last executing test programs: 2m32.922650808s ago: executing program 0 (id=910): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="5800000000090101000000000200000000000000100004800800004000000003040002000c000280050001f21500000014000280080001000000000008000200ac141400080005400000000009000100"], 0x58}}, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'hsr0\x00', 0x0}) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x6, 0xdb9f, 0x10000, 0x7, 0x4}) sendto$packet(r3, &(0x7f0000000180)="02030300000002000000ab5d71acedd7c9560385dcb188fb", 0x18, 0x0, &(0x7f0000000040)={0x11, 0x8, r4, 0x1, 0x4, 0x6, @multicast}, 0x14) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r5) sendmsg$NLBL_CIPSOV4_C_ADD(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x50, r6, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x2}, {0x5}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x50}}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000080)={'wpan4\x00'}) 2m32.606858367s ago: executing program 0 (id=913): prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) syz_emit_ethernet(0x46, &(0x7f0000000240)=ANY=[], 0x0) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtaction={0x18, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40884}, 0x804) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x6, @local}, 0x10) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="54160200", @ANYRES16, @ANYBLOB="05002abd7000fddbdf2501000000380108805800008024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b0800030000000000200004000a004e2000000001ff010000000000000000000000000001050000000800030007000000dc00008024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffb40009804c0000800600010002000000080002", @ANYRES32, @ANYBLOB], 0x154}, 0x1, 0x0, 0x0, 0x4000}, 0x40) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x1, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0xfffe}, {0xb}, {0x1, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) 2m32.50687656s ago: executing program 3 (id=914): syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000440)={0x0, 0x7, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="1800000007140100000032c83a110000050042"], 0x18}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_SET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="58000000442b75190f0441cd6f8bbd30b6ad6b988146f1b783a339a7a59416d6464ebe1b3d9fb56d564ea2a6b6ee7117ee7dd3096a92f209f69f47a60a75ce195b060122bc57011a367c09687a24294ae1d8ac56aac75764260427085fd3c625ccb36c6b82fa5732f463b4073c20c7d19aef8dc609955bbf9a5e3207db354b53dd84", @ANYRES16=r4, @ANYBLOB="01002dbd7000fddbdf253e0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830001000000"], 0x58}, 0x1, 0x0, 0x0, 0x20048020}, 0x80) sendmsg$IPSET_CMD_SAVE(r2, 0x0, 0x800) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_ACTIVATE_TARGET(r6, 0xfffffffffffffffe, 0x4048001) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB='H\x00\x00\x00\n'], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) 2m32.210977146s ago: executing program 3 (id=915): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f00000002c0)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r1, &(0x7f00000000c0), 0x2) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r4, 0x29, 0x19, 0x0, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @random="a0725ce9403b", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb8000", 0x38, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @mcast2, {[], @time_exceed={0x4, 0x0, 0x0, 0x60, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @mcast1, @mcast1, [], "1b8d2069162baf34"}}}}}}}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x34, 0x2, [@TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x8000}, @TCA_FQ_QUANTUM={0x8, 0x3, 0x1ff}, @TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0xa}, @TCA_FQ_FLOW_PLIMIT={0x8, 0x2, 0x1}, @TCA_FQ_RATE_ENABLE={0x8}, @TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0xd04a}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x51}, 0x20040000) shutdown(r2, 0x1) read(r1, &(0x7f00000001c0)=""/93, 0x5d) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) ioctl$IOCTL_VMCI_SET_NOTIFY(r7, 0x7cb, &(0x7f0000000180)={0x4, 0xffffffff, 0xc}) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x88f, &(0x7f0000000900)={0x0, 0xaee1, 0x10, 0xfffffffe, 0xffdffffe}, &(0x7f0000000000)=0x0, &(0x7f0000000540)) socket$nl_generic(0x10, 0x3, 0x10) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000100)=0xfffffffc, 0x0, 0x4) r9 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r10 = socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffff9c, &(0x7f0000000080), 0x10800, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r10, 0x0, 0x20000050) writev(r9, &(0x7f0000000700)=[{&(0x7f0000000140)="a7", 0x1}], 0x1) 2m32.20577958s ago: executing program 0 (id=916): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@deltfilter={0x3c, 0x2d, 0x2, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x1}, {0xb, 0x4}, {0xfff0, 0x1}}, [@TCA_CHAIN={0x8, 0xb, 0x7}, @TCA_CHAIN={0x8, 0xb, 0x4}, @TCA_RATE={0x6, 0x5, {0x0, 0x4}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x810) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) socket(0x1d, 0x6, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28) shutdown(r2, 0x1) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) sendfile(r2, r3, 0x0, 0xffffffff004) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000300)=[@in={0x2, 0x4e23, @multicast1}], 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000900)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r7, r3, 0x7, 0x0, @void}, 0x10) 2m31.531034122s ago: executing program 3 (id=920): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r1, 0x48e9, 0x0, 0x2, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) map_shadow_stack(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x0) r4 = syz_io_uring_setup(0x131, &(0x7f0000000340)={0x0, 0x3f3f, 0x2, 0x0, 0xffbfbffd}, &(0x7f0000000140)=0x0, &(0x7f0000000000)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, &(0x7f0000000200)=0x1, 0x4) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) r9 = syz_io_uring_setup(0x18e9, &(0x7f00000003c0)={0x0, 0xb49f, 0x200, 0x3, 0x3e3, 0x0, r4}, &(0x7f0000000540), &(0x7f0000000280)) io_uring_setup(0x5291, &(0x7f00000005c0)={0x0, 0x4c30, 0x2, 0x3, 0x85}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r9, 0x11, &(0x7f0000000440)="f3897aa3fd906dbd0f2d535f8aa7bd1b695b39bc65e143394f7eb106b5e77bdc4a42ea82034f00feb3cd010c8e3aa1f029e446163fdec2b3a8fdd3601ba6a4afc618ba018156f0c1e5a880396935ea5f18fc42ec8c02581cacf9d4ee6b581823e46ee3ed37815a7b35e26fc80f759c6b28c0510fa1ca7901eec6a3c45f34c6cfb18f3c43cc5c1ec938df89d1dbc63decc661cbee1f2d552938c1c8ba4050514b1e1534f7066f0050ec4fdaba2ab7213cc2db51eef8d4ce3128914c0202930c70c7da688831f320ee98d5ad1a744537ce863ab84deb02ee1b1bce36cf17fd6e12a40b8d784ed51b7286900f31f7bf1815bc00ff4d", 0xf4) bind$xdp(r6, &(0x7f0000000100)={0x2c, 0xa, r8}, 0x10) r10 = syz_io_uring_setup(0x110, &(0x7f0000000200)={0x0, 0xfecb, 0x100, 0x5, 0x3d4}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r11, r12, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r10, 0xdb4, 0xad04, 0x0, 0x0, 0x0) r13 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DONE(r13, 0x0, 0xc9, 0x0, 0x0) io_uring_enter(r4, 0x1e76, 0xf728, 0xd, 0x0, 0x18) 2m30.292307881s ago: executing program 0 (id=921): socket$nl_sock_diag(0x10, 0x3, 0x4) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) io_uring_setup(0x70c3, &(0x7f0000000180)={0x0, 0x2c3f, 0x0, 0x1, 0x2}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r0}, 0x8) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x17, 0x28, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5}, [@jmp={0x5, 0x0, 0x6, 0x5, 0x8, 0x281730b599841441, 0xffffffffffffffff}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1ff}}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x2}, @printk={@lld}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4b28}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7fffffff}}]}, &(0x7f0000000140)='GPL\x00', 0x6, 0x66, &(0x7f0000000840)=""/102, 0x41100, 0x72, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x9, 0x5}, 0x8, 0x10, &(0x7f00000008c0)={0x5, 0x3, 0x2, 0x4}, 0x10, 0xffffffffffffffff, r0, 0x0, 0x0, 0x0, 0x10, 0xbb4}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) socket$alg(0x26, 0x5, 0x0) ustat(0x6, &(0x7f0000000080)) munmap(&(0x7f0000901000/0x3000)=nil, 0x3000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbff, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0xff, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f0000000480)={0x0, 0x1f00, &(0x7f0000000140)={&(0x7f0000000180)={0x14, r9, 0x9c3fa077fa966179, 0x4, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x0) 2m28.711847684s ago: executing program 0 (id=925): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0) write$vga_arbiter(r1, &(0x7f0000000000)=@other={'lock', ' ', 'mem'}, 0x9) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2145c99, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x19) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2b) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x0) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000300)={0x0, r5}, 0x8) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000600000000000000fcffffff180100002020752500000000002020207b1af8ff00000000bfa1000000000000070100000bffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_exit\x00', r7}, 0x18) bpf$LINK_DETACH(0x22, &(0x7f0000000000)=r8, 0x4) mount$9p_fd(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f00000003c0), 0x2214000, &(0x7f0000000640)=ANY=[@ANYBLOB='trao=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',\x00']) fcntl$setownex(r7, 0xf, &(0x7f00000002c0)={0x2}) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@gettaction={0x20, 0x32, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000840}, 0x20004000) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0xfffe}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}]}], {0x14}}, 0xdc}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x1, 0x1000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) 2m28.582268257s ago: executing program 0 (id=926): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000304000000000000000000007400", @ANYRES32], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, r0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000001c0), 0x13f, 0x1}}, 0x20) r3 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x1}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffb) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x14) keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x100000000000f7) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x4) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8004) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x4, 0x0) io_setup(0x4, &(0x7f00000000c0)=0x0) io_destroy(r6) ioctl$TIOCVHANGUP(r5, 0x5437, 0x0) syslog(0x2, &(0x7f00000004c0)=""/164, 0xa4) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, &(0x7f0000000080)={{&(0x7f0000a4d000/0x1000)=nil, 0x20a4d000}}) keyctl$revoke(0x3, r3) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2) 2m28.391785905s ago: executing program 3 (id=927): socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3d, 0x0, &(0x7f0000000000)) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0x0) syz_pidfd_open(0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) signalfd(0xffffffffffffffff, 0x0, 0x0) setpgid(r0, 0x0) (async) setpgid(r0, 0x0) setpgid(0x0, r0) (async) setpgid(0x0, r0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) (async) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) mkdir(0x0, 0x0) (async) mkdir(0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@RTM_GETNSID={0x1c, 0x5a, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@NETNSA_PID={0x8, 0x2, r0}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0080d1}, 0x20048084) bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000440)='./file1\x00', 0x0, 0x8}, 0x18) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000440)='./file1\x00', 0x0, 0x8}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c40)={{0x14}, [@NFT_MSG_NEWRULE={0x274, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x23c, 0x4, 0x0, 0x1, [{0x238, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x228, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x214, 0x3, "d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772b8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbaddefdaa26f43f12f831fd221926d6536eeff641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37cd51f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034b8b3b6680ad138be47652a3e77981187d2921cebfc1639aa280e3d38dba9b1af49ceded79c78a2d656b3a3e946e17e6257def6679f70f11aa01a2d906aecf4dbc7d1a332a8932ed719ce7eecb5450f494f944b3f6b637502ddba609c6e45dcfad1db7c7dda3e2c755ddcf27132985442e9b8df16f96c82e72e3e2491856d07756b9f"}, @NFTA_MATCH_NAME={0x8, 0x1, 'bpf\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_COMPAT={0xc, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8864}]}]}], {0x14}}, 0x29c}}, 0x4048010) socket(0x10, 0x3, 0x0) (async) r3 = socket(0x10, 0x3, 0x0) recvmmsg$unix(r3, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000003700)=[{0x0}, {&(0x7f00000025c0)=""/4096, 0x1000}], 0x2}}], 0x1, 0x2, 0x0) mount$afs(0x0, 0x0, 0x0, 0x88, 0x0) (async) mount$afs(0x0, 0x0, 0x0, 0x88, 0x0) r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$AUTOFS_IOC_READY(r4, 0x9360, 0x800000000000001) (async) ioctl$AUTOFS_IOC_READY(r4, 0x9360, 0x800000000000001) name_to_handle_at(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', &(0x7f0000000240)=@isofs={0x14, 0x1, {0x5, 0x5, 0x7, 0x10000, 0x0, 0x6}}, &(0x7f0000000280), 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 2m28.092312072s ago: executing program 3 (id=928): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x88306, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000240)={0xf0003, 0x0, [0x680, 0x3, 0x7, 0x0, 0x0, 0x0, 0x2b, 0x40000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x5000000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 2m27.722028702s ago: executing program 3 (id=930): r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r2 = dup3(r1, r0, 0x0) recvmmsg$unix(r2, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000004100)=""/4099, 0x1003}], 0x1}}], 0x1, 0x18ca02a0, 0x0) r3 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) connect$l2tp6(r3, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) sendmmsg$inet6(r3, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0}, 0x1000000}], 0x17fd147c801ae9ab, 0x0) 2m27.453745872s ago: executing program 32 (id=930): r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r2 = dup3(r1, r0, 0x0) recvmmsg$unix(r2, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000004100)=""/4099, 0x1003}], 0x1}}], 0x1, 0x18ca02a0, 0x0) r3 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) connect$l2tp6(r3, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) sendmmsg$inet6(r3, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0}, 0x1000000}], 0x17fd147c801ae9ab, 0x0) 2m13.306316149s ago: executing program 33 (id=926): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000304000000000000000000007400", @ANYRES32], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, r0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000001c0), 0x13f, 0x1}}, 0x20) r3 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x1}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffb) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x14) keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x100000000000f7) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x4) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8004) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x4, 0x0) io_setup(0x4, &(0x7f00000000c0)=0x0) io_destroy(r6) ioctl$TIOCVHANGUP(r5, 0x5437, 0x0) syslog(0x2, &(0x7f00000004c0)=""/164, 0xa4) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, &(0x7f0000000080)={{&(0x7f0000a4d000/0x1000)=nil, 0x20a4d000}}) keyctl$revoke(0x3, r3) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2) 8.214981194s ago: executing program 2 (id=1464): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000200)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x44, r1, 0x1, 0x70bd27, 0x2, {}, [@NL802154_ATTR_SEC_DEVKEY={0x28, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x8000000) 8.040808214s ago: executing program 2 (id=1468): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r4, 0x891a, 0x0) 7.361283148s ago: executing program 1 (id=1470): syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_score_adj\x00') readlinkat(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000540)=""/76, 0x4c) 7.221360014s ago: executing program 1 (id=1471): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0xffff, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 6.871113253s ago: executing program 2 (id=1474): syz_open_dev$tty1(0xc, 0x4, 0x1) socket(0xa, 0x2, 0x0) socket(0x10, 0x803, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x9b, 0x1c, 0x3d, 0x10, 0x67b, 0x331a, 0x4a31, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x5, 0x0, 0x0, [{{0x9, 0x4, 0xa1, 0x0, 0x0, 0xc2, 0x16, 0x2}}]}}]}}, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$inet6(0xa, 0x802, 0x88) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000240)=[0x2], &(0x7f0000000200), &(0x7f0000000280)}) 6.550926904s ago: executing program 1 (id=1477): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) fchdir(r1) r6 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) sendfile(r6, r6, 0x0, 0x1000000201005) ftruncate(r6, 0x6) 5.521281461s ago: executing program 2 (id=1478): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="100000000400000004000000010000", @ANYRES32=0x1], 0x50) r1 = socket$kcm(0xa, 0x5, 0x0) r2 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r2, &(0x7f00000002c0)={&(0x7f0000000180)={0x2, 0x2, @dev}, 0x10, 0x0}, 0x64) setsockopt$sock_attach_bpf(r2, 0x84, 0x1e, &(0x7f0000000240), 0x4) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8936, &(0x7f0000000000)) 5.450830444s ago: executing program 1 (id=1479): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r5, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f00000006c0)=ANY=[@ANYBLOB="280000000301010100000000000000004000000708000840000000"], 0x28}, 0x1, 0x0, 0x0, 0x14}, 0x810) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000002140)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}}) 3.910169297s ago: executing program 1 (id=1481): r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) syz_usb_connect(0x5, 0xa4, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CLOCK(0xffffffffffffffff, 0x8030ae7c, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) timer_create(0x1, 0x0, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0xfffffffc, 0x5b35, 0x80000000}, 0x1c) sendto$inet(r0, &(0x7f0000000580)="e1", 0xfffffffffffffef1, 0x40000, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2}, 0x48) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r5}, @call={0x85, 0x0, 0x0, 0x26}]}, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r3, @ANYRES32=r6, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r3, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20) recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000800)=""/140, 0x8c}], 0x1}, 0x10000) 3.320465118s ago: executing program 5 (id=1484): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') read$FUSE(r0, &(0x7f00000082c0)={0x2020}, 0x2020) socket$inet6_udp(0xa, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) syz_usb_connect$cdc_ecm(0x2, 0x53, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000020000402505a1a44000000001010902410001010000000904000006020600000b24060000aef775dff7a405241c"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f0000000540)="1a", 0x1, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x100, @loopback}, 0x1c) sendmmsg$sock(r2, &(0x7f00000004c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="89", 0x1}], 0x1}}], 0x1, 0x0) shutdown(r2, 0x1) sendmmsg$inet6(r2, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="acedd1b0880f", 0x33b40}], 0x1}}], 0x1, 0x4040004) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000e40)=@nat={'nat\x00', 0x62, 0x5, 0x380, 0x240, 0x170, 0xffffffff, 0x240, 0xa8, 0x2e8, 0x2e8, 0xffffffff, 0x2e8, 0x2e8, 0x5, 0x0, {[{{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00', {0xff}, {}, 0x0, 0x2, 0x3}, 0x0, 0x70, 0xa8, 0x0, {0x22e}}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @loopback, @empty, @port, @gre_key}}}}, {{@uncond, 0x0, 0x90, 0xc8, 0x0, {}, [@common=@socket0={{0x20}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x19, @loopback, @multicast2, @gre_key=0x4, @port=0x4e23}}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_hsr\x00', 'ipvlan0\x00', {}, {}, 0xcd3be794a2cc8690}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x6, 0x1, 0x1, 0x2], 0x0, 0x4}, {0x4, [0x3, 0x7, 0x6, 0x1, 0x8, 0x4], 0x6, 0x5}}}}, {{@ip={@remote, @empty, 0x0, 0x0, 'veth1_to_batadv\x00', 'vcan0\x00', {}, {}, 0x8c59ad957e2c5137}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, @gre_key}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3e0) 2.693541474s ago: executing program 4 (id=1487): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) fchdir(r1) r6 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) sendfile(r6, r6, 0x0, 0x1000000201005) ftruncate(r6, 0x6) 1.681291074s ago: executing program 2 (id=1488): socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a) openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x22802, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) openat$comedi(0xffffff9c, 0x0, 0x2000, 0x0) 1.68093324s ago: executing program 4 (id=1489): r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$update(0x2, r0, 0x0, 0x0) 1.62091321s ago: executing program 4 (id=1490): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000180), 0x1, 0xca000) r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') socket(0x80000000000000a, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) preadv(r1, &(0x7f0000000380)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x5b, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0x1}, 0x1c) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e21, 0xc19, @loopback, 0x2ac}, 0x1c) close_range(r0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)) 1.260950461s ago: executing program 5 (id=1491): r0 = syz_open_dev$loop(0x0, 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000440)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x20000000000008, 0x200000, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c18e8438ef2a565ef1e83323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200000000000000000000000200"}}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)=0x1000) mmap$IORING_OFF_SQ_RING(&(0x7f0000d99000/0x1000)=nil, 0x1000, 0x3000000, 0x13, 0xffffffffffffffff, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) setsockopt$MRT6_PIM(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000180)=0x3, 0x4) sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000070a010257000000000000000004000004"], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x40) 1.151333925s ago: executing program 5 (id=1492): r0 = syz_io_uring_setup(0x4f6, &(0x7f0000000380)={0x0, 0x80fd, 0x10, 0x4, 0x139}, &(0x7f0000000300)=0x0, &(0x7f00000002c0)=0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f00000000c0)=@hci={0x1f, 0xffffffffffffffff, 0x3}, 0x0, 0x0, 0x1}) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x5e04, 0x0, 0x90, [0x0, 0x0, 0x200000000400], 0x2, 0x0, 0x0}, 0x108) io_uring_enter(r0, 0x47bc, 0xf5, 0x0, 0x0, 0x0) 981.153151ms ago: executing program 5 (id=1493): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000300)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) creat(0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r0}, 0x18) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000003380)='system.posix_acl_access\x00', &(0x7f0000000540)={{}, {0x1, 0x3}, [], {}, [], {0x10, 0x5}, {0x20, 0x2}}, 0x24, 0x0) lchown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) 655.155251ms ago: executing program 2 (id=1494): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) migrate_pages(0xffffffffffffffff, 0xb, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x14) inotify_rm_watch(r0, r4) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x2, 0x6}, 0x4) setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94) socket$igmp(0x2, 0x3, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000081400002d0301000000000095000000000000006916600000000000bf67000000000000260300000fff0748670600000f000000170300000ee60020bf050000000000001d360000000000006507f9ff01000000070700004c000000cc75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ff7f5be95e09b67754bb12feffffff8ecf264e0f84f9f17d3c51e3c7bdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be5b369289aa6812b8e007e733b9a4f16d0abbd5ad9381806ef08513e3d3778a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad5b803306b17cf4ef3f1d45f65727546e7c955ccefa1f6ab689fde4de4e63edf10271a5144ddc8da3aa5b0ab733a1b901627b562ed04ae76002d4519af619e3a2a4d69e0dee5eb106774a8f3e6916dfec88b5634ef79b02d2ca8ff54c158f0200000000eafb735fd552bdc206004aeb0743eb2dc819c75c8ac86d8a297dff0445a13d006723888fb126a163f16fb2ad9bc1162ba7cbebe174cecac4d03723f1c932b3faffffffffffffff5fc998e13b670e373e3e5897f7ad2e99e0e67a993716dbf580469f0f53acbb40b401e3738270b315d362ed834f2a0700000096649a462e7ee4bcf8b07a101c879730beb4000000000000000000000000000000bc00f674629709e7e78f4ddc3d1bc3ebf0bd9d42ca019dd5d022cf7468659fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab04871bc47287cd313f3bea788ea2bcdc340ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f3767ce603c9d4867b63d20a268bb9f15a0a6e66ce4660fbee91629ab028acfc1d9260e9659a0f6a5480a55c22fe3ae5f562d0ae520c38d2bab6528000000596fb73a96b33c81cdbbd421a27f7f1db054cc7a0a4d372849c99a98822103b9851d924b85b1ca4b21b187db00000000000000066dead3b9670a7604a5ddd0fd2e4fb8a5749a8a8ad78454ba1eebeff1b528da294247d294d2487babb176fdfafeb3d492a325671e6b91afb41f87feda4ce2f468a3758750c0b8f151d4d8574bbbe027687a0e12311cdf3384a26ee3f6f2424ba1e5be98ef1f8f2db9a4991e234f9f447e1730ceaf54cf25c0e3ad7cbb0de06d55db89d154c9d3fcd01c551b0ef58034c252629aefbfd5305845b9a8763b264e8f0bcd0f606fe92e511f122325ebc5fef1b68f2e2ec7bebe423d4baae0e27845d0eb8b8a4f97f83424221e94a5c4623feb8496ccdbc55b27773bf1b3e6a91a20e0c27fc80262647f88d8d1123d199b2c7729bb7700e887ea963f00004a1d0851dbfb9308d16cadcc7b477c9a9586571182526898735552a203c4797228533b1a73ab44aa115136353964648abcc4adbe765556643842290a92eafea0ec2c000000000000000000000000000000e1f3518dc3fc2bbefe043804ac1b6b1c8b7e3afed045a3a808700bca61a39d5bfa83877803013e2d145e642253632f3a283c6eee0e22cb69fe7f94786220c31e9b2a82a9856e947bace74923e4740bf1c17cb41ef19161c3d417655517c28bd08dee32d77a40b834ba7a12223354e9321b8300f7d5d63fa0e8f074adc176285a8f41609ce040cec99943792f5443ca5292447b0f0f240743c4b2b8142ce0b43d4d1731ce11533f61ef241c83557f5aae58a848b5ccce86b8b0fb21fe369c90f06e2d9680003df72f3f0060e6c3415cc1026d342003bece09fbfd062efdd9b48377335903f3b4e87386915e3ac429a4db646da1cc6e29ad8650f4da326cbfdce12c8d5deba32549d6aefe422e0d665d62325c737fe76ec1f3c3670ed96f86738a2cf1c59b5f9b84ffd068f7b4509f53617910a41b811a3f7cd6251f8100008133af11a4db2d00c0ad86ce9f40f3e06b41b45f72b1598a12abddf58ac778bff2f1e49306a1d2f80b2a7d7a28f3997ee60793c62ffee96535e47adac9f367395cf26056a4b76d646f7682f21beafcdb7a9c07acfd145487426f1a009327b8ec6e695e6a7ddcc2c9151cc9c4efa413fa1e521b398151247104bc47748199441cf298e925ef2e3374f4ec0193b38a355c35ee44962fceb3f418510742c93a442f857733b74b6d9197cd62784d7f2afa6a4bc5cae18e33435665250241a7ffd96fc0790000009c17c570096bb75de737107e029b18ec0e61ab3761366452a1c6e3e3c912170f874555aaefc9644cffa768eb2b47c6b040698746df86026730db64859c46cdfb775b86214cfd1932d5ad87c56ea4f38bca780000000000000000000000003bf179c894590cb06b546082451bb735e7152afd5340683663e8effbfb49855ec98703a1e141ab7510fc0e3b081e72d25bfa4e52bedadd11e152bb1dcfcfe942b97b813cf4cdd8626ecfb630425db071c1bfdb03fee96f80b1a96f9427e17edfdc902749ccbab746e26a3a46527b3a32c49dab9608ab1dca3982590c1e78ff5c87d10eef5c3707974981c01c00000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xf000000}, 0x48) 654.920842ms ago: executing program 1 (id=1495): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket(0x1e, 0x1, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r2, 0x10f, 0x80, &(0x7f0000000040), 0x4) 581.300177ms ago: executing program 4 (id=1496): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000100)={@val={0x800e, 0x6005}, @void, @eth={@remote, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x4, 0x4, 0x0, @empty, @empty}, {0x4100, 0x0, 0x14, 0x0, @gue={{0x2, 0x0, 0x0, 0x84, 0x100}, "59cbddf8"}}}}}}}, 0x3a) sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x4040005) 261.025588ms ago: executing program 4 (id=1497): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x2b, 0x80801, 0x1) connect$inet6(r0, &(0x7f00000005c0)={0xa, 0x4e23, 0x8, @loopback, 0x1}, 0x1c) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000100)=[{&(0x7f0000002100)=""/4096, 0x1000}], 0x1}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 181.086618ms ago: executing program 4 (id=1498): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) fchdir(r1) ftruncate(0xffffffffffffffff, 0x2007ffb) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1000000201005) ftruncate(0xffffffffffffffff, 0x6) 61.268595ms ago: executing program 5 (id=1499): fanotify_mark(0xffffffffffffffff, 0x307, 0x40001022, 0xffffffffffffffff, 0x0) 0s ago: executing program 5 (id=1500): r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_HH_FLOWS_LIMIT={0x8, 0x3, 0x6}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40001}, 0x0) kernel console output (not intermixed with test programs): attributes in process `syz.0.823'. [ 222.456613][ T8860] FAULT_INJECTION: forcing a failure. [ 222.456613][ T8860] name failslab, interval 1, probability 0, space 0, times 0 [ 222.492903][ T8860] CPU: 1 UID: 0 PID: 8860 Comm: syz.0.823 Not tainted syzkaller #0 PREEMPT(full) [ 222.492920][ T8860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 222.492927][ T8860] Call Trace: [ 222.492931][ T8860] [ 222.492935][ T8860] dump_stack_lvl+0x16c/0x1f0 [ 222.492954][ T8860] should_fail_ex+0x512/0x640 [ 222.492971][ T8860] should_failslab+0xc2/0x120 [ 222.492985][ T8860] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 222.492998][ T8860] ? skb_clone+0x190/0x3f0 [ 222.493015][ T8860] skb_clone+0x190/0x3f0 [ 222.493029][ T8860] netlink_deliver_tap+0xabd/0xd30 [ 222.493047][ T8860] netlink_unicast+0x71f/0x870 [ 222.493063][ T8860] ? __pfx_netlink_unicast+0x10/0x10 [ 222.493078][ T8860] ? genl_rcv_msg+0x4bb/0x800 [ 222.493091][ T8860] netlink_ack+0x696/0xb80 [ 222.493109][ T8860] netlink_rcv_skb+0x332/0x420 [ 222.493123][ T8860] ? __pfx_genl_rcv_msg+0x10/0x10 [ 222.493143][ T8860] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 222.493163][ T8860] ? netlink_deliver_tap+0x1ae/0xd30 [ 222.493179][ T8860] genl_rcv+0x28/0x40 [ 222.493193][ T8860] netlink_unicast+0x5a7/0x870 [ 222.493209][ T8860] ? __pfx_netlink_unicast+0x10/0x10 [ 222.493223][ T8860] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 222.493242][ T8860] netlink_sendmsg+0x8d1/0xdd0 [ 222.493258][ T8860] ? __pfx_netlink_sendmsg+0x10/0x10 [ 222.493274][ T8860] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 222.493289][ T8860] ____sys_sendmsg+0xa98/0xc70 [ 222.493301][ T8860] ? __pfx_____sys_sendmsg+0x10/0x10 [ 222.493310][ T8860] ? get_compat_msghdr+0x11a/0x170 [ 222.493329][ T8860] ___sys_sendmsg+0x134/0x1d0 [ 222.493344][ T8860] ? __pfx____sys_sendmsg+0x10/0x10 [ 222.493365][ T8860] ? find_held_lock+0x2b/0x80 [ 222.493385][ T8860] __sys_sendmsg+0x16d/0x220 [ 222.493399][ T8860] ? __pfx___sys_sendmsg+0x10/0x10 [ 222.493412][ T8860] ? __might_fault+0xe3/0x190 [ 222.493427][ T8860] ? syscall_trace_enter+0x1cb/0x240 [ 222.493443][ T8860] ? __bpf_trace_sys_enter+0x37/0x60 [ 222.493458][ T8860] ? rcu_is_watching+0x12/0xc0 [ 222.493470][ T8860] __do_fast_syscall_32+0x7c/0x3a0 [ 222.493486][ T8860] do_fast_syscall_32+0x32/0x80 [ 222.493500][ T8860] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 222.493514][ T8860] RIP: 0023:0xf7f16579 [ 222.493523][ T8860] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 222.493533][ T8860] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 222.493543][ T8860] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 222.493549][ T8860] RDX: 000000002000c094 RSI: 0000000000000000 RDI: 0000000000000000 [ 222.493555][ T8860] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 222.493560][ T8860] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 222.493566][ T8860] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 222.493580][ T8860] [ 223.736353][ T40] audit: type=1326 audit(1756748692.320:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8871 comm="syz.2.828" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705e579 code=0x0 [ 223.992745][ T63] Bluetooth: hci3: command 0x0c1a tx timeout [ 223.992784][ T5989] Bluetooth: hci2: command 0x0c1a tx timeout [ 223.994975][ T63] Bluetooth: hci1: command 0x0c1a tx timeout [ 223.996607][ T5989] Bluetooth: hci0: command 0x0c1a tx timeout [ 225.039269][ T8891] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 225.072868][ T8891] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.206189][ T8891] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 225.209502][ T8891] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.312777][ T3245] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 225.351943][ T8891] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 225.374643][ T8891] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.452818][ T3245] usb 7-1: device descriptor read/64, error -71 [ 225.489975][ T8891] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 225.513436][ T8891] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.522710][ T40] audit: type=1326 audit(1756748694.100:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8902 comm="syz.1.837" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa8579 code=0x0 [ 225.685915][ T1143] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 225.689034][ T1143] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.692723][ T3245] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 225.786239][ T1143] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 225.788833][ T1143] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.791409][ T1143] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 225.812772][ T1143] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.823081][ T1143] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 225.825657][ T1143] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.832743][ T3245] usb 7-1: device descriptor read/64, error -71 [ 225.943128][ T3245] usb usb7-port1: attempt power cycle [ 226.029163][ T8907] netlink: zone id is out of range [ 226.052924][ T8907] netlink: zone id is out of range [ 226.055812][ T8907] netlink: del zone limit has 4 unknown bytes [ 226.124711][ T5992] Bluetooth: hci1: unexpected event for opcode 0x2024 [ 226.282755][ T3245] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 226.304516][ T3245] usb 7-1: device descriptor read/8, error -71 [ 226.552724][ T3245] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 226.589963][ T3245] usb 7-1: device descriptor read/8, error -71 [ 226.693922][ T3245] usb usb7-port1: unable to enumerate USB device [ 227.454413][ T29] hid (null): invalid report_count 555616507 [ 227.457252][ T29] hid (null): report_id 43186 is invalid [ 227.472228][ T29] hid-generic 0004:05B8:007F.0003: invalid report_count 555616507 [ 227.492799][ T29] hid-generic 0004:05B8:007F.0003: item 0 4 1 9 parsing failed [ 227.495564][ T29] hid-generic 0004:05B8:007F.0003: probe with driver hid-generic failed with error -22 [ 228.264067][ T40] audit: type=1326 audit(1756748696.850:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8931 comm="syz.3.847" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf711e579 code=0x0 [ 228.627666][ T8942] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 229.836391][ T8957] netlink: 16 bytes leftover after parsing attributes in process `syz.2.854'. [ 229.887625][ T8957] netlink: 8 bytes leftover after parsing attributes in process `syz.2.854'. [ 229.891166][ T8957] netlink: 8 bytes leftover after parsing attributes in process `syz.2.854'. [ 230.936034][ T8970] veth0: entered promiscuous mode [ 230.943718][ T8968] veth0: entered promiscuous mode [ 230.957417][ T8970] veth0: left promiscuous mode [ 230.965706][ T8968] veth0: left promiscuous mode [ 231.291536][ T40] audit: type=1326 audit(1756748699.870:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8972 comm="syz.2.861" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705e579 code=0x0 [ 231.935494][ T8984] netlink: 'syz.0.860': attribute type 1 has an invalid length. [ 231.938885][ T8984] netlink: 224 bytes leftover after parsing attributes in process `syz.0.860'. [ 232.453699][ T8998] random: crng reseeded on system resumption [ 232.599139][ T8997] PID 8997 killed due to inadequate hugepage pool [ 232.652912][ T8998] netlink: 'syz.2.868': attribute type 4 has an invalid length. [ 232.972840][ T1327] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 233.136058][ T1327] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 233.150179][ T1327] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 233.162751][ T1327] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 233.172873][ T1327] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.185090][ T8998] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 233.212397][ T1327] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 233.294157][ T40] audit: type=1326 audit(1756748701.870:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9008 comm="syz.3.871" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf711e579 code=0x0 [ 233.454205][ T40] audit: type=1326 audit(1756748702.040:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9014 comm="syz.0.873" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f16579 code=0x0 [ 234.429355][ T1327] usb 7-1: USB disconnect, device number 27 [ 234.466101][ T9020] netlink: 'syz.0.874': attribute type 1 has an invalid length. [ 234.469276][ T9020] netlink: 224 bytes leftover after parsing attributes in process `syz.0.874'. [ 234.918620][ T9028] netlink: 36 bytes leftover after parsing attributes in process `syz.0.877'. [ 235.350391][ T9033] netlink: 'syz.2.879': attribute type 1 has an invalid length. [ 235.373170][ T9033] netlink: 224 bytes leftover after parsing attributes in process `syz.2.879'. [ 235.836562][ T9039] fuse: Bad value for 'user_id' [ 235.838319][ T9039] fuse: Bad value for 'user_id' [ 235.841202][ T9037] FAULT_INJECTION: forcing a failure. [ 235.841202][ T9037] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 235.850482][ T9037] CPU: 0 UID: 0 PID: 9037 Comm: syz.2.881 Not tainted syzkaller #0 PREEMPT(full) [ 235.850507][ T9037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 235.850524][ T9037] Call Trace: [ 235.850529][ T9037] [ 235.850533][ T9037] dump_stack_lvl+0x16c/0x1f0 [ 235.850551][ T9037] should_fail_ex+0x512/0x640 [ 235.850568][ T9037] should_fail_alloc_page+0xe7/0x130 [ 235.850584][ T9037] prepare_alloc_pages+0x3c2/0x610 [ 235.850601][ T9037] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 235.850617][ T9037] ? rcu_is_watching+0x12/0xc0 [ 235.850628][ T9037] ? trace_mm_page_alloc+0x11f/0x1a0 [ 235.850643][ T9037] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 235.850655][ T9037] ? stack_trace_save+0x8e/0xc0 [ 235.850668][ T9037] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 235.850685][ T9037] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 235.850698][ T9037] ? __get_vm_area_node+0x1ca/0x330 [ 235.850712][ T9037] ? __vmalloc_node_noprof+0xad/0xf0 [ 235.850721][ T9037] ? copy_process+0x2c70/0x7690 [ 235.850733][ T9037] ? vhost_task_create+0x1d2/0x2e0 [ 235.850747][ T9037] ? kvm_mmu_post_init_vm+0x1b7/0x380 [ 235.850759][ T9037] ? kvm_arch_vcpu_ioctl_run+0x66/0x1980 [ 235.850772][ T9037] ? kvm_vcpu_ioctl+0x5eb/0x1690 [ 235.850784][ T9037] ? kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 235.850806][ T9037] alloc_pages_bulk_noprof+0x71c/0x1410 [ 235.850818][ T9037] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 235.850835][ T9037] ? policy_nodemask+0xea/0x4e0 [ 235.850850][ T9037] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 235.850863][ T9037] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 235.850883][ T9037] kasan_populate_vmalloc+0xf1/0x1f0 [ 235.850897][ T9037] alloc_vmap_area+0x959/0x29c0 [ 235.850918][ T9037] ? __pfx_alloc_vmap_area+0x10/0x10 [ 235.850936][ T9037] __get_vm_area_node+0x1ca/0x330 [ 235.850954][ T9037] __vmalloc_node_range_noprof+0x271/0x14b0 [ 235.850964][ T9037] ? vhost_task_create+0x1d2/0x2e0 [ 235.850978][ T9037] ? local_lock_release+0x99/0x140 [ 235.850996][ T9037] ? vhost_task_create+0x1d2/0x2e0 [ 235.851010][ T9037] ? rcu_read_unlock+0x17/0x60 [ 235.851025][ T9037] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 235.851034][ T9037] ? __memcg_slab_post_alloc_hook+0x4a0/0x960 [ 235.851053][ T9037] ? vhost_task_create+0x1d2/0x2e0 [ 235.851066][ T9037] __vmalloc_node_noprof+0xad/0xf0 [ 235.851076][ T9037] ? vhost_task_create+0x1d2/0x2e0 [ 235.851092][ T9037] copy_process+0x2c70/0x7690 [ 235.851111][ T9037] ? __pfx_copy_process+0x10/0x10 [ 235.851126][ T9037] ? lockdep_init_map_type+0x5c/0x280 [ 235.851141][ T9037] ? lockdep_init_map_type+0x5c/0x280 [ 235.851154][ T9037] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 235.851168][ T9037] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 235.851185][ T9037] vhost_task_create+0x1d2/0x2e0 [ 235.851199][ T9037] ? __pfx_vhost_task_create+0x10/0x10 [ 235.851217][ T9037] ? __pfx_vhost_task_fn+0x10/0x10 [ 235.851239][ T9037] kvm_mmu_post_init_vm+0x1b7/0x380 [ 235.851251][ T9037] kvm_arch_vcpu_ioctl_run+0x66/0x1980 [ 235.851265][ T9037] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 235.851280][ T9037] kvm_vcpu_ioctl+0x5eb/0x1690 [ 235.851295][ T9037] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 235.851308][ T9037] ? tomoyo_path_number_perm+0x18d/0x580 [ 235.851323][ T9037] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 235.851340][ T9037] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 235.851356][ T9037] ? do_vfs_ioctl+0x128/0x14f0 [ 235.851372][ T9037] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 235.851394][ T9037] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 235.851407][ T9037] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 235.851421][ T9037] ? __fget_files+0x20e/0x3c0 [ 235.851435][ T9037] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 235.851449][ T9037] __ia32_compat_sys_ioctl+0x23f/0x370 [ 235.851466][ T9037] __do_fast_syscall_32+0x7c/0x3a0 [ 235.851483][ T9037] do_fast_syscall_32+0x32/0x80 [ 235.851497][ T9037] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 235.851509][ T9037] RIP: 0023:0xf705e579 [ 235.851518][ T9037] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 235.851528][ T9037] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 235.851538][ T9037] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 235.851544][ T9037] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 235.851550][ T9037] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 235.851555][ T9037] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 235.851561][ T9037] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 235.851574][ T9037] [ 236.183573][ T9037] syz.2.881: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 236.188357][ T9037] CPU: 1 UID: 0 PID: 9037 Comm: syz.2.881 Not tainted syzkaller #0 PREEMPT(full) [ 236.188372][ T9037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 236.188379][ T9037] Call Trace: [ 236.188383][ T9037] [ 236.188388][ T9037] dump_stack_lvl+0x16c/0x1f0 [ 236.188405][ T9037] warn_alloc+0x248/0x3a0 [ 236.188419][ T9037] ? __pfx_warn_alloc+0x10/0x10 [ 236.188433][ T9037] ? kfree+0x2b4/0x4d0 [ 236.188445][ T9037] ? __get_vm_area_node+0x208/0x330 [ 236.188464][ T9037] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 236.188475][ T9037] ? local_lock_release+0x99/0x140 [ 236.188493][ T9037] ? vhost_task_create+0x1d2/0x2e0 [ 236.188508][ T9037] ? rcu_read_unlock+0x17/0x60 [ 236.188523][ T9037] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 236.188533][ T9037] ? __memcg_slab_post_alloc_hook+0x4a0/0x960 [ 236.188552][ T9037] ? vhost_task_create+0x1d2/0x2e0 [ 236.188566][ T9037] __vmalloc_node_noprof+0xad/0xf0 [ 236.188575][ T9037] ? vhost_task_create+0x1d2/0x2e0 [ 236.188591][ T9037] copy_process+0x2c70/0x7690 [ 236.188611][ T9037] ? __pfx_copy_process+0x10/0x10 [ 236.188626][ T9037] ? lockdep_init_map_type+0x5c/0x280 [ 236.188642][ T9037] ? lockdep_init_map_type+0x5c/0x280 [ 236.188656][ T9037] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 236.188670][ T9037] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 236.188686][ T9037] vhost_task_create+0x1d2/0x2e0 [ 236.188701][ T9037] ? __pfx_vhost_task_create+0x10/0x10 [ 236.188720][ T9037] ? __pfx_vhost_task_fn+0x10/0x10 [ 236.188741][ T9037] kvm_mmu_post_init_vm+0x1b7/0x380 [ 236.188753][ T9037] kvm_arch_vcpu_ioctl_run+0x66/0x1980 [ 236.188772][ T9037] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 236.188788][ T9037] kvm_vcpu_ioctl+0x5eb/0x1690 [ 236.188803][ T9037] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 236.188816][ T9037] ? tomoyo_path_number_perm+0x18d/0x580 [ 236.188831][ T9037] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 236.188849][ T9037] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 236.188866][ T9037] ? do_vfs_ioctl+0x128/0x14f0 [ 236.188882][ T9037] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 236.188904][ T9037] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 236.188918][ T9037] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 236.188931][ T9037] ? __fget_files+0x20e/0x3c0 [ 236.188945][ T9037] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 236.188959][ T9037] __ia32_compat_sys_ioctl+0x23f/0x370 [ 236.188978][ T9037] __do_fast_syscall_32+0x7c/0x3a0 [ 236.188994][ T9037] do_fast_syscall_32+0x32/0x80 [ 236.189008][ T9037] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 236.189021][ T9037] RIP: 0023:0xf705e579 [ 236.189030][ T9037] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 236.189040][ T9037] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 236.189049][ T9037] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 236.189056][ T9037] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 236.189062][ T9037] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 236.189068][ T9037] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 236.189073][ T9037] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 236.189087][ T9037] [ 236.189090][ T9037] Mem-Info: [ 236.304001][ T9037] active_anon:7559 inactive_anon:3743 isolated_anon:0 [ 236.304001][ T9037] active_file:8452 inactive_file:13286 isolated_file:0 [ 236.304001][ T9037] unevictable:1768 dirty:241 writeback:0 [ 236.304001][ T9037] slab_reclaimable:6203 slab_unreclaimable:60598 [ 236.304001][ T9037] mapped:24218 shmem:7096 pagetables:1685 [ 236.304001][ T9037] sec_pagetables:320 bounce:0 [ 236.304001][ T9037] kernel_misc_reclaimable:0 [ 236.304001][ T9037] free:61641 free_pcp:8940 free_cma:0 [ 236.318758][ T9037] Node 0 active_anon:680kB inactive_anon:352kB active_file:0kB inactive_file:100kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:28kB dirty:0kB writeback:0kB shmem:5368kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:9084kB pagetables:2236kB sec_pagetables:1196kB all_unreclaimable? no Balloon:0kB [ 236.329105][ T9037] Node 1 active_anon:29556kB inactive_anon:14620kB active_file:33808kB inactive_file:53044kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:96804kB dirty:964kB writeback:0kB shmem:23016kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4944kB pagetables:4488kB sec_pagetables:84kB all_unreclaimable? no Balloon:0kB [ 236.339796][ T9037] Node 0 DMA free:2324kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 236.349156][ T9037] lowmem_reserve[]: 0 288 288 288 288 [ 236.351658][ T9037] Node 0 DMA32 free:16792kB boost:0kB min:13220kB low:16524kB high:19828kB reserved_highatomic:2048KB free_highatomic:464KB active_anon:680kB inactive_anon:332kB active_file:0kB inactive_file:20kB unevictable:3536kB writepending:0kB present:1032196kB managed:295132kB mlocked:0kB bounce:0kB free_pcp:11412kB local_pcp:3644kB free_cma:0kB [ 236.463796][ T9037] lowmem_reserve[]: 0 0 0 0 0 [ 236.467439][ T9037] Node 1 DMA32 free:227392kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:29556kB inactive_anon:14620kB active_file:33808kB inactive_file:53044kB unevictable:3536kB writepending:964kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:24488kB local_pcp:7092kB free_cma:0kB [ 236.627946][ T9037] lowmem_reserve[]: 0 0 0 0 0 [ 236.630030][ T9037] Node 0 DMA: 55*4kB (U) 15*8kB (U) 4*16kB (U) 4*32kB (U) 0*64kB 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2324kB [ 236.642901][ T9037] Node 0 DMA32: 368*4kB (UMH) 7*8kB (UEH) 116*16kB (UMEH) 51*32kB (UMEH) 42*64kB (UMEH) 25*128kB (UME) 9*256kB (UME) 3*512kB (M) 2*1024kB (M) 0*2048kB 0*4096kB = 16792kB [ 236.666293][ T9037] Node 1 DMA32: 20*4kB (UE) 48*8kB (ME) 161*16kB (UME) 593*32kB (UME) 375*64kB (UME) 213*128kB (UME) 124*256kB (UME) 81*512kB (UME) 55*1024kB (UM) 8*2048kB (UM) 2*4096kB (M) = 227392kB [ 236.699350][ T9037] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 236.702354][ T9037] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 236.740998][ T9037] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 236.752703][ T9037] Node 1 hugepages_total=4 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 236.762825][ T9037] 29446 total pagecache pages [ 236.764358][ T9037] 616 pages in swap cache [ 236.765716][ T9037] Free swap = 118564kB [ 236.778068][ T9037] Total swap = 124996kB [ 236.779401][ T9037] 524155 pages RAM [ 236.780634][ T9037] 0 pages HighMem/MovableOnly [ 236.782126][ T9037] 209477 pages reserved [ 236.812778][ T9037] 0 pages cma reserved [ 237.003005][ T9044] netlink: 'syz.0.884': attribute type 1 has an invalid length. [ 237.013406][ T9044] netlink: 224 bytes leftover after parsing attributes in process `syz.0.884'. [ 237.524274][ T9050] block device autoloading is deprecated and will be removed. [ 237.616453][ T9050] kvm: kvm [9049]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000079) [ 237.663871][ T9050] netlink: 4 bytes leftover after parsing attributes in process `syz.0.886'. [ 237.801850][ T9056] lo speed is unknown, defaulting to 1000 [ 237.836511][ C2] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.838562][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.841081][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.843519][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.846015][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.848447][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.850916][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.853521][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.855999][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.858442][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.860936][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.863678][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.866178][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.868598][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.871055][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.873543][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.876015][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.878466][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.880971][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.883708][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.886191][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.888629][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.891084][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.893576][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.895990][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.898343][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.900744][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.903215][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.905734][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.908181][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.910642][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.913151][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.915607][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.917906][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.920401][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.922940][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.925425][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.927866][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.930355][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.932840][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.935254][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.937707][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.940215][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.942719][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.945221][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.947663][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.949949][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.952376][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.954885][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.957317][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.959791][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.962237][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.964772][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.967200][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.969650][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.972085][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.974618][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.977052][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.979525][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.981993][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.984509][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.986941][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.989411][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.991850][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.994379][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.996844][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.999304][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 238.001768][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 238.004270][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 238.006717][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 238.009200][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 238.011614][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 238.014145][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 238.016502][ C2] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 238.110993][ T9060] netlink: 52 bytes leftover after parsing attributes in process `syz.2.888'. [ 238.315705][ T9068] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 238.318502][ T9068] IPv6: NLM_F_CREATE should be set when creating new route [ 238.320799][ T9068] IPv6: NLM_F_CREATE should be set when creating new route [ 238.323109][ T9068] IPv6: NLM_F_CREATE should be set when creating new route [ 238.556195][ T9073] netlink: 'syz.3.894': attribute type 1 has an invalid length. [ 238.558627][ T9073] netlink: 224 bytes leftover after parsing attributes in process `syz.3.894'. [ 238.693967][ T9071] netlink: 512 bytes leftover after parsing attributes in process `syz.0.893'. [ 238.951098][ T9079] netlink: 'syz.0.893': attribute type 4 has an invalid length. [ 239.369466][ T40] audit: type=1326 audit(1756748707.950:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9082 comm="syz.3.896" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf711e579 code=0x0 [ 239.992879][ T5992] Bluetooth: hci2: command 0x0c1a tx timeout [ 240.398259][ T9090] netlink: 4 bytes leftover after parsing attributes in process `syz.0.897'. [ 241.415787][ T9096] netlink: 20 bytes leftover after parsing attributes in process `syz.3.900'. [ 241.566569][ T9096] tap0: tun_chr_ioctl cmd 1074025678 [ 241.568589][ T9096] tap0: group set to 0 [ 241.775759][ T9112] veth0: entered promiscuous mode [ 241.817333][ T9112] veth0: left promiscuous mode [ 242.021188][ T40] audit: type=1804 audit(1756748710.600:330): pid=9107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.903" name="/newroot/214/bus/bus" dev="overlay" ino=1178 res=1 errno=0 [ 242.072748][ T40] audit: type=1804 audit(1756748710.630:331): pid=9107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.903" name="/newroot/214/bus/bus" dev="overlay" ino=1178 res=1 errno=0 [ 242.164699][ T1140] Bluetooth: hci4: Frame reassembly failed (-84) [ 242.436133][ T40] audit: type=1326 audit(1756748711.020:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9117 comm="syz.0.906" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f16579 code=0x0 [ 243.354210][ T9129] openvswitch: netlink: ERSPAN option length err (len 256, max 255). [ 243.816456][ T9131] wireguard0: entered promiscuous mode [ 243.829901][ T9131] wireguard0: entered allmulticast mode [ 243.855183][ T9135] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 243.857943][ T9135] IPv6: NLM_F_CREATE should be set when creating new route [ 243.860811][ T9135] IPv6: NLM_F_CREATE should be set when creating new route [ 243.863134][ T9135] IPv6: NLM_F_CREATE should be set when creating new route [ 244.152866][ T5992] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 244.163231][ T9137] netlink: 'syz.0.910': attribute type 1 has an invalid length. [ 244.166312][ T9137] netlink: 'syz.0.910': attribute type 2 has an invalid length. [ 244.204659][ T9137] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 244.207043][ T9137] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 244.450717][ T40] audit: type=1326 audit(1756748713.020:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.1.912" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 244.494852][ T40] audit: type=1326 audit(1756748713.030:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.1.912" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 244.581234][ T40] audit: type=1326 audit(1756748713.030:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.1.912" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 244.639483][ T40] audit: type=1326 audit(1756748713.030:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.1.912" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 244.659804][ T40] audit: type=1326 audit(1756748713.030:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.1.912" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 244.695443][ T9145] netlink: 8 bytes leftover after parsing attributes in process `syz.1.912'. [ 244.709488][ T9149] veth0: entered promiscuous mode [ 244.711339][ T40] audit: type=1326 audit(1756748713.040:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.1.912" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 244.732277][ T9149] veth0: left promiscuous mode [ 244.735936][ T40] audit: type=1326 audit(1756748713.040:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.1.912" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 244.759056][ T40] audit: type=1326 audit(1756748713.040:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.1.912" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 244.805760][ T40] audit: type=1326 audit(1756748713.040:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.1.912" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 244.812510][ T40] audit: type=1326 audit(1756748713.040:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.1.912" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 246.483645][ T9168] syz.1.919 (9168) used greatest stack depth: 19736 bytes left [ 247.287616][ T9182] lo speed is unknown, defaulting to 1000 [ 247.365890][ T9185] netlink: 52 bytes leftover after parsing attributes in process `syz.1.923'. [ 249.442742][ T5992] Bluetooth: hci0: command 0x0c1a tx timeout [ 250.138136][ T5989] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 250.142542][ T5989] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 250.162956][ T5989] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 250.173515][ T5989] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 250.192924][ T5989] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 250.208022][ T9200] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 251.185138][ T5989] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 251.194692][ T5989] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 251.213041][ T5989] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 251.217010][ T5989] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 251.221189][ T5989] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 251.353024][ T9213] lo speed is unknown, defaulting to 1000 [ 251.693468][ T9220] netlink: 'syz.1.937': attribute type 1 has an invalid length. [ 251.695901][ T9220] netlink: 224 bytes leftover after parsing attributes in process `syz.1.937'. [ 251.733057][ T9212] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input13 [ 251.806028][ T9212] netlink: 4 bytes leftover after parsing attributes in process `syz.2.935'. [ 252.114689][ T9227] fuse: Bad value for 'fd' [ 252.590465][ T9230] veth0: entered promiscuous mode [ 252.592123][ T9230] veth0: left promiscuous mode [ 252.814709][ T9213] chnl_net:caif_netlink_parms(): no params data found [ 253.065438][ T9213] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.083127][ T9213] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.085469][ T9213] bridge_slave_0: entered allmulticast mode [ 253.114805][ T9213] bridge_slave_0: entered promiscuous mode [ 253.129799][ T9213] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.132048][ T9213] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.152893][ T9213] bridge_slave_1: entered allmulticast mode [ 253.155554][ T9213] bridge_slave_1: entered promiscuous mode [ 253.265573][ T40] kauditd_printk_skb: 39 callbacks suppressed [ 253.265583][ T40] audit: type=1326 audit(1756748721.850:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9248 comm="syz.1.944" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa8579 code=0x0 [ 253.272795][ T5992] Bluetooth: hci3: command tx timeout [ 253.309482][ T9213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 253.336044][ T9213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 253.437235][ T9253] 9pnet_fd: Insufficient options for proto=fd [ 253.443655][ T9253] 9pnet_fd: Insufficient options for proto=fd [ 253.468664][ T9213] team0: Port device team_slave_0 added [ 253.498268][ T9213] team0: Port device team_slave_1 added [ 253.604730][ T9213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 253.617555][ T9213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 253.652745][ T9213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 253.664924][ T9213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 253.678617][ T9213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 253.712749][ T9213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 253.827795][ T9213] hsr_slave_0: entered promiscuous mode [ 253.835087][ T9213] hsr_slave_1: entered promiscuous mode [ 253.840033][ T9213] debugfs: 'hsr0' already exists in 'hsr' [ 253.845998][ T9213] Cannot create hsr debugfs directory [ 254.203442][ T9213] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 254.208361][ T9213] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 254.222332][ T9213] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 254.228431][ T9213] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 254.421438][ T9213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.461773][ T9213] 8021q: adding VLAN 0 to HW filter on device team0 [ 254.493574][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.495823][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 254.521852][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.524225][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.194794][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.197352][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.246207][ T9213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 255.262912][ T9293] tipc: Started in network mode [ 255.264620][ T9293] tipc: Node identity f25756605062, cluster identity 4711 [ 255.266977][ T9293] tipc: Enabled bearer , priority 0 [ 255.304053][ T9296] syzkaller0: entered promiscuous mode [ 255.305826][ T9296] syzkaller0: entered allmulticast mode [ 255.353146][ T5992] Bluetooth: hci3: command tx timeout [ 255.408785][ T9293] syzkaller0: mtu less than device minimum [ 255.411891][ T9292] tipc: Resetting bearer [ 255.458172][ T9292] tipc: Disabling bearer [ 256.146181][ T9213] veth0_vlan: entered promiscuous mode [ 256.193387][ T9213] veth1_vlan: entered promiscuous mode [ 256.281470][ T9213] veth0_macvtap: entered promiscuous mode [ 256.295224][ T9213] veth1_macvtap: entered promiscuous mode [ 256.358826][ T9213] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 256.386955][ T9213] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 256.425283][ T164] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.428045][ T164] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.430738][ T164] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.462788][ T164] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.553059][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.555886][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.620324][ T164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.622885][ T164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 257.432826][ T5992] Bluetooth: hci3: command tx timeout [ 257.877866][ T9322] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2541091674 (162629867136 ns) > initial count (104792502336 ns). Using initial count to start timer. [ 258.124779][ T9325] veth0: entered promiscuous mode [ 258.134777][ T9325] veth0: left promiscuous mode [ 258.323702][ T9319] comedi comedi2: reset error (fatal) [ 258.795224][ T9330] openvswitch: netlink: IPv4 frag type 255 is out of range max 2 [ 258.930307][ T9330] tipc: Cannot configure node identity twice [ 259.166044][ T9333] netlink: 'syz.1.960': attribute type 1 has an invalid length. [ 259.168394][ T9333] netlink: 224 bytes leftover after parsing attributes in process `syz.1.960'. [ 259.434886][ T9337] lo speed is unknown, defaulting to 1000 [ 259.481504][ T9338] netlink: 52 bytes leftover after parsing attributes in process `syz.4.961'. [ 259.512950][ T5992] Bluetooth: hci3: command tx timeout [ 259.782723][ T6265] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 259.956719][ T6265] usb 6-1: Using ep0 maxpacket: 32 [ 259.985249][ T6265] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 259.988656][ T6265] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 259.992157][ T6265] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 260.030580][ T6265] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.060233][ T6265] usb 6-1: config 0 descriptor?? [ 260.537848][ T6265] savu 0003:1E7D:2D5A.0004: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 260.886491][ T6265] usb 6-1: USB disconnect, device number 23 [ 261.329975][ T9342] netlink: 4 bytes leftover after parsing attributes in process `syz.2.963'. [ 261.555223][ T9359] veth0: entered promiscuous mode [ 261.566056][ T9359] veth0: left promiscuous mode [ 261.570462][ T9358] netlink: 4 bytes leftover after parsing attributes in process `syz.4.968'. [ 261.592915][ T5992] Bluetooth: hci3: command tx timeout [ 261.742846][ T40] audit: type=1326 audit(1756748730.320:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9362 comm="syz.1.970" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa8579 code=0x0 [ 262.278851][ T40] audit: type=1326 audit(1756748730.860:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9361 comm="syz.2.969" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x0 [ 262.701948][ T9372] lo speed is unknown, defaulting to 1000 [ 262.960849][ T9373] netlink: 52 bytes leftover after parsing attributes in process `syz.1.972'. [ 263.394274][ T9383] netlink: 52 bytes leftover after parsing attributes in process `syz.2.973'. [ 263.496154][ T9381] lo speed is unknown, defaulting to 1000 [ 264.490928][ T5989] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 264.496476][ T5989] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 264.499626][ T5989] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 264.513672][ T5989] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 264.516746][ T5989] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 264.952914][ T5992] Bluetooth: hci0: command 0x0c1a tx timeout [ 265.003181][ T9006] syz_tun (unregistering): left allmulticast mode [ 265.074850][ T9404] veth0: entered promiscuous mode [ 265.077810][ T9404] veth0: left promiscuous mode [ 265.207399][ T9397] lo speed is unknown, defaulting to 1000 [ 265.433400][ T5992] Bluetooth: hci2: command 0x0c1a tx timeout [ 265.568909][ T1234] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 265.612848][ T1234] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.785558][ T1234] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 265.894686][ T1234] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.906175][ T40] audit: type=1326 audit(1756748734.480:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9411 comm="syz.4.980" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f07579 code=0x0 [ 266.222294][ T1234] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 266.226660][ T1234] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.326597][ T1234] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 266.329612][ T1234] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.419674][ T9397] chnl_net:caif_netlink_parms(): no params data found [ 266.634540][ T5992] Bluetooth: hci4: command tx timeout [ 267.325166][ T9397] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.327500][ T9397] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.329862][ T9397] bridge_slave_0: entered allmulticast mode [ 267.335222][ T9397] bridge_slave_0: entered promiscuous mode [ 267.354940][ T9397] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.357263][ T9397] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.359580][ T9397] bridge_slave_1: entered allmulticast mode [ 267.381462][ T9397] bridge_slave_1: entered promiscuous mode [ 268.322911][ T1234] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 268.353211][ T1234] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 268.379171][ T1234] bond0 (unregistering): Released all slaves [ 268.526020][ T9397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 268.617806][ T9397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 268.620862][ T1234] tipc: Left network mode [ 268.678673][ T9456] netlink: 16 bytes leftover after parsing attributes in process `syz.1.989'. [ 268.713599][ T5992] Bluetooth: hci4: command tx timeout [ 268.748996][ T9397] team0: Port device team_slave_0 added [ 268.774747][ T9397] team0: Port device team_slave_1 added [ 268.989339][ T9397] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 268.991530][ T9397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 269.033803][ T9397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 269.074866][ T9397] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 269.077033][ T9397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 269.104496][ T9397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 269.339651][ T1234] hsr_slave_0: left promiscuous mode [ 269.344156][ T1234] hsr_slave_1: left promiscuous mode [ 269.352093][ T1234] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 269.359956][ T1234] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 269.367152][ T1234] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 269.456909][ T1234] veth1_macvtap: left promiscuous mode [ 269.459072][ T1234] veth0_macvtap: left promiscuous mode [ 269.673281][ T9463] sctp: [Deprecated]: syz.1.991 (pid 9463) Use of int in max_burst socket option. [ 269.673281][ T9463] Use struct sctp_assoc_value instead [ 269.684884][ T9463] sctp: [Deprecated]: syz.1.991 (pid 9463) Use of int in max_burst socket option. [ 269.684884][ T9463] Use struct sctp_assoc_value instead [ 269.728534][ T9463] netlink: 'syz.1.991': attribute type 21 has an invalid length. [ 269.782146][ T9466] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 270.792849][ T5992] Bluetooth: hci4: command tx timeout [ 271.258866][ T1234] team0 (unregistering): Port device team_slave_1 removed [ 271.464976][ T1234] team0 (unregistering): Port device team_slave_0 removed [ 271.653074][ T9480] netlink: 16 bytes leftover after parsing attributes in process `syz.4.994'. [ 272.872849][ T5992] Bluetooth: hci4: command tx timeout [ 272.955268][ T9487] binder: 9484:9487 ioctl 4161 0 returned -22 [ 273.366864][ T9397] hsr_slave_0: entered promiscuous mode [ 273.369989][ T9397] hsr_slave_1: entered promiscuous mode [ 273.393097][ T9397] debugfs: 'hsr0' already exists in 'hsr' [ 273.395506][ T9397] Cannot create hsr debugfs directory [ 273.415697][ T9463] netlink: 152 bytes leftover after parsing attributes in process `syz.1.991'. [ 273.638965][ T9491] veth0: entered promiscuous mode [ 273.766941][ T9491] veth0: left promiscuous mode [ 274.243548][ T9500] loop4: detected capacity change from 0 to 524255232 [ 274.345271][ T9503] loop4: detected capacity change from 524255232 to 524287956 [ 274.366278][ T9397] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 274.384887][ T9397] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 274.413901][ T9397] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 274.434209][ T9397] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 275.016557][ T9494] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 275.115579][ T9397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.195027][ T9397] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.237165][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.240187][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.334433][ T1234] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.337293][ T1234] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.683596][ T9528] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 275.686149][ T9528] IPv6: NLM_F_CREATE should be set when creating new route [ 275.688473][ T9528] IPv6: NLM_F_CREATE should be set when creating new route [ 275.690675][ T9528] IPv6: NLM_F_CREATE should be set when creating new route [ 276.005519][ T40] audit: type=1326 audit(1756748744.580:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9533 comm="syz.2.1004" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 276.012134][ T40] audit: type=1326 audit(1756748744.580:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9533 comm="syz.2.1004" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 276.097920][ T40] audit: type=1326 audit(1756748744.580:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9533 comm="syz.2.1004" exe="/syz-executor" sig=0 arch=40000003 syscall=162 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 276.131112][ T9397] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 276.153294][ T40] audit: type=1326 audit(1756748744.580:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9533 comm="syz.2.1004" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 276.159977][ T40] audit: type=1326 audit(1756748744.610:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9533 comm="syz.2.1004" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 276.272739][ T40] audit: type=1326 audit(1756748744.610:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9533 comm="syz.2.1004" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 276.332733][ T40] audit: type=1326 audit(1756748744.610:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9533 comm="syz.2.1004" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 276.339550][ T40] audit: type=1326 audit(1756748744.610:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9533 comm="syz.2.1004" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 276.402847][ T40] audit: type=1326 audit(1756748744.610:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9533 comm="syz.2.1004" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 276.409554][ T40] audit: type=1326 audit(1756748744.610:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9533 comm="syz.2.1004" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 276.435292][ T9534] input: syz0 as /devices/virtual/input/input14 [ 276.765622][ T9548] veth0: entered promiscuous mode [ 276.775213][ T9548] veth0: left promiscuous mode [ 276.924550][ T9552] lo speed is unknown, defaulting to 1000 [ 277.244893][ T5979] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 277.288891][ T9559] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 277.294399][ T9559] netlink: 'syz.4.1008': attribute type 4 has an invalid length. [ 277.304065][ T9397] veth0_vlan: entered promiscuous mode [ 277.342768][ T9559] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1008'. [ 277.354065][ T9559] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 277.376043][ T9397] veth1_vlan: entered promiscuous mode [ 277.524689][ T5979] usb 7-1: config 0 has no interfaces? [ 277.535583][ T5979] usb 7-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 277.538865][ T5979] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.541400][ T5979] usb 7-1: Product: syz [ 277.563339][ T5979] usb 7-1: Manufacturer: syz [ 277.564889][ T5979] usb 7-1: SerialNumber: syz [ 277.585617][ T9397] veth0_macvtap: entered promiscuous mode [ 277.589515][ T5979] usb 7-1: config 0 descriptor?? [ 277.606731][ T9397] veth1_macvtap: entered promiscuous mode [ 277.673389][ T9397] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 277.695014][ T9397] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 277.777230][ T1143] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.780040][ T1143] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.824386][ T1143] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.827079][ T1143] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.983270][ T9556] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 277.986021][ T9556] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.114723][ T9552] veth0_macvtap: left promiscuous mode [ 279.196529][ T9552] veth0_macvtap: entered promiscuous mode [ 279.212254][ T5979] usb 7-1: USB disconnect, device number 28 [ 279.276179][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.442698][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.463648][ T1234] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.482688][ T1234] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 280.409358][ T1143] veth0_macvtap: left promiscuous mode [ 280.502288][ T9604] input: syz0 as /devices/virtual/input/input15 [ 281.099545][ T9618] netlink: 'syz.5.1018': attribute type 1 has an invalid length. [ 281.101986][ T9618] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1018'. [ 281.695339][ T9634] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1022'. [ 282.213732][ T40] kauditd_printk_skb: 122 callbacks suppressed [ 282.213742][ T40] audit: type=1326 audit(1756748750.800:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9642 comm="syz.2.1025" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 282.225637][ T6325] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 282.229076][ T6325] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 282.233343][ T40] audit: type=1326 audit(1756748750.800:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9642 comm="syz.2.1025" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 282.268452][ T40] audit: type=1326 audit(1756748750.810:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9642 comm="syz.2.1025" exe="/syz-executor" sig=0 arch=40000003 syscall=162 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 282.293732][ T40] audit: type=1326 audit(1756748750.810:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9642 comm="syz.2.1025" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 282.323662][ T40] audit: type=1326 audit(1756748750.810:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9642 comm="syz.2.1025" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 282.338880][ T40] audit: type=1326 audit(1756748750.810:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9642 comm="syz.2.1025" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 282.354577][ T9643] input: syz0 as /devices/virtual/input/input16 [ 282.362839][ T40] audit: type=1326 audit(1756748750.810:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9642 comm="syz.2.1025" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 282.390299][ T40] audit: type=1326 audit(1756748750.810:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9642 comm="syz.2.1025" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 282.423154][ T40] audit: type=1326 audit(1756748750.810:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9642 comm="syz.2.1025" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 282.429699][ T40] audit: type=1326 audit(1756748750.810:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9642 comm="syz.2.1025" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 283.282740][ T6836] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 283.462707][ T6836] usb 7-1: Using ep0 maxpacket: 8 [ 283.474279][ T6836] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 283.477409][ T6836] usb 7-1: config 0 has no interface number 0 [ 283.479332][ T6836] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 283.492703][ T6836] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 283.496262][ T6836] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 283.521000][ T6836] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 283.541032][ T6836] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 283.550779][ T6836] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.554890][ T6836] usb 7-1: config 0 descriptor?? [ 283.570117][ T6836] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 283.776247][ T1327] usb 7-1: USB disconnect, device number 29 [ 283.814058][ T1327] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 284.415545][ T9674] program syz.2.1032 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 285.906822][ T9703] /dev/nullb0: Can't open blockdev [ 286.402736][ T1928] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 286.452742][ T29] usb 7-1: new low-speed USB device number 30 using dummy_hcd [ 286.591119][ T1928] usb 10-1: Using ep0 maxpacket: 32 [ 286.596393][ T1928] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 286.599799][ T1928] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 286.617294][ T1928] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 286.620285][ T1928] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.639827][ T1928] usb 10-1: config 0 descriptor?? [ 286.654365][ T29] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 286.656964][ T29] usb 7-1: config 0 has no interface number 0 [ 286.658895][ T29] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 286.662369][ T29] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 286.682880][ T29] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 286.685768][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.695104][ T29] usb 7-1: config 0 descriptor?? [ 286.697896][ T9709] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 286.733086][ T29] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 286.933341][ T10] usb 7-1: USB disconnect, device number 30 [ 287.087182][ T1928] savu 0003:1E7D:2D5A.0005: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0 [ 287.739913][ T9712] FAULT_INJECTION: forcing a failure. [ 287.739913][ T9712] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 287.744633][ T9712] CPU: 1 UID: 0 PID: 9712 Comm: syz.1.1040 Not tainted syzkaller #0 PREEMPT(full) [ 287.744648][ T9712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 287.744654][ T9712] Call Trace: [ 287.744658][ T9712] [ 287.744662][ T9712] dump_stack_lvl+0x16c/0x1f0 [ 287.744680][ T9712] should_fail_ex+0x512/0x640 [ 287.744698][ T9712] _copy_from_user+0x2e/0xd0 [ 287.744715][ T9712] evdev_handle_set_keycode+0xb7/0x170 [ 287.744727][ T9712] ? __pfx_evdev_handle_set_keycode+0x10/0x10 [ 287.744740][ T9712] ? __pfx___might_resched+0x10/0x10 [ 287.744752][ T9712] ? rcu_is_watching+0x12/0xc0 [ 287.744763][ T9712] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 287.744779][ T9712] evdev_do_ioctl+0xba1/0x1b30 [ 287.744792][ T9712] ? __pfx_evdev_do_ioctl+0x10/0x10 [ 287.744814][ T9712] evdev_ioctl_compat+0x16f/0x1a0 [ 287.744825][ T9712] ? __pfx_evdev_ioctl_compat+0x10/0x10 [ 287.744836][ T9712] __ia32_compat_sys_ioctl+0x23f/0x370 [ 287.744855][ T9712] __do_fast_syscall_32+0x7c/0x3a0 [ 287.744871][ T9712] do_fast_syscall_32+0x32/0x80 [ 287.744885][ T9712] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 287.744898][ T9712] RIP: 0023:0xf7fa8579 [ 287.744907][ T9712] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 287.744916][ T9712] RSP: 002b:00000000f54b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 287.744927][ T9712] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000040084504 [ 287.744933][ T9712] RDX: 0000000080ffcffc RSI: 0000000000000000 RDI: 0000000000000000 [ 287.744939][ T9712] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 287.744945][ T9712] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 287.744951][ T9712] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 287.744964][ T9712] [ 287.802839][ C1] vkms_vblank_simulate: vblank timer overrun [ 288.450990][ T10] usb 10-1: reset high-speed USB device number 2 using dummy_hcd [ 289.402029][ T9737] syz.2.1046 (9737): attempted to duplicate a private mapping with mremap. This is not supported. [ 289.826608][ T6059] usb 10-1: USB disconnect, device number 2 [ 290.417391][ T9754] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1050'. [ 290.533027][ T9754] netfs: Couldn't get user pages (rc=-14) [ 290.860840][ T40] kauditd_printk_skb: 53 callbacks suppressed [ 290.860857][ T40] audit: type=1326 audit(1756748759.440:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9758 comm="syz.5.1051" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 290.902769][ T40] audit: type=1326 audit(1756748759.450:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9758 comm="syz.5.1051" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 290.910765][ T40] audit: type=1326 audit(1756748759.480:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9758 comm="syz.5.1051" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 290.962705][ T40] audit: type=1326 audit(1756748759.480:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9758 comm="syz.5.1051" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 290.969918][ T40] audit: type=1326 audit(1756748759.490:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9758 comm="syz.5.1051" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 291.002745][ T40] audit: type=1326 audit(1756748759.490:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9758 comm="syz.5.1051" exe="/syz-executor" sig=0 arch=40000003 syscall=286 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 291.074343][ T6329] Bluetooth: hci1: Frame reassembly failed (-84) [ 291.154971][ T40] audit: type=1326 audit(1756748759.720:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9762 comm="syz.4.1052" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f07579 code=0x0 [ 291.252731][ T40] audit: type=1326 audit(1756748759.820:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9758 comm="syz.5.1051" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 291.292698][ T40] audit: type=1326 audit(1756748759.860:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9758 comm="syz.5.1051" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 291.299290][ T40] audit: type=1326 audit(1756748759.870:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9758 comm="syz.5.1051" exe="/syz-executor" sig=0 arch=40000003 syscall=103 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 293.112890][ T5992] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 294.072826][ T9784] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1057'. [ 294.075743][ T9784] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1057'. [ 294.113381][ T9784] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1057'. [ 294.116344][ T9784] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1057'. [ 294.162790][ T9784] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1057'. [ 295.172979][ T9799] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1059'. [ 295.818268][ T9814] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.1063'. [ 298.863113][ T9848] lo speed is unknown, defaulting to 1000 [ 299.635409][ T9856] fuse: Unknown parameter '' [ 299.817862][ T9859] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1074'. [ 300.123925][ T9866] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 300.582803][ T29] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 300.764683][ T29] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 300.768724][ T29] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 300.802701][ T29] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 300.816417][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.823874][ T29] usb 7-1: config 0 descriptor?? [ 300.844546][ T29] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 300.853607][ T9874] overlayfs: statfs failed on './file0' [ 301.056326][ T29] usb 7-1: USB disconnect, device number 31 [ 301.502885][ T29] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 301.662786][ T29] usb 7-1: Using ep0 maxpacket: 32 [ 301.671693][ T29] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 301.684078][ T29] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 301.690207][ T29] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 301.703624][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.724063][ T29] usb 7-1: config 0 descriptor?? [ 301.741556][ T29] ldusb 7-1:0.0: Interrupt in endpoint not found [ 301.755601][ T29] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 301.950133][ T29] usb 7-1: USB disconnect, device number 32 [ 302.778144][ T9897] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 302.872750][ T5979] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 303.049145][ T40] audit: type=1326 audit(1756748771.630:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9901 comm="syz.5.1088" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f87579 code=0x0 [ 303.056033][ T5979] usb 7-1: Using ep0 maxpacket: 8 [ 303.063034][ T5979] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 303.065855][ T5979] usb 7-1: config 0 has no interface number 0 [ 303.067374][ T9904] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1089'. [ 303.071468][ T5979] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 303.082949][ T5979] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 303.086592][ T5979] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 303.111038][ T5979] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 303.125152][ T9904] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1089'. [ 303.128211][ T5979] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 303.137422][ T5979] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.161901][ T5979] usb 7-1: config 0 descriptor?? [ 303.180803][ T5979] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 303.548603][ T54] usb 7-1: USB disconnect, device number 33 [ 303.552006][ T54] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 304.169473][ T9912] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 304.172259][ T9912] overlayfs: missing 'lowerdir' [ 304.442764][ T6059] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 304.614844][ T40] audit: type=1326 audit(1756748773.200:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9926 comm="syz.2.1097" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705e579 code=0x0 [ 304.622576][ T6059] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 304.629442][ T6059] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 304.652926][ T6059] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.657419][ T6059] usb 6-1: config 0 descriptor?? [ 304.674283][ T6059] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 304.816408][ T9932] erofs (device nbd5): cannot find valid erofs superblock [ 304.876126][ T6059] usb 6-1: USB disconnect, device number 24 [ 304.878936][ T40] audit: type=1326 audit(1756748773.440:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.5.1098" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 304.904797][ T40] audit: type=1326 audit(1756748773.440:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.5.1098" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 304.924050][ T40] audit: type=1326 audit(1756748773.440:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.5.1098" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 304.930394][ T40] audit: type=1326 audit(1756748773.440:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.5.1098" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 304.992789][ T40] audit: type=1326 audit(1756748773.440:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.5.1098" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 304.999350][ T40] audit: type=1326 audit(1756748773.440:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.5.1098" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 305.042943][ T40] audit: type=1326 audit(1756748773.440:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.5.1098" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 305.049549][ T40] audit: type=1326 audit(1756748773.440:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.5.1098" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000 [ 305.293479][ T9940] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1101'. [ 305.413857][ T6059] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 305.414859][ T9940] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 305.468309][ T9940] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1101'. [ 305.572969][ T6059] usb 6-1: Using ep0 maxpacket: 32 [ 305.578467][ T6059] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 305.582810][ T6059] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 305.585776][ T6059] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.613195][ T6059] usb 6-1: config 0 descriptor?? [ 305.617612][ T6059] ldusb 6-1:0.0: Interrupt in endpoint not found [ 305.620134][ T6059] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 305.819692][ T6059] usb 6-1: USB disconnect, device number 25 [ 306.199426][ T9955] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 306.201438][ T9955] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 306.259881][ T9955] vhci_hcd vhci_hcd.0: Device attached [ 306.492836][ T29] usb 42-1: SetAddress Request (6) to port 0 [ 306.495340][ T29] usb 42-1: new SuperSpeed USB device number 6 using vhci_hcd [ 306.712787][ T9956] vhci_hcd: connection reset by peer [ 306.715511][ T6331] vhci_hcd: stop threads [ 306.716890][ T6331] vhci_hcd: release socket [ 306.722012][ T6331] vhci_hcd: disconnect device [ 307.887042][ T9985] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1114'. [ 307.890579][ T9985] FAULT_INJECTION: forcing a failure. [ 307.890579][ T9985] name failslab, interval 1, probability 0, space 0, times 0 [ 307.922987][ T9985] CPU: 2 UID: 0 PID: 9985 Comm: syz.4.1114 Not tainted syzkaller #0 PREEMPT(full) [ 307.923004][ T9985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 307.923011][ T9985] Call Trace: [ 307.923014][ T9985] [ 307.923019][ T9985] dump_stack_lvl+0x16c/0x1f0 [ 307.923036][ T9985] should_fail_ex+0x512/0x640 [ 307.923051][ T9985] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 307.923066][ T9985] should_failslab+0xc2/0x120 [ 307.923084][ T9985] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 307.923097][ T9985] ? alloc_inode+0x61/0x240 [ 307.923113][ T9985] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 307.923125][ T9985] alloc_inode+0x61/0x240 [ 307.923139][ T9985] new_inode+0x22/0x1c0 [ 307.923155][ T9985] __debugfs_create_file+0x11c/0x6b0 [ 307.923169][ T9985] debugfs_create_file_full+0x41/0x60 [ 307.923182][ T9985] ? __pfx_vlan_setup+0x10/0x10 [ 307.923198][ T9985] ref_tracker_dir_debugfs+0x19d/0x290 [ 307.923213][ T9985] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 307.923240][ T9985] ? __kvmalloc_node_noprof+0x298/0x620 [ 307.923251][ T9985] ? rcu_is_watching+0x12/0xc0 [ 307.923263][ T9985] ? lockdep_init_map_type+0x5c/0x280 [ 307.923280][ T9985] alloc_netdev_mqs+0x30f/0x1530 [ 307.923298][ T9985] rtnl_create_link+0xc08/0xf90 [ 307.923316][ T9985] rtnl_newlink+0xb69/0x2000 [ 307.923335][ T9985] ? __pfx_rtnl_newlink+0x10/0x10 [ 307.923354][ T9985] ? kfree_skbmem+0x1a4/0x1f0 [ 307.923373][ T9985] ? rcu_is_watching+0x12/0xc0 [ 307.923388][ T9985] ? find_held_lock+0x2b/0x80 [ 307.923398][ T9985] ? __pfx_rtnl_newlink+0x10/0x10 [ 307.923411][ T9985] ? __pfx_rtnl_newlink+0x10/0x10 [ 307.923424][ T9985] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 307.923439][ T9985] ? __pfx_rtnl_newlink+0x10/0x10 [ 307.923454][ T9985] rtnetlink_rcv_msg+0x95e/0xe90 [ 307.923470][ T9985] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 307.923489][ T9985] ? ref_tracker_free+0x37c/0x830 [ 307.923505][ T9985] netlink_rcv_skb+0x158/0x420 [ 307.923521][ T9985] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 307.923536][ T9985] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 307.923556][ T9985] ? netlink_deliver_tap+0x1ae/0xd30 [ 307.923573][ T9985] netlink_unicast+0x5a7/0x870 [ 307.923589][ T9985] ? __pfx_netlink_unicast+0x10/0x10 [ 307.923604][ T9985] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 307.923622][ T9985] netlink_sendmsg+0x8d1/0xdd0 [ 307.923660][ T9985] ? __pfx_netlink_sendmsg+0x10/0x10 [ 307.923683][ T9985] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 307.923697][ T9985] ____sys_sendmsg+0xa98/0xc70 [ 307.923710][ T9985] ? __pfx_____sys_sendmsg+0x10/0x10 [ 307.923719][ T9985] ? get_compat_msghdr+0x11a/0x170 [ 307.923739][ T9985] ___sys_sendmsg+0x134/0x1d0 [ 307.923754][ T9985] ? __pfx____sys_sendmsg+0x10/0x10 [ 307.923775][ T9985] ? find_held_lock+0x2b/0x80 [ 307.923795][ T9985] __sys_sendmsg+0x16d/0x220 [ 307.923809][ T9985] ? __pfx___sys_sendmsg+0x10/0x10 [ 307.923822][ T9985] ? __might_fault+0xe3/0x190 [ 307.923838][ T9985] ? syscall_trace_enter+0x1cb/0x240 [ 307.923853][ T9985] ? __bpf_trace_sys_enter+0x37/0x60 [ 307.923869][ T9985] ? rcu_is_watching+0x12/0xc0 [ 307.923881][ T9985] __do_fast_syscall_32+0x7c/0x3a0 [ 307.923897][ T9985] do_fast_syscall_32+0x32/0x80 [ 307.923911][ T9985] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 307.923924][ T9985] RIP: 0023:0xf7f07579 [ 307.923933][ T9985] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 307.923943][ T9985] RSP: 002b:00000000f541655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 307.923953][ T9985] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000300 [ 307.923959][ T9985] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 307.923965][ T9985] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 307.923971][ T9985] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 307.923977][ T9985] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 307.923990][ T9985] [ 307.923994][ T9985] debugfs: out of free dentries, can not create file 'netdev@ffff88806c7d2610' [ 307.982823][ T9976] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 308.075871][ T9976] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 308.076573][ T9976] vhci_hcd vhci_hcd.0: Device attached [ 308.087591][ T9987] vhci_hcd: connection closed [ 308.087930][ T1143] vhci_hcd: stop threads [ 308.087954][ T1143] vhci_hcd: release socket [ 308.087965][ T1143] vhci_hcd: disconnect device [ 308.106253][ T9985] vlan0: entered allmulticast mode [ 308.106284][ T9985] dummy0: entered allmulticast mode [ 308.274046][T10004] lo speed is unknown, defaulting to 1000 [ 308.322432][T10009] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1116'. [ 308.943039][T10018] netlink: zone id is out of range [ 308.944787][T10018] netlink: zone id is out of range [ 309.108759][T10024] FAT-fs (nullb0): bogus number of reserved sectors [ 309.110848][T10024] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 309.214266][T10026] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 309.267367][T10026] FAULT_INJECTION: forcing a failure. [ 309.267367][T10026] name failslab, interval 1, probability 0, space 0, times 0 [ 309.272390][T10026] CPU: 0 UID: 0 PID: 10026 Comm: syz.4.1124 Not tainted syzkaller #0 PREEMPT(full) [ 309.272404][T10026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 309.272411][T10026] Call Trace: [ 309.272415][T10026] [ 309.272421][T10026] dump_stack_lvl+0x16c/0x1f0 [ 309.272439][T10026] should_fail_ex+0x512/0x640 [ 309.272454][T10026] ? __kvmalloc_node_noprof+0x124/0x620 [ 309.272467][T10026] should_failslab+0xc2/0x120 [ 309.272482][T10026] __kvmalloc_node_noprof+0x137/0x620 [ 309.272493][T10026] ? lockdep_unlock+0x64/0xe0 [ 309.272503][T10026] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 309.272522][T10026] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 309.272537][T10026] __kvm_mmu_topup_memory_cache+0x450/0x600 [ 309.272565][T10026] ? do_raw_spin_unlock+0x172/0x230 [ 309.272581][T10026] ? _raw_spin_unlock+0x28/0x50 [ 309.272596][T10026] mmu_topup_memory_caches+0x25/0x170 [ 309.272608][T10026] kvm_mmu_load+0xd6/0x23c0 [ 309.272620][T10026] ? irqentry_exit+0x3b/0x90 [ 309.272632][T10026] ? lockdep_hardirqs_on+0x7c/0x110 [ 309.272646][T10026] ? __pfx_kvm_mmu_load+0x10/0x10 [ 309.272658][T10026] ? vcpu_run+0xf6b/0x5580 [ 309.272671][T10026] ? vcpu_run+0x3584/0x5580 [ 309.272685][T10026] vcpu_run+0x358c/0x5580 [ 309.272699][T10026] ? __lock_acquire+0xb97/0x1ce0 [ 309.272716][T10026] ? __pfx_vcpu_run+0x10/0x10 [ 309.272731][T10026] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 309.272744][T10026] ? __local_bh_enable_ip+0xa4/0x120 [ 309.272759][T10026] ? kvm_arch_vcpu_ioctl_run+0x1023/0x1980 [ 309.272772][T10026] kvm_arch_vcpu_ioctl_run+0x1023/0x1980 [ 309.272790][T10026] kvm_vcpu_ioctl+0x5eb/0x1690 [ 309.272805][T10026] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 309.272818][T10026] ? tomoyo_path_number_perm+0x18d/0x580 [ 309.272833][T10026] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 309.272851][T10026] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 309.272868][T10026] ? do_vfs_ioctl+0x128/0x14f0 [ 309.272884][T10026] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 309.272907][T10026] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 309.272933][T10026] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 309.272947][T10026] ? __fget_files+0x20e/0x3c0 [ 309.272961][T10026] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 309.272975][T10026] __ia32_compat_sys_ioctl+0x23f/0x370 [ 309.272993][T10026] __do_fast_syscall_32+0x7c/0x3a0 [ 309.273009][T10026] do_fast_syscall_32+0x32/0x80 [ 309.273022][T10026] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 309.273044][T10026] RIP: 0023:0xf7f07579 [ 309.273053][T10026] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 309.273063][T10026] RSP: 002b:00000000f541655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 309.273073][T10026] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 000000000000ae80 [ 309.273080][T10026] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 309.273085][T10026] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 309.273091][T10026] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 309.273097][T10026] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 309.273110][T10026] [ 309.870119][T10022] 9p: Unknown Cache mode or invalid value fscach [ 309.915497][T10037] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1126'. [ 309.982744][T10000] usb 6-1: new low-speed USB device number 26 using dummy_hcd [ 310.172541][T10000] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 310.177615][T10000] usb 6-1: config 0 has no interface number 0 [ 310.180319][T10000] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 310.193202][T10000] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 310.197751][T10000] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 310.201602][T10000] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.253519][T10000] usb 6-1: config 0 descriptor?? [ 310.267578][T10030] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 310.287401][T10000] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 310.324336][ T5992] Bluetooth: hci0: command 0x0c1a tx timeout [ 310.690372][T10000] usb 6-1: USB disconnect, device number 26 [ 310.872114][T10051] FAULT_INJECTION: forcing a failure. [ 310.872114][T10051] name failslab, interval 1, probability 0, space 0, times 0 [ 310.892515][T10051] CPU: 1 UID: 0 PID: 10051 Comm: syz.5.1130 Not tainted syzkaller #0 PREEMPT(full) [ 310.892532][T10051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 310.892538][T10051] Call Trace: [ 310.892542][T10051] [ 310.892546][T10051] dump_stack_lvl+0x16c/0x1f0 [ 310.892567][T10051] should_fail_ex+0x512/0x640 [ 310.892582][T10051] ? fs_reclaim_acquire+0xae/0x150 [ 310.892599][T10051] should_failslab+0xc2/0x120 [ 310.892613][T10051] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 310.892626][T10051] ? skb_clone+0x190/0x3f0 [ 310.892654][T10051] skb_clone+0x190/0x3f0 [ 310.892669][T10051] netlink_broadcast_filtered+0xb76/0xf90 [ 310.892690][T10051] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 310.892703][T10051] ? sprintf+0xcc/0x100 [ 310.892720][T10051] ? netlink_has_listeners+0x20f/0x430 [ 310.892736][T10051] netlink_broadcast+0x39/0x50 [ 310.892750][T10051] kobject_uevent_env+0xc6a/0x1870 [ 310.892763][T10051] ? bus_to_subsys+0x131/0x160 [ 310.892777][T10051] device_del+0x623/0x9f0 [ 310.892792][T10051] ? __pfx_device_del+0x10/0x10 [ 310.892810][T10051] device_unregister+0x1d/0xc0 [ 310.892823][T10051] bdi_unregister+0x451/0x640 [ 310.892838][T10051] ? __pfx_bdi_unregister+0x10/0x10 [ 310.892850][T10051] ? generic_shutdown_super+0x1b7/0x390 [ 310.892869][T10051] ? up_write+0x1b2/0x520 [ 310.892886][T10051] generic_shutdown_super+0x26a/0x390 [ 310.892903][T10051] kill_anon_super+0x3a/0x60 [ 310.892912][T10051] fuse_kill_sb_anon+0x1e8/0x350 [ 310.892930][T10051] deactivate_locked_super+0xc1/0x1a0 [ 310.892942][T10051] deactivate_super+0xde/0x100 [ 310.892953][T10051] cleanup_mnt+0x225/0x450 [ 310.892965][T10051] task_work_run+0x14d/0x240 [ 310.892981][T10051] ? __pfx_task_work_run+0x10/0x10 [ 310.892996][T10051] ? __might_fault+0x13b/0x190 [ 310.893012][T10051] exit_to_user_mode_loop+0xeb/0x110 [ 310.893028][T10051] __do_fast_syscall_32+0x2ac/0x3a0 [ 310.893043][T10051] do_fast_syscall_32+0x32/0x80 [ 310.893057][T10051] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 310.893070][T10051] RIP: 0023:0xf7f87579 [ 310.893079][T10051] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 310.893090][T10051] RSP: 002b:00000000f547555c EFLAGS: 00000296 ORIG_RAX: 0000000000000034 [ 310.893101][T10051] RAX: 0000000000000000 RBX: 00000000800001c0 RCX: 0000000000000000 [ 310.893107][T10051] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 310.893113][T10051] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 310.893119][T10051] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 310.893124][T10051] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 310.893138][T10051] [ 310.954435][T10054] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1131'. [ 311.149635][T10052] lo speed is unknown, defaulting to 1000 [ 311.370413][T10059] lo speed is unknown, defaulting to 1000 [ 311.456035][T10060] IPVS: set_ctl: invalid protocol: 61 224.0.0.2:20001 [ 311.584148][T10060] tipc: Started in network mode [ 311.585680][T10060] tipc: Node identity ac1414aa, cluster identity 4711 [ 311.588532][T10060] tipc: Enabled bearer , priority 10 [ 311.592776][ T29] usb 42-1: device descriptor read/8, error -110 [ 311.658946][T10068] dlm: no locking on control device [ 311.993915][ T29] usb usb42-port1: attempt power cycle [ 312.112915][T10084] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1139'. [ 312.584495][ T29] usb usb42-port1: unable to enumerate USB device [ 312.584776][ T6059] tipc: Node number set to 2886997162 [ 312.855826][T10082] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 312.858222][T10082] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 312.894587][T10082] vhci_hcd vhci_hcd.0: Device attached [ 312.952845][ T5992] Bluetooth: hci2: command 0x0c1a tx timeout [ 312.958662][ T40] kauditd_printk_skb: 14 callbacks suppressed [ 312.958672][ T40] audit: type=1326 audit(1756748781.540:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10072 comm="syz.2.1136" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705e579 code=0x0 [ 313.162783][ T6105] usb 42-1: SetAddress Request (10) to port 0 [ 313.164715][ T6105] usb 42-1: new SuperSpeed USB device number 10 using vhci_hcd [ 313.368824][ T5992] Bluetooth: hci4: command tx timeout [ 313.826913][T10091] vhci_hcd: connection reset by peer [ 313.833307][ T164] vhci_hcd: stop threads [ 313.834693][ T164] vhci_hcd: release socket [ 313.842710][ T164] vhci_hcd: disconnect device [ 315.158030][ T40] audit: type=1326 audit(1756748783.740:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10104 comm="syz.1.1147" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa8579 code=0x0 [ 316.372818][ T1928] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 316.635978][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.638020][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.679389][ T1928] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 316.683074][ T1928] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 316.686025][ T1928] usb 10-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 316.688849][ T1928] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.733512][ T1928] usb 10-1: config 0 descriptor?? [ 317.023516][ T1928] usbhid 10-1:0.0: can't add hid device: -71 [ 317.025488][ T1928] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 317.072918][ T1928] usb 10-1: USB disconnect, device number 3 [ 317.523152][ T1928] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 317.702824][ T1928] usb 10-1: Using ep0 maxpacket: 32 [ 317.708927][ T1928] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.732755][ T1928] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 317.752954][ T1928] usb 10-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 317.756849][ T1928] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.793625][ T1928] usb 10-1: config 0 descriptor?? [ 317.826741][ T1928] ldusb 10-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 317.853178][ T1928] ldusb 10-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 318.028750][ T29] usb 10-1: USB disconnect, device number 4 [ 318.033940][ T29] ldusb 10-1:0.0: LD USB Device #0 now disconnected [ 318.233079][ T6105] usb 42-1: device descriptor read/8, error -110 [ 318.458168][T10123] lo speed is unknown, defaulting to 1000 [ 318.643698][ T6105] usb usb42-port1: attempt power cycle [ 319.103120][T10133] program syz.4.1153 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 319.147938][ T40] audit: type=1326 audit(1756748787.730:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10135 comm="syz.5.1157" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f87579 code=0x0 [ 319.305297][ T6105] usb usb42-port1: unable to enumerate USB device [ 320.215423][T10156] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1162'. [ 320.541858][T10166] lo speed is unknown, defaulting to 1000 [ 320.552717][ T5992] Bluetooth: hci2: command 0x0c1a tx timeout [ 320.665408][T10167] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1165'. [ 320.886265][T10171] lo speed is unknown, defaulting to 1000 [ 321.365502][T10184] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1171'. [ 321.371656][T10182] lo speed is unknown, defaulting to 1000 [ 321.718390][T10189] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1172'. [ 322.713501][ T5992] Bluetooth: hci4: command tx timeout [ 322.793007][ T5992] Bluetooth: hci3: command tx timeout [ 323.244503][T10200] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 323.286507][T10200] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 323.432750][ T5992] Bluetooth: hci0: command 0x0c1a tx timeout [ 323.499801][T10200] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 323.511342][T10200] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 324.004081][T10200] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 324.007999][T10200] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 324.122384][T10213] batman_adv: batadv0: Adding interface: ipvlan0 [ 324.132791][T10213] batman_adv: batadv0: The MTU of interface ipvlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.174376][T10213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 324.177656][T10213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 324.184669][T10213] batman_adv: batadv0: Interface activated: ipvlan0 [ 324.221660][T10200] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 324.247404][T10200] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 324.447129][ T6331] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 324.449934][ T6331] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 256 - 0 [ 324.452446][ T6331] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 324.473085][ T6331] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 256 - 0 [ 324.513009][ T6331] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 324.515589][ T6331] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 256 - 0 [ 324.518045][ T6331] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 324.520632][ T6331] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 256 - 0 [ 324.767789][T10220] infiniband syz1: set active [ 324.777050][T10220] infiniband syz1: added syz_tun [ 324.834063][T10231] ceph: No mds server is up or the cluster is laggy [ 324.848985][T10220] RDS/IB: syz1: added [ 324.850976][T10220] smc: adding ib device syz1 with port count 1 [ 324.854048][T10220] smc: ib device syz1 port 1 has pnetid [ 326.224353][T10254] FAT-fs (nullb0): bogus number of reserved sectors [ 326.226415][T10254] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 326.246216][T10248] lo speed is unknown, defaulting to 1000 [ 327.544280][ T40] audit: type=1326 audit(1756748796.130:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10266 comm="syz.5.1196" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f87579 code=0x0 [ 328.066314][T10277] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1198'. [ 328.070617][T10277] tipc: Invalid UDP bearer configuration [ 328.071555][T10277] tipc: Enabling of bearer rejected, failed to enable media [ 328.301467][T10277] tipc: Enabled bearer , priority 10 [ 328.417164][ T40] audit: type=1326 audit(1756748797.000:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10279 comm="syz.2.1199" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705e579 code=0x0 [ 328.845491][T10281] mac80211_hwsim hwsim14 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 329.423989][ T1928] tipc: Node number set to 2721404512 [ 329.990742][T10291] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1203'. [ 330.815402][T10299] fuse: Unknown parameter '' [ 330.912795][ T6836] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 331.074614][ T6836] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 331.078719][ T6836] usb 7-1: config 0 has no interfaces? [ 331.081807][ T6836] usb 7-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=40.85 [ 331.103544][ T6836] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.273402][ T6836] usb 7-1: config 0 descriptor?? [ 331.329252][ T6836] IPVS: starting estimator thread 0... [ 331.353235][ T6325] wlan1: Trigger new scan to find an IBSS to join [ 331.422822][T10306] IPVS: using max 26 ests per chain, 62400 per kthread [ 331.912816][ T24] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 332.063383][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 332.074481][ T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 332.077620][ T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 332.080396][ T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 332.102710][ T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 332.106155][ T24] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 332.108956][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.144548][ T24] hub 6-1:1.0: bad descriptor, ignoring hub [ 332.146401][ T24] hub 6-1:1.0: probe with driver hub failed with error -5 [ 332.148747][ T24] cdc_wdm 6-1:1.0: skipping garbage [ 332.150324][ T24] cdc_wdm 6-1:1.0: skipping garbage [ 332.173136][ T24] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 332.175005][ T24] cdc_wdm 6-1:1.0: Unknown control protocol [ 332.485011][ T24] usb 6-1: USB disconnect, device number 27 [ 332.813633][ T6836] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 332.982763][ T6836] usb 6-1: Using ep0 maxpacket: 8 [ 332.993096][ T6836] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 333.002721][ T6836] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 333.005661][ T6836] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 333.030853][ T6836] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 333.044466][ T6836] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 333.058086][ T6836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.073240][ T6836] hub 6-1:1.0: bad descriptor, ignoring hub [ 333.075140][ T6836] hub 6-1:1.0: probe with driver hub failed with error -5 [ 333.077791][ T6836] cdc_wdm 6-1:1.0: skipping garbage [ 333.113118][ T6836] cdc_wdm 6-1:1.0: skipping garbage [ 333.115613][ T6836] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 333.117599][ T6836] cdc_wdm 6-1:1.0: Unknown control protocol [ 333.412877][ T6836] usb 6-1: USB disconnect, device number 28 [ 333.498959][T10000] usb 7-1: USB disconnect, device number 34 [ 333.907869][T10338] netlink: 71 bytes leftover after parsing attributes in process `syz.2.1218'. [ 334.242396][T10346] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1220'. [ 334.350476][T10354] veth0: entered promiscuous mode [ 334.354033][T10354] veth0: left promiscuous mode [ 334.404785][T10353] FAT-fs (nullb0): bogus number of reserved sectors [ 334.407573][T10353] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 334.746416][T10368] smc: net device bond0 applied user defined pnetid SYZ0 [ 335.012747][ T24] usb 6-1: new low-speed USB device number 29 using dummy_hcd [ 335.036839][ T40] audit: type=1326 audit(1756748803.620:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10373 comm="syz.5.1228" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f87579 code=0x0 [ 335.214146][ T24] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 335.216657][ T24] usb 6-1: config 0 has no interface number 0 [ 335.218619][ T24] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 335.222004][ T24] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 335.242726][ T24] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 335.245536][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 335.283237][ T24] usb 6-1: config 0 descriptor?? [ 335.285733][T10369] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 335.292872][ T24] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 335.426554][ C1] blk_print_req_error: 144 callbacks suppressed [ 335.426573][ C1] operation not supported error, dev loop7, sector 0 op 0x9:(WRITE_ZEROES) flags 0x20000800 phys_seg 0 prio class 2 [ 335.535136][ T9998] usb 6-1: USB disconnect, device number 29 [ 335.694605][ T40] audit: type=1326 audit(1756748804.280:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10380 comm="syz.2.1229" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705e579 code=0x0 [ 336.249124][T10396] lo speed is unknown, defaulting to 1000 [ 336.394709][ T164] wlan1: Trigger new scan to find an IBSS to join [ 336.432706][T10372] comedi comedi2: reset error (fatal) [ 337.109436][T10405] FAT-fs (nullb0): bogus number of reserved sectors [ 337.112381][T10405] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 337.283734][T10410] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303 [ 337.434060][ T6329] wlan1: Creating new IBSS network, BSSID 22:02:e9:72:c2:1c [ 337.481658][T10413] lo speed is unknown, defaulting to 1000 [ 337.732892][T10417] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1236'. [ 337.832760][T10000] usb 6-1: new low-speed USB device number 30 using dummy_hcd [ 338.025365][T10000] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 338.028412][T10000] usb 6-1: config 0 has no interface number 0 [ 338.030435][T10000] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 338.052734][T10000] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 338.080457][T10000] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 338.102877][T10408] lo speed is unknown, defaulting to 1000 [ 338.107288][T10000] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.129387][T10000] usb 6-1: config 0 descriptor?? [ 338.145395][T10416] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 338.194941][T10000] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 338.552725][ T5992] Bluetooth: hci0: command 0x0c1a tx timeout [ 339.044058][T10423] FAT-fs (nullb0): bogus number of reserved sectors [ 339.046415][T10423] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 339.522798][ T5992] Bluetooth: hci2: command 0x0c1a tx timeout [ 339.693105][ T6836] usb 7-1: new low-speed USB device number 35 using dummy_hcd [ 339.870701][ T6836] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 339.873876][ T6836] usb 7-1: config 0 has no interface number 0 [ 339.878775][ T6836] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 339.904099][ T6836] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 339.919489][ T6836] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 339.930248][ T6836] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.945577][ T6836] usb 7-1: config 0 descriptor?? [ 339.955475][T10425] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 340.007899][ T6836] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1 [ 340.043354][T10430] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1242'. [ 340.239209][ T29] usb 6-1: USB disconnect, device number 30 [ 340.339030][T10433] FAULT_INJECTION: forcing a failure. [ 340.339030][T10433] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 340.353506][T10433] CPU: 3 UID: 0 PID: 10433 Comm: syz.5.1243 Not tainted syzkaller #0 PREEMPT(full) [ 340.353530][T10433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 340.353542][T10433] Call Trace: [ 340.353549][T10433] [ 340.353555][T10433] dump_stack_lvl+0x16c/0x1f0 [ 340.353584][T10433] should_fail_ex+0x512/0x640 [ 340.353613][T10433] _copy_to_user+0x32/0xd0 [ 340.353633][T10433] generic_map_lookup_batch+0x61e/0xb40 [ 340.353668][T10433] ? __pfx_generic_map_lookup_batch+0x10/0x10 [ 340.353703][T10433] ? __pfx_generic_map_lookup_batch+0x10/0x10 [ 340.353726][T10433] bpf_map_do_batch+0x267/0x680 [ 340.353751][T10433] __sys_bpf+0x188d/0x4de0 [ 340.353785][T10433] ? __pfx___sys_bpf+0x10/0x10 [ 340.353809][T10433] ? __pfx_bpf_send_signal_common+0x10/0x10 [ 340.353838][T10433] ? find_held_lock+0x2b/0x80 [ 340.353873][T10433] ? find_held_lock+0x2b/0x80 [ 340.353889][T10433] ? syscall_trace_enter+0x1cb/0x240 [ 340.353920][T10433] __ia32_sys_bpf+0x76/0xe0 [ 340.353949][T10433] __do_fast_syscall_32+0x7c/0x3a0 [ 340.353976][T10433] do_fast_syscall_32+0x32/0x80 [ 340.354000][T10433] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 340.354022][T10433] RIP: 0023:0xf7f87579 [ 340.354051][T10433] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 340.354069][T10433] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 340.354087][T10433] RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 00000000800003c0 [ 340.354112][T10433] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 340.354123][T10433] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 340.354131][T10433] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 340.354140][T10433] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 340.354163][T10433] [ 340.443370][T10433] netlink: 'syz.5.1243': attribute type 4 has an invalid length. [ 340.462737][T10433] netlink: 152 bytes leftover after parsing attributes in process `syz.5.1243'. [ 340.482906][T10433] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 340.606307][T10438] lo speed is unknown, defaulting to 1000 [ 342.211104][ T1928] usb 7-1: USB disconnect, device number 35 [ 342.713281][ T5992] Bluetooth: hci4: command tx timeout [ 344.739421][T10475] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 344.808545][T10480] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 344.811354][T10480] overlayfs: missing 'lowerdir' [ 347.069550][T10509] can0: slcan on ttyS3. [ 347.134435][T10512] bridge0: entered allmulticast mode [ 347.143256][T10512] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1267'. [ 347.153500][T10512] bridge_slave_1: left allmulticast mode [ 347.155264][T10512] bridge_slave_1: left promiscuous mode [ 347.157114][T10512] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.163099][T10509] can0 (unregistered): slcan off ttyS3. [ 347.183161][T10512] bridge_slave_0: left allmulticast mode [ 347.207835][T10512] bridge_slave_0: left promiscuous mode [ 347.209756][T10512] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.263615][T10512] bridge0 (unregistering): left allmulticast mode [ 348.046323][T10529] lo speed is unknown, defaulting to 1000 [ 348.059647][T10533] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1271'. [ 349.264867][ T40] audit: type=1326 audit(1756748817.840:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10550 comm="syz.5.1277" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f87579 code=0x0 [ 350.255878][T10573] netlink: 240 bytes leftover after parsing attributes in process `syz.1.1283'. [ 350.642914][ T5989] Bluetooth: hci2: command 0x0c1a tx timeout [ 351.132752][ T40] audit: type=1326 audit(1756748819.710:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10590 comm="syz.1.1291" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 351.141727][ T40] audit: type=1326 audit(1756748819.710:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10590 comm="syz.1.1291" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 351.200846][ T40] audit: type=1326 audit(1756748819.710:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10590 comm="syz.1.1291" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 351.231503][ T40] audit: type=1326 audit(1756748819.710:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10590 comm="syz.1.1291" exe="/syz-executor" sig=0 arch=40000003 syscall=83 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 351.247623][ T40] audit: type=1326 audit(1756748819.710:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10590 comm="syz.1.1291" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 351.276411][ T40] audit: type=1326 audit(1756748819.710:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10590 comm="syz.1.1291" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 351.302838][ T40] audit: type=1326 audit(1756748819.710:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10590 comm="syz.1.1291" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 351.345351][ T40] audit: type=1326 audit(1756748819.720:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10590 comm="syz.1.1291" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 353.032989][T10628] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 353.113394][T10627] lo speed is unknown, defaulting to 1000 [ 353.245528][T10633] netlink: zone id is out of range [ 353.252307][T10633] netlink: zone id is out of range [ 353.264932][T10633] netlink: zone id is out of range [ 353.285003][T10633] netlink: zone id is out of range [ 353.336950][T10633] netlink: zone id is out of range [ 353.338833][T10633] netlink: zone id is out of range [ 353.340446][T10633] netlink: zone id is out of range [ 353.342107][T10633] netlink: zone id is out of range [ 353.382245][T10633] netlink: zone id is out of range [ 353.542725][ T40] audit: type=1800 audit(1756748822.120:631): pid=10623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1300" name="cgroup.controllers" dev="tmpfs" ino=1689 res=0 errno=0 [ 353.562754][ T54] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 353.566087][T10639] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1304'. [ 353.713592][ T54] usb 6-1: Using ep0 maxpacket: 32 [ 353.722815][ T141] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 353.725040][ T54] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 353.728145][ T54] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 353.731676][ T54] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 353.766032][ T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 353.782777][ T54] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 353.786618][ T54] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 353.791711][ T54] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 353.822778][ T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.843486][ T54] usb 6-1: config 0 descriptor?? [ 353.885564][ T141] usb 10-1: config 1 interface 0 altsetting 4 bulk endpoint 0x82 has invalid maxpacket 1024 [ 353.892693][ T141] usb 10-1: config 1 interface 0 has no altsetting 0 [ 353.899943][ T141] usb 10-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40 [ 353.914658][ T141] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.917293][ T141] usb 10-1: Product: 䜶藩쟨㊶ӈ쏌ꄨꋲ㔧撀䘙֣鲫ὕ樜醼ꈺ폹桃暾♯꧂藕ꊃ嶭 [ 353.920665][ T141] usb 10-1: Manufacturer: 畢都ጙ橵ฺ莱䘎ჱ媐魿ꐙ膡⧛趆퐡杇垸 [ 353.935507][ T141] usb 10-1: SerialNumber: ᠁ [ 353.964743][T10637] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 354.114964][T10621] netlink: 'syz.1.1300': attribute type 1 has an invalid length. [ 354.120296][T10641] input: syz0 as /devices/virtual/input/input17 [ 354.120357][ T54] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 31 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 354.133724][ T54] usb 6-1: USB disconnect, device number 31 [ 354.149164][ T54] usblp0: removed [ 354.387711][T10637] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1303'. [ 354.506451][T10637] vlan2: entered allmulticast mode [ 354.508127][T10637] bond0: entered allmulticast mode [ 354.509746][T10637] bond_slave_0: entered allmulticast mode [ 354.511533][T10637] bond_slave_1: entered allmulticast mode [ 354.547768][ T141] usblp0: Disabling reads from problematic bidirectional printer [ 354.551621][ T141] usblp 10-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 4 proto 2 vid 0x03F0 pid 0x0004 [ 354.584635][ T141] usb 10-1: USB disconnect, device number 5 [ 354.587570][ T40] kauditd_printk_skb: 60 callbacks suppressed [ 354.587579][ T40] audit: type=1326 audit(1756748823.170:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10647 comm="syz.2.1307" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705e579 code=0x0 [ 354.599009][ T141] usblp0: removed [ 355.144682][T10660] binder: 10658:10660 ioctl c00c6211 0 returned -14 [ 355.169508][T10660] dlm: no local IP address has been set [ 355.175469][T10657] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 355.178214][T10657] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 355.185189][T10660] dlm: cannot start dlm midcomms -107 [ 355.192737][ T5989] Bluetooth: hci3: command tx timeout [ 355.690402][T10667] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.800821][T10667] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.963633][T10667] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.041400][T10667] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.206182][ T1234] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.212758][ T6325] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.239604][ T6325] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.242199][ T6325] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.627120][ T40] audit: type=1326 audit(1756748825.210:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.2.1317" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 356.659438][ T40] audit: type=1326 audit(1756748825.210:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.2.1317" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 356.688069][ T40] audit: type=1326 audit(1756748825.210:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.2.1317" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 356.711793][ T40] audit: type=1326 audit(1756748825.210:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.2.1317" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 356.741337][ T40] audit: type=1326 audit(1756748825.210:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.2.1317" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 356.770741][ T40] audit: type=1326 audit(1756748825.210:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.2.1317" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 356.798407][ T40] audit: type=1326 audit(1756748825.210:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.2.1317" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 356.818233][ T40] audit: type=1326 audit(1756748825.210:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.2.1317" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 356.841777][ T40] audit: type=1326 audit(1756748825.210:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.2.1317" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 356.860465][ T1234] Bluetooth: hci1: Frame reassembly failed (-84) [ 358.872857][ T5992] Bluetooth: hci1: command 0x1003 tx timeout [ 358.872899][ T5989] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 359.397533][T10741] 9pnet_fd: Insufficient options for proto=fd [ 359.433984][T10743] binder: 10742:10743 ioctl c0306201 0 returned -14 [ 359.853995][ T1926] hid_parser_main: 43 callbacks suppressed [ 359.854008][ T1926] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 359.858321][ T1926] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 359.860757][ T1926] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 359.875506][T10736] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1336'. [ 359.902236][ T1926] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 359.906038][ T1926] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 359.912710][ T1926] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 359.915099][ T1926] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 359.917509][ T1926] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 359.919927][ T1926] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 359.935092][ T1926] hid-generic 0000:007F:FFFFFFFE.0006: unknown main item tag 0x0 [ 359.952973][ T1926] hid-generic 0000:007F:FFFFFFFE.0006: hidraw1: HID v0.00 Device [syz1] on syz0 [ 362.348526][T10762] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967295 (34359738360 ns) > initial count (3800 ns). Using initial count to start timer. [ 362.375850][T10762] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 367.457303][ T1234] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 369.125883][T10000] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 369.282714][T10000] usb 10-1: Using ep0 maxpacket: 8 [ 369.286723][T10000] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 369.289814][T10000] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 369.312761][T10000] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 369.317263][T10000] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 369.327363][T10000] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 369.338123][T10000] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.577059][T10000] usb 10-1: GET_CAPABILITIES returned 0 [ 369.578879][T10000] usbtmc 10-1:16.0: can't read capabilities [ 369.780206][T10000] usb 10-1: USB disconnect, device number 6 [ 371.970672][T10869] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1380'. [ 372.787851][T10864] syz.1.1379 (10864): drop_caches: 1 [ 373.073618][T10882] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1385'. [ 373.076316][T10882] team0: No ports can be present during mode change [ 373.316042][T10890] lo speed is unknown, defaulting to 1000 [ 376.613797][T10935] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1403'. [ 377.043401][T10940] binder: 10939:10940 ioctl c0306201 0 returned -14 [ 377.790579][T10959] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1411'. [ 378.075815][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.077811][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 382.264998][ T40] kauditd_printk_skb: 34 callbacks suppressed [ 382.265009][ T40] audit: type=1326 audit(1756748850.850:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11030 comm="syz.1.1440" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x0 [ 385.285178][ T5992] Bluetooth: hci3: command 0x0406 tx timeout [ 387.572195][T11082] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1455'. [ 388.947405][T11107] netlink: 'syz.2.1464': attribute type 36 has an invalid length. [ 389.312762][T11115] mkiss: ax0: crc mode is auto. [ 390.503031][ T10] usb 7-1: new full-speed USB device number 36 using dummy_hcd [ 390.675579][ T10] usb 7-1: config 0 has an invalid interface number: 161 but max is 0 [ 390.678141][ T10] usb 7-1: config 0 has no interface number 0 [ 390.686815][ T10] usb 7-1: New USB device found, idVendor=067b, idProduct=331a, bcdDevice=4a.31 [ 390.689651][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.692130][ T10] usb 7-1: Product: syz [ 390.720857][ T10] usb 7-1: Manufacturer: syz [ 390.723393][ T10] usb 7-1: SerialNumber: syz [ 390.737553][ T10] usb 7-1: config 0 descriptor?? [ 390.980932][ T10] pl2303 7-1:0.161: required endpoints missing [ 390.991033][ T10] usb 7-1: USB disconnect, device number 36 [ 392.353359][T11143] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1479'. [ 394.042766][ T24] usb 10-1: new full-speed USB device number 7 using dummy_hcd [ 394.206503][ T24] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 394.209669][ T24] usb 10-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 6 [ 394.234929][ T24] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 394.237756][ T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 394.240665][ T24] usb 10-1: SerialNumber: syz [ 394.268151][ T24] usb 10-1: bad CDC descriptors [ 394.323818][T11165] net_ratelimit: 15 callbacks suppressed [ 394.323829][T11165] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 395.101095][ T6836] usb 10-1: USB disconnect, device number 7 [ 397.113530][T11204] ------------[ cut here ]------------ [ 397.115316][T11204] verifier bug: REG INVARIANTS VIOLATION (true_reg1): range bounds violation u64=[0x0, 0x0] s64=[0x0, 0x0] u32=[0x80632f4, 0x0] s32=[0x0, 0x0] var_off=(0x0, 0x0)(1) [ 397.142955][T11204] WARNING: CPU: 0 PID: 11204 at kernel/bpf/verifier.c:2722 reg_bounds_sanity_check+0x62b/0x1200 [ 397.146557][T11204] Modules linked in: [ 397.147883][T11204] CPU: 0 UID: 0 PID: 11204 Comm: syz.2.1494 Not tainted syzkaller #0 PREEMPT(full) [ 397.152020][T11204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 397.156479][T11204] RIP: 0010:reg_bounds_sanity_check+0x62b/0x1200 [ 397.159200][T11204] Code: 45 ac 50 8b 45 b0 50 8b 45 b4 50 ff 75 b8 4c 8b 4d c0 4c 8b 45 c8 48 8b 95 58 ff ff ff 48 8b b5 60 ff ff ff e8 b6 b8 ab ff 90 <0f> 0b 90 90 48 8b 95 40 ff ff ff 48 83 c4 38 48 b8 00 00 00 00 00 [ 397.167400][T11204] RSP: 0018:ffffc9000fb5f2e8 EFLAGS: 00010282 [ 397.169946][T11204] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000d2a1000 [ 397.173833][T11204] RDX: 0000000000080000 RSI: ffffffff817a02d5 RDI: 0000000000000001 [ 397.177217][T11204] RBP: ffffc9000fb5f3e0 R08: 0000000000000001 R09: 0000000000000000 [ 397.180538][T11204] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888070708000 [ 397.183648][T11204] R13: ffff88805fc2f324 R14: ffff88805fc2f31c R15: ffff88805fc2f2d0 [ 397.186114][T11204] FS: 0000000000000000(0000) GS:ffff8880974c0000(0063) knlGS:00000000f542db40 [ 397.188892][T11204] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 397.190897][T11204] CR2: 000000000c338b42 CR3: 00000000797a8000 CR4: 0000000000352ef0 [ 397.193488][T11204] Call Trace: [ 397.194561][T11204] [ 397.195523][T11204] reg_set_min_max+0x183/0x2c0 [ 397.197048][T11204] check_cond_jmp_op+0x19b0/0x72d0 [ 397.198704][T11204] ? states_equal+0x30/0x1d10 [ 397.200207][T11204] ? __pfx_check_cond_jmp_op+0x10/0x10 [ 397.201928][T11204] ? __asan_memset+0x23/0x50 [ 397.203612][T11204] do_check_common+0xa13e/0xb410 [ 397.205186][T11204] ? __pfx_do_check_common+0x10/0x10 [ 397.206847][T11204] ? local_clock_noinstr+0xb1/0xe0 [ 397.208454][T11204] ? kfree+0x2b4/0x4d0 [ 397.209748][T11204] ? bpf_check+0x7cf8/0xc4d0 [ 397.211213][T11204] bpf_check+0x8763/0xc4d0 [ 397.212682][T11204] ? __pfx_bpf_check+0x10/0x10 [ 397.214193][T11204] ? __lock_acquire+0xb97/0x1ce0 [ 397.215774][T11204] ? __asan_memset+0x23/0x50 [ 397.217237][T11204] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 397.218842][T11204] bpf_prog_load+0xe41/0x2490 [ 397.220331][T11204] ? __pfx_bpf_prog_load+0x10/0x10 [ 397.221956][T11204] __sys_bpf+0x4a3f/0x4de0 [ 397.223440][T11204] ? __pfx___sys_bpf+0x10/0x10 [ 397.224950][T11204] ? __pfx_bpf_send_signal_common+0x10/0x10 [ 397.226821][T11204] ? find_held_lock+0x2b/0x80 [ 397.228323][T11204] ? find_held_lock+0x2b/0x80 [ 397.229821][T11204] ? syscall_trace_enter+0x1cb/0x240 [ 397.231505][T11204] __ia32_sys_bpf+0x76/0xe0 [ 397.233179][T11204] __do_fast_syscall_32+0x7c/0x3a0 [ 397.234788][T11204] do_fast_syscall_32+0x32/0x80 [ 397.236329][T11204] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 397.238264][T11204] RIP: 0023:0xf705e579 [ 397.239516][T11204] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 397.245523][T11204] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 397.248140][T11204] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800054c0 [ 397.250593][T11204] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 397.253127][T11204] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 397.255590][T11204] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 397.258039][T11204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 397.260516][T11204] [ 397.261504][T11204] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 397.263796][T11204] CPU: 0 UID: 0 PID: 11204 Comm: syz.2.1494 Not tainted syzkaller #0 PREEMPT(full) [ 397.266701][T11204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 397.270032][T11204] Call Trace: [ 397.271103][T11204] [ 397.272053][T11204] dump_stack_lvl+0x3d/0x1f0 [ 397.273551][T11204] vpanic+0x6e8/0x7a0 [ 397.274823][T11204] ? __pfx_vpanic+0x10/0x10 [ 397.276262][T11204] ? reg_bounds_sanity_check+0x62b/0x1200 [ 397.278040][T11204] panic+0xca/0xd0 [ 397.279249][T11204] ? __pfx_panic+0x10/0x10 [ 397.280668][T11204] check_panic_on_warn+0xab/0xb0 [ 397.282239][T11204] __warn+0xf6/0x3c0 [ 397.283503][T11204] ? reg_bounds_sanity_check+0x62b/0x1200 [ 397.285284][T11204] report_bug+0x3c3/0x580 [ 397.286648][T11204] ? reg_bounds_sanity_check+0x62b/0x1200 [ 397.288440][T11204] handle_bug+0x184/0x210 [ 397.289812][T11204] exc_invalid_op+0x17/0x50 [ 397.291256][T11204] asm_exc_invalid_op+0x1a/0x20 [ 397.292797][T11204] RIP: 0010:reg_bounds_sanity_check+0x62b/0x1200 [ 397.294734][T11204] Code: 45 ac 50 8b 45 b0 50 8b 45 b4 50 ff 75 b8 4c 8b 4d c0 4c 8b 45 c8 48 8b 95 58 ff ff ff 48 8b b5 60 ff ff ff e8 b6 b8 ab ff 90 <0f> 0b 90 90 48 8b 95 40 ff ff ff 48 83 c4 38 48 b8 00 00 00 00 00 [ 397.300672][T11204] RSP: 0018:ffffc9000fb5f2e8 EFLAGS: 00010282 [ 397.302570][T11204] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000d2a1000 [ 397.305041][T11204] RDX: 0000000000080000 RSI: ffffffff817a02d5 RDI: 0000000000000001 [ 397.307513][T11204] RBP: ffffc9000fb5f3e0 R08: 0000000000000001 R09: 0000000000000000 [ 397.309987][T11204] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888070708000 [ 397.312457][T11204] R13: ffff88805fc2f324 R14: ffff88805fc2f31c R15: ffff88805fc2f2d0 [ 397.314938][T11204] ? __warn_printk+0x1a5/0x350 [ 397.316467][T11204] ? reg_bounds_sanity_check+0x62a/0x1200 [ 397.318282][T11204] reg_set_min_max+0x183/0x2c0 [ 397.319817][T11204] check_cond_jmp_op+0x19b0/0x72d0 [ 397.321446][T11204] ? states_equal+0x30/0x1d10 [ 397.322954][T11204] ? __pfx_check_cond_jmp_op+0x10/0x10 [ 397.324683][T11204] ? __asan_memset+0x23/0x50 [ 397.326164][T11204] do_check_common+0xa13e/0xb410 [ 397.327754][T11204] ? __pfx_do_check_common+0x10/0x10 [ 397.329422][T11204] ? local_clock_noinstr+0xb1/0xe0 [ 397.331038][T11204] ? kfree+0x2b4/0x4d0 [ 397.332366][T11204] ? bpf_check+0x7cf8/0xc4d0 [ 397.333840][T11204] bpf_check+0x8763/0xc4d0 [ 397.335274][T11204] ? __pfx_bpf_check+0x10/0x10 [ 397.336793][T11204] ? __lock_acquire+0xb97/0x1ce0 [ 397.338390][T11204] ? __asan_memset+0x23/0x50 [ 397.339863][T11204] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 397.341478][T11204] bpf_prog_load+0xe41/0x2490 [ 397.342982][T11204] ? __pfx_bpf_prog_load+0x10/0x10 [ 397.344627][T11204] __sys_bpf+0x4a3f/0x4de0 [ 397.346048][T11204] ? __pfx___sys_bpf+0x10/0x10 [ 397.347578][T11204] ? __pfx_bpf_send_signal_common+0x10/0x10 [ 397.349433][T11204] ? find_held_lock+0x2b/0x80 [ 397.350936][T11204] ? find_held_lock+0x2b/0x80 [ 397.352436][T11204] ? syscall_trace_enter+0x1cb/0x240 [ 397.354116][T11204] __ia32_sys_bpf+0x76/0xe0 [ 397.355573][T11204] __do_fast_syscall_32+0x7c/0x3a0 [ 397.357191][T11204] do_fast_syscall_32+0x32/0x80 [ 397.358744][T11204] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 397.360740][T11204] RIP: 0023:0xf705e579 [ 397.362035][T11204] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 397.368028][T11204] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 397.370648][T11204] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800054c0 [ 397.373147][T11204] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 397.375630][T11204] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 397.378074][T11204] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 397.380558][T11204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 397.383045][T11204] [ 397.384724][T11204] Kernel Offset: disabled [ 397.386120][T11204] Rebooting in 86400 seconds.. VM DIAGNOSIS: 17:47:45 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff856170b5 RDI=ffffffff9b0fc700 RBP=ffffffff9b0fc6c0 RSP=ffffc9000fb5ec50 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b0fc6c0 R15=ffffffff85617050 RIP=ffffffff856170df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880974c0000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c338b42 CR3=00000000797a8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000104080 Opmask01=000000000000003f Opmask02=00000000fffdffbf Opmask03=0000000000000000 Opmask04=00000000fffffdef Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 33312d70392f6964 622f6c6175747269 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005651967d9f60 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd19c3f1b20 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd19c3f1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 ffff000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff0000ff000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd19c352c80 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 54003d534b4e494c 564544003d4d4554 535953425553003d 4854415056454400 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 540018534b4e494c 56454400184d4554 5359534255530018 4854415056454400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005651967cf2c0 00005651967e1db0 00005651967d18a0 00005651967e88e0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7766736c6d61722c 4142312c4339312c 3739312c3539312c 3339312c3239312c ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3139312c3039312c 4638312c4538312c 4238312c3938312c 3838312c3538312c ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3438312c3138312c 3937312c3737312c 3437312c4436312c 4336312c3636312c ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3336312c3136312c 3036312c30462c46 442c30442c46432c 38412c37412c4639 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000005f6013 RBX=0000000000000001 RCX=ffffffff8b90dbf9 RDX=0000000000000000 RSI=ffffffff8de4d2e1 RDI=ffffffff8c162e00 RBP=ffffed1003bdf488 RSP=ffffc9000046fdf8 R8 =0000000000000001 R9 =ffffed1005666655 R10=ffff88802b3332ab R11=0000000000000000 R12=0000000000000001 R13=ffff88801defa440 R14=ffffffff90ab8890 R15=0000000000000000 RIP=ffffffff8b90c75f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880975c0000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000800bb018 CR3=0000000074bb7000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=1ffff11002547040 RBX=ffff888012a38420 RCX=ffffffff81ca72b8 RDX=ffff88802894c880 RSI=ffffffffa0203714 RDI=00007fd19c31d378 RBP=ffff888012a38420 RSP=ffffc9000371f6e8 R8 =0000000000000006 R9 =00007fd19c31d378 R10=ffffffffa0203818 R11=0000000000000000 R12=00007fd19c31d378 R13=dffffc0000000000 R14=0000000000000000 R15=ffffffffa0203714 RIP=ffffffff81bb0580 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fd19c9c9880 ffffffff 00c00000 GS =0000 ffff8880976c0000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c25e75f CR3=000000004b5a4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000004 Opmask01=0000000000000000 Opmask02=000000000101001f Opmask03=0000000020400004 Opmask04=00000000ffffffdf Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005651967dfa00 00005651967dfa00 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005651967e88e0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005651967db970 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd19c3f1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffff00000000ff ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1c1f115c435d4316 10120300161e121d ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5c431d1c1a141601 5c43000611171d5c ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000041 0000000000000020 0000000000000000 00000035706f6f6c ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30302c443230302c 433230302c423230 302c393230003232 3d5145534b534944 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0d0d11440f0d0d11 430f0d0d11420f0d 0d11040f0d000f0f 005145534b534944 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f30737562646e2f 30303a3231303049 5043412f30303a53 55425953584e4c2f ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000002171 00000000014d5185 0000000000000000 306d656d702f6b63 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3139312c3039312c 4638312c4538312c 4238312c3938312c 3838312c3538312c ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3438312c3138312c 3937312c3737312c 3437312c4436312c 4336312c3636312c ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3336312c3136312c 3036312c30462c46 442c30442c46432c 38412c37412c4639 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=1ffff1100d41538e RBX=ffff88806a0a9c70 RCX=ffffffff822c35a1 RDX=ffff888012752440 RSI=ffffffff822c35d2 RDI=0000000000000005 RBP=0000000000000000 RSP=ffffc9000440f5c8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000000000001 R13=0000000000000001 R14=dffffc0000000000 R15=1ffff92000881ebb RIP=ffffffff822c35de RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977c0000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f755c0 CR3=00000000599de000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000