last executing test programs: 3.995011183s ago: executing program 1 (id=1029): connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4001, 0x0, @loopback}, 0xfffffe36) writev(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000100)='Z', 0x1}], 0x1) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x43, &(0x7f0000000340)={{{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, 0x0, 0x1000, 0xfffffffffffffffe}, {0xfffffffffffffffc}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x0, 0x3c}, 0xa, @in=@dev, 0x0, 0x3, 0x0, 0x0, 0x0, 0x93}}, 0xe4) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0xfd) 3.618374693s ago: executing program 1 (id=1032): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newtaction={0x114, 0x30, 0x1, 0x0, 0x25dfdbfc, {}, [{0x100, 0x1, [@m_ct={0x9c, 0x2, 0x0, 0x0, {{0x7}, {0x20, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @loopback}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}}]}, {0x56, 0x6, "7d0f24ec99750ab3dbc181f1bcdfacf4ac8d680d38cd2c9d80f966293d08121def2c50b44df5f9b2767399fe34389854d91cab0e620109205226cc71fe1c20bf7110b731b3a883f008cc006a2cf76b7c3110"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_sample={0x60, 0x13, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x1}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x18d282e7}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x6, 0x5, 0x7, 0x3}}]}, {0xc, 0x6, "d6ae2a722742fd9f"}, {0xc}, {0xc}}}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x800}, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$l2tp6(0xa, 0x2, 0x73) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) sendmmsg$unix(r0, &(0x7f0000000000), 0x400000000000041, 0x0) r1 = getpid() mmap(&(0x7f00003cb000/0x4000)=nil, 0x4000, 0xb635773f07ebbeed, 0x40010, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x20, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000000900)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x72, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60000000003c2c", @ANYBLOB="37fb3bbce8afc7def78a8a5bf4b96873ed2f29734a49e92f2dfb9ac94e2e408930f1270827e42cd6be4efec81c94eb4acf824286e4e63b304651d06fccb0412c8275468d16ac859450c633e8b868f1ede1546a08e6df91e7fe9af499dd6a54e69f8768b5ed77f1d663a784f51b797c87df28e817874580305c320e077dcd82ff784672bd5da9ce9741bfdc0a2a92f5cbd6054b36bfc1b2800806391d80445b17d76c8356ce6f20eda64082919ba0428962c88bebe24e91c680eb64d517f14019c4597caeac2ebade2a6fed4b3647c749951bf13eb79e7efccae2920b08d6dd63ef13bc8300f2f3dc5279890f6851220aca4baa2e2b89", @ANYRES8=r1], 0x0) 3.500003489s ago: executing program 1 (id=1034): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x105002) writev(r0, &(0x7f0000000540)=[{&(0x7f00000007c0)="03e6b107e445a7d8276efeff", 0xc}], 0x1) fcntl$notify(0xffffffffffffffff, 0x402, 0x80000010) r1 = fsopen(&(0x7f00000000c0)='adfs\x00', 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x1239, &(0x7f00000002c0)={0x0, 0x1c26, 0x10100, 0x2000, 0x0, 0x0, r3}, &(0x7f00000004c0)=0x0, &(0x7f00000001c0)=0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000700), r7) sendmsg$NFC_CMD_START_POLL(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=ANY=[@ANYRES8=r1, @ANYRES16=r7, @ANYRESDEC=r5], 0x24}}, 0x20044815) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)=@newqdisc={0x34, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x400000, {0x0, 0x0, 0x0, 0x0, {0x7}, {0xffff, 0xffff}}, [@TCA_RATE={0x6}, @qdisc_kind_options=@q_drr={0x8}]}, 0x34}}, 0x0) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r10 = dup(r9) connect$bt_l2cap(r10, &(0x7f0000000080)={0x1f, 0x66, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x80, 0x2}, 0xe) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r10, @ANYBLOB=',wfdno=', @ANYRESHEX=r10, @ANYBLOB="0000db4e652a3cae2e84396e417e43a237ad8c699e90790fe17daf48ccdca7d0011ad0bda7474975bdc1c501dd7b89f1701b7f078dfd9668eaa293e56ac29b36e3acf505772e6ea57fe03334ec7179df1305e117"]) write$FUSE_INIT(r10, 0x0, 0x0) getresgid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000340)) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1}) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000100)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000240)="dd50194cd4690fe4c5efb72532d3ff1820b7edb624952862fbae5466cf3e6d3ecab8ba565ad483c6e56e89672d164456aaa1c8d91a3bee4cb9e9ef89f2c9bda25a8b4459a6a6ab316b62e4446a6b27da7b2fa27524a403edcb2023ee67f24a69ea6228ba72d39971c2a542d00ebd", 0x6e, 0x10022, 0x1, {0x0, r11}}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) r12 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r12, &(0x7f0000000000)={0x27}, 0x62) listen(r12, 0x0) accept4(r12, 0x0, 0x0, 0x80800) 3.153072098s ago: executing program 2 (id=1036): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x236, &(0x7f0000000400)={0x0, 0xf691, 0x10100, 0x0, 0x2b5}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)="d800", 0x2}, {&(0x7f0000000240)="f3d4aafbad470b38b7904920741b095a3e3e514330f64019a6a4c152a5adfa02568740a10a29a30a7baaae8c81b9d5c24d435169fe41d757f140cfe0052d6f649e02e9e7da2bc5fae3b5353625353e8aacd718cfe01f23f37318458ca09ecd1cbeca8029baebe2b56e91513ac427d039095b8b3e108b5bca60c44185d00b84c49c95874a654469c40a686e78bbd79533e23b815e94af0d683bca06ce8f2073d3e700be455ff435c84fa71d8007c2399e66a4e9f2146c35c188", 0xb9}, {&(0x7f0000000300)="ccaa65ba02d4857149930335b60a80f8c29b89049f8a62d42099f7ecc4d43f7c03ee041892a86c68d898aa3572ed036181342251aed23ea497720995de0a37708c6cfaec3c189b0c18224145eb4aff8580cdedcb5142ebc1e362d0be04550547a4db33ea275d825fa3999be32e5c1b558555a6d833db4af5558f3807248c37c12c640990cf9bd4b3c476625744d418a84d7379b781316aa8b3a25375a16c23b5562c21255f6711bfefd3ee1a5cf4d42e18c6c231cd8efc48c38cc6f39f3449f220ab61c76ce3181da89c5cb2ac33aaab6e1ed4", 0xd3}], 0x3}, 0x4004) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r8 = dup(r7) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000040)=@x86={0x40, 0x4e, 0x8c, 0x0, 0x8004, 0xeb, 0x1, 0x23, 0x7, 0xa2, 0xa, 0x1, 0x0, 0x0, 0x9, 0x5, 0x7, 0x2, 0x6, '\x00', 0x0, 0xaa}) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(r9, 0x2) r10 = userfaultfd(0x80001) ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r10, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) r11 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a) 2.700624101s ago: executing program 0 (id=1038): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x2}, 0x38) r1 = io_uring_setup(0x2a2d, &(0x7f0000000000)={0x0, 0x0, 0x2, 0xfffffffc, 0x366}) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x2) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_GET_UNIQUE(r3, 0xc0106412, &(0x7f00000000c0)={0x0, 0x0}) r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000100)) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'trusted:', 0x20, 0x40}, 0x32, 0xfffffffffffffffc) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) close_range(r1, 0xffffffffffffffff, 0x0) 2.68249207s ago: executing program 0 (id=1039): syz_open_dev$tty1(0xc, 0x4, 0x4) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r4, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r1]) ioctl$KVM_GET_VCPU_EVENTS(r4, 0x4048aecb, &(0x7f0000000080)) 2.673951437s ago: executing program 1 (id=1040): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0) write$vga_arbiter(r0, &(0x7f00000000c0)=ANY=[], 0xe) socket(0x8, 0x7, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) syz_open_dev$vim2m(&(0x7f0000000680), 0x10007ff, 0x2) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x6e}, 0x0, 0x0) r3 = socket$isdn_base(0x22, 0x3, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000100)=0x300000000) write$vhost_msg_v2(r2, &(0x7f0000001700)={0x2, 0x0, {&(0x7f0000000180)=""/55, 0xfffffffffffffed0, 0x0, 0x1, 0x4}}, 0xfffffffffffffd80) getsockopt$inet6_int(r4, 0x29, 0x16, 0x0, &(0x7f00000000c0)) bind$isdn_base(r3, &(0x7f0000002780), 0x6) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) unshare(0x22020400) socket$can_j1939(0x1d, 0x2, 0x7) openat$misdntimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x84200, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x7f, 0x2, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0x0, 0x0) bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000040)={0xf0f024}) ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000980)={0x2, @sliced={0x5000, [0x81, 0xd9, 0xfff, 0xbf, 0x1, 0x1000, 0x6, 0x6, 0x3, 0xf3f, 0x80, 0xcf, 0xc6e7, 0x10, 0xde, 0x7, 0x8, 0x12, 0x1f87, 0xe7b0, 0x4, 0x1, 0xa34, 0xff80, 0xc9, 0x806, 0x8, 0x3, 0xcaa, 0x0, 0x3, 0x1, 0x206, 0x7, 0x595, 0x1, 0x2, 0xfffd, 0x9, 0x6, 0xfff, 0xfffe, 0x9, 0x4, 0x1, 0x1, 0x8, 0x9]}}) 2.401020623s ago: executing program 0 (id=1041): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000070000000100010009000101050000dd", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@getneigh={0x14, 0x1e, 0x609}, 0x14}}, 0x0) bpf$MAP_LOOKUP_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000001840), 0xfffffff7, r0}, 0x38) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="000000000000000095"]) r2 = creat(&(0x7f0000000400)='./bus\x00', 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0xe5000, 0x0) rseq(&(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x2, 0x6, 0x1, 0xa5e}, 0x4}, 0x20, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f00000002c0)=ANY=[], 0x76) dup3(r3, r2, 0x0) finit_module(r3, 0x0, 0x100000000000000) finit_module(r2, 0x0, 0x0) 2.400705588s ago: executing program 0 (id=1042): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newtaction={0x114, 0x30, 0x1, 0x0, 0x25dfdbfc, {}, [{0x100, 0x1, [@m_ct={0x9c, 0x2, 0x0, 0x0, {{0x7}, {0x20, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @loopback}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}}]}, {0x56, 0x6, "7d0f24ec99750ab3dbc181f1bcdfacf4ac8d680d38cd2c9d80f966293d08121def2c50b44df5f9b2767399fe34389854d91cab0e620109205226cc71fe1c20bf7110b731b3a883f008cc006a2cf76b7c3110"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_sample={0x60, 0x13, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x1}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x18d282e7}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x6, 0x5, 0x7, 0x3}}]}, {0xc, 0x6, "d6ae2a722742fd9f"}, {0xc}, {0xc}}}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x800}, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$l2tp6(0xa, 0x2, 0x73) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) sendmmsg$unix(r0, &(0x7f0000000000), 0x400000000000041, 0x0) r1 = getpid() mmap(&(0x7f00003cb000/0x4000)=nil, 0x4000, 0xb635773f07ebbeed, 0x40010, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x20, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000000900)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x72, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60000000003c2c", @ANYBLOB="37fb3bbce8afc7def78a8a5bf4b96873ed2f29734a49e92f2dfb9ac94e2e408930f1270827e42cd6be4efec81c94eb4acf824286e4e63b304651d06fccb0412c8275468d16ac859450c633e8b868f1ede1546a08e6df91e7fe9af499dd6a54e69f8768b5ed77f1d663a784f51b797c87df28e817874580305c320e077dcd82ff784672bd5da9ce9741bfdc0a2a92f5cbd6054b36bfc1b2800806391d80445b17d76c8356ce6f20eda64082919ba0428962c88bebe24e91c680eb64d517f14019c4597caeac2ebade2a6fed4b3647c749951bf13eb79e7efccae2920b08d6dd63ef13bc8300f2f3dc5279890f6851220aca4baa2e2b89", @ANYRES8=r1], 0x0) 2.340565474s ago: executing program 0 (id=1043): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x236, &(0x7f0000000400)={0x0, 0xf691, 0x10100, 0x0, 0x2b5}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) dup(r7) r8 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(r8, 0x2) r9 = userfaultfd(0x80001) ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) r10 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a) 2.17990416s ago: executing program 3 (id=1045): openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) syz_open_dev$radio(0x0, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd74) r2 = openat$pmem0(0xffffffffffffff9c, 0x0, 0x80d01, 0x0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) syz_open_dev$sndmidi(&(0x7f0000000080), 0x585, 0x80) pwrite64(r2, 0x0, 0x0, 0x2) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x41, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(r4, 0x8, &(0x7f0000000280)=0x800000003d) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r7, 0x0, 0x0, 0x400ad80, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xf, 0x6, &(0x7f00000000c0)=ANY=[@ANYBLOB="b40600000000000071110900000000008510000002000000850000000000000095004c00000000009500001200000000abab312391510836759074ccff2ed8f9c6678e25a33f6cb4afb47400579805765886e28121bebe2d798a21d0b1ba3c64b7154fbdd9b3a80839903d9dd9de92169257abf148f32a4575c38f85b047adf3910ae2b8495219b4870f390a8ef2c1f726023303687ce9957117cd890e4f5fd2866f89b463a81c1c1d61315bf02b40cd104511054ac8a8520a9bc112b3ae285491bbc6b2ce30ebd6ad27379e663b789e161b728f428d163a5884b2c9cc8f6648f3d34acee04143923c18b932b60cea"], &(0x7f0000000080)='GPL\x00', 0x7, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) sendmmsg$inet6(r7, &(0x7f0000006780)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3ab706204ee39c9dae21a1718ee351ebc92d2f0d482a863ae5c0b4d768ffe745af2c53a083d9b761b", 0xfff7}], 0x1}}], 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) dup(0xffffffffffffffff) 2.091183092s ago: executing program 2 (id=1046): mknod(&(0x7f0000000000)='./bus\x00', 0x1000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680)) r1 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096}) connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x1415, 0x101, 0x1, 0x25dfdbfc}, 0x10}}, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) 1.810051384s ago: executing program 1 (id=1047): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x236, &(0x7f0000000400)={0x0, 0xf691, 0x10100, 0x0, 0x2b5}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1400000005000000ae0500000c000000048b0000", @ANYRES32, @ANYBLOB='\b\x00'/20, @ANYRES32=r5, @ANYRES32, @ANYBLOB="0100000004000000020040000000000000000000", @ANYRES32, @ANYBLOB="96e8f300"], 0x50) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)="d800", 0x2}, {&(0x7f0000000240)="f3d4aafbad470b38b7904920741b095a3e3e514330f64019a6a4c152a5adfa02568740a10a29a30a7baaae8c81b9d5c24d435169fe41d757f140cfe0052d6f649e02e9e7da2bc5fae3b5353625353e8aacd718cfe01f23f37318458ca09ecd1cbeca8029baebe2b56e91513ac427d039095b8b3e108b5bca60c44185d00b84c49c95874a654469c40a686e78bbd79533e23b815e94af0d683bca06ce8f2073d3e700be455ff435c84fa71d8007c2399e66a4e9f2146c35c188", 0xb9}, {&(0x7f0000000300)="ccaa65ba02d4857149930335b60a80f8c29b89049f8a62d42099f7ecc4d43f7c03ee041892a86c68d898aa3572ed036181342251aed23ea497720995de0a37708c6cfaec3c189b0c18224145eb4aff8580cdedcb5142ebc1e362d0be04550547a4db33ea275d825fa3999be32e5c1b558555a6d833db4af5558f3807248c37c12c640990cf9bd4b3c476625744d418a84d7379b781316aa8b3a25375a16c23b5562c21255f6711bfefd3ee1a5cf4d42e18c6c231cd8efc48c38cc6f39f3449f220ab61c76ce3181da89c5cb2ac33aaab6e1ed4", 0xd3}], 0x3}, 0x4004) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r9 = dup(r8) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4400ae8f, &(0x7f0000000040)=@x86={0x40, 0x4e, 0x8c, 0x0, 0x8004, 0xeb, 0x1, 0x23, 0x7, 0xa2, 0xa, 0x1, 0x0, 0x0, 0x9, 0x5, 0x7, 0x2, 0x6, '\x00', 0x0, 0xaa}) ioctl$KVM_SET_VAPIC_ADDR(r9, 0x4008ae93, &(0x7f00000000c0)=0xffff) open(&(0x7f0000000180)='.\x00', 0x0, 0x0) r10 = userfaultfd(0x80001) ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r10, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) r11 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a) 1.410556337s ago: executing program 0 (id=1048): syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0) r0 = syz_io_uring_setup(0x1545, &(0x7f0000000240)={0x0, 0x8f3e, 0x80}, 0x0, 0x0) syz_io_uring_setup(0x1868, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'}) ioctl$RTC_AIE_OFF(r1, 0x7002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xf, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) listen(0xffffffffffffffff, 0x8) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x23, &(0x7f0000000080)=0x4d, 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x2, 0xffffffffffffffff, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) close(0xffffffffffffffff) removexattr(0x0, &(0x7f0000000240)=@known='user.incfs.metadata\x00') syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80) syz_open_dev$vbi(0x0, 0x0, 0x2) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x1040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, &(0x7f0000000180)={0x6, 0x3, 0x3c}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) 1.250905919s ago: executing program 2 (id=1049): syz_open_dev$tty1(0xc, 0x4, 0x4) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r4, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r1]) ioctl$KVM_GET_VCPU_EVENTS(r4, 0x4048aecb, &(0x7f0000000080)) 1.25060373s ago: executing program 3 (id=1050): openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = dup(r1) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000080)={0x23, 0x3, 0x18, 0x2000, 0x0, 0x0, 0x0}) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xf, 0xf, &(0x7f0000000080)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0xbb}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0xba}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000180)) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x4, 0x0, 0x2, 0x0, 0x7fffffff], 0x80a0000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1.108927833s ago: executing program 3 (id=1051): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newtaction={0x114, 0x30, 0x1, 0x0, 0x25dfdbfc, {}, [{0x100, 0x1, [@m_ct={0x9c, 0x2, 0x0, 0x0, {{0x7}, {0x20, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @loopback}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}}]}, {0x56, 0x6, "7d0f24ec99750ab3dbc181f1bcdfacf4ac8d680d38cd2c9d80f966293d08121def2c50b44df5f9b2767399fe34389854d91cab0e620109205226cc71fe1c20bf7110b731b3a883f008cc006a2cf76b7c3110"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_sample={0x60, 0x13, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x1}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x18d282e7}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x6, 0x5, 0x7, 0x3}}]}, {0xc, 0x6, "d6ae2a722742fd9f"}, {0xc}, {0xc}}}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x800}, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$l2tp6(0xa, 0x2, 0x73) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) sendmmsg$unix(r0, &(0x7f0000000000), 0x400000000000041, 0x0) r1 = getpid() mmap(&(0x7f00003cb000/0x4000)=nil, 0x4000, 0xb635773f07ebbeed, 0x40010, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x20, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800"/15], &(0x7f0000000900)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x72, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60000000003c2c", @ANYBLOB="37fb3bbce8afc7def78a8a5bf4b96873ed2f29734a49e92f2dfb9ac94e2e408930f1270827e42cd6be4efec81c94eb4acf824286e4e63b304651d06fccb0412c8275468d16ac859450c633e8b868f1ede1546a08e6df91e7fe9af499dd6a54e69f8768b5ed77f1d663a784f51b797c87df28e817874580305c320e077dcd82ff784672bd5da9ce9741bfdc0a2a92f5cbd6054b36bfc1b2800806391d80445b17d76c8356ce6f20eda64082919ba0428962c88bebe24e91c680eb64d517f14019c4597caeac2ebade2a6fed4b3647c749951bf13eb79e7efccae2920b08d6dd63ef13bc8300f2f3dc5279890f6851220aca4baa2e2b89", @ANYRES8=r1], 0x0) 1.108639103s ago: executing program 3 (id=1052): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000000000)={0x10, 0x0, 0x2ddfdbff, 0x2ffffffff}, 0xc) r5 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000400)={0x0, 0x1802, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r7, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07, 0xff07}, 0x2000000) 1.108450935s ago: executing program 2 (id=1053): r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) r2 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x3}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1d48f913f8b22a30a47d9ae02000000e2b855845f39806305f56d918cc5b4023fdbe9cae4147c84583ec9dd375031ba5ae65e31f00e641832d29ed658b91f33595b033222944765cb6a50d859f754ed83eefd480be0e3100965f081190bbb39a5965ceaa76975b888", 0x126, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r2}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}}) 1.040080656s ago: executing program 2 (id=1054): socket$inet_tcp(0x2, 0x1, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0xa000, 0x1da) read$FUSE(r0, &(0x7f0000002200)={0x2020}, 0xac) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) socket(0x10, 0x803, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8929, &(0x7f0000000280)={'veth1_vlan\x00', @ifru_settings={0x4, 0x0, @cisco=&(0x7f00000021c0)={0xd7f, 0x393}}}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x8000000003, 0x4, 0x2, 0x7f}, 0x0, &(0x7f00000020c0)={0x1f, 0x0, 0x8, 0x0, 0xfffffffffffffffd, 0x4, 0x4, 0x7d6}, &(0x7f0000000280)={0x77359400}, 0x0) mknodat$null(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x2000, 0x103) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES64], 0x44}}, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x424, &(0x7f0000002100)=ANY=[@ANYRESDEC=r4, @ANYRESHEX=r4, @ANYBLOB="5b7ea3ac367ad06a77a03b24a961123a5bb464b7a5879cdc37b7da372554191e6a34f18ef2e33f9086cd7fd168694956f0226aacd32f85136aa20c54bd5c6bc1c1d92fe1ec7e83398200000000", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRES16=r3]) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x0, 0x0, &(0x7f0000001200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="c2754713e36569b2fae8649eb50c4d0000000000", @ANYRES32=0x1], 0x50) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x8916, &(0x7f0000000000)={r5}) r6 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x8916, &(0x7f0000000000)={r6}) ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x8936, &(0x7f0000000000)={r6}) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 991.99986ms ago: executing program 3 (id=1055): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x236, &(0x7f0000000400)={0x0, 0xf691, 0x10100, 0x0, 0x2b5}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1400000005000000ae0500000c000000048b0000", @ANYRES32, @ANYBLOB='\b\x00'/20, @ANYRES32=r4, @ANYRES32, @ANYBLOB="0100000004000000020040000000000000000000", @ANYRES32, @ANYBLOB="96e8f300"], 0x50) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)="d800", 0x2}, {&(0x7f0000000240)="f3d4aafbad470b38b7904920741b095a3e3e514330f64019a6a4c152a5adfa02568740a10a29a30a7baaae8c81b9d5c24d435169fe41d757f140cfe0052d6f649e02e9e7da2bc5fae3b5353625353e8aacd718cfe01f23f37318458ca09ecd1cbeca8029baebe2b56e91513ac427d039095b8b3e108b5bca60c44185d00b84c49c95874a654469c40a686e78bbd79533e23b815e94af0d683bca06ce8f2073d3e700be455ff435c84fa71d8007c2399e66a4e9f2146c35c188", 0xb9}, {&(0x7f0000000300)="ccaa65ba02d4857149930335b60a80f8c29b89049f8a62d42099f7ecc4d43f7c03ee041892a86c68d898aa3572ed036181342251aed23ea497720995de0a37708c6cfaec3c189b0c18224145eb4aff8580cdedcb5142ebc1e362d0be04550547a4db33ea275d825fa3999be32e5c1b558555a6d833db4af5558f3807248c37c12c640990cf9bd4b3c476625744d418a84d7379b781316aa8b3a25375a16c23b5562c21255f6711bfefd3ee1a5cf4d42e18c6c231cd8efc48c38cc6f39f3449f220ab61c76ce3181da89c5cb2ac33aaab6e1ed4", 0xd3}], 0x3}, 0x4004) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r8 = dup(r7) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000040)=@x86={0x40, 0x4e, 0x8c, 0x0, 0x8004, 0xeb, 0x1, 0x23, 0x7, 0xa2, 0xa, 0x1, 0x0, 0x0, 0x9, 0x5, 0x7, 0x2, 0x6, '\x00', 0x0, 0xaa}) ioctl$KVM_SET_VAPIC_ADDR(r8, 0x4008ae93, &(0x7f00000000c0)=0xffff) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(r9, 0x2) r10 = userfaultfd(0x80001) ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r10, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) r11 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a) r12 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) 759.060816ms ago: executing program 1 (id=1056): close(0xffffffffffffffff) socket$inet6(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_setup(0x499f, 0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0xff00) 170.245415ms ago: executing program 2 (id=1057): syz_open_dev$usbmon(&(0x7f0000000c80), 0x0, 0x800) ioctl$VIDIOC_G_FREQUENCY(0xffffffffffffffff, 0xc02c5638, &(0x7f00000000c0)={0x1}) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') socket$kcm(0x2, 0xa, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000001800010000000000000000000200000000000006000000000c00090008"], 0x38}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x64) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xaa4, 0x0, &(0x7f0000000100)}) 0s ago: executing program 3 (id=1058): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) ioctl$sock_netdev_private(r0, 0x8949, &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:8612' (ED25519) to the list of known hosts. [ 41.036350][ T5891] cgroup: Unknown subsys name 'net' [ 41.185842][ T5891] cgroup: Unknown subsys name 'cpuset' [ 41.190050][ T5891] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.054878][ T5891] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.374562][ T5938] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.377833][ T5938] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.380575][ T5938] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.384415][ T5938] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.386093][ T5941] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.387130][ T5938] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.389465][ T5941] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.394892][ T5938] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.398255][ T5938] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.400702][ T5938] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.423862][ T5938] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.427136][ T5938] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.431043][ T5938] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.433323][ T67] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.434446][ T5938] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.437796][ T67] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.439543][ T5938] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.442116][ T67] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.448785][ T5938] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.453691][ T5938] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.646915][ T5933] chnl_net:caif_netlink_parms(): no params data found [ 45.695846][ T5935] chnl_net:caif_netlink_parms(): no params data found [ 45.740883][ T5942] chnl_net:caif_netlink_parms(): no params data found [ 45.883644][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.885895][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.888336][ T5933] bridge_slave_0: entered allmulticast mode [ 45.891387][ T5933] bridge_slave_0: entered promiscuous mode [ 45.925325][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.928192][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.931050][ T5933] bridge_slave_1: entered allmulticast mode [ 45.934712][ T5933] bridge_slave_1: entered promiscuous mode [ 46.056720][ T5944] chnl_net:caif_netlink_parms(): no params data found [ 46.061264][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.064045][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.066383][ T5935] bridge_slave_0: entered allmulticast mode [ 46.069009][ T5935] bridge_slave_0: entered promiscuous mode [ 46.074869][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.078762][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.081555][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.085886][ T5942] bridge_slave_0: entered allmulticast mode [ 46.089757][ T5942] bridge_slave_0: entered promiscuous mode [ 46.098655][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.101022][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.103915][ T5935] bridge_slave_1: entered allmulticast mode [ 46.106534][ T5935] bridge_slave_1: entered promiscuous mode [ 46.110128][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.113108][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.115338][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.117642][ T5942] bridge_slave_1: entered allmulticast mode [ 46.120231][ T5942] bridge_slave_1: entered promiscuous mode [ 46.206637][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.258441][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.264600][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.269916][ T5933] team0: Port device team_slave_0 added [ 46.307838][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.312474][ T5933] team0: Port device team_slave_1 added [ 46.351404][ T5942] team0: Port device team_slave_0 added [ 46.409365][ T5942] team0: Port device team_slave_1 added [ 46.425977][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.428333][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.437100][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.471635][ T5935] team0: Port device team_slave_0 added [ 46.474210][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.476400][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.486686][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.490464][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.492879][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.495184][ T5944] bridge_slave_0: entered allmulticast mode [ 46.497908][ T5944] bridge_slave_0: entered promiscuous mode [ 46.517350][ T5935] team0: Port device team_slave_1 added [ 46.525986][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.529014][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.531892][ T5944] bridge_slave_1: entered allmulticast mode [ 46.535904][ T5944] bridge_slave_1: entered promiscuous mode [ 46.538997][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.541184][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.549246][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.579004][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.581181][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.589136][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.606997][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.609234][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.617978][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.659756][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.661971][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.669945][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.678684][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.702404][ T5933] hsr_slave_0: entered promiscuous mode [ 46.704661][ T5933] hsr_slave_1: entered promiscuous mode [ 46.709346][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.811397][ T5944] team0: Port device team_slave_0 added [ 46.816801][ T5935] hsr_slave_0: entered promiscuous mode [ 46.819189][ T5935] hsr_slave_1: entered promiscuous mode [ 46.821378][ T5935] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.823980][ T5935] Cannot create hsr debugfs directory [ 46.828274][ T5942] hsr_slave_0: entered promiscuous mode [ 46.830554][ T5942] hsr_slave_1: entered promiscuous mode [ 46.833449][ T5942] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.835881][ T5942] Cannot create hsr debugfs directory [ 46.843894][ T5944] team0: Port device team_slave_1 added [ 46.909400][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.911556][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.919507][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.926241][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.928672][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.936689][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.057308][ T5944] hsr_slave_0: entered promiscuous mode [ 47.059970][ T5944] hsr_slave_1: entered promiscuous mode [ 47.062468][ T5944] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.066227][ T5944] Cannot create hsr debugfs directory [ 47.251904][ T5933] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 47.262982][ T5933] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 47.272449][ T5933] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 47.290808][ T5933] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 47.311568][ T5942] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.316004][ T5942] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.319948][ T5942] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.324158][ T5942] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.361287][ T5935] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.366119][ T5935] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.371053][ T5935] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 47.375890][ T5935] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.424941][ T5944] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.429410][ T5944] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.441446][ T5944] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.445541][ T5944] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.463789][ T5938] Bluetooth: hci3: command tx timeout [ 47.463792][ T5941] Bluetooth: hci2: command tx timeout [ 47.474278][ T5941] Bluetooth: hci0: command tx timeout [ 47.476189][ T5938] Bluetooth: hci1: command tx timeout [ 47.476405][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.486646][ T5933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.515137][ T5942] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.520745][ T5933] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.526249][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.530171][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.533099][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.545157][ T79] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.547465][ T79] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.550941][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.553287][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.564082][ T1180] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.566421][ T1180] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.581024][ T5935] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.592526][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.598591][ T1180] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.600996][ T1180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.609912][ T5942] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 47.613805][ T5942] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.637946][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.640186][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.645960][ T5944] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.651803][ T1180] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.654107][ T1180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.665283][ T1180] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.667519][ T1180] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.709494][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.747203][ T5942] veth0_vlan: entered promiscuous mode [ 47.751917][ T5942] veth1_vlan: entered promiscuous mode [ 47.768614][ T5942] veth0_macvtap: entered promiscuous mode [ 47.774319][ T5942] veth1_macvtap: entered promiscuous mode [ 47.779962][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.788750][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.797439][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.807530][ T5942] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.810308][ T5942] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.813520][ T5942] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.816189][ T5942] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.829881][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.845286][ T5933] veth0_vlan: entered promiscuous mode [ 47.867134][ T5933] veth1_vlan: entered promiscuous mode [ 47.875599][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.881415][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.885180][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.902069][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.904940][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.905933][ T5935] veth0_vlan: entered promiscuous mode [ 47.917773][ T5933] veth0_macvtap: entered promiscuous mode [ 47.920303][ T5935] veth1_vlan: entered promiscuous mode [ 47.933012][ T5933] veth1_macvtap: entered promiscuous mode [ 47.933291][ T5942] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 47.943883][ T5944] veth0_vlan: entered promiscuous mode [ 47.951981][ T5944] veth1_vlan: entered promiscuous mode [ 47.960257][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.964321][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.968685][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.976951][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.980145][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.984903][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.988594][ T5933] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.991303][ T5933] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.003007][ T5933] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.005674][ T5933] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.009744][ T5935] veth0_macvtap: entered promiscuous mode [ 48.014185][ T5935] veth1_macvtap: entered promiscuous mode [ 48.021309][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.024897][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.027867][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.031037][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.035034][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.038724][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.041931][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.045791][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.048961][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.052671][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.057058][ T5935] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.059771][ T5935] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.062467][ T5935] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.065501][ T5935] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.113042][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.116735][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.125761][ T1180] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.130632][ T1180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.140312][ T5944] veth0_macvtap: entered promiscuous mode [ 48.155026][ T5944] veth1_macvtap: entered promiscuous mode [ 48.158007][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.160376][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.177095][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.179460][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.186868][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.190070][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.194370][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.198046][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.201118][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.204723][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.208975][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.247503][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.251228][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.257882][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.261119][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.267987][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.271228][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.277264][ T5996] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 48.280220][ T5996] netlink: 'syz.1.2': attribute type 5 has an invalid length. [ 48.280984][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.282677][ T5996] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2'. [ 48.287147][ T5944] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.290470][ T5944] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.293602][ T5944] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.296390][ T5944] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.304903][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.307524][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.318104][ T5996] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 48.320901][ T5996] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 48.325167][ T5996] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 48.330832][ T5996] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 48.336958][ T5996] geneve2: entered promiscuous mode [ 48.338721][ T5996] geneve2: entered allmulticast mode [ 48.383329][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.385844][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.439427][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.442912][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.536294][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.539637][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.542974][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.548038][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.600211][ T6009] openvswitch: netlink: VXLAN extension message has 1 unknown bytes. [ 48.634092][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.303208][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.544882][ T5938] Bluetooth: hci1: command tx timeout [ 49.546841][ T5938] Bluetooth: hci3: command tx timeout [ 49.548631][ T5938] Bluetooth: hci0: command tx timeout [ 49.550319][ T5938] Bluetooth: hci2: command tx timeout [ 50.197953][ T6034] syz.2.10 uses obsolete (PF_INET,SOCK_PACKET) [ 50.206909][ T6034] netlink: 16 bytes leftover after parsing attributes in process `syz.2.10'. [ 50.346502][ T6033] netlink: 16 bytes leftover after parsing attributes in process `syz.1.11'. [ 50.596366][ T5973] IPVS: starting estimator thread 0... [ 50.713928][ T6040] IPVS: using max 48 ests per chain, 115200 per kthread [ 50.993864][ T6047] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15'. [ 50.997134][ T6047] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15'. [ 51.089184][ T6041] netfs: Couldn't get user pages (rc=-14) [ 51.163428][ T6045] 9pnet_fd: Insufficient options for proto=fd [ 51.207298][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 51.285208][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 51.632945][ T5938] Bluetooth: hci0: command tx timeout [ 51.632964][ T67] Bluetooth: hci3: command tx timeout [ 51.633258][ T5290] Bluetooth: hci1: command tx timeout [ 51.634757][ T5941] Bluetooth: hci2: command tx timeout [ 51.727952][ T6059] netlink: 16 bytes leftover after parsing attributes in process `syz.3.17'. [ 52.370274][ T5995] IPVS: starting estimator thread 0... [ 52.702976][ T6069] IPVS: using max 48 ests per chain, 115200 per kthread [ 53.064014][ T6086] 9pnet_fd: Insufficient options for proto=fd [ 53.081339][ T6089] smc: net device bond0 applied user defined pnetid SYZ0 [ 53.641839][ T6096] netlink: 16 bytes leftover after parsing attributes in process `syz.1.25'. [ 53.702871][ T5941] Bluetooth: hci3: command tx timeout [ 53.792746][ T5938] Bluetooth: hci2: command tx timeout [ 53.794670][ T67] Bluetooth: hci1: command tx timeout [ 53.797332][ T5938] Bluetooth: hci0: command tx timeout [ 54.568383][ T6111] netlink: 16 bytes leftover after parsing attributes in process `syz.2.28'. [ 55.302050][ T6124] netlink: 16 bytes leftover after parsing attributes in process `syz.0.30'. [ 55.418044][ T6130] netlink: 'syz.2.33': attribute type 10 has an invalid length. [ 55.420734][ T6130] netlink: 40 bytes leftover after parsing attributes in process `syz.2.33'. [ 55.469934][ T6130] team0: Port device geneve0 added [ 55.537933][ T6120] CUSE: unknown device info "ÿ" [ 55.539581][ T6120] CUSE: zero length info key specified [ 55.574225][ T6116] netlink: 68 bytes leftover after parsing attributes in process `syz.1.31'. [ 55.577002][ T6116] netlink: 68 bytes leftover after parsing attributes in process `syz.1.31'. [ 55.637976][ T6122] ip6tnl1: entered promiscuous mode [ 55.639640][ T6122] ip6tnl1: entered allmulticast mode [ 55.642543][ T6122] team0: Device ip6tnl1 is of different type [ 56.365421][ T6138] netlink: 8 bytes leftover after parsing attributes in process `syz.1.34'. [ 56.586304][ T6145] mmap: syz.0.35 (6145) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 57.138344][ T6156] netlink: 'syz.3.37': attribute type 1 has an invalid length. [ 57.145109][ T6156] netlink: 224 bytes leftover after parsing attributes in process `syz.3.37'. [ 57.516050][ T6161] netlink: 16 bytes leftover after parsing attributes in process `syz.0.39'. [ 57.870957][ T6168] netlink: 8 bytes leftover after parsing attributes in process `syz.2.40'. [ 59.030143][ T6186] netlink: 'syz.3.45': attribute type 27 has an invalid length. [ 59.315671][ T6192] __nla_validate_parse: 1 callbacks suppressed [ 59.315682][ T6192] netlink: 4 bytes leftover after parsing attributes in process `syz.3.45'. [ 59.650357][ T6186] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.653413][ T6186] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.833756][ T6204] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(13) [ 59.835914][ T6204] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 59.840766][ T6204] vhci_hcd vhci_hcd.0: Device attached [ 59.846065][ T6204] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(15) [ 59.848141][ T6204] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 59.853126][ T6204] vhci_hcd vhci_hcd.0: Device attached [ 59.862147][ T6204] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 59.872527][ T6204] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(19) [ 59.874626][ T6204] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 59.882865][ T6204] vhci_hcd vhci_hcd.0: Device attached [ 59.891197][ T6204] vhci_hcd vhci_hcd.0: pdev(0) rhport(4) sockfd(22) [ 59.893329][ T6204] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 59.933516][ T6204] vhci_hcd vhci_hcd.0: Device attached [ 59.941036][ T6204] vhci_hcd vhci_hcd.0: pdev(0) rhport(5) sockfd(24) [ 59.943148][ T6204] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 59.969967][ T6204] vhci_hcd vhci_hcd.0: Device attached [ 59.998924][ T6186] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 60.011249][ T6186] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 60.012949][ T63] vhci_hcd: vhci_device speed not set [ 60.041410][ T6219] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 60.073651][ T63] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 60.077073][ T6204] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 60.149700][ T6204] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 60.159434][ T6221] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 60.207072][ T6214] vhci_hcd: connection closed [ 60.208157][ T6211] vhci_hcd: connection closed [ 60.208709][ T6186] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.209668][ T6205] vhci_hcd: connection reset by peer [ 60.211125][ T6186] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.214465][ T6209] vhci_hcd: connection closed [ 60.222828][ T1180] vhci_hcd: stop threads [ 60.222864][ T6207] vhci_hcd: connection closed [ 60.224719][ T1180] vhci_hcd: release socket [ 60.229131][ T1180] vhci_hcd: disconnect device [ 60.251126][ T1180] vhci_hcd: stop threads [ 60.254648][ T1180] vhci_hcd: release socket [ 60.259003][ T1180] vhci_hcd: disconnect device [ 60.260619][ T1180] vhci_hcd: stop threads [ 60.261974][ T1180] vhci_hcd: release socket [ 60.269149][ T1180] vhci_hcd: disconnect device [ 60.271106][ T1180] vhci_hcd: stop threads [ 60.272482][ T1180] vhci_hcd: release socket [ 60.276022][ T1180] vhci_hcd: disconnect device [ 60.279235][ T1180] vhci_hcd: stop threads [ 60.280596][ T1180] vhci_hcd: release socket [ 60.284297][ T1180] vhci_hcd: disconnect device [ 60.375641][ T6186] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.378492][ T6186] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.840728][ T6247] netlink: 20 bytes leftover after parsing attributes in process `syz.2.59'. [ 62.300276][ T6256] netlink: 16 bytes leftover after parsing attributes in process `syz.2.61'. [ 62.523215][ T6262] binder: 6257:6262 ioctl c0306201 80000600 returned -22 [ 62.529899][ T6262] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 62.553827][ T6262] batman_adv: batadv0: Adding interface: ip6gretap1 [ 62.555950][ T6262] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.568606][ T6262] batman_adv: batadv0: Interface activated: ip6gretap1 [ 63.094962][ T6274] netlink: 8 bytes leftover after parsing attributes in process `syz.3.66'. [ 63.099034][ T6274] netlink: 12 bytes leftover after parsing attributes in process `syz.3.66'. [ 63.129065][ T6274] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 63.131989][ T6274] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 63.134869][ T6274] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 63.137864][ T6274] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 63.267692][ T6274] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 63.269842][ T6274] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 63.273434][ T6274] vhci_hcd vhci_hcd.0: Device attached [ 63.523060][ T76] usb 43-1: new high-speed USB device number 2 using vhci_hcd [ 63.714347][ T6287] loop6: detected capacity change from 0 to 63 [ 63.723959][ T6286] Buffer I/O error on dev loop6, logical block 0, async page read [ 63.726643][ T6286] Buffer I/O error on dev loop6, logical block 1, async page read [ 63.742013][ T6286] Buffer I/O error on dev loop6, logical block 2, async page read [ 63.748458][ T6286] Buffer I/O error on dev loop6, logical block 3, async page read [ 63.752370][ T6286] Buffer I/O error on dev loop6, logical block 0, async page read [ 63.756512][ T6286] Buffer I/O error on dev loop6, logical block 1, async page read [ 63.759214][ T6286] Buffer I/O error on dev loop6, logical block 2, async page read [ 63.765525][ T6286] Buffer I/O error on dev loop6, logical block 3, async page read [ 63.771892][ T5936] Buffer I/O error on dev loop6, logical block 0, async page read [ 63.792716][ T5936] Buffer I/O error on dev loop6, logical block 1, async page read [ 63.880141][ T6290] netlink: 8 bytes leftover after parsing attributes in process `syz.1.70'. [ 63.887807][ T6290] netlink: 'syz.1.70': attribute type 9 has an invalid length. [ 63.901447][ T6290] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 63.923560][ T6290] macvlan2: entered allmulticast mode [ 63.933059][ T6290] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 63.940192][ T6280] vhci_hcd: connection reset by peer [ 63.942581][ T13] vhci_hcd: stop threads [ 63.945023][ T13] vhci_hcd: release socket [ 63.946849][ T13] vhci_hcd: disconnect device [ 64.068465][ T835] IPVS: starting estimator thread 0... [ 64.150502][ T5967] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 64.154370][ T6299] IPVS: using max 49 ests per chain, 117600 per kthread [ 64.315651][ T5967] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 64.319927][ T5967] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 64.325762][ T5967] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 64.331628][ T5967] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.441819][ T6308] netfs: Couldn't get user pages (rc=-14) [ 64.481409][ T6310] 9pnet_fd: Insufficient options for proto=fd [ 64.557822][ T5967] usb 7-1: usb_control_msg returned -32 [ 64.561018][ T5967] usbtmc 7-1:16.0: can't read capabilities [ 65.213783][ T63] vhci_hcd: vhci_device speed not set [ 65.396944][ T6320] netlink: 16 bytes leftover after parsing attributes in process `syz.3.76'. [ 65.771435][ T6319] 9pnet_virtio: no channels available for device syz [ 65.854520][ T6321] 9pnet_fd: Insufficient options for proto=fd [ 66.919818][ T835] usb 7-1: USB disconnect, device number 2 [ 67.914297][ T6352] netlink: 12 bytes leftover after parsing attributes in process `syz.1.86'. [ 67.917155][ T6350] netlink: 48 bytes leftover after parsing attributes in process `syz.0.85'. [ 67.917475][ T6352] netlink: 12 bytes leftover after parsing attributes in process `syz.1.86'. [ 68.448873][ T6362] netlink: 16 bytes leftover after parsing attributes in process `syz.0.88'. [ 68.470849][ T6361] 9pnet_fd: Insufficient options for proto=fd [ 68.692934][ T76] vhci_hcd: vhci_device speed not set [ 69.463116][ T6369] netlink: 16 bytes leftover after parsing attributes in process `syz.1.89'. [ 70.255104][ T6397] netlink: 16 bytes leftover after parsing attributes in process `syz.0.97'. [ 70.828055][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.933517][ T6406] netlink: 12 bytes leftover after parsing attributes in process `syz.0.99'. [ 70.936427][ T6406] netlink: 12 bytes leftover after parsing attributes in process `syz.0.99'. [ 72.090118][ T6447] netlink: 16 bytes leftover after parsing attributes in process `syz.0.103'. [ 73.157471][ T6465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.107'. [ 73.160370][ T6465] netlink: 12 bytes leftover after parsing attributes in process `syz.2.107'. [ 73.172139][ T6465] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 73.174912][ T6465] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 73.177644][ T6465] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 73.180335][ T6465] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 73.249273][ T6465] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 73.251902][ T6465] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 73.276304][ T6465] vhci_hcd vhci_hcd.0: Device attached [ 73.357924][ T6462] netlink: 8 bytes leftover after parsing attributes in process `syz.3.110'. [ 73.562993][ T76] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 74.042748][ T6468] vhci_hcd: connection reset by peer [ 74.044907][ T1139] vhci_hcd: stop threads [ 74.047085][ T1139] vhci_hcd: release socket [ 74.048693][ T1139] vhci_hcd: disconnect device [ 74.557324][ T6516] netlink: 8 bytes leftover after parsing attributes in process `syz.0.124'. [ 75.121524][ T40] audit: type=1800 audit(1746497759.135:2): pid=6528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.121" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 76.362541][ T6551] netlink: 16 bytes leftover after parsing attributes in process `syz.3.129'. [ 77.656553][ T6594] netlink: 16 bytes leftover after parsing attributes in process `syz.3.133'. [ 79.047936][ T6637] netlink: 16 bytes leftover after parsing attributes in process `syz.2.139'. [ 79.192897][ T76] vhci_hcd: vhci_device speed not set [ 80.475496][ T6665] netlink: 16 bytes leftover after parsing attributes in process `syz.0.146'. [ 81.011251][ T6673] netlink: 16 bytes leftover after parsing attributes in process `syz.3.149'. [ 81.215839][ T65] cfg80211: failed to load regulatory.db [ 81.607810][ T6691] netlink: 'syz.1.155': attribute type 10 has an invalid length. [ 81.610334][ T6691] netlink: 40 bytes leftover after parsing attributes in process `syz.1.155'. [ 81.666199][ T6693] CUSE: unknown device info "ÿ" [ 81.667852][ T6693] CUSE: zero length info key specified [ 81.853032][ T6691] team0: Port device geneve0 added [ 83.025802][ T6710] netlink: 16 bytes leftover after parsing attributes in process `syz.1.159'. [ 84.080196][ T65] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 84.147806][ T6731] loop6: detected capacity change from 0 to 63 [ 84.155608][ T5936] buffer_io_error: 26 callbacks suppressed [ 84.155617][ T5936] Buffer I/O error on dev loop6, logical block 0, async page read [ 84.160833][ T6731] Buffer I/O error on dev loop6, logical block 0, async page read [ 84.163919][ T6731] Buffer I/O error on dev loop6, logical block 0, async page read [ 84.166629][ T5936] Buffer I/O error on dev loop6, logical block 0, async page read [ 84.169417][ T5936] Buffer I/O error on dev loop6, logical block 0, async page read [ 84.171895][ T5936] Buffer I/O error on dev loop6, logical block 0, async page read [ 84.176289][ T6731] Buffer I/O error on dev loop6, logical block 0, async page read [ 84.178934][ T6731] Buffer I/O error on dev loop6, logical block 0, async page read [ 84.181520][ T5936] Buffer I/O error on dev loop6, logical block 0, async page read [ 84.188104][ T6731] Buffer I/O error on dev loop6, logical block 0, async page read [ 84.199228][ T6735] netlink: 68 bytes leftover after parsing attributes in process `syz.3.170'. [ 84.202029][ T6735] netlink: 68 bytes leftover after parsing attributes in process `syz.3.170'. [ 84.237336][ T65] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 84.240304][ T65] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 84.246867][ T65] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 84.249692][ T65] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.293846][ T6733] ip6tnl1: entered promiscuous mode [ 84.295633][ T6733] ip6tnl1: entered allmulticast mode [ 84.298072][ T6733] team0: Device ip6tnl1 is of different type [ 84.461450][ T65] usb 5-1: usb_control_msg returned -32 [ 84.463452][ T65] usbtmc 5-1:16.0: can't read capabilities [ 85.624644][ T6753] netlink: 8 bytes leftover after parsing attributes in process `syz.2.174'. [ 86.097068][ T6757] netlink: 20 bytes leftover after parsing attributes in process `syz.3.176'. [ 86.262137][ T40] audit: type=1800 audit(1746497770.275:3): pid=6770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.178" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 86.280892][ T6769] loop6: detected capacity change from 0 to 63 [ 86.500732][ T6776] netlink: 68 bytes leftover after parsing attributes in process `syz.2.181'. [ 86.503822][ T6776] netlink: 68 bytes leftover after parsing attributes in process `syz.2.181'. [ 86.594748][ T6776] ip6tnl1: entered promiscuous mode [ 86.596540][ T6776] ip6tnl1: entered allmulticast mode [ 86.599300][ T6776] team0: Device ip6tnl1 is of different type [ 86.606553][ T63] usb 5-1: USB disconnect, device number 2 [ 86.752010][ T6784] netlink: 8 bytes leftover after parsing attributes in process `syz.0.184'. [ 87.534101][ T6800] netlink: 8 bytes leftover after parsing attributes in process `syz.2.186'. [ 87.702854][ T6803] netlink: 16 bytes leftover after parsing attributes in process `syz.1.187'. [ 87.885499][ T6805] netlink: 16 bytes leftover after parsing attributes in process `syz.0.188'. [ 88.400023][ T6817] netlink: 8 bytes leftover after parsing attributes in process `syz.2.190'. [ 88.597970][ T6823] netlink: 8 bytes leftover after parsing attributes in process `syz.0.192'. [ 89.903510][ T6852] netlink: 8 bytes leftover after parsing attributes in process `syz.3.198'. [ 90.026055][ T6851] netlink: 'syz.1.197': attribute type 27 has an invalid length. [ 90.074423][ T6851] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.077003][ T6851] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.158585][ T6861] netlink: 8 bytes leftover after parsing attributes in process `syz.0.199'. [ 90.318982][ T6851] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 90.324850][ T6859] netlink: 4 bytes leftover after parsing attributes in process `syz.1.197'. [ 90.340669][ T6851] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 90.543869][ T6851] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.552308][ T6851] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.564570][ T6851] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.575546][ T6851] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.649431][ T6851] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0 [ 90.652192][ T6851] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 256 - 0 [ 90.660571][ T6851] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 256 - 0 [ 90.671662][ T6851] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 256 - 0 [ 90.684878][ T6851] geneve2: left promiscuous mode [ 90.688841][ T6851] geneve2: left allmulticast mode [ 90.696866][ T6851] mac80211_hwsim hwsim2 wlan0: left allmulticast mode [ 90.703599][ T6851] macvlan2: left allmulticast mode [ 91.456584][ T6887] netlink: 8 bytes leftover after parsing attributes in process `syz.0.206'. [ 91.616836][ T6887] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.620572][ T6887] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.625011][ T6887] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.628814][ T6887] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.738594][ T6887] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12) [ 91.740720][ T6887] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 91.747674][ T6887] vhci_hcd vhci_hcd.0: Device attached [ 91.993439][ T76] usb 37-1: new high-speed USB device number 3 using vhci_hcd [ 91.998322][ T6900] __nla_validate_parse: 1 callbacks suppressed [ 91.998333][ T6900] netlink: 8 bytes leftover after parsing attributes in process `syz.3.209'. [ 92.016223][ T6901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.210'. [ 92.094722][ T6889] vhci_hcd: connection reset by peer [ 92.097479][ T1139] vhci_hcd: stop threads [ 92.099014][ T1139] vhci_hcd: release socket [ 92.100609][ T1139] vhci_hcd: disconnect device [ 92.767334][ T6909] netlink: 'syz.2.211': attribute type 27 has an invalid length. [ 92.836577][ T6909] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.839496][ T6909] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.842398][ T6915] netlink: 4 bytes leftover after parsing attributes in process `syz.2.211'. [ 92.892178][ T6909] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 92.906690][ T6909] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 92.998808][ T6909] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.017081][ T6909] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.024050][ T6909] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.033230][ T6909] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.057677][ T6909] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.060614][ T6909] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.064321][ T6909] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.067259][ T6909] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.141080][ T6923] netlink: 'syz.1.214': attribute type 1 has an invalid length. [ 93.143811][ T6923] netlink: 224 bytes leftover after parsing attributes in process `syz.1.214'. [ 93.888299][ T6936] netlink: 8 bytes leftover after parsing attributes in process `syz.3.219'. [ 94.614296][ T6950] netlink: 8 bytes leftover after parsing attributes in process `syz.0.223'. [ 94.794356][ T6959] netlink: 'syz.1.226': attribute type 27 has an invalid length. [ 94.808317][ T6959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.226'. [ 95.553419][ T6970] netlink: 8 bytes leftover after parsing attributes in process `syz.0.228'. [ 96.604050][ T6989] netlink: 16 bytes leftover after parsing attributes in process `syz.2.233'. [ 97.095628][ T6993] netlink: 16 bytes leftover after parsing attributes in process `syz.3.236'. [ 97.138402][ T76] vhci_hcd: vhci_device speed not set [ 97.459925][ T7006] netlink: 8 bytes leftover after parsing attributes in process `syz.2.237'. [ 97.460293][ T7005] netlink: 'syz.0.239': attribute type 27 has an invalid length. [ 97.475216][ T7007] netlink: 8 bytes leftover after parsing attributes in process `syz.1.246'. [ 97.611428][ T7005] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.613989][ T7005] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.751725][ T7005] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.770222][ T7005] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.921041][ T7005] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.924663][ T7005] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.927526][ T7005] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.930426][ T7005] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.978404][ T7005] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 97.981300][ T7005] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 97.984853][ T7005] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 97.987811][ T7005] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 98.400710][ T7025] netlink: 8 bytes leftover after parsing attributes in process `syz.0.252'. [ 98.408582][ T7026] netlink: 8 bytes leftover after parsing attributes in process `syz.1.243'. [ 98.624010][ T7030] netlink: 8 bytes leftover after parsing attributes in process `syz.2.242'. [ 100.246413][ T7085] netlink: 8 bytes leftover after parsing attributes in process `syz.3.256'. [ 100.327385][ T7089] netlink: 8 bytes leftover after parsing attributes in process `syz.1.257'. [ 101.027098][ T7101] netlink: 8 bytes leftover after parsing attributes in process `syz.2.260'. [ 101.923930][ T7134] netlink: 8 bytes leftover after parsing attributes in process `syz.2.266'. [ 102.066055][ T40] audit: type=1800 audit(1746497786.085:4): pid=7138 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.265" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 102.883895][ T7152] netlink: 8 bytes leftover after parsing attributes in process `syz.2.270'. [ 103.001813][ T7155] netlink: 8 bytes leftover after parsing attributes in process `syz.3.272'. [ 104.067556][ T7178] netlink: 8 bytes leftover after parsing attributes in process `syz.0.276'. [ 104.324783][ T7186] netlink: 8 bytes leftover after parsing attributes in process `syz.1.279'. [ 106.055581][ T7215] 9pnet_fd: Insufficient options for proto=fd [ 106.106997][ T7222] Bluetooth: MGMT ver 1.23 [ 106.360941][ T7232] netlink: 16 bytes leftover after parsing attributes in process `syz.1.291'. [ 106.500691][ T7234] Zero length message leads to an empty skb [ 106.815283][ T7240] netlink: 8 bytes leftover after parsing attributes in process `syz.3.304'. [ 106.818275][ T7240] netlink: 12 bytes leftover after parsing attributes in process `syz.3.304'. [ 108.796188][ T7283] lo speed is unknown, defaulting to 1000 [ 108.798232][ T7283] lo speed is unknown, defaulting to 1000 [ 108.801636][ T7283] lo speed is unknown, defaulting to 1000 [ 108.807157][ T7283] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 108.818846][ T7283] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 108.852029][ T7283] lo speed is unknown, defaulting to 1000 [ 108.864488][ T7283] lo speed is unknown, defaulting to 1000 [ 108.871155][ T7283] lo speed is unknown, defaulting to 1000 [ 108.879097][ T7283] lo speed is unknown, defaulting to 1000 [ 110.720992][ T7335] netlink: 16 bytes leftover after parsing attributes in process `syz.1.322'. [ 111.107974][ T7345] netlink: 8 bytes leftover after parsing attributes in process `syz.2.324'. [ 113.333521][ T7409] netlink: 8 bytes leftover after parsing attributes in process `syz.2.343'. [ 116.878959][ T7485] netlink: 8 bytes leftover after parsing attributes in process `syz.1.361'. [ 117.385262][ T7494] netlink: 16 bytes leftover after parsing attributes in process `syz.0.362'. [ 118.204702][ T7516] netlink: 8 bytes leftover after parsing attributes in process `syz.2.371'. [ 118.207677][ T7516] netlink: 12 bytes leftover after parsing attributes in process `syz.2.371'. [ 118.266191][ T7516] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 118.268298][ T7516] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 118.272552][ T7516] vhci_hcd vhci_hcd.0: Device attached [ 118.513710][ T57] usb 41-1: new high-speed USB device number 3 using vhci_hcd [ 118.874900][ T7517] vhci_hcd: connection reset by peer [ 118.879208][ T46] vhci_hcd: stop threads [ 118.881010][ T46] vhci_hcd: release socket [ 118.884292][ T46] vhci_hcd: disconnect device [ 118.899477][ T7531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.374'. [ 119.523521][ T7539] netlink: 16 bytes leftover after parsing attributes in process `syz.3.376'. [ 119.653765][ T7543] netlink: 8 bytes leftover after parsing attributes in process `syz.2.378'. [ 120.106200][ T7551] netlink: 16 bytes leftover after parsing attributes in process `syz.0.380'. [ 120.780475][ T7567] netlink: 8 bytes leftover after parsing attributes in process `syz.3.381'. [ 120.783600][ T7567] netlink: 12 bytes leftover after parsing attributes in process `syz.3.381'. [ 120.853515][ T7567] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 120.855604][ T7567] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 120.866504][ T7567] vhci_hcd vhci_hcd.0: Device attached [ 121.208447][ T76] usb 43-1: new high-speed USB device number 3 using vhci_hcd [ 121.296000][ T7568] vhci_hcd: connection reset by peer [ 121.300130][ T46] vhci_hcd: stop threads [ 121.301766][ T46] vhci_hcd: release socket [ 121.315743][ T46] vhci_hcd: disconnect device [ 121.563205][ T40] audit: type=1800 audit(1746497805.505:5): pid=7582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.389" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 121.569678][ T7580] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12) [ 121.571749][ T7580] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 121.576676][ T7580] vhci_hcd vhci_hcd.0: Device attached [ 121.777173][ T7586] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 121.779298][ T7586] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 121.782145][ T7586] vhci_hcd vhci_hcd.0: Device attached [ 121.813197][ T6075] usb 37-1: new high-speed USB device number 4 using vhci_hcd [ 121.989890][ T7583] vhci_hcd: connection reset by peer [ 121.992575][ T1180] vhci_hcd: stop threads [ 121.995451][ T1180] vhci_hcd: release socket [ 121.996979][ T1180] vhci_hcd: disconnect device [ 122.388001][ T7594] netlink: 'syz.3.391': attribute type 27 has an invalid length. [ 122.390773][ T7594] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 122.398964][ T7594] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 122.401772][ T7594] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 122.404917][ T7594] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 122.408313][ T7594] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 122.410416][ T7587] vhci_hcd: connection closed [ 122.411668][ T46] vhci_hcd: stop threads [ 122.415487][ T46] vhci_hcd: release socket [ 122.417429][ T46] vhci_hcd: disconnect device [ 122.538148][ T7594] __nla_validate_parse: 4 callbacks suppressed [ 122.538167][ T7594] netlink: 4 bytes leftover after parsing attributes in process `syz.3.391'. [ 123.518620][ T7606] netlink: 16 bytes leftover after parsing attributes in process `syz.1.395'. [ 123.773232][ T57] vhci_hcd: vhci_device speed not set [ 123.984485][ T7622] netlink: 8 bytes leftover after parsing attributes in process `syz.0.400'. [ 125.486230][ T7651] netlink: 8 bytes leftover after parsing attributes in process `syz.1.405'. [ 125.512957][ T7651] netlink: 12 bytes leftover after parsing attributes in process `syz.1.405'. [ 125.560414][ T7651] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.563482][ T7651] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.566282][ T7651] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.569046][ T7651] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.688538][ T7651] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12) [ 125.690665][ T7651] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 125.782011][ T7651] vhci_hcd vhci_hcd.0: Device attached [ 126.013352][ T57] usb 39-1: new high-speed USB device number 2 using vhci_hcd [ 126.291517][ T7655] vhci_hcd: connection reset by peer [ 126.294517][ T79] vhci_hcd: stop threads [ 126.296280][ T79] vhci_hcd: release socket [ 126.298150][ T79] vhci_hcd: disconnect device [ 126.333245][ T76] vhci_hcd: vhci_device speed not set [ 126.833942][ T7673] netlink: 8 bytes leftover after parsing attributes in process `syz.3.415'. [ 126.893486][ T6075] vhci_hcd: vhci_device speed not set [ 127.003631][ T7675] netlink: 8 bytes leftover after parsing attributes in process `syz.0.423'. [ 127.007626][ T7675] netlink: 12 bytes leftover after parsing attributes in process `syz.0.423'. [ 127.072839][ T7675] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12) [ 127.074933][ T7675] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 127.092341][ T7675] vhci_hcd vhci_hcd.0: Device attached [ 127.472896][ T6075] usb 37-1: device descriptor read/64, error -110 [ 127.571478][ T7682] vhci_hcd: connection closed [ 127.573225][ T79] vhci_hcd: stop threads [ 127.578536][ T79] vhci_hcd: release socket [ 127.580314][ T79] vhci_hcd: disconnect device [ 127.690785][ T6075] vhci_hcd: vhci_device speed not set [ 127.851573][ T7697] netlink: 16 bytes leftover after parsing attributes in process `syz.3.422'. [ 128.724929][ T7709] netlink: 8 bytes leftover after parsing attributes in process `syz.3.426'. [ 129.504601][ T7725] netlink: 'syz.2.431': attribute type 27 has an invalid length. [ 130.437921][ T7741] netlink: 16 bytes leftover after parsing attributes in process `syz.0.435'. [ 131.193219][ T57] vhci_hcd: vhci_device speed not set [ 131.246980][ T7757] netlink: 16 bytes leftover after parsing attributes in process `syz.3.437'. [ 131.262127][ T7756] netlink: 8 bytes leftover after parsing attributes in process `syz.1.438'. [ 131.266506][ T7756] netlink: 24 bytes leftover after parsing attributes in process `syz.1.438'. [ 131.337782][ T7758] netlink: 8 bytes leftover after parsing attributes in process `syz.2.441'. [ 132.120888][ T7767] netlink: 'syz.0.442': attribute type 27 has an invalid length. [ 132.267974][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.598627][ T7804] netlink: 8 bytes leftover after parsing attributes in process `syz.1.451'. [ 133.602403][ T7804] netlink: 12 bytes leftover after parsing attributes in process `syz.1.451'. [ 133.655943][ T7807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.453'. [ 133.659200][ T7807] netlink: 24 bytes leftover after parsing attributes in process `syz.2.453'. [ 133.668253][ T7804] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12) [ 133.670754][ T7804] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 133.677876][ T7804] vhci_hcd vhci_hcd.0: Device attached [ 133.973500][ T57] usb 39-1: new high-speed USB device number 3 using vhci_hcd [ 134.424015][ T7810] vhci_hcd: connection reset by peer [ 134.428481][ T79] vhci_hcd: stop threads [ 134.431017][ T79] vhci_hcd: release socket [ 134.432602][ T79] vhci_hcd: disconnect device [ 135.556929][ T7837] netlink: 'syz.3.463': attribute type 27 has an invalid length. [ 135.597183][ T7840] netlink: 8 bytes leftover after parsing attributes in process `syz.2.464'. [ 135.602599][ T7840] netlink: 12 bytes leftover after parsing attributes in process `syz.2.464'. [ 135.659642][ T7846] netlink: 8 bytes leftover after parsing attributes in process `syz.1.466'. [ 135.663896][ T7846] netlink: 24 bytes leftover after parsing attributes in process `syz.1.466'. [ 136.685109][ T7881] netlink: 'syz.1.473': attribute type 27 has an invalid length. [ 136.693772][ T7881] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 136.696630][ T7881] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 136.699369][ T7881] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 136.702170][ T7881] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 138.286640][ T7924] netlink: 8 bytes leftover after parsing attributes in process `syz.0.482'. [ 138.289704][ T7924] netlink: 12 bytes leftover after parsing attributes in process `syz.0.482'. [ 138.685987][ T7938] netlink: 8 bytes leftover after parsing attributes in process `syz.2.486'. [ 139.053487][ T57] vhci_hcd: vhci_device speed not set [ 140.133835][ T7973] netlink: 16 bytes leftover after parsing attributes in process `syz.1.495'. [ 140.236604][ T7976] netlink: 8 bytes leftover after parsing attributes in process `syz.0.496'. [ 141.005893][ T7996] netlink: 8 bytes leftover after parsing attributes in process `syz.3.503'. [ 141.646036][ T8012] netlink: 8 bytes leftover after parsing attributes in process `syz.0.506'. [ 141.649063][ T8012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.506'. [ 142.586007][ T8048] netlink: 16 bytes leftover after parsing attributes in process `syz.1.515'. [ 142.899748][ T8056] netlink: 'syz.2.520': attribute type 27 has an invalid length. [ 144.319054][ T8086] netlink: 8 bytes leftover after parsing attributes in process `syz.3.527'. [ 144.323393][ T8086] netlink: 12 bytes leftover after parsing attributes in process `syz.3.527'. [ 145.202160][ T8103] netlink: 16 bytes leftover after parsing attributes in process `syz.2.530'. [ 145.620233][ T8117] netlink: 16 bytes leftover after parsing attributes in process `syz.1.534'. [ 145.739774][ T8119] netlink: 8 bytes leftover after parsing attributes in process `syz.2.535'. [ 146.390753][ T8130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.537'. [ 146.395729][ T8130] netlink: 12 bytes leftover after parsing attributes in process `syz.0.537'. [ 146.571377][ T8136] netlink: 8 bytes leftover after parsing attributes in process `syz.2.539'. [ 147.205222][ T8141] netlink: 8 bytes leftover after parsing attributes in process `syz.3.540'. [ 147.208118][ T8141] netlink: 12 bytes leftover after parsing attributes in process `syz.3.540'. [ 149.736327][ T8205] __nla_validate_parse: 5 callbacks suppressed [ 149.736378][ T8205] netlink: 16 bytes leftover after parsing attributes in process `syz.1.556'. [ 151.046855][ T8233] netlink: 8 bytes leftover after parsing attributes in process `syz.3.563'. [ 151.326496][ T8241] netlink: 8 bytes leftover after parsing attributes in process `syz.2.565'. [ 151.329527][ T8241] netlink: 12 bytes leftover after parsing attributes in process `syz.2.565'. [ 152.321982][ T8256] netlink: 8 bytes leftover after parsing attributes in process `syz.1.568'. [ 152.325803][ T8256] netlink: 12 bytes leftover after parsing attributes in process `syz.1.568'. [ 152.946645][ T8268] netlink: 8 bytes leftover after parsing attributes in process `syz.2.572'. [ 152.949428][ T8268] netlink: 12 bytes leftover after parsing attributes in process `syz.2.572'. [ 153.034576][ T8263] 9pnet: Unknown protocol version 9 [ 154.020576][ T8299] netlink: 8 bytes leftover after parsing attributes in process `syz.2.579'. [ 154.026523][ T8299] netlink: 12 bytes leftover after parsing attributes in process `syz.2.579'. [ 154.869424][ T8329] 9pnet: Unknown protocol version 9 [ 155.210478][ T8337] __nla_validate_parse: 1 callbacks suppressed [ 155.210562][ T8337] netlink: 8 bytes leftover after parsing attributes in process `syz.1.586'. [ 155.229646][ T8340] netlink: 16 bytes leftover after parsing attributes in process `syz.2.584'. [ 155.811615][ T8354] netlink: 8 bytes leftover after parsing attributes in process `syz.3.590'. [ 155.901088][ T8357] 9pnet_fd: Insufficient options for proto=fd [ 155.922486][ T8358] netlink: 16 bytes leftover after parsing attributes in process `syz.0.591'. [ 156.883717][ T8380] netlink: 8 bytes leftover after parsing attributes in process `syz.2.598'. [ 156.920070][ T8376] netlink: 16 bytes leftover after parsing attributes in process `syz.1.597'. [ 157.186675][ T8385] netlink: 16 bytes leftover after parsing attributes in process `syz.0.600'. [ 157.696296][ T8409] 9pnet_fd: Insufficient options for proto=fd [ 157.846215][ T8414] netlink: 16 bytes leftover after parsing attributes in process `syz.2.604'. [ 158.178015][ T8421] netlink: 8 bytes leftover after parsing attributes in process `syz.0.609'. [ 158.853687][ T8441] netlink: 8 bytes leftover after parsing attributes in process `syz.2.613'. [ 160.843537][ T8499] __nla_validate_parse: 3 callbacks suppressed [ 160.843548][ T8499] netlink: 8 bytes leftover after parsing attributes in process `syz.3.624'. [ 161.497699][ T8516] netlink: 16 bytes leftover after parsing attributes in process `syz.0.626'. [ 161.742592][ T8520] netlink: 8 bytes leftover after parsing attributes in process `syz.3.630'. [ 161.865160][ T8519] netlink: 8 bytes leftover after parsing attributes in process `syz.1.627'. [ 161.868095][ T8519] netlink: 12 bytes leftover after parsing attributes in process `syz.1.627'. [ 162.358677][ T8529] 9pnet: Unknown protocol version 9p200 [ 162.925521][ T8537] netlink: 16 bytes leftover after parsing attributes in process `syz.1.634'. [ 163.625268][ T8556] netlink: 16 bytes leftover after parsing attributes in process `syz.0.638'. [ 163.842249][ T8560] netlink: 8 bytes leftover after parsing attributes in process `syz.1.639'. [ 164.299937][ T8577] netlink: 8 bytes leftover after parsing attributes in process `syz.3.641'. [ 165.191430][ T8601] netlink: 8 bytes leftover after parsing attributes in process `syz.3.648'. [ 166.145934][ T8629] __nla_validate_parse: 2 callbacks suppressed [ 166.145946][ T8629] netlink: 8 bytes leftover after parsing attributes in process `syz.3.654'. [ 166.295355][ T8632] netlink: 16 bytes leftover after parsing attributes in process `syz.2.655'. [ 166.662427][ T8638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.656'. [ 167.282485][ T8656] netlink: 8 bytes leftover after parsing attributes in process `syz.2.661'. [ 167.285847][ T8656] netlink: 12 bytes leftover after parsing attributes in process `syz.2.661'. [ 167.871601][ T8666] netlink: 8 bytes leftover after parsing attributes in process `syz.0.663'. [ 167.925293][ T8667] netlink: 8 bytes leftover after parsing attributes in process `syz.3.664'. [ 168.125163][ T8673] netlink: 8 bytes leftover after parsing attributes in process `syz.2.665'. [ 168.495184][ T8678] netlink: 8 bytes leftover after parsing attributes in process `syz.1.666'. [ 168.498978][ T8678] netlink: 12 bytes leftover after parsing attributes in process `syz.1.666'. [ 168.903732][ T8688] 9pnet: Unknown protocol version 9p2000. [ 170.194444][ T5940] Bluetooth: hci0: command 0x0406 tx timeout [ 170.194490][ T5940] Bluetooth: hci1: command 0x0406 tx timeout [ 170.194520][ T5940] Bluetooth: hci2: command 0x0406 tx timeout [ 171.444374][ T8742] 9pnet: Unknown protocol version 9p2000. [ 171.706817][ T8746] __nla_validate_parse: 7 callbacks suppressed [ 171.706828][ T8746] netlink: 8 bytes leftover after parsing attributes in process `syz.0.683'. [ 172.549434][ T8763] netlink: 8 bytes leftover after parsing attributes in process `syz.2.688'. [ 173.437720][ T8793] netlink: 8 bytes leftover after parsing attributes in process `syz.1.694'. [ 174.066115][ T8802] 9pnet: Unknown protocol version 9p2000. [ 174.536979][ T8818] netlink: 8 bytes leftover after parsing attributes in process `syz.1.700'. [ 175.093802][ T8833] netlink: 8 bytes leftover after parsing attributes in process `syz.0.703'. [ 175.123329][ T8834] netlink: 8 bytes leftover after parsing attributes in process `syz.1.704'. [ 177.409745][ T8897] netlink: 16 bytes leftover after parsing attributes in process `syz.2.717'. [ 177.874372][ T8912] netlink: 8 bytes leftover after parsing attributes in process `syz.1.718'. [ 177.877966][ T8912] netlink: 12 bytes leftover after parsing attributes in process `syz.1.718'. [ 178.269578][ T8918] netlink: 8 bytes leftover after parsing attributes in process `syz.2.722'. [ 178.957442][ T8941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.727'. [ 179.105143][ T8947] netlink: 8 bytes leftover after parsing attributes in process `syz.3.728'. [ 179.107792][ T8947] netlink: 12 bytes leftover after parsing attributes in process `syz.3.728'. [ 179.904212][ T8958] netlink: 8 bytes leftover after parsing attributes in process `syz.1.730'. [ 179.907935][ T8958] netlink: 12 bytes leftover after parsing attributes in process `syz.1.730'. [ 181.868275][ T8996] netlink: 8 bytes leftover after parsing attributes in process `syz.0.742'. [ 182.318096][ T8999] 9pnet_fd: Insufficient options for proto=fd [ 182.872119][ T9010] __nla_validate_parse: 1 callbacks suppressed [ 182.872151][ T9010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.744'. [ 182.881762][ T9010] netlink: 12 bytes leftover after parsing attributes in process `syz.1.744'. [ 182.896978][ T9011] netlink: 8 bytes leftover after parsing attributes in process `syz.3.745'. [ 182.899904][ T9011] netlink: 12 bytes leftover after parsing attributes in process `syz.3.745'. [ 184.520919][ T9047] netlink: 8 bytes leftover after parsing attributes in process `syz.2.754'. [ 184.524231][ T9047] netlink: 12 bytes leftover after parsing attributes in process `syz.2.754'. [ 184.668904][ T9051] netlink: 8 bytes leftover after parsing attributes in process `syz.3.755'. [ 185.664453][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.671708][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.676265][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.679560][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.683592][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.686967][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.689684][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.692395][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.696849][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.699789][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.703786][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.707079][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.710235][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.715062][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.718232][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.721383][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.725383][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.728706][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.731875][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.738590][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.742118][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.747281][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.749862][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.752637][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.756136][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.759597][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.764083][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.767446][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.770830][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.775252][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.778665][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.781978][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.785903][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.789226][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.792536][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.796373][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.799664][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.810929][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.814269][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.821870][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.829169][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.836951][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.844690][ T63] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0 [ 185.863850][ T63] hid-generic 0000:007F:FFFFFFFE.0002: hidraw1: HID v0.08 Device [syz1] on syz1 [ 186.664536][ T9101] netlink: 8 bytes leftover after parsing attributes in process `syz.2.767'. [ 186.667654][ T9101] netlink: 12 bytes leftover after parsing attributes in process `syz.2.767'. [ 186.825828][ T9109] netlink: 24 bytes leftover after parsing attributes in process `syz.0.771'. [ 187.160798][ T9114] FAULT_INJECTION: forcing a failure. [ 187.160798][ T9114] name failslab, interval 1, probability 0, space 0, times 1 [ 187.165635][ T9114] CPU: 3 UID: 0 PID: 9114 Comm: syz.0.771 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 187.165660][ T9114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 187.165666][ T9114] Call Trace: [ 187.165670][ T9114] [ 187.165674][ T9114] dump_stack_lvl+0x16c/0x1f0 [ 187.165693][ T9114] should_fail_ex+0x512/0x640 [ 187.165707][ T9114] ? __kvmalloc_node_noprof+0x122/0x600 [ 187.165719][ T9114] should_failslab+0xc2/0x120 [ 187.165731][ T9114] __kvmalloc_node_noprof+0x135/0x600 [ 187.165742][ T9114] ? bucket_table_alloc.isra.0+0x83/0x460 [ 187.165757][ T9114] ? bucket_table_alloc.isra.0+0x83/0x460 [ 187.165769][ T9114] bucket_table_alloc.isra.0+0x83/0x460 [ 187.165783][ T9114] rhashtable_init_noprof+0x41a/0x7e0 [ 187.165797][ T9114] ? __pfx_fl_classify+0x10/0x10 [ 187.165812][ T9114] fl_init+0x22e/0x2c0 [ 187.165825][ T9114] tc_new_tfilter+0x1147/0x2340 [ 187.165839][ T9114] ? bpf_ksym_find+0x40/0x1c0 [ 187.165856][ T9114] ? kernel_text_address+0x8d/0x100 [ 187.165872][ T9114] ? __kernel_text_address+0xd/0x40 [ 187.165887][ T9114] ? __pfx_tc_new_tfilter+0x10/0x10 [ 187.165898][ T9114] ? arch_stack_walk+0xa6/0x100 [ 187.165913][ T9114] ? __lock_acquire+0x5ca/0x1ba0 [ 187.165938][ T9114] ? find_held_lock+0x2b/0x80 [ 187.165947][ T9114] ? __pfx_tc_new_tfilter+0x10/0x10 [ 187.165958][ T9114] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 187.165970][ T9114] ? __pfx_tc_new_tfilter+0x10/0x10 [ 187.165982][ T9114] rtnetlink_rcv_msg+0x95b/0xe90 [ 187.165994][ T9114] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 187.166012][ T9114] netlink_rcv_skb+0x16a/0x440 [ 187.166024][ T9114] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 187.166036][ T9114] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 187.166055][ T9114] ? netlink_deliver_tap+0x1ae/0xd30 [ 187.166068][ T9114] netlink_unicast+0x53a/0x7f0 [ 187.166081][ T9114] ? __pfx_netlink_unicast+0x10/0x10 [ 187.166096][ T9114] netlink_sendmsg+0x8d1/0xdd0 [ 187.166110][ T9114] ? __pfx_netlink_sendmsg+0x10/0x10 [ 187.166122][ T9114] ? __import_iovec+0x1c8/0x660 [ 187.166140][ T9114] ____sys_sendmsg+0xa95/0xc70 [ 187.166155][ T9114] ? __pfx_____sys_sendmsg+0x10/0x10 [ 187.166167][ T9114] ? get_compat_msghdr+0x11a/0x170 [ 187.166183][ T9114] ___sys_sendmsg+0x134/0x1d0 [ 187.166195][ T9114] ? __pfx____sys_sendmsg+0x10/0x10 [ 187.166231][ T9114] __sys_sendmsg+0x16d/0x220 [ 187.166244][ T9114] ? __pfx___sys_sendmsg+0x10/0x10 [ 187.166259][ T9114] ? rcu_is_watching+0x12/0xc0 [ 187.166269][ T9114] ? rcu_is_watching+0x12/0xc0 [ 187.166279][ T9114] __do_fast_syscall_32+0x73/0x120 [ 187.166294][ T9114] do_fast_syscall_32+0x32/0x80 [ 187.166307][ T9114] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 187.166319][ T9114] RIP: 0023:0xf704e579 [ 187.166327][ T9114] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 187.166336][ T9114] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 187.166346][ T9114] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000280 [ 187.166351][ T9114] RDX: 0000000000004010 RSI: 0000000000000000 RDI: 0000000000000000 [ 187.166357][ T9114] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 187.166362][ T9114] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 187.166367][ T9114] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 187.166379][ T9114] [ 188.531250][ T9149] 9pnet_fd: Insufficient options for proto=fd [ 189.745310][ T9182] __nla_validate_parse: 1 callbacks suppressed [ 189.745365][ T9182] netlink: 8 bytes leftover after parsing attributes in process `syz.0.786'. [ 189.751989][ T9182] netlink: 12 bytes leftover after parsing attributes in process `syz.0.786'. [ 189.938561][ T9188] netlink: 8 bytes leftover after parsing attributes in process `syz.2.789'. [ 190.009848][ T9191] netlink: 8 bytes leftover after parsing attributes in process `syz.3.790'. [ 190.014431][ T9191] netlink: 4 bytes leftover after parsing attributes in process `syz.3.790'. [ 190.772503][ T9213] netlink: 8 bytes leftover after parsing attributes in process `syz.2.795'. [ 190.993582][ T9220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.796'. [ 191.577488][ T9230] netlink: 16 bytes leftover after parsing attributes in process `syz.3.797'. [ 191.970195][ T9237] netlink: 'syz.2.802': attribute type 39 has an invalid length. [ 192.349938][ T9248] netlink: 8 bytes leftover after parsing attributes in process `syz.1.804'. [ 193.484623][ T9277] netlink: 16 bytes leftover after parsing attributes in process `syz.1.810'. [ 193.709966][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.914899][ T9308] binder: 9306:9308 ioctl c0306201 800001c0 returned -14 [ 194.931392][ T9311] __nla_validate_parse: 1 callbacks suppressed [ 194.931402][ T9311] netlink: 8 bytes leftover after parsing attributes in process `syz.2.818'. [ 195.216727][ T9324] binder: 9323:9324 ioctl c0306201 0 returned -14 [ 195.288108][ T9331] netlink: 8 bytes leftover after parsing attributes in process `syz.0.826'. [ 195.294486][ T9332] netlink: 8 bytes leftover after parsing attributes in process `syz.3.825'. [ 195.808728][ T9340] wg1: entered promiscuous mode [ 195.810495][ T9340] wg1: entered allmulticast mode [ 196.172724][ T9346] lo speed is unknown, defaulting to 1000 [ 196.180682][ T9347] lo speed is unknown, defaulting to 1000 [ 196.198999][ T9349] netlink: 'syz.1.832': attribute type 1 has an invalid length. [ 196.237146][ T9349] netlink: 76 bytes leftover after parsing attributes in process `syz.1.832'. [ 196.256882][ T9349] netlink: 12 bytes leftover after parsing attributes in process `syz.1.832'. [ 196.265594][ T9354] FAULT_INJECTION: forcing a failure. [ 196.265594][ T9354] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 196.278078][ T9354] CPU: 1 UID: 0 PID: 9354 Comm: syz.0.830 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 196.278113][ T9354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 196.278122][ T9354] Call Trace: [ 196.278128][ T9354] [ 196.278133][ T9354] dump_stack_lvl+0x16c/0x1f0 [ 196.278158][ T9354] should_fail_ex+0x512/0x640 [ 196.278183][ T9354] should_fail_alloc_page+0xe7/0x130 [ 196.278203][ T9354] prepare_alloc_pages+0x3c2/0x610 [ 196.278225][ T9354] ? find_held_lock+0x2b/0x80 [ 196.278242][ T9354] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 196.278261][ T9354] ? is_bpf_text_address+0x94/0x1a0 [ 196.278279][ T9354] ? kernel_text_address+0x8d/0x100 [ 196.278302][ T9354] ? bpf_ksym_find+0x124/0x1c0 [ 196.278323][ T9354] ? __kernel_text_address+0xd/0x40 [ 196.278345][ T9354] ? unwind_get_return_address+0x59/0xa0 [ 196.278362][ T9354] ? arch_stack_walk+0xa6/0x100 [ 196.278381][ T9354] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 196.278406][ T9354] ? stack_depot_save_flags+0x28/0xa50 [ 196.278428][ T9354] ? __ia32_compat_sys_kexec_load+0x1fb/0x400 [ 196.278454][ T9354] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 196.278475][ T9354] ? policy_nodemask+0xea/0x4e0 [ 196.278495][ T9354] alloc_pages_mpol+0x1fb/0x550 [ 196.278514][ T9354] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 196.278538][ T9354] alloc_pages_noprof+0x131/0x390 [ 196.278556][ T9354] kimage_alloc_pages+0x75/0x300 [ 196.278579][ T9354] kimage_alloc_control_pages+0x15d/0x910 [ 196.278606][ T9354] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 196.278633][ T9354] do_kexec_load+0x480/0x8d0 [ 196.278657][ T9354] ? __pfx_do_kexec_load+0x10/0x10 [ 196.278684][ T9354] __ia32_compat_sys_kexec_load+0x37f/0x400 [ 196.278710][ T9354] ? __pfx___ia32_compat_sys_kexec_load+0x10/0x10 [ 196.278736][ T9354] ? rcu_is_watching+0x12/0xc0 [ 196.278752][ T9354] __do_fast_syscall_32+0x73/0x120 [ 196.278775][ T9354] do_fast_syscall_32+0x32/0x80 [ 196.278795][ T9354] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 196.278814][ T9354] RIP: 0023:0xf704e579 [ 196.278825][ T9354] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 196.278838][ T9354] RSP: 002b:00000000f4ffc55c EFLAGS: 00000296 ORIG_RAX: 000000000000011b [ 196.278852][ T9354] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000003 [ 196.278861][ T9354] RDX: 0000000080001080 RSI: 00000000003e0000 RDI: 0000000000000000 [ 196.278870][ T9354] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 196.278878][ T9354] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 196.278886][ T9354] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 196.278905][ T9354] [ 196.279861][ T9354] kexec: Could not allocate control_code_buffer [ 196.397003][ T9349] 8021q: adding VLAN 0 to HW filter on device bond1 [ 196.618221][ T9362] FAULT_INJECTION: forcing a failure. [ 196.618221][ T9362] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 196.628295][ T9362] CPU: 3 UID: 0 PID: 9362 Comm: syz.3.835 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 196.628310][ T9362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 196.628316][ T9362] Call Trace: [ 196.628320][ T9362] [ 196.628325][ T9362] dump_stack_lvl+0x16c/0x1f0 [ 196.628343][ T9362] should_fail_ex+0x512/0x640 [ 196.628359][ T9362] _copy_to_user+0x32/0xd0 [ 196.628375][ T9362] simple_read_from_buffer+0xcb/0x170 [ 196.628391][ T9362] proc_fail_nth_read+0x197/0x270 [ 196.628406][ T9362] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 196.628420][ T9362] ? rw_verify_area+0xcf/0x680 [ 196.628433][ T9362] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 196.628447][ T9362] vfs_read+0x1de/0xc70 [ 196.628457][ T9362] ? __pfx___mutex_lock+0x10/0x10 [ 196.628471][ T9362] ? __pfx_vfs_read+0x10/0x10 [ 196.628483][ T9362] ? __fget_files+0x20e/0x3c0 [ 196.628501][ T9362] ksys_read+0x12a/0x240 [ 196.628510][ T9362] ? __pfx_ksys_read+0x10/0x10 [ 196.628520][ T9362] ? rcu_is_watching+0x12/0xc0 [ 196.628532][ T9362] __do_fast_syscall_32+0x73/0x120 [ 196.628546][ T9362] do_fast_syscall_32+0x32/0x80 [ 196.628560][ T9362] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 196.628572][ T9362] RIP: 0023:0xf711e579 [ 196.628580][ T9362] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 196.628588][ T9362] RSP: 002b:00000000f510e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 196.628598][ T9362] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f510e620 [ 196.628603][ T9362] RDX: 000000000000000f RSI: 00000000f7482ff4 RDI: 0000000000000000 [ 196.628609][ T9362] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 196.628614][ T9362] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 196.628619][ T9362] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 196.628631][ T9362] [ 196.633993][ T9364] binder: 9363:9364 ioctl c0306201 0 returned -14 [ 196.783088][ T9371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.837'. [ 199.143428][ T5941] Bluetooth: hci3: command 0x0405 tx timeout [ 199.634567][ T9422] netlink: 8 bytes leftover after parsing attributes in process `syz.0.849'. [ 199.638207][ T9422] netlink: 12 bytes leftover after parsing attributes in process `syz.0.849'. [ 200.338249][ T9447] netlink: 8 bytes leftover after parsing attributes in process `syz.3.857'. [ 201.042027][ T9462] netlink: 8 bytes leftover after parsing attributes in process `syz.1.860'. [ 201.647107][ T9480] netlink: 8 bytes leftover after parsing attributes in process `syz.1.866'. [ 201.725017][ T9485] FAULT_INJECTION: forcing a failure. [ 201.725017][ T9485] name failslab, interval 1, probability 0, space 0, times 0 [ 201.729697][ T9485] CPU: 3 UID: 0 PID: 9485 Comm: syz.0.868 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 201.729712][ T9485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 201.729717][ T9485] Call Trace: [ 201.729722][ T9485] [ 201.729726][ T9485] dump_stack_lvl+0x16c/0x1f0 [ 201.729744][ T9485] should_fail_ex+0x512/0x640 [ 201.729758][ T9485] ? fs_reclaim_acquire+0xae/0x150 [ 201.729774][ T9485] should_failslab+0xc2/0x120 [ 201.729787][ T9485] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 201.729798][ T9485] ? security_inode_alloc+0x3b/0x2b0 [ 201.729811][ T9485] security_inode_alloc+0x3b/0x2b0 [ 201.729821][ T9485] inode_init_always_gfp+0xce4/0x1030 [ 201.729839][ T9485] alloc_inode+0x86/0x240 [ 201.729851][ T9485] sock_alloc+0x40/0x280 [ 201.729868][ T9485] do_accept+0xf7/0x530 [ 201.729883][ T9485] ? do_raw_spin_lock+0x12c/0x2b0 [ 201.729898][ T9485] ? __pfx_do_accept+0x10/0x10 [ 201.729921][ T9485] __sys_accept4+0x100/0x1b0 [ 201.729936][ T9485] ? __pfx___sys_accept4+0x10/0x10 [ 201.729951][ T9485] ? __pfx_ksys_write+0x10/0x10 [ 201.729963][ T9485] __ia32_sys_accept4+0x94/0x100 [ 201.729977][ T9485] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 201.729991][ T9485] __do_fast_syscall_32+0x73/0x120 [ 201.730006][ T9485] do_fast_syscall_32+0x32/0x80 [ 201.730019][ T9485] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 201.730031][ T9485] RIP: 0023:0xf704e579 [ 201.730039][ T9485] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 201.730048][ T9485] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 000000000000016c [ 201.730057][ T9485] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000 [ 201.730063][ T9485] RDX: 0000000000000000 RSI: 0000000000080800 RDI: 0000000000000000 [ 201.730068][ T9485] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 201.730073][ T9485] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 201.730079][ T9485] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 201.730090][ T9485] [ 201.810614][ C3] vkms_vblank_simulate: vblank timer overrun [ 202.170240][ T9502] netlink: 8 bytes leftover after parsing attributes in process `syz.1.873'. [ 202.790625][ T9514] netlink: 8 bytes leftover after parsing attributes in process `syz.2.876'. [ 204.678684][ T9568] netlink: 8 bytes leftover after parsing attributes in process `syz.1.891'. [ 204.791076][ T9570] FAULT_INJECTION: forcing a failure. [ 204.791076][ T9570] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 204.796974][ T9570] CPU: 2 UID: 0 PID: 9570 Comm: syz.2.892 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 204.796996][ T9570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 204.797005][ T9570] Call Trace: [ 204.797010][ T9570] [ 204.797017][ T9570] dump_stack_lvl+0x16c/0x1f0 [ 204.797042][ T9570] should_fail_ex+0x512/0x640 [ 204.797068][ T9570] should_fail_alloc_page+0xe7/0x130 [ 204.797090][ T9570] prepare_alloc_pages+0x3c2/0x610 [ 204.797111][ T9570] ? __pfx_kvm_mmu_notifier_invalidate_range_end+0x10/0x10 [ 204.797133][ T9570] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 204.797154][ T9570] ? find_held_lock+0x2b/0x80 [ 204.797170][ T9570] ? __mmu_notifier_invalidate_range_end+0x35b/0x430 [ 204.797192][ T9570] ? try_to_migrate_one+0x13d8/0x3380 [ 204.797209][ T9570] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 204.797238][ T9570] ? __up_read+0x1f8/0x750 [ 204.797258][ T9570] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 204.797280][ T9570] ? policy_nodemask+0xea/0x4e0 [ 204.797301][ T9570] alloc_pages_mpol+0x1fb/0x550 [ 204.797321][ T9570] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 204.797339][ T9570] ? rmap_walk_anon+0x503/0x710 [ 204.797370][ T9570] folio_alloc_mpol_noprof+0x36/0x2f0 [ 204.797393][ T9570] alloc_migration_target_by_mpol+0x246/0x490 [ 204.797418][ T9570] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 204.797440][ T9570] ? __pfx_invalid_migration_vma+0x10/0x10 [ 204.797463][ T9570] ? __pfx___might_resched+0x10/0x10 [ 204.797481][ T9570] ? folio_get_anon_vma+0xdd/0x760 [ 204.797500][ T9570] migrate_pages_batch+0x3bc/0x31a0 [ 204.797526][ T9570] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 204.797557][ T9570] ? __pfx_migrate_pages_batch+0x10/0x10 [ 204.797583][ T9570] ? __pfx_walk_pgd_range+0x10/0x10 [ 204.797605][ T9570] migrate_pages_sync+0x12d/0x8a0 [ 204.797629][ T9570] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 204.797656][ T9570] ? queue_pages_test_walk+0x279/0x410 [ 204.797675][ T9570] ? __pfx_find_vma+0x10/0x10 [ 204.797697][ T9570] ? __pfx_migrate_pages_sync+0x10/0x10 [ 204.797730][ T9570] migrate_pages+0x1b28/0x2350 [ 204.797754][ T9570] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 204.797784][ T9570] ? __pfx_migrate_pages+0x10/0x10 [ 204.797816][ T9570] ? find_held_lock+0x2b/0x80 [ 204.797837][ T9570] ? up_write+0x1b2/0x520 [ 204.797860][ T9570] do_mbind+0x6f0/0xf30 [ 204.797886][ T9570] ? __pfx_do_mbind+0x10/0x10 [ 204.797907][ T9570] ? find_held_lock+0x2b/0x80 [ 204.797949][ T9570] ? ksys_write+0x190/0x240 [ 204.797979][ T9570] ? __pfx_get_nodes+0x10/0x10 [ 204.797996][ T9570] ? __fget_files+0x20e/0x3c0 [ 204.798024][ T9570] kernel_mbind+0x1e3/0x1f0 [ 204.798048][ T9570] ? __pfx_kernel_mbind+0x10/0x10 [ 204.798068][ T9570] ? rcu_is_watching+0x12/0xc0 [ 204.798084][ T9570] ? rcu_is_watching+0x12/0xc0 [ 204.798101][ T9570] __do_fast_syscall_32+0x73/0x120 [ 204.798123][ T9570] do_fast_syscall_32+0x32/0x80 [ 204.798143][ T9570] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 204.798159][ T9570] RIP: 0023:0xf705e579 [ 204.798171][ T9570] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 204.798185][ T9570] RSP: 002b:00000000f504e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000112 [ 204.798198][ T9570] RAX: ffffffffffffffda RBX: 0000000080001000 RCX: 0000000000800000 [ 204.798208][ T9570] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 204.798215][ T9570] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 204.798224][ T9570] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 204.798232][ T9570] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 204.798250][ T9570] [ 206.035086][ T67] Bluetooth: hci3: command 0x0405 tx timeout [ 207.323715][ T9627] netlink: 8 bytes leftover after parsing attributes in process `syz.0.905'. [ 208.903271][ T67] Bluetooth: hci0: command 0x0406 tx timeout [ 208.904260][ T5941] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 209.081152][ T9663] FAULT_INJECTION: forcing a failure. [ 209.081152][ T9663] name failslab, interval 1, probability 0, space 0, times 0 [ 209.085860][ T9663] CPU: 3 UID: 0 PID: 9663 Comm: syz.3.916 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 209.085880][ T9663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 209.085889][ T9663] Call Trace: [ 209.085895][ T9663] [ 209.085903][ T9663] dump_stack_lvl+0x16c/0x1f0 [ 209.085926][ T9663] should_fail_ex+0x512/0x640 [ 209.085940][ T9663] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 209.085957][ T9663] should_failslab+0xc2/0x120 [ 209.085969][ T9663] __kmalloc_cache_noprof+0x6a/0x3e0 [ 209.085985][ T9663] ? netns_bpf_link_create+0x1bd/0xb70 [ 209.086001][ T9663] netns_bpf_link_create+0x1bd/0xb70 [ 209.086016][ T9663] ? __fget_files+0x20e/0x3c0 [ 209.086030][ T9663] ? __pfx___might_fault+0x10/0x10 [ 209.086041][ T9663] ? __pfx_netns_bpf_link_create+0x10/0x10 [ 209.086056][ T9663] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 209.086072][ T9663] __sys_bpf+0x2930/0x4d80 [ 209.086088][ T9663] ? __pfx___sys_bpf+0x10/0x10 [ 209.086101][ T9663] ? ksys_write+0x190/0x240 [ 209.086112][ T9663] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 209.086134][ T9663] ? fput+0x70/0xf0 [ 209.086144][ T9663] ? ksys_write+0x1b9/0x240 [ 209.086153][ T9663] ? __pfx_ksys_write+0x10/0x10 [ 209.086164][ T9663] __ia32_sys_bpf+0x76/0xe0 [ 209.086178][ T9663] __do_fast_syscall_32+0x73/0x120 [ 209.086192][ T9663] do_fast_syscall_32+0x32/0x80 [ 209.086206][ T9663] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 209.086218][ T9663] RIP: 0023:0xf711e579 [ 209.086226][ T9663] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 209.086235][ T9663] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 209.086244][ T9663] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 00000000800005c0 [ 209.086250][ T9663] RDX: 000000000000000a RSI: 0000000000000000 RDI: 0000000000000000 [ 209.086255][ T9663] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 209.086261][ T9663] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 209.086266][ T9663] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 209.086278][ T9663] [ 209.337081][ T9677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.918'. [ 209.369005][ T46] tipc: Subscription rejected, illegal request [ 210.221006][ T9696] FAULT_INJECTION: forcing a failure. [ 210.221006][ T9696] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 210.225640][ T9696] CPU: 2 UID: 0 PID: 9696 Comm: syz.0.925 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 210.225654][ T9696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 210.225660][ T9696] Call Trace: [ 210.225663][ T9696] [ 210.225667][ T9696] dump_stack_lvl+0x16c/0x1f0 [ 210.225685][ T9696] should_fail_ex+0x512/0x640 [ 210.225701][ T9696] _copy_from_user+0x2e/0xd0 [ 210.225716][ T9696] fb_set_user_cmap+0x1df/0x4d0 [ 210.225729][ T9696] ? __pfx_fb_set_user_cmap+0x10/0x10 [ 210.225741][ T9696] ? __might_fault+0xe3/0x190 [ 210.225751][ T9696] ? __might_fault+0xe3/0x190 [ 210.225767][ T9696] fb_getput_cmap+0x2c6/0x2f0 [ 210.225780][ T9696] ? __pfx_fb_getput_cmap+0x10/0x10 [ 210.225798][ T9696] ? do_vfs_ioctl+0x512/0x1990 [ 210.225812][ T9696] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 210.225833][ T9696] fb_compat_ioctl+0x5d8/0x670 [ 210.225846][ T9696] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 210.225863][ T9696] ? __fget_files+0x20e/0x3c0 [ 210.225876][ T9696] ? fput+0x20/0xf0 [ 210.225890][ T9696] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 210.225903][ T9696] __ia32_compat_sys_ioctl+0x24c/0x360 [ 210.225917][ T9696] __do_fast_syscall_32+0x73/0x120 [ 210.225932][ T9696] do_fast_syscall_32+0x32/0x80 [ 210.225945][ T9696] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 210.225957][ T9696] RIP: 0023:0xf704e579 [ 210.225965][ T9696] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 210.225974][ T9696] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 210.225984][ T9696] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000004605 [ 210.225990][ T9696] RDX: 0000000080000700 RSI: 0000000000000000 RDI: 0000000000000000 [ 210.225995][ T9696] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 210.226000][ T9696] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 210.226005][ T9696] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 210.226017][ T9696] [ 210.813322][ T9718] FAULT_INJECTION: forcing a failure. [ 210.813322][ T9718] name failslab, interval 1, probability 0, space 0, times 0 [ 210.817470][ T9718] CPU: 0 UID: 0 PID: 9718 Comm: syz.1.931 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 210.817484][ T9718] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 210.817490][ T9718] Call Trace: [ 210.817494][ T9718] [ 210.817498][ T9718] dump_stack_lvl+0x16c/0x1f0 [ 210.817520][ T9718] should_fail_ex+0x512/0x640 [ 210.817543][ T9718] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 210.817566][ T9718] should_failslab+0xc2/0x120 [ 210.817581][ T9718] __kmalloc_cache_noprof+0x6a/0x3e0 [ 210.817597][ T9718] ? sctp_stream_init_ext+0x4e/0x1b0 [ 210.817613][ T9718] sctp_stream_init_ext+0x4e/0x1b0 [ 210.817628][ T9718] sctp_sendmsg_to_asoc+0x16c1/0x1bf0 [ 210.817643][ T9718] ? sctp_assoc_set_primary+0x177/0x300 [ 210.817658][ T9718] ? sctp_assoc_add_peer+0x252/0x1550 [ 210.817670][ T9718] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 210.817686][ T9718] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 210.817697][ T9718] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 210.817715][ T9718] sctp_sendmsg+0xef5/0x1ee0 [ 210.817729][ T9718] ? __pfx_sctp_sendmsg+0x10/0x10 [ 210.817745][ T9718] ? __might_fault+0xe3/0x190 [ 210.817757][ T9718] ? __pfx_aa_sk_perm+0x10/0x10 [ 210.817770][ T9718] ? __pfx_sctp_sendmsg+0x10/0x10 [ 210.817780][ T9718] inet_sendmsg+0x119/0x140 [ 210.817795][ T9718] __sys_sendto+0x431/0x510 [ 210.817806][ T9718] ? __pfx___sys_sendto+0x10/0x10 [ 210.817826][ T9718] ? ksys_write+0x1b9/0x240 [ 210.817835][ T9718] ? __pfx_ksys_write+0x10/0x10 [ 210.817846][ T9718] __ia32_sys_sendto+0xdd/0x1b0 [ 210.817854][ T9718] ? lockdep_hardirqs_on+0x7c/0x110 [ 210.817867][ T9718] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 210.817880][ T9718] __do_fast_syscall_32+0x73/0x120 [ 210.817895][ T9718] do_fast_syscall_32+0x32/0x80 [ 210.817908][ T9718] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 210.817920][ T9718] RIP: 0023:0xf707e579 [ 210.817928][ T9718] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 210.817937][ T9718] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 210.817947][ T9718] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140 [ 210.817952][ T9718] RDX: 0000000000000001 RSI: 0000000000044040 RDI: 00000000800000c0 [ 210.817958][ T9718] RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000 [ 210.817963][ T9718] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 210.817968][ T9718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 210.817980][ T9718] [ 211.043498][ T9721] netlink: 100 bytes leftover after parsing attributes in process `syz.3.932'. [ 212.156457][ T9744] netlink: 52 bytes leftover after parsing attributes in process `syz.2.937'. [ 212.166145][ T9744] hub 6-0:1.0: USB hub found [ 212.168485][ T9744] hub 6-0:1.0: 1 port detected [ 212.236308][ T40] audit: type=1800 audit(1746497896.255:6): pid=9746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.938" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0 [ 212.904883][ T9764] FAULT_INJECTION: forcing a failure. [ 212.904883][ T9764] name failslab, interval 1, probability 0, space 0, times 0 [ 212.909112][ T9764] CPU: 1 UID: 0 PID: 9764 Comm: syz.2.942 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 212.909126][ T9764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 212.909132][ T9764] Call Trace: [ 212.909135][ T9764] [ 212.909140][ T9764] dump_stack_lvl+0x16c/0x1f0 [ 212.909157][ T9764] should_fail_ex+0x512/0x640 [ 212.909172][ T9764] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 212.909185][ T9764] should_failslab+0xc2/0x120 [ 212.909197][ T9764] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 212.909209][ T9764] ? __d_alloc+0x31/0xaa0 [ 212.909220][ T9764] __d_alloc+0x31/0xaa0 [ 212.909231][ T9764] d_alloc_pseudo+0x1c/0xc0 [ 212.909244][ T9764] alloc_file_pseudo+0xcf/0x230 [ 212.909257][ T9764] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 212.909270][ T9764] ? do_raw_spin_unlock+0x172/0x230 [ 212.909287][ T9764] __anon_inode_getfile+0xf7/0x370 [ 212.909305][ T9764] anon_inode_getfd+0x52/0xb0 [ 212.909320][ T9764] __ia32_sys_fsopen+0x18f/0x240 [ 212.909332][ T9764] __do_fast_syscall_32+0x73/0x120 [ 212.909347][ T9764] do_fast_syscall_32+0x32/0x80 [ 212.909360][ T9764] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 212.909372][ T9764] RIP: 0023:0xf705e579 [ 212.909380][ T9764] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 212.909389][ T9764] RSP: 002b:00000000f504e55c EFLAGS: 00000296 ORIG_RAX: 00000000000001ae [ 212.909398][ T9764] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000000000 [ 212.909404][ T9764] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 212.909409][ T9764] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 212.909414][ T9764] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 212.909419][ T9764] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 212.909431][ T9764] [ 212.974100][ C1] vkms_vblank_simulate: vblank timer overrun [ 213.143699][ T67] Bluetooth: hci0: command 0x0406 tx timeout [ 213.146570][ T5941] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 213.313548][ T9778] netlink: 8 bytes leftover after parsing attributes in process `syz.2.946'. [ 213.316381][ T9778] netlink: 12 bytes leftover after parsing attributes in process `syz.2.946'. [ 214.827352][ T9816] delete_channel: no stack [ 215.098105][ T9821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.957'. [ 215.101488][ T9821] netlink: 12 bytes leftover after parsing attributes in process `syz.2.957'. [ 216.276968][ T9863] FAULT_INJECTION: forcing a failure. [ 216.276968][ T9863] name failslab, interval 1, probability 0, space 0, times 0 [ 216.282384][ T9863] CPU: 0 UID: 0 PID: 9863 Comm: syz.2.964 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 216.282405][ T9863] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 216.282414][ T9863] Call Trace: [ 216.282420][ T9863] [ 216.282427][ T9863] dump_stack_lvl+0x16c/0x1f0 [ 216.282459][ T9863] should_fail_ex+0x512/0x640 [ 216.282481][ T9863] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 216.282508][ T9863] should_failslab+0xc2/0x120 [ 216.282527][ T9863] __kmalloc_cache_noprof+0x6a/0x3e0 [ 216.282552][ T9863] ? snd_seq_oss_open+0x55/0xa20 [ 216.282577][ T9863] snd_seq_oss_open+0x55/0xa20 [ 216.282602][ T9863] odev_open+0x6f/0x90 [ 216.282619][ T9863] ? __pfx_odev_open+0x10/0x10 [ 216.282636][ T9863] soundcore_open+0x409/0x580 [ 216.282657][ T9863] ? __pfx_soundcore_open+0x10/0x10 [ 216.282674][ T9863] chrdev_open+0x231/0x6a0 [ 216.282689][ T9863] ? __pfx_apparmor_file_open+0x10/0x10 [ 216.282710][ T9863] ? __pfx_chrdev_open+0x10/0x10 [ 216.282727][ T9863] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 216.282767][ T9863] do_dentry_open+0x741/0x1c10 [ 216.282786][ T9863] ? __pfx_chrdev_open+0x10/0x10 [ 216.282807][ T9863] vfs_open+0x82/0x3f0 [ 216.282829][ T9863] path_openat+0x1e5e/0x2d40 [ 216.282854][ T9863] ? __pfx_path_openat+0x10/0x10 [ 216.282875][ T9863] do_filp_open+0x20b/0x470 [ 216.282890][ T9863] ? __pfx_do_filp_open+0x10/0x10 [ 216.282925][ T9863] ? alloc_fd+0x471/0x7d0 [ 216.282956][ T9863] do_sys_openat2+0x11b/0x1d0 [ 216.282977][ T9863] ? __pfx_do_sys_openat2+0x10/0x10 [ 216.282999][ T9863] ? __fget_files+0x20e/0x3c0 [ 216.283026][ T9863] __ia32_compat_sys_openat+0x16d/0x210 [ 216.283048][ T9863] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 216.283067][ T9863] ? ksys_write+0x1b9/0x240 [ 216.283085][ T9863] ? rcu_is_watching+0x12/0xc0 [ 216.283104][ T9863] __do_fast_syscall_32+0x73/0x120 [ 216.283126][ T9863] do_fast_syscall_32+0x32/0x80 [ 216.283147][ T9863] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 216.283166][ T9863] RIP: 0023:0xf705e579 [ 216.283179][ T9863] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 216.283192][ T9863] RSP: 002b:00000000f500c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 216.283207][ T9863] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000080 [ 216.283216][ T9863] RDX: 000000000008e383 RSI: 0000000000000000 RDI: 0000000000000000 [ 216.283225][ T9863] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 216.283234][ T9863] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 216.283262][ T9863] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 216.283283][ T9863] [ 217.127864][ T9874] netlink: 8 bytes leftover after parsing attributes in process `syz.2.969'. [ 217.131339][ T9874] netlink: 12 bytes leftover after parsing attributes in process `syz.2.969'. [ 221.142370][ T9972] netlink: 8 bytes leftover after parsing attributes in process `syz.3.992'. [ 222.135115][ T63] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 222.840546][T10016] netlink: 8 bytes leftover after parsing attributes in process `syz.2.999'. [ 230.785658][T10058] random: crng reseeded on system resumption [ 230.858871][T10068] warning: `syz.1.1007' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 230.924119][T10068] netlink: 'syz.1.1007': attribute type 1 has an invalid length. [ 230.926647][T10068] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1007'. [ 231.043295][ T63] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 231.065109][T10076] netlink: 'syz.3.1009': attribute type 1 has an invalid length. [ 231.085524][T10076] 8021q: adding VLAN 0 to HW filter on device bond1 [ 231.099144][T10076] netlink: 'syz.3.1009': attribute type 1 has an invalid length. [ 231.125242][T10076] bond1: (slave gretap2): making interface the new active one [ 231.131387][T10076] bond1: (slave gretap2): Enslaving as an active interface with an up link [ 231.193187][ T63] usb 5-1: Using ep0 maxpacket: 16 [ 231.199635][ T63] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 231.202731][ T63] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 231.205984][ T63] usb 5-1: Product: syz [ 231.207836][ T63] usb 5-1: Manufacturer: syz [ 231.211356][ T63] usb 5-1: SerialNumber: syz [ 231.220353][ T63] usb 5-1: config 0 descriptor?? [ 231.485701][T10082] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1012'. [ 232.333910][ T63] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 232.361523][T10098] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1016'. [ 233.802419][T10148] loop9: detected capacity change from 0 to 7 [ 233.812922][T10066] Dev loop9: unable to read RDB block 7 [ 233.814831][T10066] loop9: unable to read partition table [ 233.816650][T10066] loop9: partition table beyond EOD, truncated [ 233.862409][T10148] Dev loop9: unable to read RDB block 7 [ 233.866356][T10148] loop9: unable to read partition table [ 233.868416][T10148] loop9: partition table beyond EOD, truncated [ 233.870629][T10148] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 234.144594][ T57] usb 5-1: USB disconnect, device number 3 [ 235.274892][T10182] FAULT_INJECTION: forcing a failure. [ 235.274892][T10182] name failslab, interval 1, probability 0, space 0, times 0 [ 235.290889][T10182] CPU: 3 UID: 0 PID: 10182 Comm: syz.3.1031 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 235.290905][T10182] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 235.290910][T10182] Call Trace: [ 235.290914][T10182] [ 235.290918][T10182] dump_stack_lvl+0x16c/0x1f0 [ 235.290936][T10182] should_fail_ex+0x512/0x640 [ 235.290963][T10182] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 235.290981][T10182] should_failslab+0xc2/0x120 [ 235.290993][T10182] __kmalloc_cache_noprof+0x6a/0x3e0 [ 235.291009][T10182] ? snd_seq_oss_open+0x55/0xa20 [ 235.291024][T10182] snd_seq_oss_open+0x55/0xa20 [ 235.291040][T10182] odev_open+0x6f/0x90 [ 235.291051][T10182] ? __pfx_odev_open+0x10/0x10 [ 235.291062][T10182] soundcore_open+0x409/0x580 [ 235.291092][T10182] ? __pfx_soundcore_open+0x10/0x10 [ 235.291103][T10182] chrdev_open+0x231/0x6a0 [ 235.291114][T10182] ? __pfx_apparmor_file_open+0x10/0x10 [ 235.291127][T10182] ? __pfx_chrdev_open+0x10/0x10 [ 235.291137][T10182] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 235.291155][T10182] do_dentry_open+0x741/0x1c10 [ 235.291165][T10182] ? __pfx_chrdev_open+0x10/0x10 [ 235.291177][T10182] vfs_open+0x82/0x3f0 [ 235.291191][T10182] path_openat+0x1e5e/0x2d40 [ 235.291206][T10182] ? __pfx_path_openat+0x10/0x10 [ 235.291219][T10182] do_filp_open+0x20b/0x470 [ 235.291228][T10182] ? __pfx_do_filp_open+0x10/0x10 [ 235.291253][T10182] ? alloc_fd+0x471/0x7d0 [ 235.291272][T10182] do_sys_openat2+0x11b/0x1d0 [ 235.291284][T10182] ? __pfx_do_sys_openat2+0x10/0x10 [ 235.291298][T10182] ? __fget_files+0x20e/0x3c0 [ 235.291315][T10182] __ia32_compat_sys_openat+0x16d/0x210 [ 235.291329][T10182] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 235.291342][T10182] ? ksys_write+0x1b9/0x240 [ 235.291353][T10182] ? rcu_is_watching+0x12/0xc0 [ 235.291364][T10182] __do_fast_syscall_32+0x73/0x120 [ 235.291379][T10182] do_fast_syscall_32+0x32/0x80 [ 235.291392][T10182] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 235.291404][T10182] RIP: 0023:0xf711e579 [ 235.291412][T10182] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 235.291421][T10182] RSP: 002b:00000000f50ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 235.291431][T10182] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000080 [ 235.291437][T10182] RDX: 000000000008e383 RSI: 0000000000000000 RDI: 0000000000000000 [ 235.291442][T10182] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 235.291447][T10182] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 235.291452][T10182] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 235.291464][T10182] [ 235.673904][T10197] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1037'. [ 236.270931][T10211] program syz.0.1041 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 236.275498][T10211] ata1.00: invalid service action 20 [ 236.279030][T10211] Invalid ELF header magic: != ELF [ 236.281126][T10211] Invalid ELF header magic: != ELF [ 237.751437][T10256] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1054'. [ 238.827445][ T1139] ref_tracker: reference already released. [ 238.828066][T10270] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1057'. [ 238.829433][ T1139] ref_tracker: allocated in: [ 238.829455][ T1139] netdev_watchdog_up+0x183/0x200 [ 238.835193][ T1139] netif_carrier_on+0xfb/0x120 [ 238.836674][ T1139] e1000_watchdog+0xd13/0x1520 [ 238.838132][ T1139] process_one_work+0x9cc/0x1b70 [ 238.839665][ T1139] worker_thread+0x6c8/0xf10 [ 238.841092][ T1139] kthread+0x3c2/0x780 [ 238.842363][ T1139] ret_from_fork+0x45/0x80 [ 238.843752][ T1139] ret_from_fork_asm+0x1a/0x30 [ 238.845231][ T1139] ref_tracker: freed in: [ 238.846549][ T1139] dev_deactivate_many+0x28d/0xd50 [ 238.848144][ T1139] dev_deactivate+0xf8/0x1c0 [ 238.849586][ T1139] linkwatch_do_dev+0x11e/0x160 [ 238.851113][ T1139] __linkwatch_run_queue+0x2aa/0x8a0 [ 238.852732][ T1139] linkwatch_event+0x8f/0xc0 [ 238.854207][ T1139] process_one_work+0x9cc/0x1b70 [ 238.855716][ T1139] worker_thread+0x6c8/0xf10 [ 238.857113][ T1139] kthread+0x3c2/0x780 [ 238.858362][ T1139] ret_from_fork+0x45/0x80 [ 238.859726][ T1139] ret_from_fork_asm+0x1a/0x30 [ 238.861361][ C2] hpet: Lost 1 RTC interrupts [ 238.863761][ T1139] ------------[ cut here ]------------ [ 238.865718][ T1139] WARNING: CPU: 2 PID: 1139 at lib/ref_tracker.c:255 ref_tracker_free+0x61a/0x830 [ 238.868374][ T1139] Modules linked in: [ 238.869775][ T1139] CPU: 2 UID: 0 PID: 1139 Comm: kworker/u32:7 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 238.874760][ T1139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 238.878386][ T1139] Workqueue: events_unbound linkwatch_event [ 238.880172][ T1139] RIP: 0010:ref_tracker_free+0x61a/0x830 [ 238.881905][ T1139] Code: 00 44 8b 73 18 31 ff 44 89 f6 e8 f1 42 bb fc 45 85 f6 0f 85 a6 00 00 00 e8 a3 47 bb fc 48 8b 34 24 48 89 ef e8 77 86 6c 06 90 <0f> 0b 90 bb ea ff ff ff e9 50 fd ff ff e8 84 47 bb fc 4c 8d 6d 44 [ 238.887609][ T1139] RSP: 0018:ffffc90006d7f8b0 EFLAGS: 00010202 [ 238.889429][ T1139] RAX: 0000000000000201 RBX: ffff8880700d9f00 RCX: 0000000000000000 [ 238.891754][ T1139] RDX: 0000000000000202 RSI: ffffffff8dbdb691 RDI: 0000000000000001 [ 238.894618][ T1139] RBP: ffff888021eb8610 R08: 0000000000000001 R09: 0000000000000001 [ 238.896983][ T1139] R10: ffffffff90852317 R11: 0000000000000000 R12: 1ffff92000daff18 [ 238.899418][ T1139] R13: ffffc90006d7f8e0 R14: 0000000007b803dd R15: ffff8880700d9f18 [ 238.901744][ T1139] FS: 0000000000000000(0000) GS:ffff8880979ec000(0000) knlGS:0000000000000000 [ 238.904465][ T1139] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 238.906463][ T1139] CR2: 000000002ed15ffc CR3: 000000000e180000 CR4: 0000000000352ef0 [ 238.909232][ T1139] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 238.911596][ T1139] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 238.914000][ T1139] Call Trace: [ 238.915017][ T1139] [ 238.915916][ T1139] ? __pfx_ref_tracker_free+0x10/0x10 [ 238.917538][ T1139] ? dev_deactivate_many+0x28d/0xd50 [ 238.919193][ T1139] ? dev_deactivate+0xf8/0x1c0 [ 238.920651][ T1139] ? linkwatch_do_dev+0x11e/0x160 [ 238.922206][ T1139] ? __linkwatch_run_queue+0x2aa/0x8a0 [ 238.923894][ T1139] ? linkwatch_event+0x8f/0xc0 [ 238.925768][ T1139] ? process_one_work+0x9cc/0x1b70 [ 238.927327][ T1139] ? worker_thread+0x6c8/0xf10 [ 238.928769][ T1139] ? kthread+0x3c2/0x780 [ 238.930116][ T1139] ? ret_from_fork+0x45/0x80 [ 238.931580][ T1139] ? ret_from_fork_asm+0x1a/0x30 [ 238.933172][ T1139] ? netif_freeze_queues+0x17d/0x1e0 [ 238.934842][ T1139] dev_deactivate_many+0x28d/0xd50 [ 238.936427][ T1139] ? __pfx_dev_deactivate_many+0x10/0x10 [ 238.938153][ T1139] ? ref_tracker_free+0x2e1/0x830 [ 238.939743][ T1139] ? __pfx_ref_tracker_free+0x10/0x10 [ 238.941806][ T1139] dev_deactivate+0xf8/0x1c0 [ 238.943409][ T1139] ? __pfx_dev_deactivate+0x10/0x10 [ 238.945057][ T1139] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 238.946899][ T1139] linkwatch_do_dev+0x11e/0x160 [ 238.948448][ T1139] __linkwatch_run_queue+0x2aa/0x8a0 [ 238.950073][ T1139] ? __pfx___linkwatch_run_queue+0x10/0x10 [ 238.951890][ T1139] linkwatch_event+0x8f/0xc0 [ 238.953395][ T1139] ? __pfx_linkwatch_event+0x10/0x10 [ 238.955026][ T1139] ? rcu_is_watching+0x12/0xc0 [ 238.956960][ T1139] process_one_work+0x9cc/0x1b70 [ 238.958442][ T1139] ? __pfx_process_one_work+0x10/0x10 [ 238.960078][ T1139] ? assign_work+0x1a0/0x250 [ 238.961481][ T1139] worker_thread+0x6c8/0xf10 [ 238.962937][ T1139] ? __pfx_worker_thread+0x10/0x10 [ 238.964526][ T1139] kthread+0x3c2/0x780 [ 238.965796][ T1139] ? __pfx_kthread+0x10/0x10 [ 238.967256][ T1139] ? __pfx_kthread+0x10/0x10 [ 238.968687][ T1139] ? __pfx_kthread+0x10/0x10 [ 238.970097][ T1139] ? __pfx_kthread+0x10/0x10 [ 238.971934][ T1139] ? rcu_is_watching+0x12/0xc0 [ 238.973453][ T1139] ? __pfx_kthread+0x10/0x10 [ 238.974853][ T1139] ret_from_fork+0x45/0x80 [ 238.976231][ T1139] ? __pfx_kthread+0x10/0x10 [ 238.977674][ T1139] ret_from_fork_asm+0x1a/0x30 [ 238.979178][ T1139] [ 238.980145][ T1139] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 238.982391][ T1139] CPU: 2 UID: 0 PID: 1139 Comm: kworker/u32:7 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 238.986080][ T1139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 238.989376][ T1139] Workqueue: events_unbound linkwatch_event [ 238.991198][ T1139] Call Trace: [ 238.992249][ T1139] [ 238.993186][ T1139] dump_stack_lvl+0x3d/0x1f0 [ 238.994672][ T1139] panic+0x71c/0x800 [ 238.995916][ T1139] ? __pfx_panic+0x10/0x10 [ 238.997340][ T1139] ? show_trace_log_lvl+0x29b/0x3e0 [ 238.998998][ T1139] ? check_panic_on_warn+0x1f/0xb0 [ 239.000621][ T1139] ? ref_tracker_free+0x61a/0x830 [ 239.002201][ T1139] check_panic_on_warn+0xab/0xb0 [ 239.003778][ T1139] __warn+0xf6/0x3c0 [ 239.005071][ T1139] ? ref_tracker_free+0x61a/0x830 [ 239.006776][ T1139] report_bug+0x3c3/0x580 [ 239.008219][ T1139] ? ref_tracker_free+0x61a/0x830 [ 239.009803][ T1139] handle_bug+0x184/0x210 [ 239.011173][ T1139] exc_invalid_op+0x17/0x50 [ 239.012589][ T1139] asm_exc_invalid_op+0x1a/0x20 [ 239.014086][ T1139] RIP: 0010:ref_tracker_free+0x61a/0x830 [ 239.015849][ T1139] Code: 00 44 8b 73 18 31 ff 44 89 f6 e8 f1 42 bb fc 45 85 f6 0f 85 a6 00 00 00 e8 a3 47 bb fc 48 8b 34 24 48 89 ef e8 77 86 6c 06 90 <0f> 0b 90 bb ea ff ff ff e9 50 fd ff ff e8 84 47 bb fc 4c 8d 6d 44 [ 239.021688][ T1139] RSP: 0018:ffffc90006d7f8b0 EFLAGS: 00010202 [ 239.023582][ T1139] RAX: 0000000000000201 RBX: ffff8880700d9f00 RCX: 0000000000000000 [ 239.025994][ T1139] RDX: 0000000000000202 RSI: ffffffff8dbdb691 RDI: 0000000000000001 [ 239.028398][ T1139] RBP: ffff888021eb8610 R08: 0000000000000001 R09: 0000000000000001 [ 239.030846][ T1139] R10: ffffffff90852317 R11: 0000000000000000 R12: 1ffff92000daff18 [ 239.033236][ T1139] R13: ffffc90006d7f8e0 R14: 0000000007b803dd R15: ffff8880700d9f18 [ 239.035695][ T1139] ? __pfx_ref_tracker_free+0x10/0x10 [ 239.037374][ T1139] ? dev_deactivate_many+0x28d/0xd50 [ 239.039006][ T1139] ? dev_deactivate+0xf8/0x1c0 [ 239.040497][ T1139] ? linkwatch_do_dev+0x11e/0x160 [ 239.042051][ T1139] ? __linkwatch_run_queue+0x2aa/0x8a0 [ 239.043750][ T1139] ? linkwatch_event+0x8f/0xc0 [ 239.045247][ T1139] ? process_one_work+0x9cc/0x1b70 [ 239.046821][ T1139] ? worker_thread+0x6c8/0xf10 [ 239.048370][ T1139] ? kthread+0x3c2/0x780 [ 239.049699][ T1139] ? ret_from_fork+0x45/0x80 [ 239.051140][ T1139] ? ret_from_fork_asm+0x1a/0x30 [ 239.052677][ T1139] ? netif_freeze_queues+0x17d/0x1e0 [ 239.054299][ T1139] dev_deactivate_many+0x28d/0xd50 [ 239.055888][ T1139] ? __pfx_dev_deactivate_many+0x10/0x10 [ 239.057603][ T1139] ? ref_tracker_free+0x2e1/0x830 [ 239.059159][ T1139] ? __pfx_ref_tracker_free+0x10/0x10 [ 239.060791][ T1139] dev_deactivate+0xf8/0x1c0 [ 239.062179][ T1139] ? __pfx_dev_deactivate+0x10/0x10 [ 239.063718][ T1139] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 239.065536][ T1139] linkwatch_do_dev+0x11e/0x160 [ 239.067008][ T1139] __linkwatch_run_queue+0x2aa/0x8a0 [ 239.068547][ T1139] ? __pfx___linkwatch_run_queue+0x10/0x10 [ 239.070259][ T1139] linkwatch_event+0x8f/0xc0 [ 239.071635][ T1139] ? __pfx_linkwatch_event+0x10/0x10 [ 239.073187][ T1139] ? rcu_is_watching+0x12/0xc0 [ 239.074625][ T1139] process_one_work+0x9cc/0x1b70 [ 239.076134][ T1139] ? __pfx_process_one_work+0x10/0x10 [ 239.077709][ T1139] ? assign_work+0x1a0/0x250 [ 239.079143][ T1139] worker_thread+0x6c8/0xf10 [ 239.080561][ T1139] ? __pfx_worker_thread+0x10/0x10 [ 239.082101][ T1139] kthread+0x3c2/0x780 [ 239.083396][ T1139] ? __pfx_kthread+0x10/0x10 [ 239.084854][ T1139] ? __pfx_kthread+0x10/0x10 [ 239.086296][ T1139] ? __pfx_kthread+0x10/0x10 [ 239.087749][ T1139] ? __pfx_kthread+0x10/0x10 [ 239.089192][ T1139] ? rcu_is_watching+0x12/0xc0 [ 239.090686][ T1139] ? __pfx_kthread+0x10/0x10 [ 239.092151][ T1139] ret_from_fork+0x45/0x80 [ 239.093557][ T1139] ? __pfx_kthread+0x10/0x10 [ 239.095021][ T1139] ret_from_fork_asm+0x1a/0x30 [ 239.096555][ T1139] [ 239.098219][ T1139] Kernel Offset: disabled [ 239.099539][ T1139] Rebooting in 86400 seconds.. VM DIAGNOSIS: 02:18:43 Registers: info registers vcpu 0 CPU#0 RAX=00000000004e44b7 RBX=0000000000000000 RCX=ffffffff8b6953e9 RDX=0000000000000000 RSI=ffffffff8dbdb691 RDI=ffffffff8bf46ca0 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e10 R8 =0000000000000001 R9 =ffffed10056465bd R10=ffff88802b232deb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90852310 R15=0000000000000000 RIP=ffffffff8b693c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977ec000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002ec0effc CR3=0000000075a48000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000000 RBX=ffffffff93a46de8 RCX=0000000000000002 RDX=1ffffffff1b9c9a1 RSI=ffffffff8bf46c20 RDI=ffffffff8dce4d08 RBP=0000000000000001 RSP=ffffc90004efef00 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=00000000000128f7 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81a07413 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978ec000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002ed06ffc CR3=0000000075a48000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854c26b5 RDI=ffffffff9addfbc0 RBP=ffffffff9addfb80 RSP=ffffc90006d7f220 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000032 R14=ffffffff9addfb80 R15=ffffffff854c2650 RIP=ffffffff854c26df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979ec000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002ed15ffc CR3=000000006f87a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff81c9f168 RDX=ffff888021a18000 RSI=ffffffff81c9f21a RDI=ffff8880219e5430 RBP=0000000000000000 RSP=ffffc900005e8870 R8 =0000000000000006 R9 =00007f5ee64579b5 R10=ffffffffa0000958 R11=0000000000000000 R12=00007f5ee64579b5 R13=dffffc0000000000 R14=0000000000000000 R15=ffffffffa0000958 RIP=ffffffff81baacd0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f5ee62f5500 ffffffff 00c00000 GS =0000 ffff888097aec000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002ee13ffc CR3=000000002326e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000005000001 Opmask01=0000000000000000 Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcf8552f00 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65746e6f63007325 203a726f72726520 64656e7275746572 2072657672657300 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40514b4a46005600 051f574a57574005 41404b5750514057 0557405357405600 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3230002030203030 2030302030302036 3220313220313820 2e30203020203030 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020002030202030 2020302020302020 3020203020203020 2030202020202030 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3f2a346e3f362a3a 322a6e692a3e392a 6c3a2a3f6f2a3332 2a3f3f2a383f2a3b ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3e36003a3a2a3a3a 2a3a3a2a3a3a2a3c 382a3e682a6e322a 3a3a2a3a3a2a3a3a ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000