last executing test programs: 30.888882775s ago: executing program 2 (id=6459): pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = io_uring_setup(0x36dc, &(0x7f00000001c0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r2, 0x6, &(0x7f0000002000)={0x1}) fcntl$lock(r2, 0x26, 0x0) socket$inet(0x2, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000004c0)=@broute={'broute\x00', 0x20, 0x1, 0x240, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, 0x0, &(0x7f0000000280)=ANY=[]}, 0x78) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) kexec_load(0x0, 0x0, 0x0, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000080)) close_range(r1, 0xffffffffffffffff, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20058041, &(0x7f0000000040)={0xa, 0x2, 0x0, @loopback}, 0x1c) splice(r3, 0x0, r0, 0x0, 0x10500, 0x0) 22.22783689s ago: executing program 2 (id=6459): pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = io_uring_setup(0x36dc, &(0x7f00000001c0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r2, 0x6, &(0x7f0000002000)={0x1}) fcntl$lock(r2, 0x26, 0x0) socket$inet(0x2, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000004c0)=@broute={'broute\x00', 0x20, 0x1, 0x240, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, 0x0, &(0x7f0000000280)=ANY=[]}, 0x78) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) kexec_load(0x0, 0x0, 0x0, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000080)) close_range(r1, 0xffffffffffffffff, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20058041, &(0x7f0000000040)={0xa, 0x2, 0x0, @loopback}, 0x1c) splice(r3, 0x0, r0, 0x0, 0x10500, 0x0) 18.929287048s ago: executing program 2 (id=6521): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = getpid() sendmsg$netlink(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="01000000130001001f00000000000000030000000000000008000000ff9d9fd7ffffff083bf400", @ANYRES32=r1, @ANYBLOB="030031800200d16d"], 0x30}], 0x1, 0x0, 0x0, 0x40000}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r3}, 0x10) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r4, &(0x7f0000000300)='1\x00', 0xffffff4a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) write$sysctl(r4, &(0x7f0000000000)='2\x00', 0x2) 10.003266706s ago: executing program 2 (id=6521): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = getpid() sendmsg$netlink(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="01000000130001001f00000000000000030000000000000008000000ff9d9fd7ffffff083bf400", @ANYRES32=r1, @ANYBLOB="030031800200d16d"], 0x30}], 0x1, 0x0, 0x0, 0x40000}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r3}, 0x10) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r4, &(0x7f0000000300)='1\x00', 0xffffff4a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) write$sysctl(r4, &(0x7f0000000000)='2\x00', 0x2) 7.349573496s ago: executing program 2 (id=6575): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="611230d0ffffff0061134c0000000000bf2000000000000015000f00511b48013d030100000000009500000000000000bc26000000000000bf67000000000000150300000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586162c17600674290ca9d8d6413b8199e34f67ceaaa78710f9f8aba4765c91382f497585ca39c595b21afa6bce62b5ab0d44e9c32ad6f0349d92962a58d39494a19a9183362382792ac85578d3de07b7e155cf4ee5e3dd51212d2831bd8e2655b2fbd88791e4c66c832a774919b28b8a62711f0f156e636804e1d3f44a5ff3d63a3a51f0c7ec0c8c25e072194ddd83aa155a537e15c0d91f502deef03f83e826718705c9aef9613ac4a325a428d147c1749196e94226671fd9573ab0d079d44b13b56f793e98ab571c58e98e022f18a3be3f318e0690fff93f44f22473dc8004fc758218349bd3f0516a72a7ea913bfa7603063e"], &(0x7f0000000100)='GPL\x00'}, 0x90) 6.053341387s ago: executing program 1 (id=6582): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x28, 0x1, 0x0, 0x0, "", [@nested={0x104, 0x0, 0x0, 0x1, [@typed={0xc, 0x3, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@dev}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"]}]}, 0x114}], 0x1}, 0x0) 6.052818852s ago: executing program 3 (id=6583): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) pipe2$9p(0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) recvmmsg(r3, &(0x7f0000000440), 0x0, 0x0, 0x0) write$binfmt_elf64(r3, &(0x7f00000000c0)=ANY=[], 0xc63b9e35) sched_setscheduler(0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x0, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r5 = socket$netlink(0x10, 0x3, 0x0) writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r5, &(0x7f0000000040)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="e00020027f000001000000000100fbff5c8bf8bdb6e5b4ad8d3970679504943740c864f5e252a81fe2b100"/57], 0x14) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x14e22, 0x0, @loopback}, 0x1c) 6.044444773s ago: executing program 1 (id=6584): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002400)=@delchain={0x4d4, 0x65, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0x3}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8}, {0x54, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'veth0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8, 0x1, {0xf}}, @TCA_U32_MARK={0x10}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0x430, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x414, 0x5, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x1, 0x4, 0x4, 0x0, 0x4, 0xfffffffe, 0x5, 0x3, 0x60a9, 0x6, 0x1, 0x1, 0xd, 0xffff, 0x9, 0x200, 0xdf5b, 0x7, 0x10001, 0x2057b175, 0x9, 0x7fffffff, 0x6567ffd7, 0x8, 0x200, 0x5, 0x2eb7800, 0x7, 0x1, 0x9, 0x5, 0x0, 0x9cd5, 0x7ff, 0xb01, 0x9, 0x0, 0x2, 0x1, 0xfffffffc, 0x10, 0x6, 0x111a, 0x8c, 0xfb6, 0x30, 0x0, 0x6, 0x4, 0x8b3, 0x4, 0x2, 0x3, 0x3, 0x1, 0x0, 0x10001, 0xa, 0xc3e, 0x9, 0x6, 0x8c, 0x100, 0x40, 0xebe3, 0xb2, 0x3, 0x6592511e, 0x0, 0x1, 0x0, 0x7, 0x5, 0x8, 0xff, 0x3, 0x2, 0x5, 0x9, 0x4, 0x6, 0xfffffff7, 0x9, 0x3, 0xfffff800, 0x8, 0x4, 0x4, 0x5, 0x7, 0x8, 0x2, 0x7fff, 0x4, 0x7ff, 0x3, 0x0, 0x10f, 0xb, 0x2, 0x1, 0x8, 0x1, 0x10001, 0x821, 0x3, 0xd, 0x9, 0xa4ed, 0x1, 0x7, 0xc0, 0x9, 0x7, 0x4, 0x9, 0x7, 0x80, 0x0, 0x3, 0xb, 0x7, 0x6, 0xbdc, 0x5, 0x7, 0x1, 0xeb, 0x48a8, 0x8, 0x7f, 0xdc53, 0x5, 0x10000, 0x40, 0x2, 0xc, 0x4000000, 0x7, 0x9, 0x8, 0x73d, 0xc, 0x3, 0x7fffffff, 0x34, 0x1, 0x3, 0x3, 0x61ae, 0x5, 0xd, 0x8001, 0xfff, 0x1, 0x700e035e, 0x5, 0x0, 0x9, 0x5b7c, 0xfff, 0x1, 0x6, 0x4, 0xfffffffd, 0xffff050e, 0x80000000, 0x6, 0x3, 0x7, 0x8, 0x9, 0x290d, 0x1, 0x81, 0x4, 0x401, 0xfffffffe, 0x6, 0xffffffff, 0x5, 0x2, 0x6, 0x1, 0x8000, 0x0, 0x4, 0x2, 0x9, 0xb, 0x7, 0x20, 0x4, 0xffffffff, 0xdf4, 0x10001, 0x6, 0x8ba7, 0x1, 0xb, 0x3, 0x3ff, 0x101, 0x6, 0x4, 0x0, 0x0, 0x100, 0x0, 0x5, 0xe3c, 0x145, 0x6, 0x0, 0x10001, 0x1, 0xb, 0x0, 0x0, 0x7, 0x0, 0x5, 0x800, 0x209, 0x7, 0x5, 0x1ff, 0x7f, 0xdc, 0x5, 0x2, 0x4, 0x7, 0x2, 0x3, 0x401, 0x4, 0x1, 0x101, 0x200, 0x1, 0x6b00, 0x6, 0x50, 0x1, 0x0, 0x9, 0x5, 0x7, 0x5, 0xff5, 0x5, 0x730, 0x3, 0x8, 0x3]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x80000000}]}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0x8, 0x9}}]}}]}, 0x4d4}}, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) syz_open_dev$video(&(0x7f00000000c0), 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x7fff, 0x2) syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) pselect6(0x40, &(0x7f0000000000)={0xfc}, 0x0, 0x0, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f0000000100)={r2}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000200)={0x0}) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',groupwid=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) read$FUSE(r5, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r5, &(0x7f0000002300)={0x50, 0x0, r6, {0x7, 0x9}}, 0x50) read$FUSE(r5, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r5, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r7}, 0x10) r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r8, r5, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x9, 0x6, &(0x7f0000002280)=ANY=[@ANYBLOB="18000000020b0000000000000400006054e464a8ee00dda3000010000000186900000200000000000000040000009500000000000000"], &(0x7f0000000540)='syzkaller\x00', 0x7f, 0x91, &(0x7f0000000880)=""/145, 0x41100, 0x10, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000005c0)={0x5, 0x2, 0x7, 0xfffffffd}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0x1, 0x1, 0xffffffffffffffff, 0x1, 0x1, r0, 0x1], 0x0, 0x10, 0x5}, 0x90) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000b00)={@map=0x1, 0x6, 0x0, 0xc, &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f0000000780)=[0x0], &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000ac0)=[0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000b40)={@cgroup=r4, r8, 0x54, 0x4, 0x0, @prog_fd=r9, r10}, 0x20) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000180)={r3, 0x3, r1, 0x6}) r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x2, r11, 0x0, 0x1000002, 0x0) r12 = socket(0x10, 0x803, 0x0) sendto(r12, &(0x7f0000000740)="120000001200e7ef007b000000000000", 0x10, 0x0, 0x0, 0x0) recvmmsg(r12, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x14c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 5.139734372s ago: executing program 1 (id=6588): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socket$inet_udplite(0x2, 0x2, 0x88) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af24, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)={0x28, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}]}]}, 0x28}}, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r8, 0x4048aecb, &(0x7f0000000600)={0x3, 0x0, [{}, {}, {}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmmsg$sock(r1, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) 5.059445596s ago: executing program 3 (id=6589): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socket$inet_udplite(0x2, 0x2, 0x88) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af24, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)={0x28, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}]}]}, 0x28}}, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r8, 0x4048aecb, &(0x7f0000000600)={0x3, 0x0, [{}, {}, {}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmmsg$sock(r1, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) 3.671692274s ago: executing program 1 (id=6593): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003540)=[{0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000180)="31ab732abda0ad89281b2f0df75394f09d985dd88bd336d236badceecf9ebad6deec5e01719baf69fd8bc43b57e2f5b16ade367cb54ffcc32e05471802c7950ae6379e85ef52b5ad39fa52ec8baa546d0463d6f353c0df6af4d3adb451aa8e20b3885fc7e5bc06ddb24132ab4db0e7b25ccd34a2a29a400d2c9a75102062c563a6a0d6a305ad6d7578bc73880c4a87221ee571c50193c5a84b97f2dd7c6210bb6614a0f8595cb209f4f958b57830f7656b56659cf7e74dc40a0c2326c403d82f5d0e737a8347507b00e4e5292138bf227f5d479c616586925834472bc8c03522a513cabcd06f8ca33bc49c369624d3b344cadb832666f2", 0xf7}, {&(0x7f0000000280)}], 0x2}], 0x1, 0x0) recvmmsg(r1, &(0x7f00000038c0)=[{{0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000840)=""/245, 0xfe61}], 0x1}}], 0x1, 0x0, 0x0) 3.655421332s ago: executing program 3 (id=6594): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) pipe2$9p(0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) recvmmsg(r3, &(0x7f0000000440), 0x0, 0x0, 0x0) write$binfmt_elf64(r3, &(0x7f00000000c0)=ANY=[], 0xc63b9e35) sched_setscheduler(0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x0, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r5 = socket$netlink(0x10, 0x3, 0x0) writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r5, &(0x7f0000000040)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGREPORT(0xffffffffffffffff, 0x400c4807, &(0x7f00000000c0)={0x3}) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x7ff, 0x4) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x14e22, 0x0, @loopback}, 0x1c) 3.566713842s ago: executing program 0 (id=6595): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r1}, 0x10) lsetxattr$security_capability(&(0x7f0000000a40)='./cgroup.cpu/cpuset.cpus\x00', &(0x7f00000002c0), 0x0, 0x0, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)={0x114, 0x28, 0x1, 0x0, 0x0, "", [@nested={0x104, 0x0, 0x0, 0x1, [@typed={0xc, 0x3, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@dev}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"]}]}, 0x114}], 0x1, 0x0, 0x0, 0x2000c040}, 0x1) syz_open_dev$sndpcmc(&(0x7f0000000000), 0x200, 0x480000) 3.565166876s ago: executing program 0 (id=6596): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002400)=@delchain={0x4d4, 0x65, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0x3}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8}, {0x54, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'veth0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8, 0x1, {0xf}}, @TCA_U32_MARK={0x10}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0x430, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x414, 0x5, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x1, 0x4, 0x4, 0x0, 0x4, 0xfffffffe, 0x5, 0x3, 0x60a9, 0x6, 0x1, 0x1, 0xd, 0xffff, 0x9, 0x200, 0xdf5b, 0x7, 0x10001, 0x2057b175, 0x9, 0x7fffffff, 0x6567ffd7, 0x8, 0x200, 0x5, 0x2eb7800, 0x7, 0x1, 0x9, 0x5, 0x0, 0x9cd5, 0x7ff, 0xb01, 0x9, 0x0, 0x2, 0x1, 0xfffffffc, 0x10, 0x6, 0x111a, 0x8c, 0xfb6, 0x30, 0x0, 0x6, 0x4, 0x8b3, 0x4, 0x2, 0x3, 0x3, 0x1, 0x0, 0x10001, 0xa, 0xc3e, 0x9, 0x6, 0x8c, 0x100, 0x40, 0xebe3, 0xb2, 0x3, 0x6592511e, 0x0, 0x1, 0x0, 0x7, 0x5, 0x8, 0xff, 0x3, 0x2, 0x5, 0x9, 0x4, 0x6, 0xfffffff7, 0x9, 0x3, 0xfffff800, 0x8, 0x4, 0x4, 0x5, 0x7, 0x8, 0x2, 0x7fff, 0x4, 0x7ff, 0x3, 0x0, 0x10f, 0xb, 0x2, 0x1, 0x8, 0x1, 0x10001, 0x821, 0x3, 0xd, 0x9, 0xa4ed, 0x1, 0x7, 0xc0, 0x9, 0x7, 0x4, 0x9, 0x7, 0x80, 0x0, 0x3, 0xb, 0x7, 0x6, 0xbdc, 0x5, 0x7, 0x1, 0xeb, 0x48a8, 0x8, 0x7f, 0xdc53, 0x5, 0x10000, 0x40, 0x2, 0xc, 0x4000000, 0x7, 0x9, 0x8, 0x73d, 0xc, 0x3, 0x7fffffff, 0x34, 0x1, 0x3, 0x3, 0x61ae, 0x5, 0xd, 0x8001, 0xfff, 0x1, 0x700e035e, 0x5, 0x0, 0x9, 0x5b7c, 0xfff, 0x1, 0x6, 0x4, 0xfffffffd, 0xffff050e, 0x80000000, 0x6, 0x3, 0x7, 0x8, 0x9, 0x290d, 0x1, 0x81, 0x4, 0x401, 0xfffffffe, 0x6, 0xffffffff, 0x5, 0x2, 0x6, 0x1, 0x8000, 0x0, 0x4, 0x2, 0x9, 0xb, 0x7, 0x20, 0x4, 0xffffffff, 0xdf4, 0x10001, 0x6, 0x8ba7, 0x1, 0xb, 0x3, 0x3ff, 0x101, 0x6, 0x4, 0x0, 0x0, 0x100, 0x0, 0x5, 0xe3c, 0x145, 0x6, 0x0, 0x10001, 0x1, 0xb, 0x0, 0x0, 0x7, 0x0, 0x5, 0x800, 0x209, 0x7, 0x5, 0x1ff, 0x7f, 0xdc, 0x5, 0x2, 0x4, 0x7, 0x2, 0x3, 0x401, 0x4, 0x1, 0x101, 0x200, 0x1, 0x6b00, 0x6, 0x50, 0x1, 0x0, 0x9, 0x5, 0x7, 0x5, 0xff5, 0x5, 0x730, 0x3, 0x8, 0x3]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x80000000}]}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0x8, 0x9}}]}}]}, 0x4d4}}, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) syz_open_dev$video(&(0x7f00000000c0), 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x7fff, 0x2) syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) pselect6(0x40, &(0x7f0000000000)={0xfc}, 0x0, 0x0, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f0000000100)={r2}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000200)={0x0}) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',groupwid=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) read$FUSE(r5, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r5, &(0x7f0000002300)={0x50, 0x0, r6, {0x7, 0x9}}, 0x50) read$FUSE(r5, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r5, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r7}, 0x10) r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r8, r5, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x9, 0x6, &(0x7f0000002280)=ANY=[@ANYBLOB="18000000020b0000000000000400006054e464a8ee00dda3000010000000186900000200000000000000040000009500000000000000"], &(0x7f0000000540)='syzkaller\x00', 0x7f, 0x91, &(0x7f0000000880)=""/145, 0x41100, 0x10, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000005c0)={0x5, 0x2, 0x7, 0xfffffffd}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0x1, 0x1, 0xffffffffffffffff, 0x1, 0x1, r0, 0x1], 0x0, 0x10, 0x5}, 0x90) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000b00)={@map=0x1, 0x6, 0x0, 0xc, &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f0000000780)=[0x0], &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000ac0)=[0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000b40)={@cgroup=r4, r8, 0x54, 0x4, 0x0, @prog_fd=r9, r10}, 0x20) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000180)={r3, 0x3, r1, 0x6}) r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x2, r11, 0x0, 0x1000002, 0x0) r12 = socket(0x10, 0x803, 0x0) sendto(r12, &(0x7f0000000740)="120000001200e7ef007b00000000000000", 0x11, 0x0, 0x0, 0x0) recvmmsg(r12, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x14c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 2.759217616s ago: executing program 1 (id=6597): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) pipe2$9p(0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) recvmmsg(r3, &(0x7f0000000440), 0x0, 0x0, 0x0) write$binfmt_elf64(r3, &(0x7f00000000c0)=ANY=[], 0xc63b9e35) sched_setscheduler(0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x0, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r5 = socket$netlink(0x10, 0x3, 0x0) writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r5, &(0x7f0000000040)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="e00020027f000001000000000100fbff5c8bf8bdb6e5b4ad8d3970679504943740c864f5e252a81fe2b100"/57], 0x14) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x14e22, 0x0, @loopback}, 0x1c) 2.656893077s ago: executing program 0 (id=6598): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4206, r0) prctl$PR_SET_THP_DISABLE(0x41, 0x3) (async) prctl$PR_SET_THP_DISABLE(0x42, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000000c0)={'veth1_to_team\x00', &(0x7f0000000480)=@ethtool_per_queue_op={0x4b, 0xe}}) (async) creat(&(0x7f0000000080)='./file2\x00', 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) syz_open_dev$dmmidi(&(0x7f0000000200), 0x2, 0x0) (async) r2 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) syz_io_uring_setup(0x6d05, &(0x7f00000006c0)={0x0, 0x0, 0x2000, 0x0, 0x5}, 0x0, &(0x7f0000000280)) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) write$binfmt_script(r3, &(0x7f00000000c0)={'#! ', './file0'}, 0xf000) ioctl$CEC_DQEVENT(r2, 0xc0506107, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) (async) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) (async) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r4, &(0x7f000000c3c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r4, &(0x7f00000000c0)={0x50, 0x0, r5, {0x7, 0x1f}}, 0x50) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) (async) syz_fuse_handle_req(r4, &(0x7f0000002140)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ed10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000889049938edebcd600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_fuse_handle_req(r4, &(0x7f0000004140)="02f00c1d0dda83190c8b2969e5d107b997d557314c4da896298ff72343456d7ad8d0a3c9d50de42ef139d0d06f47aefa86d39e623e4983730bc4acd2a3453e9ce8ab83ca57bba44ef9418053978935925402ab801b6979708a525ed019908b34e02f859ad4fe7ea4a350535a413c192c59200cfe1146cfce7eecb4623aeba4b78d98a60a06859f115f185f5849bc4bf657cc34fdbd22e7093ab80cc806d17ca48f8eece4181c9ac3c9683567bd26348a00f13b4227b52da5dbbff4d3903749eb428bb6a464379db2f0332abbfe4d5a1d8f3175def20fd81e00e99af5cd23e1fe1a02affae45d2fcca7311570b269f073fc727285b6eeaacd862f40f1e5b84abec8f63212c89e4458c61ab5c32f7347d7d537d267708129701bdc744d35218ce52988699adf1e34f61493fd397296b4ca0aefbeeea873eff80fe26c0bf3c058ab0ae570ac08e3c53079d31669f34bee6d68b92398fe21c1d76a24d858af557d7723d27c0435f70fe46b18d17f3c207ad809bf3cf81c3074be87ba9d2beb513903109a9dae4a56576ae7bd3ecd4917a2f22c756f100eb0f3b48f3c506aa5d717b9683762e8d268ecddcf5121ab06300b1cf3586c910bf23de3defeedfcc1e899c899eb483c9b30cc56181f34937c70e9a2482ce13531bb80293f85fe080e722bb628b67a1cc9a9e7607313f0ce60a8f79fb0807139f503622c7cdfbdef26fc004897ca200a9b4328e0961a79e46ea7734a51d3c8930ff903d4779a48b338f43ba5d6b50f27f69802ffeb5473b15e66835035b7bf41489804e99eab0fc7579f569b1ba37151913454be46c6cb12b4e5f8c7a0a64c992fe18e07088d4ae91fbe6ef05d74d63173823bcd63948ebd29b70f144c7a03c951de8e3873623c14c4a99b52a9ad881206005e66f8588b0d73994cbfd6aefddbf8cec9622f948fe21287b38b9daf40c6ccb3feedf50f90e8f4da6a6bbc14b87e514cd976302e223a3c9165ec4b79f341908a97e13331582f39da15f2e9a6ea5a836bff4a42cd816f7f2028763bee37e7bbd0ccdf419edd48c55a6883825cb3373eb0b222187fdbf7a0dd4c862e9c658a5590c62b95b2467b155a87013ad20d47bfc8e8049f8bee091cb893b5d507772ccaadabf407a25647019312cad64b940137ceb603e9854a41d540649d52e5b2a39e7865ac1ab41cc1304712520e8e2827403b01dbee87b8b0caffa3c1bdd3b81538743a5422be517a5c679543282fdb46b29cf256a9d7e1c3dfb69c399db615e2e785d5a3cc719cafaa7973a542679b3185f5f86e4864637ececc4557a5465b05bfbdfe433546fe822d00f41b45c1473fe88d8a6911cd673f3d71518d3d3918ed766030448f01ad5e5ab66a6eac88720f7205491f9bd15d448172de258c865534b0dad6e607819aca86211254ecaafe4597af845c1c92098320dc14d1bae44486a02b8e81733a2be227acf940df9a2e717d9373a52a82ae0863af2320ec820fa8778b1e0123d41e6a79055adbe1b63da8e84ad6eb7906ab65b92c493a8150685dab1e2f2a16da54abe9cddf141dc41ea8a600a5e28bd8a342be318fa91d2e98c36a681c98f5676b27583d49f4948666c80f3b49b2ef6b71896e980c6cf93856d2dfb59cdeab1d8940296207d1f15cf75d7beb6f744fdb38f34e00148f48b3b92d65dab43f3514761864c693e6fdf1e08be74ec507d180301d419cf151901bf2bbc1245bedfe9f8b91f64c869d0741026acb0499a4a7cb167107f609141c349a7810d16b417727ded0decd32b4d48a624d027a3d057a9763ac5139adb0042d70caf9969c7a6bad7afe5d8a48d0e5726396d379a2bfaf957468748c9944bad2dcbefb1474a7d782b2e8e278a10dc6d6dc921476d661cea4439d8ba17c95c9189ef879b52a1889574f70c022b0cb973587a70e5d4147aaf1d1f58836540eb0824e73386d2c3a94d253b99d4532c97c2a75588c536cbc24e47088dfebf31ffc0cb23076bb2f515546b3721d8063e3b88d3a8ea196b88564f65e5f808eff5ab6a30095d6e0978a286b9d693a6053231d71dbf96967b5a2c6eec44117078851bab60718ff22a3e8c522fa8d85d6df1a816b62a557b47b05c5df626a47928523541c23e9f0a0a86515437bc0eb7b9b4b7bb866206e093fb4a5dba6ad9d2424d7fb2f8f220b00be734c781a91ad4555f2714c6c59588300ad47d3ecb86fae178609fe60d9f604be31c05cf3cf1edffb45cc2ce24ec44434107834c6335ac09e2e931b0a8c6cea5ddee3686ec9bf9ef6693fc85e36a7fe1146aa93da6f4dd5f36ab0dcbc28d29ddeb481d5d4f8a2817733a8dff3cb07ac1256bd43dab768c1661e4c8bd3ede3aa548f90424fea8e39c6d5d639b49b7b4da6a95700ac6d9f66bae43320ebe5add0c0cf5fb8a1482c60a21d1ed54ca7967bc22362ccad5c9aca0a7151b53546618500ab0a32151c7e61fc1cd7207f165449d4935337ac69259142d952d83e415bf39227224f208ccd4f6476804b7a9ed45f14f7414e36c9c1000ae4ff34e5ccfa224875c81bf30a73300a22c9dbba7770d0078ff37c965b2d9f97e50e64072d7db371fe4cd364e305f64c1fc70b682cde8fa865fdd7cefbc528f3177a67a4f31f3085ab385705a5008d7572b8f6690c07a9f0d8754614bf036d4efa96b09258cc43787df3259138f995a6d9dd13728fa1745c8e4af63e48853bc63106859defe07c53ead96f2bbd300ace2df4281ee764ba0c2234d4e0da8c0bce90ee74322d50a5653001a6706c8f4f315219bbc7fa42ee186ac031ae2a7f806e539f6d498514c3b657f6b6864ba1cc94879bc70ec199ce4124907bbaf5087280f9288a51f6d2849a2ad906aac9e98874fa678c66e0d71479f71d81aea11acca91b1a80e1517f6ce93d63deb7712a15232856db2e4e33b0c50f638c5c0b11fb81c4d9d1f4ba9914b8cdb1ee091b320db91850700a5ee1f8b837deaf3eac758b1aa03ceaf559cd87f5bea97897b97661746fd0e08713fd5fe42a87de04a2c9256571a14818750dc51d3c5190d8c2055860c0470309ebdbcdf1c050e0de01e6111bafd83eed68935fa61dea3dc55c278080935ee9d36233148dcc1ea0a3867ece386248ffb58ad2c198ef8ba29ea07983740e584daad92c62ec10c3dc16be4283bae22ed5e39a9821a29a40952950abf6b41732933950312719749ad06eee0c08eae0136eb4f16cee5ed167df66482ece475632dd25cc43782df12a8573492fa46da81b527213b098e3d9b0bfc9da02bde9c8f0672778cc418f4c0a113a513b358674de8b218fd3345ccf4179a9db6c0e1858e558e749036ea70c045d572ead75e60cf08fb26551741fdb86ff3c0bfcda029aecb789c9b8e27f360ce04159b9814674a3b5ac823546d4ac467ae878d2d4482e4d5bbf8945155410b8e7ec05619c3d6e254e30879f4dcc3d93b5c3e3f73230e2bb406accf83cc5a3f4b8388b851a98fafa03ddf392b9c0c5232445a313f440f158b20cbc34c29a0e36a062a10ec77d0bbeeba5771da4dfdf3654140f53e85d98f6a065850ff5afec907eddae8b7128ba9dd0821acc8511f3e3c68e9ef9da35df09315619ab781192a648baf254fd5f35cb650b7672a9a82f989bf2039961f68763e34db401c903a40a5ee9495b7011893639ed3c3b83998503905cdc1dcfbc223bec4cbb5e1459ec4bfc6eb14dec0741e2364eb9cd9d988013ae2740b722704d99576f897aca6b3d5c34a057d8a5f51c1bce080936a21fe214c3516c6edda99c4fd104e033fb553839a386fa74549921ff4216589dfee205fec1031e121bb58ede2fad12805785abedd162396e11d36dcdb1993853eefb6e1c8c72afecf98969db8216da5276e347a327c60ec97865e2397127198151feeb9e0e6268fa6e88c50ec8d681450e642fc01455fa216f9835d6e309f9e4b5129a2a56db042f0c0486a47033b52f59513094864c0c6c313c7edebebc28db44679c3544e93375c80cb782763f37d85eba6c0bae5934875444245d467de5d6a463443933ae95400f88441d70891e6455f73356717f68e408b0cf91f0deb9aabce6c1cbb1459d8095433a1e08039132fb8ec30687f856e524ca8ba00b6a20225da41bfd260fa214c26de5844246d44ac5ee2af44f158da1f55188277161d7158fcb97b1e37ff3088cad7e79e78b19c7440ae76356f0b094f928a61e9195fe87a0330baa29dc5e1370abc024577a521ad224074f5ee52c30326e2d1e87044b2027232ac28ba099e211a7b33df9fb6d2fd662b7d38a14c40538dcad133f4f75ce114cf8e583f74d2d5251547541af0236aa59075263e2611fc807ff898163c56ef01e7454da2a6000ac229530ea7bf1eb75529d3c98e6f7fbf3d4cba327ed5cdcb83df0c11fbead1de4ec3ac5c2cb8dda8591f4c316e23a0668ca25149f8a55a47649daf9e40f784319e8b901e70a8a31bb4f8c0a86a4999bdfcb0e9f297e753bdb2a275ef98a92b8dbab2d6eedc06ce92502ae7ae76f6b13264ba41e717f8257e34bf1ba512b335d5d178d74742cc0ec6e7b16942095cde010cd90b5c8a158b65fc51d958a96a7d20446c1fd8d1b0fc9f2de8f404a80b504098dc68e2c60b0f43ab538cba0ca5409dacfbdff2267374775605dce498514ee7b32a7f55452986b12dc6178d6a926dfbac6bbdcc051d0cd54bc3aca47bd665e01bf1f050f7903f031197594c513ce5ba931e2819f5bb63c5238c19c1be9f4d9668e5c075804fd43ea60f0ab9f00e06683b8e29379a9326b40e8fe05161adf1cb519c31ecebcb042ed1fbb4b9f1b12470bef6e964855baaff5a7dd6146f07caa8097c778bd10e5ce995884d1f3b91962a7974d84de6157d3f54735d5b82e11e6fc000874ecd396114c693ce2297caf7a9c6a6814a890e4d74e17a16339ba103c0d2da87e522ed67cd23047c7d9bd1562234aec98b85ad4534522cca58ee17ccb9c8fe7cd68ad3d6d6e0edbb550ec957772ee1109d501ab76e364a988e02e6b4a5b62f72e61fa7cc6120d12414d3c8ea09bfaac8e806d19dd76f940b769863d200861e44c72bfd870005f6663a7a6d1d60ac1e376806293d5143968d37af14301c9d6506985eb7bdd607dfa4d3cb5cb058019cc5502c534d3a5a1337bbf6306184230cc21e3ef7744b839cd82fc6347316e098e05ced0f25b9cf5721f2d003bdb4e0a79eff90ec4aacd6afbb78ca6f129cd16c8b2f3aefb5a2036951db7ebb40d36723a75723b3d1011e6085493664bf5d336c5cb4079ae1ca2412c53c464831844c27f089ffe345a2029118672b2fd2a24c72f9088dc5f92cc5f3bcd6c7359f52d32ea15172e95af7e6c81c52f20995877cafed48dd49762701c88c225bbffbbc3160d838957588fc2d41efab4148bc961e8d66b5b21e7eb4228a132d61a1c9f6e2baf7430d92478a3948fca4e10594167ca5e72678189cb4e90a0b0e45caada64d15010d73157cd8b4d04099ecefb1ed187d673d1bd33f13dbe4b44d351a34738280f21a79b3146b0071a0924e643c1dffe0d8c72b3bdcc00f203153f63c249f18e0e9e7ed1c0237411893832fc5be40d308b194bb04a17e38f0717a0808058b7291d20b6f0f1e5ba11e2351d985138c61806b41ea5a77ef80feb1f6f7383000e97549487f1bc9c3b5e8ccb6ed7ab8e08b258c75d5aad2a01fe8b5777ef5c7ec1eb3feca16dabf8eb50312f8786d5018d7bb7c9776f028af7b3423af3410696587f3feba823e5e3ccacfeb23fd4359c252b2ab5136d2fa7a6633758b5c45099f70a672999329eba1c89f07af0eb7c3fea5ac468ce042d699b6f391eaccadcf6d14e97c620a5eff7d92946f09d79d31cc876da261182a73a3234d5e53709185680c8b5376e4d8445fe4fff988062f23e42e4b7908ec079a840f0be839062074c22c44b7f4c4b23be2b6656abbb103acc0bd5058e0112a7d55cdce5042a76fe24ba5e9a1105c68dab94dddd44cc6c860172847f20e6ebc49787ed8ca19824b09468933ae9a496e960b7c592e783b6a5f10a9d9c2265794c5891ae7eb9cca9b3f99981a252d522047b95fdb518fe681829948a9d329b9cc7cb2f806ee81a3c930c73c8f12a05b47f1470ff08d5a03f37dacc1e4a7f65563f8825f9ffc316c2ed7a5ea434cab348c850d1b8eaaa0ab2ef7460269aef06f9c46a1957575cee49e1aa72d470dc9763b4abd61d34693e462353c1d023249bb7085f1362ec6bab9d349633d5f9637e6a12690e502f8af9c2d37a3f573411595539c66e9f82d5b39c01606af258e769b2391c3cd0bb0d93eaa36e168136b301d516724ecb173a0766ea9e9d5be5dcbf58e0322261e584d22594cfac91d16bcf38b8cb69e022b0956fb4be2981a526bb1832749ea1f7b188dce590927620ad9d6162ea52bbdbd14b45ff967f183c1af4269dc16a1be7b0b5278ec02a259aed022039e70a9c1456997fc1d053b1ab54238d8282dd11b68b806c745a257a7c0fcfad3277245b1f7749243f457121b3d17122f27be6b1c56e9bc151f52db66c92246072ca4e5d10619a6730b1609f133b5db1f2b0bb4a86dee2c44a6e25299ee74b99eeab5f195728aa45dc7bd300bccb48819bd40b12152b40e1395ac25d8b0cd1ae12b9cd46a8e54f495cca85a680cd43f70f55505f1a72c030dcebbb2e5b26ec971cd58c76ee67d86fe075bcad475658f1cdf09c94bcb5b4db83b3147882f65f67921267f8471d8deb7b159761c83fb9547db71b6878a21287aef6a2e01134e735c073645d2488138f280754ddf66cf8c0208e51a96696e185120a6b84a73d2c9bfbfa9e501f1126b44c491ec437a0b490cbcec5e8e0e0c21f803354d2d1923fe82509706ab34eb03101dded5f6421a6b90dea3db643a22eee1549e30d44184bbe7b842a656b91184ebbea76d00942b429dc07c704750fcab290c43bfdd2aed8257c21312933a11a76d0be361753a49ccbad5fab68eef867e11fa99a1d8021218809c0ce0bd52bed2d5c97fff7283e549afee371b7f1b3973ebebcf11f9687c7086129ada7bc09bca2da4fc02c0af28aa043f3f2c1e02dadfbc3a245dfd2e30e6050e05388006852e871b6890ddc006072d1a062978240df6166ba6ccb732195f21bec579d3d2b3f13e818e9fac77be72152fd441f6ab772b7fd3f888a91f8420f336e5a69e36dfdcc23b066506167960dcd1e5c84d4f236bb83f8daf03007d86d5b34aee798755077dea9b4faf98daa725cc3ab671b3b2b95c193530e0d018309a460a518878ee82e8495622028383ee97fe6a0111521b9a60fe51011bd0c62ee11e7a3dc5a0e8e8b82e476e752f63c5ba75a32e7b5b40d8ed1f539b3262351ce42d1bbcae0371ca72790ca4deff1441404f072947970ed3f23894e6c894c9fc7644c4082188b1ac8ef1e5c045bf438b9b81c7333859fcd071100785e14568c784ca30c4aea8a728a7796a201aa1b65a9355cf368b440498c433414141aaeaf722b9ee70b7cd28a3c2beb61ed99b619a4486b4b7210fe5b1cffa4474421b41303f6de7432874327532cbaecd0e1e9e90f00cf03161e9748807f3728e947c1ce281f3417a3a162deb2d01a5aa330e95b5624769d278aabfdfe6e8089c62ee1c26be5c121cfef2fcb549c1671497a05c2a397f5090caf6913fb39f01a095d55d33ae31d36bf223cd506ef2eaa48b1729c2dbdd7cf84bd1c2d0ebed7b6487991de616517c4e53665e60e6bbf559dd5cddd5eb88087fe6d0e2632f10b9e0f653bafbf992f55dd2592bea82a9a5958ae3e767bcf2c50b691e33dab8d2b1b2fb33419b5dae945a7d4a0169ec64817cc02b02139d7f70bfb42516c913311b42323cca46e690467c894a26ea624432b3c536f48ad569d56d8bf131048f81c0bf77460bf7acdf513087bcca1366bbfd05136ab5456f7e99f545f343eebf57299bfb4ef4a3af05357037e7080ba36084505eaa7339fc981cb99e381c3456d3de6cec5c5dc76427b13db53c9bfe516577b51411602146929e08c8762e6c99325a00242bd15f511f25eed7aac3537aca0407c70f362a0583fa10bb259f758feca1edb4f8adff7626bbf67fa0d940bb773d1afd523033b25107fe02161faa7a2bfcd629e58d681be5e980f8d563daac8532bc747a4242fa539416bfedf38cd8e3aab1764102c87627308abc41f6ebf8f03126d26ef90c10f0dd0fb5be22ee794fffb3ef0537f640b92c2ec335ff99422fe5fa41467e1a95fdc98e13881e1912f73afb489f237acfa971f6f64d9dc0066552167ebad1a7797412998a748d3b236e41ee5a8c223a1fa033389dfd2beb582987344db19988096e3bc0c44c8fcc4ef4a1d60b3991a5e3eb08d476c6dbdef30ce2b7f84de6925e28eed23daafe6be895d9b9c055519f9f3dd5c67cfafb5138380f581ec2bcd15c415087c85c32db56fd589883d3f1c81d56fe2436e910bc873596d4fc5abe0046e00934912f70c028c41390091988fe9fc46df6f10edb697bd1408486860fb6e77c76b4778a151769be25d891c1bde084ddcf964a7d3e528fb39835d8a003ee95e31f7c6c8f22e2d97454b8bff0450f6d9d3f3066041f19aa7e99cd00bcdb238e493912ffa5992eaa0c10dc4e0c4277ad8b5b9be74f72a0b2b89cb5df3ff6e06d84b4db052a1846a2b8284d49c0562f561dde8fe38bde79afa4eb12095c9fcfb9805ff76db4c63f2c737bb97117f880284feac51aeb26e21071a8770cffb4670fb94894c5b7cb6b60c3cc6a0e04458371bf59669f07be5517d5aafd2485aac11e29332bc9c0d9aab851d40aa713665be691c1887ed057e63bdb4da732f70dfe503a009c6c431d6780559273215a222228082dbe613d2dc235908927b1693adf812ddd267d1f7b64abc5e174b057e550c60d5b4e5f4aed8fe16dc5ecd7d7fbc3647efe8abbd9f2ce4f21a14d2e76af8a0551d99f1d35cfee6a068f521af0340750658b415685ae99459744c3b29e24f70977ca21e8638045a3dcb88556904f4cdb31920b89dadc5b846d7a1306d1f86d179e1f611d0c061146e3df0aac42cc6710231d844e167a57b99f68ca174152d088d5af232d5d4e186f026dbd0fff228e7de1ce0e5d28f439e94b6cf106306a740071a03ee25387d1c0b2da3b24dfbbbf078458e3db1c42d1c369b3f57946cfba615151c118e5bc31d43f9621bc30ab6fca226285c50eaca6daedb148d0c4acf1d9691e875338221074630d9ac117fc704b06da6b595f9906681f5a598d0308da0d56e45a216860a3acbb2e00376d2931a21695239a8216347d39f649c0d990191a62a32563cc967a03e606ada7dc76e67a1e867ace9e05e8a27d96987b93eec3cbce6c8c4021ef2a7a862bcb49b2450c63802c41bbfd8ae9f3c9a55a570470c41a9ac7ec88c83d5c1f2c9342b30ab09e50271a7be04feedf85abac9efaf1422a045f6383886d3014c6436c7986f264d119b1f8aec8c67be8147feebbb94266c009d98db54dcfd9b6f275f13c210d10d808b55cb558faaa2a89f90023fb7aff01dcd6143c7fb985e286ae7bcd521916794ac148bf85ef14d8a54fe91739a4b0c3bfa4e77d70ebe0bd187364be48953bbcbb220dd43f2e9382d430dd0baf069b6e3fa46d696317b4b0dc030c7edf27c416f33082ae1b0b13290580b5c513adb90fd373af0403f268521fcad12940dec7f0532aff0f78813416cf965937f7ca0eaeee97dcf7a7ec603b892ba55801a6637ff1a8e4d99bbb969ae06bfadc232f131b19cece7b8c998d6c57b9b68d2252d7e543091583b67b868c8dc079c1c95294c5e039c637b1a02e58d614fdb79f3f08a29f9f90ba09370675ac1b071f07bbf97e48d3e3d102590c2fc4ccf5354c088f41f1abe507901a1b5e246c88f81e297a2876182669b16f1be10e68f3bc66c7e20f34ea5a5252ea013f71ef78931ea4e99f5ee9e4761cc3f773eb02fce9065c333eb58da334a67525d9f885747aeeb3193c3e6b60e037b7006435be7bf1eb5ac592e288984885b5f9781a900885c59ee235785501ab93d73ce758aba261f5cf1d732246096412a0a9334fc113b1fdedd0a15961a252479a91a889dd312a4fe44a49a5c8f3364740e2c84ad375226b0a8070d6e5f316320c6f33461e7c32395c60b531aef2690da2ce0a965df38756c26be257f62e89404ce58a62846e11ae30490ed476a484c5b798d0c67cbd795b7e02d460fc1be0dbf85180fbc7d650c14cc86cfe65259fde8d330ff96a175c49ccdca9dcc9886dcfdd763a8ac7bf4c02cec7ca5f808406a9a04ea18cab07febdb8f1f65e987de2cf830ed782ee590f857385f3514798bd3c98bc0bf3c9ceb63b7d2c4d084332f0f4702c185fe9b1a5780f8b11f18b10c9eae1d18a5d45d2677cda5c927906c507f21b987026965d5a9edc182cf6b104878aa8afe22731b2ec16b692cd2819b37a50036db1b6a47f6c47299a8bd35735d180eb1d75d956e8d020db4279fe1332664dfc01cedb5742545a3f2173a159841e11552564c3fbd39fdff26c4438d0b2f66b65f4ddd5778734562eb2bf1d56f5970a8463b520cbbc55dbacdf37a6a16e5c7135f3120c7bd4bf2fcefdf47d55d5a7ac628341ecf694098fd457d23bcce0b2296bf99ab9aff749af11b22fa2f24d4ee95659f3faf48978aea794a80415c845a6d7f924c68a62972db65b9185ff527719c5f8bae299fd50bb7ee1ced73528ab0648b870d8e8ff0acecabf2de8fd4ad30b1fce4084d8e1cfcee237f13a27e4d238f6d2eff350f2393f5ed9918cc35917f2035b1a5faf297bff886b6716db37215b822c8af5142ac94849e5484adb4e59ef85dd56473b1f6e1f6065c8e744377d98815f53244558c42af67e3502865bc81c37741c5ed3ed07e33c64a9d8b2f527e54e3c7e10666dd95eed759e8a3244c5a704a9349ee929752226d01c10bfa94d31ac2ced8261e5fc3a15f68500a9e7b5ad53fe3de581ae3fc9a03fc4da706c17b40ba5d9505938dd55f09989812e25ee54f7668fe8bd274e0c0b040a15c18b9d8bcee0cc88590637a8e7b6792ea8aa8dfd4fa8cfa183f3ce15308acc9d91d02e7f7b46f472c8fabead73ebe033fcc507384948a1eaf03548d79b649be7715b1aa0814a59183424e49e86bc9781ce2e9e8277a85f9b0b4faff231453829faa628ab00daedf8b8aeaeef758bbcbeaf8863ba179e1054b3da56466486fd9b8dcc42ca1bae2d4ff8e0877d9a726744080e125f7a1bbca906bcc59e8798e73bd79e5de3b4a79aa2bc2e8be40b695b5add3a8fc0952053bfc352849fe1ba9da83daca4c904c66fe91e55709ebca2a36356912a285f2206446b3216d78c9fe498431025b1af22d99537d5f86efb23e11e6e8e7d6cd97069c533e908cfb234c26a3424915459c53bf76ff18d7cceca11511b689611ff74118844aed1d4882f5d2a9d051bc3e051a53b7633138d0325082263497c9102cd33fb16c27a93055617ad14befe6321d40251d239d45a89bb079e24b04470fa75454d91bcc39c233eb0ad4a03d5667b9c7eea0d927d665dc2db377c71cfee93bbcd77f6096a2dd14452f1d74a9ebc7288670943ce9910f", 0x2000, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x18, 0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x4080, 0x0) 2.629839673s ago: executing program 3 (id=6599): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip_vti0\x00'}) socket$can_raw(0x1d, 0x3, 0x1) io_uring_setup(0x30d3, 0x0) mkdir(&(0x7f0000002880)='./file0\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, 0x0, 0x0, 0x0, 0x0) ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000003, 0x5d031, 0xffffffffffffffff, 0x0) rt_sigprocmask(0x0, &(0x7f000078b000), 0x0, 0x8) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r4, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r5, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendmmsg$inet(r5, 0x0, 0x0, 0x0) recvfrom$inet(r5, &(0x7f0000000300)=""/237, 0xed, 0x40000120, 0x0, 0x0) shutdown(r5, 0x1) 729.551835ms ago: executing program 0 (id=6600): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'syztnl2\x00', &(0x7f00000002c0)={'ip6tnl0\x00', 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @mcast1, @mcast2, 0x700}}) socket(0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x3c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x5c, 0x0, &(0x7f0000000c00)=[@acquire={0x40046305, 0x2}, @acquire, @decrefs, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) (fail_nth: 2) 714.285537ms ago: executing program 3 (id=6601): ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000240)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000800)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x25, 0x4, 0x0, 0x0, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @multicast1, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x0, [0x401, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x11, 0x3, 0x0, [{@multicast1}, {@dev, 0x659}, {@broadcast, 0x8000}, {@empty}, {@local, 0xffd200}, {@private, 0x3}]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@dev}, {@multicast2}, {@private=0xa010100}, {@broadcast, 0x105b}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private=0xa010101, @rand_addr]}]}}}}}) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x16, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r3, 0x0) dup(r2) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="b4080000000000007311a000000000008510000002000000b7000000000000009500c200000000009500001200000000978397f6f8d449eca162e33d3cc50e3ea2bda29b6c5c0dd4ae4a5723d7bb1782d799214e20806df14107bbb18383f65bfa943f096ffd3f1a5195665bd897b554a4229f80258ac79116086d8764612511b5fbf0562c4034196f45d920ce764e50311836d630a55b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000300)={0x2c, r6, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_0\x00'}) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@dellink={0x20, 0x11, 0x101, 0x0, 0x0, {0x0, 0x0, 0x0, r9}}, 0x20}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'syztnl1\x00', &(0x7f00000002c0)={'sit0\x00', 0x0, 0x700, 0x0, 0x3777, 0x2f8aaa8a, {{0x7, 0x4, 0x0, 0x6, 0x1c, 0x65, 0x0, 0x4, 0x6, 0x0, @local, @broadcast, {[@timestamp={0x44, 0x8, 0xd0, 0x0, 0xd, [0x800]}]}}}}}) r10 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000002c0)={'veth1_to_batadv\x00', 0x0}) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000200)=0x5, 0x4) setsockopt$packet_int(r10, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4) sendto$packet(r10, &(0x7f00000000c0)="3f030e03f007120006001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xb318, 0x0, &(0x7f0000000540)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @multicast}, 0x14) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r4, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000340)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xb, &(0x7f00000005c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000400), &(0x7f0000000640), 0x8, 0x8d, 0x8, 0x8, &(0x7f0000000680)}}, 0x10) r12 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'nicvf0\x00'}) setsockopt$packet_int(r12, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) 537.469104ms ago: executing program 1 (id=6602): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socket$inet_udplite(0x2, 0x2, 0x88) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af24, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)={0x28, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}]}]}, 0x28}}, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r8, 0x4048aecb, &(0x7f0000000600)={0x3, 0x0, [{}, {}, {}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmmsg$sock(r1, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) 537.186224ms ago: executing program 0 (id=6603): bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) 483.869081ms ago: executing program 0 (id=6604): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socket$inet_udplite(0x2, 0x2, 0x88) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af24, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)={0x28, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8}]}]}, 0x28}}, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r8, 0x4048aecb, &(0x7f0000000600)={0x3, 0x0, [{}, {}, {}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmmsg$sock(r1, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) 54.881327ms ago: executing program 3 (id=6605): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003540)=[{0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000180)="31ab732abda0ad89281b2f0df75394f09d985dd88bd336d236badceecf9ebad6deec5e01719baf69fd8bc43b57e2f5b16ade367cb54ffcc32e05471802c7950ae6379e85ef52b5ad39fa52ec8baa546d0463d6f353c0df6af4d3adb451aa8e20b3885fc7e5bc06ddb24132ab4db0e7b25ccd34a2a29a400d2c9a75102062c563a6a0d6a305ad6d7578bc73880c4a87221ee571c50193c5a84b97f2dd7c6210bb6614a0f8595cb209f4f958b57830f7656b56659cf7e74dc40a0c2326c403d82f5d0e737a8347507b00e4e5292138bf227f5d479c616586925834472bc8c03522a513cabcd06f8ca33bc49c369624d3b344cadb832666f2", 0xf7}, {&(0x7f0000000280)="4abb1d8fb9", 0x5}], 0x2}], 0x1, 0x0) recvmmsg(r1, &(0x7f00000038c0)=[{{0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000840)=""/245, 0xfe61}], 0x1}}], 0x1, 0x0, 0x0) 0s ago: executing program 2 (id=6575): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="611230d0ffffff0061134c0000000000bf2000000000000015000f00511b48013d030100000000009500000000000000bc26000000000000bf67000000000000150300000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586162c17600674290ca9d8d6413b8199e34f67ceaaa78710f9f8aba4765c91382f497585ca39c595b21afa6bce62b5ab0d44e9c32ad6f0349d92962a58d39494a19a9183362382792ac85578d3de07b7e155cf4ee5e3dd51212d2831bd8e2655b2fbd88791e4c66c832a774919b28b8a62711f0f156e636804e1d3f44a5ff3d63a3a51f0c7ec0c8c25e072194ddd83aa155a537e15c0d91f502deef03f83e826718705c9aef9613ac4a325a428d147c1749196e94226671fd9573ab0d079d44b13b56f793e98ab571c58e98e022f18a3be3f318e0690fff93f44f22473dc8004fc758218349bd3f0516a72a7ea913bfa7603063e"], &(0x7f0000000100)='GPL\x00'}, 0x90) kernel console output (not intermixed with test programs): exists on: batadv_slave_1 [ 996.226253][T23699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 996.230297][T23699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 996.234734][ T5346] Bluetooth: hci9: command tx timeout [ 996.234741][T23699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 996.236043][T23699] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 996.258264][T23699] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 996.262389][T23699] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 996.265791][T23699] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 996.269620][T23699] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 996.354226][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 996.357843][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 996.435631][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 996.441533][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 996.642489][T23823] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6130'. [ 996.851803][ T39] audit: type=1400 audit(1722584906.565:618): avc: denied { ioctl } for pid=23826 comm="syz.1.6132" path="socket:[141642]" dev="sockfs" ino=141642 ioctlcmd=0x9420 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 996.909597][ T39] audit: type=1400 audit(1722584906.625:619): avc: denied { read write } for pid=23831 comm="syz.3.6133" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 996.920419][ T39] audit: type=1400 audit(1722584906.625:620): avc: denied { open } for pid=23831 comm="syz.3.6133" path="/dev/nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 997.682495][T19282] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 997.904224][T19282] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 997.909052][T19282] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 997.914432][T19282] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 997.918762][T19282] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 997.924812][T19282] usb 5-1: New USB device found, idVendor=044f, idProduct=b653, bcdDevice= 0.00 [ 997.929496][T19282] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 997.938170][T19282] usb 5-1: config 0 descriptor?? [ 998.108873][T23864] syz.1.6144[23864] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 998.108961][T23864] syz.1.6144[23864] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 998.349391][T19282] thrustmaster 0003:044F:B653.0016: unbalanced delimiter at end of report description [ 998.372705][T19282] thrustmaster 0003:044F:B653.0016: parse failed [ 998.375520][T19282] thrustmaster 0003:044F:B653.0016: probe with driver thrustmaster failed with error -22 [ 998.513803][ T57] usb 8-1: new high-speed USB device number 57 using dummy_hcd [ 998.548455][T20811] usb 5-1: USB disconnect, device number 69 [ 998.587672][T23879] kvm: pic: non byte write [ 998.715626][ T1379] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.719844][ T1379] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.725638][ T57] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 998.729832][ T57] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 998.734457][ T57] usb 8-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 998.738145][ T57] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 998.743583][ T57] usb 8-1: config 0 descriptor?? [ 999.161754][ T57] belkin 0003:1020:0006.0017: report_id 0 is invalid [ 999.164503][ T57] belkin 0003:1020:0006.0017: item 0 0 1 8 parsing failed [ 999.167924][ T57] belkin 0003:1020:0006.0017: parse failed [ 999.170263][ T57] belkin 0003:1020:0006.0017: probe with driver belkin failed with error -22 [ 999.364584][ T35] usb 8-1: USB disconnect, device number 57 [ 999.746986][ T45] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 999.999613][T16848] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1000.013058][T22289] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1000.016364][T23909] syz.3.6162[23909] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1000.016566][T23909] syz.3.6162[23909] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1000.017880][T22289] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1000.033670][T22289] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1000.037344][T22289] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1000.040636][T22289] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1000.645062][T23906] chnl_net:caif_netlink_parms(): no params data found [ 1001.001338][T23906] bridge0: port 1(bridge_slave_0) entered blocking state [ 1001.004526][T23906] bridge0: port 1(bridge_slave_0) entered disabled state [ 1001.007745][T23906] bridge_slave_0: entered allmulticast mode [ 1001.010665][T23906] bridge_slave_0: entered promiscuous mode [ 1001.016053][T23906] bridge0: port 2(bridge_slave_1) entered blocking state [ 1001.018971][T23906] bridge0: port 2(bridge_slave_1) entered disabled state [ 1001.021904][T23906] bridge_slave_1: entered allmulticast mode [ 1001.026441][T23906] bridge_slave_1: entered promiscuous mode [ 1001.089247][T23906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1001.147896][T23906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1001.276567][T23906] team0: Port device team_slave_0 added [ 1001.284860][T23906] team0: Port device team_slave_1 added [ 1001.343808][ T35] usb 6-1: new high-speed USB device number 55 using dummy_hcd [ 1001.359872][T23906] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1001.364748][T23906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1001.377486][T23906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1001.384437][T23906] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1001.387498][T23906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1001.398788][T23906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1001.474796][T23906] hsr_slave_0: entered promiscuous mode [ 1001.478462][T23906] hsr_slave_1: entered promiscuous mode [ 1001.485023][T23906] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1001.492320][T23906] Cannot create hsr debugfs directory [ 1001.535579][ T35] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 1001.540104][ T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1001.545160][ T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1001.549132][ T35] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 1001.555291][ T35] usb 6-1: New USB device found, idVendor=044f, idProduct=b653, bcdDevice= 0.00 [ 1001.559120][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1001.565072][ T35] usb 6-1: config 0 descriptor?? [ 1001.982087][ T35] thrustmaster 0003:044F:B653.0018: unbalanced delimiter at end of report description [ 1001.987140][ T35] thrustmaster 0003:044F:B653.0018: parse failed [ 1001.990148][ T35] thrustmaster 0003:044F:B653.0018: probe with driver thrustmaster failed with error -22 [ 1002.072496][ T5346] Bluetooth: hci9: command tx timeout [ 1002.181522][T19282] usb 6-1: USB disconnect, device number 55 [ 1002.294522][ T45] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1002.372364][ T45] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1002.511886][ T45] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1002.935547][ T45] bridge_slave_1: left allmulticast mode [ 1002.938049][ T45] bridge_slave_1: left promiscuous mode [ 1002.940172][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 1002.947599][ T45] bridge_slave_0: left allmulticast mode [ 1002.950585][ T45] bridge_slave_0: left promiscuous mode [ 1002.953830][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 1003.611694][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1003.625246][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1003.639889][ T45] bond0 (unregistering): Released all slaves [ 1003.709754][T23976] tipc: Started in network mode [ 1003.711994][T23976] tipc: Node identity 5, cluster identity 8 [ 1003.714221][T23976] tipc: Node number set to 5 [ 1004.152520][ T5346] Bluetooth: hci9: command tx timeout [ 1004.244078][T23906] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1004.266942][T23906] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1004.275965][T23906] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1004.298219][ T45] hsr_slave_0: left promiscuous mode [ 1004.303758][ T45] hsr_slave_1: left promiscuous mode [ 1004.309640][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1004.314057][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1004.318618][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1004.323392][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1004.390816][ T45] veth1_macvtap: left promiscuous mode [ 1004.394326][ T45] veth0_macvtap: left promiscuous mode [ 1004.397981][ T45] veth1_vlan: left promiscuous mode [ 1004.400783][ T45] veth0_vlan: left promiscuous mode [ 1005.631821][ T45] team0 (unregistering): Port device team_slave_1 removed [ 1005.761938][ T45] team0 (unregistering): Port device team_slave_0 removed [ 1006.232274][ T5346] Bluetooth: hci9: command tx timeout [ 1006.644183][T23906] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1006.753595][T23906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1006.769186][T23906] 8021q: adding VLAN 0 to HW filter on device team0 [ 1006.778666][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 1006.781731][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1006.796916][T19670] bridge0: port 2(bridge_slave_1) entered blocking state [ 1006.799479][T19670] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1006.868474][T23906] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1006.944155][T24015] usb usb8: usbfs: process 24015 (syz.0.6193) did not claim interface 0 before use [ 1007.089751][T23906] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1007.172028][T23906] veth0_vlan: entered promiscuous mode [ 1007.186679][T23906] veth1_vlan: entered promiscuous mode [ 1007.220571][T23906] veth0_macvtap: entered promiscuous mode [ 1007.233395][T23906] veth1_macvtap: entered promiscuous mode [ 1007.253439][T23906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1007.258155][T23906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1007.268346][T23906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1007.276731][T23906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1007.282014][T23906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1007.297752][T23906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1007.306849][T23906] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1007.366076][T23906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1007.370714][T23906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1007.380724][T23906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1007.385241][T23906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1007.389339][T23906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1007.394896][T23906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1007.401564][T23906] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1007.429548][T23906] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1007.434758][T23906] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1007.439488][T23906] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1007.445883][T23906] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1007.514052][ T39] audit: type=1400 audit(1722584917.225:621): avc: denied { bind } for pid=24046 comm="syz.3.6205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1007.566657][T17640] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1007.570422][T17640] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1007.601087][T24053] can0: slcan on ttyS3. [ 1007.614853][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1007.617956][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1008.409671][ T39] audit: type=1400 audit(1722584918.125:622): avc: denied { lock } for pid=24093 comm="syz.0.6220" path="socket:[139160]" dev="sockfs" ino=139160 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 1009.341098][T24108] openvswitch: netlink: Key 0 has unexpected len 4 expected 0 [ 1009.846405][T24118] Bluetooth: MGMT ver 1.23 [ 1009.848425][T24118] Bluetooth: hci3: unsupported parameter 65535 [ 1009.850786][T24118] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 1009.911066][T24119] batadv_slave_1: entered promiscuous mode [ 1010.380563][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1010.483440][T24116] batadv_slave_1: left promiscuous mode [ 1010.642845][T22289] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1010.652031][T22289] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1010.657012][T22289] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1010.668389][T22289] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1010.703061][T22289] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1010.706498][T22289] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1010.941168][T24132] chnl_net:caif_netlink_parms(): no params data found [ 1011.108289][T24132] bridge0: port 1(bridge_slave_0) entered blocking state [ 1011.111654][T24132] bridge0: port 1(bridge_slave_0) entered disabled state [ 1011.117887][T24132] bridge_slave_0: entered allmulticast mode [ 1011.122004][T24132] bridge_slave_0: entered promiscuous mode [ 1011.127189][T24132] bridge0: port 2(bridge_slave_1) entered blocking state [ 1011.130377][T24132] bridge0: port 2(bridge_slave_1) entered disabled state [ 1011.133221][T24132] bridge_slave_1: entered allmulticast mode [ 1011.136983][T24132] bridge_slave_1: entered promiscuous mode [ 1011.230245][T24132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1011.238658][T24132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1011.291250][T24132] team0: Port device team_slave_0 added [ 1011.296878][T24132] team0: Port device team_slave_1 added [ 1011.341174][T24132] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1011.344023][T24132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1011.353860][T24132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1011.359501][T24132] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1011.362383][T24132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1011.373172][T24132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1011.482275][ T35] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 1011.496422][T24132] hsr_slave_0: entered promiscuous mode [ 1011.500208][T24132] hsr_slave_1: entered promiscuous mode [ 1011.508182][T24132] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1011.511502][T24132] Cannot create hsr debugfs directory [ 1011.664608][ T35] usb 6-1: config 0 has no interfaces? [ 1011.666729][ T35] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 1011.681591][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1011.687448][ T35] usb 6-1: config 0 descriptor?? [ 1012.073217][ T39] audit: type=1400 audit(1722584921.795:623): avc: denied { append } for pid=24168 comm="syz.0.6244" name="dlm-control" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 1012.792406][ T5346] Bluetooth: hci9: command tx timeout [ 1012.948135][T22428] usb 6-1: USB disconnect, device number 56 [ 1013.001709][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.074795][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.188752][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.407260][ T13] bridge_slave_1: left allmulticast mode [ 1013.409814][ T13] bridge_slave_1: left promiscuous mode [ 1013.415709][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1013.421667][ T13] bridge_slave_0: left allmulticast mode [ 1013.424605][ T13] bridge_slave_0: left promiscuous mode [ 1013.427200][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1013.970505][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1013.977702][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1013.987869][ T13] bond0 (unregistering): Released all slaves [ 1014.029406][T24192] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6251'. [ 1014.188537][T24200] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6254'. [ 1014.367423][ T13] hsr_slave_0: left promiscuous mode [ 1014.370367][ T13] hsr_slave_1: left promiscuous mode [ 1014.374387][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1014.377812][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1014.387968][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1014.390601][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1014.509678][ T13] veth1_macvtap: left promiscuous mode [ 1014.511755][ T13] veth0_macvtap: left promiscuous mode [ 1014.514325][ T13] veth1_vlan: left promiscuous mode [ 1014.516913][ T13] veth0_vlan: left promiscuous mode [ 1014.873946][ T5346] Bluetooth: hci9: command tx timeout [ 1015.280523][ T39] audit: type=1400 audit(1722584924.995:624): avc: denied { append } for pid=24224 comm="syz.1.6262" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1015.937621][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1016.095119][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1016.952676][ T5346] Bluetooth: hci9: command tx timeout [ 1017.116400][T24132] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1017.130086][T24259] geneve2: entered allmulticast mode [ 1017.135653][T24132] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1017.146432][T24132] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1017.150527][T24259] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=24259 comm=syz.1.6276 [ 1017.157096][ T39] audit: type=1400 audit(1722584926.875:625): avc: denied { read } for pid=24258 comm="syz.1.6276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 1017.169372][T24259] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6276'. [ 1017.198604][T24132] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1017.313771][T24132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1017.335657][T24132] 8021q: adding VLAN 0 to HW filter on device team0 [ 1017.346910][T19282] bridge0: port 1(bridge_slave_0) entered blocking state [ 1017.350794][T19282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1017.375182][T21632] bridge0: port 2(bridge_slave_1) entered blocking state [ 1017.378881][T21632] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1017.505308][T22428] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 1017.562844][T24132] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1017.607659][T24132] veth0_vlan: entered promiscuous mode [ 1017.619474][T24132] veth1_vlan: entered promiscuous mode [ 1017.672523][T24132] veth0_macvtap: entered promiscuous mode [ 1017.680218][T24132] veth1_macvtap: entered promiscuous mode [ 1017.694916][T22428] usb 5-1: Using ep0 maxpacket: 32 [ 1017.697180][T24132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1017.699828][T22428] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1017.702108][T24132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.706358][T22428] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1017.710209][T24132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1017.720005][T24132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.723181][T22428] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 1017.724380][T24132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1017.728221][T22428] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1017.732356][T24132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.733532][T24132] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1017.747320][T24132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1017.748836][T22428] usb 5-1: config 0 descriptor?? [ 1017.751775][T24132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.759073][T24132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1017.764211][T24132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.768226][T24132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1017.772621][T24132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.777782][T24132] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1017.789562][T24132] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1017.793150][T24132] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1017.796178][T24132] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1017.799282][T24132] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1017.900883][T21753] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1017.904763][T21753] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1017.922380][T17640] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1017.926969][T17640] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1018.168884][T22428] lua 0003:1E7D:2C2E.0019: global environment stack underflow [ 1018.172225][T22428] lua 0003:1E7D:2C2E.0019: item 0 0 1 11 parsing failed [ 1018.175664][T22428] lua 0003:1E7D:2C2E.0019: parse failed [ 1018.178167][T22428] lua 0003:1E7D:2C2E.0019: probe with driver lua failed with error -22 [ 1018.383492][T22428] usb 5-1: USB disconnect, device number 70 [ 1018.462289][T19670] usb 8-1: new high-speed USB device number 58 using dummy_hcd [ 1018.645621][T19670] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1018.650538][T19670] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1018.654991][T19670] usb 8-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1018.659017][T19670] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1018.664856][T19670] usb 8-1: config 0 descriptor?? [ 1019.008939][T24301] geneve2: entered allmulticast mode [ 1019.028459][T24301] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=24301 comm=syz.0.6289 [ 1019.036644][T24301] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6289'. [ 1019.275137][T19670] usb 8-1: language id specifier not provided by device, defaulting to English [ 1019.479013][T19670] uclogic 0003:256C:006D.001A: failed retrieving Huion firmware version: -71 [ 1019.482897][T19670] uclogic 0003:256C:006D.001A: failed probing parameters: -71 [ 1019.486244][T19670] uclogic 0003:256C:006D.001A: probe with driver uclogic failed with error -71 [ 1019.491898][T19670] usb 8-1: USB disconnect, device number 58 [ 1020.647735][ T39] audit: type=1400 audit(1722584930.365:626): avc: denied { write } for pid=24379 comm="syz.3.6324" name="binder-control" dev="binder" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1020.862025][T24395] geneve2: entered allmulticast mode [ 1020.879764][T24395] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=24395 comm=syz.1.6329 [ 1020.887263][T24395] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6329'. [ 1021.137055][ T1105] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1021.389379][T22289] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1021.394863][T22289] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1021.398636][T22289] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1021.404667][T22289] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1021.408568][T22289] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1021.412609][T22289] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1021.551885][T24419] chnl_net:caif_netlink_parms(): no params data found [ 1021.665492][T24419] bridge0: port 1(bridge_slave_0) entered blocking state [ 1021.668764][T24419] bridge0: port 1(bridge_slave_0) entered disabled state [ 1021.672044][T24419] bridge_slave_0: entered allmulticast mode [ 1021.676798][T24419] bridge_slave_0: entered promiscuous mode [ 1021.682389][T24419] bridge0: port 2(bridge_slave_1) entered blocking state [ 1021.685655][T24419] bridge0: port 2(bridge_slave_1) entered disabled state [ 1021.688913][T24419] bridge_slave_1: entered allmulticast mode [ 1021.696111][T24419] bridge_slave_1: entered promiscuous mode [ 1021.750849][T24419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1021.758608][T24419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1021.829103][T24419] team0: Port device team_slave_0 added [ 1021.835431][T24419] team0: Port device team_slave_1 added [ 1021.905152][T24419] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1021.907681][T24419] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1021.919652][T24419] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1021.925433][T24419] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1021.927783][T24419] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1021.938065][T24419] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1022.011536][T24419] hsr_slave_0: entered promiscuous mode [ 1022.020062][T24419] hsr_slave_1: entered promiscuous mode [ 1022.023320][T24419] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1022.026562][T24419] Cannot create hsr debugfs directory [ 1022.298877][T24442] netlink: 'syz.3.6342': attribute type 4 has an invalid length. [ 1022.323545][T24442] netlink: 'syz.3.6342': attribute type 4 has an invalid length. [ 1022.954499][ T39] audit: type=1400 audit(1722584932.675:627): avc: denied { map } for pid=24446 comm="syz.1.6345" path="socket:[144693]" dev="sockfs" ino=144693 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 1023.432492][ T5346] Bluetooth: hci9: command tx timeout [ 1023.733745][ T1105] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1023.851500][ T1105] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1023.970727][ T1105] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1024.259726][ T1105] bridge_slave_1: left allmulticast mode [ 1024.263544][ T1105] bridge_slave_1: left promiscuous mode [ 1024.266749][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state [ 1024.277184][ T1105] bridge_slave_0: left allmulticast mode [ 1024.279677][ T1105] bridge_slave_0: left promiscuous mode [ 1024.283166][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state [ 1024.814660][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1024.822469][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1024.828667][ T1105] bond0 (unregistering): Released all slaves [ 1025.261688][ T1105] hsr_slave_0: left promiscuous mode [ 1025.264257][ T1105] hsr_slave_1: left promiscuous mode [ 1025.267320][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1025.270320][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1025.273724][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1025.276924][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1025.335770][ T1105] veth1_macvtap: left promiscuous mode [ 1025.338230][ T1105] veth0_macvtap: left promiscuous mode [ 1025.340720][ T1105] veth1_vlan: left promiscuous mode [ 1025.344391][ T1105] veth0_vlan: left promiscuous mode [ 1025.512442][ T5346] Bluetooth: hci9: command tx timeout [ 1025.562178][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1026.872546][ T1105] team0 (unregistering): Port device team_slave_1 removed [ 1026.990498][ T1105] team0 (unregistering): Port device team_slave_0 removed [ 1027.602322][ T5346] Bluetooth: hci9: command tx timeout [ 1028.340393][T24518] netlink: 'syz.0.6368': attribute type 4 has an invalid length. [ 1028.344755][T24522] netlink: 'syz.0.6368': attribute type 4 has an invalid length. [ 1028.688179][T24419] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1028.696802][T24419] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1028.763909][T24419] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1028.785076][T24419] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1028.877912][T24546] netlink: 'syz.3.6376': attribute type 4 has an invalid length. [ 1028.953003][T24546] netlink: 'syz.3.6376': attribute type 4 has an invalid length. [ 1028.995548][T24419] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1029.024012][T24419] 8021q: adding VLAN 0 to HW filter on device team0 [ 1029.042953][T21632] bridge0: port 1(bridge_slave_0) entered blocking state [ 1029.045518][T21632] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1029.059120][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 1029.061653][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1029.120659][ T39] audit: type=1804 audit(1722584938.835:628): pid=24547 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.6378" name="/newroot/187/bus/file0" dev="overlay" ino=1007 res=1 errno=0 [ 1029.454091][T24419] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1029.520727][T24419] veth0_vlan: entered promiscuous mode [ 1029.533699][T24419] veth1_vlan: entered promiscuous mode [ 1029.566679][T24419] veth0_macvtap: entered promiscuous mode [ 1029.575354][T24419] veth1_macvtap: entered promiscuous mode [ 1029.594928][T24419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1029.601285][T24419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1029.615078][T24419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1029.620279][T24419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1029.625668][T24419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1029.631135][T24419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1029.638149][T24419] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1029.649178][T24419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1029.654908][T24419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1029.659563][T24419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1029.664622][T24419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1029.669296][T24419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1029.675723][ T5346] Bluetooth: hci9: command tx timeout [ 1029.677781][T24419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1029.693661][T24419] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1029.766886][T24419] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1029.770635][T24419] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1029.782552][T24419] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1029.786491][T24419] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1029.909502][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1029.913152][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1029.947490][T21753] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1029.951690][T21753] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1029.991019][T24563] FAULT_INJECTION: forcing a failure. [ 1029.991019][T24563] name failslab, interval 1, probability 0, space 0, times 0 [ 1029.999971][T24563] CPU: 3 UID: 0 PID: 24563 Comm: syz.3.6382 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1030.004275][T24563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1030.008767][T24563] Call Trace: [ 1030.010167][T24563] [ 1030.011469][T24563] dump_stack_lvl+0x16c/0x1f0 [ 1030.013453][T24563] should_fail_ex+0x497/0x5b0 [ 1030.015414][T24563] ? fs_reclaim_acquire+0xae/0x160 [ 1030.017538][T24563] should_failslab+0xc2/0x120 [ 1030.019510][T24563] kmem_cache_alloc_node_noprof+0x71/0x310 [ 1030.021906][T24563] ? __alloc_skb+0x2b1/0x380 [ 1030.023837][T24563] __alloc_skb+0x2b1/0x380 [ 1030.025682][T24563] ? __pfx___alloc_skb+0x10/0x10 [ 1030.027861][T24563] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1030.030347][T24563] netlink_alloc_large_skb+0x69/0x130 [ 1030.032569][T24563] netlink_sendmsg+0x689/0xd70 [ 1030.034550][T24563] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1030.036749][T24563] ? __import_iovec+0x1fd/0x6e0 [ 1030.038767][T24563] ____sys_sendmsg+0xab5/0xc90 [ 1030.040630][T24563] ? copy_msghdr_from_user+0x10b/0x160 [ 1030.042660][T24563] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1030.044874][T24563] ? find_held_lock+0x2d/0x110 [ 1030.046955][T24563] ? __pfx___lock_acquire+0x10/0x10 [ 1030.049146][T24563] ___sys_sendmsg+0x135/0x1e0 [ 1030.051020][T24563] ? __pfx____sys_sendmsg+0x10/0x10 [ 1030.053276][T24563] ? ksys_write+0x21c/0x260 [ 1030.055246][T24563] ? __fget_light+0x173/0x210 [ 1030.057351][T24563] __sys_sendmsg+0x117/0x1f0 [ 1030.059469][T24563] ? __pfx___sys_sendmsg+0x10/0x10 [ 1030.061660][T24563] do_syscall_64+0xcd/0x250 [ 1030.063592][T24563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1030.065950][T24563] RIP: 0033:0x7fe1593773b9 [ 1030.067684][T24563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1030.075650][T24563] RSP: 002b:00007fe15a1a1048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1030.079147][T24563] RAX: ffffffffffffffda RBX: 00007fe159505f80 RCX: 00007fe1593773b9 [ 1030.082593][T24563] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 1030.086252][T24563] RBP: 00007fe15a1a10a0 R08: 0000000000000000 R09: 0000000000000000 [ 1030.089817][T24563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1030.093362][T24563] R13: 000000000000000b R14: 00007fe159505f80 R15: 00007ffc05d79d18 [ 1030.096841][T24563] [ 1030.897001][ T39] audit: type=1400 audit(1722584940.615:629): avc: denied { read } for pid=24570 comm="syz.1.6384" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 1030.907926][ T39] audit: type=1400 audit(1722584940.625:630): avc: denied { open } for pid=24570 comm="syz.1.6384" path="/188/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 1030.939446][T24573] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6384'. [ 1030.953279][T24576] block device autoloading is deprecated and will be removed. [ 1031.072524][T24580] FAULT_INJECTION: forcing a failure. [ 1031.072524][T24580] name failslab, interval 1, probability 0, space 0, times 0 [ 1031.078267][T24580] CPU: 3 UID: 0 PID: 24580 Comm: syz.0.6388 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1031.082946][T24580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1031.087853][T24580] Call Trace: [ 1031.089317][T24580] [ 1031.090616][T24580] dump_stack_lvl+0x16c/0x1f0 [ 1031.092703][T24580] should_fail_ex+0x497/0x5b0 [ 1031.094789][T24580] ? fs_reclaim_acquire+0xae/0x160 [ 1031.097095][T24580] should_failslab+0xc2/0x120 [ 1031.099168][T24580] kmem_cache_alloc_node_noprof+0x71/0x310 [ 1031.101742][T24580] ? __alloc_skb+0x2b1/0x380 [ 1031.103813][T24580] __alloc_skb+0x2b1/0x380 [ 1031.105817][T24580] ? __pfx___alloc_skb+0x10/0x10 [ 1031.108041][T24580] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1031.110636][T24580] netlink_alloc_large_skb+0x69/0x130 [ 1031.113002][T24580] netlink_sendmsg+0x689/0xd70 [ 1031.115109][T24580] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1031.117467][T24580] ? __import_iovec+0x1fd/0x6e0 [ 1031.119683][T24580] ____sys_sendmsg+0xab5/0xc90 [ 1031.121829][T24580] ? copy_msghdr_from_user+0x10b/0x160 [ 1031.124290][T24580] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1031.126604][T24580] ? find_held_lock+0x2d/0x110 [ 1031.128721][T24580] ? __pfx___lock_acquire+0x10/0x10 [ 1031.131000][T24580] ___sys_sendmsg+0x135/0x1e0 [ 1031.133074][T24580] ? __pfx____sys_sendmsg+0x10/0x10 [ 1031.135345][T24580] ? ksys_write+0x21c/0x260 [ 1031.137369][T24580] ? __fget_light+0x173/0x210 [ 1031.139504][T24580] __sys_sendmsg+0x117/0x1f0 [ 1031.141570][T24580] ? __pfx___sys_sendmsg+0x10/0x10 [ 1031.143892][T24580] do_syscall_64+0xcd/0x250 [ 1031.145934][T24580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1031.148520][T24580] RIP: 0033:0x7f54ae9773b9 [ 1031.150512][T24580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1031.158941][T24580] RSP: 002b:00007f54af7bc048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1031.162542][T24580] RAX: ffffffffffffffda RBX: 00007f54aeb05f80 RCX: 00007f54ae9773b9 [ 1031.166004][T24580] RDX: 0000000000000000 RSI: 0000000020003500 RDI: 0000000000000003 [ 1031.169536][T24580] RBP: 00007f54af7bc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1031.173126][T24580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1031.176673][T24580] R13: 000000000000000b R14: 00007f54aeb05f80 R15: 00007ffe6f8e6eb8 [ 1031.180184][T24580] [ 1031.245023][T24582] netlink: 'syz.0.6389': attribute type 3 has an invalid length. [ 1031.672782][ T39] audit: type=1400 audit(1722584941.385:631): avc: denied { create } for pid=24589 comm="syz.3.6391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 1031.680532][ T39] audit: type=1400 audit(1722584941.385:632): avc: denied { write } for pid=24589 comm="syz.3.6391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 1031.689550][ T39] audit: type=1400 audit(1722584941.385:633): avc: denied { nlmsg_read } for pid=24589 comm="syz.3.6391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 1031.867215][T24597] FAULT_INJECTION: forcing a failure. [ 1031.867215][T24597] name failslab, interval 1, probability 0, space 0, times 0 [ 1031.875318][T24597] CPU: 3 UID: 0 PID: 24597 Comm: syz.3.6393 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1031.880055][T24597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1031.885147][T24597] Call Trace: [ 1031.886649][T24597] [ 1031.888033][T24597] dump_stack_lvl+0x16c/0x1f0 [ 1031.890120][T24597] should_fail_ex+0x497/0x5b0 [ 1031.892161][T24597] ? fs_reclaim_acquire+0xae/0x160 [ 1031.894457][T24597] should_failslab+0xc2/0x120 [ 1031.896506][T24597] kmem_cache_alloc_node_noprof+0x71/0x310 [ 1031.899005][T24597] ? __alloc_skb+0x2b1/0x380 [ 1031.901150][T24597] __alloc_skb+0x2b1/0x380 [ 1031.903079][T24597] ? __pfx___alloc_skb+0x10/0x10 [ 1031.905218][T24597] ? find_held_lock+0x2d/0x110 [ 1031.907274][T24597] ? __might_fault+0x13b/0x190 [ 1031.909333][T24597] alloc_skb_with_frags+0xe4/0x710 [ 1031.911218][T24598] netlink: 'syz.0.6392': attribute type 4 has an invalid length. [ 1031.911614][T24597] sock_alloc_send_pskb+0x7f1/0x980 [ 1031.911646][T24597] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 1031.919415][T24597] packet_sendmsg+0x1f19/0x53a0 [ 1031.921579][T24597] ? sock_has_perm+0x25a/0x2f0 [ 1031.923726][T24597] ? __pfx_sock_has_perm+0x10/0x10 [ 1031.926002][T24597] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 1031.929017][T24597] ? __pfx_packet_sendmsg+0x10/0x10 [ 1031.931406][T24597] __sys_sendto+0x47f/0x4e0 [ 1031.933453][T24597] ? __pfx___sys_sendto+0x10/0x10 [ 1031.935721][T24597] ? ksys_write+0x1ab/0x260 [ 1031.937747][T24597] ? __pfx_ksys_write+0x10/0x10 [ 1031.939986][T24597] __x64_sys_sendto+0xe0/0x1c0 [ 1031.942151][T24597] ? do_syscall_64+0x91/0x250 [ 1031.944240][T24597] ? lockdep_hardirqs_on+0x7c/0x110 [ 1031.946467][T24597] do_syscall_64+0xcd/0x250 [ 1031.948471][T24597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1031.950968][T24597] RIP: 0033:0x7fe1593773b9 [ 1031.952965][T24597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1031.961651][T24597] RSP: 002b:00007fe15a1a1048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1031.965341][T24597] RAX: ffffffffffffffda RBX: 00007fe159505f80 RCX: 00007fe1593773b9 [ 1031.968938][T24597] RDX: 000000000000fc13 RSI: 0000000020000280 RDI: 0000000000000008 [ 1031.972495][T24597] RBP: 00007fe15a1a10a0 R08: 0000000000000000 R09: 000000000000002f [ 1031.976053][T24597] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001 [ 1031.979576][T24597] R13: 000000000000000b R14: 00007fe159505f80 R15: 00007ffc05d79d18 [ 1031.983194][T24597] [ 1032.059689][T24601] netlink: 'syz.0.6392': attribute type 4 has an invalid length. [ 1032.425027][T24611] FAULT_INJECTION: forcing a failure. [ 1032.425027][T24611] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1032.430764][T24611] CPU: 3 UID: 0 PID: 24611 Comm: syz.3.6397 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1032.435503][T24611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1032.440260][T24611] Call Trace: [ 1032.441762][T24611] [ 1032.443156][T24611] dump_stack_lvl+0x16c/0x1f0 [ 1032.445290][T24611] should_fail_ex+0x497/0x5b0 [ 1032.447433][T24611] _copy_from_user+0x30/0xf0 [ 1032.449526][T24611] sctp_setsockopt+0x204a/0xb810 [ 1032.451730][T24611] ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10 [ 1032.454672][T24611] ? __pfx_sctp_setsockopt+0x10/0x10 [ 1032.457043][T24611] ? find_held_lock+0x2d/0x110 [ 1032.459177][T24611] ? selinux_socket_setsockopt+0x6a/0x80 [ 1032.461448][T24611] ? sock_common_setsockopt+0x2e/0xf0 [ 1032.463661][T24611] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1032.466270][T24611] do_sock_setsockopt+0x222/0x480 [ 1032.468529][T24611] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1032.470989][T24611] ? __fget_light+0x173/0x210 [ 1032.473194][T24611] __sys_setsockopt+0x1a4/0x270 [ 1032.475562][T24611] ? __pfx___sys_setsockopt+0x10/0x10 [ 1032.477954][T24611] ? fput+0x32/0x390 [ 1032.479718][T24611] ? ksys_write+0x1ab/0x260 [ 1032.481735][T24611] ? __pfx_ksys_write+0x10/0x10 [ 1032.483904][T24611] __x64_sys_setsockopt+0xbd/0x160 [ 1032.486166][T24611] ? do_syscall_64+0x91/0x250 [ 1032.488267][T24611] ? lockdep_hardirqs_on+0x7c/0x110 [ 1032.490538][T24611] do_syscall_64+0xcd/0x250 [ 1032.492566][T24611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1032.495192][T24611] RIP: 0033:0x7fe1593773b9 [ 1032.497180][T24611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1032.505497][T24611] RSP: 002b:00007fe15a180048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1032.509138][T24611] RAX: ffffffffffffffda RBX: 00007fe159506058 RCX: 00007fe1593773b9 [ 1032.512605][T24611] RDX: 0000000000000084 RSI: 0000000000000084 RDI: 0000000000000003 [ 1032.516073][T24611] RBP: 00007fe15a1800a0 R08: 0000000000000090 R09: 0000000000000000 [ 1032.519552][T24611] R10: 0000000020000640 R11: 0000000000000246 R12: 0000000000000001 [ 1032.522843][T24611] R13: 000000000000006e R14: 00007fe159506058 R15: 00007ffc05d79d18 [ 1032.526027][T24611] [ 1032.714958][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1032.723689][T24615] FAULT_INJECTION: forcing a failure. [ 1032.723689][T24615] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1032.731219][T24615] CPU: 0 UID: 0 PID: 24615 Comm: syz.1.6400 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1032.737151][T24615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1032.743086][T24615] Call Trace: [ 1032.744681][T24615] [ 1032.746032][T24615] dump_stack_lvl+0x16c/0x1f0 [ 1032.748157][T24615] should_fail_ex+0x497/0x5b0 [ 1032.750253][T24615] _copy_to_user+0x30/0xc0 [ 1032.753143][T24615] simple_read_from_buffer+0xd0/0x160 [ 1032.755687][T24615] proc_fail_nth_read+0x1b0/0x290 [ 1032.757719][T24615] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1032.759871][T24615] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1032.762169][T24615] vfs_read+0x1d4/0xbd0 [ 1032.764027][T24615] ? __fdget_pos+0xeb/0x180 [ 1032.766123][T24615] ? __pfx_vfs_read+0x10/0x10 [ 1032.768433][T24615] ? __pfx___mutex_lock+0x10/0x10 [ 1032.770653][T24615] ? __fget_files+0x256/0x400 [ 1032.772769][T24615] ksys_read+0x12f/0x260 [ 1032.774699][T24615] ? __pfx_ksys_read+0x10/0x10 [ 1032.776840][T24615] do_syscall_64+0xcd/0x250 [ 1032.778643][T24615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1032.780952][T24615] RIP: 0033:0x7f1be5375dfc [ 1032.782693][T24615] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 1032.791141][T24615] RSP: 002b:00007f1be6162040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1032.794978][T24615] RAX: ffffffffffffffda RBX: 00007f1be5505f80 RCX: 00007f1be5375dfc [ 1032.798452][T24615] RDX: 000000000000000f RSI: 00007f1be61620b0 RDI: 0000000000000005 [ 1032.802579][T24615] RBP: 00007f1be61620a0 R08: 0000000000000000 R09: 0000000000000000 [ 1032.806072][T24615] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001 [ 1032.809680][T24615] R13: 000000000000000b R14: 00007f1be5505f80 R15: 00007ffe9008d5b8 [ 1032.814506][T24615] [ 1032.875947][T24624] Mount JFS Failure: -22 [ 1032.883779][T24622] Mount JFS Failure: -22 [ 1032.887516][T24622] FAULT_INJECTION: forcing a failure. [ 1032.887516][T24622] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1032.893339][T24622] CPU: 3 UID: 0 PID: 24622 Comm: syz.0.6402 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1032.896016][ T39] audit: type=1400 audit(1722584942.615:634): avc: denied { mounton } for pid=24625 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 1032.897906][T24622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1032.906401][T22289] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1032.913559][T22289] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1032.914577][T24622] Call Trace: [ 1032.914589][T24622] [ 1032.914596][T24622] dump_stack_lvl+0x16c/0x1f0 [ 1032.919558][T22289] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1032.920458][T24622] should_fail_ex+0x497/0x5b0 [ 1032.924325][T22289] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1032.925640][T24622] _copy_to_user+0x30/0xc0 [ 1032.932454][T22289] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1032.932526][T24622] simple_read_from_buffer+0xd0/0x160 [ 1032.936490][T22289] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1032.937805][T24622] proc_fail_nth_read+0x1b0/0x290 [ 1032.942827][T24622] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1032.945201][T24622] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1032.947415][T24622] vfs_read+0x1d4/0xbd0 [ 1032.949175][T24622] ? __fdget_pos+0xeb/0x180 [ 1032.951064][T24622] ? __pfx_vfs_read+0x10/0x10 [ 1032.953070][T24622] ? __pfx___mutex_lock+0x10/0x10 [ 1032.955184][T24622] ? __fget_files+0x256/0x400 [ 1032.957130][T24622] ksys_read+0x12f/0x260 [ 1032.959203][T24622] ? __pfx_ksys_read+0x10/0x10 [ 1032.961196][T24622] do_syscall_64+0xcd/0x250 [ 1032.963032][T24622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1032.965192][T24622] RIP: 0033:0x7f54ae975dfc [ 1032.966717][T24622] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 1032.974146][T24622] RSP: 002b:00007f54af79b040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1032.977299][T24622] RAX: ffffffffffffffda RBX: 00007f54aeb06058 RCX: 00007f54ae975dfc [ 1032.980047][T24622] RDX: 000000000000000f RSI: 00007f54af79b0b0 RDI: 000000000000000d [ 1032.983499][T24622] RBP: 00007f54af79b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1032.986896][T24622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1032.990247][T24622] R13: 000000000000006e R14: 00007f54aeb06058 R15: 00007ffe6f8e6eb8 [ 1032.993781][T24622] [ 1033.146485][T24625] chnl_net:caif_netlink_parms(): no params data found [ 1033.197921][T24640] netlink: 'syz.1.6406': attribute type 4 has an invalid length. [ 1033.231690][T24640] netlink: 'syz.1.6406': attribute type 4 has an invalid length. [ 1033.315409][T24625] bridge0: port 1(bridge_slave_0) entered blocking state [ 1033.318797][T24625] bridge0: port 1(bridge_slave_0) entered disabled state [ 1033.325800][T24625] bridge_slave_0: entered allmulticast mode [ 1033.331987][T24625] bridge_slave_0: entered promiscuous mode [ 1033.340944][T24625] bridge0: port 2(bridge_slave_1) entered blocking state [ 1033.344303][T24625] bridge0: port 2(bridge_slave_1) entered disabled state [ 1033.347146][T24625] bridge_slave_1: entered allmulticast mode [ 1033.351049][T24625] bridge_slave_1: entered promiscuous mode [ 1033.407138][T24625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1033.419670][T24625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1033.511677][T24625] team0: Port device team_slave_0 added [ 1033.517943][T24625] team0: Port device team_slave_1 added [ 1033.577234][T24625] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1033.580362][T24625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1033.595013][T24625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1033.602251][T24625] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1033.605274][T24625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1033.618879][T24625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1033.697105][T24647] netlink: 'syz.3.6408': attribute type 4 has an invalid length. [ 1033.748123][T24625] hsr_slave_0: entered promiscuous mode [ 1033.751316][T24625] hsr_slave_1: entered promiscuous mode [ 1033.754502][T24625] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1033.757510][T24625] Cannot create hsr debugfs directory [ 1033.760001][T24648] netlink: 'syz.3.6408': attribute type 4 has an invalid length. [ 1034.086353][T24651] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6409'. [ 1034.289745][T24655] netlink: 'syz.1.6410': attribute type 4 has an invalid length. [ 1034.332476][T24655] netlink: 'syz.1.6410': attribute type 4 has an invalid length. [ 1034.942379][ T5367] usb 8-1: new high-speed USB device number 59 using dummy_hcd [ 1034.962472][T22289] Bluetooth: hci9: command tx timeout [ 1035.129746][ T5367] usb 8-1: Using ep0 maxpacket: 16 [ 1035.144394][ T5367] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1035.154643][ T5367] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1035.158567][ T5367] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1035.161998][ T5367] usb 8-1: Product: syz [ 1035.163995][ T5367] usb 8-1: Manufacturer: syz [ 1035.166112][ T5367] usb 8-1: SerialNumber: syz [ 1035.172705][ T5367] usb 8-1: config 0 descriptor?? [ 1035.183142][ T5367] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1035.187037][ T5367] em28xx 8-1:0.0: DVB interface 0 found: bulk [ 1035.363538][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1035.463222][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1035.470324][T24669] netlink: 'syz.1.6416': attribute type 4 has an invalid length. [ 1035.557062][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1035.572674][T24669] netlink: 'syz.1.6416': attribute type 4 has an invalid length. [ 1036.242610][ T11] bridge_slave_1: left allmulticast mode [ 1036.245805][ T11] bridge_slave_1: left promiscuous mode [ 1036.261138][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1036.290044][ T11] bridge_slave_0: left allmulticast mode [ 1036.295523][ T11] bridge_slave_0: left promiscuous mode [ 1036.300037][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1036.542623][ T5367] em28xx 8-1:0.0: unknown em28xx chip ID (0) [ 1036.652634][ T5367] em28xx 8-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1036.664972][ T5367] em28xx 8-1:0.0: board has no eeprom [ 1036.742334][ T5367] em28xx 8-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1036.746144][ T5367] em28xx 8-1:0.0: dvb set to bulk mode. [ 1036.750801][ T8] em28xx 8-1:0.0: Binding DVB extension [ 1036.875205][ T8] em28xx 8-1:0.0: Registering input extension [ 1037.032298][T22289] Bluetooth: hci9: command tx timeout [ 1037.235838][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1037.244917][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1037.252799][ T11] bond0 (unregistering): Released all slaves [ 1037.310977][T24677] netlink: 'syz.0.6418': attribute type 4 has an invalid length. [ 1037.348751][T24678] netlink: 'syz.0.6418': attribute type 4 has an invalid length. [ 1037.860341][T24691] netlink: 'syz.0.6422': attribute type 4 has an invalid length. [ 1037.927183][T14113] usb 8-1: USB disconnect, device number 59 [ 1037.930608][T14113] em28xx 8-1:0.0: Disconnecting em28xx [ 1037.933930][T14113] em28xx 8-1:0.0: Closing input extension [ 1037.973998][T14113] em28xx 8-1:0.0: Freeing device [ 1038.104897][T24692] netlink: 'syz.0.6422': attribute type 4 has an invalid length. [ 1038.165243][ T11] hsr_slave_0: left promiscuous mode [ 1038.168522][ T11] hsr_slave_1: left promiscuous mode [ 1038.189418][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1038.193020][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1038.199380][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1038.203417][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1038.299337][ T11] veth1_macvtap: left promiscuous mode [ 1038.301872][ T11] veth0_macvtap: left promiscuous mode [ 1038.304191][ T11] veth1_vlan: left promiscuous mode [ 1038.306544][ T11] veth0_vlan: left promiscuous mode [ 1038.972886][T24708] netlink: 'syz.0.6427': attribute type 1 has an invalid length. [ 1038.976695][T24708] netlink: 157116 bytes leftover after parsing attributes in process `syz.0.6427'. [ 1038.980924][T24708] block nbd10: not configured, cannot reconfigure [ 1039.050359][T24708] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1039.072407][ T39] audit: type=1400 audit(1722584948.755:635): avc: denied { mount } for pid=24704 comm="syz.0.6427" name="/" dev="configfs" ino=1162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 1039.125728][T22289] Bluetooth: hci9: command tx timeout [ 1039.182065][ T39] audit: type=1400 audit(1722584948.895:636): avc: denied { read } for pid=24704 comm="syz.0.6427" name="/" dev="configfs" ino=1162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 1039.209812][ T39] audit: type=1400 audit(1722584948.905:637): avc: denied { open } for pid=24704 comm="syz.0.6427" path="/" dev="configfs" ino=1162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 1039.842247][ T5378] usb 8-1: new high-speed USB device number 60 using dummy_hcd [ 1040.026277][ T5378] usb 8-1: Using ep0 maxpacket: 16 [ 1040.030739][ T5378] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1040.039920][ T5378] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1040.044594][ T5378] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1040.047852][ T5378] usb 8-1: Product: syz [ 1040.049739][ T5378] usb 8-1: Manufacturer: syz [ 1040.051858][ T5378] usb 8-1: SerialNumber: syz [ 1040.057234][ T5378] usb 8-1: config 0 descriptor?? [ 1040.062667][ T5378] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1040.066523][ T5378] em28xx 8-1:0.0: DVB interface 0 found: bulk [ 1040.145814][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1040.283758][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1041.202334][ T5346] Bluetooth: hci9: command tx timeout [ 1041.343376][ T5378] em28xx 8-1:0.0: unknown em28xx chip ID (0) [ 1041.379479][T24706] netlink: 'syz.1.6426': attribute type 4 has an invalid length. [ 1041.404211][T24710] netlink: 'syz.1.6426': attribute type 4 has an invalid length. [ 1041.424771][ T5378] em28xx 8-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1041.428234][ T5378] em28xx 8-1:0.0: board has no eeprom [ 1041.504562][T24625] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1041.532348][ T5378] em28xx 8-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1041.552296][ T5378] em28xx 8-1:0.0: dvb set to bulk mode. [ 1041.554795][ T57] em28xx 8-1:0.0: Binding DVB extension [ 1041.564005][T24625] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1041.570049][T24625] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1041.574098][ T39] audit: type=1400 audit(1722584951.285:638): avc: denied { unmount } for pid=12061 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 1041.635868][T24625] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1041.652389][ T57] em28xx 8-1:0.0: Registering input extension [ 1041.752389][ T5346] Bluetooth: hci7: command 0x0406 tx timeout [ 1041.818848][T24625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1041.841747][T24625] 8021q: adding VLAN 0 to HW filter on device team0 [ 1041.849894][T21632] bridge0: port 1(bridge_slave_0) entered blocking state [ 1041.852970][T21632] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1041.868450][T21632] bridge0: port 2(bridge_slave_1) entered blocking state [ 1041.871696][T21632] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1041.890543][T24729] netlink: 'syz.0.6432': attribute type 4 has an invalid length. [ 1041.921269][T24729] netlink: 'syz.0.6432': attribute type 4 has an invalid length. [ 1042.138788][T24625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1042.188257][T24625] veth0_vlan: entered promiscuous mode [ 1042.197829][T24625] veth1_vlan: entered promiscuous mode [ 1042.228600][T24625] veth0_macvtap: entered promiscuous mode [ 1042.235420][T24625] veth1_macvtap: entered promiscuous mode [ 1042.250776][T24625] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1042.256719][T24625] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1042.260929][T24625] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1042.265442][T24625] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1042.269433][T24625] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1042.273719][T24625] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1042.278736][T24625] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1042.287185][T24625] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1042.293388][T24625] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1042.297053][T24625] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1042.301261][T24625] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1042.305359][T24625] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1042.309120][T24625] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1042.314827][T24625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1042.321793][T24625] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1042.325392][T24625] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1042.328580][T24625] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1042.331851][T24625] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1042.404981][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1042.412644][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1042.435936][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1042.439150][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1042.654465][ T5377] usb 8-1: USB disconnect, device number 60 [ 1042.658323][ T5377] em28xx 8-1:0.0: Disconnecting em28xx [ 1042.660946][ T5377] em28xx 8-1:0.0: Closing input extension [ 1042.681165][ T5377] em28xx 8-1:0.0: Freeing device [ 1043.066004][T24759] netlink: 'syz.1.6442': attribute type 4 has an invalid length. [ 1043.107100][T24759] netlink: 'syz.1.6442': attribute type 4 has an invalid length. [ 1043.162222][ T5377] usb 8-1: new high-speed USB device number 61 using dummy_hcd [ 1043.267308][T24757] netlink: 'syz.0.6441': attribute type 1 has an invalid length. [ 1043.282273][T24757] netlink: 157116 bytes leftover after parsing attributes in process `syz.0.6441'. [ 1043.285816][T24757] block nbd10: not configured, cannot reconfigure [ 1043.342485][T24754] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1043.365758][ T5377] usb 8-1: config 0 has no interfaces? [ 1043.369811][ T5377] usb 8-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 1043.373839][ T5377] usb 8-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0 [ 1043.376740][ T5377] usb 8-1: Manufacturer: syz [ 1043.384651][ T5377] usb 8-1: config 0 descriptor?? [ 1043.601265][T24762] netlink: 'syz.0.6443': attribute type 2 has an invalid length. [ 1043.651530][T24765] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6444'. [ 1043.676864][T24765] binder: 24764:24765 ioctl c0306201 20000480 returned -22 [ 1043.686297][T21632] usb 8-1: USB disconnect, device number 61 [ 1043.959933][T24781] sp0: Synchronizing with TNC [ 1044.272514][T24790] netlink: 'syz.0.6451': attribute type 4 has an invalid length. [ 1044.295771][T24790] netlink: 'syz.0.6451': attribute type 4 has an invalid length. [ 1045.228065][ T83] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1045.268078][T24812] netlink: 'syz.1.6457': attribute type 4 has an invalid length. [ 1045.280172][T24813] netlink: 'syz.1.6457': attribute type 4 has an invalid length. [ 1045.577613][ T5346] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1045.596554][ T5346] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1045.604291][ T5346] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1045.611949][ T5346] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1045.626363][ T5346] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1045.629999][ T5346] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1045.841215][T24824] syz.3.6462[24824] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1045.841357][T24824] syz.3.6462[24824] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1045.947400][T24817] chnl_net:caif_netlink_parms(): no params data found [ 1046.543848][T24817] bridge0: port 1(bridge_slave_0) entered blocking state [ 1046.547400][T24817] bridge0: port 1(bridge_slave_0) entered disabled state [ 1046.550599][T24817] bridge_slave_0: entered allmulticast mode [ 1046.563646][T24817] bridge_slave_0: entered promiscuous mode [ 1046.570603][T24817] bridge0: port 2(bridge_slave_1) entered blocking state [ 1046.573732][T24817] bridge0: port 2(bridge_slave_1) entered disabled state [ 1046.576999][T24817] bridge_slave_1: entered allmulticast mode [ 1046.583551][T24817] bridge_slave_1: entered promiscuous mode [ 1046.654043][T24817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1046.687662][T24817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1046.857346][T24847] netlink: 'syz.0.6467': attribute type 4 has an invalid length. [ 1046.905430][T24817] team0: Port device team_slave_0 added [ 1046.912049][T24817] team0: Port device team_slave_1 added [ 1046.934707][T24851] netlink: 'syz.0.6467': attribute type 4 has an invalid length. [ 1046.949570][T24850] netlink: 'syz.1.6468': attribute type 4 has an invalid length. [ 1047.104007][T24854] netlink: 'syz.1.6468': attribute type 4 has an invalid length. [ 1047.127483][T24817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1047.131400][T24817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1047.150794][ C2] vkms_vblank_simulate: vblank timer overrun [ 1047.162454][T24817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1047.169304][T24817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1047.172479][T24817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1047.184224][T24817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1047.266223][T24817] hsr_slave_0: entered promiscuous mode [ 1047.270048][T24817] hsr_slave_1: entered promiscuous mode [ 1047.274094][T24817] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1047.277431][T24817] Cannot create hsr debugfs directory [ 1047.672702][ T5346] Bluetooth: hci9: command tx timeout [ 1047.817586][T24865] FAULT_INJECTION: forcing a failure. [ 1047.817586][T24865] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1047.824563][T24865] CPU: 2 UID: 0 PID: 24865 Comm: syz.3.6473 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1047.829312][T24865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1047.833817][T24865] Call Trace: [ 1047.835215][T24865] [ 1047.836301][T24865] dump_stack_lvl+0x16c/0x1f0 [ 1047.838089][T24865] should_fail_ex+0x497/0x5b0 [ 1047.840183][T24865] _copy_to_user+0x30/0xc0 [ 1047.841882][T24865] simple_read_from_buffer+0xd0/0x160 [ 1047.843975][T24865] proc_fail_nth_read+0x1b0/0x290 [ 1047.845812][T24865] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1047.847835][T24865] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1047.849489][T24865] vfs_read+0x1d4/0xbd0 [ 1047.850916][T24865] ? __fdget_pos+0xeb/0x180 [ 1047.854280][T24865] ? __pfx_vfs_read+0x10/0x10 [ 1047.856052][T24865] ? __pfx___mutex_lock+0x10/0x10 [ 1047.857984][T24865] ? __fget_files+0x256/0x400 [ 1047.860243][T24865] ksys_read+0x12f/0x260 [ 1047.861982][T24865] ? __pfx_ksys_read+0x10/0x10 [ 1047.864011][T24865] do_syscall_64+0xcd/0x250 [ 1047.865910][T24865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1047.868338][T24865] RIP: 0033:0x7fe159375dfc [ 1047.870215][T24865] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 1047.878051][T24865] RSP: 002b:00007fe15a1a1040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1047.881528][T24865] RAX: ffffffffffffffda RBX: 00007fe159505f80 RCX: 00007fe159375dfc [ 1047.884805][T24865] RDX: 000000000000000f RSI: 00007fe15a1a10b0 RDI: 0000000000000005 [ 1047.888049][T24865] RBP: 00007fe15a1a10a0 R08: 0000000000000000 R09: 0000000000000000 [ 1047.891333][T24865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1047.894586][T24865] R13: 000000000000000b R14: 00007fe159505f80 R15: 00007ffc05d79d18 [ 1047.897857][T24865] [ 1047.899213][ C2] vkms_vblank_simulate: vblank timer overrun [ 1048.308167][ T83] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1048.397252][ T83] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1048.416443][T24876] netlink: 'syz.3.6475': attribute type 4 has an invalid length. [ 1048.541290][ T83] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1048.574960][T24876] netlink: 'syz.3.6475': attribute type 4 has an invalid length. [ 1048.706638][ T83] bridge_slave_1: left allmulticast mode [ 1048.709445][ T83] bridge_slave_1: left promiscuous mode [ 1048.712828][ T83] bridge0: port 2(bridge_slave_1) entered disabled state [ 1048.721905][ T83] bridge_slave_0: left allmulticast mode [ 1048.724835][ T83] bridge_slave_0: left promiscuous mode [ 1048.727217][ T83] bridge0: port 1(bridge_slave_0) entered disabled state [ 1048.744024][T24888] FAULT_INJECTION: forcing a failure. [ 1048.744024][T24888] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1048.751755][T24888] CPU: 1 UID: 0 PID: 24888 Comm: syz.1.6480 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1048.756268][T24888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1048.760596][T24888] Call Trace: [ 1048.762336][T24888] [ 1048.763899][T24888] dump_stack_lvl+0x16c/0x1f0 [ 1048.766227][T24888] should_fail_ex+0x497/0x5b0 [ 1048.768582][T24888] _copy_to_user+0x30/0xc0 [ 1048.770663][T24888] simple_read_from_buffer+0xd0/0x160 [ 1048.773232][T24888] proc_fail_nth_read+0x1b0/0x290 [ 1048.775419][T24888] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1048.777799][T24888] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1048.780130][T24888] vfs_read+0x1d4/0xbd0 [ 1048.781838][T24888] ? __fdget_pos+0xeb/0x180 [ 1048.783754][T24888] ? __pfx_vfs_read+0x10/0x10 [ 1048.785703][T24888] ? __pfx___mutex_lock+0x10/0x10 [ 1048.787825][T24888] ? __fget_files+0x256/0x400 [ 1048.789804][T24888] ksys_read+0x12f/0x260 [ 1048.791643][T24888] ? __pfx_ksys_read+0x10/0x10 [ 1048.793861][T24888] do_syscall_64+0xcd/0x250 [ 1048.795786][T24888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1048.798254][T24888] RIP: 0033:0x7f1be5375dfc [ 1048.800191][T24888] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 1048.808189][T24888] RSP: 002b:00007f1be6162040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1048.811819][T24888] RAX: ffffffffffffffda RBX: 00007f1be5505f80 RCX: 00007f1be5375dfc [ 1048.814884][T24888] RDX: 000000000000000f RSI: 00007f1be61620b0 RDI: 0000000000000004 [ 1048.818133][T24888] RBP: 00007f1be61620a0 R08: 0000000000000000 R09: 0000000000000000 [ 1048.821464][T24888] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 1048.824721][T24888] R13: 000000000000000b R14: 00007f1be5505f80 R15: 00007ffe9008d5b8 [ 1048.827677][T24888] [ 1049.495588][ T83] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1049.507913][ T83] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1049.516634][ T83] bond0 (unregistering): Released all slaves [ 1049.754614][ T5346] Bluetooth: hci9: command tx timeout [ 1050.119580][ T83] hsr_slave_0: left promiscuous mode [ 1050.123862][ T83] hsr_slave_1: left promiscuous mode [ 1050.128010][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1050.131511][ T83] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1050.136839][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1050.140657][ T83] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1050.213959][ T83] veth1_macvtap: left promiscuous mode [ 1050.216195][ T83] veth0_macvtap: left promiscuous mode [ 1050.224757][ T83] veth1_vlan: left promiscuous mode [ 1050.227395][ T83] veth0_vlan: left promiscuous mode [ 1050.323023][T24927] FAULT_INJECTION: forcing a failure. [ 1050.323023][T24927] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1050.327677][T24927] CPU: 0 UID: 0 PID: 24927 Comm: syz.0.6493 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1050.331094][T24927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1050.334871][T24927] Call Trace: [ 1050.336075][T24927] [ 1050.337164][T24927] dump_stack_lvl+0x16c/0x1f0 [ 1050.338730][T24927] should_fail_ex+0x497/0x5b0 [ 1050.340385][T24927] _copy_from_user+0x30/0xf0 [ 1050.342227][T24927] copy_msghdr_from_user+0x99/0x160 [ 1050.344341][T24927] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1050.346397][T24927] ? __pfx___lock_acquire+0x10/0x10 [ 1050.348259][T24927] ___sys_sendmsg+0xff/0x1e0 [ 1050.350034][T24927] ? __pfx____sys_sendmsg+0x10/0x10 [ 1050.352132][T24927] ? __pfx_lock_release+0x10/0x10 [ 1050.354200][T24927] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1050.356267][T24927] ? __fget_light+0x173/0x210 [ 1050.358024][T24927] __sys_sendmmsg+0x1a1/0x450 [ 1050.359555][T24927] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1050.361369][T24927] ? vfs_write+0x14d/0x1140 [ 1050.363229][T24927] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1050.365613][T24927] ? fput+0x32/0x390 [ 1050.367188][T24927] ? ksys_write+0x1ab/0x260 [ 1050.368977][T24927] ? __pfx_ksys_write+0x10/0x10 [ 1050.370907][T24927] __x64_sys_sendmmsg+0x9c/0x100 [ 1050.372878][T24927] ? lockdep_hardirqs_on+0x7c/0x110 [ 1050.374928][T24927] do_syscall_64+0xcd/0x250 [ 1050.376461][T24927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1050.378664][T24927] RIP: 0033:0x7f54ae9773b9 [ 1050.380398][T24927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1050.387211][T24927] RSP: 002b:00007f54af7bc048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1050.390049][T24927] RAX: ffffffffffffffda RBX: 00007f54aeb05f80 RCX: 00007f54ae9773b9 [ 1050.392835][T24927] RDX: 0000000000000002 RSI: 0000000020008080 RDI: 0000000000000005 [ 1050.395682][T24927] RBP: 00007f54af7bc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1050.398055][T24927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1050.400639][T24927] R13: 000000000000000b R14: 00007f54aeb05f80 R15: 00007ffe6f8e6eb8 [ 1050.403375][T24927] [ 1051.676884][ T83] team0 (unregistering): Port device team_slave_1 removed [ 1051.832449][ T5346] Bluetooth: hci9: command tx timeout [ 1051.850077][ T83] team0 (unregistering): Port device team_slave_0 removed [ 1052.831388][T24933] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6495'. [ 1052.835540][T24933] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6495'. [ 1052.842391][T24933] veth1_macvtap: left promiscuous mode [ 1052.852977][T24936] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6495'. [ 1052.860414][T24936] netlink: 72 bytes leftover after parsing attributes in process `syz.0.6495'. [ 1052.870374][T24936] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 1052.878948][T24942] netlink: 'syz.3.6497': attribute type 4 has an invalid length. [ 1052.894666][T24943] netlink: 'syz.3.6497': attribute type 4 has an invalid length. [ 1053.036905][T24817] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1053.048503][T24817] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1053.062937][T24817] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1053.076204][T24817] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1053.104071][T24955] netlink: 'syz.0.6501': attribute type 12 has an invalid length. [ 1053.107847][T24955] netlink: 'syz.0.6501': attribute type 11 has an invalid length. [ 1053.110996][T24955] netlink: 'syz.0.6501': attribute type 11 has an invalid length. [ 1053.114534][T24955] netlink: 'syz.0.6501': attribute type 11 has an invalid length. [ 1053.117440][T24955] netlink: 'syz.0.6501': attribute type 11 has an invalid length. [ 1053.120448][T24955] netlink: 'syz.0.6501': attribute type 11 has an invalid length. [ 1053.123297][T24955] netlink: 'syz.0.6501': attribute type 11 has an invalid length. [ 1053.126195][T24955] netlink: 196720 bytes leftover after parsing attributes in process `syz.0.6501'. [ 1053.240835][T24817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1053.259545][T24817] 8021q: adding VLAN 0 to HW filter on device team0 [ 1053.269110][T19670] bridge0: port 1(bridge_slave_0) entered blocking state [ 1053.285978][T19670] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1053.304822][T19282] bridge0: port 2(bridge_slave_1) entered blocking state [ 1053.308037][T19282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1053.341010][T24817] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1053.462217][ T71] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 1053.477701][T24817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1053.520578][T24817] veth0_vlan: entered promiscuous mode [ 1053.533095][T24817] veth1_vlan: entered promiscuous mode [ 1053.565940][T24817] veth0_macvtap: entered promiscuous mode [ 1053.573078][T24817] veth1_macvtap: entered promiscuous mode [ 1053.588229][T24817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1053.593707][T24817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1053.598002][T24817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1053.602556][T24817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1053.606800][T24817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1053.611287][T24817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1053.616968][T24817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1053.625197][T24817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1053.629619][T24817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1053.634131][T24817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1053.638026][T24817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1053.642090][T24817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1053.646166][T24817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1053.652298][ T71] usb 5-1: Using ep0 maxpacket: 16 [ 1053.653284][T24817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1053.658376][ T71] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1053.661819][ T71] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1053.667321][T24817] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1053.667805][ T71] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1053.671600][T24817] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1053.671632][T24817] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1053.671658][T24817] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1053.675436][ T71] usb 5-1: Product: syz [ 1053.687969][ T71] usb 5-1: Manufacturer: syz [ 1053.689877][ T71] usb 5-1: SerialNumber: syz [ 1053.694079][ T71] usb 5-1: config 0 descriptor?? [ 1053.702473][ T71] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1053.706605][ T71] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 1053.738849][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1053.745532][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1053.776144][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1053.779662][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1054.262048][T24979] FAULT_INJECTION: forcing a failure. [ 1054.262048][T24979] name failslab, interval 1, probability 0, space 0, times 0 [ 1054.267294][T24979] CPU: 2 UID: 0 PID: 24979 Comm: syz.1.6507 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1054.271420][T24979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1054.275379][T24979] Call Trace: [ 1054.276704][T24979] [ 1054.277852][T24979] dump_stack_lvl+0x16c/0x1f0 [ 1054.279670][T24979] should_fail_ex+0x497/0x5b0 [ 1054.281515][T24979] ? fs_reclaim_acquire+0xae/0x160 [ 1054.283521][T24979] should_failslab+0xc2/0x120 [ 1054.285346][T24979] __kmalloc_noprof+0xcb/0x400 [ 1054.287199][T24979] bpf_test_init.isra.0+0xa5/0x150 [ 1054.289176][T24979] bpf_prog_test_run_xdp+0x4f6/0x1530 [ 1054.291289][T24979] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1054.293487][T24979] ? fput+0x32/0x390 [ 1054.294904][T24979] ? __bpf_prog_get+0xa0/0x2f0 [ 1054.296811][T24979] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1054.299080][T24979] __sys_bpf+0x10d2/0x4a20 [ 1054.300845][T24979] ? ksys_write+0x21c/0x260 [ 1054.302392][T24979] ? reacquire_held_locks+0x3f0/0x4c0 [ 1054.304214][T24979] ? __pfx___sys_bpf+0x10/0x10 [ 1054.305841][T24979] ? vfs_write+0x14d/0x1140 [ 1054.307410][T24979] ? __mutex_unlock_slowpath+0x164/0x650 [ 1054.309586][T24979] ? fput+0x32/0x390 [ 1054.311000][T24979] ? ksys_write+0x1ab/0x260 [ 1054.312754][T24979] ? __pfx_ksys_write+0x10/0x10 [ 1054.314657][T24979] __x64_sys_bpf+0x78/0xc0 [ 1054.316421][T24979] ? lockdep_hardirqs_on+0x7c/0x110 [ 1054.318227][T24979] do_syscall_64+0xcd/0x250 [ 1054.319793][T24979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1054.321779][T24979] RIP: 0033:0x7f1be53773b9 [ 1054.323325][T24979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1054.329840][T24979] RSP: 002b:00007f1be6141048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1054.332633][T24979] RAX: ffffffffffffffda RBX: 00007f1be5506058 RCX: 00007f1be53773b9 [ 1054.335293][T24979] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 1054.338148][T24979] RBP: 00007f1be61410a0 R08: 0000000000000000 R09: 0000000000000000 [ 1054.341016][T24979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1054.344170][T24979] R13: 000000000000006e R14: 00007f1be5506058 R15: 00007ffe9008d5b8 [ 1054.347013][T24979] [ 1054.932731][T24986] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6509'. [ 1054.974703][T24986] fuse: Unknown parameter '0x000000000000000a00000000000000000000' [ 1055.022623][ T71] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 1055.025902][T24989] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1055.097492][ T71] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1055.102177][ T71] em28xx 5-1:0.0: board has no eeprom [ 1055.182663][ T71] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1055.196796][ T71] em28xx 5-1:0.0: dvb set to bulk mode. [ 1055.200989][ T6746] em28xx 5-1:0.0: Binding DVB extension [ 1055.248819][ T6746] em28xx 5-1:0.0: Registering input extension [ 1056.180955][T25011] netlink: 'syz.3.6516': attribute type 4 has an invalid length. [ 1056.277673][T19670] usb 5-1: USB disconnect, device number 71 [ 1056.282337][T19670] em28xx 5-1:0.0: Disconnecting em28xx [ 1056.284489][T19670] em28xx 5-1:0.0: Closing input extension [ 1056.321090][T19670] em28xx 5-1:0.0: Freeing device [ 1056.344912][T25011] netlink: 'syz.3.6516': attribute type 4 has an invalid length. [ 1056.588043][ T5346] Bluetooth: hci0: link tx timeout [ 1056.591068][ T5346] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 1056.598786][ T5346] Bluetooth: hci0: link tx timeout [ 1056.600846][ T5346] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 1056.603926][ T5346] Bluetooth: hci0: link tx timeout [ 1056.605996][ T5346] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 1056.609473][ T5346] Bluetooth: hci0: link tx timeout [ 1056.611673][ T5346] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 1057.082442][ T39] audit: type=1400 audit(1722584966.795:639): avc: denied { append } for pid=25025 comm="syz.3.6520" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1057.159420][ T83] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1057.465473][T16848] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1057.470286][T16848] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1057.477120][T16848] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1057.481426][T16848] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1057.485065][T16848] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1057.488604][T16848] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1057.655125][T25033] chnl_net:caif_netlink_parms(): no params data found [ 1057.794764][T25033] bridge0: port 1(bridge_slave_0) entered blocking state [ 1057.798060][T25033] bridge0: port 1(bridge_slave_0) entered disabled state [ 1057.801321][T25033] bridge_slave_0: entered allmulticast mode [ 1057.808735][T25033] bridge_slave_0: entered promiscuous mode [ 1057.814251][T25033] bridge0: port 2(bridge_slave_1) entered blocking state [ 1057.817596][T25033] bridge0: port 2(bridge_slave_1) entered disabled state [ 1057.820825][T25033] bridge_slave_1: entered allmulticast mode [ 1057.824760][T25033] bridge_slave_1: entered promiscuous mode [ 1057.895697][T25033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1057.902784][T25033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1057.991382][T25033] team0: Port device team_slave_0 added [ 1057.999002][T25033] team0: Port device team_slave_1 added [ 1058.104762][T25033] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1058.107661][T25033] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1058.119278][T25033] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1058.127319][T25033] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1058.130207][T25033] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1058.142358][T25033] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1058.229120][T25050] netlink: 'syz.1.6524': attribute type 4 has an invalid length. [ 1058.298479][T25050] netlink: 'syz.1.6524': attribute type 4 has an invalid length. [ 1058.333527][T25033] hsr_slave_0: entered promiscuous mode [ 1058.339507][T25033] hsr_slave_1: entered promiscuous mode [ 1058.358961][T25033] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1058.361906][T25033] Cannot create hsr debugfs directory [ 1058.636077][T16848] Bluetooth: hci0: command 0x0406 tx timeout [ 1059.380023][T25063] FAULT_INJECTION: forcing a failure. [ 1059.380023][T25063] name failslab, interval 1, probability 0, space 0, times 0 [ 1059.387216][T25063] CPU: 0 UID: 0 PID: 25063 Comm: syz.0.6528 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1059.392016][T25063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1059.396875][T25063] Call Trace: [ 1059.398425][T25063] [ 1059.399843][T25063] dump_stack_lvl+0x16c/0x1f0 [ 1059.402049][T25063] should_fail_ex+0x497/0x5b0 [ 1059.404195][T25063] should_failslab+0xc2/0x120 [ 1059.406265][T25063] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 1059.408972][T25063] ? __build_skb+0x3f/0x90 [ 1059.411048][T25063] __build_skb+0x3f/0x90 [ 1059.413012][T25063] build_skb+0x22/0x280 [ 1059.414907][T25063] __tun_build_skb+0x2c/0x340 [ 1059.417042][T25063] tun_build_skb.constprop.0+0x8bf/0x1390 [ 1059.419656][T25063] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 1059.422467][T25063] ? __pfx___lock_acquire+0x10/0x10 [ 1059.424892][T25063] ? __pfx_mark_lock+0x10/0x10 [ 1059.427104][T25063] tun_get_user+0x888/0x3c30 [ 1059.429227][T25063] ? __pfx_tun_get_user+0x10/0x10 [ 1059.431528][T25063] ? find_held_lock+0x2d/0x110 [ 1059.433720][T25063] ? __pfx_lock_release+0x10/0x10 [ 1059.436007][T25063] tun_chr_write_iter+0xe8/0x210 [ 1059.438283][T25063] vfs_write+0x6b6/0x1140 [ 1059.440283][T25063] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1059.442797][T25063] ? __pfx_vfs_write+0x10/0x10 [ 1059.445266][T25063] ? __fget_files+0x256/0x400 [ 1059.447465][T25063] ? __fget_light+0x173/0x210 [ 1059.449650][T25063] ksys_write+0x12f/0x260 [ 1059.451646][T25063] ? __pfx_ksys_write+0x10/0x10 [ 1059.453806][T25063] do_syscall_64+0xcd/0x250 [ 1059.455858][T25063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1059.458367][T25063] RIP: 0033:0x7f54ae975e9f [ 1059.460313][T25063] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48 [ 1059.468550][T25063] RSP: 002b:00007f54af7bc010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1059.471759][T25063] RAX: ffffffffffffffda RBX: 00007f54aeb05f80 RCX: 00007f54ae975e9f [ 1059.474851][T25063] RDX: 0000000000000032 RSI: 0000000020000300 RDI: 00000000000000c8 [ 1059.478363][T25063] RBP: 00007f54af7bc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1059.482062][T25063] R10: 0000000000000032 R11: 0000000000000293 R12: 0000000000000001 [ 1059.485320][T25063] R13: 000000000000000b R14: 00007f54aeb05f80 R15: 00007ffe6f8e6eb8 [ 1059.488661][T25063] [ 1059.513114][T22289] Bluetooth: hci9: command tx timeout [ 1059.856792][T25084] netlink: 'syz.0.6533': attribute type 4 has an invalid length. [ 1059.899517][T25084] netlink: 'syz.0.6533': attribute type 4 has an invalid length. [ 1060.006072][ T83] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1060.113171][ T83] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1060.165849][ T1379] ieee802154 phy0 wpan0: encryption failed: -22 [ 1060.169173][ T1379] ieee802154 phy1 wpan1: encryption failed: -22 [ 1060.209007][ T83] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1060.382529][ T83] bridge_slave_1: left allmulticast mode [ 1060.386560][ T83] bridge_slave_1: left promiscuous mode [ 1060.391114][ T83] bridge0: port 2(bridge_slave_1) entered disabled state [ 1060.404835][ T83] bridge_slave_0: left allmulticast mode [ 1060.409699][ T83] bridge_slave_0: left promiscuous mode [ 1060.414000][ T83] bridge0: port 1(bridge_slave_0) entered disabled state [ 1060.676481][T25090] FAULT_INJECTION: forcing a failure. [ 1060.676481][T25090] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1060.682299][T25090] CPU: 1 UID: 0 PID: 25090 Comm: syz.1.6536 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1060.687010][T25090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1060.691696][T25090] Call Trace: [ 1060.693204][T25090] [ 1060.694531][T25090] dump_stack_lvl+0x16c/0x1f0 [ 1060.696675][T25090] should_fail_ex+0x497/0x5b0 [ 1060.699461][T25090] _copy_from_iter+0x2a1/0x1150 [ 1060.701676][T25090] ? dev_get_by_index+0x17c/0x380 [ 1060.703454][T25090] ? __pfx__copy_from_iter+0x10/0x10 [ 1060.705457][T25090] packet_sendmsg+0x1ba8/0x53a0 [ 1060.707812][T25090] ? sock_has_perm+0x25a/0x2f0 [ 1060.709949][T25090] ? __pfx_sock_has_perm+0x10/0x10 [ 1060.712185][T25090] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 1060.715121][T25090] ? __pfx_packet_sendmsg+0x10/0x10 [ 1060.717280][T25090] ? __might_fault+0xe3/0x190 [ 1060.719343][T25090] __sys_sendto+0x47f/0x4e0 [ 1060.721149][T25090] ? __pfx___sys_sendto+0x10/0x10 [ 1060.723326][T25090] ? ksys_write+0x1ab/0x260 [ 1060.725294][T25090] ? __pfx_ksys_write+0x10/0x10 [ 1060.727337][T25090] __x64_sys_sendto+0xe0/0x1c0 [ 1060.729356][T25090] ? do_syscall_64+0x91/0x250 [ 1060.731368][T25090] ? lockdep_hardirqs_on+0x7c/0x110 [ 1060.733370][T25090] do_syscall_64+0xcd/0x250 [ 1060.735248][T25090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1060.737594][T25090] RIP: 0033:0x7f1be53773b9 [ 1060.739248][T25090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1060.746128][T25090] RSP: 002b:00007f1be6162048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1060.748970][T25090] RAX: ffffffffffffffda RBX: 00007f1be5505f80 RCX: 00007f1be53773b9 [ 1060.751671][T25090] RDX: 000000000000fce0 RSI: 00000000200002c0 RDI: 0000000000000003 [ 1060.754343][T25090] RBP: 00007f1be61620a0 R08: 0000000020000140 R09: 0000000000000014 [ 1060.757365][T25090] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 1060.760563][T25090] R13: 000000000000000b R14: 00007f1be5505f80 R15: 00007ffe9008d5b8 [ 1060.763711][T25090] [ 1060.767598][ T39] audit: type=1400 audit(1722584970.485:640): avc: denied { write } for pid=25086 comm="syz.3.6535" name="renderD128" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 1060.826656][T25097] FAULT_INJECTION: forcing a failure. [ 1060.826656][T25097] name failslab, interval 1, probability 0, space 0, times 0 [ 1060.832036][T25097] CPU: 0 UID: 0 PID: 25097 Comm: syz.1.6538 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1060.836748][T25097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1060.841222][T25097] Call Trace: [ 1060.842717][T25097] [ 1060.844061][T25097] dump_stack_lvl+0x16c/0x1f0 [ 1060.846044][T25097] should_fail_ex+0x497/0x5b0 [ 1060.848050][T25097] ? fs_reclaim_acquire+0xae/0x160 [ 1060.850205][T25097] should_failslab+0xc2/0x120 [ 1060.852184][T25097] __kmalloc_noprof+0xcb/0x400 [ 1060.854436][T25097] sock_kmalloc+0x111/0x170 [ 1060.856447][T25097] hash_alloc_result+0xd7/0x150 [ 1060.858485][T25097] hash_recvmsg+0x198/0x8d0 [ 1060.860419][T25097] ? security_socket_recvmsg+0x98/0xd0 [ 1060.862860][T25097] sock_recvmsg+0x1f6/0x250 [ 1060.864774][T25097] ____sys_recvmsg+0x21f/0x6b0 [ 1060.866767][T25097] ? __pfx_____sys_recvmsg+0x10/0x10 [ 1060.868964][T25097] ? find_held_lock+0x2d/0x110 [ 1060.871073][T25097] ___sys_recvmsg+0x115/0x1a0 [ 1060.873184][T25097] ? __pfx____sys_recvmsg+0x10/0x10 [ 1060.875474][T25097] ? __fget_light+0x173/0x210 [ 1060.877524][T25097] do_recvmmsg+0x2ba/0x750 [ 1060.879407][T25097] ? __pfx_do_recvmmsg+0x10/0x10 [ 1060.881582][T25097] ? vfs_write+0x14d/0x1140 [ 1060.883504][T25097] ? __mutex_unlock_slowpath+0x164/0x650 [ 1060.885853][T25097] __x64_sys_recvmmsg+0x239/0x290 [ 1060.887973][T25097] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1060.890293][T25097] do_syscall_64+0xcd/0x250 [ 1060.892324][T25097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1060.894739][T25097] RIP: 0033:0x7f1be53773b9 [ 1060.896579][T25097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1060.904118][T25097] RSP: 002b:00007f1be6162048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1060.907767][T25097] RAX: ffffffffffffffda RBX: 00007f1be5505f80 RCX: 00007f1be53773b9 [ 1060.910900][T25097] RDX: 0000000000000001 RSI: 0000000020002540 RDI: 0000000000000004 [ 1060.913778][T25097] RBP: 00007f1be61620a0 R08: 0000000000000000 R09: 0000000000000000 [ 1060.916465][T25097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1060.919505][T25097] R13: 000000000000000b R14: 00007f1be5505f80 R15: 00007ffe9008d5b8 [ 1060.922922][T25097] [ 1061.199894][ T39] audit: type=1400 audit(1722584970.915:641): avc: denied { write } for pid=25099 comm="syz.1.6539" name="/" dev="9p" ino=36701533 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 1061.209868][ T83] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1061.215335][ T39] audit: type=1400 audit(1722584970.925:642): avc: denied { add_name } for pid=25099 comm="syz.1.6539" name="blkio.bfq.io_serviced" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 1061.225725][ T83] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1061.225796][ T39] audit: type=1400 audit(1722584970.925:643): avc: denied { create } for pid=25099 comm="syz.1.6539" name="blkio.bfq.io_serviced" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 1061.238414][ T39] audit: type=1400 audit(1722584970.935:644): avc: denied { associate } for pid=25099 comm="syz.1.6539" name="blkio.bfq.io_serviced" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 1061.250660][ T83] bond0 (unregistering): Released all slaves [ 1061.252440][T25106] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6539'. [ 1061.264697][ T39] audit: type=1400 audit(1722584970.985:645): avc: denied { read append open } for pid=25099 comm="syz.1.6539" path="/241/file0/blkio.bfq.io_serviced" dev="9p" ino=36701688 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1061.295029][T25091] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6535'. [ 1061.592593][T22289] Bluetooth: hci9: command tx timeout [ 1061.719031][T25115] netlink: 'syz.3.6543': attribute type 4 has an invalid length. [ 1061.788387][ T83] hsr_slave_0: left promiscuous mode [ 1061.797731][ T83] hsr_slave_1: left promiscuous mode [ 1061.805527][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1061.809007][ T83] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1061.833821][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1061.837108][ T83] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1061.953459][ T83] veth1_macvtap: left promiscuous mode [ 1061.956252][ T83] veth0_macvtap: left promiscuous mode [ 1061.959141][ T83] veth1_vlan: left promiscuous mode [ 1061.961765][ T83] veth0_vlan: left promiscuous mode [ 1063.428353][ T83] team0 (unregistering): Port device team_slave_1 removed [ 1063.588079][ T83] team0 (unregistering): Port device team_slave_0 removed [ 1063.672421][T22289] Bluetooth: hci9: command tx timeout [ 1064.595499][T25118] netlink: 'syz.3.6543': attribute type 4 has an invalid length. [ 1064.606393][T25128] netlink: 'syz.1.6546': attribute type 4 has an invalid length. [ 1064.625571][T25129] netlink: 'syz.1.6546': attribute type 4 has an invalid length. [ 1064.631530][T25139] netlink: 'syz.0.6549': attribute type 4 has an invalid length. [ 1064.684651][T25140] netlink: 'syz.0.6549': attribute type 4 has an invalid length. [ 1064.815210][T25033] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1064.826477][T25146] netlink: del zone limit has 4 unknown bytes [ 1064.847274][T25033] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1064.866276][T25033] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1064.902566][T25033] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1065.132194][T25033] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1065.164159][ T39] audit: type=1400 audit(1722584974.875:646): avc: denied { write } for pid=25147 comm="syz.3.6552" name="blkio.bfq.io_serviced" dev="9p" ino=36701688 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1065.177350][T25033] 8021q: adding VLAN 0 to HW filter on device team0 [ 1065.188591][ T830] bridge0: port 1(bridge_slave_0) entered blocking state [ 1065.191763][ T830] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1065.194535][ T39] audit: type=1400 audit(1722584974.905:647): avc: denied { map } for pid=25147 comm="syz.3.6552" path="/271/file0/blkio.bfq.io_serviced" dev="9p" ino=36701688 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1065.205455][T25158] netlink: 'syz.1.6554': attribute type 4 has an invalid length. [ 1065.231804][T21632] bridge0: port 2(bridge_slave_1) entered blocking state [ 1065.235082][T21632] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1065.347901][T25148] netfs: Couldn't get user pages (rc=-14) [ 1065.363936][T25152] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6552'. [ 1065.555924][T25033] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1065.603703][T25033] veth0_vlan: entered promiscuous mode [ 1065.613021][T25033] veth1_vlan: entered promiscuous mode [ 1065.642055][T25033] veth0_macvtap: entered promiscuous mode [ 1065.648881][T25033] veth1_macvtap: entered promiscuous mode [ 1065.653926][T25165] FAULT_INJECTION: forcing a failure. [ 1065.653926][T25165] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1065.664361][T25033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1065.668735][T25033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1065.669098][T25165] CPU: 0 UID: 0 PID: 25165 Comm: syz.3.6555 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1065.673821][T25033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1065.677524][T25165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1065.677541][T25165] Call Trace: [ 1065.681905][T25033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1065.686469][T25165] [ 1065.686478][T25165] dump_stack_lvl+0x16c/0x1f0 [ 1065.686505][T25165] should_fail_ex+0x497/0x5b0 [ 1065.686530][T25165] _copy_to_iter+0x2a1/0x1150 [ 1065.686553][T25165] ? hlock_class+0x4e/0x130 [ 1065.686576][T25165] ? mark_lock+0xb5/0xc60 [ 1065.688354][T25033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1065.691738][T25165] ? __pfx__copy_to_iter+0x10/0x10 [ 1065.691763][T25165] ? __virt_addr_valid+0x5e/0x590 [ 1065.691782][T25165] ? __phys_addr_symbol+0x30/0x80 [ 1065.693480][T25033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1065.695064][T25165] ? __check_object_size+0x497/0x720 [ 1065.698472][T25033] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1065.699081][T25165] simple_copy_to_iter+0x4f/0x80 [ 1065.710730][T25033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1065.710814][T25165] __skb_datagram_iter+0x122/0x800 [ 1065.715552][T25033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1065.716908][T25165] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 1065.716933][T25165] ? __pfx_tipc_sk_anc_data_recv+0x10/0x10 [ 1065.716957][T25165] skb_copy_datagram_iter+0xac/0x250 [ 1065.720289][T25033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1065.721974][T25165] tipc_recvstream+0x3f9/0x960 [ 1065.721998][T25165] ? __pfx_tipc_recvstream+0x10/0x10 [ 1065.722016][T25165] ? security_socket_recvmsg+0x98/0xd0 [ 1065.724672][T25033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1065.728497][T25165] sock_recvmsg+0x1f6/0x250 [ 1065.728520][T25165] ____sys_recvmsg+0x21f/0x6b0 [ 1065.728539][T25165] ? __pfx_____sys_recvmsg+0x10/0x10 [ 1065.730873][T25033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1065.734621][T25165] ? find_held_lock+0x2d/0x110 [ 1065.734650][T25165] ___sys_recvmsg+0x115/0x1a0 [ 1065.734673][T25165] ? __pfx____sys_recvmsg+0x10/0x10 [ 1065.734698][T25165] ? __fget_light+0x173/0x210 [ 1065.734721][T25165] do_recvmmsg+0x2ba/0x750 [ 1065.734743][T25165] ? __pfx_do_recvmmsg+0x10/0x10 [ 1065.734764][T25165] ? vfs_write+0x14d/0x1140 [ 1065.734781][T25165] ? __mutex_unlock_slowpath+0x164/0x650 [ 1065.734802][T25165] __x64_sys_recvmmsg+0x239/0x290 [ 1065.734826][T25165] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1065.734850][T25165] do_syscall_64+0xcd/0x250 [ 1065.734868][T25165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1065.738410][T25033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1065.739482][T25165] RIP: 0033:0x7fe1593773b9 [ 1065.739496][T25165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1065.739510][T25165] RSP: 002b:00007fe15a180048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1065.739526][T25165] RAX: ffffffffffffffda RBX: 00007fe159506058 RCX: 00007fe1593773b9 [ 1065.739537][T25165] RDX: 0000000000000002 RSI: 0000000020002dc0 RDI: 0000000000000003 [ 1065.739547][T25165] RBP: 00007fe15a1800a0 R08: 0000000000000000 R09: 0000000000000000 [ 1065.739557][T25165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1065.739566][T25165] R13: 000000000000006e R14: 00007fe159506058 R15: 00007ffc05d79d18 [ 1065.739579][T25165] [ 1065.752474][T22289] Bluetooth: hci9: command tx timeout [ 1065.834889][T25033] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1065.849108][T25033] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.854056][T25033] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.857616][T25033] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.861498][T25033] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.946571][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1065.949401][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1066.005228][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1066.009286][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1066.093449][T14113] hid-generic 0000:0000:0000.001B: unknown main item tag 0x0 [ 1066.097379][T14113] hid-generic 0000:0000:0000.001B: unknown main item tag 0x0 [ 1066.111023][T14113] hid-generic 0000:0000:0000.001B: hidraw1: HID v0.00 Device [syz0] on syz0 [ 1066.114031][ T39] audit: type=1400 audit(1722584975.835:648): avc: denied { create } for pid=25179 comm="syz.1.6561" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 1066.116127][T25180] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 1066.127293][T25180] audit: out of memory in audit_log_start [ 1066.276275][T25185] netlink: 'syz.1.6562': attribute type 4 has an invalid length. [ 1066.282097][T25185] netlink: 'syz.1.6562': attribute type 4 has an invalid length. [ 1067.958658][T25212] netlink: 'syz.3.6572': attribute type 4 has an invalid length. [ 1068.031895][T25212] netlink: 'syz.3.6572': attribute type 4 has an invalid length. [ 1068.752998][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1069.045588][T16848] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1069.064944][T16848] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1069.070790][T16848] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1069.076997][T16848] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1069.082546][T16848] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1069.090256][T16848] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1069.365340][T25222] chnl_net:caif_netlink_parms(): no params data found [ 1069.488430][T25222] bridge0: port 1(bridge_slave_0) entered blocking state [ 1069.491775][T25222] bridge0: port 1(bridge_slave_0) entered disabled state [ 1069.494995][T25222] bridge_slave_0: entered allmulticast mode [ 1069.500123][T25222] bridge_slave_0: entered promiscuous mode [ 1069.505940][T25222] bridge0: port 2(bridge_slave_1) entered blocking state [ 1069.509187][T25222] bridge0: port 2(bridge_slave_1) entered disabled state [ 1069.512608][T25222] bridge_slave_1: entered allmulticast mode [ 1069.516836][T25222] bridge_slave_1: entered promiscuous mode [ 1069.572664][T25222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1069.580736][T25222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1069.644847][T25222] team0: Port device team_slave_0 added [ 1069.653105][T25222] team0: Port device team_slave_1 added [ 1069.703808][T25222] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1069.706685][T25222] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1069.719131][T25222] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1069.725969][T25222] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1069.729000][T25222] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1069.742070][T25222] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1069.894810][T25222] hsr_slave_0: entered promiscuous mode [ 1069.902833][T25222] hsr_slave_1: entered promiscuous mode [ 1069.906677][T25222] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1069.910202][T25222] Cannot create hsr debugfs directory [ 1069.951456][T25240] xt_bpf: check failed: parse error [ 1069.963006][T25242] validate_nla: 1 callbacks suppressed [ 1069.963021][T25242] netlink: 'syz.1.6582': attribute type 1 has an invalid length. [ 1069.968693][T25242] netlink: 224 bytes leftover after parsing attributes in process `syz.1.6582'. [ 1069.972661][T25242] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6582'. [ 1070.151887][T25250] FAULT_INJECTION: forcing a failure. [ 1070.151887][T25250] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1070.156992][T25250] CPU: 3 UID: 0 PID: 25250 Comm: syz.0.6585 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1070.160595][T25250] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1070.164199][T25250] Call Trace: [ 1070.165549][T25250] [ 1070.165558][T25251] netlink: 'syz.3.6583': attribute type 4 has an invalid length. [ 1070.166803][T25250] dump_stack_lvl+0x16c/0x1f0 [ 1070.166832][T25250] should_fail_ex+0x497/0x5b0 [ 1070.166852][T25250] _copy_to_user+0x30/0xc0 [ 1070.175396][T25250] simple_read_from_buffer+0xd0/0x160 [ 1070.177275][T25250] proc_fail_nth_read+0x1b0/0x290 [ 1070.179372][T25250] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1070.181701][T25250] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1070.184128][T25250] vfs_read+0x1d4/0xbd0 [ 1070.185782][T25250] ? __fdget_pos+0xeb/0x180 [ 1070.187395][T25250] ? __pfx_vfs_read+0x10/0x10 [ 1070.189000][T25250] ? __pfx___mutex_lock+0x10/0x10 [ 1070.190777][T25250] ? __fget_files+0x256/0x400 [ 1070.192817][T25250] ksys_read+0x12f/0x260 [ 1070.194621][T25250] ? __pfx_ksys_read+0x10/0x10 [ 1070.196510][T25250] do_syscall_64+0xcd/0x250 [ 1070.198307][T25250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1070.200729][T25250] RIP: 0033:0x7f54ae975dfc [ 1070.202656][T25250] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 1070.210885][T25250] RSP: 002b:00007f54af7bc040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1070.214326][T25250] RAX: ffffffffffffffda RBX: 00007f54aeb05f80 RCX: 00007f54ae975dfc [ 1070.217554][T25250] RDX: 000000000000000f RSI: 00007f54af7bc0b0 RDI: 0000000000000004 [ 1070.220749][T25250] RBP: 00007f54af7bc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1070.224019][T25250] R10: 0000000020000bc0 R11: 0000000000000246 R12: 0000000000000001 [ 1070.227274][T25250] R13: 000000000000000b R14: 00007f54aeb05f80 R15: 00007ffe6f8e6eb8 [ 1070.230535][T25250] [ 1070.231940][ C3] vkms_vblank_simulate: vblank timer overrun [ 1070.258312][T25252] netlink: 'syz.3.6583': attribute type 4 has an invalid length. [ 1070.577497][T25258] netlink: 'syz.0.6587': attribute type 4 has an invalid length. [ 1070.615846][T25258] netlink: 'syz.0.6587': attribute type 4 has an invalid length. [ 1071.203596][T22289] Bluetooth: hci9: command tx timeout [ 1071.407421][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.513058][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.579001][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.597695][T25273] netlink: 'syz.0.6591': attribute type 4 has an invalid length. [ 1071.819162][ T11] bridge_slave_1: left allmulticast mode [ 1071.821787][ T11] bridge_slave_1: left promiscuous mode [ 1071.825950][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1071.838726][ T11] bridge_slave_0: left allmulticast mode [ 1071.872794][ T11] bridge_slave_0: left promiscuous mode [ 1071.876642][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1072.394645][T25277] xt_bpf: check failed: parse error [ 1072.504461][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1072.513517][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1072.525955][ T11] bond0 (unregistering): Released all slaves [ 1072.593354][T25285] netlink: 'syz.3.6594': attribute type 4 has an invalid length. [ 1072.640034][T25285] netlink: 'syz.3.6594': attribute type 4 has an invalid length. [ 1072.911484][T25222] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1072.918119][T25222] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1072.924480][T25222] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1072.930398][T25222] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1072.969013][ T11] hsr_slave_0: left promiscuous mode [ 1072.971773][ T11] hsr_slave_1: left promiscuous mode [ 1072.975239][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1072.978651][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1072.982688][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1072.986122][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1073.056890][ T11] veth1_macvtap: left promiscuous mode [ 1073.059481][ T11] veth0_macvtap: left promiscuous mode [ 1073.062222][ T11] veth1_vlan: left promiscuous mode [ 1073.064678][ T11] veth0_vlan: left promiscuous mode [ 1073.272325][T22289] Bluetooth: hci9: command tx timeout [ 1074.297885][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1074.412255][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1075.245570][T25291] netlink: 'syz.1.6597': attribute type 4 has an invalid length. [ 1075.252853][T25298] netlink: 'syz.1.6597': attribute type 4 has an invalid length. [ 1075.306248][T25222] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1075.320291][T25222] 8021q: adding VLAN 0 to HW filter on device team0 [ 1075.332942][T22057] bridge0: port 1(bridge_slave_0) entered blocking state [ 1075.334354][T25303] FAULT_INJECTION: forcing a failure. [ 1075.334354][T25303] name failslab, interval 1, probability 0, space 0, times 0 [ 1075.336152][T22057] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1075.340629][T25303] CPU: 1 UID: 0 PID: 25303 Comm: syz.0.6600 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1075.340655][T25303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1075.340668][T25303] Call Trace: [ 1075.340677][T25303] [ 1075.340685][T25303] dump_stack_lvl+0x16c/0x1f0 [ 1075.352293][T22289] Bluetooth: hci9: command tx timeout [ 1075.352422][T25303] should_fail_ex+0x497/0x5b0 [ 1075.354770][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 1075.355259][T25303] ? fs_reclaim_acquire+0xae/0x160 [ 1075.357441][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1075.359731][T25303] should_failslab+0xc2/0x120 [ 1075.371991][T25303] __kmalloc_noprof+0xcb/0x400 [ 1075.374135][T25303] ? d_absolute_path+0x137/0x1b0 [ 1075.376377][T25303] tomoyo_encode2+0x100/0x3e0 [ 1075.378333][T25303] tomoyo_encode+0x29/0x50 [ 1075.380320][T25303] tomoyo_realpath_from_path+0x19d/0x720 [ 1075.382288][T25303] tomoyo_path_number_perm+0x245/0x590 [ 1075.384755][T25303] ? tomoyo_path_number_perm+0x232/0x590 [ 1075.387234][T25303] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1075.389915][T25303] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1075.392603][T25303] ? __fget_files+0x256/0x400 [ 1075.394732][T25303] security_file_ioctl+0x75/0xc0 [ 1075.396864][T25303] __x64_sys_ioctl+0xbb/0x220 [ 1075.398949][T25303] do_syscall_64+0xcd/0x250 [ 1075.400519][T25303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1075.402490][T25303] RIP: 0033:0x7f54ae9773b9 [ 1075.404349][T25303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1075.411665][T25303] RSP: 002b:00007f54af7bc048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1075.414740][T25303] RAX: ffffffffffffffda RBX: 00007f54aeb05f80 RCX: 00007f54ae9773b9 [ 1075.417522][T25303] RDX: 00000000200003c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 1075.420677][T25303] RBP: 00007f54af7bc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1075.423446][T25303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1075.426316][T25303] R13: 000000000000000b R14: 00007f54aeb05f80 R15: 00007ffe6f8e6eb8 [ 1075.429380][T25303] [ 1075.446376][T25303] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1075.491623][T25314] xt_bpf: check failed: parse error [ 1075.628050][T25222] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1075.694439][T25222] veth0_vlan: entered promiscuous mode [ 1075.703876][T25222] veth1_vlan: entered promiscuous mode [ 1075.733650][T25222] veth0_macvtap: entered promiscuous mode [ 1075.740149][T25222] veth1_macvtap: entered promiscuous mode [ 1075.763949][T25222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1075.767994][T25222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1075.772052][T25222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1075.777273][T25222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1075.781345][T25222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1075.786576][T25222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1075.792709][T25222] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1075.798591][T25222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1075.803760][T25222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1075.808151][T25222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1075.813930][T25222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1075.822058][T25222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1075.832296][T25222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1075.837730][T25222] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1075.842786][T25222] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1075.846282][T25222] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1075.849585][T25222] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1075.854124][T25222] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1075.947526][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1075.959150][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1075.998131][ T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1076.001666][ T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1076.088068][T25322] ------------[ cut here ]------------ [ 1076.091892][T25322] WARNING: CPU: 2 PID: 25322 at kernel/workqueue.c:2259 __queue_work+0xc2b/0x1070 [ 1076.095762][T25322] Modules linked in: [ 1076.097570][T25322] CPU: 2 UID: 0 PID: 25322 Comm: syz.0.6604 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1076.104020][T25322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1076.107851][T25322] RIP: 0010:__queue_work+0xc2b/0x1070 [ 1076.110076][T25322] Code: 07 83 c0 03 38 d0 7c 09 84 d2 74 05 e8 7e 34 92 00 8b 5b 2c 31 ff 83 e3 20 89 de e8 5f 08 35 00 85 db 75 60 e8 56 0d 35 00 90 <0f> 0b 90 e9 08 f8 ff ff e8 48 0d 35 00 90 0f 0b 90 e9 b7 f7 ff ff [ 1076.117533][T25322] RSP: 0018:ffffc9000341f7a0 EFLAGS: 00010046 [ 1076.119880][T25322] RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc9000c431000 [ 1076.122762][T25322] RDX: 0000000000040000 RSI: ffffffff81556dda RDI: 0000000000000005 [ 1076.126118][T25322] RBP: ffff8880652b8b10 R08: 0000000000000005 R09: 0000000000000000 [ 1076.129456][T25322] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1076.132866][T25322] R13: 0000000000000008 R14: ffff88805ac3f800 R15: ffff88805ac3f800 [ 1076.136086][T25322] FS: 00007f54af79b6c0(0000) GS:ffff88806b200000(0000) knlGS:0000000000000000 [ 1076.139747][T25322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1076.142629][T25322] CR2: 00007fe00f437d60 CR3: 000000004e6fa000 CR4: 0000000000352ef0 [ 1076.146111][T25322] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1076.149453][T25322] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1076.152917][T25322] Call Trace: [ 1076.154181][T25322] [ 1076.155185][T25322] ? show_regs+0x8c/0xa0 [ 1076.156663][T25322] ? __warn+0xe5/0x3c0 [ 1076.158374][T25322] ? __queue_work+0xc2b/0x1070 [ 1076.160436][T25322] ? report_bug+0x3c0/0x580 [ 1076.162098][T25322] ? handle_bug+0x3d/0x70 [ 1076.163746][T25322] ? exc_invalid_op+0x17/0x50 [ 1076.165712][T25322] ? asm_exc_invalid_op+0x1a/0x20 [ 1076.167901][T25322] ? __queue_work+0xc2a/0x1070 [ 1076.169933][T25322] ? __queue_work+0xc2b/0x1070 [ 1076.171704][T25322] ? __pfx_clear_pending_if_disabled+0x10/0x10 [ 1076.173520][T25322] ? hci_conn_add_sysfs+0x158/0x230 [ 1076.175388][T25322] ? rcu_is_watching+0x12/0xc0 [ 1076.177494][T25322] queue_work_on+0x11a/0x140 [ 1076.179459][T25322] l2cap_chan_send+0xb86/0x2a30 [ 1076.181284][T25322] ? trace_contention_end+0xea/0x140 [ 1076.183572][T25322] ? find_held_lock+0x59/0x110 [ 1076.185744][T25322] ? __pfx_l2cap_chan_send+0x10/0x10 [ 1076.188095][T25322] ? l2cap_sock_sendmsg+0x1a4/0x300 [ 1076.190452][T25322] l2cap_sock_sendmsg+0x228/0x300 [ 1076.192748][T25322] ____sys_sendmsg+0xab5/0xc90 [ 1076.194868][T25322] ? copy_msghdr_from_user+0x10b/0x160 [ 1076.197314][T25322] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1076.199691][T25322] ? __lock_acquire+0x1620/0x3cb0 [ 1076.202004][T25322] ___sys_sendmsg+0x135/0x1e0 [ 1076.203986][T25322] ? __pfx____sys_sendmsg+0x10/0x10 [ 1076.206027][T25322] ? handle_mm_fault+0x4c9/0x7b0 [ 1076.207980][T25322] ? __pfx___might_resched+0x10/0x10 [ 1076.210327][T25322] ? __might_fault+0xe3/0x190 [ 1076.212436][T25322] __sys_sendmmsg+0x1a1/0x450 [ 1076.214376][T25322] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1076.216521][T25322] ? __pfx_do_futex+0x10/0x10 [ 1076.218524][T25322] ? xfd_validate_state+0x5d/0x180 [ 1076.220785][T25322] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 1076.223445][T25322] ? syscall_user_dispatch+0x7a/0x130 [ 1076.225808][T25322] __x64_sys_sendmmsg+0x9c/0x100 [ 1076.227749][T25322] do_syscall_64+0xcd/0x250 [ 1076.229767][T25322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1076.231957][T25322] RIP: 0033:0x7f54ae9773b9 [ 1076.233497][T25322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1076.241097][T25322] RSP: 002b:00007f54af79b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1076.244724][T25322] RAX: ffffffffffffffda RBX: 00007f54aeb06058 RCX: 00007f54ae9773b9 [ 1076.248190][T25322] RDX: 00000000ffffff80 RSI: 0000000020004100 RDI: 0000000000000008 [ 1076.251659][T25322] RBP: 00007f54ae9e48e6 R08: 0000000000000000 R09: 0000000000000000 [ 1076.255151][T25322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1076.258515][T25322] R13: 000000000000006e R14: 00007f54aeb06058 R15: 00007ffe6f8e6eb8 [ 1076.261975][T25322] [ 1076.263366][T25322] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1076.266413][T25322] CPU: 2 UID: 0 PID: 25322 Comm: syz.0.6604 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0 [ 1076.270709][T25322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1076.274841][T25322] Call Trace: [ 1076.276191][T25322] [ 1076.277370][T25322] dump_stack_lvl+0x3d/0x1f0 [ 1076.279341][T25322] panic+0x6f5/0x7a0 [ 1076.281335][T25322] ? __pfx_panic+0x10/0x10 [ 1076.283531][T25322] ? show_trace_log_lvl+0x363/0x500 [ 1076.285959][T25322] ? __queue_work+0xc2b/0x1070 [ 1076.288151][T25322] check_panic_on_warn+0xab/0xb0 [ 1076.290536][T25322] __warn+0xf1/0x3c0 [ 1076.292536][T25322] ? __queue_work+0xc2b/0x1070 [ 1076.294783][T25322] report_bug+0x3c0/0x580 [ 1076.296783][T25322] handle_bug+0x3d/0x70 [ 1076.298957][T25322] exc_invalid_op+0x17/0x50 [ 1076.301347][T25322] asm_exc_invalid_op+0x1a/0x20 [ 1076.303818][T25322] RIP: 0010:__queue_work+0xc2b/0x1070 [ 1076.306220][T25322] Code: 07 83 c0 03 38 d0 7c 09 84 d2 74 05 e8 7e 34 92 00 8b 5b 2c 31 ff 83 e3 20 89 de e8 5f 08 35 00 85 db 75 60 e8 56 0d 35 00 90 <0f> 0b 90 e9 08 f8 ff ff e8 48 0d 35 00 90 0f 0b 90 e9 b7 f7 ff ff [ 1076.314675][T25322] RSP: 0018:ffffc9000341f7a0 EFLAGS: 00010046 [ 1076.317455][T25322] RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc9000c431000 [ 1076.320924][T25322] RDX: 0000000000040000 RSI: ffffffff81556dda RDI: 0000000000000005 [ 1076.324470][T25322] RBP: ffff8880652b8b10 R08: 0000000000000005 R09: 0000000000000000 [ 1076.328102][T25322] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1076.331555][T25322] R13: 0000000000000008 R14: ffff88805ac3f800 R15: ffff88805ac3f800 [ 1076.334645][T25322] ? __queue_work+0xc2a/0x1070 [ 1076.336605][T25322] ? __pfx_clear_pending_if_disabled+0x10/0x10 [ 1076.339060][T25322] ? hci_conn_add_sysfs+0x158/0x230 [ 1076.341251][T25322] ? rcu_is_watching+0x12/0xc0 [ 1076.343316][T25322] queue_work_on+0x11a/0x140 [ 1076.345399][T25322] l2cap_chan_send+0xb86/0x2a30 [ 1076.347596][T25322] ? trace_contention_end+0xea/0x140 [ 1076.349795][T25322] ? find_held_lock+0x59/0x110 [ 1076.351953][T25322] ? __pfx_l2cap_chan_send+0x10/0x10 [ 1076.354373][T25322] ? l2cap_sock_sendmsg+0x1a4/0x300 [ 1076.356751][T25322] l2cap_sock_sendmsg+0x228/0x300 [ 1076.359155][T25322] ____sys_sendmsg+0xab5/0xc90 [ 1076.361344][T25322] ? copy_msghdr_from_user+0x10b/0x160 [ 1076.363705][T25322] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1076.365802][T25322] ? __lock_acquire+0x1620/0x3cb0 [ 1076.367950][T25322] ___sys_sendmsg+0x135/0x1e0 [ 1076.369837][T25322] ? __pfx____sys_sendmsg+0x10/0x10 [ 1076.372094][T25322] ? handle_mm_fault+0x4c9/0x7b0 [ 1076.374331][T25322] ? __pfx___might_resched+0x10/0x10 [ 1076.376731][T25322] ? __might_fault+0xe3/0x190 [ 1076.378857][T25322] __sys_sendmmsg+0x1a1/0x450 [ 1076.380990][T25322] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1076.383340][T25322] ? __pfx_do_futex+0x10/0x10 [ 1076.385457][T25322] ? xfd_validate_state+0x5d/0x180 [ 1076.387795][T25322] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 1076.390549][T25322] ? syscall_user_dispatch+0x7a/0x130 [ 1076.392981][T25322] __x64_sys_sendmmsg+0x9c/0x100 [ 1076.395212][T25322] do_syscall_64+0xcd/0x250 [ 1076.397284][T25322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1076.400036][T25322] RIP: 0033:0x7f54ae9773b9 [ 1076.402086][T25322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1076.410583][T25322] RSP: 002b:00007f54af79b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1076.414307][T25322] RAX: ffffffffffffffda RBX: 00007f54aeb06058 RCX: 00007f54ae9773b9 [ 1076.417857][T25322] RDX: 00000000ffffff80 RSI: 0000000020004100 RDI: 0000000000000008 [ 1076.421265][T25322] RBP: 00007f54ae9e48e6 R08: 0000000000000000 R09: 0000000000000000 [ 1076.424759][T25322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1076.428282][T25322] R13: 000000000000006e R14: 00007f54aeb06058 R15: 00007ffe6f8e6eb8 [ 1076.431651][T25322] [ 1076.433542][T25322] Kernel Offset: disabled [ 1076.435545][T25322] Rebooting in 86400 seconds.. VM DIAGNOSIS: 07:49:46 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=1ffff92000000fd8 RCX=ffffffff815ac766 RDX=0000000000000000 RSI=ffffffff8bb08400 RDI=ffffffff8d7b2b60 RBP=ffff888064952440 RSP=ffffc90000007e98 R8 =0000000000000000 R9 =fffffbfff202569b R10=ffffffff9012b4df R11=0000000000000000 R12=ffff8880649524a8 R13=ffff888064952458 R14=ffff888064952e40 R15=ffffc90003e77b48 RIP=ffffffff815c7a94 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b2d2f6ff8 CR3=0000000050170000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc05d7a0a0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000001 RBX=000000002bb8c000 RCX=ffffffff90129c61 RDX=dffffc0000000000 RSI=ffffffff813e754a RDI=0000000000000006 RBP=ffff8880abb8c000 RSP=ffffc9000346f6a0 R8 =0000000000000006 R9 =ffff8880abb8c000 R10=000000002bb8c000 R11=ffff88806b128a40 R12=0000000000000000 R13=0000000000000000 R14=000000000003dc28 R15=000000000000035b RIP=ffffffff813e7561 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f1be61626c0 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055fa6e265000 CR3=00000000669ba000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=e4da071ce4da071c e4da071ce4da071c e4da071ce4da071c e4da071ce4da071c e4da071ce4da071c e4da071ce4da071c e4da071ce4da071c e4da071ce4da071c ZMM22=bdecdbe6bdecdbe6 bdecdbe6bdecdbe6 bdecdbe6bdecdbe6 bdecdbe6bdecdbe6 bdecdbe6bdecdbe6 bdecdbe6bdecdbe6 bdecdbe6bdecdbe6 bdecdbe6bdecdbe6 ZMM23=4e607a214e607a21 4e607a214e607a21 4e607a214e607a21 4e607a214e607a21 4e607a214e607a21 4e607a214e607a21 4e607a214e607a21 4e607a214e607a21 ZMM24=1837722d1837722d 1837722d1837722d 1837722d1837722d 1837722d1837722d 1837722d1837722d 1837722d1837722d 1837722d1837722d 1837722d1837722d ZMM25=f7e27900f7e27900 f7e27900f7e27900 f7e27900f7e27900 f7e27900f7e27900 f7e27900f7e27900 f7e27900f7e27900 f7e27900f7e27900 f7e27900f7e27900 ZMM26=dbc8a647dbc8a647 dbc8a647dbc8a647 dbc8a647dbc8a647 dbc8a647dbc8a647 dbc8a647dbc8a647 dbc8a647dbc8a647 dbc8a647dbc8a647 dbc8a647dbc8a647 ZMM27=8717f64e8717f64e 8717f64e8717f64e 8717f64e8717f64e 8717f64e8717f64e 8717f64e8717f64e 8717f64e8717f64e 8717f64e8717f64e 8717f64e8717f64e ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=6327000063270000 6327000063270000 6327000063270000 6327000063270000 6327000063270000 6327000063270000 6327000063270000 6327000063270000 info registers vcpu 2 CPU#2 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fe2765 RDI=ffffffff9519a720 RBP=ffffffff9519a6e0 RSP=ffffc9000341f180 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000020 R14=ffffffff84fe2700 R15=0000000000000000 RIP=ffffffff84fe278f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f54af79b6c0 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fe00f437d60 CR3=000000004e6fa000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a95c7021847052e c3fc4fb57c36de6a b1f5e2573bc48bfd 69af9b71015eecde ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 208eaa51b4add3f4 6adfc053f3d66304 6d54aa8bec520004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 63c5622010759a2c 0d409aa2a234cd5c b2e7b04dab3241b2 dd06bce5c75f88b3 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f2662683dbca44b3 d32496369cc43ba3 8c6fd0bcca13a522 35c0c82b47345892 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8665619c475d7f22 bf382129e5e4007b 5047837a730e5d2f d803c426230c0ac4 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4de7f79c65566b65 f73078b558f9f409 b25c59f8a01466bb 10627cddf2974ba8 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c59301c571e51e22 874a0c8873bc7875 6dad05a3d6a0a663 c5622010759a2c0d ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000012ea3ad RBX=0000000000000003 RCX=ffffffff8b11a529 RDX=0000000000000000 RSI=ffffffff8b4cc580 RDI=ffffffff8bb08480 RBP=ffffed10030db488 RSP=ffffc900001a7e08 R8 =0000000000000001 R9 =ffffed100d666fd9 R10=ffff88806b337ecb R11=0000000000000000 R12=0000000000000003 R13=ffff8880186da440 R14=ffffffff9012b4d8 R15=0000000000000000 RIP=ffffffff8b11b91f RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020005038 CR3=000000004e6fa000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1593e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a95c7021847052e c3fc4fb57c36de6a b1f5e2573bc48bfd 69af9b71015eecde ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 208eaa51b4add3f4 6adfc053f3d66304 6d54aa8bec520004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 63c5622010759a2c 0d409aa2a234cd5c b2e7b04dab3241b2 dd06bce5c75f88b3 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f2662683dbca44b3 d32496369cc43ba3 8c6fd0bcca13a522 35c0c82b47345892 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8665619c475d7f22 bf382129e5e4007b 5047837a730e5d2f d803c426230c0ac4 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4de7f79c65566b65 f73078b558f9f409 b25c59f8a01466bb 10627cddf2974ba8 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c59301c571e51e22 874a0c8873bc7875 6dad05a3d6a0a663 c5622010759a2c0d ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000