last executing test programs: 8.86659334s ago: executing program 0 (id=1287): bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r0 = socket$inet(0x2, 0x5, 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mprotect(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x1) rseq(&(0x7f0000000040), 0xffffffffffffff60, 0x0, 0x0) rseq(&(0x7f0000000040), 0x20, 0x1, 0x300) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0003400200000000000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162f7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) openat$ptmx(0xffffff9c, &(0x7f0000000000), 0x40043, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, &(0x7f0000000300)=0xf3, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) lseek(r0, 0x6, 0x3) pipe2(&(0x7f0000000140)={0xffffffffffffffff}, 0x80000) write$vga_arbiter(r3, &(0x7f0000000180)=@target={'target ', {'PCI:', '1a', ':', 'a', ':', '1e', '.', 'e'}}, 0x15) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x5, &(0x7f0000000040)=[{0x8e, 0x3, 0x90}, {0x101, 0x7, 0x49, 0x4}, {0x1, 0x6, 0x6, 0x13}, {0xfffb, 0x1, 0x2, 0x40}, {0x2, 0xe, 0x40, 0x8}]}, 0x8) socket$nl_netfilter(0x10, 0x3, 0xc) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000300), 0x4b) 7.924692531s ago: executing program 0 (id=1295): socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r7, 0x5412, &(0x7f0000000640)=0x13) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x64, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x38, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}, {0x14, 0x1, 'veth1_to_bond\x00'}]}]}]}], {0x14, 0x10}}, 0x104}}, 0x0) ioctl$TCSETA(r7, 0x5406, &(0x7f0000000080)={0x2, 0xfa, 0xff92, 0x200a, 0x34, "000401600c00"}) 6.638945692s ago: executing program 0 (id=1299): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000002780)={0x0}) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x200980) r4 = io_uring_setup(0x70c3, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x10000}) r5 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000090000402505a8a440000102030109021b00010100000009040000020701010009050102"], 0x0) syz_usb_control_io$printer(r5, 0x0, &(0x7f0000000000)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0xfffffffffffffc4a}}) syz_open_dev$char_usb(0xc, 0xb4, 0x2000000) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0) r6 = openat$uinput(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000000240)={{0xa, 0x7, 0xa, 0xe}, 'syz0\x00', 0xb}) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r3, 0x3, r2, 0x5}) 6.359724043s ago: executing program 2 (id=1300): r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x121040, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x40086603, &(0x7f0000000040)) unshare(0x62040200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x28, 0x10, 0x1, 0x3, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x100}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000006240), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r2, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) io_setup(0x9, &(0x7f0000000000)) prlimit64(r3, 0x1, &(0x7f0000000140)={0xfff, 0x1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r6, 0x8983, &(0x7f0000000000)={0x6, 'veth0_vlan\x00', {0x2}, 0x101}) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r6, 0x8982, &(0x7f0000000040)={0x0, 'veth0_vlan\x00', {0x1}, 0x2b1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) r9 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x40000, 0x0, 0x2, 0x1}}) ioctl$sock_inet_SIOCSIFFLAGS(r9, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x3fa1dc947ffe4b82}) 5.316358256s ago: executing program 2 (id=1303): r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f00000039c0)=[{{&(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x2000c044) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="8000000002000200080004000000000008001b"], 0x30}}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20) preadv(r2, &(0x7f0000001b00)=[{&(0x7f0000000180)=""/244, 0xf4}], 0x1, 0x10, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x24044880) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, 0x0, 0x4000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) lstat(0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x4, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x97}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xd, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a00)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="b9ff03316858268cb89e14f00800", 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x3, @loopback, 0x7}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x24008844, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c) shutdown(r4, 0x1) 5.227948444s ago: executing program 2 (id=1304): bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r0 = socket$inet(0x2, 0x5, 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mprotect(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x1) rseq(&(0x7f0000000040), 0xffffffffffffff60, 0x0, 0x0) rseq(&(0x7f0000000040), 0x20, 0x1, 0x300) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0003400200000000000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162f7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) openat$ptmx(0xffffff9c, &(0x7f0000000000), 0x40043, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, &(0x7f0000000300)=0xf3, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) lseek(r0, 0x6, 0x3) pipe2(&(0x7f0000000140)={0xffffffffffffffff}, 0x80000) write$vga_arbiter(r3, &(0x7f0000000180)=@target={'target ', {'PCI:', '1a', ':', 'a', ':', '1e', '.', 'e'}}, 0x15) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x5, &(0x7f0000000040)=[{0x8e, 0x3, 0x90}, {0x101, 0x7, 0x49, 0x4}, {0x1, 0x6, 0x6, 0x13}, {0xfffb, 0x1, 0x2, 0x40}, {0x2, 0xe, 0x40, 0x8}]}, 0x8) socket$nl_netfilter(0x10, 0x3, 0xc) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000300), 0x4b) 5.152923718s ago: executing program 1 (id=1305): r0 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000009, 0x31, 0xffffffffffffffff, 0x7c5c7000) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @remote}, 0x10) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_dev$vim2m(&(0x7f00000002c0), 0xe, 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x7ffe, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x8, 0x4, 0x3c5b, 0x1, 0x3, 0x9, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x101, 0x7fff, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x71, 0xfffffff8, 0x7, 0x3, 0x0, 0xd, 0x3e, 0x8f, 0x6, 0x10000006, 0x0, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x131, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0x6, 0x3, 0x0, 0x7, 0x5, 0x0, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x4, 0x8000, 0x9, 0x400, 0x4, 0x6, 0x7, 0xff, 0x5, 0x5, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0xa, 0x4, 0x9, 0x8, 0x800, 0x6, 0x7, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x7f, 0x9, 0x2, 0x3, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x2], [0x7, 0x4, 0x0, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x3, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0xf, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x1, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0x65], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x2, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7ffe, 0x8, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0xe, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x7, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa1f, 0x8, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) 4.976564191s ago: executing program 1 (id=1306): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x280000a, 0x8010, r1, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000005c0)={'dummy0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x9) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd74) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0xe0801, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0xfffffffc) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r9, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000480)={[0x8000000007, 0x0, 0x29, 0x40003ffffffffe, 0x3, 0x2, 0x6, 0x5, 0x800, 0xffffffffffffffff, 0x1000200003, 0xfffffffdfffffffa, 0x4, 0x9, 0x0, 0x6], 0xeeef0000, 0x102}) openat$zero(0xffffff9c, 0x0, 0x440102, 0x0) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000002a00), 0x40800, 0x0) ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000080)={'veth1_virt_wifi\x00', 0x2}) r11 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r11, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x1, 0x0}, @empty}, 0x10) r12 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_DELLINK(r12, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="18000000041401002dbd700015dcdf250800010000000000"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x8000) ioctl$KVM_RUN(r9, 0xae80, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=ANY=[@ANYRESDEC=r4, @ANYRES32=0x0, @ANYBLOB="1546010000000000140012800b0001006d61007365630000040002800a2543c50ee4fd7e45ada6a9b2abb3a274bd720f5601e8feda5614591a967444834fea2dfadf08be223394fb980f4ea764f6a08d0a419206eeb0dc", @ANYRES16=r0], 0x34}}, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000002c0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x200000000481, 0x2000000004b2, 0x5, 0x3, 0xfffffffffffffffd], 0x0, 0x0, 0x0}, 0x690) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x79, 0x10000000, 0x3, 0x1, 0x1, 0x0, 0x3, 0x7f, 0x0, 0x6, 0x2, 0x0, 0x2, 0x6, 0x1], 0xeeee0000, 0x98300}) 4.793706962s ago: executing program 3 (id=1307): socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r7, 0x5412, &(0x7f0000000640)=0x13) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x40, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x10}]}]}], {0x14, 0x10}}, 0xe0}}, 0x0) ioctl$TCSETA(r7, 0x5406, &(0x7f0000000080)={0x2, 0xfa, 0xff92, 0x200a, 0x34, "000401600c00"}) 4.286885633s ago: executing program 2 (id=1308): timer_create(0x0, &(0x7f0000000940)={0x0, 0x0, 0x1}, &(0x7f0000000980)=0x0) timer_gettime(r0, &(0x7f00000009c0)) r1 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000080), 0x800000, 0x0) r2 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r5 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r4}, &(0x7f0000020940)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r8, 0x4008af00, &(0x7f0000000080)=0x1c) dup2(r8, r8) socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)={0x20, r9, 0x333, 0x0, 0x4, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}]}]}, 0x20}}, 0x0) socket$inet(0x2, 0x4, 0x6) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000380)={0x0, 'bridge_slave_0\x00', {}, 0x1ff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_mreqsrc(r10, 0x0, 0x28, &(0x7f0000000200)={@local, @empty, @loopback}, &(0x7f0000000240)=0xc) r11 = socket(0x40000000015, 0x5, 0x0) getsockopt(r11, 0x200000000114, 0x271e, 0x0, &(0x7f0000000040)) rt_sigsuspend(&(0x7f00000001c0)={[0x9, 0x7]}, 0x8) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000540)=ANY=[@ANYRES32=0x0, @ANYRES16], 0x9) futex(&(0x7f0000000100)=0x1, 0x1, 0x1, 0x0, &(0x7f0000000180)=0x1, 0x1) close_range(r2, r1, 0x0) 3.960134644s ago: executing program 1 (id=1309): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, 0x0, 0x0) 3.959768703s ago: executing program 1 (id=1310): r0 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000009, 0x31, 0xffffffffffffffff, 0x7c5c7000) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @remote}, 0x10) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 3.804724422s ago: executing program 3 (id=1311): creat(&(0x7f0000000240)='./file0\x00', 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000001c0)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "07bbc136c963254c66c42afcdd7d26931300e264c4feb642c8c42699f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0) keyctl$chown(0x4, r0, 0x0, 0xee01) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x4}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000085000000050000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={r4}, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) bind$inet6(r5, &(0x7f0000000e40)={0xa, 0x4e20, 0x10000, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x3}, 0x1c) r6 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) bind$inet6(r6, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x80ad}, 0x1c) openat$kvm(0xffffff9c, &(0x7f0000000000), 0x10000, 0x0) statfs(&(0x7f0000000200)='./file0\x00', &(0x7f0000000380)=""/60) 3.801759747s ago: executing program 1 (id=1312): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}}, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x1, 0xfffffffd, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE(0xe4ffffff00000000, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a0f0000}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r3, &(0x7f0000000740)={0x1f, @none}, 0x8) listen(r3, 0x0) accept4(r3, 0x0, 0x0, 0x80800) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) socket(0x2000000000000021, 0x2, 0x10000000000002) socket$igmp(0x2, 0x3, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_WRITE_DEF_LINK_POLICY={{0xbe}}}}, 0x7) 3.582582744s ago: executing program 3 (id=1313): r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x121040, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x40086603, &(0x7f0000000040)) unshare(0x62040200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x28, 0x10, 0x1, 0x3, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x100}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000006240), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r2, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) io_setup(0x9, &(0x7f0000000000)) prlimit64(r3, 0x1, &(0x7f0000000140)={0xfff, 0x1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r6, 0x8983, &(0x7f0000000000)={0x6, 'veth0_vlan\x00', {0x2}, 0x101}) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r6, 0x8982, &(0x7f0000000040)={0x0, 'veth0_vlan\x00', {0x1}, 0x2b1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) r9 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x40000, 0x0, 0x2, 0x1}}) ioctl$sock_inet_SIOCSIFFLAGS(r9, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x3fa1dc947ffe4b82}) 3.287632171s ago: executing program 0 (id=1314): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = dup(0xffffffffffffffff) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffdd2) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000640)={0x0, @in6={{0xa, 0x4e21, 0x401, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}}}, 0x84) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x400239, &(0x7f0000000240)={0x0, 0x1c2a, 0x200, 0x800000, 0x0, 0x0, r4}, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_setup(0x6, &(0x7f0000001380)=0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002}) io_submit(r5, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}]) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x1d}, {0xe, 0x600}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x700}, 0x0) r8 = socket$inet6(0xa, 0x80803, 0x84) setsockopt$inet6_IPV6_IPSEC_POLICY(r8, 0x29, 0x22, &(0x7f0000000540)={{{@in=@dev={0xac, 0x14, 0x14, 0x30}, @in6=@mcast2, 0x4e24, 0x1, 0x4e23, 0x0, 0xa, 0x20, 0x80, 0x1}, {0xaa3, 0x0, 0x401, 0x51, 0x7, 0xffffffff00000000, 0xf33, 0x10000}, {0x1, 0x3, 0x9, 0xf}, 0x5, 0x6e6bbe, 0x1}, {{@in=@broadcast, 0x4d6, 0x3c}, 0x2, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x3501, 0x4, 0x0, 0x6, 0x401, 0xc52d, 0x7}}, 0xe4) io_uring_enter(r2, 0x2dee, 0x7732, 0x20, 0x0, 0x0) r9 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r9, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r9, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) setsockopt$inet_IP_XFRM_POLICY(r9, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@remote, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8) sendmmsg(r9, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, 0x0, 0x0) 1.861317792s ago: executing program 3 (id=1315): r0 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000009, 0x31, 0xffffffffffffffff, 0x7c5c7000) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @remote}, 0x10) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_dev$vim2m(&(0x7f00000002c0), 0xe, 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x7ffe, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x8, 0x4, 0x3c5b, 0x1, 0x3, 0x9, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x101, 0x7fff, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x71, 0xfffffff8, 0x7, 0x3, 0x0, 0xd, 0x3e, 0x8f, 0x6, 0x10000006, 0x0, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x131, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0x6, 0x3, 0x0, 0x7, 0x5, 0x0, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x4, 0x8000, 0x9, 0x400, 0x4, 0x6, 0x7, 0xff, 0x5, 0x5, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0xa, 0x4, 0x9, 0x8, 0x800, 0x6, 0x7, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x7f, 0x9, 0x2, 0x3, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x2], [0x7, 0x4, 0x0, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x3, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0xf, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x1, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0x65], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x2, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7ffe, 0x8, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0xe, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x7, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa1f, 0x8, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) 1.852328601s ago: executing program 1 (id=1323): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x19ff, 0x0, &(0x7f0000000240), &(0x7f0000000100)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3642, 0x7fff}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000a00)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a000000010000003f0000004000000042000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000007f721185d1bd3a0ddc9b4f4fb93aedd0a03ab11a8cb57ca3b63a1566d7b8c329386274571eb19ffef06b6d1fff919327c75193a37bfd8eccb5961ba7d48b24796f3025fac2b1f91877"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000001a40), 0x1003, r3}, 0x38) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0900000004000000040000000700000000000000", @ANYRES32, @ANYBLOB="ac93f0fa3f221e50e9b990823b93a57800"/36, @ANYRES32=0x0, @ANYRES32=r4, @ANYBLOB="02000010011000"/28], 0x50) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0], 0x0, 0xa7, &(0x7f0000000400)=[{}, {}], 0x10, 0x10, &(0x7f0000000600), &(0x7f0000000640), 0x8, 0x9, 0x8, 0x8, &(0x7f0000000680)}}, 0x10) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) write$cgroup_int(r5, &(0x7f0000000040)=0x3, 0x12) socket$netlink(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x0, 0x8a5a, @empty}}, {{0xa, 0x0, 0x6, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1d}}}}}, 0x104) getsockopt$inet6_buf(r6, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xf9) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x5, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x26}}]}, 0x1c}}, 0x40000) sendmsg$NFQNL_MSG_CONFIG(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) 1.849999675s ago: executing program 2 (id=1316): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}}, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x1, 0xfffffffd, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE(0xe4ffffff00000000, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a0f0000}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r3, &(0x7f0000000740)={0x1f, @none}, 0x8) listen(r3, 0x0) accept4(r3, 0x0, 0x0, 0x80800) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) socket(0x2000000000000021, 0x2, 0x10000000000002) socket$igmp(0x2, 0x3, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_WRITE_DEF_LINK_POLICY={{0xbe}}}}, 0x7) 1.655097204s ago: executing program 0 (id=1317): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x280000a, 0x8010, r1, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000005c0)={'dummy0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x9) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd74) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0xe0801, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0xfffffffc) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r9, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000480)={[0x8000000007, 0x0, 0x29, 0x40003ffffffffe, 0x3, 0x2, 0x6, 0x5, 0x800, 0xffffffffffffffff, 0x1000200003, 0xfffffffdfffffffa, 0x4, 0x9, 0x0, 0x6], 0xeeef0000, 0x102}) openat$zero(0xffffff9c, 0x0, 0x440102, 0x0) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000002a00), 0x40800, 0x0) ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000080)={'veth1_virt_wifi\x00', 0x2}) r11 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r11, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x1, 0x0}, @empty}, 0x10) r12 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_DELLINK(r12, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="18000000041401002dbd700015dcdf250800010000000000"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x8000) ioctl$KVM_RUN(r9, 0xae80, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=ANY=[@ANYRESDEC=r4, @ANYRES32=0x0, @ANYBLOB="1546010000000000140012800b0001006d61007365630000040002800a2543c50ee4fd7e45ada6a9b2abb3a274bd720f5601e8feda5614591a967444834fea2dfadf08be223394fb980f4ea764f6a08d0a419206eeb0dc", @ANYRES16=r0], 0x34}}, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000002c0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x200000000481, 0x2000000004b2, 0x5, 0x3, 0xfffffffffffffffd], 0x0, 0x0, 0x0}, 0x690) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x79, 0x10000000, 0x3, 0x1, 0x1, 0x0, 0x3, 0x7f, 0x0, 0x6, 0x2, 0x0, 0x2, 0x6, 0x1], 0xeeee0000, 0x98300}) 719.536273ms ago: executing program 3 (id=1318): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) unshare(0x2c020400) fstat(r1, &(0x7f0000000540)) (fail_nth: 2) 614.630644ms ago: executing program 2 (id=1319): socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r7, 0x5412, &(0x7f0000000640)=0x13) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x40, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x10}]}]}], {0x14, 0x10}}, 0xe0}}, 0x0) ioctl$TCSETA(r7, 0x5406, &(0x7f0000000080)={0x2, 0xfa, 0xff92, 0x200a, 0x34, "000401600c00"}) 596.895174ms ago: executing program 3 (id=1320): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000d2d0539b000000fb006e8900009500000000000000"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000d2d0539b000000fb006e8900009500000000000000"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = syz_open_procfs(0xffffffffffffffff, 0x0) move_mount(r1, 0x0, r1, &(0x7f00000003c0)='./file0\x00', 0x40) (async) move_mount(r1, 0x0, r1, &(0x7f00000003c0)='./file0\x00', 0x40) r2 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2a, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x21, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_io_uring_setup(0x24fc, &(0x7f0000000080)={0x0, 0xffffffbf, 0x10100, 0x3}, &(0x7f0000000100)=0x0, &(0x7f0000001040)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_UNLINKAT={0x24, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x1}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_clone3(&(0x7f0000000480)={0x20000000, 0x0, 0x0, 0x0, {}, &(0x7f0000000400)=""/55, 0x37, 0x0, 0x0}, 0x58) (async) syz_clone3(&(0x7f0000000480)={0x20000000, 0x0, 0x0, 0x0, {}, &(0x7f0000000400)=""/55, 0x37, 0x0, 0x0}, 0x58) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) (async) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) (async) connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000025c0), r1) sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f0000002780)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000002740)={&(0x7f00000027c0)=ANY=[@ANYBLOB="74010000", @ANYRES16=r8, @ANYBLOB="00032cbd7000ffdbdf250700000024000980080001005a0f00000800020002000000080001005309000008000200030000003c0106800800010008000000080001000f00000008000600b10000000400020004000200ae543d8e922e8942caa5f4e418a0c026967d394ca21d654fa31590167cb1f628cf42c5135cf9e369e10b661a04659a0beb37ee1c89f6b5f5ac2cb03ba9fc0aadb8f600115fb53eaca3c23efecf7f2b5ab0fe9d33e13c63b871000000040005004900040067636d286165732900000000000000000000000000000000000000000000000021000000bf0e7cef4c29a2481edea703c5953755ef21e6ac4682e7592c9feef58bf26ae11a000000620003005430aa68ea8541c7aeffb0a3d3441f476e260aec60732b68bac090efc7564771fb5f5d20b6f0ce0ded6b3c8087e8c0815d96ebe7cf5479107d32a7e234b33df6a02ba216a083f01ad449e5d10f8fad707024a85296ba0ac9f9fdf33eb48900080000000000000000"], 0x174}, 0x1, 0x0, 0x0, 0x4000884}, 0x40) (async) sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f0000002780)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000002740)={&(0x7f00000027c0)=ANY=[@ANYBLOB="74010000", @ANYRES16=r8, @ANYBLOB="00032cbd7000ffdbdf250700000024000980080001005a0f00000800020002000000080001005309000008000200030000003c0106800800010008000000080001000f00000008000600b10000000400020004000200ae543d8e922e8942caa5f4e418a0c026967d394ca21d654fa31590167cb1f628cf42c5135cf9e369e10b661a04659a0beb37ee1c89f6b5f5ac2cb03ba9fc0aadb8f600115fb53eaca3c23efecf7f2b5ab0fe9d33e13c63b871000000040005004900040067636d286165732900000000000000000000000000000000000000000000000021000000bf0e7cef4c29a2481edea703c5953755ef21e6ac4682e7592c9feef58bf26ae11a000000620003005430aa68ea8541c7aeffb0a3d3441f476e260aec60732b68bac090efc7564771fb5f5d20b6f0ce0ded6b3c8087e8c0815d96ebe7cf5479107d32a7e234b33df6a02ba216a083f01ad449e5d10f8fad707024a85296ba0ac9f9fdf33eb48900080000000000000000"], 0x174}, 0x1, 0x0, 0x0, 0x4000884}, 0x40) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r9 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$bt_hci(r9, 0x84, 0x80, &(0x7f0000000000)=""/4102, &(0x7f00000010c0)=0x1006) r10 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) ioctl$EVIOCSMASK(r10, 0x40104593, &(0x7f0000000000)={0x1, 0x1, &(0x7f0000000400)="d1"}) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x2fc, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x268, 0xffffff7a, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1\x00', 'veth0_to_team\x00', {}, {}, 0x0, 0x0, 0x41}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "e4ff0100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9eb85f401b0000000000ffffff7f00", 0x7d}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x2, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x358) setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000001180)=@nat={'nat\x00', 0x1b, 0x5, 0x13d8, 0x244, 0xa4, 0xffffffff, 0xa4, 0x0, 0x1344, 0x1344, 0xffffffff, 0x1344, 0x1344, 0x5, &(0x7f0000001100), {[{{@ip={@multicast1, @dev={0xac, 0x14, 0x14, 0x19}, 0xffffff00, 0xff000000, 'tunl0\x00', 'pim6reg\x00', {}, {}, 0x5e, 0x2, 0x42}, 0x0, 0x70, 0xa4}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x2, @loopback, @empty, @port=0x4e24, @icmp_id=0x66}}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x3c}, @multicast1, 0x0, 0x62fec332db591164, 'macvtap0\x00', 'dvmrp0\x00', {0xff}, {}, 0x2e, 0x2, 0xa}, 0x0, 0xc8, 0xfc, 0x0, {}, [@common=@ah={{0x2c}, {[0x0, 0x5], 0x1}}, @common=@ah={{0x2c}, {[0x10, 0x3]}}]}, @DNAT0={0x34, 'DNAT\x00', 0x0, {0x1, {0x0, @multicast1, @multicast1, @port=0x4e24, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0xa4}, @REDIRECT={0x34, 'REDIRECT\x00', 0x0, {0x1, {0xd, @remote, @empty, @port=0x4e23, @icmp_id=0x68}}}}, {{@ip={@loopback, @local, 0xffffffff, 0xff000000, 'veth1_vlan\x00', 'bond_slave_0\x00', {}, {0xff}, 0x0, 0x1, 0x78}, 0x0, 0x10cc, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00', 0x5, {0x1}}}, @common=@addrtype={{0x2c}, {0x204, 0x642, 0x1}}]}, @DNAT0={0x34, 'DNAT\x00', 0x0, {0x1, {0x4, @rand_addr=0x64010101, @multicast1, @gre_key=0x3, @port=0x4e21}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x1434) (async) setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000001180)=@nat={'nat\x00', 0x1b, 0x5, 0x13d8, 0x244, 0xa4, 0xffffffff, 0xa4, 0x0, 0x1344, 0x1344, 0xffffffff, 0x1344, 0x1344, 0x5, &(0x7f0000001100), {[{{@ip={@multicast1, @dev={0xac, 0x14, 0x14, 0x19}, 0xffffff00, 0xff000000, 'tunl0\x00', 'pim6reg\x00', {}, {}, 0x5e, 0x2, 0x42}, 0x0, 0x70, 0xa4}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x2, @loopback, @empty, @port=0x4e24, @icmp_id=0x66}}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x3c}, @multicast1, 0x0, 0x62fec332db591164, 'macvtap0\x00', 'dvmrp0\x00', {0xff}, {}, 0x2e, 0x2, 0xa}, 0x0, 0xc8, 0xfc, 0x0, {}, [@common=@ah={{0x2c}, {[0x0, 0x5], 0x1}}, @common=@ah={{0x2c}, {[0x10, 0x3]}}]}, @DNAT0={0x34, 'DNAT\x00', 0x0, {0x1, {0x0, @multicast1, @multicast1, @port=0x4e24, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0xa4}, @REDIRECT={0x34, 'REDIRECT\x00', 0x0, {0x1, {0xd, @remote, @empty, @port=0x4e23, @icmp_id=0x68}}}}, {{@ip={@loopback, @local, 0xffffffff, 0xff000000, 'veth1_vlan\x00', 'bond_slave_0\x00', {}, {0xff}, 0x0, 0x1, 0x78}, 0x0, 0x10cc, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00', 0x5, {0x1}}}, @common=@addrtype={{0x2c}, {0x204, 0x642, 0x1}}]}, @DNAT0={0x34, 'DNAT\x00', 0x0, {0x1, {0x4, @rand_addr=0x64010101, @multicast1, @gre_key=0x3, @port=0x4e21}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x1434) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={@mcast1, @local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x5, 0x4, 0xfff2, 0x100, 0x4, 0x80108}) 0s ago: executing program 0 (id=1321): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) unshare(0x2c020400) epoll_create(0x3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000001240)={0x8000008, 0x88}, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdir(&(0x7f0000002200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x210020, &(0x7f0000001080)=ANY=[@ANYBLOB="6719dbffffffff0000000033c3b4b1b3b86b84f65255285e1dfb27de2d290e35b83a5b65a66edcd7ba841a5d26d5f419f58f74702e7d0b1f5cfd8f540aaf1cc83364875525f864bbafbd367fd85cb6827ec955b03e78d21f222599aa059c4c6a7709000000000000001818f18ab1e646df89ee08c84b5c7110454f157e10c4cf8b8c67d730a009ab5412ee957ae57b040e57a284959aeee01eb21453ee5f432c4fdc30b9f8febaebc791665bd67c31db4f6b3ff807613e195aa49e56ddd98baeb6c85eb644fa76b88a97da3b41dcb216a60ddc9761c8c71a2000000000000000000000000099b592e6a4e6d2f9249dd4a5f5d309dfab12aa9c08a8d6a26883e2f9fbe26a7edea1ef0354115e7a0a02d35e60c74fdaf7cd08537119d8fc711d52009eafdb140491a965e14ddd49af30fee4dc69698456eb8067114d048b15cdd93f70efd343caf222ddc4aaf3db3b54ae428442782c2287351ab21ae9dafe683482a0622b8a6313233ad627e5f12b902c7df8d93f44b54ebd539d7d3d9539c7fe4a4bff814b9583ad67", @ANYRESHEX=0x0, @ANYBLOB=',\x00']) mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r4, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x0, 0x2, {0x4, 0x1}, 0x3, 0x800}) mkdir(0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) r5 = syz_open_procfs(0x0, &(0x7f0000000300)='oom_adj\x00') r6 = timerfd_create(0x0, 0x0) creat(&(0x7f00000001c0)='./file0\x00', 0x8) mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000740), 0x400, &(0x7f0000000a00)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6]) timerfd_settime(r6, 0x3, &(0x7f0000000380)={{0x0, 0x989680}}, 0x0) kernel console output (not intermixed with test programs): 51] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.777612][ T100] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.779907][ T100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.782853][ T100] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.785543][ T100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.801562][ T5951] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 47.806724][ T5951] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.833376][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.847731][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.876539][ T5938] veth0_vlan: entered promiscuous mode [ 47.898328][ T5938] veth1_vlan: entered promiscuous mode [ 47.903559][ T5937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.906387][ T5946] veth0_vlan: entered promiscuous mode [ 47.915794][ T5946] veth1_vlan: entered promiscuous mode [ 47.941822][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.949435][ T5938] veth0_macvtap: entered promiscuous mode [ 47.965330][ T5938] veth1_macvtap: entered promiscuous mode [ 47.975572][ T5937] veth0_vlan: entered promiscuous mode [ 47.981622][ T5946] veth0_macvtap: entered promiscuous mode [ 47.994075][ T5937] veth1_vlan: entered promiscuous mode [ 47.998297][ T5946] veth1_macvtap: entered promiscuous mode [ 48.001716][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.008863][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.017891][ T5938] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.021650][ T5938] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.025388][ T5938] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.028943][ T5938] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.043259][ T5951] veth0_vlan: entered promiscuous mode [ 48.059072][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.062738][ T5951] veth1_vlan: entered promiscuous mode [ 48.073708][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.084162][ T5946] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.087174][ T5946] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.089954][ T5946] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.092643][ T5946] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.125192][ T5951] veth0_macvtap: entered promiscuous mode [ 48.128041][ T5937] veth0_macvtap: entered promiscuous mode [ 48.131777][ T5937] veth1_macvtap: entered promiscuous mode [ 48.135382][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.138597][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.141799][ T5951] veth1_macvtap: entered promiscuous mode [ 48.177033][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.179163][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.179543][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.187066][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.196366][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.200413][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.203186][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.205574][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.214282][ T5937] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.216935][ T5937] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.219627][ T5937] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.222593][ T5937] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.228132][ T5951] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.231708][ T5951] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.236386][ T5951] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.238981][ T5938] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.239921][ T5951] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.268553][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.271650][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.342351][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.346696][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.349391][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.349524][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.350779][ T6002] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 48.371478][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.374442][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.385671][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.389015][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.443132][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.503227][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.513241][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.603938][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 48.734746][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 48.836770][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 48.839839][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 49.246532][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 49.263133][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.474693][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.624005][ T5942] Bluetooth: hci2: command tx timeout [ 49.624032][ T5954] Bluetooth: hci1: command tx timeout [ 49.706399][ T5954] Bluetooth: hci0: command tx timeout [ 49.760260][ T6040] random: crng reseeded on system resumption [ 49.856508][ T6043] pimreg: entered allmulticast mode [ 49.999924][ T6042] netlink: 'syz.3.7': attribute type 10 has an invalid length. [ 50.011670][ T6042] veth0_vlan: left promiscuous mode [ 50.016585][ T6042] veth0_vlan: entered promiscuous mode [ 50.020517][ T6042] team0: Device veth0_vlan failed to register rx_handler [ 50.758740][ T5954] Bluetooth: hci3: command tx timeout [ 50.831849][ T6064] Zero length message leads to an empty skb [ 50.835437][ T6064] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 51.573945][ T6073] process 'syz.1.18' launched '/dev/fd/8' with NULL argv: empty string added [ 51.703474][ T5954] Bluetooth: hci2: command tx timeout [ 51.705340][ T5942] Bluetooth: hci1: command tx timeout [ 51.783679][ T5954] Bluetooth: hci0: command tx timeout [ 51.822509][ T6081] capability: warning: `syz.3.21' uses 32-bit capabilities (legacy support in use) [ 51.872183][ T6083] loop2: detected capacity change from 0 to 520093696 [ 52.039739][ T6090] ======================================================= [ 52.039739][ T6090] WARNING: The mand mount option has been deprecated and [ 52.039739][ T6090] and is ignored by this kernel. Remove the mand [ 52.039739][ T6090] option from the mount to silence this warning. [ 52.039739][ T6090] ======================================================= [ 52.064971][ T6090] lo speed is unknown, defaulting to 1000 [ 52.068584][ T6090] lo speed is unknown, defaulting to 1000 [ 52.072271][ T6090] lo speed is unknown, defaulting to 1000 [ 52.309812][ T6090] infiniband sz1: set active [ 52.312088][ T1018] lo speed is unknown, defaulting to 1000 [ 52.314371][ T6090] infiniband sz1: added lo [ 52.345372][ T6090] RDS/IB: sz1: added [ 52.350678][ T6090] smc: adding ib device sz1 with port count 1 [ 52.353512][ T6090] smc: ib device sz1 port 1 has pnetid [ 52.356150][ T1018] lo speed is unknown, defaulting to 1000 [ 52.359860][ T6090] lo speed is unknown, defaulting to 1000 [ 52.495373][ T5980] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 52.649874][ T6090] lo speed is unknown, defaulting to 1000 [ 52.786377][ T5980] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 52.790632][ T5980] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 52.800849][ T5980] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 52.810632][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.819677][ T6097] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 52.826658][ T5954] Bluetooth: hci3: command tx timeout [ 52.832497][ T5980] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 52.951754][ T6090] lo speed is unknown, defaulting to 1000 [ 53.067935][ T6108] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in; [ 53.067935][ T6108] program syz.2.26 not setting count and/or reply_len properly [ 53.234160][ T6090] lo speed is unknown, defaulting to 1000 [ 53.447843][ T6109] netlink: 3 bytes leftover after parsing attributes in process `syz.2.26'. [ 53.460913][ T6109] batadv1: entered allmulticast mode [ 53.503898][ T6113] input: syz1 as /devices/virtual/input/input5 [ 53.534835][ T6113] netlink: 12 bytes leftover after parsing attributes in process `syz.2.26'. [ 53.783085][ T5954] Bluetooth: hci2: command tx timeout [ 53.908599][ T6121] lo speed is unknown, defaulting to 1000 [ 54.131833][ T6126] rdma_rxe: rxe_newlink: failed to add lo [ 54.196126][ T6122] lo speed is unknown, defaulting to 1000 [ 54.413017][ T5980] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 54.634214][ T5980] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 54.637671][ T5980] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 54.640674][ T5980] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 54.644361][ T5980] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.660563][ T6126] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 54.670531][ T5980] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 54.977810][ T5980] usb 7-1: USB disconnect, device number 2 [ 55.004229][ T1018] usb 5-1: USB disconnect, device number 2 [ 57.493576][ T6172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.39'. [ 57.496355][ T6172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.39'. [ 57.715413][ T6175] input: syz0 as /devices/virtual/input/input6 [ 57.726184][ T6175] netlink: 'syz.1.40': attribute type 10 has an invalid length. [ 57.740814][ T6175] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 57.758754][ T6174] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 58.516627][ T6190] lo speed is unknown, defaulting to 1000 [ 58.518512][ T6190] lo speed is unknown, defaulting to 1000 [ 58.521380][ T6190] lo speed is unknown, defaulting to 1000 [ 58.525579][ T6190] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 58.532366][ T6190] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 58.546585][ T6190] lo speed is unknown, defaulting to 1000 [ 58.549299][ T6190] lo speed is unknown, defaulting to 1000 [ 58.551893][ T6190] lo speed is unknown, defaulting to 1000 [ 58.554409][ T6190] lo speed is unknown, defaulting to 1000 [ 58.578161][ T6190] netlink: 24 bytes leftover after parsing attributes in process `syz.1.44'. [ 59.798905][ T6208] netlink: 'syz.0.49': attribute type 1 has an invalid length. [ 59.877653][ T6211] veth3: entered promiscuous mode [ 60.126234][ T6219] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 61.406009][ T6251] input: syz0 as /devices/virtual/input/input7 [ 61.416363][ T6251] netlink: 'syz.0.58': attribute type 10 has an invalid length. [ 61.430930][ T6251] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 61.446142][ T6250] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 62.091346][ T6262] netlink: 28 bytes leftover after parsing attributes in process `syz.2.60'. [ 62.094321][ T6262] netlink: 28 bytes leftover after parsing attributes in process `syz.2.60'. [ 62.967235][ T6272] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 66.350480][ T6365] lo speed is unknown, defaulting to 1000 [ 66.485819][ T6373] ipvlan2: entered promiscuous mode [ 66.534049][ T6365] lo speed is unknown, defaulting to 1000 [ 66.668406][ T6363] lo speed is unknown, defaulting to 1000 [ 66.780481][ T6363] lo speed is unknown, defaulting to 1000 [ 67.185701][ T6366] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 67.318877][ T6391] random: crng reseeded on system resumption [ 67.386648][ T6392] pimreg: entered allmulticast mode [ 67.390273][ T6392] smc: removing ib device sz1 [ 68.615579][ T6409] lo speed is unknown, defaulting to 1000 [ 68.618081][ T6409] lo speed is unknown, defaulting to 1000 [ 68.620328][ T6409] lo speed is unknown, defaulting to 1000 [ 68.803045][ T29] lo speed is unknown, defaulting to 1000 [ 68.805506][ T6409] infiniband sz1: set active [ 68.807622][ T6409] infiniband sz1: added lo [ 68.830070][ T6409] RDS/IB: sz1: added [ 68.833523][ T6409] smc: adding ib device sz1 with port count 1 [ 68.835561][ T6409] smc: ib device sz1 port 1 has pnetid [ 68.837540][ T29] lo speed is unknown, defaulting to 1000 [ 68.839934][ T6409] lo speed is unknown, defaulting to 1000 [ 68.993410][ T5980] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 69.068353][ T6409] lo speed is unknown, defaulting to 1000 [ 69.144201][ T5980] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 69.147519][ T5980] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 69.150486][ T5980] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 69.162988][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.168182][ T6416] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 69.184469][ T5980] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 69.189109][ T6409] lo speed is unknown, defaulting to 1000 [ 69.301091][ T6409] lo speed is unknown, defaulting to 1000 [ 69.458609][ T6434] rdma_rxe: rxe_newlink: failed to add lo [ 69.691988][ T6440] random: crng reseeded on system resumption [ 69.743067][ T5980] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 69.832052][ T6441] pimreg: entered allmulticast mode [ 69.905496][ T5980] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 69.909125][ T5980] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 69.912644][ T5980] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 69.916083][ T5980] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.922613][ T6434] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 69.930329][ T5980] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 70.133741][ T5980] usb 8-1: USB disconnect, device number 2 [ 70.873895][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.876067][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.616688][ T1018] usb 5-1: USB disconnect, device number 3 [ 71.676839][ T6472] random: crng reseeded on system resumption [ 72.381555][ T6495] rdma_rxe: rxe_newlink: failed to add lo [ 72.583051][ T6505] random: crng reseeded on system resumption [ 72.663243][ T5939] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 72.816931][ T5939] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 72.820759][ T5939] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 72.824310][ T5939] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 72.827250][ T5939] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.833084][ T6495] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 72.839366][ T5939] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 73.587713][ T6534] loop2: detected capacity change from 0 to 520093696 [ 75.420127][ T1018] usb 6-1: USB disconnect, device number 2 [ 76.776600][ T6623] rdma_rxe: rxe_newlink: failed to add lo [ 77.073033][ T29] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 77.244532][ T29] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 77.248014][ T29] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 77.251238][ T29] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 77.254277][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.269902][ T6626] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 77.282251][ T29] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 80.149660][ T1018] usb 7-1: USB disconnect, device number 3 [ 81.075148][ T24] cfg80211: failed to load regulatory.db [ 81.823623][ T6722] sz1: rxe_newlink: already configured on lo [ 82.213129][ T29] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 82.419909][ T29] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 82.493031][ T29] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 82.496865][ T29] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 82.500399][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.573188][ T6722] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 82.655529][ T29] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 84.764361][ T29] usb 5-1: USB disconnect, device number 4 [ 85.854316][ T6804] sz1: rxe_newlink: already configured on lo [ 85.929659][ T6814] random: crng reseeded on system resumption [ 86.183687][ T29] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 86.334481][ T29] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 86.338097][ T29] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 86.341307][ T29] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 86.344513][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.443275][ T6812] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 86.448009][ T29] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 88.847039][ T29] usb 5-1: USB disconnect, device number 5 [ 88.971995][ T6866] random: crng reseeded on system resumption [ 89.067192][ T6867] sz1: rxe_newlink: already configured on lo [ 89.403140][ T5980] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 89.594366][ T5980] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 89.598023][ T5980] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 89.601131][ T5980] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 89.606426][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.636185][ T6875] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 89.640230][ T5980] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 90.471613][ T6895] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 90.474667][ T6895] overlayfs: missing 'lowerdir' [ 91.974390][ T5980] usb 5-1: USB disconnect, device number 6 [ 93.271597][ T6948] rdma_rxe: rxe_newlink: failed to add lo [ 93.553021][ T29] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 93.715816][ T29] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 93.719425][ T29] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 93.722510][ T29] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 93.725446][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.734175][ T6948] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 93.741747][ T29] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 95.129548][ T6971] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 95.131851][ T6971] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 95.230050][ T6975] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 95.236856][ T6975] netlink: 16 bytes leftover after parsing attributes in process `syz.0.259'. [ 96.202970][ T29] usb 8-1: USB disconnect, device number 3 [ 98.042334][ T7029] random: crng reseeded on system resumption [ 98.057381][ T7029] pimreg: entered allmulticast mode [ 99.331261][ T7062] 9pnet_fd: Insufficient options for proto=fd [ 99.583090][ T1018] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 99.615473][ T7067] random: crng reseeded on system resumption [ 99.746851][ T1018] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 99.749807][ T1018] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.752373][ T1018] usb 8-1: Product: syz [ 99.753909][ T1018] usb 8-1: Manufacturer: syz [ 99.755508][ T1018] usb 8-1: SerialNumber: syz [ 99.759756][ T1018] usb 8-1: config 0 descriptor?? [ 99.991245][ T1330] usb 8-1: USB disconnect, device number 4 [ 109.309676][ T7254] random: crng reseeded on system resumption [ 111.043249][ T7294] overlayfs: missing 'lowerdir' [ 111.049364][ T7294] rdma_rxe: rxe_newlink: failed to add lo [ 111.280355][ T7305] sz1: rxe_newlink: already configured on lo [ 111.383318][ T1018] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 111.554456][ T1018] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 111.557994][ T1018] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 111.563135][ T1018] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 111.566143][ T1018] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.572896][ T7294] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 111.578857][ T1018] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 111.593037][ T5980] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 111.744245][ T5980] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 111.747833][ T5980] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 111.753195][ T5980] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 111.763059][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.767755][ T7305] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 111.771972][ T5980] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 114.100972][ T1018] usb 8-1: USB disconnect, device number 5 [ 114.248558][ T5980] usb 5-1: USB disconnect, device number 7 [ 115.951497][ T7371] overlayfs: missing 'lowerdir' [ 115.954967][ T7371] rdma_rxe: rxe_newlink: failed to add lo [ 116.233115][ T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 116.384574][ T24] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 116.388056][ T24] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 116.391066][ T24] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 116.394244][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.399233][ T7371] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 116.403926][ T24] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 117.458000][ T7393] rdma_rxe: rxe_newlink: failed to add lo [ 117.753078][ T1018] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 117.996088][ T1018] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 117.999479][ T1018] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 118.002553][ T1018] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 118.008680][ T1018] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.016566][ T7393] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 118.022444][ T1018] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 118.801759][ T1018] usb 6-1: USB disconnect, device number 3 [ 120.433954][ T5980] usb 7-1: USB disconnect, device number 4 [ 120.722328][ T7443] overlayfs: missing 'lowerdir' [ 120.778090][ T7445] rdma_rxe: rxe_newlink: failed to add lo [ 121.083122][ T29] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 121.244321][ T29] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 121.247901][ T29] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 121.251020][ T29] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 121.253972][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.259531][ T7448] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 121.263447][ T29] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 123.682997][ T5980] usb 8-1: USB disconnect, device number 6 [ 126.015002][ T7525] overlayfs: missing 'lowerdir' [ 126.021216][ T7525] rdma_rxe: rxe_newlink: failed to add lo [ 126.313009][ T29] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 126.464635][ T29] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 126.468326][ T29] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 126.471676][ T29] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 126.488725][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.498081][ T7528] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 126.515671][ T29] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 128.946199][ T29] usb 6-1: USB disconnect, device number 4 [ 131.054176][ T7613] overlayfs: missing 'lowerdir' [ 131.056677][ T7613] rdma_rxe: rxe_newlink: failed to add lo [ 131.463762][ T1018] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 131.615103][ T1018] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 131.619736][ T1018] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 131.623447][ T1018] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 131.626653][ T1018] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.631814][ T7613] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 131.637125][ T1018] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 132.266220][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.268747][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.355485][ T7646] netlink: 'syz.3.421': attribute type 10 has an invalid length. [ 132.373926][ T7646] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 132.456393][ T7645] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.897496][ T7651] netlink: 'syz.1.422': attribute type 21 has an invalid length. [ 132.900737][ T7651] netlink: 128 bytes leftover after parsing attributes in process `syz.1.422'. [ 132.904617][ T7651] netlink: 'syz.1.422': attribute type 5 has an invalid length. [ 132.908533][ T7651] netlink: 'syz.1.422': attribute type 6 has an invalid length. [ 132.911717][ T7651] netlink: 3 bytes leftover after parsing attributes in process `syz.1.422'. [ 134.012564][ T29] usb 7-1: USB disconnect, device number 5 [ 135.713103][ T7698] overlayfs: missing 'workdir' [ 135.715442][ T7698] sz1: rxe_newlink: already configured on lo [ 136.033277][ T1018] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 136.265807][ T1018] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 136.269342][ T1018] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 136.272516][ T1018] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 136.275464][ T1018] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.297230][ T7698] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 136.346111][ T1018] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 136.532650][ T7709] random: crng reseeded on system resumption [ 138.676443][ T1018] usb 5-1: USB disconnect, device number 8 [ 138.733530][ T7748] random: crng reseeded on system resumption [ 140.145609][ T7775] overlayfs: missing 'lowerdir' [ 140.148323][ T7775] rdma_rxe: rxe_newlink: failed to add lo [ 140.513949][ T5980] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 140.765887][ T5980] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 140.769346][ T5980] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 140.772507][ T5980] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 140.775696][ T5980] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.785481][ T7775] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 140.789905][ T5980] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 143.241668][ T5980] usb 8-1: USB disconnect, device number 7 [ 145.294163][ T7860] overlayfs: missing 'lowerdir' [ 145.445510][ T7860] rdma_rxe: rxe_newlink: failed to add lo [ 146.002998][ T66] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 146.164792][ T66] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 146.168237][ T66] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 146.171288][ T66] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 146.174437][ T66] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.179291][ T7860] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 146.193621][ T66] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 148.280785][ T66] usb 8-1: USB disconnect, device number 8 [ 148.458777][ T7918] Malformed UNC in devname [ 148.458777][ T7918] [ 148.460907][ T7918] CIFS: VFS: Malformed UNC in devname [ 148.866932][ T7922] hub 2-0:1.0: USB hub found [ 148.869429][ T7922] hub 2-0:1.0: 2 ports detected [ 149.445834][ T7935] overlayfs: missing 'lowerdir' [ 149.451065][ T7935] sz1: rxe_newlink: already configured on lo [ 150.273088][ T66] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 150.460251][ T66] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 150.464916][ T66] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 150.468763][ T66] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 150.471544][ T66] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.477216][ T7942] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 150.483901][ T66] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 152.393304][ T5980] usb 5-1: USB disconnect, device number 9 [ 153.878043][ T8032] random: crng reseeded on system resumption [ 154.396368][ T8041] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 154.401085][ T8041] sz1: rxe_newlink: already configured on lo [ 154.693045][ T5980] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 154.876879][ T5980] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 154.880680][ T5980] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 154.883934][ T5980] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 154.886760][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.894400][ T8041] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 154.926232][ T5980] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 157.164243][ T40] audit: type=1326 audit(1748303567.853:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8104 comm="syz.3.541" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x0 [ 157.317665][ T5980] usb 5-1: USB disconnect, device number 10 [ 158.798551][ T8134] random: crng reseeded on system resumption [ 160.754864][ T8172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.560'. [ 160.981411][ T8179] random: crng reseeded on system resumption [ 163.025914][ T8223] vlan2: entered allmulticast mode [ 163.027604][ T8223] bond0: entered allmulticast mode [ 163.029216][ T8223] bond_slave_0: entered allmulticast mode [ 163.031011][ T8223] bond_slave_1: entered allmulticast mode [ 163.032844][ T8223] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 164.001997][ T8245] fuse: Bad value for 'fd' [ 164.234165][ T8263] FAULT_INJECTION: forcing a failure. [ 164.234165][ T8263] name failslab, interval 1, probability 0, space 0, times 1 [ 164.238333][ T8263] CPU: 0 UID: 0 PID: 8263 Comm: syz.0.586 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 164.238346][ T8263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 164.238352][ T8263] Call Trace: [ 164.238356][ T8263] [ 164.238360][ T8263] dump_stack_lvl+0x16c/0x1f0 [ 164.238397][ T8263] should_fail_ex+0x512/0x640 [ 164.238417][ T8263] ? __kmalloc_noprof+0xbf/0x510 [ 164.238430][ T8263] ? ethnl_default_notify+0x164/0x940 [ 164.238442][ T8263] should_failslab+0xc2/0x120 [ 164.238455][ T8263] __kmalloc_noprof+0xd2/0x510 [ 164.238465][ T8263] ? __asan_memcpy+0x3c/0x60 [ 164.238476][ T8263] ? __pfx_ethnl_default_notify+0x10/0x10 [ 164.238488][ T8263] ethnl_default_notify+0x164/0x940 [ 164.238501][ T8263] ? __pfx_ethnl_default_notify+0x10/0x10 [ 164.238513][ T8263] ? __pfx_ethnl_set_linkmodes+0x10/0x10 [ 164.238535][ T8263] ? __pfx_ethnl_default_notify+0x10/0x10 [ 164.238546][ T8263] ethtool_notify+0xc2/0x200 [ 164.238558][ T8263] ethnl_default_set_doit+0x4e5/0xb10 [ 164.238576][ T8263] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 164.238590][ T8263] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 164.238607][ T8263] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 164.238626][ T8263] genl_family_rcv_msg_doit+0x206/0x2f0 [ 164.238642][ T8263] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 164.238658][ T8263] ? trace_cap_capable+0x18d/0x200 [ 164.238673][ T8263] ? bpf_lsm_capable+0x9/0x10 [ 164.238683][ T8263] ? security_capable+0x7e/0x260 [ 164.238695][ T8263] ? ns_capable+0xd7/0x110 [ 164.238708][ T8263] genl_rcv_msg+0x55c/0x800 [ 164.238725][ T8263] ? __pfx_genl_rcv_msg+0x10/0x10 [ 164.238739][ T8263] ? __pfx___dev_queue_xmit+0x10/0x10 [ 164.238750][ T8263] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 164.238763][ T8263] ? __lock_acquire+0xaa4/0x1ba0 [ 164.238779][ T8263] netlink_rcv_skb+0x16a/0x440 [ 164.238793][ T8263] ? __pfx_genl_rcv_msg+0x10/0x10 [ 164.238809][ T8263] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 164.238831][ T8263] ? __pfx_down_read+0x10/0x10 [ 164.238842][ T8263] ? netlink_deliver_tap+0x1ae/0xd30 [ 164.238857][ T8263] genl_rcv+0x28/0x40 [ 164.238870][ T8263] netlink_unicast+0x53d/0x7f0 [ 164.238885][ T8263] ? __pfx_netlink_unicast+0x10/0x10 [ 164.238903][ T8263] netlink_sendmsg+0x8d1/0xdd0 [ 164.238919][ T8263] ? __pfx_netlink_sendmsg+0x10/0x10 [ 164.238933][ T8263] ? __import_iovec+0x1c8/0x660 [ 164.238947][ T8263] ____sys_sendmsg+0xa95/0xc70 [ 164.238964][ T8263] ? __pfx_____sys_sendmsg+0x10/0x10 [ 164.238979][ T8263] ? get_compat_msghdr+0x11a/0x170 [ 164.238998][ T8263] ___sys_sendmsg+0x134/0x1d0 [ 164.239011][ T8263] ? __pfx____sys_sendmsg+0x10/0x10 [ 164.239042][ T8263] __sys_sendmsg+0x16d/0x220 [ 164.239054][ T8263] ? __pfx___sys_sendmsg+0x10/0x10 [ 164.239071][ T8263] ? rcu_is_watching+0x12/0xc0 [ 164.239082][ T8263] ? rcu_is_watching+0x12/0xc0 [ 164.239093][ T8263] __do_fast_syscall_32+0x73/0x120 [ 164.239110][ T8263] do_fast_syscall_32+0x32/0x80 [ 164.239138][ T8263] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 164.239151][ T8263] RIP: 0023:0xf7fe3579 [ 164.239159][ T8263] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 164.239169][ T8263] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 164.239179][ T8263] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240 [ 164.239185][ T8263] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000 [ 164.239191][ T8263] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 164.239196][ T8263] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 164.239201][ T8263] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 164.239215][ T8263] [ 165.892827][ T8303] random: crng reseeded on system resumption [ 167.739475][ T8336] syz.1.606 uses obsolete (PF_INET,SOCK_PACKET) [ 168.852071][ T5953] Bluetooth: hci1: unexpected event for opcode 0x080f [ 169.565901][ T8380] random: crng reseeded on system resumption [ 169.719062][ T8383] vlan2: entered allmulticast mode [ 169.720784][ T8383] bond0: entered allmulticast mode [ 169.722564][ T8383] bond_slave_0: entered allmulticast mode [ 169.725487][ T8383] bond_slave_1: entered allmulticast mode [ 169.729453][ T8383] bridge0: port 3(vlan2) entered blocking state [ 169.731772][ T8383] bridge0: port 3(vlan2) entered disabled state [ 169.736522][ T8383] vlan2: entered promiscuous mode [ 169.738207][ T8383] bond0: entered promiscuous mode [ 169.739889][ T8383] bond_slave_0: entered promiscuous mode [ 169.741964][ T8383] bond_slave_1: entered promiscuous mode [ 169.745690][ T8383] bridge0: port 3(vlan2) entered blocking state [ 169.747939][ T8383] bridge0: port 3(vlan2) entered forwarding state [ 170.185075][ T5953] Bluetooth: hci3: command 0x0406 tx timeout [ 170.188132][ T5953] Bluetooth: hci2: command 0x0406 tx timeout [ 170.188159][ T5953] Bluetooth: hci0: command 0x0406 tx timeout [ 170.678609][ T5947] Bluetooth: hci2: unexpected event for opcode 0x080f [ 172.450287][ T40] audit: type=1326 audit(1748303583.133:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8428 comm="syz.1.633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7fc00000 [ 172.458924][ T40] audit: type=1326 audit(1748303583.133:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8428 comm="syz.1.633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7fc00000 [ 172.466737][ T40] audit: type=1326 audit(1748303583.133:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8428 comm="syz.1.633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7fc00000 [ 172.475240][ T40] audit: type=1326 audit(1748303583.133:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8428 comm="syz.1.633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7fc00000 [ 173.097549][ T40] audit: type=1326 audit(1748303583.773:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8428 comm="syz.1.633" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf703e579 code=0x7fc00000 [ 173.104357][ T40] audit: type=1326 audit(1748303583.773:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8428 comm="syz.1.633" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf703e5a7 code=0x7fc00000 [ 173.110923][ T40] audit: type=1326 audit(1748303583.783:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8428 comm="syz.1.633" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf703e579 code=0x7fc00000 [ 173.319772][ T5947] Bluetooth: hci1: unexpected event for opcode 0x080f [ 173.561700][ T8461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 176.125111][ T5947] Bluetooth: hci2: unexpected event for opcode 0x080f [ 177.193660][ T8536] block device autoloading is deprecated and will be removed. [ 178.486892][ T5947] Bluetooth: hci1: unexpected event for opcode 0x080f [ 179.307029][ T8588] FAULT_INJECTION: forcing a failure. [ 179.307029][ T8588] name failslab, interval 1, probability 0, space 0, times 0 [ 179.310949][ T8588] CPU: 1 UID: 0 PID: 8588 Comm: syz.0.670 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 179.310962][ T8588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 179.310969][ T8588] Call Trace: [ 179.310973][ T8588] [ 179.310977][ T8588] dump_stack_lvl+0x16c/0x1f0 [ 179.311012][ T8588] should_fail_ex+0x512/0x640 [ 179.311033][ T8588] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 179.311046][ T8588] should_failslab+0xc2/0x120 [ 179.311059][ T8588] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 179.311071][ T8588] ? copy_sighand+0x43/0x2c0 [ 179.311085][ T8588] copy_sighand+0x43/0x2c0 [ 179.311097][ T8588] copy_process+0x271a/0x91b0 [ 179.311110][ T8588] ? _kstrtoull+0x145/0x200 [ 179.311122][ T8588] ? __pfx__kstrtoull+0x10/0x10 [ 179.311141][ T8588] ? __pfx_copy_process+0x10/0x10 [ 179.311158][ T8588] ? find_held_lock+0x2b/0x80 [ 179.311174][ T8588] kernel_clone+0xfc/0x960 [ 179.311187][ T8588] ? __pfx_kernel_clone+0x10/0x10 [ 179.311205][ T8588] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 179.311222][ T8588] __do_compat_sys_ia32_clone+0xcb/0x110 [ 179.311238][ T8588] ? __pfx___do_compat_sys_ia32_clone+0x10/0x10 [ 179.311258][ T8588] ? ksys_write+0x1b9/0x240 [ 179.311269][ T8588] ? __pfx_ksys_write+0x10/0x10 [ 179.311280][ T8588] ? rcu_is_watching+0x12/0xc0 [ 179.311292][ T8588] __do_fast_syscall_32+0x73/0x120 [ 179.311308][ T8588] do_fast_syscall_32+0x32/0x80 [ 179.311324][ T8588] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 179.311336][ T8588] RIP: 0023:0xf7fe3579 [ 179.311344][ T8588] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 179.311354][ T8588] RSP: 002b:00000000f510650c EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 179.311363][ T8588] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 179.311369][ T8588] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 179.311374][ T8588] RBP: 000000000000006a R08: 0000000000000000 R09: 0000000000000000 [ 179.311380][ T8588] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 179.311385][ T8588] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 179.311397][ T8588] [ 181.263071][ T5947] Bluetooth: hci3: unexpected event for opcode 0x080f [ 182.246392][ T8655] random: crng reseeded on system resumption [ 183.635476][ T5947] Bluetooth: hci1: unexpected event for opcode 0x080f [ 183.945927][ T8697] overlayfs: missing 'workdir' [ 184.009193][ T8702] random: crng reseeded on system resumption [ 184.274608][ T5980] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 184.444588][ T5980] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 184.448207][ T5980] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 184.451330][ T5980] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 184.454357][ T5980] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.460589][ T8705] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 184.464753][ T5980] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 186.928404][ T66] usb 7-1: USB disconnect, device number 6 [ 186.941669][ T8751] random: crng reseeded on system resumption [ 189.317773][ T5947] Bluetooth: hci3: unexpected event for opcode 0x080f [ 192.219080][ T8844] random: crng reseeded on system resumption [ 192.685399][ T5947] Bluetooth: hci3: unexpected event for opcode 0x080f [ 193.746306][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.748382][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.219567][ T8885] random: crng reseeded on system resumption [ 198.492416][ T8952] vlan2: entered allmulticast mode [ 198.494658][ T8952] bond0: entered allmulticast mode [ 198.496726][ T8952] bond_slave_0: entered allmulticast mode [ 198.499316][ T8952] bond_slave_1: entered allmulticast mode [ 198.501823][ T8952] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode [ 200.572076][ T5947] Bluetooth: hci0: unexpected event for opcode 0x080f [ 200.644913][ T8994] random: crng reseeded on system resumption [ 202.952677][ T9037] random: crng reseeded on system resumption [ 203.020144][ T9039] netlink: 8 bytes leftover after parsing attributes in process `syz.1.769'. [ 205.344491][ T9079] random: crng reseeded on system resumption [ 206.828022][ T5947] Bluetooth: hci3: unexpected event for opcode 0x080f [ 207.442784][ T5947] Bluetooth: hci1: unexpected event for opcode 0x080f [ 207.575328][ T9115] random: crng reseeded on system resumption [ 210.712624][ T5947] Bluetooth: hci2: unexpected event for opcode 0x080f [ 211.530025][ T9172] random: crng reseeded on system resumption [ 212.301586][ T5947] Bluetooth: hci3: unexpected event for opcode 0x080f [ 214.038978][ T5947] Bluetooth: hci0: unexpected event for opcode 0x080f [ 214.443636][ T5947] Bluetooth: hci3: unexpected event for opcode 0x080f [ 215.418398][ T9221] random: crng reseeded on system resumption [ 217.731963][ T5947] Bluetooth: hci0: unexpected event for opcode 0x080f [ 218.578132][ T9277] random: crng reseeded on system resumption [ 219.057714][ T9283] random: crng reseeded on system resumption [ 221.260139][ T9323] overlayfs: missing 'workdir' [ 221.692991][ T5980] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 221.845472][ T5980] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 221.850211][ T5980] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 221.854495][ T5980] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 221.858308][ T5980] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.864853][ T9326] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 221.878289][ T5980] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 223.242830][ T9356] random: crng reseeded on system resumption [ 224.218662][ T5980] usb 7-1: USB disconnect, device number 7 [ 224.308085][ T9375] openvswitch: netlink: Message has 34 unknown bytes. [ 225.537122][ T9391] random: crng reseeded on system resumption [ 226.252132][ T9410] random: crng reseeded on system resumption [ 226.376600][ T9412] overlayfs: missing 'workdir' [ 226.683124][ T5980] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 226.845499][ T5980] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 226.848915][ T5980] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 226.857413][ T5980] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 226.860291][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.869760][ T9414] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 226.874305][ T5980] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 229.199584][ T29] usb 5-1: USB disconnect, device number 11 [ 229.223317][ T9467] random: crng reseeded on system resumption [ 230.414200][ T9486] openvswitch: netlink: Message has 34 unknown bytes. [ 232.244703][ T9508] overlayfs: missing 'workdir' [ 232.411190][ T9518] random: crng reseeded on system resumption [ 232.533035][ T29] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 232.684900][ T29] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 232.689301][ T29] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 232.693615][ T29] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 232.696882][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.705958][ T9514] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 232.716201][ T29] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 232.954490][ T9527] random: crng reseeded on system resumption [ 233.053738][ T9528] netlink: 8 bytes leftover after parsing attributes in process `syz.2.876'. [ 235.306595][ T29] usb 8-1: USB disconnect, device number 9 [ 238.281073][ T5947] Bluetooth: hci0: unexpected event for opcode 0x080f [ 242.715406][ T5947] Bluetooth: hci1: unexpected event for opcode 0x080f [ 243.267571][ T9673] random: crng reseeded on system resumption [ 243.509257][ T9677] netlink: 8 bytes leftover after parsing attributes in process `syz.0.909'. [ 243.847873][ T9681] overlayfs: missing 'workdir' [ 244.223117][ T29] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 244.385181][ T29] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 244.388910][ T29] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 244.392066][ T29] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 244.395057][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.403586][ T9681] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 244.411618][ T29] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 246.658306][ T29] usb 8-1: USB disconnect, device number 10 [ 246.926455][ T5947] Bluetooth: hci3: unexpected event for opcode 0x080f [ 249.254482][ T9760] overlayfs: missing 'workdir' [ 249.553230][ T29] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 249.784758][ T29] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 249.799232][ T29] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 250.115494][ T29] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 250.118373][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.145321][ T9765] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 250.156824][ T29] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 252.208982][ T5980] usb 7-1: USB disconnect, device number 8 [ 254.854618][ T9852] overlayfs: missing 'workdir' [ 255.147874][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.150386][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.207251][ T5980] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 255.364280][ T5980] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 255.367715][ T5980] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 255.370784][ T5980] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 255.378258][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.388124][ T9855] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 255.404667][ T5980] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 255.566732][ T5947] Bluetooth: hci1: unexpected event for opcode 0x080f [ 256.613152][ T5947] Bluetooth: hci3: unexpected event for opcode 0x080f [ 257.359979][ T5942] Bluetooth: hci0: unexpected event for opcode 0x080f [ 258.021918][ T5980] usb 5-1: USB disconnect, device number 12 [ 258.960415][ T5942] Bluetooth: hci1: unexpected event for opcode 0x080f [ 259.455431][ T5942] Bluetooth: hci3: unexpected event for opcode 0x080f [ 260.742781][ T9932] overlayfs: missing 'workdir' [ 261.558256][ T5980] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 261.759794][ T5980] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 261.763713][ T5980] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 261.766939][ T5980] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 261.769877][ T5980] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.781029][ T9935] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 261.796006][ T5980] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 262.649695][ T5942] Bluetooth: hci3: unexpected event for opcode 0x080f [ 263.918669][ T5980] usb 6-1: USB disconnect, device number 5 [ 264.517248][ T9984] random: crng reseeded on system resumption [ 265.049882][ T9995] random: crng reseeded on system resumption [ 265.884384][T10006] overlayfs: missing 'workdir' [ 266.206316][ T5942] Bluetooth: hci0: unexpected event for opcode 0x080f [ 266.570919][ T5980] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 266.874620][ T5980] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 266.889428][ T5980] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 266.892487][ T5980] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 266.905778][ T5980] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.917309][T10009] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 266.927667][ T5980] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 267.693086][T10042] overlayfs: missing 'workdir' [ 267.963018][T10046] random: crng reseeded on system resumption [ 267.983018][ T5980] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 268.135372][ T5980] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 268.142276][ T5980] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 268.145576][ T5980] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 268.148466][ T5980] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.168108][T10042] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 268.172579][ T5980] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 268.844028][ T5980] usb 7-1: USB disconnect, device number 9 [ 270.543449][T10082] overlayfs: missing 'workdir' [ 270.658360][ T29] usb 6-1: USB disconnect, device number 6 [ 270.669899][T10086] random: crng reseeded on system resumption [ 270.747071][T10090] overlayfs: missing 'workdir' [ 270.753287][T10090] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1002'. [ 270.833044][ T1018] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 270.984155][ T1018] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 270.987723][ T1018] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 270.990853][ T1018] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 270.994055][ T1018] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.998902][T10082] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 271.002999][ T1018] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 271.143211][ T29] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 271.295781][ T29] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 271.299407][ T29] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 271.302517][ T29] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 271.305745][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.316076][T10090] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 271.361346][ T29] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 273.013528][ T5942] Bluetooth: hci2: unexpected event for opcode 0x080f [ 273.506862][ T29] usb 7-1: USB disconnect, device number 10 [ 273.538773][T10122] random: crng reseeded on system resumption [ 273.689977][ T5942] Bluetooth: hci0: unexpected event for opcode 0x080f [ 273.782689][ T29] usb 6-1: USB disconnect, device number 7 [ 274.292572][ T5942] Bluetooth: hci1: unexpected event for opcode 0x080f [ 277.262534][T10193] random: crng reseeded on system resumption [ 280.221967][ T5942] Bluetooth: hci1: unexpected event for opcode 0x080f [ 280.856222][T10247] random: crng reseeded on system resumption [ 281.746604][T10267] random: crng reseeded on system resumption [ 282.445582][T10281] random: crng reseeded on system resumption [ 282.525240][ T5942] Bluetooth: hci3: unexpected event for opcode 0x080f [ 284.499303][T10315] random: crng reseeded on system resumption [ 285.789753][ T5942] Bluetooth: hci2: unexpected event for opcode 0x080f [ 287.679183][T10374] random: crng reseeded on system resumption [ 288.661221][T10396] overlayfs: missing 'workdir' [ 288.673408][T10396] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1068'. [ 288.993025][ T1018] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 289.154184][ T1018] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 289.157563][ T1018] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 289.160571][ T1018] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 289.167547][ T1018] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.172407][T10403] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 289.176670][ T1018] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 290.636779][ T5942] Bluetooth: hci1: unexpected event for opcode 0x080f [ 291.556047][ T5942] Bluetooth: hci2: unexpected event for opcode 0x080f [ 291.602592][ T1018] usb 7-1: USB disconnect, device number 11 [ 293.039534][T10457] random: crng reseeded on system resumption [ 293.513397][T10465] FAULT_INJECTION: forcing a failure. [ 293.513397][T10465] name failslab, interval 1, probability 0, space 0, times 0 [ 293.517796][T10465] CPU: 3 UID: 0 PID: 10465 Comm: syz.3.1085 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 293.517809][T10465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 293.517816][T10465] Call Trace: [ 293.517820][T10465] [ 293.517824][T10465] dump_stack_lvl+0x16c/0x1f0 [ 293.517844][T10465] should_fail_ex+0x512/0x640 [ 293.517860][T10465] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 293.517873][T10465] should_failslab+0xc2/0x120 [ 293.517886][T10465] __kmalloc_cache_node_noprof+0x6d/0x420 [ 293.517898][T10465] ? __get_vm_area_node+0x101/0x330 [ 293.517915][T10465] __get_vm_area_node+0x101/0x330 [ 293.517932][T10465] __vmalloc_node_range_noprof+0x277/0x1540 [ 293.517949][T10465] ? bpf_check+0x1e4/0xb460 [ 293.517960][T10465] ? find_held_lock+0x2b/0x80 [ 293.517973][T10465] ? bpf_check+0x1e4/0xb460 [ 293.517987][T10465] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 293.518004][T10465] ? rcu_is_watching+0x12/0xc0 [ 293.518014][T10465] ? trace_kmalloc+0x2b/0xd0 [ 293.518026][T10465] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 293.518039][T10465] ? rcu_is_watching+0x12/0xc0 [ 293.518048][T10465] ? ktime_get+0x200/0x310 [ 293.518059][T10465] ? bpf_check+0x1e4/0xb460 [ 293.518070][T10465] vzalloc_noprof+0x6b/0x90 [ 293.518079][T10465] ? bpf_check+0x1e4/0xb460 [ 293.518089][T10465] bpf_check+0x1e4/0xb460 [ 293.518100][T10465] ? __mutex_trylock_common+0xe9/0x250 [ 293.518116][T10465] ? __mutex_trylock_common+0xe9/0x250 [ 293.518133][T10465] ? __lock_acquire+0x5ca/0x1ba0 [ 293.518146][T10465] ? __pfx_bpf_check+0x10/0x10 [ 293.518156][T10465] ? pcpu_alloc_noprof+0x949/0x1470 [ 293.518173][T10465] ? __lock_acquire+0xaa4/0x1ba0 [ 293.518192][T10465] ? find_held_lock+0x2b/0x80 [ 293.518203][T10465] ? rcu_is_watching+0x12/0xc0 [ 293.518211][T10465] ? ktime_get_with_offset+0x26e/0x3b0 [ 293.518223][T10465] ? __asan_memset+0x23/0x50 [ 293.518232][T10465] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 293.518248][T10465] bpf_prog_load+0xe41/0x2490 [ 293.518265][T10465] ? __pfx_bpf_prog_load+0x10/0x10 [ 293.518289][T10465] ? bpf_lsm_bpf+0x9/0x10 [ 293.518301][T10465] __sys_bpf+0x433c/0x4d80 [ 293.518317][T10465] ? __pfx___sys_bpf+0x10/0x10 [ 293.518331][T10465] ? ksys_write+0x190/0x240 [ 293.518347][T10465] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 293.518370][T10465] ? fput+0x70/0xf0 [ 293.518382][T10465] ? ksys_write+0x1b9/0x240 [ 293.518391][T10465] ? __pfx_ksys_write+0x10/0x10 [ 293.518403][T10465] __ia32_sys_bpf+0x76/0xe0 [ 293.518419][T10465] __do_fast_syscall_32+0x73/0x120 [ 293.518435][T10465] do_fast_syscall_32+0x32/0x80 [ 293.518451][T10465] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 293.518463][T10465] RIP: 0023:0xf707e579 [ 293.518471][T10465] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 293.518481][T10465] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 293.518491][T10465] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000340 [ 293.518497][T10465] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 293.518502][T10465] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 293.518507][T10465] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 293.518513][T10465] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 293.518525][T10465] [ 293.518647][T10465] syz.3.1085: vmalloc error: size 320, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 293.631762][T10465] CPU: 3 UID: 0 PID: 10465 Comm: syz.3.1085 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 293.631775][T10465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 293.631782][T10465] Call Trace: [ 293.631786][T10465] [ 293.631791][T10465] dump_stack_lvl+0x16c/0x1f0 [ 293.631811][T10465] warn_alloc+0x248/0x3a0 [ 293.631824][T10465] ? __pfx_warn_alloc+0x10/0x10 [ 293.631836][T10465] ? __kmalloc_cache_node_noprof+0x272/0x420 [ 293.631849][T10465] ? __kasan_kmalloc+0x8a/0xb0 [ 293.631860][T10465] ? __get_vm_area_node+0x208/0x330 [ 293.631879][T10465] __vmalloc_node_range_noprof+0xd31/0x1540 [ 293.631895][T10465] ? find_held_lock+0x2b/0x80 [ 293.631909][T10465] ? bpf_check+0x1e4/0xb460 [ 293.631923][T10465] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 293.631941][T10465] ? rcu_is_watching+0x12/0xc0 [ 293.631950][T10465] ? trace_kmalloc+0x2b/0xd0 [ 293.631963][T10465] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 293.631976][T10465] ? rcu_is_watching+0x12/0xc0 [ 293.631985][T10465] ? ktime_get+0x200/0x310 [ 293.631996][T10465] ? bpf_check+0x1e4/0xb460 [ 293.632007][T10465] vzalloc_noprof+0x6b/0x90 [ 293.632016][T10465] ? bpf_check+0x1e4/0xb460 [ 293.632026][T10465] bpf_check+0x1e4/0xb460 [ 293.632036][T10465] ? __mutex_trylock_common+0xe9/0x250 [ 293.632052][T10465] ? __mutex_trylock_common+0xe9/0x250 [ 293.632069][T10465] ? __lock_acquire+0x5ca/0x1ba0 [ 293.632083][T10465] ? __pfx_bpf_check+0x10/0x10 [ 293.632093][T10465] ? pcpu_alloc_noprof+0x949/0x1470 [ 293.632109][T10465] ? __lock_acquire+0xaa4/0x1ba0 [ 293.632129][T10465] ? find_held_lock+0x2b/0x80 [ 293.632140][T10465] ? rcu_is_watching+0x12/0xc0 [ 293.632148][T10465] ? ktime_get_with_offset+0x26e/0x3b0 [ 293.632160][T10465] ? __asan_memset+0x23/0x50 [ 293.632170][T10465] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 293.632185][T10465] bpf_prog_load+0xe41/0x2490 [ 293.632202][T10465] ? __pfx_bpf_prog_load+0x10/0x10 [ 293.632227][T10465] ? bpf_lsm_bpf+0x9/0x10 [ 293.632239][T10465] __sys_bpf+0x433c/0x4d80 [ 293.632254][T10465] ? __pfx___sys_bpf+0x10/0x10 [ 293.632269][T10465] ? ksys_write+0x190/0x240 [ 293.632281][T10465] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 293.632304][T10465] ? fput+0x70/0xf0 [ 293.632316][T10465] ? ksys_write+0x1b9/0x240 [ 293.632325][T10465] ? __pfx_ksys_write+0x10/0x10 [ 293.632338][T10465] __ia32_sys_bpf+0x76/0xe0 [ 293.632357][T10465] __do_fast_syscall_32+0x73/0x120 [ 293.632374][T10465] do_fast_syscall_32+0x32/0x80 [ 293.632389][T10465] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 293.632402][T10465] RIP: 0023:0xf707e579 [ 293.632410][T10465] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 293.632420][T10465] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 293.632429][T10465] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000340 [ 293.632435][T10465] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 293.632441][T10465] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 293.632446][T10465] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 293.632452][T10465] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 293.632464][T10465] [ 293.632467][T10465] Mem-Info: [ 293.735884][T10465] active_anon:15071 inactive_anon:9 isolated_anon:0 [ 293.735884][T10465] active_file:2637 inactive_file:36203 isolated_file:0 [ 293.735884][T10465] unevictable:1768 dirty:272 writeback:0 [ 293.735884][T10465] slab_reclaimable:9749 slab_unreclaimable:56928 [ 293.735884][T10465] mapped:30338 shmem:8091 pagetables:894 [ 293.735884][T10465] sec_pagetables:318 bounce:0 [ 293.735884][T10465] kernel_misc_reclaimable:0 [ 293.735884][T10465] free:52670 free_pcp:5747 free_cma:0 [ 293.750531][T10465] Node 0 active_anon:8672kB inactive_anon:36kB active_file:632kB inactive_file:128kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:8952kB dirty:4kB writeback:0kB shmem:11856kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7780kB pagetables:1004kB sec_pagetables:1176kB all_unreclaimable? no Balloon:0kB [ 293.764350][T10465] Node 1 active_anon:44936kB inactive_anon:0kB active_file:9916kB inactive_file:144684kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:100824kB dirty:1084kB writeback:0kB shmem:13732kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4556kB pagetables:2572kB sec_pagetables:96kB all_unreclaimable? no Balloon:0kB [ 293.778036][T10465] Node 0 DMA free:2088kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:616kB local_pcp:28kB free_cma:0kB [ 293.791635][T10465] lowmem_reserve[]: 0 293 293 293 293 [ 293.794809][T10465] Node 0 DMA32 free:16656kB boost:0kB min:13448kB low:16808kB high:20168kB reserved_highatomic:4096KB active_anon:8716kB inactive_anon:36kB active_file:632kB inactive_file:128kB unevictable:3536kB writepending:4kB present:1032196kB managed:300192kB mlocked:0kB bounce:0kB free_pcp:2916kB local_pcp:2396kB free_cma:0kB [ 293.808159][T10465] lowmem_reserve[]: 0 0 0 0 0 [ 293.809978][T10465] Node 1 DMA32 free:189224kB boost:0kB min:47148kB low:58932kB high:70716kB reserved_highatomic:0KB active_anon:34136kB inactive_anon:0kB active_file:9916kB inactive_file:144684kB unevictable:3536kB writepending:1084kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:32816kB local_pcp:11516kB free_cma:0kB [ 293.821795][T10465] lowmem_reserve[]: 0 0 0 0 0 [ 293.825772][T10465] Node 0 DMA: 2*4kB (U) 24*8kB (UM) 10*16kB (UM) 10*32kB (UM) 2*64kB (UM) 0*128kB 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2088kB [ 293.831653][T10465] Node 0 DMA32: 213*4kB (UMEH) 109*8kB (UMEH) 19*16kB (UMEH) 97*32kB (UMEH) 37*64kB (UE) 12*128kB (UE) 6*256kB (UME) 4*512kB (UME) 4*1024kB (UM) 0*2048kB 0*4096kB = 16716kB [ 293.838904][T10465] Node 1 DMA32: 116*4kB (UE) 189*8kB (UME) 79*16kB (UME) 222*32kB (UME) 123*64kB (UME) 33*128kB (UE) 6*256kB (UME) 11*512kB (ME) 8*1024kB (ME) 3*2048kB (ME) 35*4096kB (UM) = 187304kB [ 293.847541][T10465] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 293.850638][T10465] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 293.853882][T10465] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 293.856945][T10465] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 293.859869][T10465] 45132 total pagecache pages [ 293.861436][T10465] 147 pages in swap cache [ 293.862861][T10465] Free swap = 122868kB [ 293.864393][T10465] Total swap = 124996kB [ 293.866314][T10465] 524155 pages RAM [ 293.867661][T10465] 0 pages HighMem/MovableOnly [ 293.869194][T10465] 208196 pages reserved [ 293.870587][T10465] 0 pages cma reserved [ 294.352422][T10473] overlayfs: missing 'workdir' [ 294.381481][T10473] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1087'. [ 294.514462][T10481] random: crng reseeded on system resumption [ 294.653203][ T6077] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 294.805300][ T6077] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 294.809696][ T6077] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 294.813753][ T6077] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 294.816755][ T6077] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.825819][T10473] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 294.830192][ T6077] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 295.091605][T10490] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1091'. [ 295.524485][T10496] kvm: user requested TSC rate below hardware speed [ 295.602540][ T5942] Bluetooth: hci2: unexpected event for opcode 0x080f [ 295.835917][ T6077] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 295.973213][ T6077] usb 6-1: device descriptor read/64, error -71 [ 296.243064][ T6077] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 296.373120][ T6077] usb 6-1: device descriptor read/64, error -71 [ 296.483967][ T6077] usb usb6-port1: attempt power cycle [ 296.853126][ T6077] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 296.883964][ T6077] usb 6-1: device descriptor read/8, error -71 [ 296.919742][ T5980] usb 8-1: USB disconnect, device number 11 [ 297.061668][T10512] overlayfs: missing 'workdir' [ 297.095100][T10512] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1104'. [ 297.142973][ T6077] usb 6-1: new full-speed USB device number 11 using dummy_hcd [ 297.386919][ T6077] usb 6-1: device descriptor read/8, error -71 [ 297.503640][ T6077] usb usb6-port1: unable to enumerate USB device [ 297.533138][ T1018] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 297.684809][ T1018] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 297.689458][ T1018] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 297.693866][ T1018] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 297.697737][ T1018] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.704814][T10512] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 297.710015][ T1018] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 298.067612][T10524] random: crng reseeded on system resumption [ 298.341610][T10527] FAULT_INJECTION: forcing a failure. [ 298.341610][T10527] name failslab, interval 1, probability 0, space 0, times 0 [ 298.346727][T10527] CPU: 3 UID: 0 PID: 10527 Comm: syz.2.1101 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 298.346742][T10527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 298.346748][T10527] Call Trace: [ 298.346752][T10527] [ 298.346757][T10527] dump_stack_lvl+0x16c/0x1f0 [ 298.346776][T10527] should_fail_ex+0x512/0x640 [ 298.346791][T10527] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 298.346805][T10527] should_failslab+0xc2/0x120 [ 298.346818][T10527] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 298.346829][T10527] ? find_held_lock+0x2b/0x80 [ 298.346839][T10527] ? skb_clone+0x190/0x3f0 [ 298.346853][T10527] skb_clone+0x190/0x3f0 [ 298.346866][T10527] netlink_broadcast_filtered+0xb19/0xf10 [ 298.346884][T10527] ? sprintf+0xcc/0x100 [ 298.346898][T10527] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 298.346915][T10527] ? netlink_has_listeners+0x20f/0x430 [ 298.346929][T10527] netlink_broadcast+0x39/0x50 [ 298.346943][T10527] kobject_uevent_env+0xc6a/0x1870 [ 298.346956][T10527] ? __fget_files+0x20e/0x3c0 [ 298.346968][T10527] lo_ioctl+0x4d4/0x28e0 [ 298.346984][T10527] ? __pfx_stack_trace_save+0x10/0x10 [ 298.346995][T10527] ? stack_depot_save_flags+0x28/0xa50 [ 298.347011][T10527] ? __lock_acquire+0xaa4/0x1ba0 [ 298.347025][T10527] ? kasan_save_stack+0x42/0x60 [ 298.347036][T10527] ? kasan_save_stack+0x33/0x60 [ 298.347045][T10527] ? kasan_save_track+0x14/0x30 [ 298.347055][T10527] ? kasan_save_free_info+0x3b/0x60 [ 298.347069][T10527] ? __kasan_slab_free+0x51/0x70 [ 298.347080][T10527] ? kfree+0x2b6/0x4d0 [ 298.347087][T10527] ? tomoyo_path_number_perm+0x470/0x580 [ 298.347099][T10527] ? security_file_ioctl_compat+0x9b/0x240 [ 298.347113][T10527] ? __ia32_compat_sys_ioctl+0xc3/0x360 [ 298.347127][T10527] ? __do_fast_syscall_32+0x73/0x120 [ 298.347142][T10527] ? do_fast_syscall_32+0x32/0x80 [ 298.347156][T10527] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 298.347170][T10527] ? __pfx_lo_ioctl+0x10/0x10 [ 298.347198][T10527] ? kasan_quarantine_put+0x10a/0x240 [ 298.347223][T10527] ? lockdep_hardirqs_on+0x7c/0x110 [ 298.347240][T10527] ? find_held_lock+0x2b/0x80 [ 298.347249][T10527] ? tomoyo_path_number_perm+0x295/0x580 [ 298.347264][T10527] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 298.347279][T10527] ? blkdev_common_ioctl+0x1dd/0x2480 [ 298.347295][T10527] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 298.347308][T10527] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 298.347322][T10527] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 298.347334][T10527] ? do_vfs_ioctl+0x512/0x1990 [ 298.347347][T10527] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 298.347372][T10527] lo_compat_ioctl+0xb9/0x170 [ 298.347388][T10527] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 298.347403][T10527] compat_blkdev_ioctl+0x2eb/0x7a0 [ 298.347416][T10527] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 298.347428][T10527] ? __pfx_fput+0x10/0x10 [ 298.347442][T10527] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 298.347455][T10527] __ia32_compat_sys_ioctl+0x24f/0x360 [ 298.347472][T10527] __do_fast_syscall_32+0x73/0x120 [ 298.347488][T10527] do_fast_syscall_32+0x32/0x80 [ 298.347503][T10527] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 298.347515][T10527] RIP: 0023:0xf7f24579 [ 298.347524][T10527] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 298.347533][T10527] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 298.347542][T10527] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c06 [ 298.347548][T10527] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000000 [ 298.347554][T10527] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 298.347559][T10527] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 298.347564][T10527] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 298.347577][T10527] [ 298.607650][T10534] netlink: 'syz.2.1103': attribute type 1 has an invalid length. [ 298.611285][T10534] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1103'. [ 299.123069][T10540] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 299.125677][T10540] IPv6: NLM_F_CREATE should be set when creating new route [ 299.242320][T10538] overlayfs: missing 'workdir' [ 299.250282][T10538] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1105'. [ 299.533111][ T5939] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 299.694344][ T5939] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 299.698821][ T5939] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 299.702853][ T5939] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 299.706870][ T5939] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.714832][T10538] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 299.724230][ T5939] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 299.955568][ T5980] usb 5-1: USB disconnect, device number 13 [ 300.345977][T10564] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1111'. [ 300.348888][T10564] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1111'. [ 301.303369][T10569] FAULT_INJECTION: forcing a failure. [ 301.303369][T10569] name failslab, interval 1, probability 0, space 0, times 0 [ 301.307512][T10569] CPU: 3 UID: 0 PID: 10569 Comm: syz.2.1114 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 301.307527][T10569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 301.307533][T10569] Call Trace: [ 301.307536][T10569] [ 301.307541][T10569] dump_stack_lvl+0x16c/0x1f0 [ 301.307559][T10569] should_fail_ex+0x512/0x640 [ 301.307576][T10569] ? stack_depot_save_flags+0x28/0xa50 [ 301.307593][T10569] should_failslab+0xc2/0x120 [ 301.307608][T10569] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 301.307620][T10569] ? kasan_save_stack+0x42/0x60 [ 301.307630][T10569] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 301.307645][T10569] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 301.307661][T10569] idr_get_free+0x528/0xa30 [ 301.307680][T10569] idr_alloc_u32+0x190/0x2f0 [ 301.307695][T10569] ? __pfx_idr_alloc_u32+0x10/0x10 [ 301.307710][T10569] ? lock_acquire+0x179/0x350 [ 301.307727][T10569] idr_alloc_cyclic+0x10b/0x230 [ 301.307741][T10569] ? __pfx_idr_alloc_cyclic+0x10/0x10 [ 301.307754][T10569] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 301.307770][T10569] ? btf_new_fd+0x40bd/0x53a0 [ 301.307783][T10569] btf_new_fd+0x389/0x53a0 [ 301.307792][T10569] ? find_held_lock+0x2b/0x80 [ 301.307809][T10569] ? __pfx_btf_new_fd+0x10/0x10 [ 301.307818][T10569] ? trace_cap_capable+0x18d/0x200 [ 301.307832][T10569] ? bpf_lsm_capable+0x9/0x10 [ 301.307843][T10569] ? security_capable+0x7e/0x260 [ 301.307854][T10569] ? ns_capable+0xd7/0x110 [ 301.307866][T10569] __sys_bpf+0x1adb/0x4d80 [ 301.307883][T10569] ? __pfx___sys_bpf+0x10/0x10 [ 301.307898][T10569] ? ksys_write+0x190/0x240 [ 301.307910][T10569] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 301.307933][T10569] ? fput+0x70/0xf0 [ 301.307945][T10569] ? ksys_write+0x1b9/0x240 [ 301.307954][T10569] ? __pfx_ksys_write+0x10/0x10 [ 301.307966][T10569] __ia32_sys_bpf+0x76/0xe0 [ 301.307982][T10569] __do_fast_syscall_32+0x73/0x120 [ 301.307999][T10569] do_fast_syscall_32+0x32/0x80 [ 301.308014][T10569] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 301.308028][T10569] RIP: 0023:0xf7f24579 [ 301.308036][T10569] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 301.308045][T10569] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 301.308055][T10569] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 00000000800002c0 [ 301.308061][T10569] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000000 [ 301.308067][T10569] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 301.308072][T10569] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 301.308077][T10569] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 301.308089][T10569] [ 301.750489][T10580] bridge0: port 3(syz_tun) entered blocking state [ 301.753388][T10580] bridge0: port 3(syz_tun) entered disabled state [ 301.755762][T10580] syz_tun: entered allmulticast mode [ 301.764387][T10580] syz_tun: entered promiscuous mode [ 301.767805][T10580] bridge0: port 3(syz_tun) entered blocking state [ 301.769918][T10580] bridge0: port 3(syz_tun) entered forwarding state [ 301.834202][ T1018] usb 6-1: USB disconnect, device number 12 [ 301.958150][T10588] random: crng reseeded on system resumption [ 303.032583][ T5942] Bluetooth: hci1: unexpected event for opcode 0x080f [ 304.548561][T10622] overlayfs: missing 'workdir' [ 304.864375][ T5980] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 304.873796][ T5947] Bluetooth: hci2: unexpected event for opcode 0x080f [ 305.043016][ T34] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 305.098618][ T5980] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 305.107592][ T5980] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 305.115762][ T5980] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 305.132892][ T5980] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.173122][ T34] usb 8-1: device descriptor read/64, error -71 [ 305.181839][T10626] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 305.254701][ T5980] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 305.413073][ T34] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 305.543114][ T34] usb 8-1: device descriptor read/64, error -71 [ 305.653494][ T34] usb usb8-port1: attempt power cycle [ 305.993038][ T34] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 306.014592][ T34] usb 8-1: device descriptor read/8, error -71 [ 306.253063][ T34] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 306.273631][ T34] usb 8-1: device descriptor read/8, error -71 [ 306.384477][ T34] usb usb8-port1: unable to enumerate USB device [ 306.488488][T10639] FAULT_INJECTION: forcing a failure. [ 306.488488][T10639] name failslab, interval 1, probability 0, space 0, times 0 [ 306.492630][T10639] CPU: 2 UID: 0 PID: 10639 Comm: syz.0.1131 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 306.492643][T10639] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 306.492649][T10639] Call Trace: [ 306.492653][T10639] [ 306.492657][T10639] dump_stack_lvl+0x16c/0x1f0 [ 306.492676][T10639] should_fail_ex+0x512/0x640 [ 306.492691][T10639] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 306.492706][T10639] should_failslab+0xc2/0x120 [ 306.492720][T10639] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 306.492731][T10639] ? __alloc_skb+0x2b2/0x380 [ 306.492746][T10639] __alloc_skb+0x2b2/0x380 [ 306.492757][T10639] ? __pfx___alloc_skb+0x10/0x10 [ 306.492769][T10639] ? rcu_is_watching+0x12/0xc0 [ 306.492779][T10639] ? __kmalloc_noprof+0x242/0x510 [ 306.492791][T10639] ? __lock_acquire+0x9b1/0x1ba0 [ 306.492806][T10639] __tipc_nl_compat_doit+0x110/0x3d0 [ 306.492818][T10639] ? kasan_save_free_info+0x3b/0x60 [ 306.492834][T10639] ? __pfx___tipc_nl_compat_doit+0x10/0x10 [ 306.492844][T10639] ? consume_skb+0xcc/0x100 [ 306.492863][T10639] ? bpf_lsm_capable+0x9/0x10 [ 306.492874][T10639] ? security_capable+0x7e/0x260 [ 306.492887][T10639] tipc_nl_compat_doit+0x11e/0x290 [ 306.492911][T10639] tipc_nl_compat_recv+0x95b/0xc50 [ 306.492925][T10639] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 306.492936][T10639] ? __pfx___tipc_nl_bearer_enable+0x10/0x10 [ 306.492950][T10639] ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10 [ 306.492963][T10639] ? __mutex_trylock_common+0xe9/0x250 [ 306.492982][T10639] ? rcu_is_watching+0x12/0xc0 [ 306.493006][T10639] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 306.493026][T10639] genl_family_rcv_msg_doit+0x206/0x2f0 [ 306.493043][T10639] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 306.493059][T10639] ? genl_get_cmd+0x194/0x580 [ 306.493077][T10639] ? __local_bh_enable_ip+0xa4/0x120 [ 306.493089][T10639] ? __dev_queue_xmit+0x896/0x43e0 [ 306.493098][T10639] ? __radix_tree_lookup+0x21f/0x2c0 [ 306.493115][T10639] genl_rcv_msg+0x55c/0x800 [ 306.493132][T10639] ? __pfx_genl_rcv_msg+0x10/0x10 [ 306.493147][T10639] ? __pfx___dev_queue_xmit+0x10/0x10 [ 306.493157][T10639] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 306.493169][T10639] ? __lock_acquire+0xaa4/0x1ba0 [ 306.493185][T10639] netlink_rcv_skb+0x16a/0x440 [ 306.493199][T10639] ? __pfx_genl_rcv_msg+0x10/0x10 [ 306.493216][T10639] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 306.493237][T10639] ? __pfx_down_read+0x10/0x10 [ 306.493251][T10639] ? netlink_deliver_tap+0x1ae/0xd30 [ 306.493266][T10639] genl_rcv+0x28/0x40 [ 306.493280][T10639] netlink_unicast+0x53d/0x7f0 [ 306.493295][T10639] ? __pfx_netlink_unicast+0x10/0x10 [ 306.493313][T10639] netlink_sendmsg+0x8d1/0xdd0 [ 306.493329][T10639] ? __pfx_netlink_sendmsg+0x10/0x10 [ 306.493344][T10639] ? __import_iovec+0x1c8/0x660 [ 306.493358][T10639] ____sys_sendmsg+0xa95/0xc70 [ 306.493375][T10639] ? __pfx_____sys_sendmsg+0x10/0x10 [ 306.493390][T10639] ? get_compat_msghdr+0x11a/0x170 [ 306.493409][T10639] ___sys_sendmsg+0x134/0x1d0 [ 306.493423][T10639] ? __pfx____sys_sendmsg+0x10/0x10 [ 306.493469][T10639] __sys_sendmsg+0x16d/0x220 [ 306.493484][T10639] ? __pfx___sys_sendmsg+0x10/0x10 [ 306.493503][T10639] ? rcu_is_watching+0x12/0xc0 [ 306.493514][T10639] ? rcu_is_watching+0x12/0xc0 [ 306.493525][T10639] __do_fast_syscall_32+0x73/0x120 [ 306.493542][T10639] do_fast_syscall_32+0x32/0x80 [ 306.493557][T10639] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 306.493571][T10639] RIP: 0023:0xf7fe3579 [ 306.493579][T10639] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 306.493589][T10639] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 306.493599][T10639] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0 [ 306.493605][T10639] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 306.493611][T10639] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 306.493616][T10639] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 306.493622][T10639] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 306.493635][T10639] [ 307.395166][ T5942] Bluetooth: hci3: command 0x0406 tx timeout [ 307.505852][ T5980] usb 7-1: USB disconnect, device number 12 [ 308.323110][ T5947] Bluetooth: hci1: unexpected event for opcode 0x080f [ 308.625916][T10671] random: crng reseeded on system resumption [ 310.023871][T10681] overlayfs: missing 'workdir' [ 310.026832][ T40] audit: type=1326 audit(1748303720.713:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10673 comm="syz.1.1142" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 310.053247][ T40] audit: type=1326 audit(1748303720.713:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10673 comm="syz.1.1142" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 310.082644][ T40] audit: type=1326 audit(1748303720.713:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10673 comm="syz.1.1142" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 310.107416][ T40] audit: type=1326 audit(1748303720.713:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10673 comm="syz.1.1142" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 310.116498][ T40] audit: type=1326 audit(1748303720.713:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10673 comm="syz.1.1142" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 310.133160][ T40] audit: type=1326 audit(1748303720.723:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10673 comm="syz.1.1142" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 310.173306][ T40] audit: type=1326 audit(1748303720.723:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10673 comm="syz.1.1142" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 310.187559][ T40] audit: type=1326 audit(1748303720.723:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10673 comm="syz.1.1142" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 310.197467][ T40] audit: type=1326 audit(1748303720.723:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10673 comm="syz.1.1142" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 310.207511][ T40] audit: type=1326 audit(1748303720.723:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10673 comm="syz.1.1142" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000 [ 310.213961][T10687] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 310.219187][T10687] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 310.221926][T10687] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 310.225579][T10687] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 310.473020][ T1018] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 310.656614][ T1018] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 310.661392][ T1018] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 310.666099][ T1018] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 310.903868][ T1018] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.918053][T10684] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 310.927420][ T1018] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 312.010835][T10711] random: crng reseeded on system resumption [ 312.311386][ T5942] Bluetooth: hci3: unexpected event for opcode 0x080f [ 312.994228][ T5980] usb 5-1: USB disconnect, device number 14 [ 313.278079][T10733] netlink: set zone limit has 4 unknown bytes [ 314.536646][T10758] overlayfs: missing 'workdir' [ 314.558173][T10763] random: crng reseeded on system resumption [ 314.833057][ T1018] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 314.926323][T10772] netlink: 'syz.0.1166': attribute type 10 has an invalid length. [ 314.945657][T10772] bond0: (slave wlan1): Releasing backup interface [ 314.957829][T10772] team0: Port device wlan1 added [ 314.984586][ T1018] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 314.988019][ T1018] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 314.991276][ T1018] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 314.994397][ T1018] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.999322][T10764] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 315.003942][ T1018] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 316.605045][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.607833][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.643021][ T5942] Bluetooth: hci2: unexpected event for opcode 0x080f [ 317.486765][ T1018] usb 8-1: USB disconnect, device number 16 [ 317.766769][T10801] netlink: set zone limit has 4 unknown bytes [ 317.878177][T10804] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 317.881107][T10804] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 318.726502][T10819] random: crng reseeded on system resumption [ 319.269561][ T5942] Bluetooth: hci2: unexpected event for opcode 0x080f [ 319.738694][T10832] overlayfs: missing 'workdir' [ 319.821481][T10837] netlink: 'syz.2.1183': attribute type 10 has an invalid length. [ 320.053489][ T29] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 320.155444][T10846] /dev/sr0: Can't open blockdev [ 320.214393][ T29] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 320.218618][ T29] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 320.221639][ T29] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 320.224647][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.233214][T10835] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 320.240344][ T29] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 320.933052][ T9] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 321.015455][T10857] netlink: set zone limit has 4 unknown bytes [ 321.063077][ T9] usb 6-1: device descriptor read/64, error -71 [ 321.280028][T10860] netlink: 136 bytes leftover after parsing attributes in process `syz.2.1189'. [ 321.303065][ T9] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 321.443007][ T9] usb 6-1: device descriptor read/64, error -71 [ 321.563142][ T9] usb usb6-port1: attempt power cycle [ 321.913050][ T9] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 321.933559][ T9] usb 6-1: device descriptor read/8, error -71 [ 322.135823][ T29] usb 8-1: USB disconnect, device number 17 [ 322.181239][T10869] random: crng reseeded on system resumption [ 322.253010][ T9] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 322.273990][ T9] usb 6-1: device descriptor read/8, error -71 [ 322.393199][ T9] usb usb6-port1: unable to enumerate USB device [ 322.400591][T10874] lo speed is unknown, defaulting to 1000 [ 322.404338][T10874] lo speed is unknown, defaulting to 1000 [ 322.811868][ T5942] Bluetooth: hci2: unexpected event for opcode 0x080f [ 323.758086][T10891] /dev/sr0: Can't open blockdev [ 324.340987][T10909] overlayfs: missing 'workdir' [ 324.813421][ T1018] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 325.192389][ T1018] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 325.196184][ T1018] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 325.199286][ T1018] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 325.202182][ T1018] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.207523][T10909] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 325.211566][ T1018] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 325.333147][ T5942] Bluetooth: hci1: unexpected event for opcode 0x080f [ 325.807287][T10939] FAULT_INJECTION: forcing a failure. [ 325.807287][T10939] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 325.812690][T10939] CPU: 3 UID: 0 PID: 10939 Comm: syz.2.1209 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 325.812712][T10939] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 325.812723][T10939] Call Trace: [ 325.812730][T10939] [ 325.812736][T10939] dump_stack_lvl+0x16c/0x1f0 [ 325.812767][T10939] should_fail_ex+0x512/0x640 [ 325.812797][T10939] _copy_from_user+0x2e/0xd0 [ 325.812834][T10939] __do_sys_add_key+0x229/0x470 [ 325.812855][T10939] ? __pfx___do_sys_add_key+0x10/0x10 [ 325.812869][T10939] ? ksys_write+0x1b9/0x240 [ 325.812890][T10939] ? rcu_is_watching+0x12/0xc0 [ 325.812926][T10939] __do_fast_syscall_32+0x73/0x120 [ 325.812955][T10939] do_fast_syscall_32+0x32/0x80 [ 325.812978][T10939] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 325.812999][T10939] RIP: 0023:0xf7f24579 [ 325.813013][T10939] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 325.813027][T10939] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 000000000000011e [ 325.813044][T10939] RAX: ffffffffffffffda RBX: 0000000080000300 RCX: 0000000080000240 [ 325.813054][T10939] RDX: 0000000000000000 RSI: 00000000000fffff RDI: 00000000fffffff8 [ 325.813065][T10939] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 325.813075][T10939] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 325.813084][T10939] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 325.813103][T10939] [ 325.890796][T10943] FAULT_INJECTION: forcing a failure. [ 325.890796][T10943] name failslab, interval 1, probability 0, space 0, times 0 [ 325.894845][T10943] CPU: 0 UID: 0 PID: 10943 Comm: syz.2.1211 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 325.894860][T10943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 325.894867][T10943] Call Trace: [ 325.894870][T10943] [ 325.894874][T10943] dump_stack_lvl+0x16c/0x1f0 [ 325.894893][T10943] should_fail_ex+0x512/0x640 [ 325.894909][T10943] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 325.894924][T10943] should_failslab+0xc2/0x120 [ 325.894937][T10943] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 325.894949][T10943] ? __alloc_skb+0x2b2/0x380 [ 325.894963][T10943] __alloc_skb+0x2b2/0x380 [ 325.894974][T10943] ? __pfx___alloc_skb+0x10/0x10 [ 325.894988][T10943] ? __pfx_aa_sk_perm+0x10/0x10 [ 325.895003][T10943] pfkey_sendmsg+0x479/0x850 [ 325.895017][T10943] ____sys_sendmsg+0xa95/0xc70 [ 325.895034][T10943] ? __pfx_____sys_sendmsg+0x10/0x10 [ 325.895049][T10943] ? get_compat_msghdr+0x11a/0x170 [ 325.895073][T10943] ___sys_sendmsg+0x134/0x1d0 [ 325.895088][T10943] ? __pfx____sys_sendmsg+0x10/0x10 [ 325.895116][T10943] __sys_sendmsg+0x16d/0x220 [ 325.895129][T10943] ? __pfx___sys_sendmsg+0x10/0x10 [ 325.895147][T10943] ? rcu_is_watching+0x12/0xc0 [ 325.895159][T10943] __do_fast_syscall_32+0x73/0x120 [ 325.895176][T10943] do_fast_syscall_32+0x32/0x80 [ 325.895192][T10943] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 325.895205][T10943] RIP: 0023:0xf7f24579 [ 325.895213][T10943] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 325.895223][T10943] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 325.895233][T10943] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 325.895239][T10943] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 325.895245][T10943] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 325.895250][T10943] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 325.895256][T10943] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 325.895268][T10943] [ 327.253229][ T29] usb 8-1: USB disconnect, device number 18 [ 327.573169][ T5942] Bluetooth: hci0: unexpected event for opcode 0x080f [ 327.998185][T10969] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1225'. [ 328.542359][T10978] syz_tun: left allmulticast mode [ 328.544161][T10978] syz_tun: left promiscuous mode [ 328.547302][T10978] bridge0: port 3(syz_tun) entered disabled state [ 328.555637][T10978] bridge_slave_0: left allmulticast mode [ 328.557525][T10978] bridge_slave_0: left promiscuous mode [ 328.559535][T10978] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.571898][T10978] bridge_slave_1: left allmulticast mode [ 328.591164][T10978] bridge_slave_1: left promiscuous mode [ 328.594735][T10978] bridge0: port 2(bridge_slave_1) entered disabled state [ 328.604607][T10978] bond0: (slave bond_slave_0): Releasing backup interface [ 328.608563][T10978] bond_slave_0: left allmulticast mode [ 328.614942][T10978] bond0: (slave bond_slave_1): Releasing backup interface [ 328.618326][T10978] bond_slave_1: left allmulticast mode [ 328.777624][T10978] team0: Port device team_slave_0 removed [ 328.785255][T10978] team0: Port device team_slave_1 removed [ 328.787725][T10978] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 328.790387][T10978] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 328.796199][T10978] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 328.799230][T10978] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 328.810228][T10978] bond0: (slave wlan1): Releasing backup interface [ 328.815100][T10978] mac80211_hwsim hwsim3 wlan1: left allmulticast mode [ 328.832824][T10979] team0: Mode changed to "broadcast" [ 328.839133][T10981] vlan0: entered promiscuous mode [ 328.844997][T10982] tipc: Started in network mode [ 328.847049][T10982] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 328.849446][T10982] tipc: Enabled bearer , priority 0 [ 330.032062][ T1018] tipc: Node number set to 11578026 [ 331.433974][T11036] binder: 11035:11036 ioctl 40046205 0 returned -22 [ 331.457420][T11036] lo speed is unknown, defaulting to 1000 [ 331.460314][T11036] lo speed is unknown, defaulting to 1000 [ 332.033127][ T59] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 332.204275][ T59] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 332.208640][ T59] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 332.212653][ T59] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 332.215894][ T59] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.444462][ T59] usb 5-1: usb_control_msg returned -32 [ 332.450287][ T59] usbtmc 5-1:16.0: can't read capabilities [ 334.167902][ T5942] Bluetooth: hci0: unexpected event for opcode 0x080f [ 334.216619][T11072] overlayfs: missing 'workdir' [ 334.503141][ T29] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 334.590185][T11076] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1244'. [ 334.668946][ T29] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 334.676668][ T29] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 334.680545][ T29] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 334.693283][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.705528][T11072] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 334.711053][ T29] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 334.875206][ T34] usb 5-1: USB disconnect, device number 15 [ 334.999385][T11083] FAULT_INJECTION: forcing a failure. [ 334.999385][T11083] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 335.004431][T11083] CPU: 0 UID: 0 PID: 11083 Comm: syz.3.1247 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 335.004445][T11083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 335.004451][T11083] Call Trace: [ 335.004455][T11083] [ 335.004460][T11083] dump_stack_lvl+0x16c/0x1f0 [ 335.004490][T11083] should_fail_ex+0x512/0x640 [ 335.004520][T11083] _copy_from_user+0x2e/0xd0 [ 335.004531][T11083] get_compat_msghdr+0xa7/0x170 [ 335.004544][T11083] ? __pfx_get_compat_msghdr+0x10/0x10 [ 335.004557][T11083] ? __pfx__kstrtoull+0x10/0x10 [ 335.004572][T11083] ___sys_sendmsg+0x1ae/0x1d0 [ 335.004586][T11083] ? __pfx____sys_sendmsg+0x10/0x10 [ 335.004605][T11083] ? find_held_lock+0x2b/0x80 [ 335.004621][T11083] ? __pfx___might_resched+0x10/0x10 [ 335.004636][T11083] __sys_sendmmsg+0x2f9/0x420 [ 335.004650][T11083] ? __pfx___sys_sendmmsg+0x10/0x10 [ 335.004668][T11083] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 335.004690][T11083] ? fput+0x70/0xf0 [ 335.004703][T11083] ? ksys_write+0x1b9/0x240 [ 335.004713][T11083] ? __pfx_ksys_write+0x10/0x10 [ 335.004747][T11083] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 335.004768][T11083] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 335.004784][T11083] __do_fast_syscall_32+0x73/0x120 [ 335.004801][T11083] do_fast_syscall_32+0x32/0x80 [ 335.004817][T11083] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 335.004830][T11083] RIP: 0023:0xf707e579 [ 335.004839][T11083] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 335.004849][T11083] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 335.004859][T11083] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000 [ 335.004865][T11083] RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000000 [ 335.004871][T11083] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 335.004877][T11083] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 335.004882][T11083] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 335.004895][T11083] [ 335.593474][T11099] tipc: Resetting bearer [ 335.777025][T11099] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 336.603055][ T5942] Bluetooth: hci0: unexpected event for opcode 0x080f [ 337.585182][ T1018] usb 6-1: USB disconnect, device number 17 [ 338.367320][T11140] lo speed is unknown, defaulting to 1000 [ 338.371078][T11140] lo speed is unknown, defaulting to 1000 [ 338.408752][T11143] random: crng reseeded on system resumption [ 338.959755][T11142] lo: entered promiscuous mode [ 338.964553][T11142] tunl0: entered promiscuous mode [ 338.973373][T11142] gre0: entered promiscuous mode [ 338.986483][T11142] gretap0: entered promiscuous mode [ 339.021495][T11142] erspan0: entered promiscuous mode [ 339.025771][T11142] ip_vti0: entered promiscuous mode [ 339.033584][T11142] ip6_vti0: entered promiscuous mode [ 339.060396][T11142] sit0: entered promiscuous mode [ 339.076519][T11142] ip6tnl0: entered promiscuous mode [ 339.112633][T11142] ip6gre0: entered promiscuous mode [ 339.153898][T11142] syz_tun: entered promiscuous mode [ 339.229821][T11142] ip6gretap0: entered promiscuous mode [ 339.268146][T11142] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.270554][T11142] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.307036][T11142] bridge0: entered promiscuous mode [ 339.357358][T11142] vcan0: entered promiscuous mode [ 339.362054][T11142] bond0: entered promiscuous mode [ 339.364116][T11142] bond_slave_0: entered promiscuous mode [ 339.366191][T11142] bond_slave_1: entered promiscuous mode [ 339.381961][T11142] team0: entered promiscuous mode [ 339.393155][T11142] team_slave_0: entered promiscuous mode [ 339.397642][T11142] team_slave_1: entered promiscuous mode [ 339.400224][T11142] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode [ 339.418103][T11142] dummy0: entered promiscuous mode [ 339.441598][T11142] nlmon0: entered promiscuous mode [ 339.453587][T11142] caif0: entered promiscuous mode [ 339.462327][T11142] batadv0: entered promiscuous mode [ 339.495723][T11142] vxcan0: entered promiscuous mode [ 339.507510][T11142] vxcan1: entered promiscuous mode [ 339.540000][T11142] veth0: entered promiscuous mode [ 339.556910][T11142] veth1: entered promiscuous mode [ 339.605408][T11142] wg0: entered promiscuous mode [ 339.641590][T11142] wg1: entered promiscuous mode [ 339.667821][T11142] wg2: entered promiscuous mode [ 339.696223][T11142] veth0_to_bridge: entered promiscuous mode [ 339.731638][T11142] veth1_to_bridge: entered promiscuous mode [ 339.751421][T11142] veth0_to_bond: entered promiscuous mode [ 339.758399][T11142] veth1_to_bond: entered promiscuous mode [ 339.772561][T11142] veth0_to_team: entered promiscuous mode [ 339.782321][T11142] veth1_to_team: entered promiscuous mode [ 339.795706][T11142] veth0_to_batadv: entered promiscuous mode [ 339.811650][T11142] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 339.816120][T11142] batadv_slave_0: entered promiscuous mode [ 339.823434][T11142] veth1_to_batadv: entered promiscuous mode [ 339.827398][T11142] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 339.830345][T11142] batadv_slave_1: entered promiscuous mode [ 339.836434][T11142] xfrm0: entered promiscuous mode [ 339.894330][T11142] veth0_to_hsr: entered promiscuous mode [ 339.904182][T11142] veth1_to_hsr: entered promiscuous mode [ 339.916879][T11142] hsr0: entered promiscuous mode [ 339.925293][T11142] veth1_virt_wifi: entered promiscuous mode [ 339.931170][T11142] veth0_virt_wifi: entered promiscuous mode [ 339.944903][T11142] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 339.975219][T11142] vlan0: entered promiscuous mode [ 339.977209][T11142] vlan1: entered promiscuous mode [ 339.983948][T11142] macvlan0: entered promiscuous mode [ 339.992671][T11142] macvlan1: entered promiscuous mode [ 340.001312][T11142] ipvlan0: entered promiscuous mode [ 340.003161][T11142] ipvlan1: entered promiscuous mode [ 340.018647][T11142] macvtap0: entered promiscuous mode [ 340.032089][T11142] macsec0: entered promiscuous mode [ 340.043568][T11142] geneve0: entered promiscuous mode [ 340.058887][T11142] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.066006][T11142] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.070307][T11142] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.076842][T11142] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.081675][T11142] geneve1: entered promiscuous mode [ 340.089443][T11142] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 340.106475][T11142] netdevsim netdevsim0 netdevsim1: entered promiscuous mode [ 340.111166][T11142] netdevsim netdevsim0 netdevsim2: entered promiscuous mode [ 340.119177][T11142] netdevsim netdevsim0 netdevsim3: entered promiscuous mode [ 340.127739][T11142] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 340.134639][T11142] pimreg: entered promiscuous mode [ 340.148621][ T9] lo speed is unknown, defaulting to 1000 [ 340.149563][T11159] overlayfs: missing 'workdir' [ 340.160616][ T9] sz1: Port: 1 Link DOWN [ 340.162523][ T9] lo speed is unknown, defaulting to 1000 [ 340.285341][T11156] veth0_to_team: entered allmulticast mode [ 340.437684][T11172] 9pnet_fd: Insufficient options for proto=fd [ 341.290749][T11180] random: crng reseeded on system resumption [ 342.626644][T11198] block device autoloading is deprecated and will be removed. [ 342.672130][ T5942] Bluetooth: hci0: unexpected event for opcode 0x080f [ 343.121080][T11202] sctp: [Deprecated]: syz.2.1279 (pid 11202) Use of int in max_burst socket option. [ 343.121080][T11202] Use struct sctp_assoc_value instead [ 343.407246][T11212] random: crng reseeded on system resumption [ 344.187377][T11221] netlink: 'syz.0.1287': attribute type 4 has an invalid length. [ 344.189914][T11221] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1287'. [ 344.194460][T11221] : renamed from bond0 [ 344.201195][T11226] overlayfs: missing 'workdir' [ 344.704372][ T5942] Bluetooth: hci3: unexpected event for opcode 0x080f [ 344.989540][T11246] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 345.075768][T11250] random: crng reseeded on system resumption [ 346.601890][T11270] lo speed is unknown, defaulting to 1000 [ 346.608962][T11270] lo speed is unknown, defaulting to 1000 [ 346.649502][T11271] lo: entered promiscuous mode [ 346.651927][T11271] tunl0: entered promiscuous mode [ 346.658032][T11271] gre0: entered promiscuous mode [ 346.666778][T11271] gretap0: entered promiscuous mode [ 346.670348][T11271] erspan0: entered promiscuous mode [ 346.675127][T11271] ip_vti0: entered promiscuous mode [ 346.678126][T11271] ip6_vti0: entered promiscuous mode [ 346.681469][T11271] sit0: entered promiscuous mode [ 346.687276][T11271] ip6tnl0: entered promiscuous mode [ 346.690441][T11271] ip6gre0: entered promiscuous mode [ 346.694030][T11271] syz_tun: entered promiscuous mode [ 346.698427][T11271] ip6gretap0: entered promiscuous mode [ 346.701725][T11271] bridge0: port 3(vlan2) entered disabled state [ 346.703907][T11271] bridge0: port 2(bridge_slave_1) entered disabled state [ 346.706325][T11271] bridge0: port 1(bridge_slave_0) entered disabled state [ 346.710772][T11271] bridge0: entered promiscuous mode [ 346.714600][T11271] vcan0: entered promiscuous mode [ 346.725404][T11271] team0: entered promiscuous mode [ 346.727028][T11271] team_slave_0: entered promiscuous mode [ 346.728878][T11271] team_slave_1: entered promiscuous mode [ 346.732995][ T1461] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 346.733346][T11271] dummy0: entered promiscuous mode [ 346.739771][T11271] nlmon0: entered promiscuous mode [ 346.742751][T11271] caif0: entered promiscuous mode [ 346.744929][T11271] batadv0: entered promiscuous mode [ 346.748948][T11271] vxcan0: entered promiscuous mode [ 346.751309][T11271] vxcan1: entered promiscuous mode [ 346.754513][T11271] veth0: entered promiscuous mode [ 346.758428][T11271] veth1: entered promiscuous mode [ 346.762613][T11271] wg0: entered promiscuous mode [ 346.767433][T11271] wg1: entered promiscuous mode [ 346.770952][T11271] wg2: entered promiscuous mode [ 346.774806][T11271] veth0_to_bridge: entered promiscuous mode [ 346.781771][T11271] veth1_to_bridge: entered promiscuous mode [ 346.789280][T11271] veth0_to_bond: entered promiscuous mode [ 346.794361][T11271] veth1_to_bond: entered promiscuous mode [ 346.799420][T11271] veth0_to_team: entered promiscuous mode [ 346.806318][T11271] veth1_to_team: entered promiscuous mode [ 346.814627][T11271] veth0_to_batadv: entered promiscuous mode [ 346.819716][T11271] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 346.826491][T11271] batadv_slave_0: entered promiscuous mode [ 346.833608][T11271] veth1_to_batadv: entered promiscuous mode [ 346.839420][T11271] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 346.844856][T11271] batadv_slave_1: entered promiscuous mode [ 346.850294][T11271] xfrm0: entered promiscuous mode [ 346.856569][T11271] veth0_to_hsr: entered promiscuous mode [ 346.867236][T11271] veth1_to_hsr: entered promiscuous mode [ 346.876701][T11271] hsr0: entered promiscuous mode [ 346.886179][T11271] veth1_virt_wifi: entered promiscuous mode [ 346.892781][T11271] veth0_virt_wifi: entered promiscuous mode [ 346.898144][ T1461] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 346.902121][ T1461] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 346.908880][ T1461] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 346.920549][ T1461] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 346.925880][T11271] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 346.928182][ T1461] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.930879][ T1461] usb 5-1: Product: syz [ 346.932204][ T1461] usb 5-1: Manufacturer: syz [ 346.937502][ T1461] usb 5-1: SerialNumber: syz [ 346.942721][ T1461] hub 5-1:1.0: bad descriptor, ignoring hub [ 346.947331][ T1461] hub 5-1:1.0: probe with driver hub failed with error -5 [ 346.967079][T11271] vlan0: entered promiscuous mode [ 346.970330][T11271] vlan1: entered promiscuous mode [ 346.976098][T11271] macvlan0: entered promiscuous mode [ 346.986244][T11271] macvlan1: entered promiscuous mode [ 346.992219][T11271] ipvlan0: entered promiscuous mode [ 346.998063][T11271] ipvlan1: entered promiscuous mode [ 347.011355][T11271] macvtap0: entered promiscuous mode [ 347.021776][T11271] macsec0: entered promiscuous mode [ 347.035116][T11271] geneve0: entered promiscuous mode [ 347.043856][T11271] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 347.047101][T11271] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 347.050374][T11271] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 347.055536][T11271] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 347.059876][T11271] geneve1: entered promiscuous mode [ 347.067243][T11271] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 347.076540][T11271] netdevsim netdevsim2 netdevsim1: entered promiscuous mode [ 347.082896][T11271] netdevsim netdevsim2 netdevsim2: entered promiscuous mode [ 347.097995][T11271] netdevsim netdevsim2 netdevsim3: entered promiscuous mode [ 347.137689][T11271] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 347.146668][ T1461] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 16 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 347.165768][T11271] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 347.180372][T11271] pimreg: entered promiscuous mode [ 347.186885][T11271] gtp0: entered promiscuous mode [ 347.189561][T11271] syztnl2: entered promiscuous mode [ 347.338393][T11280] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 347.347390][T11268] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 347.350309][T11268] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 347.357912][T11282] veth0_to_team: entered allmulticast mode [ 347.473233][ T1461] usb 5-1: USB disconnect, device number 16 [ 347.530986][ T6053] lo speed is unknown, defaulting to 1000 [ 347.577591][ T1461] usblp0: removed [ 347.772044][T11293] netlink: 'syz.2.1304': attribute type 4 has an invalid length. [ 347.776069][T11293] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1304'. [ 347.801717][T11293] : renamed from bond0 [ 348.019571][T11301] random: crng reseeded on system resumption [ 349.400199][T11331] lo speed is unknown, defaulting to 1000 [ 349.405449][T11331] lo speed is unknown, defaulting to 1000 [ 349.445094][T11332] lo: entered promiscuous mode [ 349.458266][T11332] tunl0: entered promiscuous mode [ 349.472657][T11332] gre0: entered promiscuous mode [ 349.542081][ T5942] Bluetooth: hci1: unexpected event for opcode 0x080f [ 349.652861][T11332] gretap0: entered promiscuous mode [ 349.688691][T11332] erspan0: entered promiscuous mode [ 349.708252][T11332] ip_vti0: entered promiscuous mode [ 349.775588][T11332] ip6_vti0: entered promiscuous mode [ 349.838381][T11332] sit0: entered promiscuous mode [ 349.874890][T11332] ip6tnl0: entered promiscuous mode [ 349.894718][T11332] ip6gre0: entered promiscuous mode [ 349.991741][T11332] syz_tun: entered promiscuous mode [ 350.003387][T11332] ip6gretap0: entered promiscuous mode [ 350.056948][T11332] bridge0: entered promiscuous mode [ 350.070410][T11332] vcan0: entered promiscuous mode [ 350.093621][T11332] bond0: entered promiscuous mode [ 350.120297][T11332] tipc: Resetting bearer [ 350.131811][T11332] team0: entered promiscuous mode [ 350.163477][T11332] dummy0: entered promiscuous mode [ 350.225507][T11332] nlmon0: entered promiscuous mode [ 350.260624][T11332] caif0: entered promiscuous mode [ 350.265026][T11332] batadv0: entered promiscuous mode [ 350.285873][T11332] vxcan0: entered promiscuous mode [ 350.304085][T11332] vxcan1: entered promiscuous mode [ 350.573806][T11332] veth0: entered promiscuous mode [ 350.579856][T11332] veth1: entered promiscuous mode [ 350.609017][T11332] wg0: entered promiscuous mode [ 350.614639][T11332] wg1: entered promiscuous mode [ 350.620636][T11332] wg2: entered promiscuous mode [ 350.626127][T11332] veth0_to_bridge: entered promiscuous mode [ 350.631253][T11332] bridge_slave_0: entered promiscuous mode [ 350.638892][T11332] veth1_to_bridge: entered promiscuous mode [ 350.646023][T11332] bridge_slave_1: entered promiscuous mode [ 350.650972][T11332] veth0_to_bond: entered promiscuous mode [ 350.658792][T11332] bond_slave_0: entered promiscuous mode [ 350.660997][T11332] veth1_to_bond: entered promiscuous mode [ 350.667690][T11332] bond_slave_1: entered promiscuous mode [ 350.669715][T11332] veth0_to_team: entered promiscuous mode [ 350.671497][T11332] team_slave_0: entered promiscuous mode [ 350.676083][T11332] veth1_to_team: entered promiscuous mode [ 350.684352][T11332] team_slave_1: entered promiscuous mode [ 350.687257][T11332] veth0_to_batadv: entered promiscuous mode [ 350.696262][T11332] batadv_slave_0: entered promiscuous mode [ 350.702759][T11332] veth1_to_batadv: entered promiscuous mode [ 350.710282][T11332] batadv_slave_1: entered promiscuous mode [ 350.716950][T11332] xfrm0: entered promiscuous mode [ 350.722976][T11332] veth0_to_hsr: entered promiscuous mode [ 350.733009][T11332] veth1_to_hsr: entered promiscuous mode [ 350.745307][T11332] hsr0: entered promiscuous mode [ 350.753008][T11332] veth1_virt_wifi: entered promiscuous mode [ 350.759538][T11332] veth0_virt_wifi: entered promiscuous mode [ 350.765697][T11332] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 350.774274][T11332] vlan1: entered promiscuous mode [ 350.776545][T11332] macvlan0: entered promiscuous mode [ 350.783578][T11332] macvlan1: entered promiscuous mode [ 350.789141][T11332] ipvlan0: entered promiscuous mode [ 350.790602][T11332] ipvlan1: entered promiscuous mode [ 350.805937][T11332] macvtap0: entered promiscuous mode [ 350.812637][T11332] macsec0: entered promiscuous mode [ 350.821428][T11332] geneve0: entered promiscuous mode [ 350.830885][T11332] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.837665][T11332] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.841295][T11332] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.847780][T11332] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.854195][T11332] geneve1: entered promiscuous mode [ 350.860922][T11332] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 350.869777][T11332] netdevsim netdevsim3 netdevsim1: entered promiscuous mode [ 350.879447][T11332] netdevsim netdevsim3 netdevsim2: entered promiscuous mode [ 350.885860][T11332] netdevsim netdevsim3 netdevsim3: entered promiscuous mode [ 350.896141][T11332] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 350.901992][T11332] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 350.910114][T11332] pimreg: entered promiscuous mode [ 350.963563][T11340] 8021q: adding VLAN 0 to HW filter on device  [ 350.967385][T11340] 8021q: adding VLAN 0 to HW filter on device team0 [ 350.975315][T11340] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 350.981602][T11344] veth0_to_team: entered allmulticast mode [ 350.998092][ T5980] lo speed is unknown, defaulting to 1000 [ 351.000405][ T5980] sz1: Port: 1 Link ACTIVE [ 351.010473][ T5980] lo speed is unknown, defaulting to 1000 [ 351.354715][T11356] random: crng reseeded on system resumption [ 351.374152][ T5942] Bluetooth: hci3: unexpected event for opcode 0x080f [ 352.295304][T11362] FAULT_INJECTION: forcing a failure. [ 352.295304][T11362] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 352.299359][T11362] CPU: 2 UID: 0 PID: 11362 Comm: syz.3.1318 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 352.299372][T11362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 352.299379][T11362] Call Trace: [ 352.299383][T11362] [ 352.299387][T11362] dump_stack_lvl+0x16c/0x1f0 [ 352.299406][T11362] should_fail_ex+0x512/0x640 [ 352.299425][T11362] _copy_to_user+0x32/0xd0 [ 352.299436][T11362] simple_read_from_buffer+0xcb/0x170 [ 352.299452][T11362] proc_fail_nth_read+0x197/0x270 [ 352.299468][T11362] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 352.299483][T11362] ? rw_verify_area+0xcf/0x680 [ 352.299498][T11362] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 352.299512][T11362] vfs_read+0x1de/0xc70 [ 352.299525][T11362] ? __pfx_vfs_read+0x10/0x10 [ 352.299536][T11362] ? __do_compat_sys_newfstat+0xa5/0x110 [ 352.299549][T11362] ? __pfx___do_compat_sys_newfstat+0x10/0x10 [ 352.299569][T11362] ksys_read+0x12a/0x240 [ 352.299579][T11362] ? __pfx_ksys_read+0x10/0x10 [ 352.299589][T11362] ? rcu_is_watching+0x12/0xc0 [ 352.299602][T11362] __do_fast_syscall_32+0x73/0x120 [ 352.299618][T11362] do_fast_syscall_32+0x32/0x80 [ 352.299634][T11362] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.299647][T11362] RIP: 0023:0xf707e579 [ 352.299656][T11362] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 352.299666][T11362] RSP: 002b:00000000f506e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 352.299676][T11362] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f506e620 [ 352.299682][T11362] RDX: 000000000000000f RSI: 00000000f73e2ff4 RDI: 0000000000000000 [ 352.299688][T11362] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 352.299693][T11362] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 352.299699][T11362] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 352.299712][T11362] [ 352.981212][T11378] VFS_BUG_ON_INODE(1) encountered for inode ffff8880425e9e30 [ 352.981384][T11378] ------------[ cut here ]------------ [ 352.985862][T11378] kernel BUG at fs/namei.c:3467! [ 352.987396][T11378] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 352.989558][T11378] CPU: 3 UID: 0 PID: 11378 Comm: syz.0.1321 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 352.994099][T11378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 352.997381][T11378] RIP: 0010:may_open+0x1e3/0x400 [ 352.998939][T11378] Code: af 38 09 66 81 fd 00 10 74 29 66 81 fd 00 20 0f 84 0d ff ff ff e8 dd c5 86 ff 48 c7 c6 00 2a 9f 8b 4c 89 e7 e8 fe b8 04 00 90 <0f> 0b 66 81 fd 00 c0 75 e2 e8 bf c5 86 ff 44 89 fb 31 ff 83 e3 01 [ 353.004848][T11378] RSP: 0018:ffffc900005dfa88 EFLAGS: 00010282 [ 353.006743][T11378] RAX: 000000000000003a RBX: ffffc900005dfc20 RCX: ffffc90004529000 [ 353.009198][T11378] RDX: 0000000000000000 RSI: ffffffff819aad26 RDI: 0000000000000005 [ 353.011615][T11378] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 353.014065][T11378] R10: 0000000080000000 R11: 0000000000000000 R12: ffff8880425e9e30 [ 353.016487][T11378] R13: 0000000000000002 R14: ffffffff8e5e46c0 R15: 0000000000000006 [ 353.018940][T11378] FS: 0000000000000000(0000) GS:ffff888097ae7000(0063) knlGS:00000000f5106b40 [ 353.021688][T11378] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 353.023745][T11378] CR2: 00000000f5105e7c CR3: 0000000064f09000 CR4: 0000000000352ef0 [ 353.026199][T11378] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 353.028677][T11378] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 353.031122][T11378] Call Trace: [ 353.032166][T11378] [ 353.033108][T11378] path_openat+0x13d1/0x2d40 [ 353.034523][T11378] ? __pfx_path_openat+0x10/0x10 [ 353.036016][T11378] do_filp_open+0x20b/0x470 [ 353.037432][T11378] ? __pfx_do_filp_open+0x10/0x10 [ 353.039269][T11378] ? alloc_fd+0x471/0x7d0 [ 353.041037][T11378] do_sys_openat2+0x11b/0x1d0 [ 353.042976][T11378] ? __pfx_do_sys_openat2+0x10/0x10 [ 353.045140][T11378] ? count_memcg_events_mm.constprop.0+0x138/0x340 [ 353.047776][T11378] __ia32_compat_sys_openat+0x16d/0x210 [ 353.049963][T11378] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 353.052410][T11378] ? rcu_is_watching+0x12/0xc0 [ 353.054388][T11378] __do_fast_syscall_32+0x73/0x120 [ 353.056472][T11378] do_fast_syscall_32+0x32/0x80 [ 353.058495][T11378] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 353.061009][T11378] RIP: 0023:0xf7fe3579 [ 353.062651][T11378] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 353.070195][T11378] RSP: 002b:00000000f5106490 EFLAGS: 00000293 ORIG_RAX: 0000000000000127 [ 353.073430][T11378] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f51064e0 [ 353.076608][T11378] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f7472ff4 [ 353.079703][T11378] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 353.082745][T11378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 353.085927][T11378] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 353.089031][T11378] [ 353.090304][T11378] Modules linked in: [ 353.092278][T11378] ---[ end trace 0000000000000000 ]--- [ 353.096528][T11378] RIP: 0010:may_open+0x1e3/0x400 [ 353.098488][T11378] Code: af 38 09 66 81 fd 00 10 74 29 66 81 fd 00 20 0f 84 0d ff ff ff e8 dd c5 86 ff 48 c7 c6 00 2a 9f 8b 4c 89 e7 e8 fe b8 04 00 90 <0f> 0b 66 81 fd 00 c0 75 e2 e8 bf c5 86 ff 44 89 fb 31 ff 83 e3 01 [ 353.105879][T11378] RSP: 0018:ffffc900005dfa88 EFLAGS: 00010282 [ 353.108223][T11378] RAX: 000000000000003a RBX: ffffc900005dfc20 RCX: ffffc90004529000 [ 353.111241][T11378] RDX: 0000000000000000 RSI: ffffffff819aad26 RDI: 0000000000000005 [ 353.114853][T11378] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 353.117667][T11378] R10: 0000000080000000 R11: 0000000000000000 R12: ffff8880425e9e30 [ 353.119973][T11378] R13: 0000000000000002 R14: ffffffff8e5e46c0 R15: 0000000000000006 [ 353.122314][T11378] FS: 0000000000000000(0000) GS:ffff888097ae7000(0063) knlGS:00000000f5106b40 [ 353.125090][T11378] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 353.127124][T11378] CR2: 00000000f5105e7c CR3: 0000000064f09000 CR4: 0000000000352ef0 [ 353.129532][T11378] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 353.133087][T11378] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 353.135485][T11378] Kernel panic - not syncing: Fatal exception [ 353.137892][T11378] Kernel Offset: disabled [ 353.139204][T11378] Rebooting in 86400 seconds.. VM DIAGNOSIS: 23:56:03 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000002 RBX=0000000000000000 RCX=ffffffff8a1119ad RDX=ffff888023fe8000 RSI=0000000000000000 RDI=0000000000000005 RBP=ffff8880692818c0 RSP=ffffc90026c677f0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000080000002 R14=ffffffff902ff5a0 R15=0000000080000002 RIP=ffffffff8a1120f1 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977e7000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080321000 CR3=0000000026a89000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000066400000000 0000001500000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffff8880238da1f0 RBX=00000000000002df RCX=ffffffff82292be0 RDX=000000000000218c RSI=ffffffff82292bef RDI=00000000043e02e0 RBP=00000000000002df RSP=ffffc90007c9f218 R8 =0000000000000003 R9 =000000000000001f R10=0000000000000000 R11=0000000000007fb3 R12=00000000000021f0 R13=0000000000000454 R14=0000000000000000 R15=00000000043e02e0 RIP=ffffffff84ff88b5 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978e7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080336000 CR3=000000004e565000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffffff9129277d RBX=0000000000000001 RCX=ffffffff9129277a RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff9129277c RBP=ffffc9000e03f970 RSP=ffffc9000e03f8b8 R8 =1ffffffff22524ef R9 =0000000000000000 R10=ffffc9000e03f928 R11=00000000000133db R12=ffffc9000e03f978 R13=ffffc9000e03f928 R14=ffffc9000e03fe00 R15=ffffc9000e03f95c RIP=ffffffff8169aed4 RFL=00000a03 [-O----C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f2211b83880 ffffffff 00c00000 GS =0000 ffff8880979e7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00005595a1d85000 CR3=0000000020c86000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000004 Opmask01=0000000000020000 Opmask02=00000000effffdff Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055c68d4b5900 000055c68d4b5900 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055c68d4982e0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055c68d48e340 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f22115f1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffff00000000ff ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffffffffffffff ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 41c5ff61543d3210 737326b0a251302e ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737372f2 7373737373737373 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6961660064657373 65636f727020756c 6c2520716573006e 6f69746974726170 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30302c443230302c 433230302c423230 302c393230003737 3d5145534b534944 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0d0d11440f0d0d11 430f0d0d11420f0d 0d11040f0d000a0a 005145534b534944 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000181 000000336964696d 0033647261632f64 6e756f732f302e37 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 003a756b733a322e 392d3533712d6370 7276633a3174633a 554d45516e76633a ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 322e392d3533712d 63707276703a2939 3030322c39484349 2b35335128435064 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7261646e6174536e 703a554d45516e76 733a302e3072623a 343130322f31302f ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343064623a312b32 316f70627e322d33 2e36312e312d6e61 696265642d332e36 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000044 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854c74f5 RDI=ffffffff9ade4c80 RBP=ffffffff9ade4c40 RSP=ffffc900005df3a8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552033203a555043 R12=0000000000000000 R13=0000000000000044 R14=ffffffff9ade4c40 R15=ffffffff854c7490 RIP=ffffffff854c751f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097ae7000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f5105e7c CR3=0000000064f09000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000