last executing test programs: 24m41.844020668s ago: executing program 1 (id=1963): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@newtaction={0x154, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x140, 0x1, [@m_ct={0xa0, 0x7, 0x0, 0x0, {{0x7}, {0x78, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e23}, @TCA_CT_LABELS={0x14, 0x7, "490122be53dc559660a2a20728bf0b61"}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @private0}, @TCA_CT_LABELS={0x14, 0x7, "4c1bfc20732c69d5133dc829dae199d3"}, @TCA_CT_LABELS_MASK={0x14, 0x8, "2b0d3c91d8ec024c9419cd4688679e99"}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @rand_addr=0x64010101}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_sample={0x9c, 0xf, 0x0, 0x0, {{0xb}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0xc804}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x7, 0xb, 0xfffffffffffffff2, 0x1, 0x3}}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6a}, @TCA_SAMPLE_RATE={0x8, 0x3, 0xa}]}, {0x36, 0x6, "1ef5a3ccffcbd1f64147bdf8c34f001e6b39d05122d1c2388fbd41d9af4bfd68b2a035b7f96a7ab7bc948babcb859636e7a4"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) lseek(r1, 0x101, 0x1) getdents64(r1, &(0x7f0000000000)=""/48, 0x30) getdents(r1, &(0x7f00000005c0)=""/203, 0xcb) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknodat(r1, &(0x7f0000000280)='./file0/file0\x00', 0x20, 0x7) io_uring_setup(0x5b42, &(0x7f0000000640)={0x0, 0xfffffffe, 0x800, 0x103fc, 0x159}) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x2b) r5 = openat$cdrom(0xffffff9c, &(0x7f00000000c0), 0x400, 0x0) ioctl$CDROMPLAYBLK(r5, 0x5317, &(0x7f0000000100)={0x8, 0xf000}) r6 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r6, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty, 0x1ffd}, 0x20) recvfrom(r6, 0x0, 0x0, 0x40000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94) 24m40.831481442s ago: executing program 1 (id=1968): shmctl$IPC_SET(0xffffffffffffffff, 0x1, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x13}, 0x0, 0x1}, 0xe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x50) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r4 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r4, 0x401070c9, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x2014800, 0x0) acct(&(0x7f0000000100)='./file0/bus\x00') chroot(&(0x7f0000000040)='./file0\x00') kexec_load(0x5, 0x3, &(0x7f0000001080), 0x3e0000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000002600000000c0a010300000000000000000100000008000440000000000900010073797a300000000038000380340000800400018004000680140007800c000100636f756e74657200040002801400018006000100636f756e7465720080040280140000001000010000000000000000000000000a6115823951e1e677cf79ff2b86fec3d0140ce22908a9e22b04d5d92fb3a2eeea4f47ea0ac3793df7e3e12c0751d110c2f5d7c69f1c5c4371cf10b8cafa5728c506db60c69fef704dbc8652dba88ab1736c547c048c7043d26cc3a99eb2ec0258ce9d717bdb2e78bcf03fb63f5c0b3e1dd676d3a9509580120d9b5a10d9e3259108ffca72f3ddeb63fd2640d76a412337a1f0d6062574507a86823f98ec8efd343be01b130a2a"], 0xe4}}, 0x0) 24m39.748442276s ago: executing program 1 (id=1971): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x5) connect$netrom(r2, &(0x7f0000000080)={{0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x48) connect$netrom(r2, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x5) r3 = dup(r1) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000002640)={'team_slave_0\x00', @random="76e04c34b99d"}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x9c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x70, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0xff}, @device_b, @device_b, @initial, {0x4, 0x3}}, 0x2, @random=0x1, 0x8086, @val, @val, @val={0x3, 0x1, 0x4}, @val={0x4, 0x6, {0x0, 0x2, 0xc, 0xff56}}, @val={0x6, 0x2, 0xa}, @void, @val={0x25, 0x3, {0x0, 0x0, 0x3}}, @val={0x2a, 0x1, {0x1}}, @void, @val={0x2d, 0x1a, {0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x2, 0x0, 0x1, 0x0, 0x2, 0x1}, 0x800, 0xff, 0x4}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0x1, 0xffffffffffffffff, 0x0, 0x2, 0x4}}, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x9c}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) 24m39.661787804s ago: executing program 1 (id=1973): openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async) socket(0x10, 0x3, 0x0) (async) syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) (async, rerun: 32) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 32) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x1, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) r2 = getpid() (async) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) (async) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000002000)=ANY=[@ANYBLOB="4001000010003306000000000400000000000000000000000000000000000001fe8000"/63, @ANYRES32=0x0, @ANYRES32=0x0], 0x140}}, 0x0) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 64) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async, rerun: 64) openat$cuse(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0) (rerun: 64) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) (async) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10138, 0x2, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) (async, rerun: 32) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async, rerun: 32) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r5, &(0x7f00000004c0)=ANY=[@ANYBLOB="0800080002010900680000800900456f009100660000aae2ead80a01660c93a40713e32705c395a568006c0102ac1414aa4f204e22007d9078c10200006279cb22459ff50866ff829694a603d3c443eead410baf7b350c12fa15932138ee8f6a6d2afdde33d5a4298b32860f7d3d68030697e95d9cff97f976b3ac6d8c10e10601a959b4bf18b7d52cd3b5a4c19759c5eb55c033fbf5a6b311de39eb228702b8bf55388a273db8f23105e37c7125"], 0x9f) (async, rerun: 32) symlink(&(0x7f0000000880)='.\x00', &(0x7f00000008c0)='./file0\x00') (rerun: 32) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000005c0), 0x4) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0x20, &(0x7f0000000800)={&(0x7f0000000680)=""/254, 0xfe, 0x0, &(0x7f0000000780)=""/109, 0x6d}}, 0x10) 24m39.323958903s ago: executing program 1 (id=1974): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x8, 0x20, 0x4, 0x6c, {{0x14, 0x4, 0x3, 0xc, 0x50, 0x66, 0x0, 0x4a, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0xe}, {[@noop, @noop, @timestamp_prespec={0x44, 0x1c, 0x58, 0x3, 0x4, [{@remote, 0x67a}, {@broadcast, 0x5}, {@local, 0x7}]}, @timestamp_addr={0x44, 0x1c, 0xc0, 0x1, 0x4, [{@remote, 0x7}, {@private=0xa010102, 0x7}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x6}]}]}}}}}) sendmsg$nl_route(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000440)=@ipv6_getaddrlabel={0x60, 0x4a, 0x2, 0x70bd2d, 0x25dfdbfb, {0xa, 0x0, 0x38, 0x0, r1, 0x5}, [@IFAL_ADDRESS={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @empty}}, @IFAL_ADDRESS={0x14, 0x1, @mcast2}, @IFAL_ADDRESS={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @IFAL_LABEL={0x8, 0x2, 0x2}]}, 0x60}, 0x1, 0x0, 0x0, 0x4004000}, 0xc04c041) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2, {0x1}}, './file0\x00'}) 24m38.011987721s ago: executing program 1 (id=1986): r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) sched_setscheduler(0x0, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x7a) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}], 0x1, 0x40800) recvmsg(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/8, 0x8}], 0x1}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x63}], 0x1}}], 0x1, 0x20008000) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r5, &(0x7f0000000000)='\"', 0x1) bind$bt_hci(r6, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r6, &(0x7f0000000000), 0xd) close(r0) r7 = open(&(0x7f0000000000)='./file0\x00', 0x502, 0x98) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) fcntl$setlease(r7, 0x400, 0x1) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000000)='.\x00', 0x20400, 0x74) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000100)={'vxcan1\x00'}) ioctl$F2FS_IOC_MOVE_RANGE(r7, 0x541b, &(0x7f0000000040)) 24m35.539718977s ago: executing program 0 (id=1994): socket$can_raw(0x1d, 0x3, 0x1) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50) socket$packet(0x11, 0x2, 0x300) move_pages(0x0, 0x0, &(0x7f0000002340), 0x0, &(0x7f0000002380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x15) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000000c0)={[{@quota}, {@grpquota_block_hardlimit={'grpquota_block_hardlimit', 0x3d, [0x33]}}]}) r4 = add_key$fscrypt_v1(0x0, &(0x7f0000001540)={'fscrypt:', @desc2}, &(0x7f0000001580)={0x0, "740c561c18c8d0520787a815169e2c2d38ce24ada46dfd910ebe32afb63c184f8aa7603c7eedb7c4014bc2f01d8020e3f1a9f99f55e81277b2f1e4dd09621d6f", 0x3e}, 0x48, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, r4, &(0x7f00000005c0)='asymmetric\x00', &(0x7f0000001640)='\x00') read$FUSE(r3, &(0x7f0000000300)={0x2020}, 0x2020) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRES16=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(0xffffffffffffffff, &(0x7f00000093c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x2026012, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x50) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x40000, 0x2) 24m34.588226533s ago: executing program 0 (id=1987): r0 = openat$vmci(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7b2, &(0x7f00000001c0)={&(0x7f0000000a40)=[0x0, 0x7, 0x31f, 0x6, 0x4, 0x6, 0x80, 0x9, 0xff, 0xfffffff8, 0x4, 0xafc, 0x4, 0x56f, 0xa, 0x9, 0xfffffffa, 0x0, 0xc88, 0x5, 0x9, 0x12, 0x844, 0x5, 0x9d0, 0x7fff, 0x3, 0x0, 0x8, 0xfffff4e3, 0x72, 0xca2, 0x3, 0x80000000, 0x81, 0xffffff38, 0xffff541e, 0x2c5, 0x5, 0x2, 0xfffffffa, 0x0, 0x8221, 0xd, 0x6, 0x32, 0x10, 0x6, 0x800000, 0x7, 0x5, 0x1ff, 0x5, 0xd2, 0xffff, 0x8fd, 0xa3a, 0xd5e8, 0x8, 0x3, 0x5, 0x0, 0x3, 0x81, 0x2e67, 0x7, 0x688046b4, 0x7, 0x0, 0x7b8, 0x8, 0x4, 0x0, 0x280, 0xbf65, 0x1, 0x401, 0x9, 0x3, 0x9, 0x763e6e27, 0x1, 0x3, 0xc, 0x40, 0x3, 0x89, 0xfff, 0x1, 0x4, 0x4, 0x40, 0x6b, 0xfffffff8, 0x2, 0x6, 0xff, 0x9, 0x0, 0x10001, 0x5, 0xffffff46, 0x1, 0x3, 0x3, 0x0, 0x20000, 0x5, 0xfffffff9, 0xcf41, 0x8, 0x5, 0x7fff, 0x5, 0x1000, 0x6, 0x9c, 0x7, 0x2, 0x1, 0x3, 0xa, 0xffffffff, 0x7, 0x2, 0x0, 0x1, 0xf, 0x5, 0x6, 0xffff, 0x0, 0xfffffffc, 0xe149, 0x19f, 0x3, 0x2, 0x9, 0x0, 0x2c, 0x9, 0x8, 0xce, 0x4, 0x3, 0x7815da1c, 0x8000, 0x4, 0x9, 0x6, 0x8, 0x8000, 0x3, 0x10000, 0xd64, 0x9, 0x4, 0x8, 0x2, 0x3, 0x6, 0x2, 0x10000, 0x1, 0x5, 0xb, 0xffffff74, 0x39, 0x7, 0x9, 0x80000001, 0xfff, 0x8, 0x4, 0x7, 0x4a28, 0x2, 0x8c, 0xfffffff0, 0x7fff, 0x4, 0x0, 0x3ff, 0x4, 0x706, 0xa68, 0x4, 0x2, 0x8, 0x200, 0xee82, 0x2, 0x1ff, 0x401, 0x6, 0x4, 0x400, 0x9fd3, 0x3, 0x8000, 0x4, 0x54, 0x491, 0x0, 0x1000, 0x8, 0x6, 0x0, 0x6000, 0x200, 0x1, 0xffff, 0x9, 0xad0, 0x100, 0xb2, 0x0, 0x1, 0x9, 0xb7f, 0x6, 0x200, 0x1, 0x2, 0x0, 0x2, 0x8, 0xb4c6aba, 0x2, 0x1, 0x3e7f, 0x4, 0x74fe, 0xabff, 0x3, 0x5, 0x9b3e, 0xffffffff, 0x7fff, 0x1, 0x53, 0x7fff, 0x4, 0x8, 0x9, 0x40, 0x9, 0x3, 0x21, 0x7, 0xb, 0x0, 0x3, 0x7fffffff, 0x8, 0xfffffff8, 0x4, 0x1, 0x4, 0x579, 0x7fffffff, 0x3, 0xe, 0x6, 0x8, 0x7, 0x100, 0x52, 0x1, 0xe, 0x7, 0x71df, 0x8651, 0x7, 0x8, 0xffffffff, 0x5, 0x2, 0x79, 0x8, 0x6, 0x1, 0x5, 0xf, 0x1, 0xd, 0x8, 0x9, 0x1, 0x6, 0x7, 0x3, 0xfff, 0xfff, 0x57a1, 0x1, 0x81, 0x1, 0x1ff, 0x7fffffff, 0x6, 0x0, 0x7ff, 0x400, 0x9, 0x649, 0x10001, 0xffff, 0xc, 0x6, 0x1, 0x401, 0x4, 0x5efd0fab, 0xb1bc, 0x5900000, 0xffff, 0x3, 0x5, 0xc50, 0x3, 0xfffffff8, 0x7, 0xaad9, 0x80000001, 0x93, 0xffffffff, 0xfffffffd, 0x4, 0x0, 0x3ff, 0x0, 0x4, 0x8, 0x0, 0x80000000, 0xe68, 0x95, 0x3cf6bcfe, 0xfffffffe, 0x6, 0x4d98, 0x9, 0xffffffff, 0x8d, 0x8, 0x80000001, 0x8, 0xbc43, 0x3, 0x7, 0x7, 0x3, 0x1, 0x9, 0x7, 0x100, 0x6, 0x0, 0x7fff, 0x1, 0x1, 0x5, 0x4, 0x5, 0x1, 0x797, 0x99, 0x49, 0x6, 0x0, 0x80000001, 0x0, 0x7, 0x6, 0x2, 0x3ff, 0x5, 0xd, 0x9, 0x1, 0xfffffff9, 0x9, 0x4, 0x8, 0xd55a, 0x3, 0x4d, 0x7ff, 0x7, 0x9, 0xffffffff, 0x7, 0x5, 0x3ff, 0x5, 0xd6, 0x4, 0x4, 0x9, 0x3000, 0xb773, 0x5, 0x0, 0x4, 0x80000000, 0x10001, 0x7fff, 0xffff, 0x6, 0x5, 0x80, 0x5, 0x200, 0xfffeffff, 0x1, 0x1, 0x5d9f, 0x7fffffff, 0x5, 0x4, 0x4, 0x9, 0x6, 0xfffffffd, 0x6, 0xfffffffa, 0x2, 0x9d, 0x26, 0x1, 0x2, 0x8001, 0x0, 0x9fa9, 0xfffffff7, 0x8, 0x4, 0x1, 0x1, 0xfffff800, 0x4, 0xfffffffa, 0x5, 0x7, 0xfa4, 0xb, 0x0, 0xff, 0x4, 0x1, 0x7ff, 0x9, 0x8001, 0x20000000, 0xf7c8, 0x3, 0x9123, 0xfffffffb, 0x3, 0x8, 0x0, 0xa, 0x80000000, 0xffffffff, 0x6a52e35e, 0x3, 0x6, 0x5, 0x4, 0x7, 0x8, 0x9, 0xc4, 0x4f, 0x0, 0x5, 0xf0, 0x86, 0x8, 0xfffff949, 0x0, 0x186, 0x9, 0x400, 0x3, 0x2, 0x5, 0x1, 0x3, 0xd, 0x400, 0x3, 0xfffffff7, 0xb, 0x8, 0x4, 0x100, 0x3, 0xd, 0x0, 0x7, 0x7, 0x9, 0x8, 0x9, 0x4, 0x4, 0x5, 0x80000000, 0x7, 0x10001, 0x7f, 0x2, 0x9, 0x40, 0x4, 0x3, 0x4, 0x8, 0x8, 0x6, 0x6, 0x200000, 0x1, 0x3, 0x9, 0x5, 0x4, 0x7, 0x1, 0x6, 0x6, 0x2, 0x7, 0x6, 0x9, 0xbb9, 0x3171dd71, 0x8, 0x3, 0x400, 0x34a3, 0x3, 0x4, 0x35, 0x2, 0x4, 0x0, 0x5, 0x5, 0x2, 0x3fc4, 0x3, 0x5, 0x799a, 0x4, 0x8, 0x8000, 0x8, 0xffff3401, 0x9, 0xffffffc6, 0xf, 0x3, 0x9, 0xffffff49, 0x7fffffff, 0x80000001, 0x5, 0x100, 0x6, 0x1, 0x1ff, 0x3, 0x93, 0x4, 0x5, 0xfffffbba, 0x3, 0x81, 0x4, 0x8, 0xef7, 0x2, 0x2, 0x3, 0x5, 0x6, 0x144, 0xb, 0x1ff, 0xd52, 0x9, 0x7, 0x7, 0x3, 0x28, 0x9, 0x200, 0x0, 0xe1d451c7, 0x200, 0x7, 0x2, 0x8, 0x20, 0x0, 0x1, 0x4, 0x7, 0x6, 0xc5, 0x3, 0xcc, 0xff, 0x9, 0x4, 0x2, 0x5, 0x7, 0x401, 0x9, 0xb3, 0x10, 0xd8, 0xc, 0x1, 0x5, 0x100, 0xd, 0x9, 0x4, 0x3, 0x9, 0x20000, 0x38e, 0xa, 0x8000, 0xfffffffb, 0x4, 0x1, 0x3, 0x932, 0xff, 0x1ff, 0x2, 0x283eb35e, 0x8, 0x1, 0x9, 0x20000, 0x6, 0x8, 0x0, 0x5, 0xcd, 0x3, 0x72e, 0x7fff, 0x675, 0x7, 0x200, 0x9174, 0x3, 0x1, 0x1ff, 0xfffff87a, 0x475c, 0x9, 0x18, 0x3, 0x9, 0x0, 0xc50, 0x101, 0x2, 0x5, 0xe7a7, 0xe4, 0x3, 0x8, 0x80, 0x5, 0x4, 0x9, 0x5, 0x1, 0x7, 0x8, 0xb2, 0x40000, 0x4, 0xa, 0xae3, 0x8, 0x3, 0x7, 0xfffffff9, 0xd01b9cf, 0x7f, 0x1, 0x0, 0x9, 0x30ce, 0x6, 0x6d6, 0xb, 0x8, 0xed, 0xa, 0xfffffff8, 0x580, 0x3, 0x5, 0x0, 0x40, 0x10000, 0x9, 0xf, 0xa, 0x6, 0x8, 0x2, 0x9, 0xffffffff, 0x9, 0x4, 0x9, 0x80000001, 0x2, 0x2400, 0x4, 0x101, 0x10001, 0x8, 0x8, 0x2, 0x6, 0x1000, 0x8, 0x5, 0x8368, 0x80000000, 0x5ca, 0x7, 0x731800, 0x0, 0x5, 0xa, 0x1, 0x4, 0x0, 0x3, 0x1, 0xa5, 0xf06b, 0x3, 0x3a, 0x10001, 0x5, 0x2, 0x81, 0x5, 0xfffffffd, 0x3, 0x0, 0x8, 0x3800000, 0x1, 0xffffffff, 0x8, 0x1ff, 0xffff, 0x0, 0x7, 0x4, 0xffffff7f, 0xfff, 0x2, 0x0, 0x2, 0x3, 0x5, 0x5, 0x3, 0x7, 0x40, 0x6, 0x89e, 0xdb, 0x1, 0xfffffff7, 0x774, 0x81, 0x4, 0x6, 0x3, 0x6, 0x5, 0x4, 0x4, 0x8, 0x1000, 0x0, 0x5, 0x8, 0x7, 0x4, 0x80000001, 0x5, 0x8, 0x80000000, 0xca88, 0x7, 0xaca, 0x7, 0x3, 0x8, 0x0, 0x0, 0x9da1, 0xb8, 0x400, 0x1, 0xffffffff, 0x0, 0x9, 0x8, 0x9, 0x6b, 0x80, 0x3, 0x1dc6b834, 0x1, 0x1a5, 0x4, 0xfffffff8, 0xec, 0x800, 0xa662, 0x7d, 0x4, 0x3, 0x81, 0x0, 0x1, 0x5, 0x0, 0x3, 0x19, 0x4, 0x0, 0xfffffffc, 0x8, 0x3800000, 0xaa2b, 0x101, 0xff00000, 0x8, 0x5, 0x7, 0x6, 0x1, 0x1, 0x38e3a77, 0x1ff, 0x6, 0x10000, 0xd, 0xa, 0x2, 0x4, 0xfe7, 0x0, 0x6, 0x10001, 0x9, 0x4, 0x6, 0x10001, 0xc, 0x7, 0x5, 0x9, 0x0, 0x40, 0x0, 0x0, 0xffff3721, 0x5, 0x90000000, 0xc7b, 0x1, 0x1, 0x3, 0xc176, 0x1, 0x7, 0x5, 0xd6, 0x79, 0xfffffffa, 0x30, 0xfffffffd, 0x4, 0x3, 0x0, 0x76, 0x8, 0x10001, 0x46, 0x7, 0x6, 0x40, 0x9, 0x0, 0x0, 0xa, 0xffff, 0x9, 0x7, 0x9, 0x1, 0xfff, 0x7c000000, 0x62, 0xd, 0x7, 0x9, 0x80000001, 0x1000, 0xe, 0x8, 0xfffffffa, 0x1, 0x3fb0, 0xfffffff7, 0x8, 0x0, 0x9, 0x0, 0x5, 0xe73d, 0x2, 0x4, 0xc, 0x5, 0xffffffff, 0x7, 0x1, 0x0, 0x8, 0x5, 0x24, 0x2, 0x9, 0x888, 0x8, 0x89, 0x9, 0xff, 0x40, 0x4, 0x1, 0x7, 0x80, 0x4, 0xd, 0x80, 0x80000000, 0x9, 0x9, 0x32943b87, 0x42f7, 0x8000, 0x7f, 0x0, 0x40, 0x80000000, 0xf06, 0x7, 0xc5f, 0xc, 0x101, 0x101, 0x0, 0x4, 0x0, 0x6, 0x0, 0x90, 0x9, 0x6, 0xe, 0x8001, 0x8, 0xfff, 0x2, 0x3, 0x8, 0xf2, 0xfffffffe, 0x0, 0x2, 0xa, 0x9, 0x7, 0x920, 0x2, 0x3, 0x793ba283, 0xa150, 0x0, 0xd, 0x401, 0x4, 0xffff, 0xfffffffa, 0x4, 0x4, 0x1, 0x2], 0x1, 0x400, 0xfffffff1}) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$vmci(0xffffff9c, &(0x7f0000000240), 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) socket(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r2, 0x400455c8, 0x466d1a97) semctl$GETZCNT(0x0, 0x1, 0xf, 0x0) openat$nci(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0x6, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="041706004f00000001ca3c1bdd785630277068d487c54be1aa5429015449e856e51f69b4cd946872f98e9f17079f5045cff33862c2813c70385ff8e19fa83a90acd90ab4c4eab4cdf6050296de96"], 0x9) 24m34.521689477s ago: executing program 0 (id=1988): shmctl$IPC_SET(0xffffffffffffffff, 0x1, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x13}, 0x0, 0x1}, 0xe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x50) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x401070c9, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x2014800, 0x0) acct(&(0x7f0000000100)='./file0/bus\x00') chroot(&(0x7f0000000040)='./file0\x00') kexec_load(0x5, 0x3, &(0x7f0000001080), 0x3e0000) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000002600000000c0a010300000000000000000100000008000440000000000900010073797a300000000038000380340000800400018004000680140007800c000100636f756e74657200040002801400018006000100636f756e7465720080040280140000001000010000000000000000000000000a6115823951e1e677cf79ff2b86fec3d0140ce22908a9e22b04d5d92fb3a2eeea4f47ea0ac3793df7e3e12c0751d110c2f5d7c69f1c5c4371cf10b8cafa5728c506db60c69fef704dbc8652dba88ab1736c547c048c7043d26cc3a99eb2ec0258ce9d717bdb2e78bcf03fb63f5c0b3e1dd676d3a9509580120d9b5a10d9e3259108ffca72f3ddeb63fd2640d76a412337a1f0d6062574507a86823f98ec8efd343be01b130a2a"], 0xe4}}, 0x0) 24m33.232059373s ago: executing program 0 (id=1991): r0 = openat$vmci(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7b2, &(0x7f00000001c0)={&(0x7f0000000a40)=[0x0, 0x7, 0x31f, 0x6, 0x4, 0x6, 0x80, 0x9, 0xff, 0xfffffff8, 0x4, 0xafc, 0x4, 0x56f, 0xa, 0x9, 0xfffffffa, 0x0, 0xc88, 0x5, 0x9, 0x12, 0x844, 0x5, 0x9d0, 0x7fff, 0x3, 0x0, 0x8, 0xfffff4e3, 0x72, 0xca2, 0x3, 0x80000000, 0x81, 0xffffff38, 0xffff541e, 0x2c5, 0x5, 0x2, 0xfffffffa, 0x0, 0x8221, 0xd, 0x6, 0x32, 0x10, 0x6, 0x800000, 0x7, 0x5, 0x1ff, 0x5, 0xd2, 0xffff, 0x8fd, 0xa3a, 0xd5e8, 0x8, 0x3, 0x5, 0x0, 0x3, 0x81, 0x2e67, 0x7, 0x688046b4, 0x7, 0x0, 0x7b8, 0x8, 0x4, 0x0, 0x280, 0xbf65, 0x1, 0x401, 0x9, 0x3, 0x9, 0x763e6e27, 0x1, 0x3, 0xc, 0x40, 0x3, 0x89, 0xfff, 0x1, 0x4, 0x4, 0x40, 0x6b, 0xfffffff8, 0x2, 0x6, 0xff, 0x9, 0x0, 0x10001, 0x5, 0xffffff46, 0x1, 0x3, 0x3, 0x0, 0x20000, 0x5, 0xfffffff9, 0xcf41, 0x8, 0x5, 0x7fff, 0x5, 0x1000, 0x6, 0x9c, 0x7, 0x2, 0x1, 0x3, 0xa, 0xffffffff, 0x7, 0x2, 0x0, 0x1, 0xf, 0x5, 0x6, 0xffff, 0x0, 0xfffffffc, 0xe149, 0x19f, 0x3, 0x2, 0x9, 0x0, 0x2c, 0x9, 0x8, 0xce, 0x4, 0x3, 0x7815da1c, 0x8000, 0x4, 0x9, 0x6, 0x8, 0x8000, 0x3, 0x10000, 0xd64, 0x9, 0x4, 0x8, 0x2, 0x3, 0x6, 0x2, 0x10000, 0x1, 0x5, 0xb, 0xffffff74, 0x39, 0x7, 0x9, 0x80000001, 0xfff, 0x8, 0x4, 0x7, 0x4a28, 0x2, 0x8c, 0xfffffff0, 0x7fff, 0x4, 0x0, 0x3ff, 0x4, 0x706, 0xa68, 0x4, 0x2, 0x8, 0x200, 0xee82, 0x2, 0x1ff, 0x401, 0x6, 0x4, 0x400, 0x9fd3, 0x3, 0x8000, 0x4, 0x54, 0x491, 0x0, 0x1000, 0x8, 0x6, 0x0, 0x6000, 0x200, 0x1, 0xffff, 0x9, 0xad0, 0x100, 0xb2, 0x0, 0x1, 0x9, 0xb7f, 0x6, 0x200, 0x1, 0x2, 0x0, 0x2, 0x8, 0xb4c6aba, 0x2, 0x1, 0x3e7f, 0x4, 0x74fe, 0xabff, 0x3, 0x5, 0x9b3e, 0xffffffff, 0x7fff, 0x1, 0x53, 0x7fff, 0x4, 0x8, 0x9, 0x40, 0x9, 0x3, 0x21, 0x7, 0xb, 0x0, 0x3, 0x7fffffff, 0x8, 0xfffffff8, 0x4, 0x1, 0x4, 0x579, 0x7fffffff, 0x3, 0xe, 0x6, 0x8, 0x7, 0x100, 0x52, 0x1, 0xe, 0x7, 0x71df, 0x8651, 0x7, 0x8, 0xffffffff, 0x5, 0x2, 0x79, 0x8, 0x6, 0x1, 0x5, 0xf, 0x1, 0xd, 0x8, 0x9, 0x1, 0x6, 0x7, 0x3, 0xfff, 0xfff, 0x57a1, 0x1, 0x81, 0x1, 0x1ff, 0x7fffffff, 0x6, 0x0, 0x7ff, 0x400, 0x9, 0x649, 0x10001, 0xffff, 0xc, 0x6, 0x1, 0x401, 0x4, 0x5efd0fab, 0xb1bc, 0x5900000, 0xffff, 0x3, 0x5, 0xc50, 0x3, 0xfffffff8, 0x7, 0xaad9, 0x80000001, 0x93, 0xffffffff, 0xfffffffd, 0x4, 0x0, 0x3ff, 0x0, 0x4, 0x8, 0x0, 0x80000000, 0xe68, 0x95, 0x3cf6bcfe, 0xfffffffe, 0x6, 0x4d98, 0x9, 0xffffffff, 0x8d, 0x8, 0x80000001, 0x8, 0xbc43, 0x3, 0x7, 0x7, 0x3, 0x1, 0x9, 0x7, 0x100, 0x6, 0x0, 0x7fff, 0x1, 0x1, 0x5, 0x4, 0x5, 0x1, 0x797, 0x99, 0x49, 0x6, 0x0, 0x80000001, 0x0, 0x7, 0x6, 0x2, 0x3ff, 0x5, 0xd, 0x9, 0x1, 0xfffffff9, 0x9, 0x4, 0x8, 0xd55a, 0x3, 0x4d, 0x7ff, 0x7, 0x9, 0xffffffff, 0x7, 0x5, 0x3ff, 0x5, 0xd6, 0x4, 0x4, 0x9, 0x3000, 0xb773, 0x5, 0x0, 0x4, 0x80000000, 0x10001, 0x7fff, 0xffff, 0x6, 0x5, 0x80, 0x5, 0x200, 0xfffeffff, 0x1, 0x1, 0x5d9f, 0x7fffffff, 0x5, 0x4, 0x4, 0x9, 0x6, 0xfffffffd, 0x6, 0xfffffffa, 0x2, 0x9d, 0x26, 0x1, 0x2, 0x8001, 0x0, 0x9fa9, 0xfffffff7, 0x8, 0x4, 0x1, 0x1, 0xfffff800, 0x4, 0xfffffffa, 0x5, 0x7, 0xfa4, 0xb, 0x0, 0xff, 0x4, 0x1, 0x7ff, 0x9, 0x8001, 0x20000000, 0xf7c8, 0x3, 0x9123, 0xfffffffb, 0x3, 0x8, 0x0, 0xa, 0x80000000, 0xffffffff, 0x6a52e35e, 0x3, 0x6, 0x5, 0x4, 0x7, 0x8, 0x9, 0xc4, 0x4f, 0x0, 0x5, 0xf0, 0x86, 0x8, 0xfffff949, 0x0, 0x186, 0x9, 0x400, 0x3, 0x2, 0x5, 0x1, 0x3, 0xd, 0x400, 0x3, 0xfffffff7, 0xb, 0x8, 0x4, 0x100, 0x3, 0xd, 0x0, 0x7, 0x7, 0x9, 0x8, 0x9, 0x4, 0x4, 0x5, 0x80000000, 0x7, 0x10001, 0x7f, 0x2, 0x9, 0x40, 0x4, 0x3, 0x4, 0x8, 0x8, 0x6, 0x6, 0x200000, 0x1, 0x3, 0x9, 0x5, 0x4, 0x7, 0x1, 0x6, 0x6, 0x2, 0x7, 0x6, 0x9, 0xbb9, 0x3171dd71, 0x8, 0x3, 0x400, 0x34a3, 0x3, 0x4, 0x35, 0x2, 0x4, 0x0, 0x5, 0x5, 0x2, 0x3fc4, 0x3, 0x5, 0x799a, 0x4, 0x8, 0x8000, 0x8, 0xffff3401, 0x9, 0xffffffc6, 0xf, 0x3, 0x9, 0xffffff49, 0x7fffffff, 0x80000001, 0x5, 0x100, 0x6, 0x1, 0x1ff, 0x3, 0x93, 0x4, 0x5, 0xfffffbba, 0x3, 0x81, 0x4, 0x8, 0xef7, 0x2, 0x2, 0x3, 0x5, 0x6, 0x144, 0xb, 0x1ff, 0xd52, 0x9, 0x7, 0x7, 0x3, 0x28, 0x9, 0x200, 0x0, 0xe1d451c7, 0x200, 0x7, 0x2, 0x8, 0x20, 0x0, 0x1, 0x4, 0x7, 0x6, 0xc5, 0x3, 0xcc, 0xff, 0x9, 0x4, 0x2, 0x5, 0x7, 0x401, 0x9, 0xb3, 0x10, 0xd8, 0xc, 0x1, 0x5, 0x100, 0xd, 0x9, 0x4, 0x3, 0x9, 0x20000, 0x38e, 0xa, 0x8000, 0xfffffffb, 0x4, 0x1, 0x3, 0x932, 0xff, 0x1ff, 0x2, 0x283eb35e, 0x8, 0x1, 0x9, 0x20000, 0x6, 0x8, 0x0, 0x5, 0xcd, 0x3, 0x72e, 0x7fff, 0x675, 0x7, 0x200, 0x9174, 0x3, 0x1, 0x1ff, 0xfffff87a, 0x475c, 0x9, 0x18, 0x3, 0x9, 0x0, 0xc50, 0x101, 0x2, 0x5, 0xe7a7, 0xe4, 0x3, 0x8, 0x80, 0x5, 0x4, 0x9, 0x5, 0x1, 0x7, 0x8, 0xb2, 0x40000, 0x4, 0xa, 0xae3, 0x8, 0x3, 0x7, 0xfffffff9, 0xd01b9cf, 0x7f, 0x1, 0x0, 0x9, 0x30ce, 0x6, 0x6d6, 0xb, 0x8, 0xed, 0xa, 0xfffffff8, 0x580, 0x3, 0x5, 0x0, 0x40, 0x10000, 0x9, 0xf, 0xa, 0x6, 0x8, 0x2, 0x9, 0xffffffff, 0x9, 0x4, 0x9, 0x80000001, 0x2, 0x2400, 0x4, 0x101, 0x10001, 0x8, 0x8, 0x2, 0x6, 0x1000, 0x8, 0x5, 0x8368, 0x80000000, 0x5ca, 0x7, 0x731800, 0x0, 0x5, 0xa, 0x1, 0x4, 0x0, 0x3, 0x1, 0xa5, 0xf06b, 0x3, 0x3a, 0x10001, 0x5, 0x2, 0x81, 0x5, 0xfffffffd, 0x3, 0x0, 0x8, 0x3800000, 0x1, 0xffffffff, 0x8, 0x1ff, 0xffff, 0x0, 0x7, 0x4, 0xffffff7f, 0xfff, 0x2, 0x0, 0x2, 0x3, 0x5, 0x5, 0x3, 0x7, 0x40, 0x6, 0x89e, 0xdb, 0x1, 0xfffffff7, 0x774, 0x81, 0x4, 0x6, 0x3, 0x6, 0x5, 0x4, 0x4, 0x8, 0x1000, 0x0, 0x5, 0x8, 0x7, 0x4, 0x80000001, 0x5, 0x8, 0x80000000, 0xca88, 0x7, 0xaca, 0x7, 0x3, 0x8, 0x0, 0x0, 0x9da1, 0xb8, 0x400, 0x1, 0xffffffff, 0x0, 0x9, 0x8, 0x9, 0x6b, 0x80, 0x3, 0x1dc6b834, 0x1, 0x1a5, 0x4, 0xfffffff8, 0xec, 0x800, 0xa662, 0x7d, 0x4, 0x3, 0x81, 0x0, 0x1, 0x5, 0x0, 0x3, 0x19, 0x4, 0x0, 0xfffffffc, 0x8, 0x3800000, 0xaa2b, 0x101, 0xff00000, 0x8, 0x5, 0x7, 0x6, 0x1, 0x1, 0x38e3a77, 0x1ff, 0x6, 0x10000, 0xd, 0xa, 0x2, 0x4, 0xfe7, 0x0, 0x6, 0x10001, 0x9, 0x4, 0x6, 0x10001, 0xc, 0x7, 0x5, 0x9, 0x0, 0x40, 0x0, 0x0, 0xffff3721, 0x5, 0x90000000, 0xc7b, 0x1, 0x1, 0x3, 0xc176, 0x1, 0x7, 0x5, 0xd6, 0x79, 0xfffffffa, 0x30, 0xfffffffd, 0x4, 0x3, 0x0, 0x76, 0x8, 0x10001, 0x46, 0x7, 0x6, 0x40, 0x9, 0x0, 0x0, 0xa, 0xffff, 0x9, 0x7, 0x9, 0x1, 0xfff, 0x7c000000, 0x62, 0xd, 0x7, 0x9, 0x80000001, 0x1000, 0xe, 0x8, 0xfffffffa, 0x1, 0x3fb0, 0xfffffff7, 0x8, 0x0, 0x9, 0x0, 0x5, 0xe73d, 0x2, 0x4, 0xc, 0x5, 0xffffffff, 0x7, 0x1, 0x0, 0x8, 0x5, 0x24, 0x2, 0x9, 0x888, 0x8, 0x89, 0x9, 0xff, 0x40, 0x4, 0x1, 0x7, 0x80, 0x4, 0xd, 0x80, 0x80000000, 0x9, 0x9, 0x32943b87, 0x42f7, 0x8000, 0x7f, 0x0, 0x40, 0x80000000, 0xf06, 0x7, 0xc5f, 0xc, 0x101, 0x101, 0x0, 0x4, 0x0, 0x6, 0x0, 0x90, 0x9, 0x6, 0xe, 0x8001, 0x8, 0xfff, 0x2, 0x3, 0x8, 0xf2, 0xfffffffe, 0x0, 0x2, 0xa, 0x9, 0x7, 0x920, 0x2, 0x3, 0x793ba283, 0xa150, 0x0, 0xd, 0x401, 0x4, 0xffff, 0xfffffffa, 0x4, 0x4, 0x1, 0x2], 0x1, 0x400, 0xfffffff1}) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$vmci(0xffffff9c, &(0x7f0000000240), 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) socket(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r2, 0x400455c8, 0x466d1a97) semctl$GETZCNT(0x0, 0x1, 0xf, 0x0) openat$nci(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0x6, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r3, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x80200, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="041706004f00000001ca3c1bdd785630277068d487c54be1aa5429015449e856e51f69b4cd946872f98e9f17079f5045cff33862c2813c70385ff8e19fa83a90acd90ab4c4eab4cdf6050296de96"], 0x9) 24m32.263799989s ago: executing program 0 (id=1995): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x8, 0x20, 0x4, 0x6c, {{0x14, 0x4, 0x3, 0xc, 0x50, 0x66, 0x0, 0x4a, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0xe}, {[@noop, @noop, @timestamp_prespec={0x44, 0x1c, 0x58, 0x3, 0x4, [{@remote, 0x67a}, {@broadcast, 0x5}, {@local, 0x7}]}, @timestamp_addr={0x44, 0x1c, 0xc0, 0x1, 0x4, [{@remote, 0x7}, {@private=0xa010102, 0x7}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x6}]}]}}}}}) sendmsg$nl_route(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000440)=@ipv6_getaddrlabel={0x60, 0x4a, 0x2, 0x70bd2d, 0x25dfdbfb, {0xa, 0x0, 0x38, 0x0, r1, 0x5}, [@IFAL_ADDRESS={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @empty}}, @IFAL_ADDRESS={0x14, 0x1, @mcast2}, @IFAL_ADDRESS={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @IFAL_LABEL={0x8, 0x2, 0x2}]}, 0x60}, 0x1, 0x0, 0x0, 0x4004000}, 0xc04c041) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2, {0x1}}, './file0\x00'}) 24m31.448779354s ago: executing program 0 (id=1998): r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) sched_setscheduler(0x0, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x7a) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}], 0x1, 0x40800) recvmsg(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/8, 0x8}], 0x1}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x63}], 0x1}}], 0x1, 0x20008000) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r5, &(0x7f0000000000)='\"', 0x1) bind$bt_hci(r6, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r6, &(0x7f0000000000), 0xd) close(r0) r7 = open(&(0x7f0000000000)='./file0\x00', 0x502, 0x98) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) fcntl$setlease(r7, 0x400, 0x1) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000000)='.\x00', 0x20400, 0x74) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000100)={'vxcan1\x00'}) ioctl$F2FS_IOC_MOVE_RANGE(r7, 0x541b, &(0x7f0000000040)) 24m22.98219693s ago: executing program 32 (id=1986): r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) sched_setscheduler(0x0, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x7a) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}], 0x1, 0x40800) recvmsg(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/8, 0x8}], 0x1}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x63}], 0x1}}], 0x1, 0x20008000) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r5, &(0x7f0000000000)='\"', 0x1) bind$bt_hci(r6, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r6, &(0x7f0000000000), 0xd) close(r0) r7 = open(&(0x7f0000000000)='./file0\x00', 0x502, 0x98) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) fcntl$setlease(r7, 0x400, 0x1) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000000)='.\x00', 0x20400, 0x74) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000100)={'vxcan1\x00'}) ioctl$F2FS_IOC_MOVE_RANGE(r7, 0x541b, &(0x7f0000000040)) 24m16.393475351s ago: executing program 33 (id=1998): r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) sched_setscheduler(0x0, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x7a) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}], 0x1, 0x40800) recvmsg(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/8, 0x8}], 0x1}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x63}], 0x1}}], 0x1, 0x20008000) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r5, &(0x7f0000000000)='\"', 0x1) bind$bt_hci(r6, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r6, &(0x7f0000000000), 0xd) close(r0) r7 = open(&(0x7f0000000000)='./file0\x00', 0x502, 0x98) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) fcntl$setlease(r7, 0x400, 0x1) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000000)='.\x00', 0x20400, 0x74) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000100)={'vxcan1\x00'}) ioctl$F2FS_IOC_MOVE_RANGE(r7, 0x541b, &(0x7f0000000040)) 12m34.68303897s ago: executing program 2 (id=6089): bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014fa0000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 12m34.60738149s ago: executing program 2 (id=6090): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x4, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES64=r0, @ANYRES16=r0, @ANYRES32, @ANYBLOB, @ANYRESDEC=r0, @ANYRESHEX=r0], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x5, 0x802, 0xff, 0x1b, 0x402, 0x1c49}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$binfmt_misc(r3, &(0x7f0000000000), 0xd) socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000240)=0x28e) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f00000001c0)=0x2) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) accept4(r4, 0x0, 0x0, 0x0) 12m33.542879848s ago: executing program 2 (id=6103): socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYRES64, @ANYBLOB], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2002, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r4, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[@rights={{0x10, 0x1, 0x1, [r3]}}], 0x10}, 0x0) recvmmsg$unix(r3, &(0x7f0000000f40)=[{{&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000180)=""/144, 0x90}], 0x1, &(0x7f0000000280)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0xc}}], 0xb0}}, {{&(0x7f0000000340), 0x6e, &(0x7f0000000440)=[{&(0x7f00000003c0)=""/111, 0x6f}], 0x1, &(0x7f0000001200)=[@rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}], 0x150}}, {{&(0x7f0000000540)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000640)=""/28, 0x1c}, {&(0x7f0000000680)=""/18, 0x12}], 0x2, &(0x7f0000000700)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x78}}, {{&(0x7f0000000780), 0x6e, &(0x7f0000000e00)=[{&(0x7f0000000800)=""/190, 0xbe}, {&(0x7f00000008c0)=""/64, 0x40}, {&(0x7f0000000900)=""/99, 0x63}, {&(0x7f0000000980)=""/222, 0xde}, {&(0x7f0000000a80)=""/224, 0xe0}, {&(0x7f0000000b80)}, {&(0x7f0000000bc0)=""/237, 0xed}, {&(0x7f0000000cc0)=""/60, 0x3c}, {&(0x7f0000001100)=""/226, 0xe2}], 0x9, &(0x7f0000000e80)=[@cred={{0x18}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0xa0}}], 0x4, 0x20, 0x0) r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3fe, 0x0) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0xfffffffe, 0xa) close_range(r5, 0xffffffffffffffff, 0x0) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001580)={0x1f0, 0x2e, 0x1, 0x70bd2d, 0x0, "", [@nested={0x1de, 0x0, 0x0, 0x1, [@generic="77273e417b3009a815e9152ce966702165ea3196bce46ba4b0abf00187d18b3c9adec7240310d1b032bd36b61378790c5c16df83f69a4375a7944aba7210f8367076ad4ffb95da8a1812bbe70cff02634095912b559c7b449c8cb47a01f1536b8c6b5a134b9505e837ab517f1073f3295e76cd74664242f807c997d16f767af3613c7884abd11c1192b24a57bc9308b200ddb2dc7e42415ef67a93b05a346aa000c8855b2b01065ba3e594e432f363527d3e327b75f6547d26021e41dce5b70b25783166f9b656f1fc4b5ef78d422a41fb7cc004c890764f55974f68f60f6639734ce4f9364eb7da619ee88778173405308b49d4f6", @generic="03b2b742f8c762d187a6852402a2c22160fd08cf61bc87c3158ca503f693d5fda534b375397d94e7a5", @generic="c6f7c5b183f7d0af47c5916b9f7e9017db195533c508ee7ad2c777e1eaf08d4b92281ead73ccbf53c3d41fb4d13dfa94f7c6ff516316f6170e9739a40ec3ac4b628c875b5b611834dad89811b2b747c3d36c2a0a3a30d908bd13fdd53ed8869babfb5cb1d290684d2cec34c5e7d358893ab00aa53800f024a51999d48f1f7c01b9d46406b900a0037a91a2393784ff82194712f19dd145bce5a08a827ecdca9eccc2d28f9f8f3976d16bd15cea091f358d2f63bededc8669c5d3f2df"]}]}, 0x1f0}], 0x1}, 0x0) listen(r7, 0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000a00)) 12m32.243662193s ago: executing program 2 (id=6113): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f00000007c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000001c0)={0x1, 0x2, 0xa}) 12m31.285574923s ago: executing program 2 (id=6114): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="200000006800e97800000000ffdbdf250a0000000000000008000500", @ANYRES32=r1, @ANYBLOB="b99fa0bc4959dadf6a10fb1ef3fd050c7b55b9ec2b0603a1e59592"], 0x20}}, 0x0) r2 = socket(0x23, 0x2, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000440), r2) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2400000068040903000000000000c09fa661f71f13decec077dc971700000a00000000dbb0390d626f93704cf8"], 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'geneve1\x00'}) bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000500)={0x4, 0x0, {0xffffffffffffffff}, {0xffffffffffffffff}, 0x5, 0x3e80000}) prctl$PR_SCHED_CORE(0x3e, 0x2, r5, 0x0, &(0x7f0000000540)) r6 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r7 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r7, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r8 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r8, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x40) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r9, 0xffffffffffffffff, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r6}, 0x8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000080)=ANY=[], 0x0}, 0xfffffffffffffece) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000400)='mm_migrate_pages\x00', r10, 0x0, 0x40}, 0x18) r11 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r11, 0xc004743e, &(0x7f0000000100)) 12m30.795512385s ago: executing program 2 (id=6116): r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x140002, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfffc}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x400}}}]}, 0x38}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=@newtfilter={0x58, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x28, 0x2, [@TCA_FLOW_EMATCHES={0x24, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0xfffa, 0x7, 0x8001}, {{0x2, 0x0, 0x1}, {0x3, 0x0, 0x1, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x0) 12m30.546270984s ago: executing program 34 (id=6116): r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x140002, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfffc}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x400}}}]}, 0x38}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=@newtfilter={0x58, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x28, 0x2, [@TCA_FLOW_EMATCHES={0x24, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0xfffa, 0x7, 0x8001}, {{0x2, 0x0, 0x1}, {0x3, 0x0, 0x1, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x0) 6.845128002s ago: executing program 3 (id=10064): pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000300)=[{&(0x7f00000005c0)="574e0addcfbe1fbb67ec66d582e95e4e257acfc7c45c88a6a160bab4064255e3e9e192612099efc90cde66a711c1b3910c1f07b11d7b9a6801cb0f559b638cc503cd8095fff279f218d341f43f31f554d106866f511fdc320784302a067c456aac026910627a560d1c3485b72ff0b15e30235849e930559a008dd281e66b039806c8b9f58849d5a243596e875f512be7f72d438886a8fab7d79350a83875c9d5983e5d2b452fd1c7b1ea6cc16943fb7b3d669eed0b30b37cd4fabffe05a1050c3cc77ff2a9ad", 0xffffffffffffff2f}], 0x1, 0xd) 6.768051991s ago: executing program 3 (id=10066): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r3, 0x0, 0x0, 0x0) shutdown(r3, 0x1) getsockopt$bt_hci(r3, 0x84, 0x7d, &(0x7f0000000840)=""/4127, &(0x7f0000000000)=0x101f) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f0000000280)={0x7, 0x100, "77c638b05041a0115f44304807e55536b7fc5ae52727d800", 0x1ff, 0x5, 0x79, 0xdf4, 0x100}) r7 = dup(r6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r7, 0x2000) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) syz_io_uring_setup(0xecb, 0x0, &(0x7f0000000480), 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) 6.27984528s ago: executing program 4 (id=10070): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64, @ANYRES64, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x810) 6.209734002s ago: executing program 4 (id=10071): socket$inet6_sctp(0xa, 0x5, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x6, @private0}}}, 0x3a) 5.493059791s ago: executing program 3 (id=10073): r0 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0xd31f, 0x0, 0x3, 0x80}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x1b}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 3.999874369s ago: executing program 4 (id=10079): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r3, 0x100000000) mremap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00003eb000/0x1000)=nil) r4 = openat$cgroup_ro(r2, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0) lremovexattr(0x0, &(0x7f00000001c0)=@known='system.posix_acl_default\x00') write$FUSE_STATX(r4, &(0x7f0000000540)={0x130, 0x0, 0x0, {0x3, 0x6, 0x0, '\x00', {0x2000, 0x5, 0x7, 0xc07, 0x0, 0x0, 0xc000, '\x00', 0x1, 0x3ff, 0x0, 0x3, {0x0, 0x1}, {0x4, 0x800}, {0x961, 0x6a5ad1fb}, {0xfffffffffffffffe}, 0x80000000, 0xdc, 0x7e, 0xa}}}, 0x130) syz_80211_inject_frame(0x0, &(0x7f0000000300)=ANY=[], 0x2e) nanosleep(0x0, 0x0) syz_80211_inject_frame(0x0, &(0x7f0000000500)=ANY=[], 0x20) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 3.856173456s ago: executing program 3 (id=10080): syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r0 = socket(0x2a, 0x2, 0x3) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[], 0x48) ioctl$SIOCSIFMTU(r0, 0x541b, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x24008844) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) r4 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1750bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48) setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, &(0x7f0000000340), 0x4) r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)) write$rfkill(r5, &(0x7f0000000140)={0x2, 0x9, 0x1, 0x1}, 0x8) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) 3.739076564s ago: executing program 6 (id=10081): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) writev(r1, &(0x7f0000000440)=[{&(0x7f00000002c0)='\x00\x00', 0x2}], 0x1) 3.55013579s ago: executing program 6 (id=10082): socket$inet6_sctp(0xa, 0x1, 0x84) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/tcp6\x00') openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000001000)={0x10, 0x140d, 0xe3263c25d365e57d, 0x70bd2a, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x50) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) syz_emit_vhci(&(0x7f0000000140)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmsg$key(0xffffffffffffffff, 0x0, 0x4000040) bind$netlink(0xffffffffffffffff, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x20}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) 2.912499691s ago: executing program 3 (id=10083): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x8006, 0x425b}, &(0x7f0000000240)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r3, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}}) io_uring_enter(r3, 0x6e2, 0x600, 0x1, 0x0, 0x0) 2.720638787s ago: executing program 6 (id=10084): socket$nl_netfilter(0x10, 0x3, 0xc) open_tree(0xffffffffffffff9c, 0x0, 0x89901) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000000201010100000000000000000200000004000180180002801400018008000100b04c94a708000200ac1414aa140019800800010004000000080002"], 0x44}}, 0x0) 2.649281436s ago: executing program 6 (id=10085): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs(0x0, &(0x7f0000019240)='net/netstat\x00') r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) prctl$PR_SET_IO_FLUSHER(0x43, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') pread64(r1, &(0x7f0000000080)=""/196, 0xc4, 0x3) 2.521090161s ago: executing program 4 (id=10086): r0 = socket$kcm(0xa, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x14}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x640100ff, 0x4e20, 0x3, 'lblc\x00', 0x20, 0xa7e, 0x400070}, 0x2c) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 2.450072373s ago: executing program 4 (id=10087): bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-ce\x00'}, 0x58) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) writev(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) rt_sigqueueinfo(r1, 0x2f, &(0x7f00000003c0)={0x40, 0x7fff, 0x4c}) r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x800, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x18) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x11, 0x2, 0x4}, 0x0, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) unshare(0x62040200) socket$netlink(0x10, 0x3, 0x7) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDELRT(r4, 0x890c, &(0x7f0000000080)={0x0, {}, {0x2, 0x0, @broadcast}, {0x2, 0x0, @empty}, 0xab852ebbeefbd6b1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x6}) 2.205408454s ago: executing program 4 (id=10088): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) socket$packet(0x11, 0x3, 0x300) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0) inotify_init1(0x800) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000100)={&(0x7f0000000180)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f0000000040), 0x4000000000000045, r4, 0xcccccccc}) 1.95851449s ago: executing program 3 (id=10089): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3ffffffffffffce, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f0000000180)={'pcl726\x00', [0x4f27, 0x80000001, 0x100003, 0x2, 0x5, 0xcc9, 0xf, 0x7, 0x5, 0x0, 0xefb, 0xfffffffe, 0x6, 0x1, 0x6, 0x101, 0x1000, 0x1a449, 0x7f, 0x40000007, 0x100099, 0xcaa7, 0x7, 0x20001e58, 0x8, 0xe69, 0x3c, 0x8, 0x2005, 0x0, 0xfffffff8]}) 1.780485422s ago: executing program 6 (id=10091): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x64040, 0xd0) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000140)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000180)={{0x80}, 'port0\x00', 0x7e, 0xa1c07, 0x6, 0x0, 0x100000}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x20040810) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00') pread64(r2, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 1.260880783s ago: executing program 5 (id=10095): r0 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x3, 0xd59f80, 0x19ef, 0x6, 0x19ef, 0x3, 0x4, 0x27ff, 0x2800, 0x2, 0x1, 0x0, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}}) 1.18088977s ago: executing program 5 (id=10096): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x48c00, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141102) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) syz_io_uring_setup(0x6ab6, &(0x7f0000000380)={0x0, 0x62c8, 0x20000, 0x3, 0x1f9}, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) 1.160719747s ago: executing program 5 (id=10097): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, 0x0, 0x0}, 0x20) sendmsg$tipc(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000480)="c3e972bd85a6d84136d6dd55048d3593a74f338ce6772ab9a6f64041c2f6fbbecdc08ebcd3192b6a53662dae7c8e9c665e80a5d0925f728dcac30c29793992e588", 0x41}], 0x1, 0x0, 0x0, 0x8010}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="44000000100005040000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010065727370616e00001400028005001600000000000600"], 0x44}}, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x1}, "02"}}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x94) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) writev(r1, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1) 1.020263357s ago: executing program 5 (id=10098): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0xfffffffd}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000001c0)=@ccm_128={{0x303}, "482525f8453014f2", "57ba2290fb0e8d29be8c6468c4f5e38d", "59c34534", "01b49b0000002aa9"}, 0x28) writev(r3, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) 99.237895ms ago: executing program 6 (id=10099): gettid() r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0) r1 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000) r2 = socket(0x2, 0x1, 0x0) r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f00000011c0)=0x7) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, 0x0) ioctl$NBD_DO_IT(r3, 0xab03) mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000080)='udf\x00', 0x2008087, 0x0) 50.656209ms ago: executing program 5 (id=10100): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x18) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="4001000010000100000000000000000064010102000000000000000000000000ff01000000000000000000000000000100000000000000000000200000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe80000000000000e72ff55146b66b6a000000003200000000000000000000000000000000000001feffffffffffffff0500000000000000000000000000000065000000000000000000000000000000010000000000000000000000000000000000000000000000040000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000a0004fdaf0000000000000048000200"], 0x140}, 0x1, 0x0, 0x0, 0x3886f31be662c690}, 0x4000000) 0s ago: executing program 5 (id=10101): keyctl$describe(0x6, 0x0, &(0x7f0000001540)=""/18, 0x12) kernel console output (not intermixed with test programs): 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1656.073425][ T4186] RSP: 002b:00000000f54be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 1656.073438][ T4186] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0 [ 1656.073446][ T4186] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000000 [ 1656.073453][ T4186] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1656.073460][ T4186] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1656.073467][ T4186] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1656.073483][ T4186] [ 1656.528194][ T4197] geneve3: entered promiscuous mode [ 1656.530737][ T4197] geneve3: entered allmulticast mode [ 1657.000565][T31127] usb 50-1: device descriptor read/8, error -110 [ 1657.619885][ T4223] /dev/sr0: Can't open blockdev [ 1657.824878][T31127] usb usb50-port1: attempt power cycle [ 1658.386258][T31127] usb usb50-port1: unable to enumerate USB device [ 1659.426380][ T4253] netlink: 'syz.4.8655': attribute type 1 has an invalid length. [ 1659.499811][ T4262] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1659.500005][ T40] kauditd_printk_skb: 14 callbacks suppressed [ 1659.500020][ T40] audit: type=1326 audit(1756525059.248:7351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4248 comm="syz.4.8655" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f13579 code=0x7ffc0000 [ 1659.743242][ T4265] netlink: 56 bytes leftover after parsing attributes in process `syz.3.8657'. [ 1659.788684][ T40] audit: type=1326 audit(1756525059.248:7352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4248 comm="syz.4.8655" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f13579 code=0x7ffc0000 [ 1659.902568][ T40] audit: type=1326 audit(1756525059.298:7353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4248 comm="syz.4.8655" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f13579 code=0x7ffc0000 [ 1659.931411][ T4267] netlink: 43 bytes leftover after parsing attributes in process `syz.6.8658'. [ 1659.985305][ T40] audit: type=1326 audit(1756525059.298:7354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4248 comm="syz.4.8655" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f13579 code=0x7ffc0000 [ 1659.999011][ T40] audit: type=1326 audit(1756525059.298:7355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4248 comm="syz.4.8655" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f13579 code=0x7ffc0000 [ 1660.010908][ T40] audit: type=1326 audit(1756525059.298:7356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4248 comm="syz.4.8655" exe="/syz-executor" sig=0 arch=40000003 syscall=459 compat=1 ip=0xf7f13579 code=0x7ffc0000 [ 1660.023539][ T40] audit: type=1326 audit(1756525059.298:7357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4248 comm="syz.4.8655" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f13579 code=0x7ffc0000 [ 1660.031932][ T40] audit: type=1326 audit(1756525059.308:7358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4248 comm="syz.4.8655" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f13579 code=0x7ffc0000 [ 1660.040770][ T40] audit: type=1326 audit(1756525059.308:7359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4248 comm="syz.4.8655" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f13579 code=0x7ffc0000 [ 1660.048216][ T40] audit: type=1326 audit(1756525059.308:7360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4248 comm="syz.4.8655" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f13579 code=0x7ffc0000 [ 1661.889513][ T4290] netlink: 'syz.5.8662': attribute type 1 has an invalid length. [ 1662.184979][ T4290] bond1: entered promiscuous mode [ 1662.192098][ T4290] bond1: entered allmulticast mode [ 1662.194136][ T4290] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1662.804311][ T4303] autofs: Bad value for 'fd' [ 1662.947198][ T4309] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1664.234118][ T4327] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8672'. [ 1665.831785][ T4351] lo speed is unknown, defaulting to 1000 [ 1665.837165][ T4342] /dev/sr0: Can't open blockdev [ 1665.844976][ T4355] netlink: 56 bytes leftover after parsing attributes in process `syz.6.8679'. [ 1665.938189][ T4359] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1667.246551][ T3248] IPVS: starting estimator thread 0... [ 1667.345353][ T4383] IPVS: using max 43 ests per chain, 103200 per kthread [ 1668.411766][ T4397] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8689'. [ 1668.688898][ T4403] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8693'. [ 1670.277607][ T4420] /dev/sr0: Can't open blockdev [ 1671.743496][ T4452] netlink: 56 bytes leftover after parsing attributes in process `syz.5.8704'. [ 1672.331908][ T4470] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1672.607984][ T4474] netlink: 56 bytes leftover after parsing attributes in process `syz.6.8712'. [ 1673.357527][ T4493] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1673.670091][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 1673.702079][ T4499] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1673.741074][ T4500] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8717'. [ 1673.889246][ T4501] /dev/sr0: Can't open blockdev [ 1674.949262][ T4515] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8724'. [ 1674.956335][ T4516] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1675.413035][ T4532] netlink: 'syz.3.8728': attribute type 1 has an invalid length. [ 1675.530163][ T4532] bond1: entered promiscuous mode [ 1675.532539][ T4532] bond1: entered allmulticast mode [ 1675.550290][ T4532] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1675.707546][ T4535] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1675.709726][ T4535] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1675.717735][ T4535] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1675.719862][ T4535] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1677.675533][T21416] Bluetooth: hci3: command 0x0406 tx timeout [ 1677.755494][T21416] Bluetooth: hci1: command 0x0c1a tx timeout [ 1677.755509][ T2491] Bluetooth: hci4: command 0x0406 tx timeout [ 1678.858205][ T4545] /dev/sr0: Can't open blockdev [ 1679.745331][T21416] Bluetooth: hci3: command 0x0406 tx timeout [ 1680.139576][ T4585] netlink: 'syz.6.8744': attribute type 10 has an invalid length. [ 1680.143762][ T4585] bridge0: port 2(bridge_slave_1) entered disabled state [ 1680.148083][ T4585] bridge0: port 1(bridge_slave_0) entered disabled state [ 1680.166788][ T4585] bridge0: port 2(bridge_slave_1) entered blocking state [ 1680.169199][ T4585] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1680.172284][ T4585] bridge0: port 1(bridge_slave_0) entered blocking state [ 1680.175085][ T4585] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1680.186070][ T4585] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1680.482853][ T4594] overlayfs: failed to resolve './file1': -2 [ 1680.630276][ T4595] /dev/sr0: Can't open blockdev [ 1680.817048][ T4601] /dev/sr0: Can't open blockdev [ 1680.926055][ T4613] vlan1: entered promiscuous mode [ 1680.928514][ T4613] vlan1: entered allmulticast mode [ 1680.930314][ T4613] veth0_vlan: entered allmulticast mode [ 1681.995498][ T2491] Bluetooth: hci3: command 0x0406 tx timeout [ 1682.805954][ T4638] netlink: 68 bytes leftover after parsing attributes in process `syz.3.8757'. [ 1684.047797][ T4652] /dev/sr0: Can't open blockdev [ 1684.286636][ T4659] netlink: 56 bytes leftover after parsing attributes in process `syz.5.8762'. [ 1684.430285][ T4661] lo speed is unknown, defaulting to 1000 [ 1685.180698][ T4677] netlink: 68 bytes leftover after parsing attributes in process `syz.5.8768'. [ 1686.174422][ T4692] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8773'. [ 1686.213963][ T4693] netlink: 56 bytes leftover after parsing attributes in process `syz.3.8774'. [ 1686.535520][ T4698] tipc: Enabled bearer , priority 0 [ 1686.539055][ T4698] mac80211_hwsim hwsim32 syzkaller0: entered promiscuous mode [ 1686.541980][ T4698] mac80211_hwsim hwsim32 syzkaller0: entered allmulticast mode [ 1686.673153][ T4699] Bluetooth: hci2: Frame reassembly failed (-84) [ 1686.688266][T17678] Bluetooth: hci2: Frame reassembly failed (-84) [ 1687.035727][ T4716] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1687.037751][ T4716] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1687.041171][ T4716] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1687.043718][ T4716] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1687.209888][ T4733] tipc: Enabled bearer , priority 0 [ 1687.214722][ T4733] mac80211_hwsim hwsim30 syzkaller0: entered promiscuous mode [ 1687.218843][ T4733] mac80211_hwsim hwsim30 syzkaller0: entered allmulticast mode [ 1688.569725][ T4746] unknown channel width for channel at 909000KHz? [ 1688.574571][ T4746] tmpfs: Unknown parameter '@' [ 1688.705626][ T2491] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1688.883228][ T4758] tipc: Enabled bearer , priority 0 [ 1688.887244][ T4758] mac80211_hwsim hwsim34 syzkaller0: entered promiscuous mode [ 1688.889791][ T4758] mac80211_hwsim hwsim34 syzkaller0: entered allmulticast mode [ 1689.105780][ T2491] Bluetooth: hci1: command 0x0c1a tx timeout [ 1689.108293][ T2491] Bluetooth: hci4: command 0x0406 tx timeout [ 1689.110743][ T2491] Bluetooth: hci3: command 0x0406 tx timeout [ 1689.181202][ T4763] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1689.184190][ T4763] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1689.188691][ T4763] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1689.755522][ T4777] mac80211_hwsim hwsim34 syzkaller0: left promiscuous mode [ 1689.763716][ T4777] mac80211_hwsim hwsim34 syzkaller0: left allmulticast mode [ 1689.977288][ T4781] netlink: 68 bytes leftover after parsing attributes in process `syz.5.8799'. [ 1690.060215][ T4777] overlayfs: failed to resolve './file1': -2 [ 1691.189459][ T2491] Bluetooth: hci4: command 0x0406 tx timeout [ 1691.189513][T27687] Bluetooth: hci3: command 0x0406 tx timeout [ 1691.265355][T27687] Bluetooth: hci1: command 0x0c1a tx timeout [ 1691.684769][ T4807] comedi comedi0: Minor 7 could not be opened [ 1691.734711][ T4809] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8807'. [ 1692.176328][ T4822] netlink: 56 bytes leftover after parsing attributes in process `syz.3.8808'. [ 1692.360075][ T4823] vlan1: entered promiscuous mode [ 1692.362728][ T4823] vlan1: entered allmulticast mode [ 1692.364513][ T4823] veth0_vlan: entered allmulticast mode [ 1693.840813][ T4846] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8814'. [ 1694.552000][ T29] libceph: connect (1)[c::]:6789 error -101 [ 1694.554316][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 1694.599441][ T4864] ceph: No mds server is up or the cluster is laggy [ 1695.017625][ T4875] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8819'. [ 1695.374347][ T4887] /dev/nullb0: Can't open blockdev [ 1695.421125][ T4889] mac80211_hwsim hwsim32 syzkaller0: left promiscuous mode [ 1695.423601][ T4889] mac80211_hwsim hwsim32 syzkaller0: left allmulticast mode [ 1695.711744][ T4889] overlayfs: failed to resolve './file1': -2 [ 1696.351486][ T4907] FAULT_INJECTION: forcing a failure. [ 1696.351486][ T4907] name failslab, interval 1, probability 0, space 0, times 0 [ 1696.356265][ T4907] CPU: 1 UID: 0 PID: 4907 Comm: syz.3.8829 Not tainted syzkaller #0 PREEMPT(full) [ 1696.356282][ T4907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1696.356289][ T4907] Call Trace: [ 1696.356296][ T4907] [ 1696.356302][ T4907] dump_stack_lvl+0x16c/0x1f0 [ 1696.356324][ T4907] should_fail_ex+0x512/0x640 [ 1696.356419][ T4907] ? fs_reclaim_acquire+0xae/0x150 [ 1696.356444][ T4907] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1696.356462][ T4907] should_failslab+0xc2/0x120 [ 1696.356478][ T4907] __kmalloc_noprof+0xd2/0x510 [ 1696.356496][ T4907] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1696.356513][ T4907] ? tomoyo_profile+0x47/0x60 [ 1696.356524][ T4907] tomoyo_path_number_perm+0x245/0x580 [ 1696.356537][ T4907] ? tomoyo_path_number_perm+0x237/0x580 [ 1696.356552][ T4907] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1696.356579][ T4907] ? find_held_lock+0x2b/0x80 [ 1696.356591][ T4907] ? hook_file_ioctl_common+0x145/0x410 [ 1696.356609][ T4907] ? __fget_files+0x20e/0x3c0 [ 1696.356625][ T4907] security_file_ioctl_compat+0x9b/0x240 [ 1696.356643][ T4907] __ia32_compat_sys_ioctl+0xc3/0x370 [ 1696.356663][ T4907] __do_fast_syscall_32+0x7c/0x3a0 [ 1696.356682][ T4907] do_fast_syscall_32+0x32/0x80 [ 1696.356697][ T4907] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1696.356713][ T4907] RIP: 0023:0xf70ce579 [ 1696.356724][ T4907] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1696.356735][ T4907] RSP: 002b:00000000f54be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1696.356747][ T4907] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000404c4701 [ 1696.356754][ T4907] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 1696.356761][ T4907] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1696.356767][ T4907] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1696.356773][ T4907] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1696.356787][ T4907] [ 1696.356794][ T4907] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1696.385308][ T4900] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1696.480291][ T4900] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1696.483369][ T4900] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1697.456055][ T4938] overlayfs: failed to resolve './file1': -2 [ 1697.631353][ T4945] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1698.465481][T27687] Bluetooth: hci3: command 0x0406 tx timeout [ 1698.545465][T27687] Bluetooth: hci1: command 0x0c1a tx timeout [ 1698.545874][ T2491] Bluetooth: hci4: command 0x0406 tx timeout [ 1700.621230][ T4998] FAULT_INJECTION: forcing a failure. [ 1700.621230][ T4998] name failslab, interval 1, probability 0, space 0, times 0 [ 1700.626373][ T4998] CPU: 3 UID: 0 PID: 4998 Comm: syz.3.8847 Not tainted syzkaller #0 PREEMPT(full) [ 1700.626416][ T4998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1700.626427][ T4998] Call Trace: [ 1700.626433][ T4998] [ 1700.626441][ T4998] dump_stack_lvl+0x16c/0x1f0 [ 1700.626551][ T4998] should_fail_ex+0x512/0x640 [ 1700.626573][ T4998] ? fs_reclaim_acquire+0xae/0x150 [ 1700.626601][ T4998] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1700.626627][ T4998] should_failslab+0xc2/0x120 [ 1700.626651][ T4998] __kmalloc_noprof+0xd2/0x510 [ 1700.626679][ T4998] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1700.626707][ T4998] ? tomoyo_profile+0x47/0x60 [ 1700.626726][ T4998] tomoyo_path_number_perm+0x245/0x580 [ 1700.626746][ T4998] ? tomoyo_path_number_perm+0x237/0x580 [ 1700.626767][ T4998] ? finish_task_switch.isra.0+0x124/0xc10 [ 1700.626791][ T4998] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1700.626811][ T4998] ? rcu_is_watching+0x12/0xc0 [ 1700.626855][ T4998] ? find_held_lock+0x2b/0x80 [ 1700.626872][ T4998] ? hook_file_ioctl_common+0x145/0x410 [ 1700.626902][ T4998] ? __fget_files+0x20e/0x3c0 [ 1700.626927][ T4998] security_file_ioctl_compat+0x9b/0x240 [ 1700.626952][ T4998] __ia32_compat_sys_ioctl+0xc3/0x370 [ 1700.626984][ T4998] __do_fast_syscall_32+0x7c/0x3a0 [ 1700.627011][ T4998] do_fast_syscall_32+0x32/0x80 [ 1700.627034][ T4998] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1700.627057][ T4998] RIP: 0023:0xf70ce579 [ 1700.627073][ T4998] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1700.627090][ T4998] RSP: 002b:00000000f549d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1700.627108][ T4998] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c028aa03 [ 1700.627120][ T4998] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 1700.627131][ T4998] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1700.627141][ T4998] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1700.627151][ T4998] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1700.627175][ T4998] [ 1700.627229][ T4998] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1700.793511][ T5005] ieee802154 phy0 wpan0: encryption failed: -22 [ 1701.300489][ T5009] netlink: 20 bytes leftover after parsing attributes in process `syz.5.8851'. [ 1701.443438][ T5014] FAULT_INJECTION: forcing a failure. [ 1701.443438][ T5014] name failslab, interval 1, probability 0, space 0, times 0 [ 1701.447585][ T5014] CPU: 3 UID: 0 PID: 5014 Comm: syz.3.8852 Not tainted syzkaller #0 PREEMPT(full) [ 1701.447603][ T5014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1701.447611][ T5014] Call Trace: [ 1701.447616][ T5014] [ 1701.447622][ T5014] dump_stack_lvl+0x16c/0x1f0 [ 1701.447644][ T5014] should_fail_ex+0x512/0x640 [ 1701.447662][ T5014] ? fs_reclaim_acquire+0xae/0x150 [ 1701.447680][ T5014] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1701.447697][ T5014] should_failslab+0xc2/0x120 [ 1701.447717][ T5014] __kmalloc_noprof+0xd2/0x510 [ 1701.447736][ T5014] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1701.447753][ T5014] ? tomoyo_profile+0x47/0x60 [ 1701.447765][ T5014] tomoyo_path_number_perm+0x245/0x580 [ 1701.447778][ T5014] ? tomoyo_path_number_perm+0x237/0x580 [ 1701.447792][ T5014] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1701.447819][ T5014] ? find_held_lock+0x2b/0x80 [ 1701.447830][ T5014] ? hook_file_ioctl_common+0x145/0x410 [ 1701.447848][ T5014] ? __fget_files+0x20e/0x3c0 [ 1701.447862][ T5014] security_file_ioctl_compat+0x9b/0x240 [ 1701.447879][ T5014] __ia32_compat_sys_ioctl+0xc3/0x370 [ 1701.447899][ T5014] __do_fast_syscall_32+0x7c/0x3a0 [ 1701.447916][ T5014] do_fast_syscall_32+0x32/0x80 [ 1701.447931][ T5014] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1701.447946][ T5014] RIP: 0023:0xf70ce579 [ 1701.447955][ T5014] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1701.447966][ T5014] RSP: 002b:00000000f54be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1701.447978][ T5014] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c028aa03 [ 1701.447985][ T5014] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 1701.447992][ T5014] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1701.447998][ T5014] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1701.448004][ T5014] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1701.448017][ T5014] [ 1701.448023][ T5014] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1704.620923][ T5053] netlink: 68 bytes leftover after parsing attributes in process `syz.4.8862'. [ 1704.624391][ T5051] netlink: 56 bytes leftover after parsing attributes in process `syz.3.8861'. [ 1704.906552][ T5054] /dev/sr0: Can't open blockdev [ 1709.307300][ T2491] Bluetooth: hci4: ACL packet for unknown connection handle 1481 [ 1710.285158][ T5134] Bluetooth: MGMT ver 1.23 [ 1710.636275][ T5131] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1710.643310][ T5131] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1710.652479][ T5131] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1712.747476][T27687] Bluetooth: hci4: command 0x0406 tx timeout [ 1712.749668][T27687] Bluetooth: hci1: command 0x0c1a tx timeout [ 1712.752011][T27687] Bluetooth: hci3: command 0x0406 tx timeout [ 1715.487503][ T5199] netlink: 68 bytes leftover after parsing attributes in process `syz.4.8896'. [ 1717.002328][ T5217] mac80211_hwsim hwsim30 syzkaller0: left promiscuous mode [ 1717.006856][ T5217] mac80211_hwsim hwsim30 syzkaller0: left allmulticast mode [ 1717.944686][ T5217] overlayfs: failed to resolve './file1': -2 [ 1718.259358][ T5233] hub 2-0:1.0: USB hub found [ 1718.262992][ T5233] hub 2-0:1.0: 6 ports detected [ 1718.277131][ T5238] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1718.605953][T31127] usb 2-1: new high-speed USB device number 3 using ehci-pci [ 1718.739031][ T5243] overlayfs: failed to resolve './file1': -2 [ 1718.861021][ T3248] IPVS: starting estimator thread 0... [ 1718.882277][T31127] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 1718.890168][T31127] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 1718.892835][T31127] usb 2-1: Product: QEMU USB Tablet [ 1718.894657][T31127] usb 2-1: Manufacturer: QEMU [ 1718.905719][T31127] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 1718.939890][T31127] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0010/input/input94 [ 1718.946308][ T5251] IPVS: using max 40 ests per chain, 96000 per kthread [ 1719.123761][T31127] hid-generic 0003:0627:0001.0010: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 1721.595670][ T5283] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1722.210941][T31127] IPVS: starting estimator thread 0... [ 1722.340806][ T5294] netlink: 56 bytes leftover after parsing attributes in process `syz.6.8919'. [ 1722.381468][ T5292] IPVS: using max 43 ests per chain, 103200 per kthread [ 1722.438188][ T5286] overlayfs: failed to resolve './file1': -2 [ 1724.201618][ T40] kauditd_printk_skb: 24 callbacks suppressed [ 1724.201637][ T40] audit: type=1800 audit(1756525123.948:7385): pid=5321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.8925" name="bus" dev="overlay" ino=880 res=0 errno=0 [ 1724.606688][ T5328] /dev/sr0: Can't open blockdev [ 1725.388382][ T5342] overlayfs: failed to resolve './file1': -2 [ 1727.795467][ T5386] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1727.797873][ T5386] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1727.800347][ T5386] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1728.535958][ T5406] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1728.539516][ T5406] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1728.542086][ T5406] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1728.628268][ T2491] Bluetooth: hci1: SCO packet for unknown connection handle 201 [ 1729.566187][ T5431] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1729.571443][ T5431] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1729.578058][ T5431] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1730.956536][ T5464] tipc: Enabling of bearer rejected, already enabled [ 1730.962243][ T5464] mac80211_hwsim hwsim34 syzkaller0: entered promiscuous mode [ 1730.964951][ T5464] mac80211_hwsim hwsim34 syzkaller0: entered allmulticast mode [ 1731.598798][T27687] Bluetooth: hci1: command 0x0c1a tx timeout [ 1731.601907][ T2491] Bluetooth: hci4: command 0x0406 tx timeout [ 1731.605000][ T2491] Bluetooth: hci3: command 0x0406 tx timeout [ 1733.665376][ T5477] Bluetooth: hci1: command 0x0c1a tx timeout [ 1734.118533][ T5514] netlink: 68 bytes leftover after parsing attributes in process `syz.3.8974'. [ 1735.117505][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 1735.583931][ T5540] /dev/sr0: Can't open blockdev [ 1736.881135][ T5565] tipc: Enabling of bearer rejected, already enabled [ 1736.889332][ T5565] tipc: Resetting bearer [ 1737.227955][ T5566] /dev/sr0: Can't open blockdev [ 1737.417566][ T5573] /dev/sr0: Can't open blockdev [ 1737.458818][ T5578] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1738.542641][ T5593] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1738.651244][ T5593] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1738.845560][ T5593] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1738.924443][ T5593] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1738.970994][ T5603] netlink: 'syz.6.8995': attribute type 4 has an invalid length. [ 1738.978569][ T5603] netlink: 48 bytes leftover after parsing attributes in process `syz.6.8995'. [ 1739.043361][ T5603] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1739.208859][ T5605] tipc: Enabling of bearer rejected, already enabled [ 1739.228585][ T5605] tipc: Resetting bearer [ 1739.312429][ T5593] Failed to register nexthop notifier [ 1739.391486][ T5603] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1739.572236][ T5603] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1739.666158][ T5603] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1739.883413][ T12] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1739.892174][ T12] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1739.912811][T17700] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1739.930076][T17700] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1740.989000][ T5637] netlink: 56 bytes leftover after parsing attributes in process `syz.5.9003'. [ 1741.352858][ T5636] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1741.366340][ T5636] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1741.370009][ T5636] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1741.881442][ T5649] tipc: Enabling of bearer rejected, already enabled [ 1743.228447][T22605] usb 11-1: new high-speed USB device number 9 using dummy_hcd [ 1743.274980][ T5672] overlayfs: failed to resolve './file1': -2 [ 1743.425690][ T5477] Bluetooth: hci1: command 0x0c1a tx timeout [ 1743.425762][ T2491] Bluetooth: hci3: command 0x0406 tx timeout [ 1743.430334][T21416] Bluetooth: hci4: command 0x0406 tx timeout [ 1743.445357][T22605] usb 11-1: Using ep0 maxpacket: 16 [ 1743.450346][T22605] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1743.454278][T22605] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1743.458320][T22605] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1743.462835][T22605] usb 11-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 1743.466398][T22605] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1743.482471][T22605] usb 11-1: config 0 descriptor?? [ 1743.901903][T22605] shield 0003:0955:7214.0011: unknown main item tag 0x0 [ 1743.904895][T22605] shield 0003:0955:7214.0011: unknown main item tag 0x0 [ 1743.919912][T22605] shield 0003:0955:7214.0011: unknown main item tag 0x0 [ 1743.923572][T22605] shield 0003:0955:7214.0011: unknown main item tag 0x0 [ 1743.927245][T22605] shield 0003:0955:7214.0011: unknown main item tag 0x0 [ 1743.937451][T22605] input: HID 0955:7214 Haptics as /devices/virtual/input/input95 [ 1743.989819][T22605] shield 0003:0955:7214.0011: Registered Thunderstrike controller [ 1744.014015][T22605] shield 0003:0955:7214.0011: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.6-1/input0 [ 1744.078590][ T5700] mac80211_hwsim hwsim32 syzkaller0: entered promiscuous mode [ 1744.081177][ T5700] mac80211_hwsim hwsim32 syzkaller0: entered allmulticast mode [ 1744.105884][ T5673] netlink: 'syz.6.9014': attribute type 2 has an invalid length. [ 1744.109068][ T5673] netlink: 244 bytes leftover after parsing attributes in process `syz.6.9014'. [ 1744.123144][ T5700] tipc: Resetting bearer [ 1745.138402][T13654] shield 0003:0955:7214.0011: Failed to output Thunderstrike HOSTCMD request HID report due to -ESHUTDOWN [ 1745.142244][T21416] Bluetooth: hci4: unexpected event for opcode 0x0c03 [ 1745.475505][T13654] shield 0003:0955:7214.0011: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 1745.482269][T13654] shield 0003:0955:7214.0011: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 1745.499064][T13654] shield 0003:0955:7214.0011: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 1745.606676][T30359] usb 11-1: reset high-speed USB device number 9 using dummy_hcd [ 1745.735702][T30359] usb 11-1: device descriptor read/64, error -32 [ 1747.495864][T13654] usb 11-1: USB disconnect, device number 9 [ 1748.460191][ T2491] Bluetooth: hci1: command 0x0c1a tx timeout [ 1749.224052][ T5766] mac80211_hwsim hwsim32 syzkaller0: left promiscuous mode [ 1749.227878][ T5766] mac80211_hwsim hwsim32 syzkaller0: left allmulticast mode [ 1749.541540][ T5766] overlayfs: failed to resolve './file1': -2 [ 1750.275701][ T5781] FAULT_INJECTION: forcing a failure. [ 1750.275701][ T5781] name failslab, interval 1, probability 0, space 0, times 0 [ 1750.281499][ T5781] CPU: 1 UID: 0 PID: 5781 Comm: syz.4.9042 Not tainted syzkaller #0 PREEMPT(full) [ 1750.281527][ T5781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1750.281540][ T5781] Call Trace: [ 1750.281549][ T5781] [ 1750.281558][ T5781] dump_stack_lvl+0x16c/0x1f0 [ 1750.281590][ T5781] should_fail_ex+0x512/0x640 [ 1750.281615][ T5781] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1750.281637][ T5781] should_failslab+0xc2/0x120 [ 1750.281661][ T5781] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1750.281681][ T5781] ? __request_region+0x5c/0xf0 [ 1750.281712][ T5781] __request_region+0x5c/0xf0 [ 1750.281739][ T5781] comedi_request_region+0x6d/0x1c0 [ 1750.281767][ T5781] a2150_attach+0x7a/0xbd0 [ 1750.281788][ T5781] comedi_device_attach+0x3b0/0x900 [ 1750.281813][ T5781] do_devconfig_ioctl+0x1b1/0x710 [ 1750.281827][ T5781] ? __mutex_lock+0x1c5/0x1060 [ 1750.281851][ T5781] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 1750.281877][ T5781] ? kasan_save_stack+0x42/0x60 [ 1750.281893][ T5781] ? kasan_save_stack+0x33/0x60 [ 1750.281908][ T5781] ? kasan_save_track+0x14/0x30 [ 1750.281924][ T5781] ? kasan_save_free_info+0x3b/0x60 [ 1750.281946][ T5781] ? __kasan_slab_free+0x60/0x70 [ 1750.281964][ T5781] ? kfree+0x2b4/0x4d0 [ 1750.281977][ T5781] ? tomoyo_path_number_perm+0x470/0x580 [ 1750.282001][ T5781] comedi_unlocked_ioctl+0x165d/0x2f00 [ 1750.282029][ T5781] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 1750.282066][ T5781] ? kasan_quarantine_put+0x10a/0x240 [ 1750.282084][ T5781] ? lockdep_hardirqs_on+0x7c/0x110 [ 1750.282109][ T5781] ? find_held_lock+0x2b/0x80 [ 1750.282129][ T5781] ? tomoyo_path_number_perm+0x295/0x580 [ 1750.282162][ T5781] ? tomoyo_path_number_perm+0x18d/0x580 [ 1750.282186][ T5781] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1750.282211][ T5781] comedi_compat_ioctl+0x1d0/0x990 [ 1750.282232][ T5781] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 1750.282253][ T5781] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1750.282281][ T5781] ? do_vfs_ioctl+0x128/0x14f0 [ 1750.282307][ T5781] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1750.282341][ T5781] ? find_held_lock+0x2b/0x80 [ 1750.282358][ T5781] ? hook_file_ioctl_common+0x145/0x410 [ 1750.282388][ T5781] ? __fget_files+0x20e/0x3c0 [ 1750.282412][ T5781] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 1750.282435][ T5781] __ia32_compat_sys_ioctl+0x242/0x370 [ 1750.282488][ T5781] __do_fast_syscall_32+0x7c/0x3a0 [ 1750.282514][ T5781] do_fast_syscall_32+0x32/0x80 [ 1750.282538][ T5781] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1750.282559][ T5781] RIP: 0023:0xf7f13579 [ 1750.282575][ T5781] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1750.282592][ T5781] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1750.282610][ T5781] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000040946400 [ 1750.282621][ T5781] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1750.282634][ T5781] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1750.282643][ T5781] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1750.282652][ T5781] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1750.282683][ T5781] [ 1750.282722][ T5781] comedi comedi3: ni_at_a2150: I/O port conflict (0x4f27,28) [ 1750.517662][ T5785] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9043'. [ 1750.669147][ T5791] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1751.873723][ T5810] netlink: 56 bytes leftover after parsing attributes in process `syz.3.9049'. [ 1752.638976][ T5830] netlink: 209832 bytes leftover after parsing attributes in process `syz.5.9054'. [ 1753.006859][ T5834] /dev/sr0: Can't open blockdev [ 1753.191017][ T5844] netlink: 32 bytes leftover after parsing attributes in process `syz.3.9057'. [ 1753.199474][ T5844] tipc: Invalid UDP bearer configuration [ 1753.199529][ T5844] tipc: Enabling of bearer rejected, failed to enable media [ 1753.334644][ T5850] binder: 5847:5850 ioctl f505 0 returned -22 [ 1755.168645][ T5864] overlayfs: failed to resolve './file1': -2 [ 1755.957843][ T5873] mac80211_hwsim hwsim40 syzkaller0: entered promiscuous mode [ 1755.961527][ T5873] mac80211_hwsim hwsim40 syzkaller0: entered allmulticast mode [ 1756.359724][ T5885] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1757.235180][ T5894] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9071'. [ 1758.508844][ T5927] mac80211_hwsim hwsim34 syzkaller0: left promiscuous mode [ 1758.511780][ T5927] mac80211_hwsim hwsim34 syzkaller0: left allmulticast mode [ 1759.232071][ T5927] overlayfs: failed to resolve './file1': -2 [ 1760.376987][ T5949] netlink: 68 bytes leftover after parsing attributes in process `syz.5.9082'. [ 1761.827927][ T5960] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2147484288 (4294968576 ns) > initial count (34 ns). Using initial count to start timer. [ 1762.943207][ T5981] mac80211_hwsim hwsim40 syzkaller0: left promiscuous mode [ 1762.948132][ T5981] mac80211_hwsim hwsim40 syzkaller0: left allmulticast mode [ 1763.247024][ T5981] overlayfs: failed to resolve './file1': -2 [ 1763.343821][ T5985] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1763.346809][ T5985] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1763.348815][ T5985] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1763.351168][ T5985] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1764.642188][ T6003] netlink: 68 bytes leftover after parsing attributes in process `syz.6.9094'. [ 1765.265437][ T2491] Bluetooth: hci3: command 0x0406 tx timeout [ 1765.425430][ T2491] Bluetooth: hci1: command 0x0c1a tx timeout [ 1765.429488][T21416] Bluetooth: hci4: command 0x0406 tx timeout [ 1766.530194][ T6021] /dev/sr0: Can't open blockdev [ 1766.542200][ T6024] overlayfs: failed to resolve './file1': -2 [ 1767.505400][T21416] Bluetooth: hci1: command 0x0c1a tx timeout [ 1767.636222][ T6040] /dev/sr0: Can't open blockdev [ 1768.846099][ T6055] /dev/sr0: Can't open blockdev [ 1769.017981][ T6058] netlink: 56 bytes leftover after parsing attributes in process `syz.5.9106'. [ 1769.585415][ T2491] Bluetooth: hci1: command 0x0c1a tx timeout [ 1771.311736][ T6070] overlayfs: failed to resolve './file1': -2 [ 1772.618662][ T6103] /dev/sr0: Can't open blockdev [ 1773.611116][ T6120] netlink: 68 bytes leftover after parsing attributes in process `syz.4.9121'. [ 1774.521769][ T6130] tipc: Started in network mode [ 1774.523484][ T6130] tipc: Node identity 080211000001, cluster identity 4711 [ 1774.529986][ T6130] tipc: Enabled bearer , priority 0 [ 1774.563964][ T6125] overlayfs: failed to resolve './file1': -2 [ 1774.779376][ T6137] netlink: 56 bytes leftover after parsing attributes in process `syz.5.9124'. [ 1775.655754][T29173] tipc: Node number set to 134418688 [ 1777.419286][ T6178] tipc: Enabling of bearer rejected, already enabled [ 1777.563091][ T6176] overlayfs: failed to resolve './file1': -2 [ 1780.146264][ T6211] tipc: Enabling of bearer rejected, already enabled [ 1783.296325][ T6248] /dev/sr0: Can't open blockdev [ 1785.191274][ T6274] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1786.542349][ T6289] tipc: Enabling of bearer rejected, already enabled [ 1786.551778][ T6289] mac80211_hwsim hwsim32 syzkaller0: entered promiscuous mode [ 1786.554729][ T6289] mac80211_hwsim hwsim32 syzkaller0: entered allmulticast mode [ 1787.880323][ T6309] netlink: 68 bytes leftover after parsing attributes in process `syz.5.9166'. [ 1789.003067][ T6320] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1789.154855][ T6327] tipc: Enabling of bearer rejected, already enabled [ 1789.160389][ T6327] mac80211_hwsim hwsim34 syzkaller0: entered promiscuous mode [ 1789.164102][ T6327] mac80211_hwsim hwsim34 syzkaller0: entered allmulticast mode [ 1789.197781][ T6328] netlink: 56 bytes leftover after parsing attributes in process `syz.5.9169'. [ 1790.532037][ T6348] netlink: 56 bytes leftover after parsing attributes in process `syz.6.9174'. [ 1791.503316][ T6356] netlink: 68 bytes leftover after parsing attributes in process `syz.4.9178'. [ 1792.245112][ T6368] tipc: Enabling of bearer rejected, already enabled [ 1792.403782][ T6373] netlink: 68 bytes leftover after parsing attributes in process `syz.6.9182'. [ 1794.087266][ T6386] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1794.092587][ T6386] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1794.096739][ T6386] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1794.268522][ T6400] netlink: 56 bytes leftover after parsing attributes in process `syz.4.9184'. [ 1794.766186][ T6404] netlink: 68 bytes leftover after parsing attributes in process `syz.3.9189'. [ 1795.382727][ T6414] tipc: Enabling of bearer rejected, already enabled [ 1795.985445][T21416] Bluetooth: hci3: command 0x0406 tx timeout [ 1796.145396][T21416] Bluetooth: hci1: command 0x0c1a tx timeout [ 1796.148297][T21416] Bluetooth: hci4: command 0x0406 tx timeout [ 1796.560115][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 1798.233532][ T6450] mac80211_hwsim hwsim34 syzkaller0: left promiscuous mode [ 1798.237148][ T6450] mac80211_hwsim hwsim34 syzkaller0: left allmulticast mode [ 1798.673099][ T6450] overlayfs: failed to resolve './file1': -2 [ 1799.161984][ T6465] tipc: Enabling of bearer rejected, already enabled [ 1799.166615][ T6465] mac80211_hwsim hwsim34 syzkaller0: entered promiscuous mode [ 1799.169736][ T6465] mac80211_hwsim hwsim34 syzkaller0: entered allmulticast mode [ 1800.782952][ T6491] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1800.788477][ T6491] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1800.791367][ T6491] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1801.539358][ T6504] tipc: Enabling of bearer rejected, already enabled [ 1802.705399][ T2491] Bluetooth: hci3: command 0x0406 tx timeout [ 1802.865625][ T2491] Bluetooth: hci1: command 0x0c1a tx timeout [ 1802.867646][T21416] Bluetooth: hci4: command 0x0406 tx timeout [ 1804.751391][ T6567] netlink: 56 bytes leftover after parsing attributes in process `syz.4.9227'. [ 1806.656618][ T6599] tipc: Enabling of bearer rejected, already enabled [ 1806.843034][ T6601] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1806.849188][ T6601] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1806.854111][ T6601] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1807.998912][ T6619] overlayfs: failed to resolve './file1': -2 [ 1808.795632][T21416] Bluetooth: hci3: command 0x0406 tx timeout [ 1808.875358][T21416] Bluetooth: hci1: command 0x0c1a tx timeout [ 1808.875422][ T2491] Bluetooth: hci4: command 0x0406 tx timeout [ 1808.910431][ T6644] tipc: Enabling of bearer rejected, already enabled [ 1810.253148][ T6675] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 1810.255778][ T6675] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1810.261972][ T6675] vhci_hcd vhci_hcd.0: Device attached [ 1810.525310][T31127] usb 45-1: new low-speed USB device number 2 using vhci_hcd [ 1810.855792][ T6677] vhci_hcd: connection reset by peer [ 1810.861283][T17678] vhci_hcd: stop threads [ 1810.863278][T17678] vhci_hcd: release socket [ 1810.868263][T17678] vhci_hcd: disconnect device [ 1812.298228][ T6694] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9267'. [ 1812.304164][ T6694] syz.6.9267 (6694): drop_caches: 4 [ 1813.472488][ T6709] tipc: Enabling of bearer rejected, already enabled [ 1813.476994][ T6709] mac80211_hwsim hwsim40 syzkaller0: entered promiscuous mode [ 1813.479799][ T6709] mac80211_hwsim hwsim40 syzkaller0: entered allmulticast mode [ 1813.536742][ T6711] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1813.920442][ T6715] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1813.931494][ T6715] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1813.936049][ T6715] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1815.685499][T31127] vhci_hcd: vhci_device speed not set [ 1815.906498][T21416] Bluetooth: hci3: command 0x0406 tx timeout [ 1815.985484][T21416] Bluetooth: hci1: command 0x0c1a tx timeout [ 1815.985576][ T5477] Bluetooth: hci4: command 0x0406 tx timeout [ 1816.578453][ T6755] tipc: Enabling of bearer rejected, already enabled [ 1818.177423][ T2491] Bluetooth: hci1: command 0x0c1a tx timeout [ 1818.662519][ T6778] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1818.668294][ T6778] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1818.673866][ T6778] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1820.545397][ T5477] Bluetooth: hci3: command 0x0406 tx timeout [ 1820.705363][ T5477] Bluetooth: hci1: command 0x0c1a tx timeout [ 1820.708181][ T5477] Bluetooth: hci4: command 0x0406 tx timeout [ 1822.147766][ T6833] mac80211_hwsim hwsim40 syzkaller0: left promiscuous mode [ 1822.154396][ T6833] mac80211_hwsim hwsim40 syzkaller0: left allmulticast mode [ 1822.297052][ T6839] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 1822.297052][ T6839] program syz.3.9301 not setting count and/or reply_len properly [ 1823.056754][ T6833] overlayfs: failed to resolve './file1': -2 [ 1824.483142][ T6880] netlink: 56 bytes leftover after parsing attributes in process `syz.3.9304'. [ 1824.488481][T13654] usb 9-1: new high-speed USB device number 34 using dummy_hcd [ 1824.645387][T13654] usb 9-1: Using ep0 maxpacket: 8 [ 1824.653529][T13654] usb 9-1: config 0 has an invalid interface number: 186 but max is 0 [ 1824.656873][T13654] usb 9-1: config 0 has no interface number 0 [ 1824.658828][T13654] usb 9-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1824.662466][T13654] usb 9-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 1824.675820][T13654] usb 9-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 1824.686401][T13654] usb 9-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 1824.777232][T13654] usb 9-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 1824.786641][T13654] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1824.790689][T13654] usb 9-1: Product: syz [ 1824.805378][T13654] usb 9-1: Manufacturer: syz [ 1824.807639][T13654] usb 9-1: SerialNumber: syz [ 1824.818523][T13654] usb 9-1: config 0 descriptor?? [ 1825.451841][ T6892] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1825.459211][ T6892] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1825.467652][ T6892] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1826.499247][ T6906] /dev/sr0: Can't open blockdev [ 1827.105787][T13654] iowarrior 9-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0 [ 1827.145966][T13654] usb 9-1: USB disconnect, device number 34 [ 1827.435586][ T2491] Bluetooth: hci3: command 0x0406 tx timeout [ 1827.515548][ T2491] Bluetooth: hci1: command 0x0c1a tx timeout [ 1827.515811][ T5477] Bluetooth: hci4: command 0x0406 tx timeout [ 1827.691179][ T6929] tipc: Enabling of bearer rejected, already enabled [ 1827.698274][ T6929] mac80211_hwsim hwsim30 syzkaller0: entered promiscuous mode [ 1827.702674][ T6929] mac80211_hwsim hwsim30 syzkaller0: entered allmulticast mode [ 1827.940596][ T6933] netlink: 68 bytes leftover after parsing attributes in process `syz.3.9322'. [ 1829.747336][ T6947] /dev/sr0: Can't open blockdev [ 1830.262569][ T6965] tipc: Enabling of bearer rejected, already enabled [ 1833.053433][ T6995] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1833.058164][ T6995] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1833.060563][ T6995] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1833.323418][ T7007] tipc: Enabling of bearer rejected, already enabled [ 1833.413823][ T7010] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1834.155651][ T7025] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1835.035632][ T2491] Bluetooth: hci3: command 0x0406 tx timeout [ 1835.115476][ T2491] Bluetooth: hci1: command 0x0c1a tx timeout [ 1835.115523][T21416] Bluetooth: hci4: command 0x0406 tx timeout [ 1836.100525][ T7047] mac80211_hwsim hwsim30 syzkaller0: left promiscuous mode [ 1836.104023][ T7047] mac80211_hwsim hwsim30 syzkaller0: left allmulticast mode [ 1836.216338][ T7049] tipc: Enabling of bearer rejected, already enabled [ 1836.216435][ T7041] /dev/sr0: Can't open blockdev [ 1836.671825][ T7047] overlayfs: failed to resolve './file1': -2 [ 1837.185391][ T5477] Bluetooth: hci1: command 0x0c1a tx timeout [ 1837.925339][ T7068] /dev/sr0: Can't open blockdev [ 1839.143030][ T7086] tipc: Enabling of bearer rejected, already enabled [ 1839.275342][ T5477] Bluetooth: hci1: command 0x0c1a tx timeout [ 1839.466558][ T7090] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1839.481795][ T7090] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1839.500699][ T7090] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1839.760324][ T7095] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1839.764004][ T7095] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1839.768274][ T7095] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1841.467313][ T7123] tipc: Enabling of bearer rejected, already enabled [ 1841.471716][ T7123] mac80211_hwsim hwsim30 syzkaller0: entered promiscuous mode [ 1841.474377][ T7123] mac80211_hwsim hwsim30 syzkaller0: entered allmulticast mode [ 1841.745490][ T5477] Bluetooth: hci3: command 0x0406 tx timeout [ 1841.825639][T21416] Bluetooth: hci4: command 0x0406 tx timeout [ 1841.828325][ T5477] Bluetooth: hci1: command 0x0c1a tx timeout [ 1843.232306][ T7152] netlink: 68 bytes leftover after parsing attributes in process `syz.3.9376'. [ 1844.524170][ T7166] syz.4.9379 (7166): attempted to duplicate a private mapping with mremap. This is not supported. [ 1849.449476][ T7215] /dev/sr0: Can't open blockdev [ 1849.596603][ T7216] /dev/sr0: Can't open blockdev [ 1849.903858][ T7225] tipc: Enabling of bearer rejected, already enabled [ 1851.422681][ T40] audit: type=1326 audit(1756525251.168:7386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7255 comm="syz.3.9402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000 [ 1851.433755][ T40] audit: type=1326 audit(1756525251.168:7387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7255 comm="syz.3.9402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000 [ 1851.443546][ T40] audit: type=1326 audit(1756525251.168:7388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7255 comm="syz.3.9402" exe="/syz-executor" sig=0 arch=40000003 syscall=395 compat=1 ip=0xf70ce579 code=0x7ffc0000 [ 1851.443597][ T40] audit: type=1326 audit(1756525251.168:7389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7255 comm="syz.3.9402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000 [ 1851.443640][ T40] audit: type=1326 audit(1756525251.168:7390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7255 comm="syz.3.9402" exe="/syz-executor" sig=0 arch=40000003 syscall=397 compat=1 ip=0xf70ce579 code=0x7ffc0000 [ 1851.443682][ T40] audit: type=1326 audit(1756525251.168:7391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7255 comm="syz.3.9402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000 [ 1851.486354][ T40] audit: type=1326 audit(1756525251.168:7392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7255 comm="syz.3.9402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000 [ 1851.486405][ T40] audit: type=1326 audit(1756525251.188:7393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7255 comm="syz.3.9402" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf70ce579 code=0x7ffc0000 [ 1851.486444][ T40] audit: type=1326 audit(1756525251.188:7394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7255 comm="syz.3.9402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000 [ 1851.486483][ T40] audit: type=1326 audit(1756525251.188:7395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7255 comm="syz.3.9402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000 [ 1851.695553][ T7264] tipc: Enabling of bearer rejected, already enabled [ 1851.938258][T21416] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1851.946084][T21416] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1851.954445][T21416] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1851.966210][T21416] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1851.968819][T21416] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1852.074013][ T1553] syz_tun (unregistering): left allmulticast mode [ 1852.109921][ T7270] lo speed is unknown, defaulting to 1000 [ 1852.288971][ T7270] chnl_net:caif_netlink_parms(): no params data found [ 1852.328342][ T7282] netlink: 68 bytes leftover after parsing attributes in process `syz.3.9408'. [ 1852.377253][ T7273] /dev/sr0: Can't open blockdev [ 1852.505399][ T7270] bridge0: port 1(bridge_slave_0) entered blocking state [ 1852.509962][ T7270] bridge0: port 1(bridge_slave_0) entered disabled state [ 1852.512571][ T7270] bridge_slave_0: entered allmulticast mode [ 1852.517395][ T7270] bridge_slave_0: entered promiscuous mode [ 1852.524070][ T7270] bridge0: port 2(bridge_slave_1) entered blocking state [ 1852.527625][ T7270] bridge0: port 2(bridge_slave_1) entered disabled state [ 1852.530767][ T7270] bridge_slave_1: entered allmulticast mode [ 1852.535045][ T7270] bridge_slave_1: entered promiscuous mode [ 1852.628392][ T7270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1852.636870][ T7270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1852.685409][ T5859] bridge_slave_1: left allmulticast mode [ 1852.688173][ T5859] bridge_slave_1: left promiscuous mode [ 1852.693566][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state [ 1852.708279][ T5859] bridge_slave_0: left allmulticast mode [ 1852.710938][ T5859] bridge_slave_0: left promiscuous mode [ 1852.717835][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state [ 1853.723880][ T5859] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1853.733256][ T5859] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1853.740713][ T5859] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 1853.746040][ T5859] bond0 (unregistering): Released all slaves [ 1853.997475][ T5477] Bluetooth: hci2: command tx timeout [ 1854.023216][ T5859] bond1 (unregistering): Released all slaves [ 1854.186636][ T7270] team0: Port device team_slave_0 added [ 1854.195643][ T5859] tipc: Disabling bearer [ 1854.198406][ T5859] tipc: Disabling bearer [ 1854.200767][ T5859] tipc: Disabling bearer [ 1854.237816][ T5859] tipc: Left network mode [ 1854.244773][ T7270] team0: Port device team_slave_1 added [ 1854.263438][ T5859] IPVS: stopping backup sync thread 1995 ... [ 1854.310212][ T7270] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1854.313213][ T7270] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1854.330733][ T7270] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1854.336066][ T7306] tipc: Enabling of bearer rejected, already enabled [ 1854.351983][ T7270] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1854.355336][ T7270] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1854.373743][ T7270] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1854.381055][ T7308] mac80211_hwsim hwsim40 syzkaller0: entered promiscuous mode [ 1854.384732][ T7308] mac80211_hwsim hwsim40 syzkaller0: entered allmulticast mode [ 1854.501357][ T7270] hsr_slave_0: entered promiscuous mode [ 1854.504791][ T7270] hsr_slave_1: entered promiscuous mode [ 1854.507746][ T7270] debugfs: 'hsr0' already exists in 'hsr' [ 1854.510030][ T7270] Cannot create hsr debugfs directory [ 1854.886968][ T5859] hsr_slave_0: left promiscuous mode [ 1854.896077][ T5859] hsr_slave_1: left promiscuous mode [ 1854.899418][ T5859] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1854.903334][ T5859] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1854.909718][ T5859] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1854.913222][ T5859] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1854.947639][ T7317] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1854.951717][ T7317] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1854.955737][ T7317] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1854.959024][ T7317] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1854.961687][ T7317] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1854.962358][ T5859] veth1_macvtap: left promiscuous mode [ 1854.965984][ T5859] veth0_macvtap: left promiscuous mode [ 1854.968487][ T5859] veth1_vlan: left promiscuous mode [ 1854.972733][ T7317] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1856.945408][ T5477] Bluetooth: hci3: command 0x0406 tx timeout [ 1857.035605][ T2491] Bluetooth: hci4: command 0x0406 tx timeout [ 1857.038223][T21416] Bluetooth: hci1: command 0x0c1a tx timeout [ 1857.041276][ T5477] Bluetooth: hci2: command 0x040f tx timeout [ 1857.048776][ T5859] team0 (unregistering): Port device team_slave_1 removed [ 1857.215856][ T5859] team0 (unregistering): Port device team_slave_0 removed [ 1857.706703][ T7348] netlink: 56 bytes leftover after parsing attributes in process `syz.6.9422'. [ 1857.998056][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 1858.581628][T29173] lo speed is unknown, defaulting to 1000 [ 1858.583759][T29173] infiniband syz0: ib_query_port failed (-19) [ 1858.601568][ T7352] tipc: Enabling of bearer rejected, already enabled [ 1858.697617][ T7354] mac80211_hwsim hwsim34 syzkaller0: left promiscuous mode [ 1858.701499][ T7354] mac80211_hwsim hwsim34 syzkaller0: left allmulticast mode [ 1858.990975][ T7354] overlayfs: failed to resolve './file1': -2 [ 1859.114785][ T5477] Bluetooth: hci2: command 0x040f tx timeout [ 1859.660379][ T7382] No control pipe specified [ 1859.891243][ T7270] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1859.921027][ T7270] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1859.927478][ T7270] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1859.932450][ T7270] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1860.076153][ T7270] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1860.093581][ T7270] 8021q: adding VLAN 0 to HW filter on device team0 [ 1860.110178][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state [ 1860.113038][ T5859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1860.122060][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state [ 1860.124662][ T5859] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1860.289760][ T7270] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1860.666981][ T7270] veth0_vlan: entered promiscuous mode [ 1860.678936][ T7270] veth1_vlan: entered promiscuous mode [ 1860.731587][ T7270] veth0_macvtap: entered promiscuous mode [ 1860.763136][ T7270] veth1_macvtap: entered promiscuous mode [ 1860.780230][ T7270] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1860.803484][ T7270] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1860.837793][ T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1860.841865][ T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1860.850950][ T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1860.854695][ T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1860.951540][ T5859] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1860.954558][ T5859] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1860.971672][ T5859] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1860.975853][ T5859] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1861.185552][ T5477] Bluetooth: hci2: command 0x040f tx timeout [ 1861.328243][ T7423] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1861.330324][ T7423] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1861.335943][ T7423] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1861.338975][ T7423] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1862.306043][ T7432] /dev/sr0: Can't open blockdev [ 1862.575139][ T7448] netlink: 56 bytes leftover after parsing attributes in process `syz.3.9434'. [ 1863.172509][ T7460] autofs: Unknown parameter 'ZqDC7D&C$뙾4_4DY!Iu&}Ƌm{DL"fa&]JA' [ 1863.275350][ T5477] Bluetooth: hci3: command 0x0406 tx timeout [ 1863.345971][ T5477] Bluetooth: hci2: command 0x040f tx timeout [ 1863.346022][ T2491] Bluetooth: hci4: command 0x0406 tx timeout [ 1863.350197][T21416] Bluetooth: hci1: command 0x0c1a tx timeout [ 1864.633363][ T7471] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1864.645883][ T7471] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1864.663281][ T7471] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1864.674801][ T7471] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1865.260313][ T7486] autofs: Unknown parameter 'ZqDC7D&C$뙾4_4DY!Iu&}Ƌm{DL"fa&]JA' [ 1866.306749][ T2491] Bluetooth: hci3: command 0x0406 tx timeout [ 1866.705830][ T2491] Bluetooth: hci2: command 0x040f tx timeout [ 1866.706136][ T5477] Bluetooth: hci4: command 0x0406 tx timeout [ 1866.708239][T21416] Bluetooth: hci1: command 0x0c1a tx timeout [ 1866.781950][ T7506] netlink: 56 bytes leftover after parsing attributes in process `syz.5.9449'. [ 1868.420907][ T7533] mac80211_hwsim hwsim30 syzkaller0: left promiscuous mode [ 1868.423487][ T7533] mac80211_hwsim hwsim30 syzkaller0: left allmulticast mode [ 1868.670517][ T7533] overlayfs: failed to resolve './file1': -2 [ 1868.731036][ T7535] tipc: Resetting bearer [ 1872.615658][ T7593] overlayfs: failed to resolve './file1': -2 [ 1873.745385][ T7585] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 1873.745501][T21416] Bluetooth: hci3: command 0x0406 tx timeout [ 1874.364413][ T7585] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1874.367482][ T7585] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1874.370183][ T7585] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1874.560472][ T7604] netlink: 68 bytes leftover after parsing attributes in process `syz.5.9473'. [ 1875.825413][T21416] Bluetooth: hci4: command 0x0406 tx timeout [ 1876.395477][T21416] Bluetooth: hci2: command 0x040f tx timeout [ 1876.399042][T21416] Bluetooth: hci1: command 0x0c1a tx timeout [ 1876.694586][ T7623] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8) [ 1876.698878][ T7623] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1876.704350][ T7623] vhci_hcd vhci_hcd.0: Device attached [ 1876.843395][ T5477] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1876.849266][ T5477] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1876.857758][ T5477] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1876.867816][ T5477] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1876.874251][ T5477] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1877.151921][T17682] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1877.171098][ T7647] chnl_net:caif_netlink_parms(): no params data found [ 1877.297959][T17682] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1877.309604][ T7647] bridge0: port 1(bridge_slave_0) entered blocking state [ 1877.313432][ T7647] bridge0: port 1(bridge_slave_0) entered disabled state [ 1877.320384][ T7647] bridge_slave_0: entered allmulticast mode [ 1877.324116][ T7647] bridge_slave_0: entered promiscuous mode [ 1877.328327][ T7647] bridge0: port 2(bridge_slave_1) entered blocking state [ 1877.330824][ T7647] bridge0: port 2(bridge_slave_1) entered disabled state [ 1877.334092][ T7647] bridge_slave_1: entered allmulticast mode [ 1877.340289][ T7647] bridge_slave_1: entered promiscuous mode [ 1877.406298][T17682] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1877.417134][ T7647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1877.424055][ T7647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1877.483234][T17682] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1877.497096][ T7647] team0: Port device team_slave_0 added [ 1877.508252][ T7647] team0: Port device team_slave_1 added [ 1877.523964][ T6735] usb 47-1: new high-speed USB device number 4 using vhci_hcd [ 1877.585100][ T7647] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1877.590655][ T7647] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1877.602417][ T7647] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1877.609026][ T7647] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1877.612287][ T7647] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1877.625136][ T7635] vhci_hcd: connection reset by peer [ 1877.625707][ T7647] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1877.627771][T17700] vhci_hcd: stop threads [ 1877.627785][T17700] vhci_hcd: release socket [ 1877.629405][T17700] vhci_hcd: disconnect device [ 1877.688803][ T5477] Bluetooth: hci1: unknown advertising packet type: 0x64 [ 1877.688890][ T5477] Bluetooth: hci1: Malformed LE Event: 0x02 [ 1877.742042][ T7647] hsr_slave_0: entered promiscuous mode [ 1877.748308][ T7647] hsr_slave_1: entered promiscuous mode [ 1877.751608][ T7647] debugfs: 'hsr0' already exists in 'hsr' [ 1877.753719][ T7647] Cannot create hsr debugfs directory [ 1877.885675][ T7665] netlink: 68 bytes leftover after parsing attributes in process `syz.6.9488'. [ 1878.934921][T17682] bridge_slave_1: left allmulticast mode [ 1878.937679][T17682] bridge_slave_1: left promiscuous mode [ 1878.940255][T17682] bridge0: port 2(bridge_slave_1) entered disabled state [ 1878.945406][ T5477] Bluetooth: hci0: command tx timeout [ 1878.946220][T17682] bridge_slave_0: left allmulticast mode [ 1878.951091][T17682] bridge_slave_0: left promiscuous mode [ 1878.953452][T17682] bridge0: port 1(bridge_slave_0) entered disabled state [ 1880.360156][ T7696] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1880.735613][T17682] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1880.747924][ T7694] /dev/sr0: Can't open blockdev [ 1880.756462][T17682] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1880.766479][T17682] bond0 (unregistering): Released all slaves [ 1881.035010][ T5477] Bluetooth: hci0: command tx timeout [ 1881.130818][T17682] bond1 (unregistering): Released all slaves [ 1881.343877][T17682] tipc: Disabling bearer [ 1881.383943][T17682] tipc: Disabling bearer [ 1881.439481][T17682] tipc: Left network mode [ 1881.621530][T17682] IPVS: stopping backup sync thread 31221 ... [ 1882.108391][ T7714] /dev/sr0: Can't open blockdev [ 1882.499325][T17682] hsr_slave_0: left promiscuous mode [ 1882.504595][T17682] hsr_slave_1: left promiscuous mode [ 1882.509692][T17682] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1882.512386][T17682] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1882.522956][T17682] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1882.529287][T17682] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1882.603393][T17682] veth1_macvtap: left promiscuous mode [ 1882.605890][T17682] veth0_macvtap: left promiscuous mode [ 1882.608180][T17682] veth1_vlan: left promiscuous mode [ 1882.766130][ T6735] vhci_hcd: vhci_device speed not set [ 1883.105485][ T5477] Bluetooth: hci0: command tx timeout [ 1883.651868][ T7745] /dev/sr0: Can't open blockdev [ 1884.433151][ T7754] netlink: 56 bytes leftover after parsing attributes in process `syz.4.9505'. [ 1884.764478][T17682] team0 (unregistering): Port device team_slave_1 removed [ 1884.925481][T17682] team0 (unregistering): Port device team_slave_0 removed [ 1885.185748][ T5477] Bluetooth: hci0: command tx timeout [ 1886.501526][ T7647] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1886.591226][ T7647] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1886.806082][ T7647] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1886.823983][ T7647] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1887.074665][ T7647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1887.144633][ T7647] 8021q: adding VLAN 0 to HW filter on device team0 [ 1887.162201][T17678] bridge0: port 1(bridge_slave_0) entered blocking state [ 1887.164973][T17678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1887.185480][T17678] bridge0: port 2(bridge_slave_1) entered blocking state [ 1887.188019][T17678] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1887.215852][T17682] IPVS: stop unused estimator thread 0... [ 1887.247946][ T7647] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1887.461010][ T7647] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1887.498875][ T7647] veth0_vlan: entered promiscuous mode [ 1887.517169][ T7647] veth1_vlan: entered promiscuous mode [ 1887.550833][ T7647] veth0_macvtap: entered promiscuous mode [ 1887.556748][ T7647] veth1_macvtap: entered promiscuous mode [ 1887.566134][ T7647] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1887.572952][ T7647] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1887.581791][T17700] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1887.590569][T17700] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1887.594537][T17700] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1887.608028][T17700] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1888.009311][ T7791] /dev/sr0: Can't open blockdev [ 1888.118333][T17663] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1888.122173][T17663] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1888.217273][T17663] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1888.236188][T17663] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1888.699877][ T5477] Bluetooth: hci0: Unable to find connection for big 0x00 [ 1888.938940][ T7811] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1889.408311][ T7814] overlayfs: failed to resolve './file1': -2 [ 1889.416799][ T7814] tipc: Resetting bearer [ 1889.655926][ T7815] /dev/sr0: Can't open blockdev [ 1890.218389][ T7839] netlink: 56 bytes leftover after parsing attributes in process `syz.4.9518'. [ 1890.265714][ T7842] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9522'. [ 1890.755442][T13291] usb 11-1: new high-speed USB device number 10 using dummy_hcd [ 1890.925508][T13291] usb 11-1: Using ep0 maxpacket: 16 [ 1890.929046][T13291] usb 11-1: config index 0 descriptor too short (expected 2587, got 27) [ 1890.931735][T13291] usb 11-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1890.937346][T13291] usb 11-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 1890.942366][T13291] usb 11-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1890.955025][T13291] usb 11-1: config 1 interface 0 has no altsetting 0 [ 1891.376547][T13291] usb 11-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1891.389709][T13291] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1891.392939][T13291] usb 11-1: Product: syz [ 1891.394665][T13291] usb 11-1: Manufacturer: syz [ 1891.413663][T13291] usb 11-1: SerialNumber: syz [ 1893.192613][T13291] usblp 11-1:1.0: usblp0: USB Unidirectional printer dev 10 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 1893.211784][T13291] usb 11-1: USB disconnect, device number 10 [ 1893.219807][T13291] usblp0: removed [ 1895.091282][ T7935] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1895.771787][ T7930] netlink: 56 bytes leftover after parsing attributes in process `syz.4.9543'. [ 1896.252559][ T7950] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 1896.257557][ T7950] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 1896.260874][ T7950] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 1897.563177][ T7984] macsec0: entered promiscuous mode [ 1897.568528][ T7984] macsec0: entered allmulticast mode [ 1897.570918][ T7984] veth1_macvtap: entered allmulticast mode [ 1898.537826][ T8000] netlink: 68 bytes leftover after parsing attributes in process `syz.3.9565'. [ 1899.464175][ T8016] netlink: 68 bytes leftover after parsing attributes in process `syz.5.9569'. [ 1902.991830][ T8053] /dev/sr0: Can't open blockdev [ 1904.258099][ T8071] netlink: 16 bytes leftover after parsing attributes in process `syz.6.9584'. [ 1905.099567][ T8089] /dev/sr0: Can't open blockdev [ 1905.765022][ T8095] overlayfs: failed to resolve './file1': -2 [ 1907.692489][ T8122] team0: Port device team_slave_0 removed [ 1907.830452][ T8131] netlink: 56 bytes leftover after parsing attributes in process `syz.5.9597'. [ 1912.400289][ T8221] netlink: 68 bytes leftover after parsing attributes in process `syz.6.9628'. [ 1914.234000][T31366] syz_tun (unregistering): left allmulticast mode [ 1914.260348][T21416] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1914.270629][T21416] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1914.278825][T21416] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1914.292138][T21416] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1914.298962][T21416] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1914.419533][T17663] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1914.623089][T17663] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1914.717639][T17663] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1914.754173][ T8242] chnl_net:caif_netlink_parms(): no params data found [ 1914.897663][T17663] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1915.723046][ T8242] bridge0: port 1(bridge_slave_0) entered blocking state [ 1915.726952][ T8242] bridge0: port 1(bridge_slave_0) entered disabled state [ 1915.730726][ T8242] bridge_slave_0: entered allmulticast mode [ 1915.747199][ T8242] bridge_slave_0: entered promiscuous mode [ 1915.751568][ T8242] bridge0: port 2(bridge_slave_1) entered blocking state [ 1915.754278][ T8242] bridge0: port 2(bridge_slave_1) entered disabled state [ 1915.757235][ T8242] bridge_slave_1: entered allmulticast mode [ 1915.760823][ T8242] bridge_slave_1: entered promiscuous mode [ 1916.108528][ T8242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1916.172366][ T8282] netlink: 56 bytes leftover after parsing attributes in process `syz.3.9643'. [ 1916.173262][ T8242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1916.338527][T17663] bridge_slave_1: left allmulticast mode [ 1916.344333][T17663] bridge_slave_1: left promiscuous mode [ 1916.349579][T17663] bridge0: port 2(bridge_slave_1) entered disabled state [ 1916.376970][T17663] bridge_slave_0: left allmulticast mode [ 1916.382860][T17663] bridge_slave_0: left promiscuous mode [ 1916.387858][T17663] bridge0: port 1(bridge_slave_0) entered disabled state [ 1916.397081][T21416] Bluetooth: hci3: command tx timeout [ 1916.906644][T17663] bond1 (unregistering): (slave geneve2): Releasing active interface [ 1917.399397][T17663] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1917.404159][T17663] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1917.408291][T17663] bond0 (unregistering): Released all slaves [ 1917.623742][T17663] bond1 (unregistering): Released all slaves [ 1917.631405][T17663] bond2 (unregistering): Released all slaves [ 1917.679216][ T8242] team0: Port device team_slave_0 added [ 1917.710824][ T8242] team0: Port device team_slave_1 added [ 1917.856723][T17663] tipc: Disabling bearer [ 1917.858877][T17663] tipc: Disabling bearer [ 1917.863259][T17663] tipc: Left network mode [ 1917.906513][T17663] IPVS: stopping backup sync thread 1860 ... [ 1917.942810][ T8242] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1917.947292][ T8242] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1917.959193][ T8242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1917.978728][ T8242] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1917.981150][ T8242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1917.993769][ T8242] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1918.078323][ T8242] hsr_slave_0: entered promiscuous mode [ 1918.080882][ T8242] hsr_slave_1: entered promiscuous mode [ 1918.083708][ T8242] debugfs: 'hsr0' already exists in 'hsr' [ 1918.086601][ T8242] Cannot create hsr debugfs directory [ 1918.465848][T21416] Bluetooth: hci3: command tx timeout [ 1918.472867][T17663] hsr_slave_0: left promiscuous mode [ 1918.476388][T17663] hsr_slave_1: left promiscuous mode [ 1918.479073][T17663] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1918.482815][T17663] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1918.492138][T17663] veth1_macvtap: left allmulticast mode [ 1919.445361][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 1920.555476][T21416] Bluetooth: hci3: command tx timeout [ 1920.817693][ T8348] netlink: 68 bytes leftover after parsing attributes in process `syz.3.9659'. [ 1922.196604][T17663] team0 (unregistering): Port device team_slave_1 removed [ 1922.420452][T17663] team0 (unregistering): Port device team_slave_0 removed [ 1922.631134][T21416] Bluetooth: hci3: command tx timeout [ 1924.871316][ T8242] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1924.894762][ T8242] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1924.931833][ T8242] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1924.953367][T17663] IPVS: stop unused estimator thread 0... [ 1924.957927][ T8242] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1925.116208][ T8242] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1925.134359][ T8242] 8021q: adding VLAN 0 to HW filter on device team0 [ 1925.142676][T17663] bridge0: port 1(bridge_slave_0) entered blocking state [ 1925.145157][T17663] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1925.154600][T17663] bridge0: port 2(bridge_slave_1) entered blocking state [ 1925.157289][T17663] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1925.361381][ T8242] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1925.397856][ T8384] /dev/sr0: Can't open blockdev [ 1925.533658][ T8242] veth0_vlan: entered promiscuous mode [ 1925.543920][ T8242] veth1_vlan: entered promiscuous mode [ 1925.559490][ T8242] veth0_macvtap: entered promiscuous mode [ 1925.564134][ T8242] veth1_macvtap: entered promiscuous mode [ 1925.579182][ T8242] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1925.586503][ T8242] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1925.593847][T17682] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1925.598801][T17682] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1925.602630][T17682] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1925.607865][T17682] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1925.654861][T17686] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1925.670199][T17686] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1925.702823][T17669] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1925.706007][T17669] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1927.666996][ T8447] /dev/sr0: Can't open blockdev [ 1930.539868][ T8501] netlink: 68 bytes leftover after parsing attributes in process `syz.5.9686'. [ 1931.525849][ T8511] FAULT_INJECTION: forcing a failure. [ 1931.525849][ T8511] name failslab, interval 1, probability 0, space 0, times 0 [ 1931.531569][ T8511] CPU: 1 UID: 0 PID: 8511 Comm: syz.6.9690 Not tainted syzkaller #0 PREEMPT(full) [ 1931.531586][ T8511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1931.531593][ T8511] Call Trace: [ 1931.531598][ T8511] [ 1931.531603][ T8511] dump_stack_lvl+0x16c/0x1f0 [ 1931.531642][ T8511] should_fail_ex+0x512/0x640 [ 1931.531665][ T8511] should_failslab+0xc2/0x120 [ 1931.531681][ T8511] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1931.531695][ T8511] ? skb_clone+0x190/0x3f0 [ 1931.531714][ T8511] skb_clone+0x190/0x3f0 [ 1931.531729][ T8511] netlink_deliver_tap+0xabd/0xd30 [ 1931.531747][ T8511] netlink_unicast+0x64c/0x870 [ 1931.531764][ T8511] ? __pfx_netlink_unicast+0x10/0x10 [ 1931.531779][ T8511] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1931.531798][ T8511] netlink_sendmsg+0x8d1/0xdd0 [ 1931.531815][ T8511] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1931.531832][ T8511] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1931.531847][ T8511] ____sys_sendmsg+0xa98/0xc70 [ 1931.531859][ T8511] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1931.531869][ T8511] ? get_compat_msghdr+0x11a/0x170 [ 1931.531889][ T8511] ___sys_sendmsg+0x134/0x1d0 [ 1931.531904][ T8511] ? __pfx____sys_sendmsg+0x10/0x10 [ 1931.531925][ T8511] ? find_held_lock+0x2b/0x80 [ 1931.531944][ T8511] __sys_sendmsg+0x16d/0x220 [ 1931.531959][ T8511] ? __pfx___sys_sendmsg+0x10/0x10 [ 1931.531979][ T8511] ? rcu_is_watching+0x12/0xc0 [ 1931.531992][ T8511] __do_fast_syscall_32+0x7c/0x3a0 [ 1931.532009][ T8511] do_fast_syscall_32+0x32/0x80 [ 1931.532024][ T8511] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1931.532038][ T8511] RIP: 0023:0xf7f72579 [ 1931.532048][ T8511] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1931.532059][ T8511] RSP: 002b:00000000f548655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1931.532076][ T8511] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 1931.532083][ T8511] RDX: 000000000004c840 RSI: 0000000000000000 RDI: 0000000000000000 [ 1931.532090][ T8511] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1931.532096][ T8511] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1931.532103][ T8511] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1931.532116][ T8511] [ 1932.252303][ T8536] netlink: 68 bytes leftover after parsing attributes in process `syz.4.9697'. [ 1933.320673][ T8558] netlink: 68 bytes leftover after parsing attributes in process `syz.6.9703'. [ 1933.325621][ T8558] netlink: 40 bytes leftover after parsing attributes in process `syz.6.9703'. [ 1933.370499][ T8553] /dev/sr0: Can't open blockdev [ 1933.567705][ T8567] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9706'. [ 1933.590664][ T8567] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9706'. [ 1933.747674][ T8556] overlayfs: failed to resolve './file1': -2 [ 1934.527241][ T8576] netlink: 68 bytes leftover after parsing attributes in process `syz.5.9709'. [ 1936.126714][ T8597] FAULT_INJECTION: forcing a failure. [ 1936.126714][ T8597] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1936.137697][ T8597] CPU: 1 UID: 0 PID: 8597 Comm: syz.3.9713 Not tainted syzkaller #0 PREEMPT(full) [ 1936.137737][ T8597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1936.137747][ T8597] Call Trace: [ 1936.137756][ T8597] [ 1936.137764][ T8597] dump_stack_lvl+0x16c/0x1f0 [ 1936.137792][ T8597] should_fail_ex+0x512/0x640 [ 1936.137822][ T8597] _copy_to_user+0x32/0xd0 [ 1936.137840][ T8597] simple_read_from_buffer+0xcb/0x170 [ 1936.137860][ T8597] proc_fail_nth_read+0x197/0x240 [ 1936.137877][ T8597] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1936.137895][ T8597] ? rw_verify_area+0xcf/0x6c0 [ 1936.137912][ T8597] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1936.137957][ T8597] vfs_read+0x1e4/0xcf0 [ 1936.137980][ T8597] ? __pfx_vfs_read+0x10/0x10 [ 1936.137997][ T8597] ? find_held_lock+0x2b/0x80 [ 1936.138018][ T8597] ? __fget_files+0x20e/0x3c0 [ 1936.138042][ T8597] ksys_read+0x12a/0x250 [ 1936.138060][ T8597] ? __pfx_ksys_read+0x10/0x10 [ 1936.138077][ T8597] ? rcu_is_watching+0x12/0xc0 [ 1936.138097][ T8597] __do_fast_syscall_32+0x7c/0x3a0 [ 1936.138125][ T8597] do_fast_syscall_32+0x32/0x80 [ 1936.138150][ T8597] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1936.138258][ T8597] RIP: 0023:0xf7f35579 [ 1936.138321][ T8597] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1936.138342][ T8597] RSP: 002b:00000000f5446590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1936.138359][ T8597] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5446620 [ 1936.138369][ T8597] RDX: 000000000000000f RSI: 00000000f73c4ff4 RDI: 0000000000000000 [ 1936.138380][ T8597] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1936.138389][ T8597] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1936.138399][ T8597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1936.138465][ T8597] [ 1936.700397][ T8614] IPv4: Oversized IP packet from 172.20.20.24 [ 1936.707048][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 1936.710485][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 1936.986895][ T8620] netlink: 56 bytes leftover after parsing attributes in process `syz.5.9723'. [ 1939.963629][ T8677] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1941.206266][ T8695] netlink: 68 bytes leftover after parsing attributes in process `syz.4.9741'. [ 1941.901089][ T8699] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1941.907537][ T8699] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1941.910728][ T8699] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1941.920243][ T8699] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1941.985729][ T8699] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1942.050696][ T8699] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1942.061283][ T8704] overlayfs: failed to resolve './file1': -2 [ 1942.063712][ T8699] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1942.083006][ T8699] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1942.469694][ T8720] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1943.702464][ T8728] overlayfs: failed to resolve './file1': -2 [ 1943.905457][T21416] Bluetooth: hci1: command 0x0c1a tx timeout [ 1943.985417][T21416] Bluetooth: hci0: command 0x0c1a tx timeout [ 1943.988011][T21416] Bluetooth: hci2: command 0x040f tx timeout [ 1944.067377][ T5477] Bluetooth: hci3: command 0x0c1a tx timeout [ 1944.673783][ T8746] overlayfs: failed to resolve './file1': -2 [ 1944.839053][ T8751] tipc: Enabling of bearer rejected, failed to enable media [ 1945.109243][ T8757] netlink: 32 bytes leftover after parsing attributes in process `syz.5.9757'. [ 1945.388184][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 1945.388204][ T40] audit: type=1326 audit(1756525345.138:7399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8759 comm="syz.4.9759" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 1945.399844][ T40] audit: type=1326 audit(1756525345.138:7400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8759 comm="syz.4.9759" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 1945.408740][ T40] audit: type=1326 audit(1756525345.138:7401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8759 comm="syz.4.9759" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 1945.416965][ T40] audit: type=1326 audit(1756525345.138:7402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8759 comm="syz.4.9759" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 1945.424486][ T40] audit: type=1326 audit(1756525345.138:7403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8759 comm="syz.4.9759" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 1945.431750][ T40] audit: type=1326 audit(1756525345.138:7404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8759 comm="syz.4.9759" exe="/syz-executor" sig=0 arch=40000003 syscall=177 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 1945.441721][ T40] audit: type=1326 audit(1756525345.188:7405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8759 comm="syz.4.9759" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 1945.453141][ T40] audit: type=1326 audit(1756525345.188:7406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8759 comm="syz.4.9759" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 1945.463335][ T40] audit: type=1326 audit(1756525345.188:7407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8759 comm="syz.4.9759" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 1945.475914][ T40] audit: type=1326 audit(1756525345.188:7408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8759 comm="syz.4.9759" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 1945.550082][ T8762] netlink: 'syz.4.9759': attribute type 10 has an invalid length. [ 1945.557701][ T8762] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 1945.563243][ T8762] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 1945.569173][ T8762] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 1945.836765][ T8768] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1946.065299][ T5477] Bluetooth: hci0: command 0x0c1a tx timeout [ 1946.145385][ T5477] Bluetooth: hci3: command 0x0c1a tx timeout [ 1946.844772][ T8786] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9763'. [ 1946.876241][ T8779] /dev/sr0: Can't open blockdev [ 1946.985130][ T8788] netlink: 68 bytes leftover after parsing attributes in process `syz.6.9764'. [ 1948.149582][ T5477] Bluetooth: hci0: command 0x0c1a tx timeout [ 1948.225347][ T5477] Bluetooth: hci3: command 0x0c1a tx timeout [ 1948.449254][ T8793] tipc: Enabling of bearer rejected, failed to enable media [ 1948.465778][ T8793] mac80211_hwsim hwsim47 syzkaller0: entered promiscuous mode [ 1948.468445][ T8793] mac80211_hwsim hwsim47 syzkaller0: entered allmulticast mode [ 1952.242302][ T8843] tipc: Enabling of bearer rejected, failed to enable media [ 1952.373733][ T8849] netlink: 68 bytes leftover after parsing attributes in process `syz.3.9779'. [ 1954.695454][ T8882] tipc: Enabling of bearer rejected, failed to enable media [ 1954.699969][ T8882] syzkaller0: entered promiscuous mode [ 1954.702135][ T8882] syzkaller0: entered allmulticast mode [ 1955.134585][ T8893] netlink: 68 bytes leftover after parsing attributes in process `syz.5.9791'. [ 1955.184228][ T8895] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1955.535286][T13811] usb 11-1: new full-speed USB device number 11 using dummy_hcd [ 1955.686677][T13811] usb 11-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1955.690925][T13811] usb 11-1: config 0 interface 0 has no altsetting 0 [ 1955.694845][T13811] usb 11-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1955.698456][T13811] usb 11-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1955.701418][T13811] usb 11-1: Product: syz [ 1955.703117][T13811] usb 11-1: Manufacturer: syz [ 1955.721393][T13811] usb 11-1: SerialNumber: syz [ 1955.732853][T13811] usb 11-1: config 0 descriptor?? [ 1955.742723][T13811] usb 11-1: selecting invalid altsetting 0 [ 1955.971099][T13291] usb 11-1: USB disconnect, device number 11 [ 1956.060866][ T8906] udevd[8906]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1958.265381][T31493] usb 11-1: new high-speed USB device number 12 using dummy_hcd [ 1958.445370][T31493] usb 11-1: Using ep0 maxpacket: 8 [ 1958.449860][T31493] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1958.454906][T31493] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1958.460903][T31493] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1958.468608][T31493] usb 11-1: config 0 descriptor?? [ 1958.727094][T31493] iowarrior 11-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1959.285795][ T8946] "syz.6.9802" (8946) uses obsolete ecb(arc4) skcipher [ 1959.416299][ T8946] bridge1: entered promiscuous mode [ 1960.512762][ T8963] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1960.760125][ T8971] netlink: 'syz.3.9811': attribute type 4 has an invalid length. [ 1960.881720][ T8972] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9811'. [ 1960.904947][T13811] usb 11-1: USB disconnect, device number 12 [ 1960.907786][ C1] iowarrior 11-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19 [ 1962.089451][ T8992] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9815'. [ 1962.102252][ T8992] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1962.445038][ T9005] FAULT_INJECTION: forcing a failure. [ 1962.445038][ T9005] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1962.453061][ T9005] CPU: 1 UID: 0 PID: 9005 Comm: syz.6.9819 Not tainted syzkaller #0 PREEMPT(full) [ 1962.453078][ T9005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1962.453086][ T9005] Call Trace: [ 1962.453091][ T9005] [ 1962.453095][ T9005] dump_stack_lvl+0x16c/0x1f0 [ 1962.453117][ T9005] should_fail_ex+0x512/0x640 [ 1962.453136][ T9005] _copy_from_user+0x2e/0xd0 [ 1962.453155][ T9005] get_compat_msghdr+0xa7/0x170 [ 1962.453170][ T9005] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1962.453188][ T9005] ___sys_sendmsg+0x1ae/0x1d0 [ 1962.453205][ T9005] ? __pfx____sys_sendmsg+0x10/0x10 [ 1962.453226][ T9005] ? find_held_lock+0x2b/0x80 [ 1962.453246][ T9005] __sys_sendmsg+0x16d/0x220 [ 1962.453261][ T9005] ? __pfx___sys_sendmsg+0x10/0x10 [ 1962.453274][ T9005] ? __pfx_bpf_trace_run2+0x10/0x10 [ 1962.453294][ T9005] ? syscall_trace_enter+0x1cb/0x240 [ 1962.453312][ T9005] ? rcu_is_watching+0x12/0xc0 [ 1962.453325][ T9005] __do_fast_syscall_32+0x7c/0x3a0 [ 1962.453342][ T9005] do_fast_syscall_32+0x32/0x80 [ 1962.453357][ T9005] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1962.453371][ T9005] RIP: 0023:0xf7f72579 [ 1962.453380][ T9005] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1962.453392][ T9005] RSP: 002b:00000000f548655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1962.453403][ T9005] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 1962.453410][ T9005] RDX: 0000000004008000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1962.453416][ T9005] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1962.453423][ T9005] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1962.453429][ T9005] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1962.453442][ T9005] [ 1963.650943][ T9022] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1964.776684][ T9040] /dev/sr0: Can't open blockdev [ 1965.135294][T13811] usb 10-1: new high-speed USB device number 55 using dummy_hcd [ 1965.355276][T13811] usb 10-1: Using ep0 maxpacket: 16 [ 1965.359888][T13811] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1965.368132][T13811] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1965.372153][T13811] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1965.377289][T13811] usb 10-1: Product: syz [ 1965.379328][T13811] usb 10-1: Manufacturer: syz [ 1965.381433][T13811] usb 10-1: SerialNumber: syz [ 1965.390711][T13811] usb 10-1: config 0 descriptor?? [ 1965.400967][T13811] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1965.405299][T13811] em28xx 10-1:0.0: DVB interface 0 found: bulk [ 1966.039417][T13811] em28xx 10-1:0.0: unknown em28xx chip ID (0) [ 1966.539432][T13811] em28xx 10-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1966.548169][T13811] em28xx 10-1:0.0: board has no eeprom [ 1966.714132][ T9064] tipc: Trying to set illegal importance in message [ 1967.598463][ T9043] em28xx 10-1:0.0: writing to i2c device at 0x9560 failed (error=-5) [ 1967.666448][T13811] em28xx 10-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1967.747410][T13811] em28xx 10-1:0.0: dvb set to bulk mode. [ 1967.754164][T13811] usb 10-1: USB disconnect, device number 55 [ 1967.757385][T13811] em28xx 10-1:0.0: Disconnecting em28xx [ 1967.759247][T31127] em28xx 10-1:0.0: Binding DVB extension [ 1967.888905][T31127] em28xx 10-1:0.0: Registering input extension [ 1967.902212][T13811] em28xx 10-1:0.0: Closing input extension [ 1968.024300][T13811] em28xx 10-1:0.0: Freeing device [ 1970.144741][ T9112] overlayfs: failed to resolve './file1': -2 [ 1970.655454][ T9129] mac80211_hwsim hwsim47 syzkaller0: left promiscuous mode [ 1970.661716][ T9129] mac80211_hwsim hwsim47 syzkaller0: left allmulticast mode [ 1970.692077][ T9125] /dev/sr0: Can't open blockdev [ 1971.387748][ T9137] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1971.414370][ T9129] overlayfs: failed to resolve './file1': -2 [ 1972.702148][ T9154] bridge_slave_0: default FDB implementation only supports local addresses [ 1972.718261][ T9154] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9859'. [ 1972.944079][ T9108] Set syz1 is full, maxelem 65536 reached [ 1974.043348][ T9174] syzkaller0: entered promiscuous mode [ 1974.046823][ T9174] syzkaller0: entered allmulticast mode [ 1974.079376][ T9176] netlink: 68 bytes leftover after parsing attributes in process `syz.5.9864'. [ 1976.830670][ T9215] bridge_slave_0: default FDB implementation only supports local addresses [ 1976.848961][ T9215] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9876'. [ 1977.080855][ T9228] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1977.285072][ T9235] netlink: 68 bytes leftover after parsing attributes in process `syz.5.9882'. [ 1977.782272][ T9238] syzkaller0: entered promiscuous mode [ 1977.784580][ T9238] syzkaller0: entered allmulticast mode [ 1978.224066][ T9249] FAULT_INJECTION: forcing a failure. [ 1978.224066][ T9249] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1978.235732][ T9249] CPU: 0 UID: 0 PID: 9249 Comm: syz.6.9888 Not tainted syzkaller #0 PREEMPT(full) [ 1978.235767][ T9249] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1978.235778][ T9249] Call Trace: [ 1978.235785][ T9249] [ 1978.235793][ T9249] dump_stack_lvl+0x16c/0x1f0 [ 1978.235824][ T9249] should_fail_ex+0x512/0x640 [ 1978.235851][ T9249] _copy_from_iter+0x29f/0x1720 [ 1978.235883][ T9249] ? __alloc_skb+0x200/0x380 [ 1978.235908][ T9249] ? __pfx__copy_from_iter+0x10/0x10 [ 1978.235940][ T9249] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1978.235976][ T9249] netlink_sendmsg+0x829/0xdd0 [ 1978.236006][ T9249] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1978.236034][ T9249] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1978.236061][ T9249] ____sys_sendmsg+0xa98/0xc70 [ 1978.236078][ T9249] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1978.236091][ T9249] ? get_compat_msghdr+0x11a/0x170 [ 1978.236118][ T9249] ___sys_sendmsg+0x134/0x1d0 [ 1978.236139][ T9249] ? __pfx____sys_sendmsg+0x10/0x10 [ 1978.236167][ T9249] ? find_held_lock+0x2b/0x80 [ 1978.236195][ T9249] __sys_sendmsg+0x16d/0x220 [ 1978.236215][ T9249] ? __pfx___sys_sendmsg+0x10/0x10 [ 1978.236242][ T9249] ? rcu_is_watching+0x12/0xc0 [ 1978.236261][ T9249] __do_fast_syscall_32+0x7c/0x3a0 [ 1978.236283][ T9249] do_fast_syscall_32+0x32/0x80 [ 1978.236303][ T9249] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1978.236321][ T9249] RIP: 0023:0xf7f72579 [ 1978.236334][ T9249] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1978.236348][ T9249] RSP: 002b:00000000f548655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1978.236363][ T9249] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 1978.236373][ T9249] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1978.236381][ T9249] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1978.236390][ T9249] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1978.236398][ T9249] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1978.236416][ T9249] [ 1978.328155][ C0] vkms_vblank_simulate: vblank timer overrun [ 1979.236189][ T9267] netlink: 68 bytes leftover after parsing attributes in process `syz.5.9893'. [ 1980.870589][ T9287] /dev/sr0: Can't open blockdev [ 1980.871061][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 1980.909020][ T9298] fuse: Bad value for 'rootmode' [ 1982.952287][ T9328] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1982.961235][ C3] IPv4: Oversized IP packet from 172.20.20.170 [ 1982.963999][ C3] IPv4: Oversized IP packet from 172.20.20.170 [ 1982.969881][ C2] IPv4: Oversized IP packet from 172.20.20.170 [ 1982.976617][ C2] IPv4: Oversized IP packet from 172.20.20.170 [ 1982.980501][ C2] IPv4: Oversized IP packet from 172.20.20.170 [ 1982.981540][ C2] IPv4: Oversized IP packet from 172.20.20.170 [ 1982.990235][ C2] IPv4: Oversized IP packet from 172.20.20.170 [ 1982.994024][ C2] IPv4: Oversized IP packet from 172.20.20.170 [ 1982.997949][ C2] IPv4: Oversized IP packet from 172.20.20.170 [ 1984.233892][ T9361] 9pnet_fd: Insufficient options for proto=fd [ 1984.285764][ T9363] netlink: 236 bytes leftover after parsing attributes in process `syz.3.9923'. [ 1984.292637][ T9362] bridge0: port 1(bridge_slave_0) entered disabled state [ 1984.299124][ T9362] bridge0: port 2(bridge_slave_1) entered disabled state [ 1984.342285][ T9366] netlink: 28 bytes leftover after parsing attributes in process `syz.6.9922'. [ 1984.377573][ T9359] syz.3.9923: vmalloc error: size 67112960, failed to allocated page array size 131080, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1984.387458][ T9359] CPU: 1 UID: 0 PID: 9359 Comm: syz.3.9923 Not tainted syzkaller #0 PREEMPT(full) [ 1984.387476][ T9359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1984.387484][ T9359] Call Trace: [ 1984.387488][ T9359] [ 1984.387493][ T9359] dump_stack_lvl+0x16c/0x1f0 [ 1984.387516][ T9359] warn_alloc+0x248/0x3a0 [ 1984.387532][ T9359] ? __pfx_warn_alloc+0x10/0x10 [ 1984.387563][ T9359] ? nf_tables_newset+0x24f2/0x4310 [ 1984.387580][ T9359] ? __vmalloc_node_noprof+0xad/0xf0 [ 1984.387593][ T9359] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 1984.387609][ T9359] ? nf_tables_newset+0x24f2/0x4310 [ 1984.387627][ T9359] ? __lock_acquire+0x62e/0x1ce0 [ 1984.387645][ T9359] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1984.387664][ T9359] ? ___kmalloc_large_node+0xed/0x160 [ 1984.387700][ T9359] __kvmalloc_node_noprof+0x30a/0x620 [ 1984.387719][ T9359] ? nf_tables_newset+0x24f2/0x4310 [ 1984.387741][ T9359] ? net_generic+0xea/0x2a0 [ 1984.387762][ T9359] ? nf_tables_newset+0x24f2/0x4310 [ 1984.387783][ T9359] ? nft_hash_buckets+0x77/0xa0 [ 1984.387809][ T9359] ? nf_tables_newset+0x24f2/0x4310 [ 1984.387829][ T9359] ? __pfx_nft_hash_privsize+0x10/0x10 [ 1984.387851][ T9359] nf_tables_newset+0x24f2/0x4310 [ 1984.387887][ T9359] ? __pfx_nf_tables_newset+0x10/0x10 [ 1984.387912][ T9359] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1984.387943][ T9359] ? __nla_validate_parse+0x600/0x2880 [ 1984.387982][ T9359] ? __nla_parse+0x40/0x60 [ 1984.388005][ T9359] nfnetlink_rcv_batch+0x18ea/0x2330 [ 1984.388038][ T9359] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 1984.388061][ T9359] ? __local_bh_enable_ip+0xa4/0x120 [ 1984.388083][ T9359] ? __dev_queue_xmit+0xaf1/0x4490 [ 1984.388104][ T9359] ? __dev_queue_xmit+0xb12/0x4490 [ 1984.388136][ T9359] ? __pfx___dev_queue_xmit+0x10/0x10 [ 1984.388208][ T9359] ? __nla_parse+0x40/0x60 [ 1984.388231][ T9359] nfnetlink_rcv+0x3c1/0x430 [ 1984.388251][ T9359] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1984.388278][ T9359] netlink_unicast+0x5a7/0x870 [ 1984.388308][ T9359] ? __pfx_netlink_unicast+0x10/0x10 [ 1984.388334][ T9359] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1984.388366][ T9359] netlink_sendmsg+0x8d1/0xdd0 [ 1984.388395][ T9359] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1984.388424][ T9359] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1984.388450][ T9359] ____sys_sendmsg+0xa98/0xc70 [ 1984.388473][ T9359] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1984.388491][ T9359] ? get_compat_msghdr+0x11a/0x170 [ 1984.388526][ T9359] ___sys_sendmsg+0x134/0x1d0 [ 1984.388554][ T9359] ? __pfx____sys_sendmsg+0x10/0x10 [ 1984.388591][ T9359] ? find_held_lock+0x2b/0x80 [ 1984.388628][ T9359] __sys_sendmsg+0x16d/0x220 [ 1984.388654][ T9359] ? __pfx___sys_sendmsg+0x10/0x10 [ 1984.388684][ T9359] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 1984.388721][ T9359] ? rcu_is_watching+0x12/0xc0 [ 1984.388745][ T9359] __do_fast_syscall_32+0x7c/0x3a0 [ 1984.388776][ T9359] do_fast_syscall_32+0x32/0x80 [ 1984.388800][ T9359] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1984.388824][ T9359] RIP: 0023:0xf7f35579 [ 1984.388841][ T9359] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1984.388859][ T9359] RSP: 002b:00000000f544655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1984.388878][ T9359] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0 [ 1984.388890][ T9359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1984.388901][ T9359] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1984.388913][ T9359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1984.388923][ T9359] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1984.388948][ T9359] [ 1984.543287][ T9359] Mem-Info: [ 1984.544672][ T9359] active_anon:796 inactive_anon:372 isolated_anon:0 [ 1984.544672][ T9359] active_file:2626 inactive_file:4325 isolated_file:0 [ 1984.544672][ T9359] unevictable:1768 dirty:239 writeback:0 [ 1984.544672][ T9359] slab_reclaimable:6698 slab_unreclaimable:66009 [ 1984.544672][ T9359] mapped:22493 shmem:1787 pagetables:1536 [ 1984.544672][ T9359] sec_pagetables:348 bounce:0 [ 1984.544672][ T9359] kernel_misc_reclaimable:0 [ 1984.544672][ T9359] free:67731 free_pcp:1071 free_cma:0 [ 1984.569113][ T9359] Node 0 active_anon:420kB inactive_anon:476kB active_file:4780kB inactive_file:528kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:2676kB dirty:416kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7632kB pagetables:1236kB sec_pagetables:1192kB all_unreclaimable? yes Balloon:0kB [ 1984.581171][ T9359] Node 1 active_anon:2784kB inactive_anon:1000kB active_file:5884kB inactive_file:15772kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:87364kB dirty:640kB writeback:0kB shmem:3596kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6608kB pagetables:4900kB sec_pagetables:200kB all_unreclaimable? no Balloon:0kB [ 1984.593301][ T9359] Node 0 DMA free:2760kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1984.606825][ T9359] lowmem_reserve[]: 0 288 288 288 288 [ 1984.609515][ T9359] Node 0 DMA32 free:26664kB boost:10240kB min:23460kB low:26764kB high:30068kB reserved_highatomic:2048KB free_highatomic:12KB active_anon:420kB inactive_anon:476kB active_file:4780kB inactive_file:528kB unevictable:3536kB writepending:416kB present:1032196kB managed:295132kB mlocked:0kB bounce:0kB free_pcp:524kB local_pcp:56kB free_cma:0kB [ 1984.629964][ T9359] lowmem_reserve[]: 0 0 0 0 0 [ 1984.631565][ T9359] Node 1 DMA32 free:242608kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:984kB inactive_anon:2848kB active_file:3508kB inactive_file:17900kB unevictable:3536kB writepending:640kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:3784kB local_pcp:872kB free_cma:0kB [ 1984.644148][ T9359] lowmem_reserve[]: 0 0 0 0 0 [ 1984.646675][ T9359] Node 0 DMA: 58*4kB (UM) 22*8kB (UM) 11*16kB (UM) 8*32kB (UM) 2*64kB (UM) 0*128kB 1*256kB (M) 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 2760kB [ 1984.653056][ T9359] Node 0 DMA32: 449*4kB (UMEH) 353*8kB (UME) 198*16kB (UME) 171*32kB (UME) 77*64kB (UME) 34*128kB (UME) 12*256kB (UME) 2*512kB (UE) 0*1024kB 0*2048kB 0*4096kB = 26636kB [ 1984.660495][ T9359] Node 1 DMA32: 1303*4kB (ME) 1013*8kB (ME) 766*16kB (UME) 626*32kB (UME) 646*64kB (UME) 237*128kB (UME) 137*256kB (UME) 95*512kB (UME) 40*1024kB (UME) 0*2048kB 0*4096kB = 241956kB [ 1984.670152][ T9359] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1984.674540][ T9359] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1984.678791][ T9359] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1984.686814][ T9359] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1984.690872][ T9359] 9284 total pagecache pages [ 1984.692924][ T9359] 736 pages in swap cache [ 1984.695322][ T9359] Free swap = 79036kB [ 1984.696861][ T9359] Total swap = 124996kB [ 1984.699584][ T9359] 524155 pages RAM [ 1984.702329][ T9359] 0 pages HighMem/MovableOnly [ 1984.704977][ T9359] 209477 pages reserved [ 1984.711633][ T9359] 0 pages cma reserved [ 1985.312835][ T840] usb 9-1: new high-speed USB device number 35 using dummy_hcd [ 1985.465635][ T840] usb 9-1: Using ep0 maxpacket: 16 [ 1985.754580][ T840] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1985.759767][ T840] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1985.811660][ T9397] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9933'. [ 1986.270947][ T840] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1986.301733][ T840] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1986.306290][ T840] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1986.309715][ T840] usb 9-1: Product: ည [ 1986.312171][ T840] usb 9-1: Manufacturer: ⷍ짣꨿냡䌾쌂躩賾㪏⌉ῲꍊ措缓⮰潶ᧉ컴─崭㢪⬚콵夑葩褟埚䇔芒ㇳ㣕︨¿໘㡺泒熉ৌ辛쓱睹璱꛵⥫蠗薏⳴ᡥ騵䖯篿ᡙ멖㞖홫甅 [ 1986.732950][ T840] usb 9-1: 0:2 : does not exist [ 1986.743230][ T840] usb 9-1: USB disconnect, device number 35 [ 1986.857858][ T9379] udevd[9379]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1987.038008][ T9434] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9940'. [ 1987.755005][ T9449] bridge_slave_0: default FDB implementation only supports local addresses [ 1988.486823][ T9452] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9946'. [ 1988.494530][ T9455] FAULT_INJECTION: forcing a failure. [ 1988.494530][ T9455] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1988.501504][ T9455] CPU: 2 UID: 0 PID: 9455 Comm: syz.5.9947 Not tainted syzkaller #0 PREEMPT(full) [ 1988.501521][ T9455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1988.501528][ T9455] Call Trace: [ 1988.501532][ T9455] [ 1988.501537][ T9455] dump_stack_lvl+0x16c/0x1f0 [ 1988.501557][ T9455] should_fail_ex+0x512/0x640 [ 1988.501575][ T9455] _copy_to_user+0x32/0xd0 [ 1988.501587][ T9455] simple_read_from_buffer+0xcb/0x170 [ 1988.501600][ T9455] proc_fail_nth_read+0x197/0x240 [ 1988.501613][ T9455] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1988.501626][ T9455] ? rw_verify_area+0xcf/0x6c0 [ 1988.501637][ T9455] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1988.501649][ T9455] vfs_read+0x1e4/0xcf0 [ 1988.501664][ T9455] ? __pfx_vfs_read+0x10/0x10 [ 1988.501675][ T9455] ? find_held_lock+0x2b/0x80 [ 1988.501690][ T9455] ? __fget_files+0x20e/0x3c0 [ 1988.501705][ T9455] ksys_read+0x12a/0x250 [ 1988.501717][ T9455] ? __pfx_ksys_read+0x10/0x10 [ 1988.501731][ T9455] ? rcu_is_watching+0x12/0xc0 [ 1988.501744][ T9455] __do_fast_syscall_32+0x7c/0x3a0 [ 1988.501761][ T9455] do_fast_syscall_32+0x32/0x80 [ 1988.501776][ T9455] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1988.501790][ T9455] RIP: 0023:0xf7fe4579 [ 1988.501799][ T9455] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1988.501810][ T9455] RSP: 002b:00000000f54f6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1988.501821][ T9455] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f54f6620 [ 1988.501828][ T9455] RDX: 000000000000000f RSI: 00000000f7474ff4 RDI: 0000000000000000 [ 1988.501834][ T9455] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1988.501841][ T9455] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1988.501847][ T9455] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1988.501860][ T9455] [ 1988.624273][ T9458] syzkaller1: entered promiscuous mode [ 1988.629358][ T9458] syzkaller1: entered allmulticast mode [ 1989.748357][ T9478] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9954'. [ 1989.752154][ T9478] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9954'. [ 1989.960986][ T9487] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9957'. [ 1990.181288][ T9497] netem: change failed [ 1990.277000][ T9501] bridge_slave_0: default FDB implementation only supports local addresses [ 1990.411251][ T9506] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9962'. [ 1990.571657][ T9509] netlink: 56 bytes leftover after parsing attributes in process `syz.5.9963'. [ 1992.169518][ T9542] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9971'. [ 1993.198996][ T9551] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1993.201141][ T9551] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1993.207120][ T9551] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1993.211958][ T9551] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1993.470438][ T9561] IPv6: Can't replace route, no match found [ 1994.068130][ T9565] FAULT_INJECTION: forcing a failure. [ 1994.068130][ T9565] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1994.074246][ T9565] CPU: 2 UID: 0 PID: 9565 Comm: syz.3.9978 Not tainted syzkaller #0 PREEMPT(full) [ 1994.074278][ T9565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1994.074291][ T9565] Call Trace: [ 1994.074300][ T9565] [ 1994.074309][ T9565] dump_stack_lvl+0x16c/0x1f0 [ 1994.074347][ T9565] should_fail_ex+0x512/0x640 [ 1994.074381][ T9565] _copy_from_iter+0x29f/0x1720 [ 1994.074416][ T9565] ? __alloc_skb+0x200/0x380 [ 1994.074456][ T9565] ? __pfx__copy_from_iter+0x10/0x10 [ 1994.074489][ T9565] ? __pfx___might_resched+0x10/0x10 [ 1994.074521][ T9565] netlink_sendmsg+0x829/0xdd0 [ 1994.074555][ T9565] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1994.074609][ T9565] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1994.074637][ T9565] ____sys_sendmsg+0xa98/0xc70 [ 1994.074662][ T9565] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1994.074683][ T9565] ? get_compat_msghdr+0x11a/0x170 [ 1994.074712][ T9565] ___sys_sendmsg+0x134/0x1d0 [ 1994.074737][ T9565] ? __pfx____sys_sendmsg+0x10/0x10 [ 1994.074770][ T9565] ? find_held_lock+0x2b/0x80 [ 1994.074803][ T9565] __sys_sendmsg+0x16d/0x220 [ 1994.074832][ T9565] ? __pfx___sys_sendmsg+0x10/0x10 [ 1994.074865][ T9565] ? rcu_is_watching+0x12/0xc0 [ 1994.074887][ T9565] __do_fast_syscall_32+0x7c/0x3a0 [ 1994.074914][ T9565] do_fast_syscall_32+0x32/0x80 [ 1994.074937][ T9565] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1994.074957][ T9565] RIP: 0023:0xf7f35579 [ 1994.074973][ T9565] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1994.074989][ T9565] RSP: 002b:00000000f544655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1994.075008][ T9565] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 1994.075018][ T9565] RDX: 0000000024044040 RSI: 0000000000000000 RDI: 0000000000000000 [ 1994.075030][ T9565] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1994.075039][ T9565] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1994.075049][ T9565] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1994.075070][ T9565] [ 1995.195480][ T5477] Bluetooth: hci1: command 0x0c1a tx timeout [ 1995.275693][ T5477] Bluetooth: hci3: command 0x0c1a tx timeout [ 1995.275895][T21416] Bluetooth: hci0: command 0x0c1a tx timeout [ 1995.278255][ T5477] Bluetooth: hci2: command 0x040f tx timeout [ 1995.498395][ T9583] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002 [ 1996.618633][ T9598] netlink: 'syz.3.9987': attribute type 4 has an invalid length. [ 1996.622389][ T9598] netlink: 17 bytes leftover after parsing attributes in process `syz.3.9987'. [ 1996.711964][ T9600] netlink: 68 bytes leftover after parsing attributes in process `syz.6.9986'. [ 1998.189515][ T9630] FAULT_INJECTION: forcing a failure. [ 1998.189515][ T9630] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1998.194974][ T9630] CPU: 2 UID: 0 PID: 9630 Comm: syz.5.9996 Not tainted syzkaller #0 PREEMPT(full) [ 1998.194993][ T9630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1998.195000][ T9630] Call Trace: [ 1998.195005][ T9630] [ 1998.195011][ T9630] dump_stack_lvl+0x16c/0x1f0 [ 1998.195031][ T9630] should_fail_ex+0x512/0x640 [ 1998.195050][ T9630] should_fail_alloc_page+0xe7/0x130 [ 1998.195067][ T9630] prepare_alloc_pages+0x3c2/0x610 [ 1998.195085][ T9630] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1998.195099][ T9630] ? is_bpf_text_address+0x8a/0x1a0 [ 1998.195113][ T9630] ? bpf_ksym_find+0x124/0x1c0 [ 1998.195124][ T9630] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1998.195138][ T9630] ? is_bpf_text_address+0x94/0x1a0 [ 1998.195151][ T9630] ? kernel_text_address+0x8d/0x100 [ 1998.195162][ T9630] ? __kernel_text_address+0xd/0x40 [ 1998.195188][ T9630] ? unwind_get_return_address+0x59/0xa0 [ 1998.195202][ T9630] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1998.195218][ T9630] ? __lock_acquire+0x62e/0x1ce0 [ 1998.195234][ T9630] ? __pfx_stack_trace_save+0x10/0x10 [ 1998.195248][ T9630] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1998.195266][ T9630] ? policy_nodemask+0xea/0x4e0 [ 1998.195281][ T9630] alloc_pages_mpol+0x1fb/0x550 [ 1998.195297][ T9630] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1998.195312][ T9630] ? __lock_acquire+0x62e/0x1ce0 [ 1998.195327][ T9630] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1998.195345][ T9630] vma_alloc_folio_noprof+0xed/0x1e0 [ 1998.195361][ T9630] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1998.195381][ T9630] do_pte_missing+0x2230/0x3ba0 [ 1998.195394][ T9630] ? find_held_lock+0x2b/0x80 [ 1998.195408][ T9630] __handle_mm_fault+0x152a/0x2a50 [ 1998.195435][ T9630] ? mt_find+0x3ef/0xa30 [ 1998.195452][ T9630] ? __pfx___handle_mm_fault+0x10/0x10 [ 1998.195462][ T9630] ? __pfx_mt_find+0x10/0x10 [ 1998.195485][ T9630] ? find_vma+0xbf/0x140 [ 1998.195498][ T9630] ? __pfx_find_vma+0x10/0x10 [ 1998.195514][ T9630] handle_mm_fault+0x589/0xd10 [ 1998.195526][ T9630] ? __bpf_trace_exceptions+0x1/0x40 [ 1998.195543][ T9630] do_user_addr_fault+0x7a6/0x1370 [ 1998.195562][ T9630] ? rcu_is_watching+0x12/0xc0 [ 1998.195575][ T9630] exc_page_fault+0x5c/0xb0 [ 1998.195589][ T9630] asm_exc_page_fault+0x26/0x30 [ 1998.195600][ T9630] RIP: 0010:_copy_to_iter+0x37e/0x1710 [ 1998.195688][ T9630] Code: fc 4d 85 f6 0f 85 52 ff ff ff e8 cd da db fc 4c 8b 74 24 18 89 de 4c 89 f7 e8 0e 45 41 fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 f6 a4 0f 1f 00 48 89 cd 0f 01 ca 49 89 df 49 29 cf e9 22 ff ff ff [ 1998.195701][ T9630] RSP: 0018:ffffc90003aefb00 EFLAGS: 00050246 [ 1998.195712][ T9630] RAX: 0000000000000001 RBX: 0000000000000fee RCX: 0000000000000fee [ 1998.195719][ T9630] RDX: ffffed10048899fe RSI: ffff88802444c000 RDI: 0000000080002240 [ 1998.195726][ T9630] RBP: 0000000080002240 R08: 0000000000000000 R09: ffffed10048899fd [ 1998.195733][ T9630] R10: ffff88802444cfed R11: 0000000000000000 R12: ffffc90003aefd88 [ 1998.195740][ T9630] R13: 000000008000322e R14: ffff88802444c000 R15: 00007ffffffff000 [ 1998.195763][ T9630] ? kasan_quarantine_put+0x10a/0x240 [ 1998.195780][ T9630] ? __pfx__copy_to_iter+0x10/0x10 [ 1998.195791][ T9630] ? kfree+0x2b4/0x4d0 [ 1998.195802][ T9630] ? seq_put_decimal_ull_width+0x1db/0x3a0 [ 1998.195815][ T9630] ? vmstat_stop+0x33/0x70 [ 1998.195836][ T9630] seq_read_iter+0xcf8/0x12c0 [ 1998.195854][ T9630] proc_reg_read_iter+0x21d/0x310 [ 1998.195871][ T9630] vfs_read+0x8bc/0xcf0 [ 1998.195889][ T9630] ? __pfx_vfs_read+0x10/0x10 [ 1998.195900][ T9630] ? find_held_lock+0x2b/0x80 [ 1998.195922][ T9630] ksys_read+0x12a/0x250 [ 1998.195934][ T9630] ? __pfx_ksys_read+0x10/0x10 [ 1998.195948][ T9630] ? rcu_is_watching+0x12/0xc0 [ 1998.195962][ T9630] __do_fast_syscall_32+0x7c/0x3a0 [ 1998.195981][ T9630] do_fast_syscall_32+0x32/0x80 [ 1998.195997][ T9630] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1998.196012][ T9630] RIP: 0023:0xf7fe4579 [ 1998.196022][ T9630] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1998.196032][ T9630] RSP: 002b:00000000f54f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 1998.196043][ T9630] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002240 [ 1998.196050][ T9630] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000 [ 1998.196056][ T9630] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1998.196062][ T9630] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1998.196068][ T9630] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1998.196082][ T9630] [ 1999.202099][ T9649] netlink: 3 bytes leftover after parsing attributes in process `syz.6.10001'. [ 1999.937643][ T9661] overlayfs: missing 'lowerdir' [ 2001.385517][ T9688] netlink: 56 bytes leftover after parsing attributes in process `syz.5.10010'. [ 2002.405935][ T9697] mkiss: ax0: crc mode is auto. [ 2003.772197][ T9704] overlayfs: missing 'lowerdir' [ 2005.197689][ T9724] 9pnet: Could not find request transport: f [ 2006.705582][ T9727] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 2006.708750][ T5477] Bluetooth: hci1: command 0x0c1a tx timeout [ 2007.101741][ T9727] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 2007.107908][ T9727] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2007.110980][ T9727] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 2007.345383][T22605] usb 11-1: new high-speed USB device number 13 using dummy_hcd [ 2007.495466][T22605] usb 11-1: Using ep0 maxpacket: 8 [ 2007.500110][T22605] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2007.503671][T22605] usb 11-1: config 0 has no interfaces? [ 2007.508694][T22605] usb 11-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 2007.512826][T22605] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2007.515999][T22605] usb 11-1: Product: syz [ 2007.517652][T22605] usb 11-1: Manufacturer: syz [ 2007.519569][T22605] usb 11-1: SerialNumber: syz [ 2007.522701][T22605] usb 11-1: config 0 descriptor?? [ 2008.715942][ T9769] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10033'. [ 2008.785766][ T5477] Bluetooth: hci2: command 0x040f tx timeout [ 2009.185686][T21416] Bluetooth: hci0: command 0x0c1a tx timeout [ 2009.188823][ T5477] Bluetooth: hci3: command 0x0c1a tx timeout [ 2009.199839][ T8420] usb 11-1: USB disconnect, device number 13 [ 2009.254037][ T9777] tc_dump_action: action bad kind [ 2010.503518][T21416] block nbd0: Receive control failed (result -107) [ 2011.264996][ T9833] infiniband syz!: set active [ 2011.267059][ T9833] infiniband syz!: added team_slave_0 [ 2011.308881][ T9833] RDS/IB: syz!: added [ 2011.310551][ T9833] smc: adding ib device syz! with port count 1 [ 2011.314438][ T9833] smc: ib device syz! port 1 has pnetid [ 2011.666384][T13703] usb 9-1: new high-speed USB device number 36 using dummy_hcd [ 2011.824381][T13703] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2011.828035][T13703] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2011.831443][T13703] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 2011.834961][T13703] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2011.841269][T13703] usb 9-1: config 0 descriptor?? [ 2012.259586][T13703] cp2112 0003:10C4:EA90.0012: unknown main item tag 0x0 [ 2012.270741][T13703] cp2112 0003:10C4:EA90.0012: hidraw1: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 2012.458329][T13703] cp2112 0003:10C4:EA90.0012: Part Number: 0x82 Device Version: 0xFE [ 2012.965296][ T9852] comedi comedi3: reset error (fatal) [ 2013.068040][T13703] cp2112 0003:10C4:EA90.0012: error reading lock byte: -71 [ 2013.091329][T13703] usb 9-1: USB disconnect, device number 36 [ 2013.435454][T22605] usb 10-1: new high-speed USB device number 56 using dummy_hcd [ 2013.606987][T22605] usb 10-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 2013.613307][T22605] usb 10-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0xC2, changing to 0x82 [ 2013.626787][T22605] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2013.631460][T22605] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2013.637902][T22605] usb 10-1: Product: syz [ 2013.639721][T22605] usb 10-1: Manufacturer: syz [ 2013.641740][T22605] usb 10-1: SerialNumber: syz [ 2013.656934][T22605] cdc_ncm 10-1:1.0: skipping garbage [ 2013.975800][ T9867] netlink: 'syz.4.10062': attribute type 10 has an invalid length. [ 2014.074146][ T9858] misc userio: Invalid payload size [ 2014.696218][T22605] cdc_ncm 10-1:1.0: bind() failure [ 2014.716905][T22605] cdc_ncm 10-1:1.1: CDC Union missing and no IAD found [ 2014.726014][T22605] cdc_ncm 10-1:1.1: bind() failure [ 2014.909970][T31493] usb 10-1: USB disconnect, device number 56 [ 2016.247297][ T9927] ubi: mtd0 is already attached to ubi31 [ 2017.392411][ T9940] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10082'. [ 2017.690024][ T9928] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2018.352320][T13655] IPVS: starting estimator thread 0... [ 2018.435654][ T9954] IPVS: using max 43 ests per chain, 103200 per kthread [ 2019.286138][ T9980] comedi comedi3: pcl726: I/O port conflict (0x4f27,16) [ 2019.742879][T21416] Bluetooth: hci2: Malformed MSFT vendor event: 0x02 [ 2020.811558][ T9999] netlink: 84 bytes leftover after parsing attributes in process `syz.5.10100'. [ 2020.857128][T21416] block nbd6: Receive control failed (result -107) [ 2020.916016][ T9997] ------------[ cut here ]------------ [ 2020.918473][ T9997] WARNING: CPU: 3 PID: 9997 at fs/buffer.c:1125 __getblk_slow+0x4cc/0x560 [ 2020.921573][ T9997] Modules linked in: [ 2020.927003][ T9997] CPU: 3 UID: 0 PID: 9997 Comm: syz.6.10099 Not tainted syzkaller #0 PREEMPT(full) [ 2020.932276][ T9997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 2020.938676][ T9997] RIP: 0010:__getblk_slow+0x4cc/0x560 [ 2020.941234][ T9997] Code: c0 8b 48 89 df e8 24 01 bc ff 90 0f 0b e8 bc 47 74 ff 48 c7 c6 60 56 c0 8b 48 89 df e8 0d 01 bc ff 90 0f 0b e8 a5 47 74 ff 90 <0f> 0b 90 8b 74 24 0c 89 ea 48 c7 c7 c0 57 c0 8b 31 db e8 9d 12 53 [ 2020.949604][ T9997] RSP: 0018:ffffc90004a5f7d0 EFLAGS: 00010287 [ 2020.952394][ T9997] RAX: 0000000000001ecc RBX: 0000000000000200 RCX: ffffc9002741a000 [ 2020.955624][ T9997] RDX: 0000000000080000 RSI: ffffffff8246c0fb RDI: 0000000000000005 [ 2020.959005][ T9997] RBP: 0000000000000400 R08: 0000000000000005 R09: 0000000000000000 [ 2020.962215][ T9997] R10: 0000000000000200 R11: 0000000000000000 R12: ffff88801e02c500 [ 2020.964878][ T9997] R13: 0000000000000100 R14: 0000000000000200 R15: ffff88801e02c500 [ 2020.967646][ T9997] FS: 0000000000000000(0000) GS:ffff8880977c0000(0063) knlGS:00000000f5486b40 [ 2020.970766][ T9997] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 2020.972932][ T9997] CR2: 0000000080002000 CR3: 000000007609c000 CR4: 0000000000352ef0 [ 2020.975632][ T9997] DR0: ffffffffffffffff DR1: 000000000000008d DR2: 0000000020000008 [ 2020.978916][ T9997] DR3: 0000000000007fff DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 2020.981441][ T9997] Call Trace: [ 2020.982586][ T9997] [ 2020.983540][ T9997] ? __pfx___might_resched+0x10/0x10 [ 2020.985439][ T9997] bdev_getblk+0xd4/0xe0 [ 2020.986834][ T9997] __bread_gfp+0x86/0x3c0 [ 2020.988354][ T9997] udf_read_tagged+0xae/0x740 [ 2020.989863][ T9997] udf_check_anchor_block+0x89/0x4b0 [ 2020.991520][ T9997] ? udf_get_last_block+0x1ce/0x2a0 [ 2020.993585][ T9997] ? __pfx_udf_check_anchor_block+0x10/0x10 [ 2020.995975][ T9997] udf_load_vrs+0x3b8/0x1070 [ 2020.997719][ T9997] ? __pfx_udf_load_vrs+0x10/0x10 [ 2020.999392][ T9997] ? __pfx_udf_get_last_session+0x10/0x10 [ 2021.001461][ T9997] ? lockdep_init_map_type+0x5c/0x280 [ 2021.003186][ T9997] udf_fill_super+0x791/0x1df0 [ 2021.004925][ T9997] ? __pfx_udf_fill_super+0x10/0x10 [ 2021.006845][ T9997] ? do_raw_spin_lock+0x12c/0x2b0 [ 2021.008506][ T9997] ? find_held_lock+0x2b/0x80 [ 2021.010191][ T9997] ? sb_set_blocksize+0x176/0x1d0 [ 2021.012181][ T9997] ? setup_bdev_super+0x369/0x730 [ 2021.014272][ T9997] get_tree_bdev_flags+0x38c/0x620 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2021.016181][ T9997] ? __pfx_udf_fill_super+0x10/0x10 [ 2021.018238][ T9997] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 2021.020242][ T9997] ? apparmor_capable+0x114/0x1d0 [ 2021.021937][ T9997] ? bpf_lsm_capable+0x9/0x10 [ 2021.023551][ T9997] ? security_capable+0x7e/0x260 [ 2021.025232][ T9997] vfs_get_tree+0x8b/0x340 [ 2021.026642][ T9997] path_mount+0x1513/0x2000 [ 2021.028074][ T9997] ? __pfx_path_mount+0x10/0x10 [ 2021.029709][ T9997] ? kmem_cache_free+0x2d1/0x4d0 [ 2021.031351][ T9997] ? putname+0x154/0x1a0 [ 2021.033334][ T9997] ? getname_flags.part.0+0x1c5/0x550 [ 2021.035550][ T9997] ? __ia32_sys_mount+0x28b/0x310 [ 2021.037106][ T9997] __ia32_sys_mount+0x28b/0x310 [ 2021.038729][ T9997] ? __pfx___ia32_sys_mount+0x10/0x10 [ 2021.041079][ T9997] ? rcu_is_watching+0x12/0xc0 [ 2021.042593][ T9997] __do_fast_syscall_32+0x7c/0x3a0 [ 2021.044394][ T9997] do_fast_syscall_32+0x32/0x80 [ 2021.046067][ T9997] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2021.048110][ T9997] RIP: 0023:0xf7f72579 [ 2021.049415][ T9997] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 2021.055618][ T9997] RSP: 002b:00000000f548655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 2021.058495][ T9997] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000080004a00 [ 2021.061422][ T9997] RDX: 0000000080000080 RSI: 0000000002008087 RDI: 0000000000000000 [ 2021.063881][ T9997] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2021.066739][ T9997] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 2021.069621][ T9997] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2021.073211][ T9997] [ 2021.074847][ T9997] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 2021.077203][ T9997] CPU: 3 UID: 0 PID: 9997 Comm: syz.6.10099 Not tainted syzkaller #0 PREEMPT(full) [ 2021.080449][ T9997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 2021.084171][ T9997] Call Trace: [ 2021.085279][ T9997] [ 2021.086273][ T9997] dump_stack_lvl+0x3d/0x1f0 [ 2021.087959][ T9997] vpanic+0x6e8/0x7a0 [ 2021.089522][ T9997] ? __pfx_vpanic+0x10/0x10 [ 2021.091084][ T9997] ? __getblk_slow+0x4cc/0x560 [ 2021.092594][ T9997] panic+0xca/0xd0 [ 2021.093920][ T9997] ? __pfx_panic+0x10/0x10 [ 2021.095425][ T9997] check_panic_on_warn+0xab/0xb0 [ 2021.096949][ T9997] __warn+0xf6/0x3c0 [ 2021.098161][ T9997] ? __getblk_slow+0x4cc/0x560 [ 2021.099650][ T9997] report_bug+0x3c3/0x580 [ 2021.101138][ T9997] ? __getblk_slow+0x4cc/0x560 [ 2021.102757][ T9997] handle_bug+0x184/0x210 [ 2021.104184][ T9997] exc_invalid_op+0x17/0x50 [ 2021.105761][ T9997] asm_exc_invalid_op+0x1a/0x20 [ 2021.107899][ T9997] RIP: 0010:__getblk_slow+0x4cc/0x560 [ 2021.110315][ T9997] Code: c0 8b 48 89 df e8 24 01 bc ff 90 0f 0b e8 bc 47 74 ff 48 c7 c6 60 56 c0 8b 48 89 df e8 0d 01 bc ff 90 0f 0b e8 a5 47 74 ff 90 <0f> 0b 90 8b 74 24 0c 89 ea 48 c7 c7 c0 57 c0 8b 31 db e8 9d 12 53 [ 2021.116429][ T9997] RSP: 0018:ffffc90004a5f7d0 EFLAGS: 00010287 [ 2021.118351][ T9997] RAX: 0000000000001ecc RBX: 0000000000000200 RCX: ffffc9002741a000 [ 2021.120728][ T9997] RDX: 0000000000080000 RSI: ffffffff8246c0fb RDI: 0000000000000005 [ 2021.123165][ T9997] RBP: 0000000000000400 R08: 0000000000000005 R09: 0000000000000000 [ 2021.125832][ T9997] R10: 0000000000000200 R11: 0000000000000000 R12: ffff88801e02c500 [ 2021.128344][ T9997] R13: 0000000000000100 R14: 0000000000000200 R15: ffff88801e02c500 [ 2021.130840][ T9997] ? __getblk_slow+0x4cb/0x560 [ 2021.132330][ T9997] ? __pfx___might_resched+0x10/0x10 [ 2021.134165][ T9997] bdev_getblk+0xd4/0xe0 [ 2021.135768][ T9997] __bread_gfp+0x86/0x3c0 [ 2021.137491][ T9997] udf_read_tagged+0xae/0x740 [ 2021.139774][ T9997] udf_check_anchor_block+0x89/0x4b0 [ 2021.142303][ T9997] ? udf_get_last_block+0x1ce/0x2a0 [ 2021.144115][ T9997] ? __pfx_udf_check_anchor_block+0x10/0x10 [ 2021.146179][ T9997] udf_load_vrs+0x3b8/0x1070 [ 2021.147605][ T9997] ? __pfx_udf_load_vrs+0x10/0x10 [ 2021.149226][ T9997] ? __pfx_udf_get_last_session+0x10/0x10 [ 2021.151072][ T9997] ? lockdep_init_map_type+0x5c/0x280 [ 2021.152993][ T9997] udf_fill_super+0x791/0x1df0 [ 2021.154641][ T9997] ? __pfx_udf_fill_super+0x10/0x10 [ 2021.156533][ T9997] ? do_raw_spin_lock+0x12c/0x2b0 [ 2021.158218][ T9997] ? find_held_lock+0x2b/0x80 [ 2021.159752][ T9997] ? sb_set_blocksize+0x176/0x1d0 [ 2021.161713][ T9997] ? setup_bdev_super+0x369/0x730 [ 2021.163437][ T9997] get_tree_bdev_flags+0x38c/0x620 [ 2021.165017][ T9997] ? __pfx_udf_fill_super+0x10/0x10 [ 2021.166840][ T9997] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 2021.169052][ T9997] ? apparmor_capable+0x114/0x1d0 [ 2021.170829][ T9997] ? bpf_lsm_capable+0x9/0x10 [ 2021.172632][ T9997] ? security_capable+0x7e/0x260 [ 2021.174363][ T9997] vfs_get_tree+0x8b/0x340 [ 2021.176038][ T9997] path_mount+0x1513/0x2000 [ 2021.177641][ T9997] ? __pfx_path_mount+0x10/0x10 [ 2021.179250][ T9997] ? kmem_cache_free+0x2d1/0x4d0 [ 2021.180857][ T9997] ? putname+0x154/0x1a0 [ 2021.182416][ T9997] ? getname_flags.part.0+0x1c5/0x550 [ 2021.184410][ T9997] ? __ia32_sys_mount+0x28b/0x310 [ 2021.186505][ T9997] __ia32_sys_mount+0x28b/0x310 [ 2021.188356][ T9997] ? __pfx___ia32_sys_mount+0x10/0x10 [ 2021.190103][ T9997] ? rcu_is_watching+0x12/0xc0 [ 2021.191582][ T9997] __do_fast_syscall_32+0x7c/0x3a0 [ 2021.193467][ T9997] do_fast_syscall_32+0x32/0x80 [ 2021.195160][ T9997] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2021.197517][ T9997] RIP: 0023:0xf7f72579 [ 2021.198875][ T9997] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 2021.205392][ T9997] RSP: 002b:00000000f548655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 2021.208542][ T9997] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000080004a00 [ 2021.211449][ T9997] RDX: 0000000080000080 RSI: 0000000002008087 RDI: 0000000000000000 [ 2021.213945][ T9997] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2021.216390][ T9997] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 2021.219288][ T9997] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2021.222420][ T9997] [ 2021.224635][ T9997] Kernel Offset: disabled [ 2021.226461][ T9997] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:43:40 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000007 RBX=0000000000000000 RCX=ffff888012647d8c RDX=0000000000000000 RSI=ffffffff896728d0 RDI=0000000000000001 RBP=ffff88806006fc00 RSP=ffffc90004f57768 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=ffffc90004f57d68 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff89672931 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880974c0000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080f10018 CR3=0000000049dd4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7484ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000001000008fb RBX=0000000000000001 RCX=0000000000000830 RDX=0000000000000001 RSI=00000000000000fb RDI=0000000000000001 RBP=ffffc900030cfb20 RSP=ffffc900030cfa00 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000000000000 R13=1ffff92000619f43 R14=1ffff92000619f01 R15=0000000000000000 RIP=ffffffff81695748 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880975c0000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7193b20 CR3=000000005383b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=95c00a8abb08b100 RBX=ffffffff8e5c10a0 RCX=ffffc900032bfaec RDX=0000000000000002 RSI=ffffffff8de27e2d RDI=ffffffff8c162d80 RBP=0000000000000188 RSP=ffffc900032bfae0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffffffff8b5deb35 R13=0000000000000202 R14=ffff88805d7ac880 R15=0000000000000003 RIP=ffffffff81975b43 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976c0000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000558b5ac65f40 CR3=0000000078e74000 CR4=00352ef0 DR0=ffffffffffffffff DR1=000000000000008d DR2=0000000020000008 DR3=0000000000007fff DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=a14f44e8677463ec 051a44c49ffe04c7 a14f44e8677463ec 051a44c49ffe04c7 a14f44e8677463ec 051a44c49ffe04c7 a14f44e8677463ec 051a44c49ffe04c7 ZMM18=62046ec228bb04ea 831e47de168f9885 62046ec228bb04ea 831e47de168f9885 62046ec228bb04ea 831e47de168f9885 62046ec228bb04ea 831e47de168f9885 ZMM19=9d50000000000000 0000000000000004 9d50000000000000 0000000000000003 9d50000000000000 0000000000000002 9d50000000000000 0000000000000001 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000806060157 fa0c08000880030b 8002100800000800 060157ee0410000b ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8003000008c40280 0202080000080006 0157fa0e08000280 030fffffffff0205 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 80021c0800000800 08014edc02960800 0588031008000580 030008000fffffff ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff848fa380 ffffffff848fac7c ffffffff84908f1a ffffffff81608585 ZMM25=831e47de831e47de 831e47de831e47de 831e47de831e47de 831e47de831e47de 831e47de831e47de 831e47de831e47de 831e47de831e47de 831e47de831e47de ZMM26=28bb04ea28bb04ea 28bb04ea28bb04ea 28bb04ea28bb04ea 28bb04ea28bb04ea 28bb04ea28bb04ea 28bb04ea28bb04ea 28bb04ea28bb04ea 28bb04ea28bb04ea ZMM27=62046ec262046ec2 62046ec262046ec2 62046ec262046ec2 62046ec262046ec2 62046ec262046ec2 62046ec262046ec2 62046ec262046ec2 62046ec262046ec2 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=9c5000009c500000 9c5000009c500000 9c5000009c500000 9c5000009c500000 9c5000009c500000 9c5000009c500000 9c5000009c500000 9c5000009c500000 info registers vcpu 3 CPU#3 RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85616e75 RDI=ffffffff9b0fc700 RBP=ffffffff9b0fc6c0 RSP=ffffc90004a5f140 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000037 R14=ffffffff9b0fc6c0 R15=ffffffff85616e10 RIP=ffffffff85616e9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977c0000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080002000 CR3=000000007609c000 CR4=00352ef0 DR0=ffffffffffffffff DR1=000000000000008d DR2=0000000020000008 DR3=0000000000007fff DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7863e213652bbf3b 99fa42301f559807 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e6bdc0c645794d10 4c7f138a7c715ca0 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ed6cbca0d74576cf 4894e60332381a9f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a7692b70eb786cd2 6c5eb7aee31bf8d5 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000046c0 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ec3d0300af9afe00 0004c8b9d66e4200 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 71b7280080010000 80010000dbcc7400 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 53c8ae000004c8b7 0004c8b600000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 800100000004c8b9 0004c8b90004c8b4 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a6aeab08afac20ea 9f7299fe44debcda ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 fd7ab76800b40b81 1322db7b0f01df2f ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000