908] [ 671.346746][T16922] random: crng reseeded on system resumption [ 671.640677][ T6018] usb 38-1: device descriptor read/8, error -110 [ 671.648684][ T63] Bluetooth: hci4: Invalid handle: 0xff00 > 0x0eff [ 671.847462][T16940] input: syz0 as /devices/virtual/input/input29 [ 671.861190][T16940] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3447'. [ 672.040045][T16943] xt_cgroup: invalid path, errno=-2 [ 672.044096][ T6018] usb usb38-port1: attempt power cycle [ 672.110823][ T54] usb 7-1: new high-speed USB device number 79 using dummy_hcd [ 672.240667][ T54] usb 7-1: device descriptor read/64, error -71 [ 672.480713][ T54] usb 7-1: new high-speed USB device number 80 using dummy_hcd [ 672.624692][ T6018] usb usb38-port1: unable to enumerate USB device [ 672.626892][ T54] usb 7-1: device descriptor read/64, error -71 [ 672.744313][ T54] usb usb7-port1: attempt power cycle [ 673.013924][T16949] xt_cgroup: invalid path, errno=-2 [ 673.090692][ T54] usb 7-1: new high-speed USB device number 81 using dummy_hcd [ 673.111770][ T54] usb 7-1: device descriptor read/8, error -71 [ 673.217072][T16954] tmpfs: Unknown parameter 'usrqeVta_ind_hardlimit' [ 673.222636][T16954] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 673.360747][ T54] usb 7-1: new high-speed USB device number 82 using dummy_hcd [ 673.381133][ T54] usb 7-1: device descriptor read/8, error -71 [ 673.500926][ T54] usb usb7-port1: unable to enumerate USB device [ 673.641522][T16961] FAULT_INJECTION: forcing a failure. [ 673.641522][T16961] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 673.646072][T16961] CPU: 1 UID: 0 PID: 16961 Comm: syz.1.3453 Tainted: G L syzkaller #0 PREEMPT(full) [ 673.646120][T16961] Tainted: [L]=SOFTLOCKUP [ 673.646125][T16961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 673.646132][T16961] Call Trace: [ 673.646137][T16961] [ 673.646142][T16961] dump_stack_lvl+0x100/0x190 [ 673.646163][T16961] should_fail_ex.cold+0x5/0xa [ 673.646176][T16961] save_fsave_header+0x14c/0x2f0 [ 673.646190][T16961] ? __pfx_save_fsave_header+0x10/0x10 [ 673.646208][T16961] ? copy_fpstate_to_sigframe+0x2b8/0xb20 [ 673.646222][T16961] ? __local_bh_enable_ip+0x9e/0x120 [ 673.646235][T16961] copy_fpstate_to_sigframe+0x789/0xb20 [ 673.646251][T16961] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 673.646267][T16961] ? rcu_is_watching+0x12/0xc0 [ 673.646283][T16961] ? x86_task_fpu+0x5f/0x90 [ 673.646295][T16961] get_sigframe+0x3fb/0x940 [ 673.646310][T16961] ? __pfx_get_sigframe+0x10/0x10 [ 673.646324][T16961] ? _raw_spin_unlock_irq+0x29/0x50 [ 673.646341][T16961] ? siginfo_layout+0x156/0x290 [ 673.646359][T16961] ia32_setup_rt_frame+0xed/0xb00 [ 673.646378][T16961] ? __pfx_ia32_setup_rt_frame+0x10/0x10 [ 673.646394][T16961] ? __pfx___do_sys_flock+0x10/0x10 [ 673.646412][T16961] arch_do_signal_or_restart+0x43f/0x770 [ 673.646426][T16961] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 673.646446][T16961] exit_to_user_mode_loop+0x86/0x4a0 [ 673.646461][T16961] __do_fast_syscall_32+0x578/0x8c0 [ 673.646475][T16961] do_fast_syscall_32+0x32/0x70 [ 673.646487][T16961] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 673.646500][T16961] RIP: 0023:0xf7f18f6a [ 673.646510][T16961] Code: 19 85 d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 [ 673.646521][T16961] RSP: 002b:00000000f53d650c EFLAGS: 00000292 ORIG_RAX: 000000000000008f [ 673.646532][T16961] RAX: 000000000000008f RBX: 0000000000000004 RCX: 0000000000000001 [ 673.646539][T16961] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 673.646545][T16961] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 673.646551][T16961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 673.646557][T16961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 673.646570][T16961] [ 673.801614][T16968] FAULT_INJECTION: forcing a failure. [ 673.801614][T16968] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 673.805848][T16968] CPU: 0 UID: 0 PID: 16968 Comm: syz.4.3456 Tainted: G L syzkaller #0 PREEMPT(full) [ 673.805867][T16968] Tainted: [L]=SOFTLOCKUP [ 673.805871][T16968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 673.805878][T16968] Call Trace: [ 673.805882][T16968] [ 673.805887][T16968] dump_stack_lvl+0x100/0x190 [ 673.805907][T16968] should_fail_ex.cold+0x5/0xa [ 673.805920][T16968] _copy_to_user+0x32/0xd0 [ 673.805936][T16968] simple_read_from_buffer+0xcb/0x170 [ 673.805951][T16968] proc_fail_nth_read+0x1af/0x230 [ 673.805969][T16968] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 673.805987][T16968] ? rw_verify_area+0xce/0x6d0 [ 673.806000][T16968] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 673.806016][T16968] vfs_read+0x1e4/0xb30 [ 673.806032][T16968] ? __pfx_vfs_read+0x10/0x10 [ 673.806045][T16968] ? find_held_lock+0x2b/0x80 [ 673.806062][T16968] ? __fget_files+0x215/0x3d0 [ 673.806079][T16968] ? __fget_files+0x21f/0x3d0 [ 673.806126][T16968] ksys_read+0x12a/0x250 [ 673.806141][T16968] ? __pfx_ksys_read+0x10/0x10 [ 673.806155][T16968] ? arch_syscall_is_vdso_sigreturn+0x19b/0x200 [ 673.806168][T16968] ? syscall_user_dispatch+0x76/0x130 [ 673.806184][T16968] do_int80_emulation+0x141/0x6b0 [ 673.806199][T16968] asm_int80_emulation+0x1a/0x20 [ 673.806210][T16968] RIP: 0023:0xf7185b6b [ 673.806220][T16968] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 673.806230][T16968] RSP: 002b:00000000f54464bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 673.806240][T16968] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f54465d0 [ 673.806247][T16968] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 673.806253][T16968] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 673.806258][T16968] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 673.806265][T16968] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 673.806278][T16968] [ 673.916828][T16977] xt_cgroup: invalid path, errno=-2 [ 674.007038][T16982] fuse: Bad value for 'group_id' [ 674.008745][T16982] fuse: Bad value for 'group_id' [ 674.148081][T16986] binder: 16985:16986 unknown command 0 [ 674.150512][T16986] binder: 16985:16986 ioctl c0306201 80000080 returned -22 [ 674.183300][T16986] ptrace attach of "/syz-executor exec"[16988] was attempted by "/syz-executor exec"[16986] [ 674.796968][T17001] FAULT_INJECTION: forcing a failure. [ 674.796968][T17001] name failslab, interval 1, probability 0, space 0, times 0 [ 674.801625][T17001] CPU: 1 UID: 0 PID: 17001 Comm: syz.0.3464 Tainted: G L syzkaller #0 PREEMPT(full) [ 674.801643][T17001] Tainted: [L]=SOFTLOCKUP [ 674.801647][T17001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 674.801654][T17001] Call Trace: [ 674.801658][T17001] [ 674.801663][T17001] dump_stack_lvl+0x100/0x190 [ 674.801683][T17001] should_fail_ex.cold+0x5/0xa [ 674.801696][T17001] ? tomoyo_encode2+0xfb/0x3c0 [ 674.801712][T17001] should_failslab+0xc2/0x120 [ 674.801728][T17001] __kmalloc_noprof+0xe0/0x850 [ 674.801741][T17001] ? d_absolute_path+0x136/0x1b0 [ 674.801756][T17001] tomoyo_encode2+0xfb/0x3c0 [ 674.801774][T17001] tomoyo_encode+0x29/0x50 [ 674.801789][T17001] tomoyo_realpath_from_path+0x18c/0x690 [ 674.801809][T17001] tomoyo_path_number_perm+0x23c/0x580 [ 674.801822][T17001] ? tomoyo_path_number_perm+0x22e/0x580 [ 674.801837][T17001] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 674.801865][T17001] ? find_held_lock+0x2b/0x80 [ 674.801881][T17001] ? hook_file_ioctl_common+0x146/0x410 [ 674.801896][T17001] ? __fget_files+0x215/0x3d0 [ 674.801913][T17001] ? __fget_files+0x21f/0x3d0 [ 674.801943][T17001] security_file_ioctl_compat+0xd3/0x230 [ 674.801960][T17001] __ia32_compat_sys_ioctl+0xc2/0x360 [ 674.801975][T17001] __do_fast_syscall_32+0xe3/0x8c0 [ 674.801989][T17001] do_fast_syscall_32+0x32/0x70 [ 674.802001][T17001] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 674.802015][T17001] RIP: 0023:0xf704ef6c [ 674.802024][T17001] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 674.802035][T17001] RSP: 002b:00000000f53fb50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 674.802046][T17001] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080044dfe [ 674.802058][T17001] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 674.802064][T17001] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 674.802071][T17001] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 674.802077][T17001] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 674.802120][T17001] [ 674.802131][T17001] ERROR: Out of memory at tomoyo_realpath_from_path. [ 674.909505][T17004] FAULT_INJECTION: forcing a failure. [ 674.909505][T17004] name failslab, interval 1, probability 0, space 0, times 0 [ 674.915074][T17004] CPU: 1 UID: 0 PID: 17004 Comm: syz.4.3467 Tainted: G L syzkaller #0 PREEMPT(full) [ 674.915101][T17004] Tainted: [L]=SOFTLOCKUP [ 674.915107][T17004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 674.915116][T17004] Call Trace: [ 674.915122][T17004] [ 674.915129][T17004] dump_stack_lvl+0x100/0x190 [ 674.915156][T17004] should_fail_ex.cold+0x5/0xa [ 674.915174][T17004] ? tomoyo_encode2+0xfb/0x3c0 [ 674.915195][T17004] should_failslab+0xc2/0x120 [ 674.915218][T17004] __kmalloc_noprof+0xe0/0x850 [ 674.915242][T17004] tomoyo_encode2+0xfb/0x3c0 [ 674.915267][T17004] tomoyo_encode+0x29/0x50 [ 674.915289][T17004] tomoyo_realpath_from_path+0x18c/0x690 [ 674.915317][T17004] tomoyo_path_number_perm+0x23c/0x580 [ 674.915336][T17004] ? tomoyo_path_number_perm+0x22e/0x580 [ 674.915358][T17004] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 674.915399][T17004] ? find_held_lock+0x2b/0x80 [ 674.915422][T17004] ? hook_file_ioctl_common+0x146/0x410 [ 674.915443][T17004] ? __fget_files+0x215/0x3d0 [ 674.915467][T17004] ? __fget_files+0x21f/0x3d0 [ 674.915491][T17004] security_file_ioctl_compat+0xd3/0x230 [ 674.915513][T17004] __ia32_compat_sys_ioctl+0xc2/0x360 [ 674.915551][T17004] __do_fast_syscall_32+0xe3/0x8c0 [ 674.915572][T17004] do_fast_syscall_32+0x32/0x70 [ 674.915590][T17004] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 674.915609][T17004] RIP: 0023:0xf7f83f6c [ 674.915622][T17004] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 674.915637][T17004] RSP: 002b:00000000f544650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 674.915653][T17004] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000008914 [ 674.915662][T17004] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 674.915671][T17004] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 674.915680][T17004] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 674.915689][T17004] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 674.915710][T17004] [ 674.915788][T17004] ERROR: Out of memory at tomoyo_realpath_from_path. [ 675.003364][T17004] bpq0: entered promiscuous mode [ 675.079211][ T40] audit: type=1326 audit(2000000536.255:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17005 comm="syz.1.3468" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f18f6c code=0x0 [ 675.117538][T17012] 9pnet_virtio: no channels available for device syz [ 675.129379][T17012] FAULT_INJECTION: forcing a failure. [ 675.129379][T17012] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 675.135309][T17012] CPU: 2 UID: 0 PID: 17012 Comm: syz.2.3470 Tainted: G L syzkaller #0 PREEMPT(full) [ 675.135351][T17012] Tainted: [L]=SOFTLOCKUP [ 675.135358][T17012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 675.135369][T17012] Call Trace: [ 675.135376][T17012] [ 675.135384][T17012] dump_stack_lvl+0x100/0x190 [ 675.135423][T17012] should_fail_ex.cold+0x5/0xa [ 675.135445][T17012] strncpy_from_user+0x3b/0x2d0 [ 675.135473][T17012] do_getname+0x78/0x390 [ 675.135495][T17012] do_sys_openat2+0xc5/0x1e0 [ 675.135515][T17012] ? __pfx_do_sys_openat2+0x10/0x10 [ 675.135533][T17012] ? __fget_files+0x215/0x3d0 [ 675.135562][T17012] ? __fget_files+0x21f/0x3d0 [ 675.135589][T17012] __ia32_compat_sys_openat+0x12d/0x210 [ 675.135611][T17012] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 675.135635][T17012] ? __pfx_ksys_write+0x10/0x10 [ 675.135665][T17012] __do_fast_syscall_32+0xe3/0x8c0 [ 675.135689][T17012] do_fast_syscall_32+0x32/0x70 [ 675.135710][T17012] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 675.135733][T17012] RIP: 0023:0xf70aef6c [ 675.135749][T17012] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 675.135766][T17012] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000127 [ 675.135784][T17012] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 000000008000c380 [ 675.135796][T17012] RDX: 0000000000022842 RSI: 0000000000000000 RDI: 0000000000000000 [ 675.135807][T17012] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 675.135817][T17012] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 675.135828][T17012] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 675.135852][T17012] [ 675.771721][T17019] xt_cgroup: invalid path, errno=-2 [ 675.898213][T17022] FAULT_INJECTION: forcing a failure. [ 675.898213][T17022] name failslab, interval 1, probability 0, space 0, times 0 [ 675.905830][T17022] CPU: 2 UID: 0 PID: 17022 Comm: syz.4.3472 Tainted: G L syzkaller #0 PREEMPT(full) [ 675.905874][T17022] Tainted: [L]=SOFTLOCKUP [ 675.905881][T17022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 675.905892][T17022] Call Trace: [ 675.905898][T17022] [ 675.905906][T17022] dump_stack_lvl+0x100/0x190 [ 675.905937][T17022] should_fail_ex.cold+0x5/0xa [ 675.905958][T17022] ? io_cache_alloc_new+0x45/0xe0 [ 675.905978][T17022] should_failslab+0xc2/0x120 [ 675.906003][T17022] __kmalloc_noprof+0xe0/0x850 [ 675.906032][T17022] io_cache_alloc_new+0x45/0xe0 [ 675.906053][T17022] __io_prep_rw+0x21d/0xfa0 [ 675.906100][T17022] ? __pfx___io_prep_rw+0x10/0x10 [ 675.906128][T17022] ? __io_alloc_req_refill+0x2dc/0x330 [ 675.906156][T17022] io_prep_rw+0x76/0x2c0 [ 675.906178][T17022] ? __pfx_io_prep_rw+0x10/0x10 [ 675.906208][T17022] io_prep_readv+0x20/0xa0 [ 675.906231][T17022] io_submit_sqes+0x99b/0x22f0 [ 675.906268][T17022] __do_sys_io_uring_enter+0x9c0/0x1a20 [ 675.906299][T17022] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 675.906323][T17022] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 675.906355][T17022] ? fput+0x79/0x100 [ 675.906372][T17022] ? ksys_write+0x1ac/0x250 [ 675.906395][T17022] ? __pfx_ksys_write+0x10/0x10 [ 675.906429][T17022] __do_fast_syscall_32+0xe3/0x8c0 [ 675.906452][T17022] do_fast_syscall_32+0x32/0x70 [ 675.906472][T17022] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 675.906495][T17022] RIP: 0023:0xf7f83f6c [ 675.906510][T17022] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 675.906527][T17022] RSP: 002b:00000000f544650c EFLAGS: 00000292 ORIG_RAX: 00000000000001aa [ 675.906544][T17022] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000000847ba [ 675.906556][T17022] RDX: 0000000000000000 RSI: 000000000000000e RDI: 0000000000000000 [ 675.906566][T17022] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 675.906576][T17022] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 675.906586][T17022] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 675.906607][T17022] [ 676.612067][ T54] libceph: connect (1)[c::]:6789 error -101 [ 676.614775][ T54] libceph: mon0 (1)[c::]:6789 connect error [ 676.664486][T17036] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3477'. [ 676.685732][T17036] bridge0: port 2(bridge_slave_1) entered blocking state [ 676.688874][T17036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 676.692274][T17036] bridge0: port 1(bridge_slave_0) entered blocking state [ 676.695452][T17036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 676.703493][T17036] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 676.742224][T17031] ceph: No mds server is up or the cluster is laggy [ 676.820510][T17040] binder: 17039:17040 ioctl c0306201 800001c0 returned -14 [ 676.861207][T17043] program syz.2.3479 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 676.864242][T17043] ata1.00: invalid service action 2 [ 677.024996][T17050] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3481'. [ 677.101515][ T54] usb 5-1: new full-speed USB device number 59 using dummy_hcd [ 677.111474][T17052] netlink: 2048 bytes leftover after parsing attributes in process `syz.2.3481'. [ 677.115982][T17052] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3481'. [ 677.130098][T17052] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3481'. [ 677.288002][ T54] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 677.292667][ T54] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 677.299352][ T54] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 677.303535][ T54] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 677.558539][ T54] usb 5-1: usb_control_msg returned -32 [ 677.573296][ T54] usbtmc 5-1:16.0: can't read capabilities [ 677.670707][ T54] usb 5-1: USB disconnect, device number 59 [ 678.002258][T17058] xt_cgroup: invalid path, errno=-2 [ 679.209212][T17079] SET target dimension over the limit! [ 679.262007][T17083] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3492'. [ 679.264844][T17083] bond0: ARP target 8.4.0.0 is already present [ 679.266655][T17083] bond0: option arp_ip_target: invalid value (1032) [ 679.340836][ T828] usb 9-1: new low-speed USB device number 47 using dummy_hcd [ 679.464068][T17094] xt_cgroup: invalid path, errno=-2 [ 679.515648][ T828] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 679.836131][ T828] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 679.840251][ T828] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 679.860901][ T828] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 679.867756][ T828] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.936018][T17073] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 680.110278][ T828] hub 9-1:1.0: bad descriptor, ignoring hub [ 680.115583][ T828] hub 9-1:1.0: probe with driver hub failed with error -5 [ 680.128779][ T828] cdc_wdm 9-1:1.0: skipping garbage [ 680.135797][ T828] cdc_wdm 9-1:1.0: skipping garbage [ 680.429332][ T828] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 680.506609][ T828] cdc_wdm 9-1:1.0: Unknown control protocol [ 680.724809][T17107] /dev/nullb0: Can't open blockdev [ 680.881046][T17113] comedi comedi0: comedi_config --init_data is deprecated [ 681.002095][ T828] usb 9-1: USB disconnect, device number 47 [ 681.170078][T17124] FAULT_INJECTION: forcing a failure. [ 681.170078][T17124] name failslab, interval 1, probability 0, space 0, times 0 [ 681.175203][T17124] CPU: 3 UID: 0 PID: 17124 Comm: syz.1.3500 Tainted: G L syzkaller #0 PREEMPT(full) [ 681.175221][T17124] Tainted: [L]=SOFTLOCKUP [ 681.175225][T17124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 681.175232][T17124] Call Trace: [ 681.175237][T17124] [ 681.175241][T17124] dump_stack_lvl+0x100/0x190 [ 681.175274][T17124] should_fail_ex.cold+0x5/0xa [ 681.175287][T17124] should_failslab+0xc2/0x120 [ 681.175308][T17124] __kmalloc_cache_noprof+0x7a/0x6f0 [ 681.175320][T17124] ? ima_calc_file_hash_tfm+0x236/0x350 [ 681.175334][T17124] ? sha256_init+0xd/0xc0 [ 681.175350][T17124] ima_calc_file_hash_tfm+0x236/0x350 [ 681.175364][T17124] ? __pfx_ima_calc_file_hash_tfm+0x10/0x10 [ 681.175393][T17124] ? shmem_huge_global_enabled.isra.0+0x6c/0x210 [ 681.175408][T17124] ? ima_alloc_tfm+0x21a/0x2e0 [ 681.175419][T17124] ? shmem_getattr+0x394/0x450 [ 681.175433][T17124] ima_calc_file_hash+0x18c/0x480 [ 681.175447][T17124] ima_collect_measurement+0x887/0xa40 [ 681.175461][T17124] ? ima_file_mmap+0x1c4/0x1f0 [ 681.175475][T17124] ? __pfx_ima_collect_measurement+0x10/0x10 [ 681.175489][T17124] ? lock_acquire+0x1cf/0x380 [ 681.175511][T17124] ? do_raw_read_unlock+0x3f/0x70 [ 681.175529][T17124] ? vfs_getxattr_alloc+0xec/0x350 [ 681.175547][T17124] ? ima_get_hash_algo+0x22d/0x400 [ 681.175558][T17124] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 681.175572][T17124] ? process_measurement+0xdfe/0x2350 [ 681.175583][T17124] process_measurement+0xdfe/0x2350 [ 681.175599][T17124] ? _parse_integer_limit+0x17f/0x1d0 [ 681.175610][T17124] ? __pfx_process_measurement+0x10/0x10 [ 681.175623][T17124] ? _kstrtoull+0x13c/0x1f0 [ 681.175636][T17124] ? find_held_lock+0x2b/0x80 [ 681.175664][T17124] ? aa_file_perm+0x268/0x1530 [ 681.175694][T17124] ? mtree_load+0x32d/0xa40 [ 681.175707][T17124] ima_file_mmap+0x1c4/0x1f0 [ 681.175720][T17124] ? __pfx_ima_file_mmap+0x10/0x10 [ 681.175736][T17124] security_mmap_file+0x278/0x9b0 [ 681.175753][T17124] __do_sys_remap_file_pages+0x2da/0xa10 [ 681.175773][T17124] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 681.175787][T17124] ? __pfx___do_sys_remap_file_pages+0x10/0x10 [ 681.175807][T17124] ? fput+0x79/0x100 [ 681.175817][T17124] ? ksys_write+0x1ac/0x250 [ 681.175831][T17124] ? __pfx_ksys_write+0x10/0x10 [ 681.175849][T17124] __do_fast_syscall_32+0xe3/0x8c0 [ 681.175866][T17124] do_fast_syscall_32+0x32/0x70 [ 681.175884][T17124] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 681.175902][T17124] RIP: 0023:0xf7f18f6c [ 681.175912][T17124] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 681.175922][T17124] RSP: 002b:00000000f53b550c EFLAGS: 00000292 ORIG_RAX: 0000000000000101 [ 681.175934][T17124] RAX: ffffffffffffffda RBX: 00000000802ec000 RCX: 0000000000200000 [ 681.175941][T17124] RDX: 0000000000000000 RSI: 000000007ffffffd RDI: 0000000000000000 [ 681.175947][T17124] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 681.175953][T17124] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 681.175959][T17124] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 681.175973][T17124] [ 681.286756][ T40] audit: type=1800 audit(2000000542.445:1230): pid=17124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3500" name="dev/zero" dev="tmpfs" ino=2140 res=0 errno=0 [ 681.350754][ T828] usb 9-1: new high-speed USB device number 48 using dummy_hcd [ 681.560970][ T828] usb 9-1: Using ep0 maxpacket: 8 [ 681.564905][ T828] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 681.568509][ T828] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 681.576143][ T828] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 681.585837][ T828] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 681.595048][ T828] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 681.599178][ T828] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.626270][ T828] hub 9-1:1.0: bad descriptor, ignoring hub [ 681.631094][ T828] hub 9-1:1.0: probe with driver hub failed with error -5 [ 681.637339][ T828] cdc_wdm 9-1:1.0: skipping garbage [ 681.640761][ T828] cdc_wdm 9-1:1.0: skipping garbage [ 681.665253][ T828] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 681.668369][ T828] cdc_wdm 9-1:1.0: Unknown control protocol [ 681.723522][T17141] random: crng reseeded on system resumption [ 682.025453][T17142] [U] ¦ [ 682.743265][T17154] xt_cgroup: invalid path, errno=-2 [ 683.420847][ T5999] usb 5-1: new full-speed USB device number 60 using dummy_hcd [ 683.443695][ T54] usb 9-1: USB disconnect, device number 48 [ 683.480733][ T828] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 683.563014][T17167] netlink: 'syz.2.3513': attribute type 1 has an invalid length. [ 683.575447][T17167] 8021q: adding VLAN 0 to HW filter on device bond1 [ 683.584319][ T5999] usb 5-1: too many endpoints for config 0 interface 0 altsetting 254: 254, using maximum allowed: 30 [ 683.588844][ T5999] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 683.610533][ T5999] usb 5-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 683.617166][ T5999] usb 5-1: config 0 interface 0 has no altsetting 0 [ 683.619693][ T5999] usb 5-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.00 [ 683.630862][ T5999] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 683.642549][ T5999] usb 5-1: config 0 descriptor?? [ 683.652836][ T828] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 683.659957][ T828] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 683.664325][ T828] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 683.667465][ T828] usb 6-1: Product: syz [ 683.668939][ T828] usb 6-1: Manufacturer: syz [ 683.672514][ T828] usb 6-1: SerialNumber: syz [ 683.688570][ T828] hub 6-1:1.0: bad descriptor, ignoring hub [ 683.698887][ T828] hub 6-1:1.0: probe with driver hub failed with error -5 [ 683.864917][T17176] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3515'. [ 683.868139][T17176] bridge_slave_1: left allmulticast mode [ 683.870152][T17176] bridge_slave_1: left promiscuous mode [ 683.872850][T17176] bridge0: port 2(bridge_slave_1) entered disabled state [ 683.886405][T17176] bridge_slave_0: left allmulticast mode [ 683.888783][T17176] bridge_slave_0: left promiscuous mode [ 683.892307][T17176] bridge0: port 1(bridge_slave_0) entered disabled state [ 683.899862][T17161] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 683.907090][T17161] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 684.021663][ T6019] usb 6-1: USB disconnect, device number 70 [ 684.069695][ T5999] chicony 0003:04F2:1123.0026: invalid report_count 15576 [ 684.094056][ T5999] chicony 0003:04F2:1123.0026: item 0 2 1 9 parsing failed [ 684.108257][ T5999] chicony 0003:04F2:1123.0026: Chicony hid parse failed: -22 [ 684.125052][ T5999] chicony 0003:04F2:1123.0026: probe with driver chicony failed with error -22 [ 684.266083][ T5999] usb 5-1: USB disconnect, device number 60 [ 684.983595][T17203] random: crng reseeded on system resumption [ 685.172920][T17206] input: syz0 as /devices/virtual/input/input30 [ 685.188923][T17206] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3525'. [ 685.301601][T17210] netlink: 'syz.4.3527': attribute type 10 has an invalid length. [ 685.425264][ T54] hid-generic FFFF:0008:0003.0027: item fetching failed at offset 0/1 [ 685.431803][ T54] hid-generic FFFF:0008:0003.0027: probe with driver hid-generic failed with error -22 [ 685.475905][ T828] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 685.641552][ T828] usb 5-1: device descriptor read/64, error -71 [ 685.799607][T17221] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 685.804997][T17221] block device autoloading is deprecated and will be removed. [ 685.912600][ T828] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 686.040803][ T828] usb 5-1: device descriptor read/64, error -71 [ 686.161005][ T828] usb usb5-port1: attempt power cycle [ 686.500732][ T1330] usb 6-1: new full-speed USB device number 71 using dummy_hcd [ 686.541389][ T828] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 686.563700][ T828] usb 5-1: device descriptor read/8, error -71 [ 686.675253][ T1330] usb 6-1: too many endpoints for config 0 interface 0 altsetting 254: 254, using maximum allowed: 30 [ 686.679907][ T1330] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 686.694248][ T1330] usb 6-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 686.711295][ T1330] usb 6-1: config 0 interface 0 has no altsetting 0 [ 686.714204][ T1330] usb 6-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.00 [ 686.722166][ T1330] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.734448][ T1330] usb 6-1: config 0 descriptor?? [ 686.823867][ T828] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 686.851100][ T828] usb 5-1: device descriptor read/8, error -71 [ 686.970842][ T828] usb usb5-port1: unable to enumerate USB device [ 687.187374][ T1330] chicony 0003:04F2:1123.0028: invalid report_count 15576 [ 687.189688][ T1330] chicony 0003:04F2:1123.0028: item 0 2 1 9 parsing failed [ 687.195693][ T1330] chicony 0003:04F2:1123.0028: Chicony hid parse failed: -22 [ 687.198479][ T1330] chicony 0003:04F2:1123.0028: probe with driver chicony failed with error -22 [ 687.408485][ T1330] usb 6-1: USB disconnect, device number 71 [ 687.882109][ T6019] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 687.989532][T17264] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3536'. [ 687.995010][T17264] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3536'. [ 687.998839][T17264] netlink: 'syz.1.3536': attribute type 11 has an invalid length. [ 690.526243][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 690.591940][ T12] batman_adv: batadv0: Removing interface: gretap1 [ 690.700313][ T12] bond0 (unregistering): Released all slaves [ 690.707780][ T12] bond1 (unregistering): Released all slaves [ 690.814715][ T12] tipc: Left network mode [ 691.207205][ T12] hsr_slave_0: left promiscuous mode [ 691.210220][ T12] hsr_slave_1: left promiscuous mode [ 691.213538][ T12] batman_adv: batadv0: Removing interface: vlan1 [ 698.174332][T17298] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 698.178301][T17298] block device autoloading is deprecated and will be removed. [ 699.670646][ T6021] usb 6-1: new full-speed USB device number 72 using dummy_hcd [ 700.400901][ T6021] usb 6-1: too many endpoints for config 0 interface 0 altsetting 254: 254, using maximum allowed: 30 [ 700.406715][ T6021] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 700.411750][ T6021] usb 6-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 700.425152][ T6021] usb 6-1: config 0 interface 0 has no altsetting 0 [ 700.428737][ T6021] usb 6-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.00 [ 700.439160][ T6021] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 700.488265][ T6021] usb 6-1: config 0 descriptor?? [ 700.590204][T17333] hub 2-0:1.0: USB hub found [ 700.592734][T17333] hub 2-0:1.0: 2 ports detected [ 701.079247][ T6021] chicony 0003:04F2:1123.0029: invalid report_count 15576 [ 701.082488][ T6021] chicony 0003:04F2:1123.0029: item 0 2 1 9 parsing failed [ 701.086443][ T6021] chicony 0003:04F2:1123.0029: Chicony hid parse failed: -22 [ 701.089511][ T6021] chicony 0003:04F2:1123.0029: probe with driver chicony failed with error -22 [ 701.288836][ T6019] usb 6-1: USB disconnect, device number 72 [ 701.383522][T17337] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 701.393367][ T6018] wg1 speed is unknown, defaulting to 1000 [ 701.445480][T17350] binder: 17349:17350 ioctl c0306201 80000680 returned -14 [ 703.515318][T17379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 703.575187][T17379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 703.622513][T17377] i2c i2c-1: dtv_property_process_set: SET cmd 0x00060004 undefined [ 703.633406][T17379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 704.251442][ T828] usb 6-1: new high-speed USB device number 73 using dummy_hcd [ 704.361172][ T12] wlan1: Trigger new scan to find an IBSS to join [ 704.772654][ T828] usb 6-1: Using ep0 maxpacket: 8 [ 705.080485][ T828] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 705.085261][ T828] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 705.088175][ T828] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 705.096075][ T828] usb 6-1: config 0 descriptor?? [ 705.152263][T17402] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3569'. [ 705.290478][T17408] 9p: Bad value for 'rfdno' [ 705.317604][ T828] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 705.363768][T17410] FAULT_INJECTION: forcing a failure. [ 705.363768][T17410] name failslab, interval 1, probability 0, space 0, times 0 [ 705.368566][T17410] CPU: 3 UID: 0 PID: 17410 Comm: syz.2.3572 Tainted: G L syzkaller #0 PREEMPT(full) [ 705.368584][T17410] Tainted: [L]=SOFTLOCKUP [ 705.368588][T17410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 705.368595][T17410] Call Trace: [ 705.368600][T17410] [ 705.368604][T17410] dump_stack_lvl+0x100/0x190 [ 705.368624][T17410] should_fail_ex.cold+0x5/0xa [ 705.368638][T17410] ? tomoyo_encode2+0xfb/0x3c0 [ 705.368654][T17410] should_failslab+0xc2/0x120 [ 705.368670][T17410] __kmalloc_noprof+0xe0/0x850 [ 705.368683][T17410] ? d_absolute_path+0x136/0x1b0 [ 705.368698][T17410] tomoyo_encode2+0xfb/0x3c0 [ 705.368716][T17410] tomoyo_encode+0x29/0x50 [ 705.368731][T17410] tomoyo_realpath_from_path+0x18c/0x690 [ 705.368751][T17410] tomoyo_path_number_perm+0x23c/0x580 [ 705.368764][T17410] ? tomoyo_path_number_perm+0x22e/0x580 [ 705.368779][T17410] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 705.368807][T17410] ? find_held_lock+0x2b/0x80 [ 705.368823][T17410] ? hook_file_ioctl_common+0x146/0x410 [ 705.368842][T17410] ? __fget_files+0x215/0x3d0 [ 705.368859][T17410] ? __fget_files+0x21f/0x3d0 [ 705.368875][T17410] security_file_ioctl_compat+0xd3/0x230 [ 705.368892][T17410] __ia32_compat_sys_ioctl+0xc2/0x360 [ 705.368908][T17410] __do_fast_syscall_32+0xe3/0x8c0 [ 705.368922][T17410] do_fast_syscall_32+0x32/0x70 [ 705.368934][T17410] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 705.368948][T17410] RIP: 0023:0xf70aef6c [ 705.368958][T17410] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 705.368969][T17410] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 705.368980][T17410] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040084d05 [ 705.368987][T17410] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 705.368993][T17410] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 705.368999][T17410] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 705.369005][T17410] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 705.369019][T17410] [ 705.369031][T17410] ERROR: Out of memory at tomoyo_realpath_from_path. [ 705.400800][T17413] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 705.445383][T17413] block device autoloading is deprecated and will be removed. [ 705.673296][ T828] usb 6-1: USB disconnect, device number 73 [ 706.011038][ T40] audit: type=1326 audit(2000000567.185:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17403 comm="syz.4.3570" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f83f6c code=0x7fc00000 [ 706.348489][T17431] netlink: 212344 bytes leftover after parsing attributes in process `syz.0.3578'. [ 706.364065][T17434] netlink: 'syz.2.3579': attribute type 10 has an invalid length. [ 706.366848][T17434] hsr0: entered promiscuous mode [ 706.370068][T17434] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 706.374812][T17434] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 706.379066][T17434] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 706.434839][T17437] netlink: 'syz.2.3580': attribute type 1 has an invalid length. [ 706.451334][T17437] bond2: entered promiscuous mode [ 706.453272][T17437] 8021q: adding VLAN 0 to HW filter on device bond2 [ 706.462655][T17437] bond2: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 706.466672][T17437] bond2: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 706.470239][T17437] bond2: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 706.650747][T17444] fuse: Bad value for 'fd' [ 707.081509][T17458] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 707.083574][T17458] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 707.086313][T17458] vhci_hcd vhci_hcd.0: Device attached [ 707.099886][T17458] random: crng reseeded on system resumption [ 707.216680][T17463] futex_wake_op: syz.4.3588 tries to shift op by 32; fix this program [ 707.260806][ T6019] usb 5-1: new low-speed USB device number 65 using dummy_hcd [ 707.360893][ T5999] usb 40-1: SetAddress Request (10) to port 0 [ 707.364091][ T5999] usb 40-1: new SuperSpeed USB device number 10 using vhci_hcd [ 707.410865][ T1142] wlan1: Trigger new scan to find an IBSS to join [ 707.420003][ T6019] usb 5-1: unable to get BOS descriptor or descriptor too short [ 707.428422][ T6019] usb 5-1: config 127 has an invalid interface number: 167 but max is 0 [ 707.432842][ T6019] usb 5-1: config 127 has no interface number 0 [ 707.436197][ T6019] usb 5-1: config 127 interface 167 has no altsetting 0 [ 707.458673][ T6019] usb 5-1: string descriptor 0 read error: -22 [ 707.462806][ T6019] usb 5-1: New USB device found, idVendor=c016, idProduct=6da5, bcdDevice=1c.ad [ 707.465982][ T6019] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 707.682289][ T34] usb 5-1: USB disconnect, device number 65 [ 707.964991][T17466] futex_wake_op: syz.4.3589 tries to shift op by 32; fix this program [ 708.262676][T17459] vhci_hcd: connection reset by peer [ 708.265334][ T12] vhci_hcd vhci_hcd.1: stop threads [ 708.267649][ T12] vhci_hcd vhci_hcd.1: release socket [ 708.269659][ T12] vhci_hcd vhci_hcd.1: disconnect device [ 708.460457][T17470] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 708.462775][T17470] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 708.466966][T17470] vhci_hcd vhci_hcd.0: Device attached [ 708.520434][T17471] vhci_hcd: connection closed [ 708.520779][ T12] vhci_hcd vhci_hcd.0: stop threads [ 708.524288][ T12] vhci_hcd vhci_hcd.0: release socket [ 708.526204][ T12] vhci_hcd vhci_hcd.0: disconnect device [ 709.350432][ T40] audit: type=1326 audit(2000000570.525:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17479 comm="syz.1.3594" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f18f6c code=0x0 [ 709.738558][T17493] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3596'. [ 710.112125][ T12] [ 710.113210][ T12] ============================================ [ 710.115897][ T12] WARNING: possible recursive locking detected [ 710.118448][ T12] syzkaller #0 Tainted: G L [ 710.120879][ T12] -------------------------------------------- [ 710.123371][ T12] kworker/u32:0/12 is trying to acquire lock: [ 710.125902][ T12] ffff888079180260 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: inet6_getname+0x1a2/0x860 [ 710.129694][ T12] [ 710.129694][ T12] but task is already holding lock: [ 710.132647][ T12] ffff888079180260 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_sock_set_cork+0x1c/0xc0 [ 710.136440][ T12] [ 710.136440][ T12] other info that might help us debug this: [ 710.139662][ T12] Possible unsafe locking scenario: [ 710.139662][ T12] [ 710.142653][ T12] CPU0 [ 710.144004][ T12] ---- [ 710.145350][ T12] lock(k-sk_lock-AF_INET6); [ 710.147289][ T12] lock(k-sk_lock-AF_INET6); [ 710.149230][ T12] [ 710.149230][ T12] *** DEADLOCK *** [ 710.149230][ T12] [ 710.152471][ T12] May be due to missing lock nesting notation [ 710.152471][ T12] [ 710.155614][ T12] 4 locks held by kworker/u32:0/12: [ 710.157321][ T12] #0: ffff8880240fa148 ((wq_completion)krds_cp_wq#6/0#2){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 710.160897][ T12] #1: ffffc900001e7d08 ((work_completion)(&(&cp->cp_send_w)->work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 710.164746][ T12] #2: ffff888079180260 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_sock_set_cork+0x1c/0xc0 [ 710.167929][ T12] #3: ffff888079180408 (k-clock-AF_INET6){++.-}-{3:3}, at: rds_tcp_data_ready+0x90/0x790 [ 710.171089][ T12] [ 710.171089][ T12] stack backtrace: [ 710.172965][ T12] CPU: 2 UID: 0 PID: 12 Comm: kworker/u32:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 710.172981][ T12] Tainted: [L]=SOFTLOCKUP [ 710.172985][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 710.172992][ T12] Workqueue: krds_cp_wq#6/0 rds_send_worker [ 710.173007][ T12] Call Trace: [ 710.173012][ T12] [ 710.173017][ T12] dump_stack_lvl+0x100/0x190 [ 710.173032][ T12] print_deadlock_bug.cold+0xbd/0xca [ 710.173049][ T12] __lock_acquire+0x12bb/0x2630 [ 710.173064][ T12] lock_acquire+0x1cf/0x380 [ 710.173076][ T12] ? inet6_getname+0x1a2/0x860 [ 710.173087][ T12] ? arch_stack_walk+0x94/0xf0 [ 710.173097][ T12] lock_sock_nested+0x41/0xf0 [ 710.173114][ T12] ? inet6_getname+0x1a2/0x860 [ 710.173124][ T12] inet6_getname+0x1a2/0x860 [ 710.173135][ T12] rds_tcp_get_peer_sport+0x7c/0x110 [ 710.173151][ T12] ? __pfx_rds_tcp_get_peer_sport+0x10/0x10 [ 710.173169][ T12] ? find_held_lock+0x2b/0x80 [ 710.173185][ T12] ? rds_addr_cmp+0x10d/0x150 [ 710.173197][ T12] rds_tcp_conn_slots_available+0x279/0x390 [ 710.173213][ T12] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10 [ 710.173231][ T12] rds_recv_hs_exthdrs+0x5cb/0x7e0 [ 710.173244][ T12] ? __pfx_rds_recv_hs_exthdrs+0x10/0x10 [ 710.173257][ T12] rds_recv_incoming+0xdbf/0x1150 [ 710.173269][ T12] ? __pfx_rds_recv_incoming+0x10/0x10 [ 710.173280][ T12] ? skb_copy_bits+0x5c8/0x8d0 [ 710.173296][ T12] rds_tcp_data_recv+0x278/0xce0 [ 710.173315][ T12] __tcp_read_sock+0x204/0x8d0 [ 710.173330][ T12] ? __pfx_rds_tcp_data_recv+0x10/0x10 [ 710.173346][ T12] ? __pfx___tcp_read_sock+0x10/0x10 [ 710.173361][ T12] rds_tcp_read_sock+0x12e/0x280 [ 710.173377][ T12] ? __pfx_rds_tcp_read_sock+0x10/0x10 [ 710.173392][ T12] ? lock_acquire+0x1cf/0x380 [ 710.173406][ T12] ? __pfx_sock_def_readable+0x10/0x10 [ 710.173421][ T12] rds_tcp_data_ready+0x1c9/0x790 [ 710.173431][ T12] tcp_data_ready+0x114/0x5a0 [ 710.173445][ T12] tcp_rcv_established+0x29f0/0x3980 [ 710.173460][ T12] ? __pfx_tcp_rcv_established+0x10/0x10 [ 710.173475][ T12] tcp_v6_do_rcv+0x118b/0x1dd0 [ 710.173488][ T12] ? __pfx_tcp_v6_do_rcv+0x10/0x10 [ 710.173500][ T12] __release_sock+0x151/0x440 [ 710.173517][ T12] release_sock+0x5a/0x220 [ 710.173526][ T12] ? __pfx_rds_tcp_xmit_path_complete+0x10/0x10 [ 710.173536][ T12] rds_send_xmit+0x17cb/0x2950 [ 710.173551][ T12] ? __pfx_rds_send_xmit+0x10/0x10 [ 710.173563][ T12] ? lock_acquire+0x5e/0x380 [ 710.173575][ T12] rds_send_worker+0x94/0x320 [ 710.173588][ T12] process_one_work+0x9d7/0x1920 [ 710.173604][ T12] ? __pfx_process_one_work+0x10/0x10 [ 710.173620][ T12] ? __pfx_rds_send_worker+0x10/0x10 [ 710.173633][ T12] worker_thread+0x5da/0xe40 [ 710.173648][ T12] ? kthread+0x13a/0x450 [ 710.173660][ T12] ? __pfx_worker_thread+0x10/0x10 [ 710.173673][ T12] kthread+0x370/0x450 [ 710.173684][ T12] ? __pfx_kthread+0x10/0x10 [ 710.173697][ T12] ret_from_fork+0x754/0xd80 [ 710.173711][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 710.173726][ T12] ? __switch_to+0x7b4/0x1120 [ 710.173736][ T12] ? __pfx_kthread+0x10/0x10 [ 710.173749][ T12] ret_from_fork_asm+0x1a/0x30 [ 710.173780][ T12] [ 710.275278][ T12] BUG: sleeping function called from invalid context at net/core/sock.c:3782 [ 710.278190][ T12] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 12, name: kworker/u32:0 [ 710.281276][ T12] preempt_count: 201, expected: 0 [ 710.282949][ T12] RCU nest depth: 0, expected: 0 [ 710.284546][ T12] INFO: lockdep is turned off. [ 710.286130][ T12] Preemption disabled at: [ 710.286135][ T12] [<0000000000000000>] 0x0 [ 710.289035][ T12] CPU: 2 UID: 0 PID: 12 Comm: kworker/u32:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 710.289054][ T12] Tainted: [L]=SOFTLOCKUP [ 710.289058][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 710.289065][ T12] Workqueue: krds_cp_wq#6/0 rds_send_worker [ 710.289082][ T12] Call Trace: [ 710.289087][ T12] [ 710.289093][ T12] dump_stack_lvl+0x100/0x190 [ 710.289109][ T12] __might_resched.cold+0x1ec/0x232 [ 710.289123][ T12] ? __pfx___might_resched+0x10/0x10 [ 710.289138][ T12] ? arch_stack_walk+0x94/0xf0 [ 710.289149][ T12] lock_sock_nested+0x52/0xf0 [ 710.289165][ T12] ? inet6_getname+0x1a2/0x860 [ 710.289176][ T12] inet6_getname+0x1a2/0x860 [ 710.289187][ T12] rds_tcp_get_peer_sport+0x7c/0x110 [ 710.289203][ T12] ? __pfx_rds_tcp_get_peer_sport+0x10/0x10 [ 710.289221][ T12] ? find_held_lock+0x2b/0x80 [ 710.289237][ T12] ? rds_addr_cmp+0x10d/0x150 [ 710.289249][ T12] rds_tcp_conn_slots_available+0x279/0x390 [ 710.289266][ T12] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10 [ 710.289283][ T12] rds_recv_hs_exthdrs+0x5cb/0x7e0 [ 710.289299][ T12] ? __pfx_rds_recv_hs_exthdrs+0x10/0x10 [ 710.289315][ T12] rds_recv_incoming+0xdbf/0x1150 [ 710.289328][ T12] ? __pfx_rds_recv_incoming+0x10/0x10 [ 710.289339][ T12] ? skb_copy_bits+0x5c8/0x8d0 [ 710.289359][ T12] rds_tcp_data_recv+0x278/0xce0 [ 710.289378][ T12] __tcp_read_sock+0x204/0x8d0 [ 710.289392][ T12] ? __pfx_rds_tcp_data_recv+0x10/0x10 [ 710.289409][ T12] ? __pfx___tcp_read_sock+0x10/0x10 [ 710.289424][ T12] rds_tcp_read_sock+0x12e/0x280 [ 710.289440][ T12] ? __pfx_rds_tcp_read_sock+0x10/0x10 [ 710.289455][ T12] ? lock_acquire+0x1cf/0x380 [ 710.289469][ T12] ? __pfx_sock_def_readable+0x10/0x10 [ 710.289484][ T12] rds_tcp_data_ready+0x1c9/0x790 [ 710.289494][ T12] tcp_data_ready+0x114/0x5a0 [ 710.289508][ T12] tcp_rcv_established+0x29f0/0x3980 [ 710.289523][ T12] ? __pfx_tcp_rcv_established+0x10/0x10 [ 710.289538][ T12] tcp_v6_do_rcv+0x118b/0x1dd0 [ 710.289551][ T12] ? __pfx_tcp_v6_do_rcv+0x10/0x10 [ 710.289563][ T12] __release_sock+0x151/0x440 [ 710.289580][ T12] release_sock+0x5a/0x220 [ 710.289589][ T12] ? __pfx_rds_tcp_xmit_path_complete+0x10/0x10 [ 710.289600][ T12] rds_send_xmit+0x17cb/0x2950 [ 710.289615][ T12] ? __pfx_rds_send_xmit+0x10/0x10 [ 710.289626][ T12] ? lock_acquire+0x5e/0x380 [ 710.289638][ T12] rds_send_worker+0x94/0x320 [ 710.289651][ T12] process_one_work+0x9d7/0x1920 [ 710.289667][ T12] ? __pfx_process_one_work+0x10/0x10 [ 710.289683][ T12] ? __pfx_rds_send_worker+0x10/0x10 [ 710.289696][ T12] worker_thread+0x5da/0xe40 [ 710.289711][ T12] ? kthread+0x13a/0x450 [ 710.289723][ T12] ? __pfx_worker_thread+0x10/0x10 [ 710.289736][ T12] kthread+0x370/0x450 [ 710.289747][ T12] ? __pfx_kthread+0x10/0x10 [ 710.289779][ T12] ret_from_fork+0x754/0xd80 [ 710.289795][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 710.289810][ T12] ? __switch_to+0x7b4/0x1120 [ 710.289821][ T12] ? __pfx_kthread+0x10/0x10 [ 710.289837][ T12] ret_from_fork_asm+0x1a/0x30 [ 710.289851][ T12] [ 710.289858][ T12] BUG: scheduling while atomic: kworker/u32:0/12/0x00000202 [ 710.391099][ T12] INFO: lockdep is turned off. [ 710.392667][ T12] Modules linked in: [ 710.393958][ T12] Preemption disabled at: [ 710.393964][ T12] [<0000000000000000>] 0x0 [ 710.396851][ T12] Kernel panic - not syncing: scheduling while atomic: panic_on_warn set ... [ 710.399626][ T12] CPU: 2 UID: 0 PID: 12 Comm: kworker/u32:0 Tainted: G W L syzkaller #0 PREEMPT(full) [ 710.403126][ T12] Tainted: [W]=WARN, [L]=SOFTLOCKUP [ 710.404808][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 710.408091][ T12] Workqueue: krds_cp_wq#6/0 rds_send_worker [ 710.410007][ T12] Call Trace: [ 710.411094][ T12] [ 710.412064][ T12] dump_stack_lvl+0x100/0x190 [ 710.413594][ T12] vpanic+0x552/0x970 [ 710.414912][ T12] ? __pfx_vpanic+0x10/0x10 [ 710.416401][ T12] ? __pfx_vprintk_emit+0x10/0x10 [ 710.418061][ T12] ? rcu_is_watching+0x12/0xc0 [ 710.419603][ T12] panic+0xd1/0xe0 [ 710.420852][ T12] ? __pfx_panic+0x10/0x10 [ 710.422310][ T12] ? __pfx_print_modules+0x10/0x10 [ 710.423957][ T12] ? check_panic_on_warn+0x1f/0x90 [ 710.425619][ T12] check_panic_on_warn.cold+0x19/0x34 [ 710.427371][ T12] __schedule_bug.cold+0xca/0xfa [ 710.428974][ T12] __schedule+0x3be1/0x60e0 [ 710.430475][ T12] ? _printk+0xcf/0x110 [ 710.431825][ T12] ? __pfx__printk+0x10/0x10 [ 710.433309][ T12] ? do_raw_spin_lock+0x128/0x260 [ 710.434955][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 710.436725][ T12] ? prepare_to_wait_exclusive+0xdc/0x2c0 [ 710.438573][ T12] ? __pfx___schedule+0x10/0x10 [ 710.440178][ T12] ? rcu_is_watching+0x12/0xc0 [ 710.441775][ T12] ? schedule+0x2bf/0x390 [ 710.443193][ T12] ? lock_release+0x263/0x320 [ 710.444733][ T12] schedule+0xdd/0x390 [ 710.446103][ T12] __lock_sock+0x147/0x270 [ 710.447589][ T12] ? __pfx___lock_sock+0x10/0x10 [ 710.449198][ T12] ? __pfx_autoremove_wake_function+0x10/0x10 [ 710.451160][ T12] ? __pfx___might_resched+0x10/0x10 [ 710.452864][ T12] lock_sock_nested+0xda/0xf0 [ 710.454403][ T12] inet6_getname+0x1a2/0x860 [ 710.455912][ T12] rds_tcp_get_peer_sport+0x7c/0x110 [ 710.457635][ T12] ? __pfx_rds_tcp_get_peer_sport+0x10/0x10 [ 710.459545][ T12] ? find_held_lock+0x2b/0x80 [ 710.461068][ T12] ? rds_addr_cmp+0x10d/0x150 [ 710.462613][ T12] rds_tcp_conn_slots_available+0x279/0x390 [ 710.464548][ T12] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10 [ 710.466635][ T12] rds_recv_hs_exthdrs+0x5cb/0x7e0 [ 710.468288][ T12] ? __pfx_rds_recv_hs_exthdrs+0x10/0x10 [ 710.470105][ T12] rds_recv_incoming+0xdbf/0x1150 [ 710.471694][ T12] ? __pfx_rds_recv_incoming+0x10/0x10 [ 710.473441][ T12] ? skb_copy_bits+0x5c8/0x8d0 [ 710.475013][ T12] rds_tcp_data_recv+0x278/0xce0 [ 710.476653][ T12] __tcp_read_sock+0x204/0x8d0 [ 710.478211][ T12] ? __pfx_rds_tcp_data_recv+0x10/0x10 [ 710.480014][ T12] ? __pfx___tcp_read_sock+0x10/0x10 [ 710.481744][ T12] rds_tcp_read_sock+0x12e/0x280 [ 710.483387][ T12] ? __pfx_rds_tcp_read_sock+0x10/0x10 [ 710.485143][ T12] ? lock_acquire+0x1cf/0x380 [ 710.486716][ T12] ? __pfx_sock_def_readable+0x10/0x10 [ 710.488475][ T12] rds_tcp_data_ready+0x1c9/0x790 [ 710.490115][ T12] tcp_data_ready+0x114/0x5a0 [ 710.491636][ T12] tcp_rcv_established+0x29f0/0x3980 [ 710.493341][ T12] ? __pfx_tcp_rcv_established+0x10/0x10 [ 710.495160][ T12] tcp_v6_do_rcv+0x118b/0x1dd0 [ 710.496757][ T12] ? __pfx_tcp_v6_do_rcv+0x10/0x10 [ 710.498427][ T12] __release_sock+0x151/0x440 [ 710.499997][ T12] release_sock+0x5a/0x220 [ 710.501447][ T12] ? __pfx_rds_tcp_xmit_path_complete+0x10/0x10 [ 710.503482][ T12] rds_send_xmit+0x17cb/0x2950 [ 710.505042][ T12] ? __pfx_rds_send_xmit+0x10/0x10 [ 710.506745][ T12] ? lock_acquire+0x5e/0x380 [ 710.508280][ T12] rds_send_worker+0x94/0x320 [ 710.509821][ T12] process_one_work+0x9d7/0x1920 [ 710.511438][ T12] ? __pfx_process_one_work+0x10/0x10 [ 710.513171][ T12] ? __pfx_rds_send_worker+0x10/0x10 [ 710.514886][ T12] worker_thread+0x5da/0xe40 [ 710.516408][ T12] ? kthread+0x13a/0x450 [ 710.517823][ T12] ? __pfx_worker_thread+0x10/0x10 [ 710.519527][ T12] kthread+0x370/0x450 [ 710.520937][ T12] ? __pfx_kthread+0x10/0x10 [ 710.522496][ T12] ret_from_fork+0x754/0xd80 [ 710.524000][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 710.525668][ T12] ? __switch_to+0x7b4/0x1120 [ 710.527224][ T12] ? __pfx_kthread+0x10/0x10 [ 710.528738][ T12] ret_from_fork_asm+0x1a/0x30 [ 710.530305][ T12] [ 710.532060][ T12] Kernel Offset: disabled [ 710.533459][ T12] Rebooting in 86400 seconds..