last executing test programs: 2m1.074997284s ago: executing program 3 (id=750): openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYRES16=r1, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000400000200000200080001000300000005000200030000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0) 2m0.702304376s ago: executing program 3 (id=752): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000d40)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0x4}, {0xffff, 0xffff}}, [@TCA_RATE={0x6, 0x5, {0xf, 0x47}}]}, 0x2c}}, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r3, 0xc52ac000) r4 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r6) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r7 = syz_open_procfs(r5, &(0x7f0000000240)='oom_score\x00') readv(r7, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/85, 0x55}], 0x1) 2m0.627177694s ago: executing program 3 (id=754): openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "e400ff", 0x40, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x11, 0x0, @empty, @ipv4={'\x00', '\xff\xff', @multicast1}, [], "17c1ff07000000000000655804e09171"}}}}}}}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="e625e5e1479260f9ffff44f308060401080006040001aaaaaaaaaaaae0000002bbbb0800000000"], 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080)=0x80000003) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0xffe, 0x3, 0x1000, 0x3a, 0x0, 0x0, 0x7}, 0x75) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) r2 = dup2(r1, r1) read$FUSE(r2, &(0x7f00000063c0)={0x2020}, 0x2020) syz_usb_connect(0x1, 0x2d, 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) openat$tun(0xffffff9c, &(0x7f0000000380), 0x800, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000010c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}}, 0x4000) 1m57.964234358s ago: executing program 3 (id=763): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x2) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) syz_emit_ethernet(0x16, &(0x7f0000000680)={@remote, @multicast, @val={@void, {0x8100, 0x0, 0x1, 0x1}}, {@llc={0x4, {@llc={0x80, 0x0, "e2fc"}}}}}, &(0x7f0000000080)={0x0, 0x1, [0x2e9, 0x109, 0x86b, 0x254]}) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000600)=ANY=[@ANYBLOB="0f000000040000040000000200020000008830500000", @ANYRES32=0x1, @ANYBLOB="fdffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400"/28], 0x48) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x400}, 0x0) setrlimit(0x6, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x8001, 0x0) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = openat$vimc0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_STREAMOFF(r3, 0x40045613, &(0x7f0000000280)=0x8) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) r4 = add_key(0x0, 0x0, &(0x7f0000000280)="dee7030022cf5c6c7bc31bd2599759fafa9e5e1dbac27b0426fc0299c41fb9b9761a1b44dac894f365ae68edf335abf35ec53d6751467ebd2c187491bcab2c8d34fec505fc8a14622dba33", 0x4b, 0x0) r5 = syz_open_procfs(0x0, 0x0) preadv(r5, 0x0, 0x0, 0x35, 0x88) keyctl$chown(0x4, r4, 0xffffffffffffffff, 0xee00) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x6b46, 0x80000000, 0x0, 0x0, 0x8, 0xc, "a2bba2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f30600301a00000020000000000000000c100", [0x3]}}) 1m56.827220979s ago: executing program 3 (id=768): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) r2 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(0x3) 1m56.35660333s ago: executing program 3 (id=771): r0 = bpf$MAP_CREATE(0x0, 0x0, 0xb285f305e6b16ca5) bpf$PROG_LOAD(0x4, &(0x7f00000003c0)={0x3, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800, 0x8, 0x2}, 0x1c) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000800)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0xc, [@volatile={0x5, 0x0, 0x0, 0x9, 0x1}]}, {0x0, [0x2e, 0x2e, 0x30, 0x61, 0x0, 0x2e, 0x5f, 0x0, 0x30, 0x5f]}}, &(0x7f0000000880)=""/90, 0x30, 0x5a, 0x0, 0x5}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x21, &(0x7f0000000580)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80000000}, [@exit, @call={0x85, 0x0, 0x0, 0x9f}, @generic={0x9, 0x7, 0x6, 0x6, 0xa3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x800}, @jmp={0x5, 0x1, 0x4, 0x9, 0x8, 0x30, 0x10}, @exit]}, &(0x7f0000000480)='syzkaller\x00', 0x8000, 0x15, &(0x7f0000000700)=""/21, 0x40f00, 0x10, '\x00', 0x0, 0x25, r5, 0x8, &(0x7f0000000940)={0x7, 0x1}, 0x8, 0x10, &(0x7f00000009c0)={0x4, 0xb, 0x6, 0x7}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000a00)=[{0x2, 0x1, 0xf, 0x5}, {0x5, 0x4, 0x7, 0x9}, {0x2, 0x5, 0xf, 0x7}, {0x1, 0x4, 0xb, 0x161fc4d21e999e42}, {0x2, 0x2, 0x8, 0x5}, {0x2, 0x1, 0x0, 0x6}], 0x10, 0x6}, 0x94) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) bind$xdp(r2, &(0x7f00000001c0)={0x2c, 0x0, r4}, 0x10) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x1, r4, 0x8000000, r2}, 0x10) r6 = socket$tipc(0x1e, 0x5, 0x0) syz_io_uring_setup(0x492c, &(0x7f0000000500)={0x0, 0x2ca1, 0x80, 0x3, 0xaa}, &(0x7f0000000140), &(0x7f0000000340)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104fcffffff8000000000000000", @ANYRES32=0x0, @ANYBLOB="1957000000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r7], 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r8, &(0x7f0000000980), 0xe) ioctl$SIOCGSKNS(r6, 0x894c, &(0x7f0000000040)={'gretap0\x00', 0x200}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000005}, 0x0, 0x0) 1m56.276704796s ago: executing program 32 (id=771): r0 = bpf$MAP_CREATE(0x0, 0x0, 0xb285f305e6b16ca5) bpf$PROG_LOAD(0x4, &(0x7f00000003c0)={0x3, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800, 0x8, 0x2}, 0x1c) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000800)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0xc, [@volatile={0x5, 0x0, 0x0, 0x9, 0x1}]}, {0x0, [0x2e, 0x2e, 0x30, 0x61, 0x0, 0x2e, 0x5f, 0x0, 0x30, 0x5f]}}, &(0x7f0000000880)=""/90, 0x30, 0x5a, 0x0, 0x5}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x21, &(0x7f0000000580)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80000000}, [@exit, @call={0x85, 0x0, 0x0, 0x9f}, @generic={0x9, 0x7, 0x6, 0x6, 0xa3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x800}, @jmp={0x5, 0x1, 0x4, 0x9, 0x8, 0x30, 0x10}, @exit]}, &(0x7f0000000480)='syzkaller\x00', 0x8000, 0x15, &(0x7f0000000700)=""/21, 0x40f00, 0x10, '\x00', 0x0, 0x25, r5, 0x8, &(0x7f0000000940)={0x7, 0x1}, 0x8, 0x10, &(0x7f00000009c0)={0x4, 0xb, 0x6, 0x7}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000a00)=[{0x2, 0x1, 0xf, 0x5}, {0x5, 0x4, 0x7, 0x9}, {0x2, 0x5, 0xf, 0x7}, {0x1, 0x4, 0xb, 0x161fc4d21e999e42}, {0x2, 0x2, 0x8, 0x5}, {0x2, 0x1, 0x0, 0x6}], 0x10, 0x6}, 0x94) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) bind$xdp(r2, &(0x7f00000001c0)={0x2c, 0x0, r4}, 0x10) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x1, r4, 0x8000000, r2}, 0x10) r6 = socket$tipc(0x1e, 0x5, 0x0) syz_io_uring_setup(0x492c, &(0x7f0000000500)={0x0, 0x2ca1, 0x80, 0x3, 0xaa}, &(0x7f0000000140), &(0x7f0000000340)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104fcffffff8000000000000000", @ANYRES32=0x0, @ANYBLOB="1957000000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r7], 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r8, &(0x7f0000000980), 0xe) ioctl$SIOCGSKNS(r6, 0x894c, &(0x7f0000000040)={'gretap0\x00', 0x200}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000005}, 0x0, 0x0) 5.705591984s ago: executing program 0 (id=1208): r0 = bpf$MAP_CREATE(0x0, 0x0, 0xb285f305e6b16ca5) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800, 0x8, 0x2}, 0x1c) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x2e, &(0x7f0000000580)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80000000}, [@exit, @call={0x85, 0x0, 0x0, 0x9f}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}, @generic={0x9, 0x7, 0x6, 0x6, 0xa3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x800}, @jmp={0x5, 0x1, 0x4, 0x9, 0x8, 0x30, 0x10}, @exit]}, &(0x7f0000000480)='syzkaller\x00', 0x8000, 0x15, &(0x7f0000000700)=""/21, 0x40f00, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x7, 0x1}, 0x8, 0x10, &(0x7f00000009c0)={0x4, 0xb, 0x6, 0x7}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f00000000c0)=0x100, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) bind$xdp(r2, &(0x7f00000001c0)={0x2c, 0x0, r4}, 0x10) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x1, r4, 0x8000000, r2}, 0x10) r5 = socket$tipc(0x1e, 0x5, 0x0) syz_io_uring_setup(0x492c, &(0x7f0000000500)={0x0, 0x2ca1, 0x80, 0x3, 0xaa}, &(0x7f0000000140), &(0x7f0000000340)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104fcffffff8000000000000000", @ANYRES32=0x0, @ANYBLOB="1957000000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r6], 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r7, &(0x7f0000000980), 0xe) ioctl$SIOCGSKNS(r5, 0x894c, &(0x7f0000000040)={'gretap0\x00', 0x200}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000005}, 0x0, 0x0) 4.706094022s ago: executing program 0 (id=1215): r0 = openat$kvm(0xffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000) r1 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x900) syz_usb_disconnect(r1) syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[], 0x0) syz_open_dev$sndctrl(&(0x7f0000000100), 0x7c8, 0x40) r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) keyctl$restrict_keyring(0x1d, r2, 0x0, &(0x7f0000010100)='zey_or_\x97eyring:\vV<|k\xac\tVY1!\x1e\t\x16yC\x19q\x11\xde\xd0\xf8\x19R\xd5\x06\x87l\xb4\x88v\xf1}\xfe\x18\x1f\x19\x80\x92\xef\xde\"\x85H\xc5\xba[,\xfd\x06\x19\"\xcc\x03\x101\xc7\xd1;)j\xa0 o\x1d\n$\xf7\xdaM\xc7\x1e\xc2I\xc6\'\xcd\xa6\xee~\vk\x00'/112) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x143902, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x2, 0xfb, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) 4.016685547s ago: executing program 4 (id=1218): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_INIT(r0, 0x3a, 0xc8, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0xbc}, @call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe07, 0x0, &(0x7f0000000000)="26f8a0bf423ba61db01dcc101f3755384d7692c9e2b2ef9783f2d275f869933df9e97e0293a94ae8151e914e4cc50504094bc507b970f24b7e23af995eebac104d27b0564ff3985422ed5473ca4b38ff0fa99e1e982204c18e6442f8f95c2227ba69178d9398e4", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030429bd7000fadbdf2500007400", @ANYRES32=r4, @ANYBLOB="20ae0100009000001400010069"], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$nl_route(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)=@bridge_getneigh={0x40, 0x1e, 0xb7b6511a36acb75d, 0x0, 0x25dfdbff, {}, [@IFLA_MAP={0x20, 0xe, {0x9, 0x9, 0x1ff, 0x7, 0x6, 0xff}}]}, 0x40}}, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r6, 0x0, 0xd}, 0x18) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) write$dsp(r7, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04000418"], 0x7) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x48}}, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r8, 0x0, 0x15d}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e15010000000000160500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000150600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48) munlockall() ioctl$SNDCTL_DSP_SYNC(r7, 0x5001, 0x0) r9 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_ALM_READ(r9, 0x40187013, 0x0) syz_clone(0xb602ec91, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x83}, [@call={0x85, 0x0, 0x0, 0x18}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ffffffc}, 0x94) 3.813637626s ago: executing program 2 (id=1219): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x8010, r4, 0x0) getsockopt$inet_sctp_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000180), &(0x7f00000001c0)=0xe) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f00000004c0)=ANY=[@ANYBLOB="01000000000000000d00001808000000020000000000000020000000008000000200000000009dea58b8d9ce5cd88a04572b9abe44e84a014d8efb0a5c3749be5f90deff784466f0807f495d6e09b00eeb6106904120b3eecaf53268bc7f689ff7b88b0172ee8513f878f539ef647deb86db2e5eb7a2195fee3a26815ca52744db1a9327506e35f7d6bbad12df796dac8ae28894933f1d8656e3bc157ebb31f1f26cc9453f223d27ebf08c673a9859330fd2c3edb78b7ec32964b9534ac9b9d503613d2350a03d41dafee71868d24b1f82233cf8bd"]) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'wlan0\x00', 0x7101}) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x9}}]}, 0x38}}, 0x20040084) r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000140)={0x6, "421ae3753785259249154c944122ad063ff47d3bd7a8a45d6bb4c78a3ab4c981"}) pselect6(0x40, &(0x7f0000000000)={0x4ec, 0x4, 0x7, 0x4, 0x4, 0x3, 0xfff7, 0x4}, &(0x7f0000000040)={0x8, 0x3, 0xf9c5, 0xffff, 0x8, 0x6, 0x73a, 0x1}, &(0x7f0000000380)={0x10, 0x9, 0x200000005, 0xc58, 0xe, 0x1, 0x4d, 0x92}, 0x0, 0x0) r9 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r10 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) ioctl$SIOCSIFHWADDR(r10, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000480)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3, 0x7}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r11 = getpid() sched_setaffinity(0x0, 0x28, &(0x7f00000002c0)=0x2) sched_setscheduler(r11, 0x2, &(0x7f0000000200)=0x6) getrlimit(0x5, &(0x7f0000000300)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) 3.39698882s ago: executing program 2 (id=1220): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x2) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) syz_emit_ethernet(0x16, &(0x7f0000000680)={@remote, @multicast, @val={@void, {0x8100, 0x0, 0x1, 0x1}}, {@llc={0x4, {@llc={0x80, 0x0, "e2fc"}}}}}, &(0x7f0000000080)={0x0, 0x1, [0x2e9, 0x109, 0x86b, 0x254]}) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000600)=ANY=[@ANYBLOB="0f000000040000040000000200020000008830500000", @ANYRES32=0x1, @ANYBLOB="fdffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400"/28], 0x48) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setrlimit(0x6, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x8001, 0x0) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = openat$vimc0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_STREAMOFF(r3, 0x40045613, &(0x7f0000000280)=0x8) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) r4 = add_key(0x0, 0x0, &(0x7f0000000280)="dee7030022cf5c6c7bc31bd2599759fafa9e5e1dbac27b0426fc0299c41fb9b9761a1b44dac894f365ae68edf335abf35ec53d6751467ebd2c187491bcab2c8d34fec505fc8a14622dba33", 0x4b, 0x0) r5 = syz_open_procfs(0x0, 0x0) preadv(r5, 0x0, 0x0, 0x35, 0x88) bind$rds(0xffffffffffffffff, 0x0, 0x0) keyctl$chown(0x4, r4, 0xffffffffffffffff, 0xee00) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x6b46, 0x80000000, 0x0, 0x0, 0x8, 0xc, "a2bba2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f30600301a00000020000000000000000c100", [0x3]}}) 3.126573384s ago: executing program 4 (id=1221): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000100), 0x10) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x24, &(0x7f0000000200)={@multicast1, @private=0xa010100}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'sit0\x00', 0x0}) r6 = fsopen(&(0x7f0000000240)='rpc_pipefs\x00', 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, 0x0, &(0x7f0000000140)) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000280)={0x0, 0xa, 0x3, [0x0, 0x2, 0x44]}, 0xe) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000180)='rootcontext', &(0x7f0000000040)='E\xe1\x85\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000080)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x21, r5}) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) close_range(r3, 0xffffffffffffffff, 0x0) mq_timedsend(r4, &(0x7f0000000000)="17", 0x1, 0x1, 0x0) getsockopt$llc_int(r0, 0x10c, 0x5, &(0x7f0000001b80), &(0x7f0000001bc0)=0x4) 3.102460305s ago: executing program 1 (id=1222): r0 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0) getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002"], 0x48}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002200000", @ANYRES32=r1, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x4048001) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002121000000000000000002"], 0x28}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="2000000014002101000000000000000002000000", @ANYRES32=r5, @ANYBLOB="08000200ad"], 0x20}}, 0x0) sendmsg$nl_route(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@ipv4_deladdr={0x18, 0x15, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r5}}, 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 3.092147985s ago: executing program 1 (id=1223): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x512, &(0x7f0000000280)={0x0, 0xc65d, 0x100, 0x8, 0x40}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94) syz_emit_ethernet(0x12, &(0x7f0000000000)=ANY=[@ANYBLOB="910418166421b54fa0aaaa050004424203"], 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x2121, 0x0, {0x3}}) io_uring_enter(r2, 0x47f6, 0xb277, 0x0, 0x0, 0x0) r6 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7078, 0x0, 0x400007, 0x288, 0x0, r2}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x23457, 0x0, 0x0, 0x1}) io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, 0x0, 0x4000) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000200)) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030001000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004000}, 0x4044044) sendmsg$NFT_BATCH(r10, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x94}, 0x24000000) sendmsg$NFT_BATCH(r10, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002900)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xb}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4044055}, 0x40) r11 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYRES64=r10, @ANYRES32, @ANYBLOB="14000000010108000800420100"], 0x34}, 0x1, 0x0, 0x0, 0x2000c041}, 0x400c0c0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="3400000012000000000000000000002500000000", @ANYRES32=0x0, @ANYBLOB="12a005000002000008000d009a0100000a000200864a858afa7b0000"], 0x34}, 0x1, 0x0, 0x0, 0x28000014}, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) dup(r11) 2.966265531s ago: executing program 4 (id=1224): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f0000000200)={0x0, 0xbe5b, 0x10, 0x2, 0x40288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f0000002180)=[{{&(0x7f0000000400)=@l2={0x1f, 0x0, @none}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/44, 0x2c}, {&(0x7f0000000540)=""/157, 0x9d}, {&(0x7f0000000480)=""/91, 0x5b}, {&(0x7f0000000600)=""/238, 0xee}, {&(0x7f0000000700)=""/62, 0x3e}, {&(0x7f0000000740)=""/120, 0x78}, {&(0x7f0000000900)=""/244, 0xf4}, {&(0x7f0000000ec0)=""/4096, 0x1000}], 0x8}, 0xfffffffe}, {{0x0, 0x0, &(0x7f0000000cc0), 0x0, &(0x7f0000000d40)=""/240, 0xf0}, 0x4}, {{0x0, 0x0, &(0x7f0000002040)=[{&(0x7f0000000e40)=""/33, 0x21}, {&(0x7f0000001ec0)=""/174, 0xae}, {&(0x7f0000001f80)=""/150, 0x96}], 0x3, &(0x7f0000002080)=""/199, 0xc7}, 0x3}], 0x3, 0x42, 0x0) mount(0x0, 0x0, &(0x7f00000000c0)='affs\x00', 0xa08410, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000804}, 0x8040) io_uring_setup(0x3eb1, &(0x7f0000000080)={0x0, 0x8003fde, 0x800, 0x2, 0x184}) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7f) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000000c0)={0x9, 0x0, 0x0, 0x6}, 0x10) setrlimit(0xb, &(0x7f0000000300)={0xd, 0x800}) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x40000120, 0x4aa52520f215cfe4, {0x2}}) io_uring_enter(r2, 0x154e, 0x0, 0x41, 0x0, 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x8000000000000002, &(0x7f0000000e80)={0xffffffffffffffff}, 0x2, 0x8}}, 0x20) r10 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000002300)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000a, 0x13, r10, 0x0) write$RDMA_USER_CM_CMD_QUERY(r8, &(0x7f0000000180)={0x13, 0x10, 0x8, {0x0, r9, 0x1}}, 0x18) socket$netlink(0x10, 0x3, 0xa) 2.49636595s ago: executing program 2 (id=1225): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) syz_usb_disconnect(0xffffffffffffffff) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000240)='oom_score\x00') readv(r2, &(0x7f00000002c0), 0x0) 2.217978247s ago: executing program 1 (id=1226): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) syz_usb_disconnect(0xffffffffffffffff) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000240)='oom_score\x00') readv(r2, &(0x7f00000002c0)=[{0x0}], 0x1) 2.02328633s ago: executing program 4 (id=1227): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) socket$rxrpc(0x21, 0x2, 0xa) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xffffffffffffff2b) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002f00010000000000fcdbdf250301f2800c00180008ac0f00000000001400010000000000000000000000ffffac14141650bb2d6f67d29d6fabadb10779c8d506303fbf83de1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 2.020523293s ago: executing program 0 (id=1235): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x50, 0x2c, 0xd27, 0x70bd26, 0x8000, {0x0, 0x0, 0x0, r3, {0x8, 0x5}, {}, {0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x1c, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x100c}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 1.882825s ago: executing program 0 (id=1228): membarrier(0x40, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0xfff4, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x30, 0x16, 0xa, 0x801, 0x0, 0x0, {0x3}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x804) membarrier(0x20, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r1, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)) r3 = openat$proc_mixer(0xffffff9c, 0x0, 0x185240, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) quotactl_fd$Q_QUOTAOFF(r3, 0xffffffff80000301, 0x0, 0x0) bind$inet6(r1, 0x0, 0x0) 1.779933732s ago: executing program 0 (id=1229): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x1, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x27, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b00)={r2, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000100000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) ioctl$FBIOGET_VSCREENINFO(0xffffffffffffffff, 0x4600, &(0x7f0000000400)) r3 = dup(r0) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r7 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x114, 0x35, 0x1, 0x0, 0x0, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64}, @typed={0x14, 0x3, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe8101000000010000008b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x114}], 0x1}, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r8 = syz_io_uring_setup(0x83b, &(0x7f00000000c0)={0x0, 0x11e, 0x0, 0x1, 0x319}, &(0x7f0000000140)=0x0, &(0x7f0000000400)=0x0) r11 = socket(0x1d, 0x2, 0x6) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f0000000340)=@IORING_OP_ACCEPT={0xd, 0x40, 0x4, r11, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r8, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) 1.55637247s ago: executing program 2 (id=1230): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)=0x0) sendmsg$NFC_CMD_DEACTIVATE_TARGET(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r1, 0x200, 0x70bd27, 0x25dfdbfe, {}, [@NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0xffffffffffffffff}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r2}, @NFC_ATTR_TARGET_INDEX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x8}, 0x80) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)={0x2c, r3, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_DEVKEY={0xc, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x6}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000010}, 0x40008d0) 1.518383029s ago: executing program 2 (id=1231): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xffffffffffffff2b) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, 0x0, 0x20000000) r7 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002f00010000000000fcdbdf250301f2800c00180008ac0f00000000001400010000000000000000000000ffffac14141650bb2d6f67d29d6fabadb10779c8d506303fbf83de1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 1.366181474s ago: executing program 1 (id=1232): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0x11}, {0xffe6, 0xb}, {0xb, 0xc}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xdb, 0x2, 0x7, 0x41, 0x7dd, 0x1}, {0xb2, 0x1, 0x2, 0x1000, 0x3, 0x6}, 0xcf0, 0x5, 0xd65}}, @TCA_TBF_RATE64={0xc, 0x4, 0xafdc78dbe0554eb6}, @TCA_TBF_PRATE64={0xc, 0x5, 0xee7f8a24a6399ccf}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4000000) sendmsg$kcm(r0, 0x0, 0x0) 1.283614863s ago: executing program 1 (id=1233): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x2) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) syz_emit_ethernet(0x16, &(0x7f0000000680)={@remote, @multicast, @val={@void, {0x8100, 0x0, 0x1, 0x1}}, {@llc={0x4, {@llc={0x80, 0x0, "e2fc"}}}}}, &(0x7f0000000080)={0x0, 0x1, [0x2e9, 0x109, 0x86b, 0x254]}) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000600)=ANY=[@ANYBLOB="0f000000040000040000000200020000008830500000", @ANYRES32=0x1, @ANYBLOB="fdffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400"/28], 0x48) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x400}, 0x0) setrlimit(0x6, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x8001, 0x0) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = openat$vimc0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_STREAMOFF(r3, 0x40045613, &(0x7f0000000280)=0x8) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) r4 = add_key(0x0, 0x0, &(0x7f0000000280)="dee7030022cf5c6c7bc31bd2599759fafa9e5e1dbac27b0426fc0299c41fb9b9761a1b44dac894f365ae68edf335abf35ec53d6751467ebd2c187491bcab2c8d34fec505fc8a14622dba33", 0x4b, 0x0) r5 = syz_open_procfs(0x0, 0x0) preadv(r5, 0x0, 0x0, 0x35, 0x88) bind$rds(0xffffffffffffffff, 0x0, 0x0) keyctl$chown(0x4, r4, 0xffffffffffffffff, 0xee00) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x6b46, 0x80000000, 0x0, 0x0, 0x8, 0xc, "a2bba2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f30600301a00000020000000000000000c100", [0x3]}}) 1.014122987s ago: executing program 4 (id=1234): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) socket$rxrpc(0x21, 0x2, 0xa) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, 0x0, 0x20000000) r7 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002f00010000000000fcdbdf250301f2800c00180008ac0f00000000001400010000000000000000000000ffffac14141650bb2d6f67d29d6fabadb10779c8d506303fbf83de1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 858.319469ms ago: executing program 0 (id=1236): membarrier(0x40, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="be032c0b41887949fc576a2eb737dad016877dc957d77c973b225be0357e1d7c76530b578a40b5a82c713977bf85a15838968aef103dc5017091261afddc24056325889af8a55ff172448f323fc19eddb2b92f4787444b7b9c9096e513a5676d13b88300000000000000005bc74a9687ef0b69d8142fb847b2f89d2ddc967fb7d7d067c1f4e55eeca0eee44f4ce9dc84e22b", @ANYRES32=r0], 0x80}}, 0x480c0) membarrier(0x20, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r1, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000005c0)=[{{&(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000200)=[{&(0x7f0000000400)="737d1b10ea74f8ea226f73d0303d07089fa34be9e0ac843ac94fdcfd3e98d0566f1e4e511f04b39ec4f4aa477f062c17490e39bb7fc6ecf466190a23c4b57e341c2407ea4da9ea82d8993fa9b74dbb29a3fd116cf2222557fd63e8511ec7ad8a393ebb", 0x63}, {&(0x7f00000006c0)="fed1d507e70e61fec1a15cbcee4ba001d187c92fe7fec150b2d68e7e2b31b968184846fdfc40f79105f8b813cd88733940fd541c794c7294bf0d2cd7b3360923b3cf919e5bac332760c6dce484fdce11a4b6db75", 0x54}, {&(0x7f0000000740)="508dd2fe21aeae974a89e0f33b4646dbb90253bfdd52fb668873f6e8cc47b125c4b6f770a133304972e4948af5de078c676c3ec8eba6af1b16d0d6c6d5ccadb76a3e56a30f3b270177276f369efdc12ee30ae3eb7b0c8d8cf8c884fa730649e645764710c9c4926456adfe4e9220362e351b5cb72147a08d7828f058284dfb605f6d4804488cad1d57285d7dddb3ee3693be69c91098ce7836dd5357f07b4a8b4adc4732c271d49dcd65231c672210adef2084b71c0857d108737ba570655a3bb7cd37bfc27225b942dd8bb52409ad662a581b08004ceb2f863b83c11d995cc942f22dd6a4def1a65ad1c807e6db7d787d", 0xf1}, {&(0x7f0000000840)="76d30aa137dbebaa62b4e329fd7e38427420a759ae4723d357ecdd6649dacd87a64d1fe80f0a0e814b74ddd1cbca4019c04ee4218085501aee2f6c3abfbd5c57621377c07cb1a53267a89837d4eeb189448837460129753d33e984307066b74795496a345c3f7105be8e092a06f83a9b332d042bbad45f04b24ad7b0a7395ba5fd6ab377b3a296", 0x87}, {&(0x7f0000000900)="4c1339199e9c7d9cbaca8413632942c9b250e1ed3d1b10cbdbf75fd1ed9abc2f7b9b98f632e6e42183437121ffc2cbc1ac8893527beb7dac518122072e72f86560a87d458fa3066d275c85a738704fb8e46067ce1745f87ef2eba53744a4c048cd62e55f753f0feb9a941909131c01c751aa856c", 0x74}], 0x5, &(0x7f0000000380)=[@rights={{0x10, 0x1, 0x1, [r0]}}], 0x10, 0x40}}], 0x1, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shutdown(0xffffffffffffffff, 0x2000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x2, 0x6, 0xb49, 0x9, 0x9c4, 0x0, 0x3}, 0x0) inotify_init() r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002080)={0x2020}, 0x2020) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c5f6bebd763ac3d358278bf00000000020108e808000000000000006977"], 0x1c}, 0x1, 0x0, 0x0, 0x20008000}, 0x40084) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000f8ffffffffffffff0000009500000000e100008232810ed0c7d022edde98091802a7bdbc5d1b7c852bf1b0beecad997babad9ab3b490d6c80c35c7fa4df34f367cbbd544a983ff453d0c0283aa3b8e33e46866e9a0a2a6df2b9a93c31605e907a5d4c32a78c88e2dbcd9c082dc1b5d8088078f727b0d538b105196d515"], &(0x7f00000003c0)='GPL\x00'}, 0x94) syz_usb_connect(0x5, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120110010928fc10ac059102254301020301090212000100004000090491000003e102"], 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x302) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)) r6 = openat$proc_mixer(0xffffff9c, 0x0, 0x185240, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) quotactl_fd$Q_QUOTAOFF(r6, 0xffffffff80000301, 0x0, 0x0) bind$inet6(r1, 0x0, 0x0) 364.491249ms ago: executing program 1 (id=1237): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) mkdirat(0xffffffffffffff9c, 0x0, 0x110) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0, 0x1000, &(0x7f0000000040), &(0x7f0000000a00)=""/4096, 0x7, 0x0, 0x0, 0x0, &(0x7f0000001a00), &(0x7f0000002a00), 0x4, 0x0, 0x2}, 0x4c) mkdir(&(0x7f0000000b80)='./file0\x00', 0xd6) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000780)='devpts\x00', 0x0, 0x0) mount$binder(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x28, &(0x7f0000000240)=ANY=[@ANYBLOB='max=0020000000']) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$netlink(0x10, 0x3, 0xb) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000040)=0x1, 0x4) (fail_nth: 2) 349.896511ms ago: executing program 2 (id=1238): syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000200"/16], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4000084}, 0x2000000) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, 0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r3, 0xc02c564a, &(0x7f0000001140)={0x0, 0x55595659, 0x0, @discrete={0x5, 0x6}}) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802) r4 = syz_io_uring_setup(0x233, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r4, 0x7a98, 0x0, 0x0, 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) r7 = syz_io_uring_setup(0x1d2d, 0x0, 0x0, 0x0) r8 = syz_io_uring_setup(0x275c, &(0x7f0000001280)={0x0, 0x5bce, 0x80, 0xffffffff, 0x40001c8, 0x0, r7}, &(0x7f0000001300), &(0x7f0000001180)) io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f0000002300)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x3100) io_uring_register$IORING_UNREGISTER_BUFFERS(r8, 0x1, 0x0, 0x0) syz_io_uring_setup(0x239, 0x0, 0x0, 0x0) 0s ago: executing program 4 (id=1239): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) mkdirat(0xffffffffffffff9c, 0x0, 0x110) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0, 0x1000, &(0x7f0000000040), &(0x7f0000000a00)=""/4096, 0x7, 0x0, 0x0, 0x0, &(0x7f0000001a00), &(0x7f0000002a00), 0x4, 0x0, 0x2}, 0x4c) mkdir(&(0x7f0000000b80)='./file0\x00', 0xd6) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000780)='devpts\x00', 0x0, 0x0) mount$binder(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x28, &(0x7f0000000240)=ANY=[@ANYBLOB='max=0020000000']) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$netlink(0x10, 0x3, 0xb) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000040)=0x1, 0x4) kernel console output (not intermixed with test programs): 0293 R12: 0000000000000000 [ 176.457825][ T8331] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 176.457837][ T8331] [ 176.533530][ T40] audit: type=1804 audit(1762414587.747:7684): pid=8334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.668" name="/newroot/178/bus" dev="tmpfs" ino=967 res=1 errno=0 [ 176.613204][ T8338] netlink: 168 bytes leftover after parsing attributes in process `syz.2.670'. [ 177.559376][ T8360] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 177.561649][ T8360] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 177.655505][ T8366] netlink: 168 bytes leftover after parsing attributes in process `syz.3.679'. [ 177.709764][ T8368] comedi comedi0: No channels found! [ 177.718611][ T8371] comedi comedi0: No channels found! [ 178.638436][ T8385] netlink: 'syz.0.684': attribute type 1 has an invalid length. [ 178.641800][ T8385] netlink: 'syz.0.684': attribute type 3 has an invalid length. [ 178.645768][ T8385] netlink: 224 bytes leftover after parsing attributes in process `syz.0.684'. [ 179.758498][ T8396] lo speed is unknown, defaulting to 1000 [ 179.760596][ T8396] lo speed is unknown, defaulting to 1000 [ 179.767755][ T8396] lo speed is unknown, defaulting to 1000 [ 179.810863][ T8396] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 180.171181][ T8396] lo speed is unknown, defaulting to 1000 [ 180.181418][ T8396] lo speed is unknown, defaulting to 1000 [ 180.191344][ T8396] lo speed is unknown, defaulting to 1000 [ 180.203387][ T8396] lo speed is unknown, defaulting to 1000 [ 180.607852][ T8400] netlink: 168 bytes leftover after parsing attributes in process `syz.2.689'. [ 180.684050][ T8408] netlink: 24 bytes leftover after parsing attributes in process `syz.1.692'. [ 180.687170][ T8408] netlink: 20 bytes leftover after parsing attributes in process `syz.1.692'. [ 180.872022][ T8414] warning: `syz.1.693' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 181.899503][ T8427] 9pnet_virtio: no channels available for device syz [ 182.000178][ T8430] netlink: 168 bytes leftover after parsing attributes in process `syz.3.698'. [ 182.296661][ T8438] netlink: 20 bytes leftover after parsing attributes in process `syz.3.700'. [ 182.359631][ T40] audit: type=1326 audit(1762414593.567:7685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8439 comm="syz.3.701" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f61579 code=0x0 [ 182.813415][ T8449] netlink: 40 bytes leftover after parsing attributes in process `syz.1.703'. [ 182.980476][ T8444] netlink: 8 bytes leftover after parsing attributes in process `syz.0.702'. [ 182.984150][ T8444] netlink: 12 bytes leftover after parsing attributes in process `syz.0.702'. [ 182.987774][ T8444] netlink: 'syz.0.702': attribute type 20 has an invalid length. [ 183.663123][ T8461] netlink: 168 bytes leftover after parsing attributes in process `syz.3.707'. [ 183.881211][ T8476] netlink: 8 bytes leftover after parsing attributes in process `syz.1.709'. [ 185.082571][ T6026] usb 8-1: new full-speed USB device number 5 using dummy_hcd [ 185.192505][ T8502] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11) [ 185.195383][ T8502] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 185.198722][ T8502] vhci_hcd vhci_hcd.0: Device attached [ 185.202533][ T29] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 185.233896][ T6026] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 185.237122][ T6026] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 185.240107][ T6026] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 185.244086][ T6026] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 185.246992][ T6026] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.251826][ T8491] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 185.255736][ T6026] hub 8-1:1.0: bad descriptor, ignoring hub [ 185.257850][ T6026] hub 8-1:1.0: probe with driver hub failed with error -5 [ 185.260413][ T6026] cdc_wdm 8-1:1.0: skipping garbage [ 185.262085][ T6026] cdc_wdm 8-1:1.0: skipping garbage [ 185.265317][ T6026] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 185.267202][ T6026] cdc_wdm 8-1:1.0: Unknown control protocol [ 185.353875][ T29] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 185.357178][ T29] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 185.360058][ T29] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 185.363592][ T29] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 185.366426][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.370734][ T8498] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 185.378190][ T29] hub 7-1:1.0: bad descriptor, ignoring hub [ 185.380144][ T29] hub 7-1:1.0: probe with driver hub failed with error -5 [ 185.382650][ T29] cdc_wdm 7-1:1.0: skipping garbage [ 185.384410][ T29] cdc_wdm 7-1:1.0: skipping garbage [ 185.387849][ T29] cdc_wdm 7-1:1.0: cdc-wdm1: USB WDM device [ 185.389796][ T29] cdc_wdm 7-1:1.0: Unknown control protocol [ 185.452485][ T1468] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 185.742594][ T29] usb 7-1: USB disconnect, device number 9 [ 185.905530][ T8506] vhci_hcd: connection reset by peer [ 185.912753][ T13] vhci_hcd: stop threads [ 185.914176][ T13] vhci_hcd: release socket [ 185.915749][ T13] vhci_hcd: disconnect device [ 186.077707][ T8516] netlink: 'syz.1.720': attribute type 1 has an invalid length. [ 186.080231][ T8516] netlink: 'syz.1.720': attribute type 3 has an invalid length. [ 186.082798][ T8516] __nla_validate_parse: 2 callbacks suppressed [ 186.082806][ T8516] netlink: 224 bytes leftover after parsing attributes in process `syz.1.720'. [ 186.143211][ T8491] usb 8-1: reset full-speed USB device number 5 using dummy_hcd [ 186.304193][ T8508] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 186.404452][ C3] wdm_int_callback: 86 callbacks suppressed [ 186.404474][ C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 186.409622][ C3] wdm_int_callback: 86 callbacks suppressed [ 186.409637][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 186.520468][ T8521] netlink: 40 bytes leftover after parsing attributes in process `syz.0.722'. [ 186.757821][ T29] usb 7-1: new full-speed USB device number 10 using dummy_hcd [ 187.244027][ T29] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 187.247416][ T29] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 187.254046][ T29] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 187.258705][ T29] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 187.262047][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.296687][ T8509] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 187.572166][ T29] hub 7-1:1.0: bad descriptor, ignoring hub [ 187.574831][ T29] hub 7-1:1.0: probe with driver hub failed with error -5 [ 187.578669][ T29] cdc_wdm 7-1:1.0: skipping garbage [ 187.581252][ T29] cdc_wdm 7-1:1.0: skipping garbage [ 187.585509][ T29] cdc_wdm 7-1:1.0: cdc-wdm1: USB WDM device [ 187.588314][ T29] cdc_wdm 7-1:1.0: Unknown control protocol [ 187.791316][ T8540] netlink: 24 bytes leftover after parsing attributes in process `syz.1.728'. [ 187.880501][ T8545] openvswitch: netlink: IP tunnel dst address not specified [ 188.668439][ T8547] futex_wake_op: syz.0.731 tries to shift op by 32; fix this program [ 188.682726][ T6008] usb 8-1: USB disconnect, device number 5 [ 189.377796][ T8561] infiniband syz1: set active [ 189.379611][ T8561] infiniband syz1: added syz_tun [ 189.430512][ T8561] RDS/IB: syz1: added [ 189.432177][ T8561] smc: adding ib device syz1 with port count 1 [ 189.434333][ T8561] smc: ib device syz1 port 1 has no pnetid [ 189.613184][ T6006] usb 7-1: USB disconnect, device number 10 [ 189.749458][ T8579] netlink: 'syz.0.735': attribute type 1 has an invalid length. [ 189.751976][ T8579] netlink: 'syz.0.735': attribute type 3 has an invalid length. [ 189.754973][ T8579] netlink: 224 bytes leftover after parsing attributes in process `syz.0.735'. [ 190.327387][ T8584] netlink: 204 bytes leftover after parsing attributes in process `syz.2.736'. [ 190.574325][ T1468] vhci_hcd: vhci_device speed not set [ 191.414818][ T6026] usb 7-1: new full-speed USB device number 11 using dummy_hcd [ 191.626375][ T6026] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 191.629582][ T6026] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 191.632756][ T6026] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 191.782622][ T8600] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 191.789105][ T8600] overlayfs: missing 'lowerdir' [ 191.937518][ T6026] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 192.320345][ T6026] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.328964][ T8594] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 192.363212][ T6026] hub 7-1:1.0: bad descriptor, ignoring hub [ 192.365547][ T6026] hub 7-1:1.0: probe with driver hub failed with error -5 [ 192.381747][ T6026] cdc_wdm 7-1:1.0: skipping garbage [ 192.385226][ T6026] cdc_wdm 7-1:1.0: skipping garbage [ 192.404183][ T6026] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 192.406507][ T6026] cdc_wdm 7-1:1.0: Unknown control protocol [ 192.795123][ T8609] binder: 8608:8609 ioctl c0046686 80000080 returned -22 [ 192.956813][ T8594] usb 7-1: reset full-speed USB device number 11 using dummy_hcd [ 193.252172][ T8606] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 193.271874][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 193.273981][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 193.276094][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 193.278173][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 193.280294][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 193.282364][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 193.284501][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 193.286562][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 193.288651][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 193.290697][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 193.292834][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 193.295482][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 193.298091][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 193.300717][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 193.303288][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 193.305354][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 193.307443][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 193.309482][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 193.312573][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 193.314620][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 193.668949][ T8626] netlink: 'syz.0.748': attribute type 1 has an invalid length. [ 193.672363][ T8626] netlink: 'syz.0.748': attribute type 3 has an invalid length. [ 193.675732][ T8626] netlink: 224 bytes leftover after parsing attributes in process `syz.0.748'. [ 193.713256][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.715929][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.509246][ T8637] bridge0: entered promiscuous mode [ 195.078499][ T8647] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 195.080593][ T8647] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 195.084316][ T8647] vhci_hcd vhci_hcd.0: Device attached [ 195.157279][ T8647] netlink: 24 bytes leftover after parsing attributes in process `syz.0.753'. [ 195.362498][ T54] usb 38-1: SetAddress Request (2) to port 0 [ 195.364669][ T54] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 195.525223][ T8658] netlink: 'syz.1.757': attribute type 1 has an invalid length. [ 195.528433][ T8658] netlink: 224 bytes leftover after parsing attributes in process `syz.1.757'. [ 196.651041][ T8648] vhci_hcd: connection reset by peer [ 196.656344][ T1154] vhci_hcd: stop threads [ 196.658312][ T1154] vhci_hcd: release socket [ 196.660344][ T1154] vhci_hcd: disconnect device [ 197.054262][ T8669] netlink: 12 bytes leftover after parsing attributes in process `syz.1.760'. [ 197.058023][ T8669] netlink: 8 bytes leftover after parsing attributes in process `syz.1.760'. [ 197.505514][ T8688] 9pnet_virtio: no channels available for device syz [ 197.665035][ T8690] 9pnet_virtio: no channels available for device syz [ 198.376155][ T60] smc: removing ib device syz1 [ 198.387074][ T6495] syz1: Port: 1 Link DOWN [ 198.392757][ T1468] usb 7-1: USB disconnect, device number 11 [ 198.505245][ T8695] overlayfs: missing 'lowerdir' [ 198.800788][ T91] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.984918][ T91] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.056580][ T91] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.245227][ T91] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.667974][ T5944] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 199.701071][ T5944] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 199.705773][ T5944] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 199.709293][ T5944] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 199.712859][ T5944] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 200.060312][ T91] bond0 (unregistering): (slave veth13): Releasing active interface [ 200.064529][ T91] bond0 (unregistering): Released all slaves [ 200.092462][ T8707] lo speed is unknown, defaulting to 1000 [ 200.095115][ T8707] lo speed is unknown, defaulting to 1000 [ 200.097899][ T8707] lo speed is unknown, defaulting to 1000 [ 200.268127][ T8707] chnl_net:caif_netlink_parms(): no params data found [ 200.387385][ T8734] random: crng reseeded on system resumption [ 200.423011][ T54] usb 38-1: device descriptor read/8, error -110 [ 200.493285][ T8707] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.500048][ T8707] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.503366][ T8707] bridge_slave_0: entered allmulticast mode [ 200.523226][ T8707] bridge_slave_0: entered promiscuous mode [ 200.539384][ T91] hsr_slave_0: left promiscuous mode [ 200.542455][ T91] hsr_slave_1: left promiscuous mode [ 200.563528][ T91] batadv_slave_1: left promiscuous mode [ 200.572552][ T91] veth1_macvtap: left promiscuous mode [ 200.574663][ T91] veth0_macvtap: left promiscuous mode [ 200.577109][ T91] veth1_vlan: left promiscuous mode [ 200.579296][ T91] veth0_vlan: left promiscuous mode [ 201.493971][ T8750] FAULT_INJECTION: forcing a failure. [ 201.493971][ T8750] name failslab, interval 1, probability 0, space 0, times 0 [ 201.498105][ T8750] CPU: 0 UID: 0 PID: 8750 Comm: syz.2.780 Not tainted syzkaller #0 PREEMPT(full) [ 201.498124][ T8750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 201.498130][ T8750] Call Trace: [ 201.498134][ T8750] [ 201.498139][ T8750] dump_stack_lvl+0x16c/0x1f0 [ 201.498154][ T8750] should_fail_ex+0x512/0x640 [ 201.498170][ T8750] ? __kmalloc_cache_node_noprof+0x62/0x7a0 [ 201.498190][ T8750] should_failslab+0xc2/0x120 [ 201.498211][ T8750] __kmalloc_cache_node_noprof+0x75/0x7a0 [ 201.498229][ T8750] ? __get_vm_area_node+0x101/0x330 [ 201.498251][ T8750] ? kasan_save_track+0x14/0x30 [ 201.498271][ T8750] ? __get_vm_area_node+0x101/0x330 [ 201.498290][ T8750] __get_vm_area_node+0x101/0x330 [ 201.498314][ T8750] __vmalloc_node_range_noprof+0x271/0x1480 [ 201.498330][ T8750] ? bpf_prog_calc_tag+0x67/0x350 [ 201.498350][ T8750] ? bpf_prog_calc_tag+0x67/0x350 [ 201.498367][ T8750] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 201.498381][ T8750] ? sort+0x97/0xd0 [ 201.498397][ T8750] ? __pfx_sort+0x10/0x10 [ 201.498411][ T8750] ? __pfx_cmp_subprogs+0x10/0x10 [ 201.498440][ T8750] ? bpf_prog_calc_tag+0x67/0x350 [ 201.498453][ T8750] __vmalloc_node_noprof+0xad/0xf0 [ 201.498468][ T8750] ? bpf_prog_calc_tag+0x67/0x350 [ 201.498483][ T8750] bpf_prog_calc_tag+0x67/0x350 [ 201.498499][ T8750] bpf_check+0x61fa/0xbdd0 [ 201.498513][ T8750] ? __lock_acquire+0x622/0x1c90 [ 201.498529][ T8750] ? css_rstat_updated+0x1c2/0x510 [ 201.498541][ T8750] ? __pfx_css_rstat_updated+0x10/0x10 [ 201.498556][ T8750] ? __lock_acquire+0xb8a/0x1c90 [ 201.498571][ T8750] ? __pfx_bpf_check+0x10/0x10 [ 201.498589][ T8750] ? find_held_lock+0x2b/0x80 [ 201.498600][ T8750] ? rcu_is_watching+0x12/0xc0 [ 201.498611][ T8750] ? ktime_get_with_offset+0x26e/0x3b0 [ 201.498625][ T8750] ? __asan_memset+0x23/0x50 [ 201.498635][ T8750] ? lsm_blob_alloc+0x2b/0x90 [ 201.498647][ T8750] ? bpf_lsm_bpf_prog_load+0x9/0x10 [ 201.498664][ T8750] bpf_prog_load+0x112e/0x2850 [ 201.498677][ T8750] ? __pfx_bpf_prog_load+0x10/0x10 [ 201.498686][ T8750] ? __lock_acquire+0xb8a/0x1c90 [ 201.498714][ T8750] __sys_bpf+0x3e72/0x4980 [ 201.498727][ T8750] ? __pfx___sys_bpf+0x10/0x10 [ 201.498736][ T8750] ? find_held_lock+0x2b/0x80 [ 201.498749][ T8750] ? find_held_lock+0x2b/0x80 [ 201.498791][ T8750] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 201.498814][ T8750] ? fput+0x9b/0xd0 [ 201.498828][ T8750] ? ksys_write+0x1ac/0x250 [ 201.498838][ T8750] ? __pfx_ksys_write+0x10/0x10 [ 201.498851][ T8750] __ia32_sys_bpf+0x76/0xe0 [ 201.498863][ T8750] __do_fast_syscall_32+0x7c/0x300 [ 201.498877][ T8750] do_fast_syscall_32+0x32/0x80 [ 201.498889][ T8750] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 201.498903][ T8750] RIP: 0023:0xf702d579 [ 201.498911][ T8750] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 201.498921][ T8750] RSP: 002b:00000000f541d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 201.498931][ T8750] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000600 [ 201.498937][ T8750] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 201.498943][ T8750] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 201.498949][ T8750] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 201.498954][ T8750] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 201.498968][ T8750] [ 201.499228][ T8750] syz.2.780: vmalloc error: size 24, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null) [ 201.600974][ T54] usb usb38-port1: attempt power cycle [ 201.608365][ T8750] ,cpuset=/,mems_allowed=0-1 [ 201.616252][ T8750] CPU: 0 UID: 0 PID: 8750 Comm: syz.2.780 Not tainted syzkaller #0 PREEMPT(full) [ 201.616266][ T8750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 201.616272][ T8750] Call Trace: [ 201.616276][ T8750] [ 201.616280][ T8750] dump_stack_lvl+0x16c/0x1f0 [ 201.616299][ T8750] warn_alloc+0x248/0x3a0 [ 201.616316][ T8750] ? __pfx_warn_alloc+0x10/0x10 [ 201.616329][ T8750] ? rcu_is_watching+0x12/0xc0 [ 201.616345][ T8750] ? trace_kmalloc+0x2b/0xd0 [ 201.616364][ T8750] ? __get_vm_area_node+0x101/0x330 [ 201.616388][ T8750] ? __kasan_kmalloc+0x8a/0xb0 [ 201.616406][ T8750] ? __get_vm_area_node+0x208/0x330 [ 201.616432][ T8750] __vmalloc_node_range_noprof+0xaf5/0x1480 [ 201.616464][ T8750] ? bpf_prog_calc_tag+0x67/0x350 [ 201.616482][ T8750] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 201.616497][ T8750] ? sort+0x97/0xd0 [ 201.616513][ T8750] ? __pfx_sort+0x10/0x10 [ 201.616527][ T8750] ? __pfx_cmp_subprogs+0x10/0x10 [ 201.616548][ T8750] ? bpf_prog_calc_tag+0x67/0x350 [ 201.616567][ T8750] __vmalloc_node_noprof+0xad/0xf0 [ 201.616588][ T8750] ? bpf_prog_calc_tag+0x67/0x350 [ 201.616611][ T8750] bpf_prog_calc_tag+0x67/0x350 [ 201.616635][ T8750] bpf_check+0x61fa/0xbdd0 [ 201.616656][ T8750] ? __lock_acquire+0x622/0x1c90 [ 201.616672][ T8750] ? css_rstat_updated+0x1c2/0x510 [ 201.616684][ T8750] ? __pfx_css_rstat_updated+0x10/0x10 [ 201.616699][ T8750] ? __lock_acquire+0xb8a/0x1c90 [ 201.616714][ T8750] ? __pfx_bpf_check+0x10/0x10 [ 201.616731][ T8750] ? find_held_lock+0x2b/0x80 [ 201.616743][ T8750] ? rcu_is_watching+0x12/0xc0 [ 201.616753][ T8750] ? ktime_get_with_offset+0x26e/0x3b0 [ 201.616767][ T8750] ? __asan_memset+0x23/0x50 [ 201.616776][ T8750] ? lsm_blob_alloc+0x2b/0x90 [ 201.616794][ T8750] ? bpf_lsm_bpf_prog_load+0x9/0x10 [ 201.616811][ T8750] bpf_prog_load+0x112e/0x2850 [ 201.616824][ T8750] ? __pfx_bpf_prog_load+0x10/0x10 [ 201.616833][ T8750] ? __lock_acquire+0xb8a/0x1c90 [ 201.616860][ T8750] __sys_bpf+0x3e72/0x4980 [ 201.616873][ T8750] ? __pfx___sys_bpf+0x10/0x10 [ 201.616882][ T8750] ? find_held_lock+0x2b/0x80 [ 201.616899][ T8750] ? find_held_lock+0x2b/0x80 [ 201.616917][ T8750] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 201.616937][ T8750] ? fput+0x9b/0xd0 [ 201.616951][ T8750] ? ksys_write+0x1ac/0x250 [ 201.616962][ T8750] ? __pfx_ksys_write+0x10/0x10 [ 201.616975][ T8750] __ia32_sys_bpf+0x76/0xe0 [ 201.616986][ T8750] __do_fast_syscall_32+0x7c/0x300 [ 201.617000][ T8750] do_fast_syscall_32+0x32/0x80 [ 201.617012][ T8750] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 201.617025][ T8750] RIP: 0023:0xf702d579 [ 201.617034][ T8750] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 201.617044][ T8750] RSP: 002b:00000000f541d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 201.617054][ T8750] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000600 [ 201.617064][ T8750] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 201.617073][ T8750] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 201.617082][ T8750] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 201.617090][ T8750] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 201.617103][ T8750] [ 201.617107][ T8750] Mem-Info: [ 201.729137][ T8750] active_anon:5876 inactive_anon:456 isolated_anon:0 [ 201.729137][ T8750] active_file:14474 inactive_file:30412 isolated_file:0 [ 201.729137][ T8750] unevictable:1768 dirty:764 writeback:0 [ 201.729137][ T8750] slab_reclaimable:7315 slab_unreclaimable:54976 [ 201.729137][ T8750] mapped:24525 shmem:2282 pagetables:1406 [ 201.729137][ T8750] sec_pagetables:311 bounce:0 [ 201.729137][ T8750] kernel_misc_reclaimable:0 [ 201.729137][ T8750] free:35205 free_pcp:18688 free_cma:0 [ 201.752569][ T8750] Node 0 active_anon:1140kB inactive_anon:0kB active_file:352kB inactive_file:0kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:6340kB dirty:20kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8860kB pagetables:1680kB sec_pagetables:1152kB all_unreclaimable? yes Balloon:0kB [ 201.762514][ T8750] Node 1 active_anon:22364kB inactive_anon:1824kB active_file:57544kB inactive_file:121648kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:91760kB dirty:3036kB writeback:0kB shmem:5592kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4648kB pagetables:3944kB sec_pagetables:92kB all_unreclaimable? no Balloon:0kB [ 201.772773][ T8750] Node 0 DMA free:2360kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:0kB free_cma:0kB [ 201.782614][ T5946] Bluetooth: hci3: command tx timeout [ 201.784433][ T8750] lowmem_reserve[]: 0 294 294 294 294 [ 201.786170][ T8750] Node 0 DMA32 free:16744kB boost:0kB min:13448kB low:16808kB high:20168kB reserved_highatomic:2048KB free_highatomic:296KB active_anon:1140kB inactive_anon:0kB active_file:352kB inactive_file:0kB unevictable:3536kB writepending:20kB zspages:0kB present:1032196kB managed:301156kB mlocked:0kB bounce:0kB free_pcp:12936kB local_pcp:2308kB free_cma:0kB [ 201.797331][ T8750] lowmem_reserve[]: 0 0 0 0 0 [ 201.798935][ T8750] Node 1 DMA32 free:121716kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22364kB inactive_anon:1824kB active_file:57544kB inactive_file:121648kB unevictable:3536kB writepending:3036kB zspages:2452kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:61800kB local_pcp:16884kB free_cma:0kB [ 201.811771][ T8750] lowmem_reserve[]: 0 0 0 0 0 [ 201.813813][ T8750] Node 0 DMA: 18*4kB (UM) 6*8kB (UM) 2*16kB (UM) 11*32kB (UM) 1*64kB (M) 0*128kB 1*256kB (M) 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 2360kB [ 201.819950][ T8750] Node 0 DMA32: 0*4kB 63*8kB (MEH) 39*16kB (UMEH) 84*32kB (UMEH) 40*64kB (UMEH) 21*128kB (ME) 10*256kB (UME) 6*512kB (M) 2*1024kB (M) 0*2048kB 0*4096kB = 16744kB [ 201.826733][ T8750] Node 1 DMA32: 21*4kB (E) 40*8kB (UME) 4*16kB (E) 263*32kB (UME) 211*64kB (ME) 172*128kB (UME) 16*256kB (ME) 51*512kB (UME) 14*1024kB (UM) 12*2048kB (UM) 2*4096kB (U) = 121716kB [ 201.834286][ T8750] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 201.838136][ T8750] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 201.841779][ T8750] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 201.845782][ T8750] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 201.848789][ T8750] 48046 total pagecache pages [ 201.850284][ T8750] 882 pages in swap cache [ 201.851680][ T8750] Free swap = 117528kB [ 201.853538][ T8750] Total swap = 124996kB [ 201.854893][ T8750] 524155 pages RAM [ 201.856138][ T8750] 0 pages HighMem/MovableOnly [ 201.857723][ T8750] 207971 pages reserved [ 201.859060][ T8750] 0 pages cma reserved [ 202.208746][ T54] usb usb38-port1: unable to enumerate USB device [ 202.468027][ T8707] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.470844][ T8707] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.476088][ T8707] bridge_slave_1: entered allmulticast mode [ 202.478986][ T8707] bridge_slave_1: entered promiscuous mode [ 202.486486][ T6046] lo speed is unknown, defaulting to 1000 [ 202.489007][ T6046] infiniband syz: ib_query_port failed (-19) [ 202.799424][ T8707] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 202.845970][ T8707] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.058709][ T8707] team0: Port device team_slave_0 added [ 203.065791][ T8707] team0: Port device team_slave_1 added [ 203.228331][ T8707] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 203.231216][ T8707] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 203.244369][ T8707] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 203.250240][ T8707] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 203.253393][ T8707] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 203.266257][ T8707] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 203.346035][ T8707] hsr_slave_0: entered promiscuous mode [ 203.350286][ T8707] hsr_slave_1: entered promiscuous mode [ 203.364190][ T8707] debugfs: 'hsr0' already exists in 'hsr' [ 203.366713][ T8707] Cannot create hsr debugfs directory [ 203.656987][ T8707] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 203.666003][ T8707] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 203.677435][ T8707] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 203.685120][ T8707] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 203.757402][ T8804] netlink: 40 bytes leftover after parsing attributes in process `syz.0.791'. [ 203.764657][ T8804] netlink: 16 bytes leftover after parsing attributes in process `syz.0.791'. [ 203.765683][ T8707] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.781249][ T8707] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.788568][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.791735][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.811801][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.814992][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.822704][ T1468] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 203.864015][ T5946] Bluetooth: hci3: command tx timeout [ 203.935778][ T6046] IPVS: starting estimator thread 0... [ 203.992546][ T1468] usb 6-1: Using ep0 maxpacket: 32 [ 203.996548][ T1468] usb 6-1: config 4 has an invalid descriptor of length 49, skipping remainder of the config [ 204.000351][ T8707] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.000738][ T1468] usb 6-1: config 4 has 0 interfaces, different from the descriptor's value: 9 [ 204.009923][ T1468] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 204.013741][ T1468] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.016571][ T1468] usb 6-1: Product: syz [ 204.017879][ T1468] usb 6-1: Manufacturer: syz [ 204.019349][ T1468] usb 6-1: SerialNumber: syz [ 204.022625][ T8812] IPVS: using max 22 ests per chain, 52800 per kthread [ 204.039698][ T8816] netlink: 24 bytes leftover after parsing attributes in process `syz.0.794'. [ 204.109271][ T8820] netlink: 256 bytes leftover after parsing attributes in process `syz.0.794'. [ 204.435157][ T1468] usb 6-1: USB disconnect, device number 4 [ 204.461666][ T8707] veth0_vlan: entered promiscuous mode [ 204.466621][ T8707] veth1_vlan: entered promiscuous mode [ 204.481524][ T8707] veth0_macvtap: entered promiscuous mode [ 204.498503][ T8707] veth1_macvtap: entered promiscuous mode [ 204.513132][ T8707] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.520081][ T8707] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.533273][ T1146] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.536860][ T1146] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.545487][ T1146] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.555360][ T1146] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.596283][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.598786][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.627796][ T1146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.630252][ T1146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.512021][ T8856] netlink: 40 bytes leftover after parsing attributes in process `syz.0.800'. [ 205.519754][ T8856] netlink: 16 bytes leftover after parsing attributes in process `syz.0.800'. [ 205.560802][ T8858] 9pnet_fd: Insufficient options for proto=fd [ 205.885859][ T8871] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 205.889002][ T8871] overlayfs: failed to set xattr on upper [ 205.891365][ T8871] overlayfs: ...falling back to redirect_dir=nofollow. [ 205.893750][ T8871] overlayfs: ...falling back to index=off. [ 205.896142][ T8871] overlayfs: ...falling back to uuid=null. [ 205.942531][ T5946] Bluetooth: hci3: command tx timeout [ 206.966071][ T8892] netlink: 40 bytes leftover after parsing attributes in process `syz.2.811'. [ 206.971528][ T8892] netlink: 16 bytes leftover after parsing attributes in process `syz.2.811'. [ 207.025876][ T8894] netlink: 32 bytes leftover after parsing attributes in process `syz.2.812'. [ 207.030004][ T8895] netlink: 32 bytes leftover after parsing attributes in process `syz.2.812'. [ 207.082647][ T8897] FAULT_INJECTION: forcing a failure. [ 207.082647][ T8897] name failslab, interval 1, probability 0, space 0, times 0 [ 207.088654][ T8897] CPU: 3 UID: 0 PID: 8897 Comm: syz.2.813 Not tainted syzkaller #0 PREEMPT(full) [ 207.088677][ T8897] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 207.088688][ T8897] Call Trace: [ 207.088694][ T8897] [ 207.088702][ T8897] dump_stack_lvl+0x16c/0x1f0 [ 207.088725][ T8897] should_fail_ex+0x512/0x640 [ 207.088751][ T8897] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 207.088768][ T8897] should_failslab+0xc2/0x120 [ 207.088789][ T8897] kmem_cache_alloc_noprof+0x75/0x6e0 [ 207.088805][ T8897] ? security_file_alloc+0x34/0x2b0 [ 207.088828][ T8897] ? security_file_alloc+0x34/0x2b0 [ 207.088845][ T8897] security_file_alloc+0x34/0x2b0 [ 207.088869][ T8897] init_file+0x93/0x4c0 [ 207.088893][ T8897] alloc_empty_file+0x73/0x1e0 [ 207.088917][ T8897] dentry_open+0x46/0xd0 [ 207.088941][ T8897] __do_sys_fsmount+0x77e/0xa80 [ 207.088961][ T8897] ? __pfx___do_sys_fsmount+0x10/0x10 [ 207.088978][ T8897] ? ksys_write+0x1ac/0x250 [ 207.089000][ T8897] ? rcu_is_watching+0x12/0xc0 [ 207.089023][ T8897] __do_fast_syscall_32+0x7c/0x300 [ 207.089047][ T8897] do_fast_syscall_32+0x32/0x80 [ 207.089067][ T8897] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 207.089088][ T8897] RIP: 0023:0xf702d579 [ 207.089102][ T8897] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 207.089118][ T8897] RSP: 002b:00000000f541d55c EFLAGS: 00000296 ORIG_RAX: 00000000000001b0 [ 207.089135][ T8897] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 207.089145][ T8897] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 207.089154][ T8897] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 207.089164][ T8897] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 207.089174][ T8897] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 207.089198][ T8897] [ 207.195012][ T8884] infiniband syz1: set active [ 207.197317][ T8884] infiniband syz1: added syz_tun [ 207.351149][ T8884] RDS/IB: syz1: added [ 207.353205][ T8884] smc: adding ib device syz1 with port count 1 [ 207.355794][ T8884] smc: ib device syz1 port 1 has no pnetid [ 208.022582][ T5946] Bluetooth: hci3: command tx timeout [ 209.509343][ T8922] __nla_validate_parse: 1 callbacks suppressed [ 209.509378][ T8922] netlink: 4 bytes leftover after parsing attributes in process `syz.2.817'. [ 209.849489][ T8927] netlink: 40 bytes leftover after parsing attributes in process `syz.1.821'. [ 209.861361][ T8927] netlink: 16 bytes leftover after parsing attributes in process `syz.1.821'. [ 210.183976][ T6026] usb 7-1: new full-speed USB device number 12 using dummy_hcd [ 210.839199][ T6026] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 25353, setting to 64 [ 210.847014][ T6026] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 210.852332][ T6026] usb 7-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 210.856120][ T6026] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.860431][ T6026] usb 7-1: config 0 descriptor?? [ 210.862555][ T8929] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 210.976672][ T8944] FAULT_INJECTION: forcing a failure. [ 210.976672][ T8944] name failslab, interval 1, probability 0, space 0, times 0 [ 210.982545][ T8944] CPU: 0 UID: 0 PID: 8944 Comm: syz.4.826 Not tainted syzkaller #0 PREEMPT(full) [ 210.982568][ T8944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 210.982578][ T8944] Call Trace: [ 210.982584][ T8944] [ 210.982591][ T8944] dump_stack_lvl+0x16c/0x1f0 [ 210.982632][ T8944] should_fail_ex+0x512/0x640 [ 210.982658][ T8944] ? fs_reclaim_acquire+0xae/0x150 [ 210.982704][ T8944] should_failslab+0xc2/0x120 [ 210.982728][ T8944] __kmalloc_noprof+0xdd/0x880 [ 210.982754][ T8944] ? tomoyo_encode2+0x100/0x3e0 [ 210.982777][ T8944] ? tomoyo_encode2+0x100/0x3e0 [ 210.982795][ T8944] tomoyo_encode2+0x100/0x3e0 [ 210.982817][ T8944] tomoyo_encode+0x29/0x50 [ 210.982834][ T8944] tomoyo_realpath_from_path+0x18f/0x6e0 [ 210.982856][ T8944] ? tomoyo_profile+0x47/0x60 [ 210.982879][ T8944] tomoyo_path_number_perm+0x245/0x580 [ 210.982904][ T8944] ? tomoyo_path_number_perm+0x237/0x580 [ 210.982938][ T8944] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 210.982997][ T8944] ? find_held_lock+0x2b/0x80 [ 210.983015][ T8944] ? hook_file_ioctl_common+0x145/0x410 [ 210.983039][ T8944] ? __fget_files+0x20e/0x3c0 [ 210.983062][ T8944] security_file_ioctl_compat+0x9b/0x240 [ 210.983082][ T8944] __ia32_compat_sys_ioctl+0xc3/0x370 [ 210.983112][ T8944] __do_fast_syscall_32+0x7c/0x300 [ 210.983136][ T8944] do_fast_syscall_32+0x32/0x80 [ 210.983157][ T8944] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 210.983178][ T8944] RIP: 0023:0xf708d579 [ 210.983191][ T8944] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 210.983207][ T8944] RSP: 002b:00000000f547d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 210.983225][ T8944] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000008946 [ 210.983236][ T8944] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 210.983246][ T8944] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 210.983255][ T8944] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 210.983265][ T8944] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 210.983289][ T8944] [ 210.985317][ T8944] ERROR: Out of memory at tomoyo_realpath_from_path. [ 211.060246][ T8946] CIFS: VFS: Malformed UNC in devname [ 211.165948][ T8947] input: syz1 as /devices/virtual/input/input11 [ 211.228264][ T8950] syzkaller0: entered promiscuous mode [ 211.230274][ T8950] syzkaller0: entered allmulticast mode [ 211.366847][ T6026] usbhid 7-1:0.0: can't add hid device: -71 [ 211.369347][ T6026] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 211.396695][ T8954] netlink: 80 bytes leftover after parsing attributes in process `syz.4.830'. [ 211.400250][ T8954] netlink: 'syz.4.830': attribute type 1 has an invalid length. [ 211.434055][ T8956] netlink: 40 bytes leftover after parsing attributes in process `syz.4.831'. [ 211.437559][ T8956] netlink: 16 bytes leftover after parsing attributes in process `syz.4.831'. [ 211.515232][ T6026] usb 7-1: USB disconnect, device number 12 [ 212.593349][ T8970] netlink: 12 bytes leftover after parsing attributes in process `syz.2.834'. [ 212.837558][ T8984] syzkaller0: entered promiscuous mode [ 212.839392][ T8984] syzkaller0: entered allmulticast mode [ 212.898398][ T6026] libceph: connect (1)[c::]:6789 error -101 [ 212.917680][ T8986] ceph: No mds server is up or the cluster is laggy [ 213.042646][ T8992] tmpfs: Bad value for 'mpol' [ 213.060694][ T6026] libceph: mon0 (1)[c::]:6789 connect error [ 213.126475][ T8993] netlink: 'syz.1.835': attribute type 1 has an invalid length. [ 213.129988][ T8993] netlink: 224 bytes leftover after parsing attributes in process `syz.1.835'. [ 213.822508][ T24] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 213.832765][ T9012] netlink: 'syz.0.844': attribute type 1 has an invalid length. [ 213.835365][ T9012] netlink: 'syz.0.844': attribute type 3 has an invalid length. [ 213.838351][ T9012] netlink: 224 bytes leftover after parsing attributes in process `syz.0.844'. [ 214.512071][ T24] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 214.632873][ T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 214.635664][ T24] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 214.639046][ T24] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 214.641827][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.645895][ T8999] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 214.659601][ T24] hub 7-1:1.0: bad descriptor, ignoring hub [ 214.662853][ T24] hub 7-1:1.0: probe with driver hub failed with error -5 [ 214.665599][ T24] cdc_wdm 7-1:1.0: skipping garbage [ 214.667268][ T24] cdc_wdm 7-1:1.0: skipping garbage [ 214.673184][ T24] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 214.675066][ T24] cdc_wdm 7-1:1.0: Unknown control protocol [ 215.450154][ T8999] usb 7-1: reset full-speed USB device number 13 using dummy_hcd [ 215.731265][ T9033] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 215.774944][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 215.777754][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 215.780514][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 215.783281][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 215.786028][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 215.788776][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 215.791535][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 215.794314][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 215.797187][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 215.799944][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 215.803548][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 215.806284][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 215.809277][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 215.812051][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 215.814902][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 215.817684][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 215.820436][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 215.823189][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 215.825956][ C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 215.828732][ C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 217.574706][ T9050] syzkaller0: entered promiscuous mode [ 217.577075][ T9050] syzkaller0: entered allmulticast mode [ 217.646853][ T9056] FAULT_INJECTION: forcing a failure. [ 217.646853][ T9056] name failslab, interval 1, probability 0, space 0, times 0 [ 217.651895][ T9056] CPU: 2 UID: 0 PID: 9056 Comm: syz.4.849 Not tainted syzkaller #0 PREEMPT(full) [ 217.651917][ T9056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 217.651927][ T9056] Call Trace: [ 217.651933][ T9056] [ 217.651939][ T9056] dump_stack_lvl+0x16c/0x1f0 [ 217.651963][ T9056] should_fail_ex+0x512/0x640 [ 217.651987][ T9056] ? __kmalloc_noprof+0xca/0x880 [ 217.652016][ T9056] should_failslab+0xc2/0x120 [ 217.652037][ T9056] __kmalloc_noprof+0xdd/0x880 [ 217.652062][ T9056] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 217.652089][ T9056] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 217.652110][ T9056] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 217.652136][ T9056] genl_start+0x18f/0x980 [ 217.652158][ T9056] __netlink_dump_start+0x60e/0x990 [ 217.652180][ T9056] genl_family_rcv_msg_dumpit+0x1e2/0x2e0 [ 217.652203][ T9056] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 217.652229][ T9056] ? __pfx_genl_get_cmd+0x10/0x10 [ 217.652246][ T9056] ? __pfx_genl_start+0x10/0x10 [ 217.652262][ T9056] ? __pfx_genl_dumpit+0x10/0x10 [ 217.652279][ T9056] ? __pfx_genl_done+0x10/0x10 [ 217.652302][ T9056] ? ____sys_sendmsg+0xa98/0xc70 [ 217.652318][ T9056] ? ___sys_sendmsg+0x134/0x1d0 [ 217.652332][ T9056] ? __radix_tree_lookup+0x21f/0x2c0 [ 217.652364][ T9056] genl_rcv_msg+0x46e/0x800 [ 217.652401][ T9056] ? __pfx_genl_rcv_msg+0x10/0x10 [ 217.652420][ T9056] ? __pfx_ethnl_default_start+0x10/0x10 [ 217.652444][ T9056] ? __pfx_ethnl_default_dumpit+0x10/0x10 [ 217.652463][ T9056] ? __pfx_ethnl_default_done+0x10/0x10 [ 217.652481][ T9056] ? __lock_acquire+0x622/0x1c90 [ 217.652498][ T9056] netlink_rcv_skb+0x158/0x420 [ 217.652509][ T9056] ? __pfx_genl_rcv_msg+0x10/0x10 [ 217.652522][ T9056] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 217.652539][ T9056] ? netlink_deliver_tap+0x1ae/0xd30 [ 217.652551][ T9056] genl_rcv+0x28/0x40 [ 217.652562][ T9056] netlink_unicast+0x5aa/0x870 [ 217.652575][ T9056] ? __pfx_netlink_unicast+0x10/0x10 [ 217.652591][ T9056] netlink_sendmsg+0x8c8/0xdd0 [ 217.652604][ T9056] ? __pfx_netlink_sendmsg+0x10/0x10 [ 217.652623][ T9056] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 217.652649][ T9056] ____sys_sendmsg+0xa98/0xc70 [ 217.652673][ T9056] ? __pfx_____sys_sendmsg+0x10/0x10 [ 217.652692][ T9056] ? get_compat_msghdr+0x11a/0x170 [ 217.652729][ T9056] ___sys_sendmsg+0x134/0x1d0 [ 217.652748][ T9056] ? __pfx____sys_sendmsg+0x10/0x10 [ 217.652779][ T9056] ? find_held_lock+0x2b/0x80 [ 217.652812][ T9056] __sys_sendmsg+0x16d/0x220 [ 217.652830][ T9056] ? __pfx___sys_sendmsg+0x10/0x10 [ 217.652858][ T9056] ? rcu_is_watching+0x12/0xc0 [ 217.652886][ T9056] __do_fast_syscall_32+0x7c/0x300 [ 217.652910][ T9056] do_fast_syscall_32+0x32/0x80 [ 217.652930][ T9056] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 217.652952][ T9056] RIP: 0023:0xf708d579 [ 217.652966][ T9056] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 217.652983][ T9056] RSP: 002b:00000000f547d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 217.653000][ T9056] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000440 [ 217.653011][ T9056] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 217.653021][ T9056] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 217.653030][ T9056] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 217.653040][ T9056] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 217.653065][ T9056] [ 217.662807][ T29] usb 7-1: USB disconnect, device number 13 [ 217.973874][ T9071] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 217.976161][ T9071] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 218.001449][ T9075] netlink: 'syz.2.855': attribute type 2 has an invalid length. [ 218.006061][ T9075] netlink: 'syz.2.855': attribute type 11 has an invalid length. [ 218.009275][ T9075] netlink: 132 bytes leftover after parsing attributes in process `syz.2.855'. [ 218.045302][ T9079] binder: 9078:9079 ioctl b701 0 returned -22 [ 218.051991][ T9079] binder_alloc: 9078: binder_alloc_buf, no vma [ 218.078331][ T9079] sp0: Synchronizing with TNC [ 218.289187][ T9084] netlink: 52 bytes leftover after parsing attributes in process `syz.0.858'. [ 219.239824][ T24] usb 7-1: new full-speed USB device number 14 using dummy_hcd [ 219.454149][ T24] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 219.471903][ T24] usb 7-1: config 0 has no interfaces? [ 219.474581][ T9102] syzkaller0: entered promiscuous mode [ 219.477119][ T9102] syzkaller0: entered allmulticast mode [ 219.479560][ T24] usb 7-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 219.488436][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.530191][ T24] usb 7-1: config 0 descriptor?? [ 220.159911][ T9107] IPVS: set_ctl: invalid protocol: 33 10.1.1.1:20001 [ 220.274402][ T9114] netlink: 48 bytes leftover after parsing attributes in process `syz.0.866'. [ 220.280526][ T24] usb 7-1: string descriptor 0 read error: -71 [ 220.287281][ T24] usb 7-1: USB disconnect, device number 14 [ 220.436737][ T9127] netlink: 'syz.4.867': attribute type 1 has an invalid length. [ 220.440060][ T9127] netlink: 'syz.4.867': attribute type 3 has an invalid length. [ 220.443712][ T9127] netlink: 224 bytes leftover after parsing attributes in process `syz.4.867'. [ 221.525355][ T9126] overlayfs: failed to resolve 'func=FIRMWARE_CHECK': -2 [ 221.981575][ T9145] random: crng reseeded on system resumption [ 222.287368][ T9153] 9pnet_virtio: no channels available for device syz [ 222.822709][ T9163] FAULT_INJECTION: forcing a failure. [ 222.822709][ T9163] name failslab, interval 1, probability 0, space 0, times 0 [ 222.826988][ T9163] CPU: 1 UID: 0 PID: 9163 Comm: syz.1.876 Not tainted syzkaller #0 PREEMPT(full) [ 222.827013][ T9163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 222.827020][ T9163] Call Trace: [ 222.827024][ T9163] [ 222.827028][ T9163] dump_stack_lvl+0x16c/0x1f0 [ 222.827045][ T9163] should_fail_ex+0x512/0x640 [ 222.827062][ T9163] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 222.827075][ T9163] should_failslab+0xc2/0x120 [ 222.827089][ T9163] kmem_cache_alloc_node_noprof+0x78/0x770 [ 222.827099][ T9163] ? copy_process+0x4b5/0x76a0 [ 222.827116][ T9163] ? copy_process+0x4b5/0x76a0 [ 222.827127][ T9163] copy_process+0x4b5/0x76a0 [ 222.827145][ T9163] ? __pfx_copy_process+0x10/0x10 [ 222.827164][ T9163] kernel_clone+0xfc/0x930 [ 222.827178][ T9163] ? __pfx_kernel_clone+0x10/0x10 [ 222.827196][ T9163] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 222.827211][ T9163] __do_compat_sys_ia32_clone+0xcb/0x110 [ 222.827225][ T9163] ? __pfx___do_compat_sys_ia32_clone+0x10/0x10 [ 222.827245][ T9163] ? ksys_write+0x1ac/0x250 [ 222.827256][ T9163] ? __pfx_ksys_write+0x10/0x10 [ 222.827269][ T9163] ? rcu_is_watching+0x12/0xc0 [ 222.827282][ T9163] __do_fast_syscall_32+0x7c/0x300 [ 222.827295][ T9163] do_fast_syscall_32+0x32/0x80 [ 222.827308][ T9163] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 222.827321][ T9163] RIP: 0023:0xf7ff2579 [ 222.827329][ T9163] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 222.827338][ T9163] RSP: 002b:00000000f54c550c EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 222.827349][ T9163] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 222.827355][ T9163] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 222.827361][ T9163] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 222.827367][ T9163] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 222.827373][ T9163] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 222.827386][ T9163] [ 223.245874][ T9159] netlink: 4 bytes leftover after parsing attributes in process `syz.4.875'. [ 223.491890][ T9166] netlink: 40 bytes leftover after parsing attributes in process `syz.2.877'. [ 223.510506][ T9166] netlink: 12 bytes leftover after parsing attributes in process `syz.2.877'. [ 224.189905][ T9183] netlink: 'syz.1.880': attribute type 1 has an invalid length. [ 224.193298][ T9183] netlink: 224 bytes leftover after parsing attributes in process `syz.1.880'. [ 224.316942][ T9184] netlink: 4 bytes leftover after parsing attributes in process `syz.0.878'. [ 224.654161][ T1146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.657172][ T1146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.955638][ T9201] netlink: 'syz.1.887': attribute type 1 has an invalid length. [ 224.958105][ T9201] netlink: 'syz.1.887': attribute type 3 has an invalid length. [ 224.960713][ T9201] netlink: 224 bytes leftover after parsing attributes in process `syz.1.887'. [ 225.309633][ T6046] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 225.494280][ T6046] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 225.498598][ T6046] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 225.502231][ T6046] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 225.507063][ T6046] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 225.510800][ T6046] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.516728][ T9203] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 225.521868][ T6046] hub 5-1:1.0: bad descriptor, ignoring hub [ 225.527320][ T6046] hub 5-1:1.0: probe with driver hub failed with error -5 [ 225.530295][ T6046] cdc_wdm 5-1:1.0: skipping garbage [ 225.532068][ T6046] cdc_wdm 5-1:1.0: skipping garbage [ 225.535812][ T6046] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 225.537839][ T6046] cdc_wdm 5-1:1.0: Unknown control protocol [ 225.865168][ T9212] netlink: 'syz.4.886': attribute type 1 has an invalid length. [ 225.867974][ T9212] netlink: 224 bytes leftover after parsing attributes in process `syz.4.886'. [ 226.105186][ T9220] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 226.107488][ T9220] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 226.456356][ T9203] usb 5-1: reset full-speed USB device number 5 using dummy_hcd [ 226.664452][ T9211] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 226.676360][ C2] wdm_int_callback: 96 callbacks suppressed [ 226.676379][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 226.681599][ C2] wdm_int_callback: 96 callbacks suppressed [ 226.681617][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 226.686897][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 226.689570][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 226.692269][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 226.695086][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 226.698461][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 226.701172][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 226.704340][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 226.707184][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 226.710002][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 226.712813][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 226.715704][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 226.718483][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 226.721265][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 226.724099][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 226.726928][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 226.729695][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 226.732501][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 226.735257][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 227.431887][ T9234] syz1: rxe_newlink: already configured on syz_tun [ 227.732750][ T9247] rdma_rxe: rxe_newlink: failed to add syz_tun [ 230.778705][ T9255] FAULT_INJECTION: forcing a failure. [ 230.778705][ T9255] name failslab, interval 1, probability 0, space 0, times 0 [ 230.784120][ T9255] CPU: 3 UID: 0 PID: 9255 Comm: syz.2.902 Not tainted syzkaller #0 PREEMPT(full) [ 230.784156][ T9255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 230.784166][ T9255] Call Trace: [ 230.784172][ T9255] [ 230.784179][ T9255] dump_stack_lvl+0x16c/0x1f0 [ 230.784205][ T9255] should_fail_ex+0x512/0x640 [ 230.784228][ T9255] ? fs_reclaim_acquire+0xae/0x150 [ 230.784253][ T9255] should_failslab+0xc2/0x120 [ 230.784275][ T9255] __kmalloc_noprof+0xdd/0x880 [ 230.784302][ T9255] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 230.784326][ T9255] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 230.784345][ T9255] tomoyo_realpath_from_path+0xc2/0x6e0 [ 230.784365][ T9255] ? tomoyo_profile+0x47/0x60 [ 230.784390][ T9255] tomoyo_path_number_perm+0x245/0x580 [ 230.784416][ T9255] ? tomoyo_path_number_perm+0x237/0x580 [ 230.784442][ T9255] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 230.784500][ T9255] ? find_held_lock+0x2b/0x80 [ 230.784520][ T9255] ? hook_file_ioctl_common+0x145/0x410 [ 230.784542][ T9255] ? __fget_files+0x20e/0x3c0 [ 230.784565][ T9255] security_file_ioctl_compat+0x9b/0x240 [ 230.784585][ T9255] __ia32_compat_sys_ioctl+0xc3/0x370 [ 230.784613][ T9255] __do_fast_syscall_32+0x7c/0x300 [ 230.784636][ T9255] do_fast_syscall_32+0x32/0x80 [ 230.784657][ T9255] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 230.784677][ T9255] RIP: 0023:0xf702d579 [ 230.784692][ T9255] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 230.784707][ T9255] RSP: 002b:00000000f53fc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 230.784722][ T9255] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000c05064a7 [ 230.784734][ T9255] RDX: 0000000080000500 RSI: 0000000000000000 RDI: 0000000000000000 [ 230.784748][ T9255] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 230.784758][ T9255] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 230.784769][ T9255] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 230.784792][ T9255] [ 230.784896][ T9255] ERROR: Out of memory at tomoyo_realpath_from_path. [ 231.479047][ T9266] netlink: 'syz.2.905': attribute type 1 has an invalid length. [ 231.481483][ T9266] netlink: 'syz.2.905': attribute type 3 has an invalid length. [ 231.484094][ T9266] netlink: 224 bytes leftover after parsing attributes in process `syz.2.905'. [ 231.953222][ T24] usb 5-1: USB disconnect, device number 5 [ 232.089357][ T9270] netlink: 'syz.4.903': attribute type 1 has an invalid length. [ 232.092294][ T9270] netlink: 224 bytes leftover after parsing attributes in process `syz.4.903'. [ 232.261222][ T9278] netlink: 'syz.0.907': attribute type 1 has an invalid length. [ 232.264727][ T9278] netlink: 'syz.0.907': attribute type 3 has an invalid length. [ 232.268030][ T9278] netlink: 224 bytes leftover after parsing attributes in process `syz.0.907'. [ 232.578642][ T9283] netlink: 'syz.1.906': attribute type 1 has an invalid length. [ 232.581286][ T9283] netlink: 224 bytes leftover after parsing attributes in process `syz.1.906'. [ 233.653739][ T9302] netlink: 'syz.1.913': attribute type 1 has an invalid length. [ 233.656520][ T9302] netlink: 'syz.1.913': attribute type 3 has an invalid length. [ 233.658886][ T9302] netlink: 224 bytes leftover after parsing attributes in process `syz.1.913'. [ 233.822570][ T24] usb 9-1: new full-speed USB device number 2 using dummy_hcd [ 234.525090][ T24] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 234.529252][ T24] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 234.533132][ T24] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 234.538154][ T24] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 234.542118][ T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.582199][ T9291] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 234.586379][ T24] hub 9-1:1.0: bad descriptor, ignoring hub [ 234.588597][ T24] hub 9-1:1.0: probe with driver hub failed with error -5 [ 234.591111][ T24] cdc_wdm 9-1:1.0: skipping garbage [ 234.593979][ T24] cdc_wdm 9-1:1.0: skipping garbage [ 234.596604][ T24] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 234.598184][ T9304] netlink: 'syz.2.910': attribute type 1 has an invalid length. [ 234.598511][ T24] cdc_wdm 9-1:1.0: Unknown control protocol [ 234.603806][ T9304] netlink: 224 bytes leftover after parsing attributes in process `syz.2.910'. [ 234.636466][ T9310] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 234.638681][ T9310] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 234.874972][ C3] wdm_int_callback: 2 callbacks suppressed [ 234.874985][ C3] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 234.879068][ C3] wdm_int_callback: 2 callbacks suppressed [ 234.879079][ C3] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 234.883263][ C3] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 234.885694][ C3] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 234.887981][ C3] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 234.890219][ C3] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 234.892382][ C3] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 234.894446][ C3] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 234.896624][ C3] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 234.898747][ C3] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 234.900991][ C3] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 234.903059][ C3] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 234.906178][ C3] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 234.908332][ C3] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 234.910482][ C3] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 234.912587][ C3] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 234.914690][ C3] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 234.916801][ C3] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 234.918963][ C3] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 234.921117][ C3] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 234.976862][ T9318] netlink: 'syz.0.916': attribute type 1 has an invalid length. [ 234.979441][ T9318] netlink: 224 bytes leftover after parsing attributes in process `syz.0.916'. [ 235.045319][ T5776] usb 9-1: USB disconnect, device number 2 [ 235.202663][ T54] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 235.353745][ T54] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 235.359353][ T54] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 235.364029][ T54] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 235.369913][ T54] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 235.374287][ T54] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.386244][ T54] usb 7-1: config 0 descriptor?? [ 235.811942][ T54] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 235.815323][ T54] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 235.816846][ T9329] 9pnet_virtio: no channels available for device 3$Î~VºÐPÚ [ 235.818176][ T54] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 235.825076][ T54] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 235.828491][ T54] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 235.831657][ T54] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 235.835276][ T54] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 235.838377][ T54] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 235.841471][ T54] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 235.845043][ T54] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 235.865858][ T54] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 236.027398][ T9317] binder: 9316:9317 ioctl 4018620d 80000040 returned -22 [ 236.032097][ T9317] binder: 9316:9317 ioctl c0306201 800001c0 returned -14 [ 236.036408][ T9317] binder: 9316:9317 ioctl c0306201 80000240 returned -14 [ 236.041559][ T54] usb 7-1: USB disconnect, device number 15 [ 236.382995][ T5776] usb 9-1: new full-speed USB device number 3 using dummy_hcd [ 236.544429][ T5776] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 236.548724][ T5776] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 236.553898][ T5776] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 236.558479][ T5776] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 236.562274][ T5776] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.568890][ T9327] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 236.576841][ T5776] hub 9-1:1.0: bad descriptor, ignoring hub [ 236.578754][ T5776] hub 9-1:1.0: probe with driver hub failed with error -5 [ 236.581511][ T5776] cdc_wdm 9-1:1.0: skipping garbage [ 236.591436][ T5776] cdc_wdm 9-1:1.0: skipping garbage [ 236.599643][ T5776] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 236.602169][ T5776] cdc_wdm 9-1:1.0: Unknown control protocol [ 237.128290][ T9343] rdma_rxe: rxe_newlink: failed to add syz_tun [ 237.678943][ T9327] usb 9-1: reset full-speed USB device number 3 using dummy_hcd [ 237.808848][ T9344] macvlan2: entered allmulticast mode [ 237.811021][ T9344] veth1_vlan: entered allmulticast mode [ 237.815753][ T9344] veth1_vlan: left allmulticast mode [ 237.883862][ T9339] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 238.857872][ T9351] lo speed is unknown, defaulting to 1000 [ 238.861617][ T9351] lo speed is unknown, defaulting to 1000 [ 239.432893][ T9362] validate_nla: 1 callbacks suppressed [ 239.432938][ T9362] netlink: 'syz.1.927': attribute type 1 has an invalid length. [ 239.437594][ T9362] netlink: 224 bytes leftover after parsing attributes in process `syz.1.927'. [ 239.764132][ T9368] netlink: 'syz.0.929': attribute type 1 has an invalid length. [ 239.767760][ T9368] netlink: 'syz.0.929': attribute type 3 has an invalid length. [ 239.771106][ T9368] netlink: 224 bytes leftover after parsing attributes in process `syz.0.929'. [ 240.033065][ T6008] usb 9-1: USB disconnect, device number 3 [ 241.248557][ T9385] lo speed is unknown, defaulting to 1000 [ 241.251706][ T9385] lo speed is unknown, defaulting to 1000 [ 241.264231][ T9389] netlink: 40 bytes leftover after parsing attributes in process `syz.4.936'. [ 242.211717][ T9400] tipc: Started in network mode [ 242.219649][ T9400] tipc: Node identity 4e8d78feaf6f, cluster identity 4711 [ 242.223305][ T9400] tipc: Enabled bearer , priority 0 [ 242.232077][ T9400] syzkaller0: entered promiscuous mode [ 242.239120][ T9400] syzkaller0: entered allmulticast mode [ 242.274619][ T9400] syzkaller0: mtu greater than device maximum [ 242.278465][ T9399] tipc: Resetting bearer [ 242.385140][ T9399] tipc: Disabling bearer [ 242.468958][ T9394] rdma_rxe: rxe_newlink: failed to add syz_tun [ 243.056901][ T9419] [U] ³•¯1WT`8ºáÍÇÚH$ô0©·ñãý9\ [ 243.059069][ T9419] [U] ;2}u‚˜gVÏÄ¥ëÚ#èO9ïôÕ¥>-ƒêÿ´üS…Ý¢šÕp [ 244.620698][ T9461] tipc: Cannot configure node identity twice [ 244.783615][ T9465] syzkaller0: entered promiscuous mode [ 244.785992][ T9465] syzkaller0: entered allmulticast mode [ 244.924436][ T9469] netlink: 8 bytes leftover after parsing attributes in process `syz.0.949'. [ 244.967451][ T24] lo speed is unknown, defaulting to 1000 [ 244.971072][ T24] syz2: Port: 1 Link DOWN [ 244.998989][ T5946] Bluetooth: hci2: unexpected event for opcode 0x1804 [ 245.885624][ T9478] [U] ³•¯1WT`8ºáÍÇÚH$ô0©·ñãý9\ [ 245.889188][ T9478] [U] ;2}u‚˜gVÏÄ¥ëÚ#èO9ïôÕ¥>-ƒêÿ´üS…Ý¢šÕp [ 246.043184][ T9479] netlink: 56 bytes leftover after parsing attributes in process `syz.4.948'. [ 247.387187][ T9501] syzkaller0: entered promiscuous mode [ 247.389535][ T9501] syzkaller0: entered allmulticast mode [ 247.842040][ T9511] netlink: 'syz.0.961': attribute type 1 has an invalid length. [ 247.845239][ T9511] netlink: 224 bytes leftover after parsing attributes in process `syz.0.961'. [ 248.046052][ T9510] netlink: 'syz.1.962': attribute type 1 has an invalid length. [ 248.048795][ T9510] netlink: 224 bytes leftover after parsing attributes in process `syz.1.962'. [ 249.073501][ T5946] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 249.084048][ T5946] Bluetooth: hci2: Injecting HCI hardware error event [ 249.100117][ T5944] Bluetooth: hci2: hardware error 0x00 [ 249.528525][ T9534] syzkaller0: entered promiscuous mode [ 249.530824][ T9534] syzkaller0: entered allmulticast mode [ 250.553367][ T9543] netlink: 'syz.2.971': attribute type 1 has an invalid length. [ 250.556138][ T9543] netlink: 224 bytes leftover after parsing attributes in process `syz.2.971'. [ 251.162517][ T5944] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 251.355902][ T9578] netlink: 'syz.0.972': attribute type 1 has an invalid length. [ 251.358198][ T9578] netlink: 224 bytes leftover after parsing attributes in process `syz.0.972'. [ 252.027040][ T9584] netlink: 'syz.1.976': attribute type 1 has an invalid length. [ 252.030397][ T9584] netlink: 224 bytes leftover after parsing attributes in process `syz.1.976'. [ 254.335218][ T9616] netlink: 'syz.4.984': attribute type 1 has an invalid length. [ 254.338531][ T9616] netlink: 224 bytes leftover after parsing attributes in process `syz.4.984'. [ 254.529424][ T9626] netlink: 'syz.1.989': attribute type 1 has an invalid length. [ 254.532731][ T9626] netlink: 'syz.1.989': attribute type 3 has an invalid length. [ 254.536022][ T9626] netlink: 224 bytes leftover after parsing attributes in process `syz.1.989'. [ 254.709187][ T9630] netlink: 'syz.2.988': attribute type 1 has an invalid length. [ 254.715727][ T9630] netlink: 224 bytes leftover after parsing attributes in process `syz.2.988'. [ 255.144639][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.146841][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.289332][ T9644] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 255.293363][ T9644] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 256.284111][ T9656] evm: overlay not supported [ 256.752503][ T6026] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 257.130058][ T9664] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1001'. [ 257.584103][ T6026] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 257.619121][ T9670] netlink: 'syz.4.1002': attribute type 1 has an invalid length. [ 257.622735][ T9670] netlink: 'syz.4.1002': attribute type 3 has an invalid length. [ 257.626154][ T9670] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1002'. [ 258.275019][ T9673] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1003'. [ 258.292265][ T9673] team_slave_0: entered promiscuous mode [ 258.295164][ T9673] team_slave_1: entered promiscuous mode [ 258.298117][ T9673] macsec1: entered promiscuous mode [ 258.300334][ T9673] team0: entered promiscuous mode [ 258.302978][ T9673] macsec1: entered allmulticast mode [ 258.305120][ T9673] team0: entered allmulticast mode [ 258.307245][ T9673] team_slave_0: entered allmulticast mode [ 258.309586][ T9673] team_slave_1: entered allmulticast mode [ 258.313885][ T9673] team0: Device macsec1 is already an upper device of the team interface [ 258.330461][ T9673] team0: left allmulticast mode [ 258.330843][ T9674] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.1003'. [ 258.332564][ T9673] team_slave_0: left allmulticast mode [ 258.337976][ T9673] team_slave_1: left allmulticast mode [ 258.340115][ T9673] team0: left promiscuous mode [ 258.342659][ T9673] team_slave_0: left promiscuous mode [ 258.344814][ T9673] team_slave_1: left promiscuous mode [ 258.423706][ T6026] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 258.430168][ T6026] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 258.632445][ T40] audit: type=1326 audit(1762414669.837:7686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9678 comm="syz.4.1005" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 258.640562][ T40] audit: type=1326 audit(1762414669.837:7687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9678 comm="syz.4.1005" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 258.672816][ T40] audit: type=1326 audit(1762414669.837:7688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9678 comm="syz.4.1005" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 258.692508][ T40] audit: type=1326 audit(1762414669.837:7689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9678 comm="syz.4.1005" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 258.700192][ T40] audit: type=1326 audit(1762414669.837:7690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9678 comm="syz.4.1005" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 258.710452][ T40] audit: type=1326 audit(1762414669.837:7691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9678 comm="syz.4.1005" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 258.719506][ T40] audit: type=1326 audit(1762414669.837:7692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9678 comm="syz.4.1005" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 258.731204][ T40] audit: type=1326 audit(1762414669.847:7693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9678 comm="syz.4.1005" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 258.739788][ T40] audit: type=1326 audit(1762414669.847:7694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9678 comm="syz.4.1005" exe="/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 258.747646][ T40] audit: type=1326 audit(1762414669.857:7695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9678 comm="syz.4.1005" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d579 code=0x7ffc0000 [ 258.912515][ T6026] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.140244][ T9685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1006'. [ 259.291875][ T6026] usb 5-1: usb_control_msg returned -32 [ 259.312497][ T6026] usbtmc 5-1:16.0: can't read capabilities [ 259.548874][ T9689] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 259.556646][ T9690] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 260.482933][ T6046] usb 9-1: new full-speed USB device number 4 using dummy_hcd [ 260.609336][ T9703] xt_hashlimit: overflow, try lower: 60585/0 [ 260.634446][ T6046] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 260.638271][ T6046] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 260.641683][ T6046] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 260.646167][ T6046] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 260.656943][ T6046] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.677083][ T9701] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 260.685386][ T1468] usb 5-1: USB disconnect, device number 6 [ 260.740206][ T6046] hub 9-1:1.0: bad descriptor, ignoring hub [ 260.743306][ T6046] hub 9-1:1.0: probe with driver hub failed with error -5 [ 260.751672][ T6046] cdc_wdm 9-1:1.0: skipping garbage [ 260.755081][ T6046] cdc_wdm 9-1:1.0: skipping garbage [ 260.786312][ T9710] binder_alloc: 9709: binder_alloc_buf, no vma [ 260.793571][ T6046] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 260.802735][ T6046] cdc_wdm 9-1:1.0: Unknown control protocol [ 260.904051][ T5993] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 261.054576][ T5993] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 261.058172][ T5993] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 261.062841][ T5993] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 261.066630][ T5993] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 261.071017][ T5993] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 261.079834][ T5993] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 261.083884][ T5993] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 261.087249][ T5993] usb 7-1: Product: syz [ 261.089012][ T5993] usb 7-1: Manufacturer: syz [ 261.096140][ T5993] cdc_wdm 7-1:1.0: skipping garbage [ 261.098426][ T5993] cdc_wdm 7-1:1.0: skipping garbage [ 261.643063][ T9701] usb 9-1: reset full-speed USB device number 4 using dummy_hcd [ 261.811958][ T9712] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 261.824420][ T5993] cdc_wdm 7-1:1.0: cdc-wdm1: USB WDM device [ 261.826610][ T5993] cdc_wdm 7-1:1.0: Unknown control protocol [ 261.832819][ T5993] usb 7-1: USB disconnect, device number 16 [ 262.531576][ T9730] netlink: 204 bytes leftover after parsing attributes in process `syz.2.1016'. [ 262.566069][ T9732] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 262.568294][ T9732] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 262.852109][ T9740] netlink: 'syz.2.1019': attribute type 1 has an invalid length. [ 262.855355][ T9740] netlink: 'syz.2.1019': attribute type 3 has an invalid length. [ 262.858586][ T9740] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1019'. [ 263.332854][ T6046] usb 9-1: USB disconnect, device number 4 [ 263.651128][ T9750] syzkaller0: entered promiscuous mode [ 263.653542][ T9750] syzkaller0: entered allmulticast mode [ 263.989005][ T9759] netlink: 'syz.0.1024': attribute type 1 has an invalid length. [ 263.992031][ T9759] netlink: 'syz.0.1024': attribute type 3 has an invalid length. [ 263.995200][ T9759] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1024'. [ 264.054970][ T9760] netlink: 'syz.2.1025': attribute type 1 has an invalid length. [ 264.057782][ T9760] netlink: 'syz.2.1025': attribute type 3 has an invalid length. [ 264.060521][ T9760] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1025'. [ 264.496066][ T9763] netlink: 204 bytes leftover after parsing attributes in process `syz.4.1026'. [ 264.791038][ T9776] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 264.793757][ T9776] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 265.088768][ T9781] syzkaller0: entered promiscuous mode [ 265.090974][ T9781] syzkaller0: entered allmulticast mode [ 265.486149][ T9788] netlink: 'syz.4.1034': attribute type 1 has an invalid length. [ 265.488733][ T9788] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1034'. [ 265.709555][ T9796] netlink: 204 bytes leftover after parsing attributes in process `syz.2.1036'. [ 265.834916][ T9803] netlink: 'syz.0.1039': attribute type 1 has an invalid length. [ 265.838342][ T9803] netlink: 'syz.0.1039': attribute type 3 has an invalid length. [ 265.841493][ T9803] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1039'. [ 266.052555][ T1468] usb 7-1: new full-speed USB device number 17 using dummy_hcd [ 266.332102][ T9813] syz1: rxe_newlink: already configured on syz_tun [ 266.366770][ T1468] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 268.155991][ T1468] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 268.519058][ T1468] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 268.689823][ T1468] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 268.699112][ T1468] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.721714][ T9801] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 268.740875][ T1468] hub 7-1:1.0: bad descriptor, ignoring hub [ 268.743639][ T1468] hub 7-1:1.0: probe with driver hub failed with error -5 [ 268.749555][ T1468] cdc_wdm 7-1:1.0: skipping garbage [ 268.752141][ T1468] cdc_wdm 7-1:1.0: skipping garbage [ 268.762649][ T1468] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 268.765309][ T1468] cdc_wdm 7-1:1.0: Unknown control protocol [ 268.942709][ T1468] usb 7-1: USB disconnect, device number 17 [ 269.029576][ T9827] rdma_rxe: rxe_newlink: failed to add syz_tun [ 270.001985][ T9836] binder: 9833:9836 ioctl 0 80000040 returned -22 [ 270.061332][ T9837] netlink: 204 bytes leftover after parsing attributes in process `syz.0.1047'. [ 270.823159][ T9840] netlink: 'syz.0.1049': attribute type 1 has an invalid length. [ 270.975804][ T9844] bond2: (slave geneve2): Opening slave failed [ 271.141447][ T9848] netlink: 'syz.1.1051': attribute type 1 has an invalid length. [ 271.144733][ T9848] netlink: 'syz.1.1051': attribute type 3 has an invalid length. [ 271.147887][ T9848] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1051'. [ 271.673057][ T1468] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 271.773718][ T9855] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 271.776849][ T9855] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 271.822502][ T1468] usb 5-1: device descriptor read/64, error -71 [ 272.072501][ T1468] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 272.162933][ T1022] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 272.178398][ T9863] rdma_rxe: rxe_newlink: failed to add syz_tun [ 272.212506][ T1468] usb 5-1: device descriptor read/64, error -71 [ 272.331568][ T1022] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 272.332716][ T1468] usb usb5-port1: attempt power cycle [ 272.335050][ T1022] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 272.339706][ T1022] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 272.343340][ T1022] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 272.346958][ T1022] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.367214][ T9858] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 272.396665][ T1022] hub 6-1:1.0: bad descriptor, ignoring hub [ 272.399564][ T1022] hub 6-1:1.0: probe with driver hub failed with error -5 [ 272.414371][ T1022] cdc_wdm 6-1:1.0: skipping garbage [ 272.416826][ T1022] cdc_wdm 6-1:1.0: skipping garbage [ 272.459994][ T1022] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 272.469380][ T1022] cdc_wdm 6-1:1.0: Unknown control protocol [ 272.683405][ T1468] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 272.703182][ T1468] usb 5-1: device descriptor read/8, error -71 [ 272.942494][ T1468] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 272.963159][ T1468] usb 5-1: device descriptor read/8, error -71 [ 273.072779][ T1468] usb usb5-port1: unable to enumerate USB device [ 273.303305][ T9858] usb 6-1: reset full-speed USB device number 5 using dummy_hcd [ 273.474439][ T9866] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 274.292494][ T1022] usb 7-1: new full-speed USB device number 18 using dummy_hcd [ 274.475528][ T1022] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 274.478625][ T1022] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 274.541115][ T9883] netlink: 'syz.0.1063': attribute type 1 has an invalid length. [ 274.544591][ T9883] netlink: 'syz.0.1063': attribute type 3 has an invalid length. [ 274.547835][ T9883] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1063'. [ 275.326669][ T1022] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid maxpacket 77, setting to 64 [ 275.330352][ T1022] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 275.334451][ T1022] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid wMaxPacketSize 0 [ 275.337642][ T1022] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 275.341842][ T1022] usb 7-1: config 168 interface 0 has no altsetting 0 [ 275.357589][ T1022] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 275.360167][ T1022] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 275.364092][ T1022] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid maxpacket 77, setting to 64 [ 275.368115][ T1022] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 275.371950][ T1022] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid wMaxPacketSize 0 [ 275.375676][ T1022] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 275.379946][ T1022] usb 7-1: config 168 interface 0 has no altsetting 0 [ 275.384063][ T1022] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 275.386677][ T1022] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 275.390247][ T1022] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid maxpacket 77, setting to 64 [ 275.393865][ T1022] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 275.397890][ T1022] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid wMaxPacketSize 0 [ 275.401091][ T1022] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 275.405906][ T1022] usb 7-1: config 168 interface 0 has no altsetting 0 [ 275.410323][ T1022] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 275.413510][ T1022] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.416119][ T1022] usb 7-1: Product: syz [ 275.417518][ T1022] usb 7-1: Manufacturer: syz [ 275.419046][ T1022] usb 7-1: SerialNumber: syz [ 275.568232][ T9890] comedi comedi3: comedi_config --init_data is deprecated [ 275.643134][ T9878] Invalid ELF header magic: != ELF [ 275.750236][ T1022] adutux 7-1:168.0: interrupt endpoints not found [ 275.756328][ T1022] usb 7-1: USB disconnect, device number 18 [ 276.358632][ T1022] usb 6-1: USB disconnect, device number 5 [ 276.405100][ T9898] syz.0.1067: vmalloc error: size 2147483264, exceeds total pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 276.411588][ T9898] CPU: 0 UID: 0 PID: 9898 Comm: syz.0.1067 Not tainted syzkaller #0 PREEMPT(full) [ 276.411605][ T9898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 276.411611][ T9898] Call Trace: [ 276.411616][ T9898] [ 276.411621][ T9898] dump_stack_lvl+0x16c/0x1f0 [ 276.411637][ T9898] warn_alloc+0x248/0x3a0 [ 276.411662][ T9898] ? __pfx_warn_alloc+0x10/0x10 [ 276.411672][ T9898] ? __schedule+0x11a3/0x5de0 [ 276.411682][ T9898] ? finish_task_switch.isra.0+0x2fa/0xc10 [ 276.411705][ T9898] ? do_replace+0x1c3/0x480 [ 276.411722][ T9898] __vmalloc_node_range_noprof+0xfbc/0x1480 [ 276.411743][ T9898] ? do_replace+0x1c3/0x480 [ 276.411756][ T9898] ? find_held_lock+0x2b/0x80 [ 276.411766][ T9898] ? __might_fault+0xe3/0x190 [ 276.411776][ T9898] ? __might_fault+0x13b/0x190 [ 276.411788][ T9898] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 276.411804][ T9898] ? _copy_from_user+0x59/0xd0 [ 276.411821][ T9898] ? copy_from_sockptr_offset.constprop.0+0xe5/0x170 [ 276.411837][ T9898] ? do_replace+0x1c3/0x480 [ 276.411851][ T9898] __vmalloc_node_noprof+0xad/0xf0 [ 276.411865][ T9898] ? do_replace+0x1c3/0x480 [ 276.411881][ T9898] do_replace+0x1c3/0x480 [ 276.411896][ T9898] ? __pfx_do_replace+0x10/0x10 [ 276.411917][ T9898] ? __lock_acquire+0xb8a/0x1c90 [ 276.411933][ T9898] compat_do_replace+0x585/0x7c0 [ 276.411952][ T9898] ? __pfx_compat_do_replace+0x10/0x10 [ 276.411975][ T9898] ? bpf_lsm_capable+0x9/0x10 [ 276.411992][ T9898] ? security_capable+0x7e/0x260 [ 276.412012][ T9898] do_ebt_set_ctl+0x2f5/0x3c0 [ 276.412029][ T9898] ? __pfx_do_ebt_set_ctl+0x10/0x10 [ 276.412045][ T9898] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 276.412063][ T9898] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 276.412078][ T9898] nf_setsockopt+0x8d/0xf0 [ 276.412098][ T9898] ip_setsockopt+0xcb/0xf0 [ 276.412115][ T9898] tcp_setsockopt+0xa7/0x100 [ 276.412134][ T9898] smc_setsockopt+0x1b6/0xa00 [ 276.412150][ T9898] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 276.412165][ T9898] ? __pfx_smc_setsockopt+0x10/0x10 [ 276.412182][ T9898] ? aa_sock_opt_perm+0xfd/0x1c0 [ 276.412197][ T9898] ? __pfx_smc_setsockopt+0x10/0x10 [ 276.412213][ T9898] do_sock_setsockopt+0xf3/0x1d0 [ 276.412226][ T9898] __sys_setsockopt+0x120/0x1a0 [ 276.412245][ T9898] __ia32_sys_setsockopt+0xbc/0x160 [ 276.412260][ T9898] ? lockdep_hardirqs_on+0x7c/0x110 [ 276.412272][ T9898] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 276.412284][ T9898] __do_fast_syscall_32+0x7c/0x300 [ 276.412298][ T9898] do_fast_syscall_32+0x32/0x80 [ 276.412310][ T9898] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 276.412323][ T9898] RIP: 0023:0xf7fc4579 [ 276.412332][ T9898] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 276.412341][ T9898] RSP: 002b:00000000f549555c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 276.412351][ T9898] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 0000000000000000 [ 276.412357][ T9898] RDX: 0000000000000080 RSI: 0000000080001680 RDI: 0000000000000108 [ 276.412363][ T9898] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 276.412369][ T9898] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 276.412390][ T9898] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 276.412407][ T9898] [ 276.537822][ T9898] Mem-Info: [ 276.538994][ T9898] active_anon:8954 inactive_anon:456 isolated_anon:0 [ 276.538994][ T9898] active_file:7136 inactive_file:27585 isolated_file:0 [ 276.538994][ T9898] unevictable:1768 dirty:623 writeback:0 [ 276.538994][ T9898] slab_reclaimable:7406 slab_unreclaimable:57228 [ 276.538994][ T9898] mapped:24167 shmem:5152 pagetables:1551 [ 276.538994][ T9898] sec_pagetables:316 bounce:0 [ 276.538994][ T9898] kernel_misc_reclaimable:0 [ 276.538994][ T9898] free:44606 free_pcp:14927 free_cma:0 [ 276.556438][ T9898] Node 0 active_anon:64kB inactive_anon:4kB active_file:152kB inactive_file:0kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:6164kB dirty:12kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8772kB pagetables:1680kB sec_pagetables:1156kB all_unreclaimable? no Balloon:0kB [ 276.567162][ T9898] Node 1 active_anon:35752kB inactive_anon:1820kB active_file:28392kB inactive_file:110340kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:90504kB dirty:2480kB writeback:0kB shmem:17072kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6948kB pagetables:4524kB sec_pagetables:108kB all_unreclaimable? no Balloon:0kB [ 276.579341][ T9898] Node 0 DMA free:2108kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:268kB local_pcp:0kB free_cma:0kB [ 276.590328][ T9898] lowmem_reserve[]: 0 294 294 294 294 [ 276.592878][ T9898] Node 0 DMA32 free:19132kB boost:2048kB min:15496kB low:18856kB high:22216kB reserved_highatomic:2048KB free_highatomic:460KB active_anon:64kB inactive_anon:4kB active_file:152kB inactive_file:0kB unevictable:3536kB writepending:12kB zspages:52kB present:1032196kB managed:301156kB mlocked:0kB bounce:0kB free_pcp:9652kB local_pcp:2832kB free_cma:0kB [ 276.604400][ T9898] lowmem_reserve[]: 0 0 0 0 0 [ 276.606433][ T9898] Node 1 DMA32 free:157184kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:35752kB inactive_anon:1820kB active_file:28392kB inactive_file:110340kB unevictable:3536kB writepending:2480kB zspages:2432kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:49688kB local_pcp:5296kB free_cma:0kB [ 276.618214][ T9898] lowmem_reserve[]: 0 0 0 0 0 [ 276.620334][ T9898] Node 0 DMA: 9*4kB (U) 5*8kB (UM) 3*16kB (UM) 4*32kB (UM) 1*64kB (M) 0*128kB 1*256kB (M) 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 2108kB [ 276.626105][ T9898] Node 0 DMA32: 13*4kB (UMH) 97*8kB (MEH) 52*16kB (UMEH) 82*32kB (UMEH) 48*64kB (UMEH) 32*128kB (UME) 12*256kB (UME) 3*512kB (UM) 3*1024kB (UM) 0*2048kB 0*4096kB = 19132kB [ 276.632817][ T9898] Node 1 DMA32: 2*4kB (UE) 1*8kB (U) 59*16kB (ME) 286*32kB (UME) 254*64kB (UME) 124*128kB (UME) 43*256kB (UME) 39*512kB (UME) 26*1024kB (UM) 14*2048kB (UM) 7*4096kB (UM) = 157184kB [ 276.640399][ T9898] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 276.644412][ T9898] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 276.648223][ T9898] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 276.652078][ T9898] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 276.656024][ T9898] 40859 total pagecache pages [ 276.658194][ T9898] 987 pages in swap cache [ 276.660172][ T9898] Free swap = 116452kB [ 276.661996][ T9898] Total swap = 124996kB [ 276.663884][ T9898] 524155 pages RAM [ 276.665565][ T9898] 0 pages HighMem/MovableOnly [ 276.667665][ T9898] 207971 pages reserved [ 276.669532][ T9898] 0 pages cma reserved [ 277.433646][ T9902] rdma_rxe: rxe_newlink: failed to add syz_tun [ 279.485717][ T9912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1070'. [ 279.950785][ T9921] random: crng reseeded on system resumption [ 279.965296][ T40] kauditd_printk_skb: 178 callbacks suppressed [ 279.965310][ T40] audit: type=1326 audit(1762414691.177:7874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9920 comm="syz.2.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d579 code=0x7ffc0000 [ 279.980399][ T40] audit: type=1326 audit(1762414691.177:7875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9920 comm="syz.2.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d579 code=0x7ffc0000 [ 279.989629][ T40] audit: type=1326 audit(1762414691.187:7876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9920 comm="syz.2.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=165 compat=1 ip=0xf702d579 code=0x7ffc0000 [ 279.998715][ T40] audit: type=1326 audit(1762414691.187:7877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9920 comm="syz.2.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d579 code=0x7ffc0000 [ 280.008590][ T40] audit: type=1326 audit(1762414691.187:7878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9920 comm="syz.2.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d579 code=0x7ffc0000 [ 280.017029][ T40] audit: type=1326 audit(1762414691.187:7879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9920 comm="syz.2.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf702d579 code=0x7ffc0000 [ 280.023957][ T40] audit: type=1326 audit(1762414691.187:7880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9920 comm="syz.2.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d579 code=0x7ffc0000 [ 280.045437][ T40] audit: type=1326 audit(1762414691.187:7881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9920 comm="syz.2.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d579 code=0x7ffc0000 [ 280.052561][ T40] audit: type=1326 audit(1762414691.187:7882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9920 comm="syz.2.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=156 compat=1 ip=0xf702d579 code=0x7ffc0000 [ 280.059391][ T40] audit: type=1326 audit(1762414691.187:7883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9920 comm="syz.2.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d579 code=0x7ffc0000 [ 280.451069][ T9924] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1073'. [ 280.827487][ T9929] [U]  [ 281.062479][ T6026] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 281.192519][ T6026] usb 7-1: device descriptor read/64, error -71 [ 281.443247][ T6026] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 281.602543][ T6026] usb 7-1: device descriptor read/64, error -71 [ 281.815191][ T6026] usb usb7-port1: attempt power cycle [ 281.986298][ T9955] netlink: 'syz.1.1080': attribute type 1 has an invalid length. [ 281.989099][ T9955] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1080'. [ 282.162520][ T6026] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 282.183197][ T6026] usb 7-1: device descriptor read/8, error -71 [ 282.432905][ T6026] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 282.463079][ T6026] usb 7-1: device descriptor read/8, error -71 [ 282.578347][ T6026] usb usb7-port1: unable to enumerate USB device [ 282.865924][ T9964] syzkaller1: entered promiscuous mode [ 282.867802][ T9964] syzkaller1: entered allmulticast mode [ 283.434648][ T9978] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1088'. [ 284.118036][ T9998] netlink: 'syz.4.1091': attribute type 1 has an invalid length. [ 284.263304][ T9998] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1091'. [ 284.350826][T10003] netlink: 'syz.0.1092': attribute type 1 has an invalid length. [ 284.353432][T10003] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1092'. [ 284.440143][ T9995] netlink: 'syz.2.1094': attribute type 1 has an invalid length. [ 284.442802][ T9995] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1094'. [ 284.529088][T10007] netlink: 'syz.1.1095': attribute type 1 has an invalid length. [ 284.531587][T10007] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1095'. [ 284.972616][ T5776] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 285.132488][ T5776] usb 9-1: Using ep0 maxpacket: 8 [ 285.135955][ T5776] usb 9-1: config 0 has no interfaces? [ 285.137789][ T5776] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 285.140838][ T5776] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.146227][ T5776] usb 9-1: config 0 descriptor?? [ 285.243376][T10019] syzkaller0: entered promiscuous mode [ 285.245642][T10019] syzkaller0: entered allmulticast mode [ 285.407438][T10026] vlan0: entered promiscuous mode [ 285.496995][ T5776] usb 9-1: USB disconnect, device number 5 [ 286.456608][T10034] tipc: Enabled bearer , priority 0 [ 287.393785][T10047] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 287.593698][ T6008] tipc: Node number set to 2846622966 [ 287.851283][T10050] netlink: 'syz.4.1105': attribute type 1 has an invalid length. [ 287.854743][T10050] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1105'. [ 288.219296][T10060] syzkaller0: entered promiscuous mode [ 288.221120][T10060] syzkaller0: entered allmulticast mode [ 288.434067][T10069] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1113'. [ 289.140241][T10084] lo speed is unknown, defaulting to 1000 [ 289.145435][T10084] lo speed is unknown, defaulting to 1000 [ 289.435314][T10083] netlink: 'syz.0.1116': attribute type 1 has an invalid length. [ 289.437819][T10083] netlink: 'syz.0.1116': attribute type 3 has an invalid length. [ 289.455456][T10083] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1116'. [ 289.708417][T10095] netlink: 'syz.2.1120': attribute type 1 has an invalid length. [ 289.712214][T10095] netlink: 'syz.2.1120': attribute type 3 has an invalid length. [ 289.716411][T10095] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1120'. [ 290.055487][T10100] syzkaller0: entered promiscuous mode [ 290.060386][T10100] syzkaller0: entered allmulticast mode [ 290.822522][ T6046] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 290.985223][ T6046] usb 7-1: config index 0 descriptor too short (expected 45, got 36) [ 290.992517][ T6046] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.997348][ T6046] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 291.000722][ T6046] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 291.005144][ T6046] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 291.008375][ T6046] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.012346][ T6046] usb 7-1: config 0 descriptor?? [ 291.636627][T10115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 291.642611][T10115] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 291.965659][T10130] FAULT_INJECTION: forcing a failure. [ 291.965659][T10130] name failslab, interval 1, probability 0, space 0, times 0 [ 291.970616][T10130] CPU: 0 UID: 0 PID: 10130 Comm: syz.1.1130 Not tainted syzkaller #0 PREEMPT(full) [ 291.970637][T10130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 291.970647][T10130] Call Trace: [ 291.970653][T10130] [ 291.970660][T10130] dump_stack_lvl+0x16c/0x1f0 [ 291.970680][T10130] should_fail_ex+0x512/0x640 [ 291.970701][T10130] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 291.970721][T10130] should_failslab+0xc2/0x120 [ 291.970742][T10130] kmem_cache_alloc_node_noprof+0x78/0x770 [ 291.970757][T10130] ? kasan_save_track+0x14/0x30 [ 291.970773][T10130] ? __alloc_skb+0x2b2/0x380 [ 291.970797][T10130] ? genl_start+0x1e8/0x980 [ 291.970816][T10130] ? __alloc_skb+0x2b2/0x380 [ 291.970835][T10130] __alloc_skb+0x2b2/0x380 [ 291.970863][T10130] ? __pfx___alloc_skb+0x10/0x10 [ 291.970895][T10130] netlink_dump+0x19b/0xd30 [ 291.970913][T10130] ? __pfx_netlink_dump+0x10/0x10 [ 291.970938][T10130] ? __asan_memset+0x23/0x50 [ 291.970950][T10130] ? genl_start+0x67f/0x980 [ 291.970970][T10130] __netlink_dump_start+0x6d6/0x990 [ 291.970990][T10130] genl_family_rcv_msg_dumpit+0x1e2/0x2e0 [ 291.971011][T10130] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 291.971037][T10130] ? __pfx_genl_get_cmd+0x10/0x10 [ 291.971049][T10130] ? __pfx_genl_start+0x10/0x10 [ 291.971063][T10130] ? __pfx_genl_dumpit+0x10/0x10 [ 291.971080][T10130] ? __pfx_genl_done+0x10/0x10 [ 291.971101][T10130] ? __radix_tree_lookup+0x21f/0x2c0 [ 291.971129][T10130] genl_rcv_msg+0x46e/0x800 [ 291.971151][T10130] ? __pfx_genl_rcv_msg+0x10/0x10 [ 291.971169][T10130] ? __pfx_smcd_nl_get_lgr+0x10/0x10 [ 291.971199][T10130] netlink_rcv_skb+0x158/0x420 [ 291.971215][T10130] ? __pfx_genl_rcv_msg+0x10/0x10 [ 291.971234][T10130] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 291.971261][T10130] ? netlink_deliver_tap+0x1ae/0xd30 [ 291.971279][T10130] genl_rcv+0x28/0x40 [ 291.971295][T10130] netlink_unicast+0x5aa/0x870 [ 291.971310][T10130] ? __pfx_netlink_unicast+0x10/0x10 [ 291.971335][T10130] netlink_sendmsg+0x8c8/0xdd0 [ 291.971356][T10130] ? __pfx_netlink_sendmsg+0x10/0x10 [ 291.971375][T10130] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 291.971402][T10130] ____sys_sendmsg+0xa98/0xc70 [ 291.971425][T10130] ? __pfx_____sys_sendmsg+0x10/0x10 [ 291.971441][T10130] ? get_compat_msghdr+0x11a/0x170 [ 291.971473][T10130] ___sys_sendmsg+0x134/0x1d0 [ 291.971490][T10130] ? __pfx____sys_sendmsg+0x10/0x10 [ 291.971517][T10130] ? find_held_lock+0x2b/0x80 [ 291.971550][T10130] __sys_sendmsg+0x16d/0x220 [ 291.971565][T10130] ? __pfx___sys_sendmsg+0x10/0x10 [ 291.971584][T10130] ? rcu_is_watching+0x12/0xc0 [ 291.971605][T10130] __do_fast_syscall_32+0x7c/0x300 [ 291.971625][T10130] do_fast_syscall_32+0x32/0x80 [ 291.971643][T10130] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 291.971662][T10130] RIP: 0023:0xf7ff2579 [ 291.971674][T10130] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 291.971688][T10130] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 291.971703][T10130] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180 [ 291.971709][T10130] RDX: 0000000024000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 291.971718][T10130] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 291.971727][T10130] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 291.971735][T10130] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 291.971758][T10130] [ 292.189499][T10134] netlink: 'syz.1.1131': attribute type 1 has an invalid length. [ 292.192644][T10134] netlink: 'syz.1.1131': attribute type 3 has an invalid length. [ 292.195010][T10134] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1131'. [ 292.876365][ T6046] usbhid 7-1:0.0: can't add hid device: -71 [ 292.881272][ T6046] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 292.888018][ T6046] usb 7-1: USB disconnect, device number 23 [ 292.923373][T10137] syzkaller0: entered promiscuous mode [ 292.925219][T10137] syzkaller0: entered allmulticast mode [ 293.279469][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 293.279480][ T40] audit: type=1326 audit(1762414704.487:7894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10143 comm="syz.2.1133" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702d579 code=0x0 [ 293.563862][T10154] netlink: 'syz.1.1135': attribute type 1 has an invalid length. [ 293.567206][T10154] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1135'. [ 293.598120][T10157] ubi31: attaching mtd0 [ 293.616791][T10157] ubi31: scanning is finished [ 293.618480][T10157] ubi31: empty MTD device detected [ 294.145786][T10157] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 294.152430][T10157] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 294.154763][T10157] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 294.156981][T10157] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 294.159457][T10157] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 294.161617][T10157] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 294.273679][T10157] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 81743314 [ 294.293068][T10157] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 294.326981][T10166] ubi31: background thread "ubi_bgt31d" started, PID 10166 [ 294.549752][T10171] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1140'. [ 294.716381][T10177] syzkaller0: entered promiscuous mode [ 294.719139][T10177] syzkaller0: entered allmulticast mode [ 294.745215][T10177] sch_tbf: peakrate 6 is lower than or equals to rate 12672136337270591158 ! [ 295.262027][T10187] netlink: 'syz.0.1146': attribute type 1 has an invalid length. [ 295.265211][T10187] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1146'. [ 296.236375][T10217] netlink: 'syz.1.1147': attribute type 1 has an invalid length. [ 296.238991][T10217] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1147'. [ 296.412496][ T5776] usb 7-1: new full-speed USB device number 24 using dummy_hcd [ 296.563634][ T5776] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 296.566925][ T5776] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 296.569821][ T5776] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 296.573856][ T5776] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 296.576774][ T5776] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.582793][T10216] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 296.587243][ T5776] hub 7-1:1.0: bad descriptor, ignoring hub [ 296.589261][ T5776] hub 7-1:1.0: probe with driver hub failed with error -5 [ 296.593103][ T5776] cdc_wdm 7-1:1.0: skipping garbage [ 296.595441][ T5776] cdc_wdm 7-1:1.0: skipping garbage [ 296.599739][ T5776] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 296.602122][ T5776] cdc_wdm 7-1:1.0: Unknown control protocol [ 296.890344][T10224] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1157'. [ 297.492969][T10216] usb 7-1: reset full-speed USB device number 24 using dummy_hcd [ 297.653994][T10221] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 297.701678][T10245] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 297.704188][T10245] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 297.861779][T10252] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1167'. [ 298.167970][T10257] netlink: 'syz.0.1168': attribute type 1 has an invalid length. [ 298.176691][T10257] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1168'. [ 298.203230][T10258] random: crng reseeded on system resumption [ 298.273249][ T6026] usb 7-1: USB disconnect, device number 24 [ 298.999639][T10268] syzkaller0: entered promiscuous mode [ 299.001818][T10268] syzkaller0: entered allmulticast mode [ 299.012798][T10268] sch_tbf: peakrate 6 is lower than or equals to rate 12672136337270591158 ! [ 299.082701][T10270] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1169'. [ 299.086238][T10270] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1169'. [ 299.144188][T10274] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1169'. [ 299.344030][ T6026] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 299.519682][ T6026] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 299.523201][ T6026] usb 6-1: config 0 has no interfaces? [ 299.525075][ T6026] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 299.528084][ T6026] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.550637][ T6026] usb 6-1: config 0 descriptor?? [ 299.843592][T10280] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1173'. [ 299.847481][T10280] bond_slave_0: entered promiscuous mode [ 299.850514][T10280] bond_slave_1: entered promiscuous mode [ 299.946883][ T6026] usb 6-1: string descriptor 0 read error: -71 [ 299.972237][ T6026] usb 6-1: USB disconnect, device number 6 [ 300.111146][ T6046] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 300.265932][ T6046] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 300.269653][ T6046] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.273282][ T6046] usb 7-1: Product: syz [ 300.275183][ T6046] usb 7-1: Manufacturer: syz [ 300.277105][ T6046] usb 7-1: SerialNumber: syz [ 300.286750][ T6046] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 300.316875][ T6046] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 300.533666][ T54] usb 7-1: USB disconnect, device number 25 [ 300.762506][ T5776] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 300.820009][ T6026] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 300.915573][ T5776] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 300.918736][ T5776] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 300.921605][ T5776] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 300.925248][ T5776] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 300.928060][ T5776] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.933390][T10290] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 300.936796][ T5776] hub 5-1:1.0: bad descriptor, ignoring hub [ 300.938667][ T5776] hub 5-1:1.0: probe with driver hub failed with error -5 [ 300.941244][ T5776] cdc_wdm 5-1:1.0: skipping garbage [ 300.943172][ T5776] cdc_wdm 5-1:1.0: skipping garbage [ 300.947679][ T5776] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 300.949533][ T5776] cdc_wdm 5-1:1.0: Unknown control protocol [ 300.953317][T10294] netlink: 'syz.4.1180': attribute type 1 has an invalid length. [ 300.955812][T10294] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1180'. [ 301.153858][ T6026] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 301.157332][ T6026] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 301.160405][ T6026] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 301.163444][ T6026] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.167108][ T6026] usb 6-1: config 0 descriptor?? [ 301.338737][T10300] netlink: 'syz.2.1181': attribute type 1 has an invalid length. [ 301.341305][T10300] netlink: 'syz.2.1181': attribute type 3 has an invalid length. [ 301.344118][T10300] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1181'. [ 301.382494][ T6046] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 301.384878][ T6046] ath9k_htc: Failed to initialize the device [ 301.387445][ T54] usb 7-1: ath9k_htc: USB layer deinitialized [ 301.578455][ T6026] hid_parser_main: 5 callbacks suppressed [ 301.578468][ T6026] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0 [ 301.592685][ T6026] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0 [ 301.596895][ T6026] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:0D8C:0022.0003/input/input12 [ 301.779639][T10289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 301.784236][T10289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 301.789969][T10289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 301.793800][T10289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 301.833240][T10290] usb 5-1: reset full-speed USB device number 11 using dummy_hcd [ 301.983962][T10297] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 301.995293][ T6026] cm6533_jd 0003:0D8C:0022.0003: input,hiddev1,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 302.002975][ T6026] usb 6-1: USB disconnect, device number 7 [ 302.037673][T10303] fido_id[10303]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb6/report_descriptor': No such file or directory [ 302.606932][ T54] usb 5-1: USB disconnect, device number 11 [ 303.150773][T10314] netlink: 'syz.2.1182': attribute type 1 has an invalid length. [ 303.162847][T10314] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1182'. [ 303.562548][ T5776] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 303.646805][T10323] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1187'. [ 303.713684][ T5776] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 303.717193][ T5776] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 303.720378][ T5776] usb 9-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 303.723337][ T5776] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.726928][ T5776] usb 9-1: config 0 descriptor?? [ 304.112578][T10333] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1188'. [ 304.138146][T10333] batadv1: entered allmulticast mode [ 304.190487][ T5776] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 304.205410][ T5776] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 304.248620][ T5776] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/0003:0D8C:0022.0004/input/input13 [ 304.369055][ T5776] cm6533_jd 0003:0D8C:0022.0004: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 304.500908][T10335] could not allocate digest TFM handle sha1-generic [ 304.541983][ T5776] usb 9-1: USB disconnect, device number 6 [ 304.810440][T10339] fido_id[10339]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb9/report_descriptor': No such file or directory [ 305.074211][T10344] netlink: 'syz.1.1191': attribute type 1 has an invalid length. [ 305.077569][T10344] netlink: 'syz.1.1191': attribute type 3 has an invalid length. [ 305.081657][T10344] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1191'. [ 305.685228][T10348] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 305.687703][T10348] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 305.994228][T10354] lo speed is unknown, defaulting to 1000 [ 305.997973][T10354] lo speed is unknown, defaulting to 1000 [ 306.402547][ T6026] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 306.512001][T10366] syzkaller0: entered promiscuous mode [ 306.514487][T10366] syzkaller0: entered allmulticast mode [ 306.524192][T10366] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) ! [ 306.593749][ T6026] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 306.597196][ T6026] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 306.600975][ T6026] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 306.606847][ T6026] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 306.610643][ T6026] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.616177][T10360] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 306.620677][ T6026] hub 6-1:1.0: bad descriptor, ignoring hub [ 306.624184][ T6026] hub 6-1:1.0: probe with driver hub failed with error -5 [ 306.630319][ T6026] cdc_wdm 6-1:1.0: skipping garbage [ 306.633545][ T6026] cdc_wdm 6-1:1.0: skipping garbage [ 306.637867][ T6026] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 306.641179][ T6026] cdc_wdm 6-1:1.0: Unknown control protocol [ 307.522844][T10360] usb 6-1: reset full-speed USB device number 8 using dummy_hcd [ 307.602100][T10373] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 307.604220][T10373] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 307.609136][T10373] vhci_hcd vhci_hcd.0: Device attached [ 307.727137][T10371] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 307.779277][T10378] vhci_hcd: connection closed [ 307.790407][ T1149] vhci_hcd: stop threads [ 307.834716][T10389] rdma_rxe: rxe_newlink: failed to add syz_tun [ 307.842647][ T1149] vhci_hcd: release socket [ 307.845612][T10390] netlink: 'syz.4.1202': attribute type 1 has an invalid length. [ 307.848277][T10390] netlink: 'syz.4.1202': attribute type 3 has an invalid length. [ 307.850739][T10390] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1202'. [ 307.852491][ T1468] usb 37-1: new high-speed USB device number 3 using vhci_hcd [ 307.854358][ C1] wdm_int_callback: 33 callbacks suppressed [ 307.854373][ C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 307.860676][ C1] wdm_int_callback: 33 callbacks suppressed [ 307.860685][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 307.872326][ T1149] vhci_hcd: disconnect device [ 308.070212][ T1468] usb 37-1: enqueue for inactive port 0 [ 308.165816][ T54] usb 6-1: USB disconnect, device number 8 [ 308.602485][ T1468] vhci_hcd: vhci_device speed not set [ 308.871819][T10397] netlink: 'syz.4.1203': attribute type 1 has an invalid length. [ 308.875133][T10397] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1203'. [ 310.163643][T10416] netlink: 'syz.2.1210': attribute type 10 has an invalid length. [ 310.166777][T10416] syz_tun: entered promiscuous mode [ 310.172967][T10416] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 310.229679][T10422] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1211'. [ 310.712478][ T6046] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 310.863864][ T6046] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 310.867053][ T6046] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 310.869860][ T6046] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 310.873537][ T6046] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 310.876276][ T6046] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.881122][T10431] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 310.885626][ T6046] hub 5-1:1.0: bad descriptor, ignoring hub [ 310.887566][ T6046] hub 5-1:1.0: probe with driver hub failed with error -5 [ 310.890181][ T6046] cdc_wdm 5-1:1.0: skipping garbage [ 310.891876][ T6046] cdc_wdm 5-1:1.0: skipping garbage [ 310.894308][ T6046] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 310.896363][ T6046] cdc_wdm 5-1:1.0: Unknown control protocol [ 311.192486][T10438] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1218'. [ 311.783257][T10431] usb 5-1: reset full-speed USB device number 12 using dummy_hcd [ 311.935480][T10432] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 312.068959][T10457] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1222'. [ 312.262831][ T10] usb 5-1: USB disconnect, device number 12 [ 313.478094][T10484] netlink: 'syz.4.1227': attribute type 1 has an invalid length. [ 313.481457][T10484] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1227'. [ 313.567547][T10490] netlink: 'syz.0.1229': attribute type 1 has an invalid length. [ 313.570685][T10490] netlink: 'syz.0.1229': attribute type 3 has an invalid length. [ 313.574426][T10490] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1229'. [ 313.810212][T10498] syzkaller0: entered promiscuous mode [ 313.812145][T10498] syzkaller0: entered allmulticast mode [ 313.960656][T10499] netlink: 'syz.2.1231': attribute type 1 has an invalid length. [ 313.963315][T10499] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1231'. [ 314.580520][T10513] netlink: 'syz.4.1234': attribute type 1 has an invalid length. [ 314.585263][T10513] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1234'. [ 314.772557][ T6008] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 314.922499][ T6008] usb 5-1: Using ep0 maxpacket: 16 [ 314.926651][ T6008] usb 5-1: config 0 has an invalid interface number: 145 but max is 0 [ 314.929989][ T6008] usb 5-1: config 0 has no interface number 0 [ 314.944185][ T6008] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 314.948876][ T6008] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.955993][ T6008] usb 5-1: Product: syz [ 314.961432][ T6008] usb 5-1: Manufacturer: syz [ 314.964014][ T6008] usb 5-1: SerialNumber: syz [ 314.974077][ T6008] usb 5-1: config 0 descriptor?? [ 314.980899][ T6008] hub 5-1:0.145: bad descriptor, ignoring hub [ 314.986637][ T6008] hub 5-1:0.145: probe with driver hub failed with error -5 [ 314.997723][ T6008] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.145/input/input14 [ 315.057622][T10520] max out of range [ 315.189269][T10523] max out of range [ 315.207924][T10521] FAULT_INJECTION: forcing a failure. [ 315.207924][T10521] name failslab, interval 1, probability 0, space 0, times 0 [ 315.214059][T10521] CPU: 3 UID: 0 PID: 10521 Comm: syz.1.1237 Not tainted syzkaller #0 PREEMPT(full) [ 315.214084][T10521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 315.214095][T10521] Call Trace: [ 315.214102][T10521] [ 315.214109][T10521] dump_stack_lvl+0x116/0x1f0 [ 315.214135][T10521] should_fail_ex+0x512/0x640 [ 315.214166][T10521] should_failslab+0xc2/0x120 [ 315.214190][T10521] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 315.214212][T10521] ? netlink_realloc_groups+0x1b5/0x2d0 [ 315.214238][T10521] ? krealloc_node_align_noprof+0x2c5/0x470 [ 315.214257][T10521] krealloc_node_align_noprof+0x2c5/0x470 [ 315.214282][T10521] netlink_realloc_groups+0x1b5/0x2d0 [ 315.214304][T10521] netlink_setsockopt+0x572/0x8f0 [ 315.214324][T10521] ? __pfx_netlink_setsockopt+0x10/0x10 [ 315.214350][T10521] ? __pfx_netlink_setsockopt+0x10/0x10 [ 315.214370][T10521] do_sock_setsockopt+0xf3/0x1d0 [ 315.214396][T10521] __sys_setsockopt+0x120/0x1a0 [ 315.214427][T10521] __ia32_sys_setsockopt+0xbc/0x160 [ 315.214452][T10521] ? lockdep_hardirqs_on+0x7c/0x110 [ 315.214471][T10521] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 315.214492][T10521] __do_fast_syscall_32+0x7c/0x300 [ 315.214515][T10521] do_fast_syscall_32+0x32/0x80 [ 315.214536][T10521] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 315.214558][T10521] RIP: 0023:0xf7ff2579 [ 315.214572][T10521] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 315.214589][T10521] RSP: 002b:00000000f54c555c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 315.214606][T10521] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000010e [ 315.214615][T10521] RDX: 0000000000000001 RSI: 0000000080000040 RDI: 0000000000000004 [ 315.214624][T10521] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 315.214634][T10521] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 315.214644][T10521] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 315.214666][T10521] [ 315.313781][ T5944] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 315.317278][ T5944] Bluetooth: hci3: Injecting HCI hardware error event [ 315.321511][ T5944] Bluetooth: hci3: hardware error 0x00 [ 315.331985][ T5944] ================================================================== [ 315.335260][ T5944] BUG: KASAN: slab-out-of-bounds in __list_del_entry_valid_or_report+0x1d4/0x200 [ 315.338908][ T5944] Read of size 8 at addr ffff88801b20f570 by task kworker/u33:3/5944 [ 315.344591][ T5944] [ 315.345630][ T5944] CPU: 1 UID: 0 PID: 5944 Comm: kworker/u33:3 Not tainted syzkaller #0 PREEMPT(full) [ 315.345651][ T5944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 315.345662][ T5944] Workqueue: hci3 hci_error_reset [ 315.345685][ T5944] Call Trace: [ 315.345691][ T5944] [ 315.345719][ T5944] dump_stack_lvl+0x116/0x1f0 [ 315.345740][ T5944] print_report+0xcd/0x630 [ 315.345760][ T5944] ? __virt_addr_valid+0x81/0x610 [ 315.345779][ T5944] ? __phys_addr+0xe8/0x180 [ 315.345799][ T5944] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 315.345817][ T5944] kasan_report+0xe0/0x110 [ 315.345836][ T5944] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 315.345858][ T5944] __list_del_entry_valid_or_report+0x1d4/0x200 [ 315.345876][ T5944] bt_accept_unlink+0x34/0x2d0 [ 315.345892][ T5944] l2cap_sock_teardown_cb+0x1a3/0x3c0 [ 315.345920][ T5944] l2cap_chan_del+0xbd/0x8f0 [ 315.345943][ T5944] l2cap_conn_del+0x37a/0x730 [ 315.345965][ T5944] ? hci_cmd_sync_dequeue+0x191/0x1f0 [ 315.345986][ T5944] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 315.346007][ T5944] l2cap_disconn_cfm+0x96/0xd0 [ 315.346031][ T5944] hci_conn_hash_flush+0x10e/0x260 [ 315.346052][ T5944] hci_dev_close_sync+0x602/0x11d0 [ 315.346071][ T5944] ? __pfx_bt_err+0x10/0x10 [ 315.346086][ T5944] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 315.346107][ T5944] hci_dev_do_close+0x2e/0x90 [ 315.346125][ T5944] hci_error_reset+0xbf/0x320 [ 315.346143][ T5944] process_one_work+0x9cf/0x1b70 [ 315.346169][ T5944] ? __pfx_hci_rx_work+0x10/0x10 [ 315.346186][ T5944] ? __pfx_process_one_work+0x10/0x10 [ 315.346211][ T5944] ? assign_work+0x1a0/0x250 [ 315.346232][ T5944] worker_thread+0x6c8/0xf10 [ 315.346257][ T5944] ? __kthread_parkme+0x19e/0x250 [ 315.346276][ T5944] ? __pfx_worker_thread+0x10/0x10 [ 315.346311][ T5944] kthread+0x3c5/0x780 [ 315.346331][ T5944] ? __pfx_kthread+0x10/0x10 [ 315.346352][ T5944] ? rcu_is_watching+0x12/0xc0 [ 315.346368][ T5944] ? __pfx_kthread+0x10/0x10 [ 315.346389][ T5944] ret_from_fork+0x675/0x7d0 [ 315.346410][ T5944] ? __pfx_kthread+0x10/0x10 [ 315.346430][ T5944] ret_from_fork_asm+0x1a/0x30 [ 315.346456][ T5944] [ 315.346462][ T5944] [ 315.430964][ T5944] Allocated by task 8884: [ 315.432665][ T5944] kasan_save_stack+0x33/0x60 [ 315.434261][ T5944] kasan_save_track+0x14/0x30 [ 315.435918][ T5944] __kasan_kmalloc+0xaa/0xb0 [ 315.437784][ T5944] srp_add_one+0x6a1/0xee0 [ 315.439550][ T5944] add_client_context+0x3de/0x590 [ 315.441238][ T5944] enable_device_and_get+0x1d4/0x3f0 [ 315.443054][ T5944] ib_register_device+0x87f/0xe00 [ 315.444635][ T5944] rxe_register_device+0x275/0x320 [ 315.446418][ T5944] rxe_net_add+0x95/0xf0 [ 315.448095][ T5944] rxe_newlink+0x70/0x190 [ 315.449809][ T5944] nldev_newlink+0x3a6/0x680 [ 315.451650][ T5944] rdma_nl_rcv_msg+0x38a/0x6e0 [ 315.453548][ T5944] rdma_nl_rcv_skb.constprop.0.isra.0+0x2d0/0x430 [ 315.456103][ T5944] netlink_unicast+0x5aa/0x870 [ 315.458005][ T5944] netlink_sendmsg+0x8c8/0xdd0 [ 315.459859][ T5944] ____sys_sendmsg+0xa98/0xc70 [ 315.461673][ T5944] ___sys_sendmsg+0x134/0x1d0 [ 315.463197][ T5944] __sys_sendmsg+0x16d/0x220 [ 315.464667][ T5944] __do_fast_syscall_32+0x7c/0x300 [ 315.466352][ T5944] do_fast_syscall_32+0x32/0x80 [ 315.467891][ T5944] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 315.469917][ T5944] [ 315.470699][ T5944] The buggy address belongs to the object at ffff88801b20f000 [ 315.470699][ T5944] which belongs to the cache kmalloc-2k of size 2048 [ 315.475060][ T5944] The buggy address is located 0 bytes to the right of [ 315.475060][ T5944] allocated 1392-byte region [ffff88801b20f000, ffff88801b20f570) [ 315.479527][ T5944] [ 315.480279][ T5944] The buggy address belongs to the physical page: [ 315.482242][ T5944] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1b208 [ 315.485262][ T5944] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 315.487807][ T5944] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 315.490212][ T5944] page_type: f5(slab) [ 315.491482][ T5944] raw: 00fff00000000040 ffff88801b442f00 dead000000000100 dead000000000122 [ 315.494188][ T5944] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 315.497016][ T5944] head: 00fff00000000040 ffff88801b442f00 dead000000000100 dead000000000122 [ 315.499963][ T5944] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 315.502743][ T5944] head: 00fff00000000003 ffffea00006c8201 00000000ffffffff 00000000ffffffff [ 315.505473][ T5944] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 315.508861][ T5944] page dumped because: kasan: bad access detected [ 315.511247][ T5944] page_owner tracks the page as allocated [ 315.513028][ T5944] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5939, tgid 5939 (syz-executor), ts 54152321220, free_ts 52488606600 [ 315.519720][ T5944] post_alloc_hook+0x1c0/0x230 [ 315.521229][ T5944] get_page_from_freelist+0x10a3/0x3a30 [ 315.522983][ T5944] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 315.524833][ T5944] alloc_pages_mpol+0x1fb/0x550 [ 315.526400][ T5944] new_slab+0x24a/0x360 [ 315.527718][ T5944] ___slab_alloc+0xdae/0x1a60 [ 315.529272][ T5944] __slab_alloc.constprop.0+0x63/0x110 [ 315.531008][ T5944] __kmalloc_node_noprof+0x4dd/0x8a0 [ 315.532969][ T5944] qdisc_alloc+0xbb/0xc50 [ 315.534360][ T5944] qdisc_create_dflt+0x94/0x490 [ 315.535907][ T5944] dev_activate+0x63f/0x12d0 [ 315.537364][ T5944] __dev_open+0x432/0x7c0 [ 315.538742][ T5944] __dev_change_flags+0x55d/0x720 [ 315.540446][ T5944] netif_change_flags+0x8d/0x160 [ 315.542482][ T5944] do_setlink.constprop.0+0xb53/0x4380 [ 315.544209][ T5944] rtnl_newlink+0x1446/0x2000 [ 315.545755][ T5944] page last free pid 110 tgid 110 stack trace: [ 315.547696][ T5944] free_unref_folios+0xa31/0x1610 [ 315.549414][ T5944] shrink_folio_list+0x35c7/0x4800 [ 315.551108][ T5944] evict_folios+0x79c/0x1b30 [ 315.552572][ T5944] try_to_shrink_lruvec+0x585/0x9b0 [ 315.554293][ T5944] shrink_one+0x3e3/0x7a0 [ 315.555686][ T5944] shrink_node+0x26cb/0x3d80 [ 315.557309][ T5944] balance_pgdat+0xbb8/0x1a50 [ 315.559483][ T5944] kswapd+0x590/0xb90 [ 315.560957][ T5944] kthread+0x3c5/0x780 [ 315.562380][ T5944] ret_from_fork+0x675/0x7d0 [ 315.563866][ T5944] ret_from_fork_asm+0x1a/0x30 [ 315.565524][ T5944] [ 315.566316][ T5944] Memory state around the buggy address: [ 315.568263][ T5944] ffff88801b20f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 315.570921][ T5944] ffff88801b20f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 315.573557][ T5944] >ffff88801b20f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 315.576858][ T5944] ^ SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 315.580009][ T5944] ffff88801b20f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 315.583387][ T5944] ffff88801b20f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 315.586987][ T5944] ================================================================== [ 315.597389][ T5944] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 315.600436][ T5944] CPU: 1 UID: 0 PID: 5944 Comm: kworker/u33:3 Not tainted syzkaller #0 PREEMPT(full) [ 315.604416][ T5944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 315.608862][ T5944] Workqueue: hci3 hci_error_reset [ 315.611019][ T5944] Call Trace: [ 315.612274][ T5944] [ 315.613396][ T5944] dump_stack_lvl+0x3d/0x1f0 [ 315.615110][ T5944] vpanic+0x640/0x6f0 [ 315.616391][ T5944] panic+0xca/0xd0 [ 315.617595][ T5944] ? __pfx_panic+0x10/0x10 [ 315.619044][ T5944] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 315.621076][ T5944] ? preempt_schedule_common+0x44/0xc0 [ 315.622929][ T5944] ? preempt_schedule_thunk+0x16/0x30 [ 315.624624][ T5944] ? check_panic_on_warn+0x1f/0xb0 [ 315.626304][ T5944] check_panic_on_warn+0xab/0xb0 [ 315.628125][ T5944] end_report+0x107/0x170 [ 315.629501][ T5944] kasan_report+0xee/0x110 [ 315.630940][ T5944] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 315.633286][ T5944] __list_del_entry_valid_or_report+0x1d4/0x200 [ 315.635861][ T5944] bt_accept_unlink+0x34/0x2d0 [ 315.637436][ T5944] l2cap_sock_teardown_cb+0x1a3/0x3c0 [ 315.639148][ T5944] l2cap_chan_del+0xbd/0x8f0 [ 315.640615][ T5944] l2cap_conn_del+0x37a/0x730 [ 315.642157][ T5944] ? hci_cmd_sync_dequeue+0x191/0x1f0 [ 315.644556][ T5944] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 315.646879][ T5944] l2cap_disconn_cfm+0x96/0xd0 [ 315.648489][ T5944] hci_conn_hash_flush+0x10e/0x260 [ 315.650345][ T5944] hci_dev_close_sync+0x602/0x11d0 [ 315.652526][ T5944] ? __pfx_bt_err+0x10/0x10 [ 315.654440][ T5944] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 315.656810][ T5944] hci_dev_do_close+0x2e/0x90 [ 315.658815][ T5944] hci_error_reset+0xbf/0x320 [ 315.660779][ T5944] process_one_work+0x9cf/0x1b70 [ 315.662894][ T5944] ? __pfx_hci_rx_work+0x10/0x10 [ 315.664964][ T5944] ? __pfx_process_one_work+0x10/0x10 [ 315.667226][ T5944] ? assign_work+0x1a0/0x250 [ 315.669178][ T5944] worker_thread+0x6c8/0xf10 [ 315.671172][ T5944] ? __kthread_parkme+0x19e/0x250 [ 315.673527][ T5944] ? __pfx_worker_thread+0x10/0x10 [ 315.675557][ T5944] kthread+0x3c5/0x780 [ 315.676856][ T5944] ? __pfx_kthread+0x10/0x10 [ 315.678538][ T5944] ? rcu_is_watching+0x12/0xc0 [ 315.680081][ T5944] ? __pfx_kthread+0x10/0x10 [ 315.681544][ T5944] ret_from_fork+0x675/0x7d0 [ 315.683042][ T5944] ? __pfx_kthread+0x10/0x10 [ 315.684508][ T5944] ret_from_fork_asm+0x1a/0x30 [ 315.686326][ T5944] [ 315.688362][ T5944] Kernel Offset: disabled [ 315.690193][ T5944] Rebooting in 86400 seconds.. VM DIAGNOSIS: 07:38:46 Registers: info registers vcpu 0 CPU#0 RAX=0000000000714267 RBX=0000000000000000 RCX=ffffffff8b5d42a9 RDX=0000000000000000 RSI=ffffffff8da27d97 RDI=ffffffff8bf075c0 RBP=fffffbfff1c12f40 RSP=ffffffff8e007df8 R8 =0000000000000001 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e097a00 R14=ffffffff90823ad0 R15=0000000000000000 RIP=ffffffff8b5d2d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097810000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000008000a000 CR3=000000006a829000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85267f35 RDI=ffffffff9adc2de0 RBP=ffffffff9adc2da0 RSP=ffffc90003d2f410 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3262313038386552 R12=0000000000000000 R13=0000000000000066 R14=ffffffff9adc2da0 R15=ffffffff85267ed0 RIP=ffffffff85267f5f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097910000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080009000 CR3=00000000290a0000 CR4=00352ef0 DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000000083 DR3=ffffffffefffff15 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000001 Opmask01=0000000000000001 Opmask02=0000000030080000 Opmask03=0000000000000000 Opmask04=00000000fff9ffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff34d127eb 00007fff34d127eb ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff34d12cf0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff34d12cf0 0000003000000018 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3030303030303030 30203a3930522030 3030303030303030 3030303030303000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3030303030303030 3020303330522030 3030303030303030 3030303030303000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e49203a33696368 203a68746f6f7465 756c42205d343439 3554205b5d383732 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3030203030203030 2030302036322034 6220643820303020 3030203030203030 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2036322034622064 3820303920303920 3039203039203363 203935206135203e ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 64353c2030382064 6320343320663020 3565203938203535 2032352031352030 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3020303020303020 3030203030203030 2030302030302030 3020303020303020 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a746e6573657270 20426b323334323a 7365676170737a20 426b303834323a67 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000008da19d RBX=0000000000000002 RCX=ffffffff8b5d42a9 RDX=0000000000000000 RSI=ffffffff8da27d97 RDI=ffffffff8bf075c0 RBP=ffffed1003b5d920 RSP=ffffc9000047fde8 R8 =0000000000000001 R9 =ffffed1005686655 R10=ffff88802b4332ab R11=0000000000000001 R12=0000000000000002 R13=ffff88801daec900 R14=ffffffff90823ad0 R15=0000000000000000 RIP=ffffffff8b5d2d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097a10000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000806ce000 CR3=000000004afc1000 CR4=00352ef0 DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000000083 DR3=ffffffffefffff15 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001b800000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffffffff93a2a4c0 RCX=1ffff110056a481a RDX=0000000000000004 RSI=ffffffff8da02450 RDI=ffffffff8e2b1660 RBP=ffff88802b5240c0 RSP=ffffc90007fe77e8 R8 =000000496bf21f8a R9 =0000000000000001 R10=ffff88802ed5b0f7 R11=0000000000000003 R12=0000000000000004 R13=0000000000000000 R14=0000000000000000 R15=ffffffff8e2b15c0 RIP=ffffffff8194f689 RFL=00000802 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097b10000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000806d0000 CR3=000000004afc1000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000004800000000 0000000100000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000004800000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000