last executing test programs: 17.000329635s ago: executing program 1 (id=251): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000080)={0x1, 0x0, {0x0, 0x0, 0x0, 0xa, 0x0, 0x61, 0x0, 0x3b000000}}) 16.999547133s ago: executing program 1 (id=252): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRES64=r0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000280)='./file1\x00') sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000f00)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, 0x0, {}, {0x0, 0xb}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f00000002c0)={@multicast1, @local}, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="00050000009500c000"], 0x14}, 0x1, 0x0, 0x0, 0x840}, 0x0) r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000280)={0x1c, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r2, 0x5b01, 0x0) r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000040000000060000000800000001000000", @ANYRES32, @ANYBLOB="000eb0c782075c17f90000000000000004000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYRESOCT=r4, @ANYRESDEC=r4, @ANYBLOB="0000000000000000000000000000000000000000c4f5b4f2fe3fd7d18923abaf53ba8dc3d8fcef6b8b23196f118d7ba7efc02b551d518dbf57fad978c2700cef395f8a32c909fd5745e523d1f7c647cb48b37299c990aa242955946539616ac0a5129760ec482287242eb71f7899d9c4ef3abc00f77dea506477e5ae06fc52e20f0a3dfde9d28d3d088b9a45c3eae2f19afdc1aa6336736fca55d6d09c022d04153580125d8f2a14857c", @ANYRESHEX=r1, @ANYRES32, @ANYBLOB="000000000000000000008500"/29], 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_lsm={0x2, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="5aaa00000001000079f5317910a80000050000950000000000000032ff8718aa90a651bb297dd1a127c69e4c"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = open(&(0x7f0000000080)='.\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='./file1\x00', r5, &(0x7f0000000100)='./file1\x00') ioctl$AUTOFS_IOC_CATATONIC(r3, 0x9362, 0x0) r6 = openat$autofs(0xffffff9c, &(0x7f0000000140), 0x28000, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r6, 0xc0189376, &(0x7f0000000180)={{0x1, 0x1, 0x18, r5, {0x1ff}}, './file1\x00'}) link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') sendto$inet(r0, 0x0, 0x0, 0x20000ff9, &(0x7f0000000240)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0, 0x407006}, 0x104) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) 13.950343568s ago: executing program 1 (id=274): r0 = socket(0x10, 0x80803, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) gettid() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, r4}, [@IFA_TARGET_NETNSID={0x8}, @IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x5889}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8000103}]}, 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0x8080) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000300)={0x3c, @empty, 0x4e22, 0x2, 'fo\x00', 0x1, 0x10, 0x6e}, 0x2c) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0) rt_sigqueueinfo(0x0, 0x2a, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x800823, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000050000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',grou', @ANYRESDEC=0x0, @ANYRES16=0x0]) r7 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRESDEC, @ANYBLOB=',wfdno=', @ANYBLOB="0000d01fbe26ed470e87b7283c3b43f5f9dfaa1bd77f9e35aade40c6cd6ec92f47ac758056a77f3b2d96868aa95dad07000000573692f7dcfc38932e4301b21f13d6122b2f9a92b38f4af6e8b4333f7d4a34be73a230d4a1dd53745dc7a91731046bda291101274dcc70999ac7826d6cb26f3b164ff2c86242fc75c406ce8a2d106d9870fddf79ed7eeaffc87d875631826fdadd3e9d258ad799a1047eee705da34a6900"]) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1c, 0x4, 0x8, 0x3, 0x12000, 0xffffffffffffffff, 0x2, '\x00', r6, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0, @void, @value, @value=r7}, 0x50) socket$rxrpc(0x21, 0x2, 0xa) 13.859788003s ago: executing program 1 (id=276): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46400) r1 = syz_io_uring_setup(0x3666, &(0x7f0000000100)={0x0, 0x0, 0x13791}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000001900)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}) io_uring_enter(r1, 0x689, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) 13.859304415s ago: executing program 1 (id=278): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x4, 0x2, 0x1, 0x2}}]}}]}, 0x44}, 0x1, 0x0, 0x60}, 0x80) 13.798900419s ago: executing program 1 (id=279): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r1}, 0x10) r3 = socket$kcm(0x10, 0x7, 0x10) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r4 = syz_io_uring_setup(0x218e, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)) sched_setaffinity(0x0, 0x8, &(0x7f00000004c0)=0x6) r5 = syz_open_dev$MSR(0x0, 0x0, 0x0) openat$vhost_vsock(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) fchmod(0xffffffffffffffff, 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r6}, 0x4) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r7}, 0x10) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x800000001, 0x0, 0x2, 0x0) io_uring_enter(r4, 0x0, 0x400000, 0x1, 0x0, 0x0) r8 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="10000000171401"], 0x10}}, 0x0) io_uring_enter(r4, 0x52e, 0x0, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[]) close(0xffffffffffffffff) ioperm(0x0, 0x5, 0xffffffffffffffff) open(0x0, 0x0, 0x60) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030023000b63d25a80648c2594f90124fc60100c170100040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) r9 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r9) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000400)='ns/mnt\x00') 6.199935476s ago: executing program 2 (id=334): sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0) getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000040), &(0x7f00000000c0)=0x4) socket$igmp6(0xa, 0x3, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000001880), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000b40), 0x2b842ac, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/fscaps', 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0) sendfile(r2, r1, 0x0, 0x7ffff000) 5.899624842s ago: executing program 2 (id=335): r0 = socket(0x10, 0x80803, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) gettid() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, r4}, [@IFA_TARGET_NETNSID={0x8}, @IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x5889}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8000103}]}, 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0x8080) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000300)={0x3c, @empty, 0x4e22, 0x2, 'fo\x00', 0x1, 0x10, 0x6e}, 0x2c) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0) rt_sigqueueinfo(0x0, 0x2a, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x800823, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000050000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id', @ANYRESDEC=0x0, @ANYRES16=0x0]) r7 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRESDEC, @ANYBLOB=',wfdno=', @ANYBLOB="0000d01fbe26ed470e87b7283c3b43f5f9dfaa1bd77f9e35aade40c6cd6ec92f47ac758056a77f3b2d96868aa95dad07000000573692f7dcfc38932e4301b21f13d6122b2f9a92b38f4af6e8b4333f7d4a34be73a230d4a1dd53745dc7a91731046bda291101274dcc70999ac7826d6cb26f3b164ff2c86242fc75c406ce8a2d106d9870fddf79ed7eeaffc87d875631826fdadd3e9d258ad799a1047eee705da34a6900"]) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1c, 0x4, 0x8, 0x3, 0x12000, 0xffffffffffffffff, 0x2, '\x00', r6, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0, @void, @value, @value=r7}, 0x50) socket$rxrpc(0x21, 0x2, 0xa) 5.830428123s ago: executing program 2 (id=336): socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000003340)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000600)='4', 0x1}], 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="06000000000000000100000044e8a147cc90010400005465ade1d46a59c9e4018112153e23b013d9f0b20cadb9a1b6e849fbef0e449d64", @ANYRES32=r0], 0x10}}], 0x1, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x39011, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$inet6(0xa, 0x3, 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in=@broadcast, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x32}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x7}}}, 0x19) listen(r1, 0x86) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet(0x2, 0x2, 0x1) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000940)='veth0_to_bridge\x00', 0x53) sendmsg$inet(r6, &(0x7f0000000100)={&(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)="08001e5e06a565e9", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) r7 = socket(0x1, 0x803, 0x0) clock_gettime(0x7, &(0x7f00000000c0)) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r8}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r8}}}}}}]}, 0x48}}, 0x0) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), 0xffffffffffffffff) r10 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80000) setsockopt$sock_int(r10, 0x1, 0xa, &(0x7f0000000000)=0x9, 0x4) sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="010700000000000000000a00000008000300", @ANYRES32], 0x1c}}, 0x0) 5.460163787s ago: executing program 3 (id=338): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) socket$inet(0x2, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x39}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xff}]}]}, 0x30}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r3, @ANYBLOB="010000000000fbdbdf25010000000800020000000000050005000000000008000300010000004800018005000200200000000600010002000000080006000a000000080003"], 0x84}}, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000400)='./file1/file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) setxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file1/file0\x00', &(0x7f0000000240), 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) chdir(&(0x7f0000000000)='./file0\x00') recvmsg(r5, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x1f00) connect$unix(r4, &(0x7f0000000140)=@abs, 0x6e) 4.590416818s ago: executing program 3 (id=339): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x500}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x800, 0x0, 0x6, 0x1, 0x81}, 0x1}}, @TCA_MPLS_TC={0x5, 0x6, 0x2}, @TCA_MPLS_PROTO={0x6, 0x4, 0x883e}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0) 4.590136869s ago: executing program 3 (id=340): rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) r0 = signalfd4(0xffffffffffffffff, &(0x7f00000004c0), 0x8, 0x0) r1 = io_uring_setup(0x64fb, &(0x7f0000000000)={0x0, 0xffff, 0x0, 0x3, 0x107}) poll(0x0, 0x0, 0x7ff) syz_usb_connect$cdc_ncm(0x0, 0x6e, 0x0, 0x0) dup2(r0, r1) r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) setsockopt$ax25_int(r2, 0x101, 0xa, &(0x7f0000000080)=0xbb1e, 0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(0xffffffffffffffff, 0x2d3e, 0x0, 0x0, 0x0, 0x0) unshare(0x62040200) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) 3.900399226s ago: executing program 0 (id=343): r0 = socket(0x10, 0x80803, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) gettid() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, r4}, [@IFA_TARGET_NETNSID={0x8}, @IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x5889}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8000103}]}, 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0x8080) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000300)={0x3c, @empty, 0x4e22, 0x2, 'fo\x00', 0x1, 0x10, 0x6e}, 0x2c) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0) rt_sigqueueinfo(0x0, 0x2a, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x800823, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000050000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id', @ANYRESDEC=0x0, @ANYRES16=0x0]) r7 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRESDEC, @ANYBLOB=',wfdno=', @ANYBLOB="0000d01fbe26ed470e87b7283c3b43f5f9dfaa1bd77f9e35aade40c6cd6ec92f47ac758056a77f3b2d96868aa95dad07000000573692f7dcfc38932e4301b21f13d6122b2f9a92b38f4af6e8b4333f7d4a34be73a230d4a1dd53745dc7a91731046bda291101274dcc70999ac7826d6cb26f3b164ff2c86242fc75c406ce8a2d106d9870fddf79ed7eeaffc87d875631826fdadd3e9d258ad799a1047eee705da34a6900"]) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1c, 0x4, 0x8, 0x3, 0x12000, 0xffffffffffffffff, 0x2, '\x00', r6, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0, @void, @value, @value=r7}, 0x50) socket$rxrpc(0x21, 0x2, 0xa) 3.819389257s ago: executing program 0 (id=344): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) r2 = getpid() r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020aed2, &(0x7f0000000000)={0xffffffffffffffff, 0x4, 0x2}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x18, 0x5, &(0x7f0000000240)=ANY=[@ANYRES8=r0], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x8a9d42fe5aa126ff, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @value}, 0x94) setpgid(r2, r2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000180)='tlb_flush\x00', r4}, 0x18) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000280)=""/54, 0x36}, {&(0x7f0000000380)=""/152, 0x98}], 0x2, &(0x7f0000000d00)=[{&(0x7f0000008480)=""/95, 0x5f}, {&(0x7f0000000440)=""/169, 0x16}, {&(0x7f0000000cc0)}], 0x3, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000500)=@nat={'nat\x00', 0x8, 0x5, 0x528, 0x32c, 0x32c, 0xffffffff, 0x32c, 0x32c, 0x460, 0x460, 0xffffffff, 0x460, 0x460, 0x5, 0x0, {[{{@ipv6={@loopback, @mcast1, [], [], 'veth0_to_bond\x00', 'team_slave_0\x00'}, 0x0, 0x10c, 0x154, 0x0, {}, [@common=@frag={{0x30}, {[], 0x0, 0x0, 0x7}}, @common=@unspec=@statistic={{0x38}}]}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x0, @ipv6=@mcast2, @ipv6=@private2, @icmp_id, @gre_key}}}, {{@ipv6={@private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth0_to_bond\x00', 'vlan0\x00'}, 0x0, 0xa4, 0xec}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x0, @ipv4=@local, @ipv6=@private2, @gre_key, @gre_key}}}, {{@uncond, 0x0, 0xa4, 0xec}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv6=@dev, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @port, @gre_key}}}, {{@uncond, 0x0, 0xec, 0x134, 0x0, {}, [@common=@hbh={{0x48}}]}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev}, @ipv4=@dev, @icmp_id}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0xfdf2) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1600f1210ba6285c95000080010000000008000071435eb4587b658659e69735b3521a4bc0fb4861f4f1ff51cfeca04ed2f4487a0af334ae91b022eb914e390e8aa8effd121d21a1aa463d1e70db6f893dbfc9ebe1776d2e5fc69c203fe9d24ea3772982b4e93fcabab1d1b2938fa76dd226b49c1a0029c885f653d713dbae871d9b96052d7d1db52c65a384adf50c87558d9162c0faa8a1157dc482a45d848b83fe864847cf4955d75b421806113e0394ce40d432ca630d1e265a73427ce76c25f553cd50ef74aba8895f5c77f6de35c3147efa733b9f92d74d53e7421e2a4861ab605c02f7cb68a500ca6b2e34e7097a114a0a861575883c07b8b7e89d98ef07b67897a8eb0ab2b7923ace56bc0f091076d6f0b02a3d3c56cb92d8c8776e6966af067b0cc570d551e2f151141bcdb119e44bfc60018d471447a3387d52093100d06b28712574664ff1a7e5c6ec0116abdf59a17ce507eb69494a1c5fadda7d84e6df51b21438d9c1d24f4afaefba52bd9fe2d548d3d8736136b39a022d52549be837f84878e0c147e80e3b63e120a5138735db8f456874ba98d8766d8e911e49851d7607a5f9e069f5b7b28dafef18d7aa0480db6f099bc3c44345db38", @ANYRES32, @ANYBLOB="0200"/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="05000000020000000400"/28], 0x48) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="020300030e000000000700000000000004000900a0000000e9255bb992464e73a02159d3720df19f7a1dfec30000000003000600000000000200000000000000000000000000000002000100000000fffffffb0d00000000030005000000000002"], 0x70}, 0x1, 0x7}, 0x0) r6 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VIDIOC_STREAMOFF(r6, 0x40045613, &(0x7f0000000180)=0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x26, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xfffffd11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r0, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) io_uring_setup(0x497c, &(0x7f00000001c0)={0x0, 0x0, 0x8}) 3.430409041s ago: executing program 0 (id=346): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000780), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)={0x30, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}]}]}, 0x30}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket(0x11, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) bind$packet(r5, &(0x7f0000000180)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r5, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="02011400012918000e3580009f0001140000002f0600ac141414e0000003808a8972bd0b72e41082b1a3d206"], 0xdd12}], 0x1}, 0x0) sendmsg$NL80211_CMD_ABORT_SCAN(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="040026bd8277fc9ffe8c6bcb7225c28d13cd5ab128a5203b00000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x44084) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001180)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_VALIDATE={0x8}]}}}]}, 0x3c}, 0x1, 0xba01}, 0x0) 2.777037701s ago: executing program 2 (id=347): r0 = socket$inet_sctp(0x2, 0x5, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = io_uring_setup(0x354a, &(0x7f0000000480)={0x0, 0xce40, 0x0, 0x0, 0x2cd}) r2 = socket$pppoe(0x18, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x4, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x13, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000010000008500000086000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0xfca804a0, 0x0, 0x8, 0x0, &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) connect$pppoe(r2, &(0x7f0000000240)={0x18, 0x0, {0x3, @dev, 'syz_tun\x00'}}, 0x1e) r5 = socket$pppl2tp(0x18, 0x1, 0x1) r6 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r5, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e) r7 = socket$pppl2tp(0x18, 0x1, 0x1) write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, {0x0, 0x0, 0x0, 0x3}}, 0x48) connect$pppl2tp(r7, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @private}, 0x2, 0xfffffffd}}, 0x2e) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r8, 0x40047438, &(0x7f0000000180)=""/234) ioctl$PPPIOCGFLAGS1(r8, 0x40047435, &(0x7f0000000280)) close_range(r1, 0xffffffffffffffff, 0x0) r9 = socket$phonet(0x23, 0x2, 0x1) sendto$phonet(r9, &(0x7f0000000040)="0bbab5943069427e115d649869c6dc499dfff39b58af73235d3daf66b4916a072f95455507dfdf30054fb84a85037599beed58978b3b85430e9d6ec6b05811b44ad9fc49ced50b230b6f78a9a8310d0324faf93659f545a45c8a755fd12c529a52f5ac0b8d015b414499767a826fd78d85a3a72f5c42902cc7ba1f1d8bfafaaa8f280a96c45295bb75d4880719c48ffa59434adf3716f93225b92e1dbc1ca5004499de14e9d16ac51b2c65d28568b4397b1721", 0xffffffffffffffe0, 0x4000, &(0x7f0000000100), 0x10) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, &(0x7f0000000040)) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000002c0)={r10, 0xffffffffffffffff, 0x2d, 0xa00, @void}, 0x10) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000040)=0x4083, 0x4) r11 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r11, 0x8922, &(0x7f0000000000)={'wg0\x00'}) r12 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r12, &(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10) listen(r12, 0x100001ff) 1.94041342s ago: executing program 3 (id=348): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000001000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/16, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = syz_open_procfs(0x0, &(0x7f0000000280)='oom_score_adj\x00') bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) preadv(r5, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x300, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0xfffffffffffffe85, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) keyctl$set_reqkey_keyring(0xe, 0x2) request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f0000000080)='^.}-].\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = dup3(r6, 0xffffffffffffffff, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340), 0x0, 0x0, 0x0}) socket$netlink(0x10, 0x3, 0x0) 1.820371509s ago: executing program 0 (id=349): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040001) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) socket(0x0, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) read(0xffffffffffffffff, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$sock_int(r2, 0x1, 0x29, 0x0, 0x0) write$binfmt_misc(r2, &(0x7f0000000300), 0x6) recvmmsg(r2, &(0x7f0000000600), 0x204083acb88ff8b, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r5], 0x90}}, 0x0) 1.820031286s ago: executing program 2 (id=350): r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=0xffffffffffffffff, 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) write$FUSE_WRITE(r1, &(0x7f00000000c0)={0x18}, 0xfdef) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x10, 0xffffffffffffffff, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c00080002"], 0x11) r5 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x18) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x42}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x83}, @NFTA_EXTHDR_LEN={0x8}]}}}]}]}], {0x14}}, 0x8c}}, 0x0) faccessat2(r5, &(0x7f0000000480)='./file0\x00', 0x0, 0x0) umount2(&(0x7f0000001540)='./file0\x00', 0x2) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_REG_PROTO_MIN={0x8}, @NFTA_NAT_FAMILY={0x8}, @NFTA_NAT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}]}], {0x14}}, 0x80}}, 0x0) dup3(r2, r3, 0x0) sendmsg$IPSET_CMD_GET_BYNAME(r1, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x50, 0xe, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0xc890}, 0x40) ioctl$BTRFS_IOC_FS_INFO(r0, 0x8400941f, &(0x7f0000000040)) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) 1.377416992s ago: executing program 0 (id=351): ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[], 0x2a, 0x0) syz_clone(0x0, 0x0, 0x21, 0x0, 0x0, 0x0) syz_io_uring_setup(0x7472, &(0x7f0000000080)={0x0, 0x6d7c, 0xdd8154d3511b851c, 0x1, 0x1df, 0x0, r0}, 0x0, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0x890b, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000002c0)={0x2, &(0x7f0000000300)=[{0x400, 0x0, 0x7, 0x7fffffff}, {0x3, 0x3, 0xa3, 0xfff}]}) mkdir(&(0x7f0000000240)='./file0\x00', 0x9c) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000012c0), 0x0, &(0x7f0000000440)=ANY=[]) read$FUSE(r3, &(0x7f000000b800)={0x2020}, 0x2020) write$FUSE_INIT(r3, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r3, &(0x7f00000021c0)="88561375e3cedcfd5fc2924b060b97dd0a63c19a1673c5a59844e81e780907ab2020ab0f35e4385cfb0178c58cc1a69e34c3b8f2ce12071111530aa54f1fc8ab55b269a38205fd7062fc37686d3f76e91e8faba529694c658b8d2941711b9033e745b415ca8b50b91049b3220d07b25d813f157d403142391ba569f10e1959585682fb244390d7619a80cd277230edadf6392f3e54fe532dfad1c5871f642e1b8537415828d5b84a8b800eb11677ca478f9ab858f9ef41f2be3b93d26b2e0a1e1cbbba1b659761104c05b51579f8bebbbc62037b6021ceb4ee1e3973da6db83929a130d7189bf8db62da4204995e8461368906451ed8d660a431209cd8009d9719d45c6935cd274387e8ee755d787391aab1adea623ad89ef7aecb2efd002a8b583334e76778b7bfac2cf917fd6437e0217a4d09fa4a7ee4407532a116e95530b29a13b4d30b2243b71ce2100644bc4bf76a1fba6d258b8e334a6fcc65c50983188d40abda13d3ad4fb5ebea8c5ed1da12a052b0d9e47223963547eb1fff49e530784849a816356b2db6e1edde4c456c9ac468daafde3634dd9ff4a77f999784fc7c0ff70e47b8328ed26f873b591c2e5df3b929ea4a90f21ba3b5735ad2904d21a3ce0e1e62c7e7d6e290786a79ab265809a66ea413e13001fd06f13cf104f0ba9c904c1105f588c046335ed15f57be82ae366b5c4db93b45643c7e7ad23d502280ab51222d45beb5a368e035fa018e3775ebe013532f698819744ec6ef9d7ae2e94db671d608960bb7a9d67342c63ff7311c83f44b63e5c9dba6eac685e58369ba29ab4fec6b149ea830ea328d6c30a6dcac94bbfe6cf99b8fd6eceff92645a20be002894922eb50c69675d7fca313e6da27571fa0b96cf238d364f4940af2fabdb0879411406d240efad3acc69e7ea9e96a175baf2747be385c310da6f89a1f0468ebe0ad4e9831140761e6f683b614a72238615bad44bfb714e0a2cb8c0473110884b43a04a13ccec6c37b0d2f128c37210f40619be38d3fd39e91c4d101a8542de9ff7b757bb1cf257921299ffb29eadae44a6433f05985cd52c2007addf6c4065e41159744bb541652f54519cdebdad9a440641f03f94976d30e40191d49f290517874647c6e3e2fed4684aa5adce565add83f8bf7b4452b84432c7befe12708341fed27c6c00ce03f494ae61b0c6f004884254d0f46be4408ead02485040346e262e341f3e28a053364638bd1f650f5433c62e81a991cf493760188fb471bc28fcfd75f6599eb4fd1c82c752c6d48c6aad113f681e257b011bd02f65018bc9d3e237ef3df63a0486376caf2f0053ebed5106c3b82e3a0e16d27f0799c435453fc4b3408fdf9aba2a13f74a59ea5c6c2e268265d9ad683bae5c2c4f35f8ad580c92576cdc9996e2db2ebd7306bc6112fdcc735b0521ba576a513b9ad9b7739e1e92c0397c1c3c80c09abdf2ed7d0afedf0a9d207b2e871c8702586933b70bae9f707074bf5e689c1e04db9667227f060346559a5657a752f6bdf4b7565f76c3276b2cdc84b3ee7a3fde39bebfe9d17936582d9286c2afc8b5b11869b099bb7c12275c9e403b2af9e7a02ec5e5cfaf0e35935924cca0d56d8cb2302dd6dbb4306661945f8f3d243f267d63c417f2c639fb6da33bd29413fd61556adafdee697f415973d2895291241e29e29329d2cc551593c90778f6f3a8d385c9d0f94fbe640481f33578c487916b869ca0460776aac739d04a1fa36cd0f96364a67a05c554d56f3a99482a9d15767ac60429c48f5eddb794dbd8b01f5a03a58e372506f2efd108a15cee16723075d9b9770c2439a714244da475679d7a9afd438e4a2e9d934a22bad744381ae34437e5498207292c92a59a2ead835b92853a51fbb0fc654d95fb0dad457349fee51957f469e4fd2517ddae6bd21d10c3a66fd5d78e1c2a375d57a191ee4c0404f81a12b5486e3745c018695ccdd4c2883adbb1b0aa84e8b415bce990ebb093c441e50ce5cba5320f1dea6a53cad39fdc73593522b22a73597bea301f97d36217e1f603dc8bb4ee6df783be44c6f546e1a2cb3c3af37a072a7b33d7e845a19746ef19ce76f06e5f0297dab074ef0a83c0d8cbaf2c64b7b39fa7c4bfc6a3ae6869ed8c2ab76d4e823ff1f6aea2a76da59e21469a3b05b59e633105a6d2c212c4a5816054ad3788e2e030e7cc597b18148902f4d1533b3169797bd774dd740021b79e8247ad78968abbb9cc989484ac73c94f60871b423f5f25ceea0266c8447636c142bd68b8121f631a095602deffdaa45010b431abed730bb7d8071a781eade15e5462c354991b0941ea781cc065589b174073467c440cd6c6309d28bb3670e09d067228d3198aec0a7b474ff893038a82469c53353278697a4ac6ef17a95dcfbaad17e50c9393a9a1a98cc6e2479c17d90a6fc4664730f0955411fe8ff1ef2e91d18121fa92784ccdc458a4992b1f14092f479552a4aec5743c2a3fa20339ba3e3c8fb71f3af1aefd4af0926ac79bc9cf585718a5c6bdd39965d927f54891b3c813e9c40dd20aa4070a0d1fc9c5bb983b5b414dfce5ecf772342d452df2b9801fafa5175aa1ec30a34c218470d0e12b1af338b1a33dfb602af455d0cf11c1ea340574a0efd18e2ced63b5eb26d7ae79ec4f79e26fbaf1e06bbb6634194130407e0987b055e5849730057c7c82058938dea1d2bcf1f22c552bfcc1bc54eb489cc30c9a054d9570af7c606f4aac06d9062aef022315486720e708189cb34281f8a3da3af6482257803728a6a90c286cf43f8084960136dae0f1433b6b12f65c9421ebcfa832ad9cf1090ea0efd3427a1a0a43822ba6e3469df9a76544552cff60f90605034a84b3bcafde9ff50341efbd03736f41d182847d993d6a9865ccef8dcfc324e2dd8434b55747ba901d3c2a447ef44eed3e14fc75e7eee242c1510caab1f9c231ac4bf884c222a90c5fa1b3924bbecc09df1e4183f56312d522d94acea745ba95f0356ded66d9a6fd3e64aff330ce308a568e44cf32843687fdeb8d3fea30fcb16b52ab32d83814d15c3dca33455f5cc2e1bf5ef07ea4d2f08cb3cd27cb165f4b537cbdd621b4914668c8a4880d4a27dc34accb3f897ec7278f224d9a48e847ba4534ab713a3d0ae79c8de6e209581be6d3cb3e1f683e431eb7ba09cb58a253e92f2c401cdb79600bc06b8173d495323bfc4f746331a6275c16543317207c6c654531df510940e76dd768b771b785693a45b2fe3df776cda79e51019a6a2b686be5753c361726044ce001d4b8983f979b3a0e74ca1979463a820c6acc160016498fa651ba4a40837b7dd06505c9f98f14e65b016cb0fc625b1f895bf1dedb65db34c0bd3edee5f57d9ccea30a270e5e505cbe08f7533ff19c35d01868072a824e5c61324bc94fa4005db983b88b2b8ee997584a2d66f57d32d415bdd9d2ea76b774cdf0023ca03953d16ddee81b03d7f2894eece8da779550583ab2e89d81fb07adc2d9b8a34f69edff2d9c29d9c2caa7654725173c90611438ccde64eb910861cc58626e24e4aac52440f2e86d3b5f45db5b816c199d35c4f7190844706e9a7fd17ceee0c390e0d362ef6a5df622af81bdac62b65921edaaa069515b5be28ba15cad4325569e1fd9d00b55412aeec169a2b0662d79428117333c95f69457e7ca38c70f8dc8ba69298d0c26750fa83bcd2cd6445b61bf94d8a86d416e1bcf0cd9a99a07b14b50e1659cff466f753e2d476dc93e567c397e6b3a7c5c72dd4bf12be48163604f1dd01ed86014976c4607c05358d72a2abb9275515a5435a24d6d3b359fed1c501001cce497a80998aef455c5b651e5654f756c3d1c3c862dd599d837f73c53b27174d3b5082de3a6ce0c5195f2821c4ce9d757d97c5d866ac674360a0079fd4f5161cd4202f013c44863ea212b58d112f7e52788f168ce0ebc86b2c28921a320aae39e8daba1159e984adf2cacbc786f8ac86ff5a089a3464dece4b6592d9ce354197a38974b6aa367d96f7c8abcbb6399bcd783e9c6adf37ec7f095e2dd3196e95e5182c4b07a9bc693e409ad2a3123f0167f8db01356e17c1d710efc274d9c591d6c415fdef8e384f9528c97c80f3818f88fc6ae99a09addaa12bc99ff457c70865e6d1f34e4a264e72b3a695b7cd99548622b332c2aa7729f8766a513216abe270045c6602e3f3162438636fcae08b26b1156408976e4fe7a391682f520cb6abd122ad01653847c25f68640ee8f83b41dbaa3dd70251e390c58b2c83e5b5be0ea25115d34d8b1e9b00b9e443de0e2bc8445d30fdcd30e4b0fe8b8112d85714c4bb69557d983c1d6bf0ff1af620c2ab60b4bd940843e9799afe891f6555fb7c978b79d81da536600e5522bdb706a2d54784247170c370bbbc9a5c7def8d1900e6ee11876c233d942b4a34c175ef6deccae457a8b0920d936467550f89dedd214c3896ee81e1989910dcb2d61a2707f8a03cdd592bb3aeb7f3655ffdfcd2e9d47e2c88b1befb48f5c474cc312c778980d97c99b0315d94c9a2f1ff239f7243732bed56e41b83bc2d34fbc5dab0084d10f86df6d97248bed4c0b0bed9df847fefa27f8109cb00eb50245e7f254d9716a49c5f78e7752e3af85a81a77f9a13d9d53c2e62ab874dc7b16096fb199e26906ee564b8f7592d7261f14e5ab7b608df0e47978dd8b097571f290c5af19f692d4f6a888d2c1edf7595baef6f72df3147daf99b043f7243afc93eb35db140292399f115233eb184529da46ff62a5c8bfbb9f21ca45472ac08f6f95ead110b00bd97535e7d27134d0e05005773c7dba8fa1b26b3bf11ba0a7c9240573120d60fd789a74b939f89b64576685b4145afe95c498f43c5520fd5e92b4dea2e0bc8b20b85a2f76a251c9d333574cdd3fa0546e51f66f1a8e4b7da1afe07e38cd1c7b2b145db23c9581a899b7e0544ea874f89cddfe7bc82f3c801800e69e87a3a59d2050e779ee96aa3d4adc5f150281f19a55f1e0a83306b36c055886a0d273d3668ac2e5b5fe2946d31c5f1aad7014c4bb5d172deeac11ff93d20888629b2ca82979305c05cfc966f1ee63fc2ba748a43ac20d9208d368e92562738f423537e5bd86c88b5a3d9dc42c327408fcae0e196f6e8323c422af68c3ca2ed9e5e5339096bb6c4fd4f4ca221a390b8f585e0bfe963158253bdb4fac0506a7af6ff7269e79e545ad0e447c754a3831691c9769675d28b6f152024b144bf1754cb8b19f94b52bfa3cdb4b435167f90a6c6a9671d99e2b3f273b37fd74859325e7fa88e48e97332b004bd9a5977c56e7e655cf215b0a4d3fd7d72114b39b223ab5ab71b05af57816d1bc416ada776b87374c8e6760c43a7843b0050a866ecc97239be825497a325389ba43362c9ca89f77a6931c6af7adbd81bb244fd182a5ff9ec70b2b15499c5cae0d5c43367b811e0394402914e018635854166c7965a6f0b9e42e0c2215950bd389974abbdcc4e81b99ca2ed9135aea9b7174e60290a7587d68be37e082664ce96f53a8424fe9e943bf9160941e87afe5c8b27fd3979c2bac550767f2917b27f0ae0ead2da35e525696572519b2e784df6d42303000000c2caee7bb7c0996c7d84385fd535975dbbc3c1b57684470bb2c0720827e21f768a0573ba731e56790751f1db9324575f32b6f36f6af0e48e5963c3cf5463f357aed5967dc924882d7a4810119a017e288b079cfccbef0ba011b1e017268391a2055da2d3ae2918c8497ca6256d4699223e3f0cb9879a7cc28c294388ea3ce3c891db063bf87960c0b7fbe40b5e87b3a8643ed7f8013a2278ac8763c98c35e8c67ac9b37e5c645410fed46fac099c4420615bc661fa6781785b406905aa6b1255b98fe1d9d9563e630a0999acbc92effb205ed7d72e33da9943b9571433c1448724beedc398a0d4ee3a5b5822971c20b8857539daba2b4af0d30c406f7c29016dd949bce4ce2a08b72df0d0b0667e3144fd8caad011ada8cba8c0af2fec12d784fc1a16fabfe23b0b09020c152aca72d76c10e533a4d633d9cdc405eb9be38fd15532285c5609443f5e3dab8a23f8e70ae8784c2df39bb0f7429b6cc1565a18d2f4172095481dafaf6ec565162da5143768aec5c06d90dc0a3cfdfb7d6dc779f8a2e6ce55a2facd2dc74ac49dffafab622eedce1cec9c4c5e3d2a0d2f4410aa5e021c59dda759bc9094719e107002ed5b3a43af2a8b9f0bd94bfe251712f666b65932dd1bf89d8db913ff73cbce75f50acf23c1a8895431167ebc4d96c4e6f1e9e79010892cc8f9a579187d8b7cebd324c068c17f1199270a747bc11fb9f28c2c57c755fcfc147c07286c81ec2c4978822776ebaa7603d8b26e453e31da70f4b81b886f29d9381276629dfa3353ebb06bc0f530203ba75c3a67952a0a4ea38d2c9cbc87655dbb89b3e4aeaed7c5d1c8b53bbba57af885819135336165942765a9d5d7f304ed8c072d7c7bfb42f6eeb8d496b6cd97198f29616fe0ce8cf84c1c9f3ddc6939dec40ae35b2dd98fa1c426acae95563945878927908a191900f3075937c46a974174cac6a64e3ca831c33936669f1824ccb2f9ce417488c49401a4f3b9dd175e53a4675555f223925eac18a4f666d965b5756019e357885e08b13e86e5d65eb921e914e91263c7ac1e788f5527bf8812c44e40a52ddce109c064b24ded74e71de466aa25dee328cbbcfd12ed871d294f637d8cd84792712c583f9e3112084fc400b466e2bc08f2fac3ca6c1416f35f9e5db4d25630b9b22df59872d529aeb8c8c110969795bfb7c1266f5c12a1d6974190a7ab5cbf241d2a01c73ea2fef89f73a4013daf8206e4c7e4c66c633580a805b29558b0ee2babe754ce72b5eeadb08c79559a33637cf5f8576b2488af23100d0f129dd8a76119757231967cded7f2ad428ac6e8653b153d11e8feefd284f15e33f16b0c621310920349962d4d863461417c626794a68bb56aa9390da27f9d84ee30afa453516f9159d7a4ba8bc5bb7c5f83a22864a8f4880db3136c74b4f24a566d47511320930cbcc9d79272809c2f6b80ded416cbed520caec0ed919d9f73bcef3ff52403fb3ac122b46c0d653822edf137a0d7ba5d40a14d496d54d3b0d81832cbe59f099fb7e1b5b354a4277c8c6656594c6ead452e19c8bc333eea2eca62e91a0a1357df71b4b29bb3daf7d293560daed4c841104a7379496518e9a215767cb4acf5c037bf38d87e88eba5a9813ec50cba4de85fffd2053a33ab1eceec33d68f02c88e86449be598c14537886dc998c581865639df463be6d1378351ea32c41bfc1bc7a1a9657791d3c6c689dfea3b1fe8875d550780bc1d2ce41a1e4df06bddd24862338302864876e90cb87c48f9130bd12de111568083534fe1fe0103e9ab33b27dc1f57b150d4b31df4c33bf2034eea04fc9c4d0f5ff3d318aa568e2644f20499f8f8253b0a27acaa8fbf318244594e8489659e6dac6aad3e7caee974e0b1af75f1966f1dfd42f43b38dd2c22c1cde4967b5bd2f710bda132d3940dba7fc862950b70693cc16aaa8260712300c0ef9ee3b229b6ec7a023d003463611e2e5f6663a6d698a11ab5c6e68aea3cadd5e70b4e7bbfa89a5ec957c4b440735101b3d74ff16559745da63e164e78ffdca6d24c28050adb4f7f83a97dc79181574f585a6a3803aa685dee4c9d7f7f6ec70739d02008f8570d1dac7536fcb3b7442ec0d133245a9d6f3710cda94a697a28b9e414f3d5a8bef260ff89afa19c88ee6d1bb6ceba25442ecfc622a418e418bc9d1106ec7bad2dd7904dfcf223d7f242b2d9601b0e2cd0d66234dc465ebe6e545cce3c6d455f92b8dbe44fa682dea23c7c899e657d9ef318b9452708f632a723a766fc2ece72719054c49e436fee43f0a7e30fedc73728606037d5baf5da4c1ba7c135217a2c3b554b9a848479ac4026f0233fce975e4be2334ae89092534274882bcb1c47a0eb6d37f002f1f40c7d695c3fe79539e9db03cf991bcf9d7ab5e8f5d8aeab92e301d5478194e0f2e497817d5817ba2f204604fabd2316a70cf26c349bec6b7eef4b4f0eaf7ce6cec6e72a01c695e39bfc75def5ac66cfdf00a0081fd39f6733118ae10271d2ba881da6d318d67cfd682f67087e8552f2267e26154685712a6cae98f29be33e67c2cc106a7c5edd710711f4a6f4dcba5590127bb4413b4f456b863892b930768e2b3dc52c2171446fa5857807404a750b3e576e437d39ac6c7692f6fb5dee3346e9066131d6d29ec84e2633c26507d283069bd0474f81f7fc8a043688644350800183f0911dac5b3e199f67457cf8450433ab2e94704ea7b93435cbe85ce079554f8bd8232637a1cca2b6cee8b03c3b3bdf103f4f2730c652f11ce0fbb170cbff639b2525b1586dba2c0c2fc34fe213f56225f568710c3bc9e3e60cc00737cd678a181b20bbab0f9332078065f4c595f7d0fb64bd110d1501a34486d4a84d611b004261b1cbe71390dc8c95d8973088113377ea5db5650e8208336ee68c28031a93b7c5756d90efb93e0716e6e0d880bdd7218327945c8ee6695e1f12536a03a7194766aa75226e73a008e57fb386d9c0f7a5667f0046652a186487e906c9ea26a7b735cb5f34086691bac1c6c170825c2b01c30e52ddcf0a757c0dd410620a065af8ee8310bf9cf6295aeaa8cd3089bf3e7fd84d6f5a19a08dbc583329cc9ec7e2e5e7ab2e1eb42548275e752d73e96f97e6af7f9a2266704f144713ad4e7f9b2a1310d732272e8d8a198d5133873bc1c9afb6dce6e679d7d657516b5dc4668d91b24cf58bb0dad3283fc8400affc85fbacc8ca35c86b747342d74c865f7c78a044e54c0fcf8a25efb8e48566db41cfe95b63b578a6a92b683de51dd6a2c218af5db0967a5cd2f2da24e486993bf3eaa2786140a0159fc5ea8794615965dbf5f74be5b94ee3a401ad2ef2d04ceba39e2b7c95f867e148991952af9e7e1863151eeae788f558d43cd597f6cf66e59cc0094ddcc8c50d05e65052abd5dba0fd855184b6c3f6d305ec62c6a12f2a0cac79a18d6bd2fce6005088c61fda3e933ceb4ed039c09ceb3b9cf3605c3987daed7cd1f412964d4da7b2ab84f22ac6360bac2760928764228eaa49682d6bc2b8fc176270a6a50592a23b891c0a1e19484073d55ca40c479421493774dacce53a2d8aa38b046cd44336a0f08f4181520745507eb92ffb2dafe5359fe031624f49133969a339d8c01b34ba36bec79f9c739b38099caebecbff814beb2a391a1bf7e1183a0fb338a73d1871313bf0e4f915116c8c232a6cfb500ed3e6628ef4aeb2c45904ae97b7ca1f33bf35f59b3d5522fc54a25297b1b6d91b5661e2b038128799774d9d8fc3df4540f4c00b855f92e71745fb86a533a1d30998c7c2c019e263abdbf86ab63009bec16b8144b8c666cb471e0e18f8122523cd3a51161d1b12ac304b65a5372ac5033ddc223bdfeca6257c58f74550c78a8dd311ce57a15e41cf5cce5d439078b54013360109456e72e25862c7f158d7b1ff6204d037c796f222e3345bd2e17a01e82f2a25fdf70c69ae26abb80205b64dbf858b2366769458909e3ecfe8b0299d5316e927e4516b373743c5db9bb0acfa33030d5cce93dbd80f2fb7d204097d2d339cffb16040eff76260bb335fde0cf3b4eb4bf42dbff194f69b0c1954ed603466c58215bdaf14532a2a649deafba687554523781a7b021897f2e6b0050710586004839347ff86dbd49f49d4fe330a1fb1381a19a4911f9a85d1b9be5cc746494199f3205b23197fbe59a327dd230513adc06e9a741504b20969739aa31060f46ebde78c00b59c3376c14f364d2d2d829a401274180b45d142e685a6d40d16d58f732463792d7cff3f54ae531407874bba2d76fda338707b1e5cfaf032c355beb150eacbf012052a2e0e320495937d653d84228a81377fe6562bf89fca985303f572311016903dcb643dc59e6270154b2cfe5f5254501324344fa6358140b53f9c6e8d2a66edad2318830413771151114e7cd4738b2d262924ec034738cbb34f2955dcda36af11f8d94719c549501b0f1a9c65624620ff5e67649408d7c3bcc2bc0f7be140b91875b3cffc825ec4d20fdaacefaecd621b7ebdedda588736da48382269560a898b34abf25edde9c9c29757147f56ae50d1cc44175d51be95ee25476cf66436b16b27af5e0cc53155c7390fc41fc93c39c723cded0fecc5100d72c28e001efa779d2de988e10c4b08afe9de283ae624930fe0aa1a4c180a4410460d26aebab56a9f3bc23c6a12e845e8788ceba101e90b24b15a7a73d83cbf5880a319a75e696ddda562af233ef09222e0d6064089b174d10c27329a092fda25565f62ff6998c3c2f67c9616978e59f1b5a1a13fc4f1fcdfcf074ddfd7f5f2123a4179a1d16b9896d550d0a5064def1872d5b5784251ca08a1971716017672ee6f2604c34ab4b25736a22c3f2fb884bdefc5c96b4a751b9227a56ba2018bdcf105acda5e4fefbc597ede7821393793298f3383179715fb1d82cfb80bb2cb49fd295cda2a3d05c3a3fcf6a9b5484d651c436a6be510e038ca0219950e12cc41ae283e935866c9c3149cc317c10d20d02fbeabdda8a5b0191223ffa2463dd49151f083d24896093e12ce394d412a3c0f58bd067bc023cfb91ca9a436d60e23493957357378a2b6853e9b73aab0c0066942f2c0b68ebf6aaf3f1f8be855f84c0668b254fa6abab62e741160d585ae10b626df83d55fa3a2083fe1527687495be317a2058c6d2fd6f7260ede3a52746a72584fbe64032208eb7eed004970709ea0f20ee506c58ed28e966cde5cb578718bbd1a6d8656189ac7d68b854862c06f6ec35a5d53f3d237223fababaa7f1912dcee4082804ee97d15e57e6be2bf5905eae353e50f5e4d4627f4f7c9e97e5403e65918c5c23c715d04210b608ab18d0c0927d852e64d25caf8ae7ed216176dd69f5088d42d4125c9e441d28a9e704944fb1867e11533b32e3c4dbd155d7f2f069728a8050328f7e6db0a56e6979fffbf2a35a02afce0f7d43ae1cb07b1fb0864eb83491b543cb5db7ea80c89839676d013dc0481c1d4883707dc28a86cf5a000fcf047db8ee18e4ec60f1e2badee8ff320fc33053290150d4144011ebc896f8f445ca38ea68d563afba9818851138f34c3f3fb6965c26d90e690e19c24876003c180c91425907703a49abd9f7966e45297e11d7d6defeedc5dbe53229ce0f119612365fc9c17e5cf17f246f88b81740c25162fb92452b98214ea354f10e80c481d5db8085d51af184ec88b0ee0ebf4c6f1557f1c890cf123b43ac3379fb96a11c9f8eda1be31c2405c2053e97417a34ac7a5fc63327d30e12362204aabd8a7dd6e8b4bebf8ac49ae4cbe1d7521104b7904c0858330412eba8ad700ff9ce0ec65db6da00b0f0dc02f9e3dfa6116c3c84a1213c1dc73bb0578f01b6b234a91b64600d187e22a6685a1492bdbcbeeaac93251ec74192425eacc6195496c6cd72a9f4bde03afc6555fcf29eae938f4cbacb9c99b9116064844db79971d2c391219f876b6b4b1f7252d1ccf061bcaf21cd4676b74", 0x2000, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_GET_CLIENT(r4, 0x401c5820, &(0x7f0000000080)={0x0, 0x0, {}, {0xee01}}) close_range(r2, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syslog(0x2, &(0x7f0000006900)=""/91, 0x5b) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000100)=0x80000) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) 907.483198ms ago: executing program 2 (id=352): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040001) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) socket(0x0, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) read(0xffffffffffffffff, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$sock_int(r2, 0x1, 0x29, 0x0, 0x0) write$binfmt_misc(r2, &(0x7f0000000300), 0x6) recvmmsg(r2, &(0x7f0000000600), 0x204083acb88ff8b, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r5], 0x90}}, 0x0) 850.4443ms ago: executing program 3 (id=353): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040001) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) socket(0x0, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x14, 0x4, 0x6, 0x201}, 0x14}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$sock_int(r2, 0x1, 0x29, 0x0, 0x0) write$binfmt_misc(r2, &(0x7f0000000300), 0x6) recvmmsg(r2, &(0x7f0000000600), 0x204083acb88ff8b, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r5], 0x90}}, 0x0) 69.725699ms ago: executing program 0 (id=354): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1181}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000640)={0x20, 0x0, &(0x7f0000000e00)=[@request_death={0x400c6313}, @clear_death], 0x0, 0x0, 0x0}) 0s ago: executing program 3 (id=355): r0 = socket(0x10, 0x80803, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) gettid() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, r4}, [@IFA_TARGET_NETNSID={0x8}, @IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x5889}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8000103}]}, 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0x8080) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000300)={0x3c, @empty, 0x4e22, 0x2, 'fo\x00', 0x1, 0x10, 0x6e}, 0x2c) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0) rt_sigqueueinfo(0x0, 0x2a, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x800823, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000050000,user_id=', @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYRES16=0x0]) r7 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRESDEC, @ANYBLOB=',wfdno=', @ANYBLOB="0000d01fbe26ed470e87b7283c3b43f5f9dfaa1bd77f9e35aade40c6cd6ec92f47ac758056a77f3b2d96868aa95dad07000000573692f7dcfc38932e4301b21f13d6122b2f9a92b38f4af6e8b4333f7d4a34be73a230d4a1dd53745dc7a91731046bda291101274dcc70999ac7826d6cb26f3b164ff2c86242fc75c406ce8a2d106d9870fddf79ed7eeaffc87d875631826fdadd3e9d258ad799a1047eee705da34a6900"]) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1c, 0x4, 0x8, 0x3, 0x12000, 0xffffffffffffffff, 0x2, '\x00', r6, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0, @void, @value, @value=r7}, 0x50) socket$rxrpc(0x21, 0x2, 0xa) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:60510' (ED25519) to the list of known hosts. [ 34.544606][ T5334] cgroup: Unknown subsys name 'net' [ 34.700731][ T5334] cgroup: Unknown subsys name 'cpuset' [ 34.704238][ T5334] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 35.502619][ T5334] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 37.833449][ T65] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 37.836462][ T65] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 37.844559][ T5352] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 37.846896][ T5352] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 37.847956][ T5354] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 37.849318][ T5352] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 37.851277][ T5354] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 37.854305][ T5352] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 37.854740][ T5354] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 37.856353][ T5352] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 37.858321][ T5358] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 37.862966][ T5358] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 37.865995][ T5358] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 37.868524][ T5352] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 37.869231][ T5356] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 37.872634][ T5354] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 37.872891][ T5352] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 37.873471][ T5356] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 37.874129][ T5356] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 37.874485][ T5356] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 37.874825][ T5354] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 37.875576][ T5359] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 37.875822][ T5359] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 37.877805][ T5352] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 38.017632][ T5355] chnl_net:caif_netlink_parms(): no params data found [ 38.073411][ T5345] chnl_net:caif_netlink_parms(): no params data found [ 38.093317][ T5344] chnl_net:caif_netlink_parms(): no params data found [ 38.150893][ T5355] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.153111][ T5355] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.155125][ T5355] bridge_slave_0: entered allmulticast mode [ 38.157218][ T5355] bridge_slave_0: entered promiscuous mode [ 38.160476][ T5355] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.162368][ T5355] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.164251][ T5355] bridge_slave_1: entered allmulticast mode [ 38.166256][ T5355] bridge_slave_1: entered promiscuous mode [ 38.224582][ T5344] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.226522][ T5344] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.228706][ T5344] bridge_slave_0: entered allmulticast mode [ 38.230735][ T5344] bridge_slave_0: entered promiscuous mode [ 38.236476][ T5355] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.240675][ T5355] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.243149][ T5348] chnl_net:caif_netlink_parms(): no params data found [ 38.255592][ T5344] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.257516][ T5344] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.259719][ T5344] bridge_slave_1: entered allmulticast mode [ 38.261788][ T5344] bridge_slave_1: entered promiscuous mode [ 38.309037][ T5344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.311547][ T5345] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.313549][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.315419][ T5345] bridge_slave_0: entered allmulticast mode [ 38.317478][ T5345] bridge_slave_0: entered promiscuous mode [ 38.321723][ T5345] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.323618][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.325472][ T5345] bridge_slave_1: entered allmulticast mode [ 38.327694][ T5345] bridge_slave_1: entered promiscuous mode [ 38.342672][ T5355] team0: Port device team_slave_0 added [ 38.345418][ T5344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.363467][ T5355] team0: Port device team_slave_1 added [ 38.380457][ T5345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.420430][ T5344] team0: Port device team_slave_0 added [ 38.423057][ T5345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.427151][ T5344] team0: Port device team_slave_1 added [ 38.441585][ T5355] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.443446][ T5355] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.450822][ T5355] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.469594][ T5348] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.471490][ T5348] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.473384][ T5348] bridge_slave_0: entered allmulticast mode [ 38.475375][ T5348] bridge_slave_0: entered promiscuous mode [ 38.501626][ T5355] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.503481][ T5355] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.510834][ T5355] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.514530][ T5348] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.516401][ T5348] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.518296][ T5348] bridge_slave_1: entered allmulticast mode [ 38.520711][ T5348] bridge_slave_1: entered promiscuous mode [ 38.542361][ T5345] team0: Port device team_slave_0 added [ 38.544268][ T5344] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.546098][ T5344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.552935][ T5344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.566723][ T5348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.569921][ T5345] team0: Port device team_slave_1 added [ 38.580510][ T5344] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.582384][ T5344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.590649][ T5344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.594982][ T5348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.605255][ T5345] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.607115][ T5345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.614142][ T5345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.617808][ T5345] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.619750][ T5345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.626371][ T5345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.680634][ T5348] team0: Port device team_slave_0 added [ 38.684602][ T5355] hsr_slave_0: entered promiscuous mode [ 38.686540][ T5355] hsr_slave_1: entered promiscuous mode [ 38.709505][ T5345] hsr_slave_0: entered promiscuous mode [ 38.711464][ T5345] hsr_slave_1: entered promiscuous mode [ 38.713319][ T5345] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.715410][ T5345] Cannot create hsr debugfs directory [ 38.717823][ T5348] team0: Port device team_slave_1 added [ 38.738728][ T5344] hsr_slave_0: entered promiscuous mode [ 38.741009][ T5344] hsr_slave_1: entered promiscuous mode [ 38.742837][ T5344] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.744801][ T5344] Cannot create hsr debugfs directory [ 38.761671][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.763528][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.770145][ T5348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.774469][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.776296][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.783085][ T5348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.851478][ T5348] hsr_slave_0: entered promiscuous mode [ 38.853404][ T5348] hsr_slave_1: entered promiscuous mode [ 38.855150][ T5348] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.857064][ T5348] Cannot create hsr debugfs directory [ 39.034530][ T5355] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 39.039705][ T5355] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 39.042717][ T5355] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 39.046091][ T5355] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 39.062478][ T5345] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 39.066202][ T5345] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 39.069411][ T5345] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 39.072386][ T5345] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 39.103503][ T5344] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 39.106688][ T5344] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 39.124380][ T5344] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 39.127856][ T5344] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 39.152150][ T5355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.156972][ T5348] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 39.161045][ T5348] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 39.167007][ T5348] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 39.170908][ T5348] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 39.178590][ T5355] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.196651][ T1096] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.198703][ T1096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.203951][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.205872][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.221676][ T5345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.235974][ T5345] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.244958][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.246857][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.256190][ T1194] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.258089][ T1194] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.272869][ T5344] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.298898][ T5348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.301902][ T5344] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.311515][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.313411][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.322939][ T5348] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.325710][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.327806][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.335225][ T1096] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.337110][ T1096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.345846][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.347754][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.367408][ T5348] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 39.370865][ T5348] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.399949][ T5345] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.405094][ T5355] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.433217][ T5345] veth0_vlan: entered promiscuous mode [ 39.443047][ T5355] veth0_vlan: entered promiscuous mode [ 39.446001][ T5345] veth1_vlan: entered promiscuous mode [ 39.454806][ T5355] veth1_vlan: entered promiscuous mode [ 39.460529][ T5344] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.468306][ T5348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.480982][ T5345] veth0_macvtap: entered promiscuous mode [ 39.485298][ T5355] veth0_macvtap: entered promiscuous mode [ 39.493124][ T5345] veth1_macvtap: entered promiscuous mode [ 39.500476][ T5355] veth1_macvtap: entered promiscuous mode [ 39.515908][ T5344] veth0_vlan: entered promiscuous mode [ 39.522917][ T5355] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.525111][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.527893][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.531417][ T5345] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.537300][ T5344] veth1_vlan: entered promiscuous mode [ 39.542175][ T5348] veth0_vlan: entered promiscuous mode [ 39.544450][ T5345] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.546554][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.549422][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.552513][ T5355] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.560189][ T5355] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.562589][ T5355] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.564848][ T5355] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.567108][ T5355] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.572787][ T5345] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.575097][ T5345] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.577343][ T5345] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.579725][ T5345] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.586422][ T5348] veth1_vlan: entered promiscuous mode [ 39.603639][ T5344] veth0_macvtap: entered promiscuous mode [ 39.612776][ T5344] veth1_macvtap: entered promiscuous mode [ 39.620732][ T5348] veth0_macvtap: entered promiscuous mode [ 39.629283][ T5348] veth1_macvtap: entered promiscuous mode [ 39.635787][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.639033][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.641571][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.644239][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.647529][ T5344] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.655440][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.658162][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.661056][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.663702][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.666817][ T5344] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.677933][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.678935][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.680745][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.682808][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.685322][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.690278][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.692807][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.695465][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.700278][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.703233][ T5344] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.705558][ T5344] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.707823][ T5344] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.710650][ T5344] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.724438][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.727201][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.730131][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.732892][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.735421][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.738129][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.741758][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.747189][ T1095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.748492][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.750349][ T1095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.751313][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.755961][ T5348] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.758275][ T5348] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.760691][ T5348] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.762931][ T5348] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.789858][ T1095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.792012][ T1095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.792217][ T5345] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 39.805792][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.808170][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.831401][ T1194] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.833476][ T1194] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.837886][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.843553][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.856348][ T5408] dns_resolver: Unsupported server list version (0) [ 39.862152][ T5408] mmap: syz.0.1 (5408) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 39.867863][ T1095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.872495][ T1095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.958942][ T5351] Bluetooth: hci2: command tx timeout [ 39.958946][ T4780] Bluetooth: hci1: command tx timeout [ 39.959166][ T4780] Bluetooth: hci3: command tx timeout [ 39.963770][ T5352] Bluetooth: hci0: command tx timeout [ 40.072981][ T5420] syz.3.4 uses obsolete (PF_INET,SOCK_PACKET) [ 40.388486][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 40.532400][ T5428] bridge0: entered allmulticast mode [ 40.534863][ T5428] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 40.542635][ T5428] pimreg: entered allmulticast mode [ 40.552537][ T5428] pimreg: left allmulticast mode [ 40.554148][ T5428] bridge0: left allmulticast mode [ 40.594159][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 40.695508][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 40.861177][ T5430] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 40.868498][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 40.871639][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 41.262977][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 41.862364][ T5417] syz.1.2 (5417) used greatest stack depth: 20544 bytes left [ 42.038668][ T4780] Bluetooth: hci1: command tx timeout [ 42.040319][ T5352] Bluetooth: hci2: command tx timeout [ 42.049151][ T5352] Bluetooth: hci0: command tx timeout [ 42.050766][ T5352] Bluetooth: hci3: command tx timeout [ 42.358708][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 42.378476][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 42.392547][ T5446] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9'. [ 42.395004][ T5446] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9'. [ 43.035227][ T5455] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12'. [ 43.039730][ T5455] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12'. [ 43.201558][ T5458] capability: warning: `syz.3.13' uses deprecated v2 capabilities in a way that may be insecure [ 44.071841][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 44.118482][ T5352] Bluetooth: hci3: command tx timeout [ 44.119382][ T4780] Bluetooth: hci0: command tx timeout [ 44.120006][ T5352] Bluetooth: hci2: command tx timeout [ 44.121472][ T4780] Bluetooth: hci1: command tx timeout [ 44.268818][ T0] NOHZ tick-stop error: local softirq work is pending, handler #ca!!! [ 44.443857][ T5474] netlink: 28 bytes leftover after parsing attributes in process `syz.3.17'. [ 44.446277][ T5474] netlink: 28 bytes leftover after parsing attributes in process `syz.3.17'. [ 44.534546][ T5476] ubi0: attaching mtd0 [ 44.536947][ T5476] ubi0: scanning is finished [ 44.538291][ T5476] ubi0: empty MTD device detected [ 44.686515][ T5476] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 44.689845][ T5476] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 44.692675][ T5476] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 44.694612][ T5476] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 44.697208][ T5476] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 44.699595][ T5476] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 44.701827][ T5476] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1426927539 [ 44.704573][ T5476] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 44.707916][ T5478] ubi0: background thread "ubi_bgt0d" started, PID 5478 [ 45.273267][ T5489] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23'. [ 45.908429][ T5406] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 46.068477][ T5406] usb 5-1: Using ep0 maxpacket: 16 [ 46.072855][ T5406] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 46.074990][ T5406] usb 5-1: config 0 has no interface number 0 [ 46.076596][ T5406] usb 5-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 46.089152][ T5406] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 46.091520][ T5406] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 46.093630][ T5406] usb 5-1: Product: syz [ 46.095254][ T5406] usb 5-1: SerialNumber: syz [ 46.099737][ T5406] usb 5-1: config 0 descriptor?? [ 46.104677][ T5406] usbhid 5-1:0.8: couldn't find an input interrupt endpoint [ 46.143517][ T39] audit: type=1326 audit(1727663739.501:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5495 comm="syz.3.26" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x0 [ 46.198670][ T5347] Bluetooth: hci2: command tx timeout [ 46.198695][ T4780] Bluetooth: hci0: command tx timeout [ 46.200121][ T5352] Bluetooth: hci3: command tx timeout [ 46.200131][ T5347] Bluetooth: hci1: command tx timeout [ 46.261543][ T5506] dns_resolver: Unsupported server list version (0) [ 46.359419][ T5514] netlink: 28 bytes leftover after parsing attributes in process `syz.2.29'. [ 46.361816][ T5514] netlink: 28 bytes leftover after parsing attributes in process `syz.2.29'. [ 47.649869][ T39] audit: type=1326 audit(1727663741.011:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5526 comm="syz.1.34" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000 [ 47.655295][ T39] audit: type=1326 audit(1727663741.011:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5526 comm="syz.1.34" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000 [ 47.668419][ T39] audit: type=1326 audit(1727663741.011:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5526 comm="syz.1.34" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fef579 code=0x7ffc0000 [ 47.668440][ T39] audit: type=1326 audit(1727663741.011:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5526 comm="syz.1.34" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000 [ 47.668455][ T39] audit: type=1326 audit(1727663741.011:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5526 comm="syz.1.34" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000 [ 47.668470][ T39] audit: type=1326 audit(1727663741.011:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5526 comm="syz.1.34" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fef579 code=0x7ffc0000 [ 47.668484][ T39] audit: type=1326 audit(1727663741.011:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5526 comm="syz.1.34" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000 [ 47.668499][ T39] audit: type=1326 audit(1727663741.011:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5526 comm="syz.1.34" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000 [ 47.668515][ T39] audit: type=1326 audit(1727663741.021:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5526 comm="syz.1.34" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fef579 code=0x7ffc0000 [ 48.078719][ T5406] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 48.201774][ T5534] sp0: Synchronizing with TNC [ 48.248421][ T5406] usb 6-1: Using ep0 maxpacket: 16 [ 48.318429][ T5406] usb 6-1: device descriptor read/all, error -71 [ 48.417613][ T5540] netlink: 4 bytes leftover after parsing attributes in process `syz.3.38'. [ 48.427830][ T5540] FAULT_INJECTION: forcing a failure. [ 48.427830][ T5540] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 48.431581][ T5540] CPU: 0 UID: 0 PID: 5540 Comm: syz.3.38 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 48.434250][ T5540] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.437089][ T5540] Call Trace: [ 48.437993][ T5540] [ 48.438790][ T5540] dump_stack_lvl+0x16c/0x1f0 [ 48.440067][ T5540] should_fail_ex+0x497/0x5b0 [ 48.441344][ T5540] _copy_from_user+0x30/0xf0 [ 48.442583][ T5540] kvm_arch_vcpu_ioctl+0x1e54/0x4c80 [ 48.444004][ T5540] ? is_bpf_text_address+0x94/0x1a0 [ 48.445398][ T5540] ? kernel_text_address+0x8d/0x100 [ 48.446787][ T5540] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 48.448282][ T5540] ? stack_trace_save+0x95/0xd0 [ 48.449614][ T5540] ? __pfx___lock_acquire+0x10/0x10 [ 48.451601][ T5540] ? __pfx_mark_lock+0x10/0x10 [ 48.452910][ T5540] ? stack_depot_save_flags+0x28/0x900 [ 48.454406][ T5540] ? lock_acquire.part.0+0x11b/0x380 [ 48.455830][ T5540] ? kvm_vcpu_ioctl+0x1de/0x1510 [ 48.457182][ T5540] ? rcu_is_watching+0x12/0xc0 [ 48.458475][ T5540] ? trace_contention_end+0xea/0x140 [ 48.459902][ T5540] ? __mutex_lock+0x1a6/0x9c0 [ 48.461191][ T5540] ? kvm_vcpu_ioctl+0x1de/0x1510 [ 48.462528][ T5540] ? __pfx___mutex_lock+0x10/0x10 [ 48.463898][ T5540] ? find_held_lock+0x2d/0x110 [ 48.465204][ T5540] ? kvm_vcpu_ioctl+0x9e1/0x1510 [ 48.466537][ T5540] kvm_vcpu_ioctl+0x9e1/0x1510 [ 48.467830][ T5540] ? tomoyo_path_number_perm+0x467/0x5b0 [ 48.469377][ T5540] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 48.470774][ T5540] ? tomoyo_path_number_perm+0x190/0x5b0 [ 48.472277][ T5540] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 48.473850][ T5540] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 48.475422][ T5540] ? do_vfs_ioctl+0x513/0x1950 [ 48.476701][ T5540] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 48.478064][ T5540] ? trace_lock_acquire+0x14a/0x1d0 [ 48.479460][ T5540] kvm_vcpu_compat_ioctl+0x210/0x3f0 [ 48.480862][ T5540] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 48.482422][ T5540] ? __fget_files+0x244/0x3f0 [ 48.483676][ T5540] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 48.485232][ T5540] __do_compat_sys_ioctl+0x259/0x2b0 [ 48.486642][ T5540] __do_fast_syscall_32+0x73/0x120 [ 48.488019][ T5540] do_fast_syscall_32+0x32/0x80 [ 48.489614][ T5540] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.491369][ T5540] RIP: 0023:0xf7f76579 [ 48.492466][ T5540] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 48.497577][ T5540] RSP: 002b:00000000f56d556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 48.499779][ T5540] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000c048aeca [ 48.501878][ T5540] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 48.503985][ T5540] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 48.506088][ T5540] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 48.508186][ T5540] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.510315][ T5540] [ 48.511208][ C0] vkms_vblank_simulate: vblank timer overrun [ 48.684143][ T5346] usb 5-1: USB disconnect, device number 2 [ 48.703211][ T5544] netlink: 8 bytes leftover after parsing attributes in process `syz.0.39'. [ 48.850559][ T1997] kernel write not supported for file /radio5 (pid: 1997 comm: kworker/0:2) [ 48.892731][ T5552] netlink: 8 bytes leftover after parsing attributes in process `syz.1.43'. [ 49.173329][ T5558] capability: warning: `syz.1.45' uses 32-bit capabilities (legacy support in use) [ 49.302735][ T5562] process 'syz.3.46' launched './file0' with NULL argv: empty string added [ 49.311734][ T5563] FAULT_INJECTION: forcing a failure. [ 49.311734][ T5563] name failslab, interval 1, probability 0, space 0, times 0 [ 49.317886][ T5563] CPU: 2 UID: 0 PID: 5563 Comm: syz.0.47 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 49.321374][ T5563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 49.324396][ T5563] Call Trace: [ 49.325560][ T5563] [ 49.326573][ T5563] dump_stack_lvl+0x16c/0x1f0 [ 49.328188][ T5563] should_fail_ex+0x497/0x5b0 [ 49.329831][ T5563] should_failslab+0xc2/0x120 [ 49.331446][ T5563] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 49.333306][ T5563] ? skb_clone+0x190/0x3f0 [ 49.334847][ T5563] skb_clone+0x190/0x3f0 [ 49.336320][ T5563] netlink_deliver_tap+0xb26/0xcf0 [ 49.338087][ T5563] netlink_unicast+0x5e1/0x7f0 [ 49.339369][ T5563] ? __pfx_netlink_unicast+0x10/0x10 [ 49.341177][ T5563] ? const_folio_flags.constprop.0+0x56/0x150 [ 49.342795][ T5563] ? __phys_addr_symbol+0x30/0x80 [ 49.344515][ T5563] ? __check_object_size+0x488/0x710 [ 49.346332][ T5563] netlink_sendmsg+0x8b8/0xd70 [ 49.347625][ T5563] ? __pfx_netlink_sendmsg+0x10/0x10 [ 49.349458][ T5563] sock_write_iter+0x4fe/0x5b0 [ 49.351104][ T5563] ? __pfx_sock_write_iter+0x10/0x10 [ 49.352539][ T5563] ? bpf_lsm_file_permission+0x9/0x10 [ 49.354368][ T5563] ? security_file_permission+0x71/0x210 [ 49.355864][ T5563] vfs_write+0x6b5/0x1140 [ 49.357023][ T5563] ? __pfx_sock_write_iter+0x10/0x10 [ 49.358451][ T5563] ? trace_lock_acquire+0x14a/0x1d0 [ 49.359835][ T5563] ? __pfx_vfs_write+0x10/0x10 [ 49.361126][ T5563] ? __fget_files+0x40/0x3f0 [ 49.362360][ T5563] ksys_write+0x1fa/0x260 [ 49.363516][ T5563] ? __pfx_ksys_write+0x10/0x10 [ 49.364812][ T5563] __do_fast_syscall_32+0x73/0x120 [ 49.366198][ T5563] do_fast_syscall_32+0x32/0x80 [ 49.367499][ T5563] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 49.369212][ T5563] RIP: 0023:0xf7f85579 [ 49.370303][ T5563] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 49.375340][ T5563] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 49.378167][ T5563] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 49.380256][ T5563] RDX: 000000000000fe00 RSI: 0000000000000000 RDI: 0000000000000000 [ 49.382351][ T5563] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 49.384428][ T5563] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 49.386514][ T5563] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 49.388608][ T5563] [ 49.394929][ T5563] netlink: 'syz.0.47': attribute type 1 has an invalid length. [ 49.528407][ T5406] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 49.669797][ T5576] netlink: 8 bytes leftover after parsing attributes in process `syz.0.52'. [ 49.672601][ T5578] warning: `syz.2.53' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 49.692604][ T5406] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 49.695558][ T5406] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 49.698109][ T5406] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 49.700827][ T5406] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.707820][ T5406] usb 6-1: config 0 descriptor?? [ 49.716128][ T5580] binder: 5579:5580 ioctl c0306201 0 returned -14 [ 49.776122][ T5588] binder: 5579:5588 ioctl c0306201 20000640 returned -22 [ 49.810812][ T5587] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 49.915358][ T5558] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 49.920435][ T5558] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.015331][ T5591] FAULT_INJECTION: forcing a failure. [ 50.015331][ T5591] name failslab, interval 1, probability 0, space 0, times 0 [ 50.018814][ T5591] CPU: 2 UID: 0 PID: 5591 Comm: syz.0.57 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 50.021462][ T5591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 50.024211][ T5591] Call Trace: [ 50.025078][ T5591] [ 50.025867][ T5591] dump_stack_lvl+0x16c/0x1f0 [ 50.027117][ T5591] should_fail_ex+0x497/0x5b0 [ 50.028372][ T5591] ? fs_reclaim_acquire+0xae/0x160 [ 50.029740][ T5591] should_failslab+0xc2/0x120 [ 50.030983][ T5591] __kmalloc_node_noprof+0xd1/0x440 [ 50.032354][ T5591] ? alloc_slab_obj_exts+0x41/0xa0 [ 50.033706][ T5591] alloc_slab_obj_exts+0x41/0xa0 [ 50.035008][ T5591] __memcg_slab_post_alloc_hook+0x2a7/0x9b0 [ 50.036562][ T5591] ? kasan_save_track+0x14/0x30 [ 50.037859][ T5591] kmem_cache_alloc_lru_noprof+0x2c8/0x2f0 [ 50.039393][ T5591] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 50.040809][ T5591] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 50.042190][ T5591] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 50.043725][ T5591] alloc_inode+0x5d/0x230 [ 50.044870][ T5591] new_inode+0x22/0x210 [ 50.045982][ T5591] hugetlbfs_get_inode+0x2d2/0x530 [ 50.047333][ T5591] hugetlb_file_setup+0x15b/0x620 [ 50.048660][ T5591] ksys_mmap_pgoff+0x189/0x5c0 [ 50.049947][ T5591] ? __ia32_sys_mmap_pgoff+0x11/0x1b0 [ 50.051358][ T5591] __do_fast_syscall_32+0x73/0x120 [ 50.052706][ T5591] do_fast_syscall_32+0x32/0x80 [ 50.053996][ T5591] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 50.055658][ T5591] RIP: 0023:0xf7f85579 [ 50.056734][ T5591] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 50.061761][ T5591] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 50.063941][ T5591] RAX: ffffffffffffffda RBX: 0000000020400000 RCX: 0000000000c00000 [ 50.066016][ T5591] RDX: 0000000004000002 RSI: 0000000000050032 RDI: 00000000ffffffff [ 50.068081][ T5591] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 50.070166][ T5591] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 50.072234][ T5591] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 50.074312][ T5591] [ 50.127737][ T5406] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor [ 50.135898][ T5406] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:0926:3333.0002/input/input5 [ 50.205606][ T5594] Bluetooth: MGMT ver 1.23 [ 50.220608][ T5406] keytouch 0003:0926:3333.0002: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 50.343136][ T5406] usb 6-1: USB disconnect, device number 4 [ 50.423076][ T5598] pim6reg: entered allmulticast mode [ 50.427525][ T5598] pim6reg: left allmulticast mode [ 50.556713][ T5600] raw_sendmsg: syz.0.60 forgot to set AF_INET. Fix it! [ 50.616974][ T5604] grow_buffers: requested out-of-range block 18442240469787475967 for device sda1 [ 50.620104][ T5604] EXT4-fs warning (device sda1): ext4_resize_fs:2017: can't read last block, resize aborted [ 50.675313][ T5609] netlink: 8 bytes leftover after parsing attributes in process `syz.3.64'. [ 50.924545][ T5622] binder: 5621:5622 ioctl c0306201 0 returned -14 [ 50.977993][ T5623] binder: 5621:5623 ioctl c0306201 20000640 returned -22 [ 51.258498][ T5346] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 51.408397][ T5346] usb 6-1: Using ep0 maxpacket: 16 [ 51.411511][ T5346] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 51.416042][ T5346] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 51.418559][ T5346] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.420860][ T5346] usb 6-1: Product: syz [ 51.422080][ T5346] usb 6-1: Manufacturer: syz [ 51.423433][ T5346] usb 6-1: SerialNumber: syz [ 51.427505][ T5346] usb 6-1: config 0 descriptor?? [ 51.430063][ T5346] hub 6-1:0.0: bad descriptor, ignoring hub [ 51.431599][ T5346] hub 6-1:0.0: probe with driver hub failed with error -5 [ 51.434547][ T5346] input: syz syz as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input6 [ 51.484138][ T5630] netlink: 'syz.0.71': attribute type 1 has an invalid length. [ 51.486305][ T5630] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 51.488423][ T5630] IPv6: NLM_F_CREATE should be set when creating new route [ 51.728446][ T5352] Bluetooth: hci3: command 0x0405 tx timeout [ 51.837549][ T5635] netlink: 8 bytes leftover after parsing attributes in process `syz.3.73'. [ 51.929211][ T5404] usb 6-1: USB disconnect, device number 5 [ 51.981930][ T5640] netlink: zone id is out of range [ 51.986860][ T5640] netlink: zone id is out of range [ 51.989179][ T5640] netlink: zone id is out of range [ 51.991615][ T5640] netlink: zone id is out of range [ 52.007839][ T5640] netlink: set zone limit has 4 unknown bytes [ 52.068942][ T5640] netlink: 8 bytes leftover after parsing attributes in process `syz.3.74'. [ 52.072326][ T5643] ieee802154 phy0 wpan0: encryption failed: -22 [ 52.455981][ T5658] netlink: 156 bytes leftover after parsing attributes in process `syz.0.80'. [ 52.462883][ T5351] Bluetooth: hci2: ISO packet for unknown connection handle 48 [ 52.563813][ T5661] netlink: 8 bytes leftover after parsing attributes in process `syz.1.82'. [ 52.624779][ T5663] binder: 5659:5663 ioctl c0306201 20000640 returned -22 [ 53.464606][ T5691] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 54.521435][ T5702] ubi: mtd0 is already attached to ubi0 [ 54.608922][ T5711] binder: 5706:5711 ioctl c0306201 20000640 returned -22 [ 54.702222][ T5709] netlink: 28 bytes leftover after parsing attributes in process `syz.0.97'. [ 54.705234][ T5709] netlink: 28 bytes leftover after parsing attributes in process `syz.0.97'. [ 54.842643][ T5229] IPVS: starting estimator thread 0... [ 54.845401][ T5725] tipc: Started in network mode [ 54.848299][ T5725] tipc: Node identity ac1414aa, cluster identity 4711 [ 54.870114][ T5725] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 54.872241][ T5725] tipc: Enabled bearer , priority 10 [ 54.878243][ T5731] ======================================================= [ 54.878243][ T5731] WARNING: The mand mount option has been deprecated and [ 54.878243][ T5731] and is ignored by this kernel. Remove the mand [ 54.878243][ T5731] option from the mount to silence this warning. [ 54.878243][ T5731] ======================================================= [ 54.948589][ T5727] IPVS: using max 35 ests per chain, 84000 per kthread [ 55.009294][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 55.148445][ C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 55.298421][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 55.438396][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 55.459361][ T5741] binder: 5733:5741 ioctl c0306201 20000640 returned -22 [ 55.554464][ T5749] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.558321][ T5749] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.018704][ T5404] tipc: Node number set to 2886997162 [ 58.048529][ C0] net_ratelimit: 6 callbacks suppressed [ 58.048541][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 58.154131][ T5799] FAULT_INJECTION: forcing a failure. [ 58.154131][ T5799] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 58.157626][ T5799] CPU: 3 UID: 0 PID: 5799 Comm: syz.0.123 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 58.160294][ T5799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.163105][ T5799] Call Trace: [ 58.163989][ T5799] [ 58.164792][ T5799] dump_stack_lvl+0x16c/0x1f0 [ 58.166076][ T5799] should_fail_ex+0x497/0x5b0 [ 58.167319][ T5799] _copy_from_iter+0x29b/0x13e0 [ 58.168617][ T5799] ? __pfx__copy_from_iter+0x10/0x10 [ 58.170031][ T5799] ? __virt_addr_valid+0x1a4/0x590 [ 58.171386][ T5799] ? __virt_addr_valid+0x5e/0x590 [ 58.172732][ T5799] ? __phys_addr_symbol+0x30/0x80 [ 58.174095][ T5799] ? __check_object_size+0x488/0x710 [ 58.175496][ T5799] netlink_sendmsg+0x813/0xd70 [ 58.176759][ T5799] ? __pfx_netlink_sendmsg+0x10/0x10 [ 58.178154][ T5799] ? lock_acquire+0x2f/0xb0 [ 58.179360][ T5799] ____sys_sendmsg+0x9ae/0xb40 [ 58.180618][ T5799] ? __pfx_____sys_sendmsg+0x10/0x10 [ 58.182008][ T5799] ? get_compat_msghdr+0x11b/0x170 [ 58.183351][ T5799] ? __pfx___lock_acquire+0x10/0x10 [ 58.184718][ T5799] ___sys_sendmsg+0x135/0x1e0 [ 58.185970][ T5799] ? __pfx____sys_sendmsg+0x10/0x10 [ 58.187343][ T5799] ? lock_acquire+0x2f/0xb0 [ 58.188543][ T5799] ? __fget_files+0x40/0x3f0 [ 58.189783][ T5799] ? fdget+0x176/0x210 [ 58.190861][ T5799] __sys_sendmsg+0x117/0x1f0 [ 58.192080][ T5799] ? __pfx___sys_sendmsg+0x10/0x10 [ 58.193417][ T5799] ? __fget_files+0x244/0x3f0 [ 58.194664][ T5799] __do_fast_syscall_32+0x73/0x120 [ 58.196009][ T5799] do_fast_syscall_32+0x32/0x80 [ 58.197297][ T5799] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 58.198957][ T5799] RIP: 0023:0xf7f85579 [ 58.200038][ T5799] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 58.205044][ T5799] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 58.207215][ T5799] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200007c0 [ 58.209301][ T5799] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 58.211365][ T5799] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 58.213433][ T5799] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 58.215499][ T5799] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 58.217574][ T5799] [ 58.602129][ T5808] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.604850][ T5808] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.607365][ T5808] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.610192][ T5808] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.612702][ T5808] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.615531][ T5808] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.930062][ T5351] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 58.932364][ T5351] Bluetooth: hci2: Injecting HCI hardware error event [ 58.935038][ T5352] Bluetooth: hci2: hardware error 0x00 [ 59.040361][ T5828] netlink: 28 bytes leftover after parsing attributes in process `syz.1.132'. [ 59.044333][ T5828] netlink: 28 bytes leftover after parsing attributes in process `syz.1.132'. [ 59.078515][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 59.508712][ T1283] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 59.515536][ T1283] hid-generic 0000:0000:0000.0003: hidraw1: HID v0.00 Device [syz0] on syz0 [ 60.128484][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 60.929960][ T5853] netlink: 28 bytes leftover after parsing attributes in process `syz.3.136'. [ 60.932213][ T5853] netlink: 28 bytes leftover after parsing attributes in process `syz.3.136'. [ 60.998425][ T5352] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 61.158399][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 61.533339][ T5876] bridge0: entered allmulticast mode [ 61.545016][ T5876] pimreg: entered allmulticast mode [ 61.555311][ T5876] pimreg: left allmulticast mode [ 61.557725][ T5876] bridge0: left allmulticast mode [ 62.208395][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 62.448455][ T1283] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 62.618456][ T1283] usb 6-1: Using ep0 maxpacket: 16 [ 62.623576][ T1283] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 62.625699][ T1283] usb 6-1: config 0 has no interface number 0 [ 62.628555][ T1283] usb 6-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 62.639551][ T1283] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 62.642612][ T1283] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 62.645340][ T1283] usb 6-1: Product: syz [ 62.646772][ T1283] usb 6-1: SerialNumber: syz [ 62.668854][ T1283] usb 6-1: config 0 descriptor?? [ 62.674024][ T1283] usbhid 6-1:0.8: couldn't find an input interrupt endpoint [ 63.238408][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 63.362325][ T5909] input: syz0 as /devices/virtual/input/input7 [ 63.417296][ T5910] FAULT_INJECTION: forcing a failure. [ 63.417296][ T5910] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 63.421179][ T5910] CPU: 0 UID: 0 PID: 5910 Comm: syz.2.154 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 63.424219][ T5910] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 63.426813][ T5910] Call Trace: [ 63.427681][ T5910] [ 63.428698][ T5910] dump_stack_lvl+0x16c/0x1f0 [ 63.430292][ T5910] should_fail_ex+0x497/0x5b0 [ 63.431890][ T5910] _copy_from_user+0x30/0xf0 [ 63.433464][ T5910] input_event_from_user+0x22d/0x3b0 [ 63.435251][ T5910] ? __pfx_input_event_from_user+0x10/0x10 [ 63.437220][ T5910] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 63.439179][ T5910] ? input_event+0x8e/0xa0 [ 63.440693][ T5910] uinput_write+0xbb6/0x12b0 [ 63.442678][ T5910] ? __pfx_uinput_write+0x10/0x10 [ 63.444351][ T5910] ? bpf_lsm_file_permission+0x9/0x10 [ 63.446168][ T5910] ? security_file_permission+0x71/0x210 [ 63.448062][ T5910] ? __pfx_uinput_write+0x10/0x10 [ 63.449422][ T5910] vfs_write+0x28e/0x1140 [ 63.450873][ T5910] ? __fget_files+0x23a/0x3f0 [ 63.452450][ T5910] ? __pfx_lock_release+0x10/0x10 [ 63.454183][ T5910] ? trace_lock_acquire+0x14a/0x1d0 [ 63.455907][ T5910] ? __pfx_vfs_write+0x10/0x10 [ 63.457524][ T5910] ? lock_acquire+0x2f/0xb0 [ 63.458807][ T5910] ? __fget_files+0x40/0x3f0 [ 63.460025][ T5910] ? __fget_files+0x244/0x3f0 [ 63.461266][ T5910] ksys_write+0x1fa/0x260 [ 63.462596][ T5910] ? __pfx_ksys_write+0x10/0x10 [ 63.464234][ T5910] __do_fast_syscall_32+0x73/0x120 [ 63.465986][ T5910] do_fast_syscall_32+0x32/0x80 [ 63.467618][ T5910] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 63.469285][ T5910] RIP: 0023:0xf745e579 [ 63.470360][ T5910] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 63.475351][ T5910] RSP: 002b:00000000f572556c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 63.477526][ T5910] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200021c0 [ 63.479589][ T5910] RDX: 000000000000045c RSI: 0000000000000000 RDI: 0000000000000000 [ 63.481654][ T5910] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 63.483720][ T5910] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 63.485785][ T5910] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 63.487837][ T5910] [ 64.163563][ T5923] netlink: 28 bytes leftover after parsing attributes in process `syz.3.157'. [ 64.168920][ T5923] netlink: 28 bytes leftover after parsing attributes in process `syz.3.157'. [ 64.288391][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 64.620159][ T5939] netlink: 'syz.3.165': attribute type 3 has an invalid length. [ 64.622200][ T5939] netlink: 'syz.3.165': attribute type 3 has an invalid length. [ 64.646326][ T5939] sg_write: data in/out 9180/251 bytes for SCSI command 0x15-- guessing data in; [ 64.646326][ T5939] program syz.3.165 not setting count and/or reply_len properly [ 65.224251][ T63] usb 6-1: USB disconnect, device number 6 [ 65.318450][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 65.658417][ T35] usb 6-1: new low-speed USB device number 7 using dummy_hcd [ 65.811064][ T35] usb 6-1: config index 0 descriptor too short (expected 1307, got 27) [ 65.813203][ T35] usb 6-1: config 0 has an invalid interface number: 0 but max is -1 [ 65.815260][ T35] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 65.817531][ T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 65.828551][ T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 65.833788][ T35] usb 6-1: string descriptor 0 read error: -22 [ 65.835423][ T35] usb 6-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 65.837763][ T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.840627][ T35] usb 6-1: config 0 descriptor?? [ 65.843862][ T35] hub 6-1:0.0: bad descriptor, ignoring hub [ 65.845417][ T35] hub 6-1:0.0: probe with driver hub failed with error -5 [ 65.848294][ T35] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input8 [ 66.004423][ T5959] input: syz0 as /devices/virtual/input/input9 [ 66.020636][ T5959] netlink: 8 bytes leftover after parsing attributes in process `syz.2.170'. [ 66.321963][ T5385] usb 6-1: USB disconnect, device number 7 [ 66.358651][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 66.452212][ T39] kauditd_printk_skb: 2 callbacks suppressed [ 66.452223][ T39] audit: type=1326 audit(1727663759.811:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.0.173" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x0 [ 67.032863][ T5988] netlink: 28 bytes leftover after parsing attributes in process `syz.3.176'. [ 67.035195][ T5988] netlink: 28 bytes leftover after parsing attributes in process `syz.3.176'. [ 67.182460][ T5986] netlink: 28 bytes leftover after parsing attributes in process `syz.1.177'. [ 67.184847][ T5986] netlink: 28 bytes leftover after parsing attributes in process `syz.1.177'. [ 67.398488][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 67.868965][ T5994] netlink: 8 bytes leftover after parsing attributes in process `syz.3.179'. [ 67.870795][ T5995] ieee802154 phy0 wpan0: encryption failed: -22 [ 67.994657][ T5997] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 68.060169][ T6000] netlink: 4 bytes leftover after parsing attributes in process `syz.3.181'. [ 68.199544][ T6004] FAULT_INJECTION: forcing a failure. [ 68.199544][ T6004] name failslab, interval 1, probability 0, space 0, times 0 [ 68.203058][ T6004] CPU: 3 UID: 0 PID: 6004 Comm: syz.2.183 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 68.205730][ T6004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.208467][ T6004] Call Trace: [ 68.209353][ T6004] [ 68.210147][ T6004] dump_stack_lvl+0x16c/0x1f0 [ 68.211445][ T6004] should_fail_ex+0x497/0x5b0 [ 68.212672][ T6004] should_failslab+0xc2/0x120 [ 68.213935][ T6004] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 68.215328][ T6004] ? dev_queue_xmit_nit+0x43/0xba0 [ 68.216649][ T6004] ? skb_clone+0x190/0x3f0 [ 68.217818][ T6004] skb_clone+0x190/0x3f0 [ 68.218963][ T6004] dev_queue_xmit_nit+0x38f/0xba0 [ 68.220270][ T6004] dev_hard_start_xmit+0x56/0x790 [ 68.221575][ T6004] ? __dev_queue_xmit+0x252/0x4400 [ 68.222910][ T6004] __dev_queue_xmit+0x7c7/0x4400 [ 68.224143][ T6004] ? __pfx___dev_queue_xmit+0x10/0x10 [ 68.225523][ T6004] ? rcu_is_watching+0x12/0xc0 [ 68.226770][ T6004] ? __copy_skb_header+0x2e8/0x5b0 [ 68.228098][ T6004] ? __skb_clone+0x570/0x760 [ 68.229318][ T6004] netlink_deliver_tap+0xa8a/0xcf0 [ 68.230632][ T6004] netlink_unicast+0x5e1/0x7f0 [ 68.231911][ T6004] ? __pfx_netlink_unicast+0x10/0x10 [ 68.233284][ T6004] ? __phys_addr_symbol+0x30/0x80 [ 68.234581][ T6004] ? __check_object_size+0x488/0x710 [ 68.235932][ T6004] netlink_sendmsg+0x8b8/0xd70 [ 68.237191][ T6004] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.238588][ T6004] ? lock_acquire+0x2f/0xb0 [ 68.239804][ T6004] ____sys_sendmsg+0x9ae/0xb40 [ 68.241037][ T6004] ? __pfx_____sys_sendmsg+0x10/0x10 [ 68.242388][ T6004] ? get_compat_msghdr+0x11b/0x170 [ 68.243737][ T6004] ? __pfx___lock_acquire+0x10/0x10 [ 68.245080][ T6004] ___sys_sendmsg+0x135/0x1e0 [ 68.246289][ T6004] ? __pfx____sys_sendmsg+0x10/0x10 [ 68.247638][ T6004] ? lock_acquire+0x2f/0xb0 [ 68.248836][ T6004] ? __fget_files+0x40/0x3f0 [ 68.250037][ T6004] ? fdget+0x176/0x210 [ 68.251089][ T6004] __sys_sendmsg+0x117/0x1f0 [ 68.252306][ T6004] ? __pfx___sys_sendmsg+0x10/0x10 [ 68.253629][ T6004] ? __fget_files+0x244/0x3f0 [ 68.254857][ T6004] __do_fast_syscall_32+0x73/0x120 [ 68.256196][ T6004] do_fast_syscall_32+0x32/0x80 [ 68.257472][ T6004] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 68.259106][ T6004] RIP: 0023:0xf745e579 [ 68.260169][ T6004] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 68.265130][ T6004] RSP: 002b:00000000f574656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 68.267252][ T6004] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 68.269315][ T6004] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 68.271351][ T6004] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 68.273374][ T6004] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 68.275413][ T6004] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 68.277519][ T6004] [ 68.438447][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 69.109064][ T6023] netlink: 8 bytes leftover after parsing attributes in process `syz.3.188'. [ 69.138888][ T6024] netlink: 28 bytes leftover after parsing attributes in process `syz.0.187'. [ 69.141707][ T6024] netlink: 28 bytes leftover after parsing attributes in process `syz.0.187'. [ 69.488483][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 69.938615][ T63] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 70.003427][ T6046] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.099276][ T63] usb 6-1: Using ep0 maxpacket: 16 [ 70.103436][ T63] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 70.105556][ T63] usb 6-1: config 0 has no interface number 0 [ 70.107132][ T63] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 70.111023][ T63] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 70.115092][ T63] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 70.117426][ T63] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 70.120006][ T63] usb 6-1: Product: syz [ 70.121209][ T63] usb 6-1: SerialNumber: syz [ 70.124604][ T63] usb 6-1: config 0 descriptor?? [ 70.127291][ T63] cm109 6-1:0.8: invalid payload size 0, expected 4 [ 70.130716][ T63] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.8/input/input10 [ 70.330280][ C2] cm109 6-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 70.528430][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 70.568307][ C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 70.570495][ C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 70.572497][ C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 70.575045][ C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 70.576996][ T1951] usb 6-1: USB disconnect, device number 8 [ 70.578565][ C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 70.578576][ C2] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 70.594508][ T1951] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 70.840088][ T1375] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.841729][ T1375] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.941073][ T6075] evm: overlay not supported [ 71.277451][ T6080] __nla_validate_parse: 4 callbacks suppressed [ 71.277463][ T6080] netlink: 28 bytes leftover after parsing attributes in process `syz.1.203'. [ 71.281490][ T6080] netlink: 28 bytes leftover after parsing attributes in process `syz.1.203'. [ 71.459287][ T6087] netlink: 4 bytes leftover after parsing attributes in process `syz.1.207'. [ 71.512150][ T6089] FAULT_INJECTION: forcing a failure. [ 71.512150][ T6089] name failslab, interval 1, probability 0, space 0, times 0 [ 71.515509][ T6089] CPU: 0 UID: 0 PID: 6089 Comm: syz.1.208 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 71.518152][ T6089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.520898][ T6089] Call Trace: [ 71.521776][ T6089] [ 71.522545][ T6089] dump_stack_lvl+0x16c/0x1f0 [ 71.523774][ T6089] should_fail_ex+0x497/0x5b0 [ 71.525006][ T6089] ? fs_reclaim_acquire+0xae/0x160 [ 71.526378][ T6089] should_failslab+0xc2/0x120 [ 71.527644][ T6089] kmem_cache_alloc_lru_noprof+0x72/0x2f0 [ 71.529278][ T6089] ? __d_alloc+0x35/0x8c0 [ 71.530452][ T6089] __d_alloc+0x35/0x8c0 [ 71.531578][ T6089] d_alloc+0x4a/0x1e0 [ 71.532661][ T6089] d_alloc_parallel+0xe9/0x12b0 [ 71.533966][ T6089] ? __pfx_lock_release+0x10/0x10 [ 71.535282][ T6089] ? __pfx_d_alloc_parallel+0x10/0x10 [ 71.536679][ T6089] ? lockdep_init_map_type+0x16d/0x7d0 [ 71.538101][ T6089] ? lockdep_init_map_type+0x16d/0x7d0 [ 71.539524][ T6089] proc_fill_cache+0x2eb/0x470 [ 71.540783][ T6089] ? __pfx_proc_fd_instantiate+0x10/0x10 [ 71.542255][ T6089] ? __pfx_proc_fill_cache+0x10/0x10 [ 71.543634][ T6089] ? __pfx_vsnprintf+0x10/0x10 [ 71.544900][ T6089] ? proc_readfd_common+0x1d3/0x990 [ 71.546251][ T6089] ? snprintf+0xc8/0x100 [ 71.547372][ T6089] ? proc_readfd_common+0x1d3/0x990 [ 71.548771][ T6089] proc_readfd_common+0x254/0x990 [ 71.550126][ T6089] ? __pfx_proc_fd_instantiate+0x10/0x10 [ 71.551588][ T6089] ? __pfx_proc_readfd_common+0x10/0x10 [ 71.553047][ T6089] ? down_read_killable+0xcc/0x380 [ 71.554386][ T6089] ? __pfx_down_read_killable+0x10/0x10 [ 71.555833][ T6089] ? apparmor_file_permission+0x251/0x400 [ 71.557339][ T6089] iterate_dir+0x52f/0xb40 [ 71.558515][ T6089] __ia32_sys_getdents64+0x14c/0x2e0 [ 71.559887][ T6089] ? __pfx___ia32_sys_getdents64+0x10/0x10 [ 71.561429][ T6089] ? __pfx_filldir64+0x10/0x10 [ 71.562698][ T6089] __do_fast_syscall_32+0x73/0x120 [ 71.564043][ T6089] do_fast_syscall_32+0x32/0x80 [ 71.565381][ T6089] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 71.567088][ T6089] RIP: 0023:0xf7fef579 [ 71.568147][ T6089] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 71.573411][ T6089] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 00000000000000dc [ 71.575795][ T6089] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020002f40 [ 71.577939][ T6089] RDX: 0000000000001002 RSI: 0000000000000000 RDI: 0000000000000000 [ 71.580135][ T6089] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 71.582261][ T6089] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 71.584282][ T6089] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 71.586306][ T6089] [ 71.587317][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 71.637510][ T6092] FAULT_INJECTION: forcing a failure. [ 71.637510][ T6092] name failslab, interval 1, probability 0, space 0, times 0 [ 71.637547][ T6092] CPU: 0 UID: 0 PID: 6092 Comm: syz.0.209 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 71.637559][ T6092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.637566][ T6092] Call Trace: [ 71.637569][ T6092] [ 71.637574][ T6092] dump_stack_lvl+0x16c/0x1f0 [ 71.637594][ T6092] should_fail_ex+0x497/0x5b0 [ 71.637608][ T6092] ? fs_reclaim_acquire+0xae/0x160 [ 71.637624][ T6092] should_failslab+0xc2/0x120 [ 71.637639][ T6092] __kmalloc_cache_noprof+0x6b/0x310 [ 71.637651][ T6092] ? ww_mutex_lock+0x37/0x140 [ 71.637665][ T6092] ? vkms_plane_duplicate_state+0x45/0x130 [ 71.637682][ T6092] vkms_plane_duplicate_state+0x45/0x130 [ 71.637701][ T6092] drm_atomic_get_plane_state+0x20b/0x590 [ 71.637717][ T6092] drm_client_modeset_commit_atomic+0x246/0x800 [ 71.637729][ T6092] ? __pfx___bpf_trace_contention_end+0x10/0x10 [ 71.637748][ T6092] ? trace_contention_end+0xea/0x140 [ 71.637763][ T6092] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 71.637774][ T6092] ? trace_contention_end+0xea/0x140 [ 71.637789][ T6092] ? drm_master_internal_acquire+0x21/0x80 [ 71.637808][ T6092] ? rcu_is_watching+0x12/0xc0 [ 71.637825][ T6092] drm_client_modeset_dpms+0x17e/0x210 [ 71.637838][ T6092] drm_fb_helper_blank+0x13d/0x260 [ 71.637850][ T6092] ? __pfx_drm_fb_helper_blank+0x10/0x10 [ 71.637859][ T6092] fb_blank+0x105/0x190 [ 71.637870][ T6092] ? __pfx_fb_blank+0x10/0x10 [ 71.637880][ T6092] ? lock_acquire+0x2f/0xb0 [ 71.637897][ T6092] do_fb_ioctl+0x432/0x7d0 [ 71.637910][ T6092] ? __pfx_do_fb_ioctl+0x10/0x10 [ 71.637921][ T6092] ? tomoyo_path_number_perm+0x292/0x5b0 [ 71.637947][ T6092] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 71.637977][ T6092] fb_compat_ioctl+0x55f/0x670 [ 71.637989][ T6092] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 71.638004][ T6092] ? __fget_files+0x244/0x3f0 [ 71.638018][ T6092] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 71.638031][ T6092] __do_compat_sys_ioctl+0x259/0x2b0 [ 71.638064][ T6092] __do_fast_syscall_32+0x73/0x120 [ 71.638080][ T6092] do_fast_syscall_32+0x32/0x80 [ 71.638093][ T6092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 71.638108][ T6092] RIP: 0023:0xf7f85579 [ 71.638117][ T6092] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 71.638126][ T6092] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 71.638137][ T6092] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004611 [ 71.638144][ T6092] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000 [ 71.638150][ T6092] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 71.638156][ T6092] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 71.638163][ T6092] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 71.638177][ T6092] [ 72.007134][ T6107] netlink: 28 bytes leftover after parsing attributes in process `syz.2.213'. [ 72.010368][ T6107] netlink: 28 bytes leftover after parsing attributes in process `syz.2.213'. [ 72.221534][ T6110] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 72.528595][ T63] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 72.598441][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 72.647039][ T6125] netlink: 12 bytes leftover after parsing attributes in process `syz.0.219'. [ 72.678483][ T63] usb 8-1: Using ep0 maxpacket: 32 [ 72.682227][ T63] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 72.686557][ T63] usb 8-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 72.689181][ T63] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.691821][ T63] usb 8-1: Product: syz [ 72.693310][ T63] usb 8-1: Manufacturer: syz [ 72.694591][ T63] usb 8-1: SerialNumber: syz [ 72.696843][ T63] usb 8-1: config 0 descriptor?? [ 72.698587][ T6119] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 72.700937][ T63] hub 8-1:0.0: bad descriptor, ignoring hub [ 72.703446][ T63] hub 8-1:0.0: probe with driver hub failed with error -5 [ 72.706329][ T63] input: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input11 [ 72.862310][ T6133] binder: 6130:6133 ioctl c0306201 20000680 returned -14 [ 72.904994][ T5406] usb 8-1: USB disconnect, device number 2 [ 72.905042][ C2] usbtouchscreen 8-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 72.930452][ T6138] netlink: 4 bytes leftover after parsing attributes in process `syz.0.224'. [ 72.986525][ T6146] netlink: 12 bytes leftover after parsing attributes in process `syz.1.227'. [ 73.306782][ T6169] netlink: 4 bytes leftover after parsing attributes in process `syz.3.236'. [ 73.314830][ T6169] netlink: 20 bytes leftover after parsing attributes in process `syz.3.236'. [ 73.548542][ T35] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 73.558521][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 73.638437][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 73.678515][ T35] usb 8-1: device descriptor read/64, error -71 [ 73.728832][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 73.739612][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 73.759100][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid maxpacket 50259, setting to 1024 [ 73.764116][ T9] usb 5-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 73.766644][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.768770][ T9] usb 5-1: Product: syz [ 73.769870][ T9] usb 5-1: Manufacturer: syz [ 73.771136][ T9] usb 5-1: SerialNumber: syz [ 73.780280][ T9] usb 5-1: config 0 descriptor?? [ 73.782327][ T6168] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 73.788867][ T9] hub 5-1:0.0: bad descriptor, ignoring hub [ 73.790434][ T9] hub 5-1:0.0: probe with driver hub failed with error -5 [ 73.795175][ T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 73.918450][ T35] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 74.048484][ T35] usb 8-1: device descriptor read/64, error -71 [ 74.158600][ T35] usb usb8-port1: attempt power cycle [ 74.381257][ T6190] netlink: 'syz.1.242': attribute type 11 has an invalid length. [ 74.383412][ T6190] netlink: 'syz.1.242': attribute type 5 has an invalid length. [ 74.485856][ T6193] netlink: 'syz.1.243': attribute type 10 has an invalid length. [ 74.490631][ T6193] team0: Cannot enslave team device to itself [ 74.498492][ T35] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 74.519411][ T35] usb 8-1: device descriptor read/8, error -71 [ 74.688676][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 74.768419][ T35] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 74.788907][ T35] usb 8-1: device descriptor read/8, error -71 [ 74.908567][ T35] usb usb8-port1: unable to enumerate USB device [ 75.582582][ T6215] autofs: Bad value for 'fd' [ 75.718429][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 75.818477][ T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 75.960566][ T25] cfg80211: failed to load regulatory.db [ 75.980383][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 75.983356][ T9] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 75.985510][ T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 75.987994][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 75.998462][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 76.008407][ T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 76.012956][ T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 76.016193][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.223967][ T9] usb 6-1: usb_control_msg returned -32 [ 76.231048][ T9] usbtmc 6-1:16.0: can't read capabilities [ 76.255710][ T9] libceph: connect (1)[c::]:6789 error -101 [ 76.257565][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 76.299398][ T6240] ceph: No mds server is up or the cluster is laggy [ 76.322819][ T39] audit: type=1326 audit(1727663769.681:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6239 comm="syz.2.262" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x0 [ 76.411556][ T6247] __nla_validate_parse: 5 callbacks suppressed [ 76.411568][ T6247] netlink: 8 bytes leftover after parsing attributes in process `syz.3.264'. [ 76.640049][ T6261] netlink: 52 bytes leftover after parsing attributes in process `syz.3.268'. [ 76.650147][ T6261] veth1_macvtap: entered allmulticast mode [ 76.758463][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 77.168627][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 77.798444][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 78.038554][ T1951] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 78.198615][ T5406] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 78.281970][ T39] audit: type=1326 audit(1727663771.641:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.3.270" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7fc00000 [ 78.587767][ T25] usb 6-1: USB disconnect, device number 9 [ 78.643948][ T6282] netlink: 8 bytes leftover after parsing attributes in process `syz.1.274'. [ 78.838592][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 79.051401][ T6305] Bluetooth: MGMT ver 1.23 [ 79.168681][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.236916][ T6308] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 79.274564][ T39] audit: type=1326 audit(1727663772.631:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.2.285" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 79.298476][ T39] audit: type=1326 audit(1727663772.631:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.2.285" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 79.326709][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.329400][ T5406] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.343999][ T39] audit: type=1326 audit(1727663772.631:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.2.285" exe="/syz-executor" sig=0 arch=40000003 syscall=182 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 79.358469][ T39] audit: type=1326 audit(1727663772.631:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.2.285" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 79.364005][ T39] audit: type=1326 audit(1727663772.631:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.2.285" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 79.378458][ T39] audit: type=1326 audit(1727663772.631:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.2.285" exe="/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 79.384345][ T39] audit: type=1326 audit(1727663772.631:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.2.285" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 79.392119][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.428935][ T6320] netlink: 8 bytes leftover after parsing attributes in process `syz.0.284'. [ 79.801279][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.888431][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 80.091338][ T6330] tipc: Started in network mode [ 80.092682][ T6330] tipc: Node identity ffffffff, cluster identity 4711 [ 80.094529][ T6330] tipc: Node number set to 4294967295 [ 80.405650][ T6337] netlink: 60 bytes leftover after parsing attributes in process `syz.3.293'. [ 80.416304][ T6337] Êü: entered promiscuous mode [ 80.460587][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.732777][ T6346] netlink: 8 bytes leftover after parsing attributes in process `syz.2.297'. [ 80.808000][ T6351] ALSA: mixer_oss: invalid index -1404626105 [ 80.918435][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 81.488553][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.793572][ T6365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.303'. [ 81.800253][ T6365] vlan2: entered allmulticast mode [ 81.801681][ T6365] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 82.274537][ T6372] netlink: 8 bytes leftover after parsing attributes in process `syz.2.306'. [ 82.370032][ T6374] FAULT_INJECTION: forcing a failure. [ 82.370032][ T6374] name failslab, interval 1, probability 0, space 0, times 0 [ 82.373399][ T6374] CPU: 1 UID: 0 PID: 6374 Comm: syz.0.307 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 82.375924][ T6374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 82.378611][ T6374] Call Trace: [ 82.379470][ T6374] [ 82.380237][ T6374] dump_stack_lvl+0x16c/0x1f0 [ 82.381674][ T6374] should_fail_ex+0x497/0x5b0 [ 82.382932][ T6374] ? fs_reclaim_acquire+0xae/0x160 [ 82.384292][ T6374] should_failslab+0xc2/0x120 [ 82.385514][ T6374] __kmalloc_cache_noprof+0x6b/0x310 [ 82.386857][ T6374] ? vlan_vid_add+0x3d0/0x730 [ 82.388060][ T6374] vlan_vid_add+0x3d0/0x730 [ 82.389252][ T6374] register_vlan_dev+0xc2/0x940 [ 82.390504][ T6374] ? vlan_changelink+0x2c3/0x5e0 [ 82.391774][ T6374] vlan_newlink+0x40e/0x6a0 [ 82.392998][ T6374] ? __pfx_vlan_newlink+0x10/0x10 [ 82.394343][ T6374] __rtnl_newlink+0x119c/0x1920 [ 82.395653][ T6374] ? __pfx___rtnl_newlink+0x10/0x10 [ 82.397042][ T6374] rtnl_newlink+0x67/0xa0 [ 82.398186][ T6374] ? __pfx_rtnl_newlink+0x10/0x10 [ 82.399516][ T6374] rtnetlink_rcv_msg+0x3c7/0xea0 [ 82.400855][ T6374] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 82.402289][ T6374] ? __pfx___dev_queue_xmit+0x10/0x10 [ 82.403703][ T6374] netlink_rcv_skb+0x165/0x410 [ 82.404989][ T6374] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 82.406423][ T6374] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 82.407861][ T6374] ? netlink_deliver_tap+0x1ae/0xcf0 [ 82.409370][ T6374] netlink_unicast+0x53c/0x7f0 [ 82.410753][ T6374] ? __pfx_netlink_unicast+0x10/0x10 [ 82.412277][ T6374] ? __phys_addr_symbol+0x30/0x80 [ 82.413750][ T6374] ? __check_object_size+0x488/0x710 [ 82.415324][ T6374] netlink_sendmsg+0x8b8/0xd70 [ 82.416689][ T6374] ? __pfx_netlink_sendmsg+0x10/0x10 [ 82.418207][ T6374] ? lock_acquire+0x2f/0xb0 [ 82.419497][ T6374] ____sys_sendmsg+0x9ae/0xb40 [ 82.420722][ T6374] ? __pfx_____sys_sendmsg+0x10/0x10 [ 82.422089][ T6374] ? get_compat_msghdr+0x11b/0x170 [ 82.423398][ T6374] ? __pfx___lock_acquire+0x10/0x10 [ 82.424712][ T6374] ___sys_sendmsg+0x135/0x1e0 [ 82.425920][ T6374] ? __pfx____sys_sendmsg+0x10/0x10 [ 82.427258][ T6374] ? lock_acquire+0x2f/0xb0 [ 82.428446][ T6374] ? __fget_files+0x40/0x3f0 [ 82.429722][ T6374] ? fdget+0x176/0x210 [ 82.430796][ T6374] __sys_sendmsg+0x117/0x1f0 [ 82.432031][ T6374] ? __pfx___sys_sendmsg+0x10/0x10 [ 82.433395][ T6374] ? __fget_files+0x244/0x3f0 [ 82.434647][ T6374] __do_fast_syscall_32+0x73/0x120 [ 82.436000][ T6374] do_fast_syscall_32+0x32/0x80 [ 82.437299][ T6374] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 82.438975][ T6374] RIP: 0023:0xf7f85579 [ 82.440060][ T6374] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 82.445128][ T6374] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 82.447218][ T6374] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 00000000200002c0 [ 82.449250][ T6374] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 82.451321][ T6374] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 82.453504][ T6374] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 82.455574][ T6374] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 82.457640][ T6374] [ 82.561574][ T39] audit: type=1326 audit(1727663775.921:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.2.308" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x0 [ 82.575858][ T6380] netlink: 4 bytes leftover after parsing attributes in process `syz.0.309'. [ 82.578689][ T6379] netlink: 4 bytes leftover after parsing attributes in process `syz.0.309'. [ 83.888821][ T6403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.316'. [ 84.038437][ C0] net_ratelimit: 5 callbacks suppressed [ 84.038450][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 84.188460][ T73] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 84.192008][ T6415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 84.197093][ T6415] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 84.210610][ T6415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 84.218640][ T6415] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 84.221623][ T6415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 84.230711][ T6415] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 84.338468][ T73] usb 8-1: Using ep0 maxpacket: 8 [ 84.341975][ T73] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 84.344140][ T73] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 84.346730][ T73] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 84.349303][ T73] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 84.351994][ T73] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 84.355395][ T73] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 84.357805][ T73] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.566428][ T73] usb 8-1: usb_control_msg returned -32 [ 84.568031][ T73] usbtmc 8-1:16.0: can't read capabilities [ 84.609809][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 84.992629][ T5351] Bluetooth: hci3: link tx timeout [ 84.994382][ T5351] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 85.060413][ T6427] FAULT_INJECTION: forcing a failure. [ 85.060413][ T6427] name failslab, interval 1, probability 0, space 0, times 0 [ 85.068474][ T6427] CPU: 2 UID: 0 PID: 6427 Comm: syz.0.324 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 85.071300][ T6427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.074067][ T6427] Call Trace: [ 85.074945][ T6427] [ 85.075730][ T6427] dump_stack_lvl+0x16c/0x1f0 [ 85.076989][ T6427] should_fail_ex+0x497/0x5b0 [ 85.078229][ T6427] ? fs_reclaim_acquire+0xae/0x160 [ 85.079587][ T6427] should_failslab+0xc2/0x120 [ 85.080844][ T6427] __kmalloc_cache_node_noprof+0x6e/0x360 [ 85.082336][ T6427] ? __get_vm_area_node+0xe1/0x2d0 [ 85.083689][ T6427] ? is_bpf_text_address+0x30/0x1a0 [ 85.085073][ T6427] __get_vm_area_node+0xe1/0x2d0 [ 85.086375][ T6427] __vmalloc_node_range_noprof+0x26a/0x15a0 [ 85.087942][ T6427] ? bpf_prog_calc_tag+0x100/0x780 [ 85.089331][ T6427] ? bpf_prog_calc_tag+0x100/0x780 [ 85.090672][ T6427] ? __pfx_stack_trace_save+0x10/0x10 [ 85.092078][ T6427] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 85.093732][ T6427] ? kasan_save_stack+0x42/0x60 [ 85.094963][ T6427] ? kasan_save_stack+0x33/0x60 [ 85.096227][ T6427] ? kasan_save_track+0x14/0x30 [ 85.097516][ T6427] ? __kasan_kmalloc+0xaa/0xb0 [ 85.098774][ T6427] ? bpf_prog_calc_tag+0x100/0x780 [ 85.100118][ T6427] vmalloc_noprof+0x6b/0x90 [ 85.101321][ T6427] ? bpf_prog_calc_tag+0x100/0x780 [ 85.102660][ T6427] bpf_prog_calc_tag+0x100/0x780 [ 85.103957][ T6427] ? __pfx_bpf_prog_calc_tag+0x10/0x10 [ 85.105389][ T6427] ? __pfx_add_subprog+0x10/0x10 [ 85.106736][ T6427] ? add_subprog_and_kfunc+0x5e5/0x1b80 [ 85.108189][ T6427] resolve_pseudo_ldimm64+0xcd/0x2950 [ 85.109608][ T6427] ? __pfx_add_subprog_and_kfunc+0x10/0x10 [ 85.111132][ T6427] ? __pfx_resolve_pseudo_ldimm64+0x10/0x10 [ 85.112672][ T6427] ? trace_kmalloc+0x2d/0xe0 [ 85.113895][ T6427] ? __kmalloc_node_noprof+0x22f/0x440 [ 85.115316][ T6427] ? __pfx_bpf_lsm_ptrace_traceme+0x1/0x10 [ 85.116846][ T6427] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 85.118270][ T6427] ? check_subprogs+0x57c/0x7d0 [ 85.119545][ T6427] bpf_check+0x72cb/0xc7c0 [ 85.120728][ T6427] ? __pfx_bpf_check+0x10/0x10 [ 85.121949][ T6427] ? find_held_lock+0x2d/0x110 [ 85.123187][ T6427] ? ktime_get_with_offset+0x13a/0x240 [ 85.124595][ T6427] ? trace_lock_acquire+0x14a/0x1d0 [ 85.125948][ T6427] ? ktime_get_with_offset+0x13a/0x240 [ 85.127364][ T6427] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 85.128438][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 85.128866][ T6427] ? lockdep_hardirqs_on+0x7c/0x110 [ 85.132033][ T6427] ? bpf_obj_name_cpy+0x156/0x1b0 [ 85.133349][ T6427] bpf_prog_load+0xe3f/0x2670 [ 85.134578][ T6427] ? __pfx_bpf_prog_load+0x10/0x10 [ 85.135889][ T6427] ? find_held_lock+0x2d/0x110 [ 85.137143][ T6427] __sys_bpf+0x4c8c/0x5780 [ 85.138304][ T6427] ? ksys_write+0x21e/0x260 [ 85.139481][ T6427] ? __pfx___sys_bpf+0x10/0x10 [ 85.140724][ T6427] ? vfs_write+0x14d/0x1140 [ 85.141905][ T6427] ? __mutex_unlock_slowpath+0x164/0x650 [ 85.143362][ T6427] ? fput+0x30/0x390 [ 85.144380][ T6427] ? ksys_write+0x1ad/0x260 [ 85.145564][ T6427] ? __pfx_ksys_write+0x10/0x10 [ 85.146827][ T6427] __ia32_sys_bpf+0x76/0xe0 [ 85.148005][ T6427] __do_fast_syscall_32+0x73/0x120 [ 85.149350][ T6427] do_fast_syscall_32+0x32/0x80 [ 85.150609][ T6427] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 85.152232][ T6427] RIP: 0023:0xf7f85579 [ 85.153303][ T6427] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 85.158197][ T6427] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 85.160327][ T6427] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000400 [ 85.162353][ T6427] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 85.164349][ T6427] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 85.166298][ T6427] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 85.168310][ T6427] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 85.170359][ T6427] [ 85.173502][ T6427] syz.0.324: vmalloc error: size 64, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 85.177003][ T6427] CPU: 2 UID: 0 PID: 6427 Comm: syz.0.324 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 85.179515][ T6427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.182143][ T6427] Call Trace: [ 85.182995][ T6427] [ 85.183740][ T6427] dump_stack_lvl+0x16c/0x1f0 [ 85.184944][ T6427] warn_alloc+0x24d/0x3a0 [ 85.186038][ T6427] ? __pfx_warn_alloc+0x10/0x10 [ 85.187256][ T6427] ? __kasan_kmalloc+0x8a/0xb0 [ 85.188486][ T6427] ? __get_vm_area_node+0x1bc/0x2d0 [ 85.189803][ T6427] __vmalloc_node_range_noprof+0xd27/0x15a0 [ 85.191250][ T6427] ? bpf_prog_calc_tag+0x100/0x780 [ 85.192552][ T6427] ? __pfx_stack_trace_save+0x10/0x10 [ 85.193895][ T6427] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 85.195454][ T6427] ? kasan_save_stack+0x42/0x60 [ 85.196685][ T6427] ? kasan_save_stack+0x33/0x60 [ 85.197892][ T6427] ? kasan_save_track+0x14/0x30 [ 85.199107][ T6427] ? __kasan_kmalloc+0xaa/0xb0 [ 85.200286][ T6427] ? bpf_prog_calc_tag+0x100/0x780 [ 85.201567][ T6427] vmalloc_noprof+0x6b/0x90 [ 85.202734][ T6427] ? bpf_prog_calc_tag+0x100/0x780 [ 85.204043][ T6427] bpf_prog_calc_tag+0x100/0x780 [ 85.205291][ T6427] ? __pfx_bpf_prog_calc_tag+0x10/0x10 [ 85.206650][ T6427] ? __pfx_add_subprog+0x10/0x10 [ 85.207902][ T6427] ? add_subprog_and_kfunc+0x5e5/0x1b80 [ 85.209298][ T6427] resolve_pseudo_ldimm64+0xcd/0x2950 [ 85.210650][ T6427] ? __pfx_add_subprog_and_kfunc+0x10/0x10 [ 85.212142][ T6427] ? __pfx_resolve_pseudo_ldimm64+0x10/0x10 [ 85.213672][ T6427] ? trace_kmalloc+0x2d/0xe0 [ 85.214878][ T6427] ? __kmalloc_node_noprof+0x22f/0x440 [ 85.216284][ T6427] ? __pfx_bpf_lsm_ptrace_traceme+0x1/0x10 [ 85.217800][ T6427] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 85.219206][ T6427] ? check_subprogs+0x57c/0x7d0 [ 85.220461][ T6427] bpf_check+0x72cb/0xc7c0 [ 85.221632][ T6427] ? __pfx_bpf_check+0x10/0x10 [ 85.222877][ T6427] ? find_held_lock+0x2d/0x110 [ 85.224128][ T6427] ? ktime_get_with_offset+0x13a/0x240 [ 85.225557][ T6427] ? trace_lock_acquire+0x14a/0x1d0 [ 85.226902][ T6427] ? ktime_get_with_offset+0x13a/0x240 [ 85.228311][ T6427] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 85.229805][ T6427] ? lockdep_hardirqs_on+0x7c/0x110 [ 85.231123][ T6427] ? bpf_obj_name_cpy+0x156/0x1b0 [ 85.232400][ T6427] bpf_prog_load+0xe3f/0x2670 [ 85.233626][ T6427] ? __pfx_bpf_prog_load+0x10/0x10 [ 85.234918][ T6427] ? find_held_lock+0x2d/0x110 [ 85.236117][ T6427] __sys_bpf+0x4c8c/0x5780 [ 85.237224][ T6427] ? ksys_write+0x21e/0x260 [ 85.238369][ T6427] ? __pfx___sys_bpf+0x10/0x10 [ 85.239612][ T6427] ? vfs_write+0x14d/0x1140 [ 85.240902][ T6427] ? __mutex_unlock_slowpath+0x164/0x650 [ 85.242350][ T6427] ? fput+0x30/0x390 [ 85.243375][ T6427] ? ksys_write+0x1ad/0x260 [ 85.244548][ T6427] ? __pfx_ksys_write+0x10/0x10 [ 85.245816][ T6427] __ia32_sys_bpf+0x76/0xe0 [ 85.247004][ T6427] __do_fast_syscall_32+0x73/0x120 [ 85.248336][ T6427] do_fast_syscall_32+0x32/0x80 [ 85.249653][ T6427] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 85.251286][ T6427] RIP: 0023:0xf7f85579 [ 85.252360][ T6427] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 85.257279][ T6427] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 85.259413][ T6427] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000400 [ 85.261460][ T6427] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 85.263485][ T6427] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 85.265512][ T6427] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 85.267528][ T6427] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 85.269584][ T6427] [ 85.270737][ T6427] Mem-Info: [ 85.271595][ T6427] active_anon:2734 inactive_anon:4 isolated_anon:0 [ 85.271595][ T6427] active_file:20509 inactive_file:32989 isolated_file:0 [ 85.271595][ T6427] unevictable:768 dirty:213 writeback:0 [ 85.271595][ T6427] slab_reclaimable:5015 slab_unreclaimable:51480 [ 85.271595][ T6427] mapped:17431 shmem:873 pagetables:625 [ 85.271595][ T6427] sec_pagetables:309 bounce:0 [ 85.271595][ T6427] kernel_misc_reclaimable:0 [ 85.271595][ T6427] free:82051 free_pcp:4266 free_cma:0 [ 85.282980][ T6427] Node 0 active_anon:0kB inactive_anon:16kB active_file:0kB inactive_file:24kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:1276kB dirty:20kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9500kB pagetables:1072kB sec_pagetables:1188kB all_unreclaimable? no [ 85.290855][ T6427] Node 1 active_anon:10936kB inactive_anon:0kB active_file:82036kB inactive_file:131932kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:68448kB dirty:832kB writeback:0kB shmem:1956kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1604kB pagetables:1428kB sec_pagetables:48kB all_unreclaimable? no [ 85.300269][ T6427] Node 0 DMA free:968kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:92kB local_pcp:12kB free_cma:0kB [ 85.307564][ T6427] lowmem_reserve[]: 0 273 0 0 0 [ 85.308963][ T6427] Node 0 DMA32 free:20156kB boost:0kB min:13904kB low:17380kB high:20856kB reserved_highatomic:4096KB active_anon:0kB inactive_anon:16kB active_file:0kB inactive_file:24kB unevictable:1536kB writepending:20kB present:1032196kB managed:306284kB mlocked:0kB bounce:0kB free_pcp:2504kB local_pcp:0kB free_cma:0kB [ 85.316246][ T6427] lowmem_reserve[]: 0 0 0 0 0 [ 85.317563][ T6427] Node 1 DMA32 free:307016kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:10924kB inactive_anon:0kB active_file:82036kB inactive_file:131932kB unevictable:1536kB writepending:832kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:14372kB local_pcp:1616kB free_cma:0kB [ 85.326950][ T6427] lowmem_reserve[]: 0 0 0 0 0 [ 85.328264][ T6427] Node 0 DMA: 50*4kB (UE) 24*8kB (UE) 20*16kB (UE) 8*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 968kB [ 85.331847][ T6427] Node 0 DMA32: 201*4kB (UMEH) 77*8kB (UMEH) 35*16kB (UMEH) 38*32kB (UMEH) 33*64kB (UMEH) 26*128kB (UME) 9*256kB (UME) 12*512kB (UM) 3*1024kB (M) 0*2048kB 0*4096kB = 20156kB [ 85.336191][ T6427] Node 1 DMA32: 8*4kB (ME) 11*8kB (E) 273*16kB (UME) 132*32kB (ME) 279*64kB (UME) 99*128kB (UME) 36*256kB (UM) 17*512kB (ME) 12*1024kB (UM) 6*2048kB (UME) 55*4096kB (UM) = 307016kB [ 85.340815][ T6427] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 85.343289][ T6427] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 85.345679][ T6427] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 85.348093][ T6427] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 85.350471][ T6427] 54820 total pagecache pages [ 85.351759][ T6427] 449 pages in swap cache [ 85.352958][ T6427] Free swap = 117960kB [ 85.354118][ T6427] Total swap = 124996kB [ 85.355267][ T6427] 524155 pages RAM [ 85.356237][ T6427] 0 pages HighMem/MovableOnly [ 85.357474][ T6427] 206681 pages reserved [ 85.358633][ T6427] 0 pages cma reserved [ 85.392127][ T6429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.325'. [ 85.398544][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 85.639455][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 85.762132][ T57] usb 5-1: USB disconnect, device number 3 [ 85.922615][ T4780] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.925957][ T4780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.928666][ T4780] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.931549][ T4780] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.933918][ T4780] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.935975][ T4780] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.061038][ T6440] chnl_net:caif_netlink_parms(): no params data found [ 86.130608][ T6440] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.132473][ T6440] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.134344][ T6440] bridge_slave_0: entered allmulticast mode [ 86.136319][ T6440] bridge_slave_0: entered promiscuous mode [ 86.139325][ T6440] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.141253][ T6440] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.143164][ T6440] bridge_slave_1: entered allmulticast mode [ 86.145212][ T6440] bridge_slave_1: entered promiscuous mode [ 86.172926][ T6440] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.176824][ T6440] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.198420][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 86.201196][ T6440] team0: Port device team_slave_0 added [ 86.203690][ T6440] team0: Port device team_slave_1 added [ 86.225019][ T6440] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.226861][ T6440] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.235357][ T6440] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.241571][ T6440] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.246743][ T6440] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.258439][ T6440] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.296349][ T6440] hsr_slave_0: entered promiscuous mode [ 86.298502][ T6440] hsr_slave_1: entered promiscuous mode [ 86.300350][ T6440] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.303154][ T6440] Cannot create hsr debugfs directory [ 86.423833][ T6440] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.525857][ T6440] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.612818][ T6440] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.682299][ T6454] netlink: 8 bytes leftover after parsing attributes in process `syz.2.335'. [ 86.689771][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 86.793416][ T6440] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.949294][ T63] usb 8-1: USB disconnect, device number 7 [ 86.964463][ T6440] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.967695][ T6440] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.000050][ T6440] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.008566][ T5351] Bluetooth: hci3: command 0x0405 tx timeout [ 87.020209][ T6440] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.083212][ T6440] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.090838][ T6440] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.095371][ T1194] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.097169][ T1194] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.105757][ T1194] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.107583][ T1194] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.110739][ T6465] netlink: 36 bytes leftover after parsing attributes in process `syz.3.338'. [ 87.113238][ T6465] netlink: 16 bytes leftover after parsing attributes in process `syz.3.338'. [ 87.115399][ T6465] netlink: 36 bytes leftover after parsing attributes in process `syz.3.338'. [ 87.117579][ T6465] netlink: 36 bytes leftover after parsing attributes in process `syz.3.338'. [ 87.123930][ T6440] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 87.126666][ T6440] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.161035][ T6465] overlayfs: invalid redirect ((null)) [ 87.214903][ T6470] overlayfs: invalid redirect ((null)) [ 87.216843][ T6440] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.235889][ T6440] veth0_vlan: entered promiscuous mode [ 87.238447][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 87.241575][ T6440] veth1_vlan: entered promiscuous mode [ 87.252794][ T6440] veth0_macvtap: entered promiscuous mode [ 87.256169][ T6440] veth1_macvtap: entered promiscuous mode [ 87.263546][ T6440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.266337][ T6440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.268946][ T6440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.271535][ T6440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.273972][ T6440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.276650][ T6440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.279780][ T6440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.282368][ T6440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.285802][ T6440] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.304496][ T6440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.307161][ T6440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.309935][ T6440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.312473][ T6440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.314867][ T6440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.317422][ T6440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.320076][ T6440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.322632][ T6440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.325779][ T6440] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.337316][ T6440] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.341579][ T6440] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.345980][ T6440] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.350371][ T6440] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.405028][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.407073][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.416168][ T1194] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.418248][ T1194] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.718623][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.958482][ T5351] Bluetooth: hci1: command tx timeout [ 88.161243][ T11] bridge_slave_1: left allmulticast mode [ 88.162868][ T11] bridge_slave_1: left promiscuous mode [ 88.165028][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.170300][ T11] bridge_slave_0: left allmulticast mode [ 88.171831][ T11] bridge_slave_0: left promiscuous mode [ 88.173631][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.278481][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 88.495588][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 88.502123][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 88.506769][ T11] bond0 (unregistering): Released all slaves [ 88.705833][ T6489] netlink: 8 bytes leftover after parsing attributes in process `syz.0.343'. [ 88.905207][ T11] hsr_slave_0: left promiscuous mode [ 88.907013][ T11] hsr_slave_1: left promiscuous mode [ 88.917966][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 88.925352][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 88.930872][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 88.931079][ T5352] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.932743][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.937185][ T5352] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.941998][ T5352] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.946355][ T5352] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.950057][ T5352] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 88.952099][ T5352] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.979897][ T11] veth1_macvtap: left promiscuous mode [ 88.981664][ T11] veth0_macvtap: left promiscuous mode [ 88.983388][ T11] veth1_vlan: left promiscuous mode [ 88.985373][ T11] veth0_vlan: left promiscuous mode [ 89.328427][ C0] net_ratelimit: 2 callbacks suppressed [ 89.328441][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 89.399263][ T5404] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 89.401437][ T35] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 89.864918][ T11] team0 (unregistering): Port device team_slave_1 removed [ 89.927792][ T11] team0 (unregistering): Port device team_slave_0 removed [ 90.042213][ T5352] Bluetooth: hci1: command tx timeout [ 90.358470][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 90.451890][ T73] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.693004][ T6513] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 90.876564][ T6531] netlink: 28 bytes leftover after parsing attributes in process `syz.0.349'. [ 90.884898][ T6531] netlink: 28 bytes leftover after parsing attributes in process `syz.0.349'. [ 90.998518][ T5351] Bluetooth: hci4: command tx timeout [ 91.078263][ T6504] chnl_net:caif_netlink_parms(): no params data found [ 91.353372][ T6504] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.355769][ T6504] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.358217][ T6504] bridge_slave_0: entered allmulticast mode [ 91.361354][ T6504] bridge_slave_0: entered promiscuous mode [ 91.365778][ T6504] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.371369][ T6504] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.374092][ T6504] bridge_slave_1: entered allmulticast mode [ 91.378856][ T6504] bridge_slave_1: entered promiscuous mode [ 91.398409][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 91.454359][ T6504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.459921][ T6504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.488571][ T5406] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 91.490743][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 91.531363][ T6504] team0: Port device team_slave_0 added [ 91.534875][ T6504] team0: Port device team_slave_1 added [ 91.610219][ T6504] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.612070][ T6504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.618250][ T6504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.643569][ T6504] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.645399][ T6504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.673188][ T6504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.804587][ T6504] hsr_slave_0: entered promiscuous mode [ 91.806712][ T6504] hsr_slave_1: entered promiscuous mode [ 91.820477][ T6504] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.822411][ T6504] Cannot create hsr debugfs directory [ 91.869197][ T6551] netlink: 28 bytes leftover after parsing attributes in process `syz.2.352'. [ 91.871413][ T6551] netlink: 28 bytes leftover after parsing attributes in process `syz.2.352'. [ 91.949422][ T6554] netlink: 28 bytes leftover after parsing attributes in process `syz.3.353'. [ 92.102744][ T6504] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.118416][ T5351] Bluetooth: hci1: command tx timeout [ 92.173077][ T6504] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.316619][ T6504] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.372800][ T6504] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.438432][ C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 92.461363][ T6504] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.473535][ T6504] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.477418][ T6504] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.489312][ T6504] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.526983][ T6504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.534203][ T6504] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.538250][ T1194] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.540160][ T1194] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.549476][ T1194] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.551367][ T1194] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.636251][ T6562] binder: 6556:6562 ioctl c0306201 0 returned -14 [ 92.638451][ T35] ================================================================== [ 92.640461][ T35] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x14c/0x1c0 [ 92.642737][ T35] Read of size 8 at addr ffff8880259d3788 by task kworker/3:0/35 [ 92.645744][ T35] [ 92.646723][ T35] CPU: 3 UID: 0 PID: 35 Comm: kworker/3:0 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 92.649656][ T35] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 92.652303][ T35] Workqueue: events binder_deferred_func [ 92.653723][ T35] Call Trace: [ 92.654554][ T35] [ 92.655305][ T35] dump_stack_lvl+0x116/0x1f0 [ 92.656463][ T35] print_report+0xc3/0x620 [ 92.657571][ T35] ? __virt_addr_valid+0x5e/0x590 [ 92.658795][ T35] ? __phys_addr+0xc6/0x150 [ 92.659917][ T35] kasan_report+0xd9/0x110 [ 92.661025][ T35] ? __list_del_entry_valid_or_report+0x14c/0x1c0 [ 92.662569][ T35] ? __list_del_entry_valid_or_report+0x14c/0x1c0 [ 92.664116][ T35] __list_del_entry_valid_or_report+0x14c/0x1c0 [ 92.665653][ T35] binder_release_work+0x9b/0x490 [ 92.666912][ T35] binder_deferred_func+0xe6e/0x12e0 [ 92.668269][ T35] process_one_work+0x958/0x1b30 [ 92.669577][ T35] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 92.670986][ T35] ? __pfx_process_one_work+0x10/0x10 [ 92.672353][ T35] ? assign_work+0x1a0/0x250 [ 92.673531][ T35] worker_thread+0x6c8/0xf00 [ 92.674722][ T35] ? __pfx_worker_thread+0x10/0x10 [ 92.676064][ T35] kthread+0x2c1/0x3a0 [ 92.677143][ T35] ? _raw_spin_unlock_irq+0x23/0x50 [ 92.678498][ T35] ? __pfx_kthread+0x10/0x10 [ 92.679684][ T35] ret_from_fork+0x45/0x80 [ 92.680802][ T35] ? __pfx_kthread+0x10/0x10 [ 92.681973][ T35] ret_from_fork_asm+0x1a/0x30 [ 92.682262][ T6504] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.683222][ T35] [ 92.683228][ T35] [ 92.685681][ T6560] __nla_validate_parse: 1 callbacks suppressed [ 92.685692][ T6560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.355'. [ 92.685811][ T35] Allocated by task 6562: [ 92.691374][ T35] kasan_save_stack+0x33/0x60 [ 92.692607][ T35] kasan_save_track+0x14/0x30 [ 92.693850][ T35] __kasan_kmalloc+0xaa/0xb0 [ 92.695062][ T35] binder_thread_write+0xe19/0x4c60 [ 92.696422][ T35] binder_ioctl+0x268b/0x7050 [ 92.697658][ T35] compat_ptr_ioctl+0x6b/0xa0 [ 92.698435][ T5406] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 92.698887][ T35] __do_compat_sys_ioctl+0x259/0x2b0 [ 92.702293][ T35] __do_fast_syscall_32+0x73/0x120 [ 92.703581][ T35] do_fast_syscall_32+0x32/0x80 [ 92.703975][ T6504] veth0_vlan: entered promiscuous mode [ 92.704801][ T35] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 92.707978][ T35] [ 92.708619][ T35] Freed by task 35: [ 92.709639][ T35] kasan_save_stack+0x33/0x60 [ 92.709709][ T6504] veth1_vlan: entered promiscuous mode [ 92.710819][ T35] kasan_save_track+0x14/0x30 [ 92.713444][ T35] kasan_save_free_info+0x3b/0x60 [ 92.714744][ T35] __kasan_slab_free+0x51/0x70 [ 92.715998][ T35] kfree+0x14f/0x4b0 [ 92.717020][ T35] binder_deferred_func+0xdd7/0x12e0 [ 92.718372][ T35] process_one_work+0x958/0x1b30 [ 92.719643][ T35] worker_thread+0x6c8/0xf00 [ 92.720824][ T35] kthread+0x2c1/0x3a0 [ 92.721872][ T35] ret_from_fork+0x45/0x80 [ 92.723011][ T35] ret_from_fork_asm+0x1a/0x30 [ 92.724244][ T35] [ 92.724876][ T35] The buggy address belongs to the object at ffff8880259d3780 [ 92.724876][ T35] which belongs to the cache kmalloc-64 of size 64 [ 92.728188][ T35] The buggy address is located 8 bytes inside of [ 92.728188][ T35] freed 64-byte region [ffff8880259d3780, ffff8880259d37c0) [ 92.731449][ T35] [ 92.732068][ T35] The buggy address belongs to the physical page: [ 92.733673][ T35] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x259d3 [ 92.735867][ T35] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 92.737612][ T35] page_type: f5(slab) [ 92.738624][ T35] raw: 00fff00000000000 ffff88801ac428c0 dead000000000100 dead000000000122 [ 92.740718][ T35] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000 [ 92.742827][ T35] page dumped because: kasan: bad access detected [ 92.744425][ T35] page_owner tracks the page as allocated [ 92.745858][ T35] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5348, tgid 5348 (syz-executor), ts 38461104086, free_ts 38339804433 [ 92.750556][ T35] post_alloc_hook+0x2d1/0x350 [ 92.751754][ T35] get_page_from_freelist+0x101e/0x3070 [ 92.753113][ T35] __alloc_pages_noprof+0x223/0x25c0 [ 92.754397][ T35] alloc_pages_mpol_noprof+0x2c9/0x610 [ 92.755706][ T35] new_slab+0x2ba/0x3f0 [ 92.756769][ T35] ___slab_alloc+0xd1d/0x16f0 [ 92.757934][ T35] __slab_alloc.constprop.0+0x56/0xb0 [ 92.759248][ T35] __kmalloc_noprof+0x379/0x410 [ 92.760443][ T35] kobject_get_path+0xcb/0x230 [ 92.761635][ T35] kobject_uevent_env+0x289/0x1670 [ 92.762909][ T35] __kobject_del+0x168/0x1f0 [ 92.764042][ T35] kobject_put+0x327/0x5a0 [ 92.765135][ T35] netdev_queue_update_kobjects+0x432/0x5b0 [ 92.766586][ T35] netif_set_real_num_tx_queues+0x168/0x880 [ 92.768044][ T35] veth_init_queues+0xe1/0x190 [ 92.769274][ T35] veth_newlink+0x54c/0x9e0 [ 92.770418][ T35] page last free pid 5348 tgid 5348 stack trace: [ 92.771987][ T35] free_unref_page+0x5f4/0xdc0 [ 92.773192][ T35] qlist_free_all+0x4e/0x120 [ 92.774326][ T35] kasan_quarantine_reduce+0x192/0x1e0 [ 92.775622][ T35] __kasan_slab_alloc+0x69/0x90 [ 92.776843][ T35] __kmalloc_cache_noprof+0x11e/0x310 [ 92.778145][ T35] kobject_uevent_env+0x265/0x1670 [ 92.779369][ T35] __kobject_del+0x168/0x1f0 [ 92.780502][ T35] kobject_put+0x327/0x5a0 [ 92.781610][ T35] net_rx_queue_update_kobjects+0x478/0x5f0 [ 92.783063][ T35] netif_set_real_num_rx_queues+0x169/0x210 [ 92.784506][ T35] veth_init_queues+0x151/0x190 [ 92.785743][ T35] veth_newlink+0x630/0x9e0 [ 92.786901][ T35] __rtnl_newlink+0x119c/0x1920 [ 92.788106][ T35] rtnl_newlink+0x67/0xa0 [ 92.789187][ T35] rtnetlink_rcv_msg+0x3c7/0xea0 [ 92.790370][ T35] netlink_rcv_skb+0x165/0x410 [ 92.791551][ T35] [ 92.792157][ T35] Memory state around the buggy address: [ 92.793516][ T35] ffff8880259d3680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 92.795434][ T35] ffff8880259d3700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 92.797378][ T35] >ffff8880259d3780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 92.799313][ T35] ^ [ 92.800390][ T35] ffff8880259d3800: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 92.802314][ T35] ffff8880259d3880: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 92.804243][ T35] ================================================================== [ 92.806760][ T35] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 92.808554][ T35] CPU: 3 UID: 0 PID: 35 Comm: kworker/3:0 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 92.811010][ T35] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 92.813675][ T35] Workqueue: events binder_deferred_func [ 92.815096][ T35] Call Trace: [ 92.815942][ T35] [ 92.816699][ T35] dump_stack_lvl+0x3d/0x1f0 [ 92.817889][ T35] panic+0x71d/0x800 [ 92.818864][ T35] ? mark_held_locks+0x9f/0xe0 [ 92.820085][ T35] ? __pfx_panic+0x10/0x10 [ 92.821224][ T35] ? irqentry_exit+0x3b/0x90 [ 92.822390][ T35] ? lockdep_hardirqs_on+0x7c/0x110 [ 92.823711][ T35] ? check_panic_on_warn+0x1f/0xb0 [ 92.824991][ T35] check_panic_on_warn+0xab/0xb0 [ 92.826242][ T35] end_report+0x117/0x180 [ 92.827343][ T35] kasan_report+0xe9/0x110 [ 92.828488][ T35] ? __list_del_entry_valid_or_report+0x14c/0x1c0 [ 92.830088][ T35] ? __list_del_entry_valid_or_report+0x14c/0x1c0 [ 92.831703][ T35] __list_del_entry_valid_or_report+0x14c/0x1c0 [ 92.833264][ T35] binder_release_work+0x9b/0x490 [ 92.834614][ T35] binder_deferred_func+0xe6e/0x12e0 [ 92.835917][ T35] process_one_work+0x958/0x1b30 [ 92.837153][ T35] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 92.838499][ T35] ? __pfx_process_one_work+0x10/0x10 [ 92.839793][ T35] ? assign_work+0x1a0/0x250 [ 92.840919][ T35] worker_thread+0x6c8/0xf00 [ 92.842112][ T35] ? __pfx_worker_thread+0x10/0x10 [ 92.843383][ T35] kthread+0x2c1/0x3a0 [ 92.844401][ T35] ? _raw_spin_unlock_irq+0x23/0x50 [ 92.845695][ T35] ? __pfx_kthread+0x10/0x10 [ 92.846858][ T35] ret_from_fork+0x45/0x80 [ 92.848014][ T35] ? __pfx_kthread+0x10/0x10 [ 92.849232][ T35] ret_from_fork_asm+0x1a/0x30 [ 92.850434][ T35] [ 92.851842][ T35] Kernel Offset: disabled [ 92.852936][ T35] Rebooting in 86400 seconds.. VM DIAGNOSIS: 02:36:26 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=0000000000000089 RCX=ffffffff81dcd6db RDX=1ffff1100358c19a RSI=0000000000000089 RDI=0000000000000100 RBP=ffff88801ac60ce8 RSP=ffffc90000e676c8 R8 =0000000000000005 R9 =0000000000000100 R10=0000000000000088 R11=0000000000000000 R12=0000000000000000 R13=ffff88801ac60000 R14=dffffc0000000000 R15=0000000000000000 RIP=ffffffff818cb1b0 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c320089 CR3=000000000db7c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a000000000 0000000400000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000034c179 RBX=0000000000000001 RCX=ffffffff8b12f739 RDX=0000000000000000 RSI=ffffffff8b4cc8e0 RDI=ffffffff8bb12060 RBP=ffffed10036ed910 RSP=ffffc90000477e08 R8 =0000000000000001 R9 =ffffed10056a7025 R10=ffff88802b53812b R11=0000000000000000 R12=0000000000000001 R13=ffff88801b76c880 R14=ffffffff901cc608 R15=0000000000000000 RIP=ffffffff8b130b1f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c36d5b7 CR3=000000006dde6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000014b1b1 RBX=0000000000000002 RCX=ffffffff8b12f739 RDX=0000000000000000 RSI=ffffffff8b4cc8e0 RDI=ffffffff8bb12060 RBP=ffffed100376e000 RSP=ffffc90000487e08 R8 =0000000000000001 R9 =ffffed10056c7025 R10=ffff88802b63812b R11=0000000000000000 R12=0000000000000002 R13=ffff88801bb70000 R14=ffffffff901cc608 R15=0000000000000000 RIP=ffffffff8b130b1f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000031f1eff8 CR3=000000006058a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d7585612f70cef26 c0b6c575bfaf5237 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d2fd97faf8554171 831451a179091437 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d15a9e791a29b706 8dc1ba0d97e9959f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 34073b070075239d 924cf36f7bf95a0a ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000005a40 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00392228e13c17aa 0039223617aaaaaa ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 17aaaaaaaaaa0000 2289d8ae04a0dc00 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000039aaaaaaaa 222f6fdeaaaa0000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000003900000000 2288df50bde617aa ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a48599f530d25baa 89e9875610370e20 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7a585d5bda31b2c9 35ee01a665490855 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff85035855 RDI=ffffffff9a63a260 RBP=ffffffff9a63a220 RSP=ffffc900005d7570 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552033203a555043 R12=0000000000000000 R13=0000000000000000 R14=ffffffff9a63a270 R15=0000000000000073 RIP=ffffffff8503587f RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002e71dff8 CR3=000000006dabe000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000