last executing test programs: 10.02589369s ago: executing program 1 (id=2568): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='mm_vmscan_lru_shrink_inactive\x00', r0, 0x0, 0x80}, 0x18) set_mempolicy(0x2, &(0x7f0000000140)=0x8001, 0x2) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r1, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00') r3 = socket$inet6_tcp(0xa, 0x1, 0x0) shmget(0x0, 0x1000, 0x800, &(0x7f0000ffc000/0x1000)=nil) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, 0x0, 0x40001) bind$inet6(r3, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) sendto$inet6(r3, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000002140)=""/4096, 0x1000}], 0x1, 0x141, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x2, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x300, 0x0, 0x54, 0x6}, 0x9c) 9.855939889s ago: executing program 1 (id=2570): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_usbip_server_init(0x6) socket$netlink(0x10, 0x3, 0x15) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) r5 = signalfd(r3, &(0x7f00000005c0)={[0xffffff57, 0x40]}, 0x8) linkat(0xffffffffffffffff, 0x0, r5, &(0x7f0000000680)='./file0\x00', 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r6, &(0x7f0000000640)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x402010}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xb8, 0x0, 0x8, 0x301, 0x0, 0x0, {0x3, 0x0, 0x4}, [@CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0xd9de}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_DCCP_RESPOND={0x8, 0x2, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x7ff}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x9e7}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6003}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6002}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x44, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xc19}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x160fc7b7}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8808}]}, 0xb8}, 0x1, 0x0, 0x0, 0xc0}, 0x4000) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', r7, 0x0, 0x1}, 0x18) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x94) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r8) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x40, r9, 0x60b, 0x70bd2d, 0x0, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x4}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x40}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x40}}, 0x0) 4.522541129s ago: executing program 0 (id=2589): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0x64, 0x30, 0x9, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc, 0x8, {0xe4ff}}}}]}]}, 0x64}}, 0x0) 4.10900229s ago: executing program 2 (id=2591): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000003a40), 0x8) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000380)={0x2, &(0x7f0000000b40)=[{@fixed}, {@fixed}]}) socketpair(0x2, 0x3, 0x5, &(0x7f0000003a80)) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNGETFILTER(r5, 0x801054db, 0x0) recvmmsg(r2, &(0x7f0000000580)=[{{&(0x7f0000000600)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000300)=""/104, 0x68}, {&(0x7f0000000000)=""/36, 0x24}, {&(0x7f00000003c0)=""/120, 0x78}, {&(0x7f0000000140)=""/61, 0x3d}], 0x4, &(0x7f0000000480)=""/217, 0xd9}, 0x3ac}], 0x1, 0x102, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x0, 0x8894) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r8 = gettid() timer_settime(0x0, 0x1, 0x0, 0x0) r9 = openat$audio(0xffffffffffffff9c, &(0x7f00000005c0), 0x40000000008d82, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002e00)=[{{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000940)=[{&(0x7f0000000680)="53233523068af0f01c3f115ad19388742fa5a03fedc59091252c85dfa2e469c0004dc21a051052535d4e5dabb8854951b06447d958458f95e1ba960133d1c001a7844e8a1cc14c760bc6ba9a9ae364033ecb6081c5fcc55e49a4e471debe855ee37b510c8a3bb576468821d63ad896e368224cd047ee547eabcde484b42e4a629a4713aab60d2c57a55fa4f636b965418a8fb16d33c66dc5c2d42fcfd27c37e0f08692f30621ae2ef4dc36f6272e4a6fcac42de8fdccc658a4bf", 0xba}, {&(0x7f0000000740)="39d4b3eebadc28c5d63ca3d07f03f019a812ead6d5e097f0f227b8f7ee8034da5d6a4dca52f18c011a282db177cfb14bc5b86012812b5b96e583a0e57508c4aa720180775798ea9fa9e0d377f38a8300cf2c4e084f4de684e9dc1260d0246840f72d85fa67584cb578be988db073c0e41c7aff053be2a35e812086473353625ed12ad718a0bf4a0a43bbc2cac6ba1ba57921810f551506a722afcd6bf1022bea40b561a367df84d1ce47295d6d39b4acd7c4c75ed00a3146eede5ca0e2ad248703f30a779446b893aa48f7d51705346e547a", 0xd2}, {&(0x7f0000000840)="7d9c064a0dd29ae11074460e33", 0xd}, {&(0x7f0000000880)="527b388dcaf4d9e81396d133b8fb3c392569e8b893183177c8d551e67f7ded5e784062cb95d823727ab364022a60e579e826ea939bcb6126e414b006c6935a7975a91bbb0137865fcef8ff687c21ec9330db927bbe11594ab0ed64fcdd0cac5d9aa279036c2f6d47fff23e497e15460ab66fd3c6b7bc0fd367dba63b35a199f70badb0e1112d31415b00586c4f57eedef47d2f49f0afc3cba120a5beb8b4f512e59b0795ab166d82ecba059b", 0xac}], 0x4, &(0x7f0000002d40)=[@cred={{0x18, 0x1, 0x2, {r8}}}, @rights={{0x18, 0x1, 0x1, [r9, r2, 0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [r0]}}, @cred={{0x18, 0x1, 0x2, {r8}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r3, 0xffffffffffffffff]}}, @cred={{0x18, 0x1, 0x2, {r8}}}, @cred={{0x18, 0x1, 0x2, {r8}}}, @rights={{0x14, 0x1, 0x1, [r1, r9]}}], 0xb4, 0x24000080}}], 0x1, 0x20008805) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(0xffffffffffffffff, 0x0, r10, 0x0, 0x39000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x9, @mcast2, 0x8}, {0xa, 0x4e24, 0x7, @mcast2, 0x3}, 0xffffffffffffffff, 0x1fd}}, 0x48) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r11 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r11, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900}) syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) 3.249643098s ago: executing program 0 (id=2592): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'dvmrp1\x00', 0x2}) ioctl$TUNSETVNETBE(r0, 0x400454de, 0x0) mq_open(0x0, 0x40, 0x80, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x1010000, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) unshare(0x22020600) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x2, 0x2000) syz_emit_ethernet(0xb6, &(0x7f0000000440)=ANY=[@ANYBLOB="0f539af21094aaaaaaaaaabb86dd601200b000803a0000000000000000000000000000000000ff02000000000000000000000000000104039078000000006000000000002c00fc010000000000000000000000000000000000000000012f01000000000000070822ebffff00fc00000000000000003206010300000000fe8000000000000000000000000000aa20010000000000000000000000000001fc010000000000000000000000000000dae9e9eaa6d4e2970e8769a449045991f67bd80e345f5e896bfa24000000000000000000"], 0x0) r3 = socket$alg(0x26, 0x5, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r4, 0x84, 0x7f, &(0x7f0000000040)="03020000008002ff", 0x8) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000d00)='kfree\x00', r5}, 0x10) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$sock_SIOCSIFBR(r6, 0x8941, &(0x7f00000000c0)=@get={0x1, 0x0, 0x9}) bind$alg(r3, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x1, r3, 0x0}) r7 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_int(r7, 0x0, 0x17, 0x0, &(0x7f00000001c0)=0x1) 3.139268055s ago: executing program 2 (id=2594): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) getpid() (async) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x139b41, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) socket(0x10, 0x3, 0x0) (async) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) (async) socket$nl_generic(0x10, 0x3, 0x10) openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x101403, 0x0) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x2) (async) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f00000000c0)={0x0, 0xc000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f0000000000)={0x8000000}) (async) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0xa, 0x8, 0x0, 0x3}, 0x0) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_SET_VRING_ERR(r5, 0x8001af85, &(0x7f0000000140)={0x1}) (async) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) (async) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000009, 0x15031, 0xffffffffffffffff, 0x0) (async) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x360}) 3.139119319s ago: executing program 2 (id=2595): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x4000000, 0x0, 0x9]}) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f00000002c0)={"8022e64e74e6f67b82f0d8a62127912e8e0facb291d8f00126635901181631134a20c7ef49c18bc0bbece53852b95bb8302f6c2286d6b0fb5b13bbdd128c382cebf211c3853f6fb48ab335f3ac853cf7c64d4f27ece7c262cdabfa5660cde1d28dc3eab72b8cfa5b08d6129c86ca79bd9dc43c37e75246dcf04b3816fd90365c877a2c10e8ef4c444ecb4784a0afbf5e962e390bb1ad3bbce049ae51325e79f5ab8bfa80b35fff1da6833ec7fa9ebfc93da9e4b190e5e3a752eca97dc669a937e6ab654169108a38d414fb90e1b894494f314298428ef482b0ff9084c95e735b6b09ca2de115d77f6a657fb7da142c896f9dce212aa58af72879da88687ce4620501a4ba17e906a02662f902745e8ddfb50874ce099ac0fc00ed05470d176364b1f30495b4a088bdde663172734fa8107e5fc0cd4fa60869c83a6669a4ea3040dbaa38f2571543d8521e37ab5aa5be850e3ade4b9eb09e6de146aa0c8fc98fea7bb50efa589af6978ec8d970f908dc4676ea3d15b3b6ebe8ae56a6292704900e611367b278b6716b4d04279792aeb649688ac6bcb7a5e58cbab0c07c8916a7cef3bb0d6303523bad9c0ad5f3024dfbdf364792b75f0ba19d56c5b3bf645fc40061edf7e042de07fc652ec4958373d9f3af542adc030334cc63caa85c8a2628bb1d257c746b2cc57798c23e30f2799f5f392f6af7a3d0cc47299928634afd54ce987c1951989ef81b39f5c7ba4cb2a74250f15261fedf3a25396b83199151ea4b406c2e1aa3135f2a77a8d75b75ef0b25efcdb3b031d8eaed29862173e93994f8d6e6e70df79978551804744eefa635c71d4b38da513f3ea8f48853322cfe5ef1b1ee632e0fcd3eae1993d883fc91f0f2437dce252b6ce5175e7d119afcb9c3c92baf3df6716ce61b54d0dd7dda2360a4c93e26f3eaa4a1637d108966074638697f5b374cf9ae6b32dce29da73fece352c94a1bdb45d6e0fe98533562ee5e55d2f2d3ce5c301ca9c5706a1d0605414f103878eb88169e6681297616b4e1c8c1a43a33f5d99b619962066e7c5698470772696f58dbed61d8507119769e30101f229e012a08b76c0d752cdb290d46f2504177164282fbd084a4817b5ed7448586bc3de1d30af5472e6b67d2ad120e1401ebdcc5358c8eff7e68f4a48aed32f55970a5a6a7c7dcba4887bc4bb1c7fde1610ed25f4f64f25a9f79fad21b5e558fcc97c120c0977a92f5471cc391edf228ff4bf7f9fc7b92737e32b3af48780cb96f5623b5f01dcd3cea45d72ccdb7a36682fd3094542726b24790534728f2c0b2757edc7599ccb170b2db42c9460c42082081ab86d9d5fc971b4d7987ee2c70ced65e08d74474763c6d6ec671c42f6acaa4ccbd2fe981121c04571c1794450b9650b0249f2a633e880ab386510ea86298112a2f01f0ac7f81ee00"}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@x86={0x3, 0x6, 0x0, 0x0, 0x400, 0x8, 0x3, 0x8, 0x9, 0xff, 0x4, 0x5, 0x0, 0x8, 0x8, 0xfd, 0x6, 0xa, 0x3, '\x00', 0x75, 0x7}) ioctl$KVM_RUN(r3, 0xae80, 0x0) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) ioctl$TIOCL_GETMOUSEREPORTING(0xffffffffffffffff, 0x541c, &(0x7f0000000040)) 2.939734781s ago: executing program 2 (id=2596): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3d}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}}, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000000000)={r6, 0x55e, 0x0, 0x3eae}, &(0x7f0000000040)=0x10) r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f00000003c0)={'pcl818\x00', [0x4f23, 0x0, 0x1, 0x0, 0x1, 0x5, 0x8, 0x3, 0xa, 0xfd, 0xfffffffa, 0x1, 0x1, 0x1, 0x6, 0x101, 0xf7fffffe, 0x7f, 0x2, 0x40000003, 0x8c, 0xca9f, 0x0, 0x20001e58, 0xb, 0xe66, 0x3, 0x8, 0x4085, 0x0, 0xfbfffff8]}) 2.64425901s ago: executing program 1 (id=2578): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x2, 0x6, 0xfffff417) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000280)={0x2, 0xc0, 0x340, &(0x7f00000005c0)=[0x9, 0x6, 0x3, 0x2bdebfaf, 0x1, 0x8000000000000001, 0x3, 0x1, 0x1, 0x7, 0x401, 0xf, 0x4a, 0x8, 0x7, 0x8, 0x1, 0x6, 0x0, 0x40, 0x10001, 0x9, 0x5, 0x87c, 0x40, 0xfffffffffffffffc, 0x2, 0x4, 0x1ff, 0x8, 0x6, 0x8000, 0xa, 0x0, 0x10000, 0x9, 0x9, 0x7, 0xf4b, 0x4, 0x1ceb6868, 0x81, 0x80000000, 0x2, 0x6, 0xffffffff, 0x10001, 0x7fffffff, 0x5, 0xffffffffffffffff, 0x1, 0x8001, 0x5, 0x59, 0x50, 0x7fff, 0x7fff, 0x8, 0x2, 0x0, 0x8, 0x1, 0x7, 0x5, 0x4, 0x5, 0x2, 0x5, 0x7, 0x5, 0x1, 0x2, 0x3, 0x3, 0xfff, 0x401, 0x8, 0x4, 0x401, 0x8, 0x9b9d, 0xb60, 0xe000000000, 0x101, 0x7, 0xfffffffffffffffa, 0xe, 0x4, 0x2, 0x800, 0x875, 0x7de, 0xe9, 0x8000000000000001, 0x6, 0x6f0d, 0x1, 0xcc3d, 0xa75, 0x2, 0xb, 0x27a3, 0x6, 0x8, 0x7, 0x9, 0x0, 0xfffffffffffffffe, 0xfffffffffffffff9, 0x6, 0x2, 0x3, 0x20000000000000, 0x9, 0x8, 0xfffffffffffffffb, 0x3, 0x7fffffff, 0x1000, 0x5, 0x9, 0x9, 0x0, 0x2, 0x7, 0xbe9, 0x2]}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b04000000f6000000000200fffe440004802000018007000100637400001400028008000240000000160500030000000000200001800700010063740000140002800800024000000011080004400000000c140000001100010000000000000000000500000a"], 0x80}, 0x1, 0x0, 0x0, 0x840}, 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='cramfs\x00', 0x2a00000, 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) write(r3, &(0x7f0000000000)="29000000140005d8ff00000004eabdeb0101b6ff02159f7e5520756b1933b49db96ad24d12595fbea5", 0x29) syz_io_uring_setup(0x74b9, &(0x7f0000000140)={0x0, 0xe8d8, 0x40, 0x3, 0x14c}, &(0x7f00000000c0), &(0x7f00000001c0)) 2.305326895s ago: executing program 0 (id=2597): r0 = socket$igmp6(0xa, 0x3, 0x2) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x72) r1 = fsopen(&(0x7f0000000140)='qnx4\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r2 = fsmount(r1, 0x0, 0x8c) syz_clone3(&(0x7f0000000340)={0x201800000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @remote, @remote, 0x3, 0x2, 0x5, 0x400, 0xb7, 0xc20022, r4}) mount$tmpfs(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000f80), 0x1000414, &(0x7f00000000c0)={[{@grpquota_block_hardlimit={'grpquota_block_hardlimit', 0x3d, [0x30]}}]}) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r6, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) 1.721530207s ago: executing program 2 (id=2598): r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1) r2 = creat(&(0x7f0000000580)='./file0\x00', 0x0) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYRES32=r0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) fremovexattr(r0, &(0x7f0000000100)=@known='trusted.overlay.redirect\x00') write$qrtrtun(r2, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@ifindex, 0x2, 0x1, 0x7fff, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0], 0x0}, 0x40) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r4, 0x0, 0x30, 0x0, @val=@netkit={@void, @value=r0, @void, @void, r5}}, 0xdd) creat(&(0x7f0000000040)='./file0\x00', 0x4b) mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1f, 0x12, r1, 0x0) 1.720456914s ago: executing program 3 (id=2600): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0xcb1f, 0x4) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000e80), r1) sendmsg$IEEE802154_START_REQ(r1, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000ec0)={0x44, r2, 0x1, 0x70bd28, 0x25dfdbff, {}, [@IEEE802154_ATTR_SF_ORD={0x5, 0x18, 0x1}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x1}, @IEEE802154_ATTR_PAN_COORD={0x5, 0x19, 0x7}, @IEEE802154_ATTR_BCN_ORD={0x5, 0x17, 0xde}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x1}]}, 0x44}}, 0x10) bind$inet6(r0, &(0x7f0000f65000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10) sendmsg$can_bcm(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0) sendmsg$can_bcm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="01000000000000000100000000000000", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="00000000010000000282cefe99"], 0x48}}, 0x20000000) sendto$inet6(r0, 0x0, 0x0, 0xfffffefffbfbbfbe, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0x6}, 0x1c) 1.719776943s ago: executing program 2 (id=2601): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) lsetxattr(&(0x7f0000002000)='.\x00', &(0x7f0000002040)=@known='system.posix_acl_access\x00', &(0x7f0000002080)='\x00', 0x1, 0x3) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0xb05, 0x17e0, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x559, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x13, 0x2, 0x8}}}}}]}}]}}, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001400210200000000fcdbdf25031100800c0002"], 0x114}], 0x1}, 0x40014) recvfrom$rxrpc(0xffffffffffffffff, &(0x7f0000000040)=""/31, 0x1f, 0x10102, &(0x7f0000000140)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e24, @broadcast}}, 0x24) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ipvlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x3c}}, 0x0) 1.658068115s ago: executing program 3 (id=2602): syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x9c, 0x0, @wg}}}}}, 0x0) syz_emit_ethernet(0x9e, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty=0x7c}, {0x0, 0x4e22, 0x7c, 0x0, @wg=@data={0x4, 0x0, 0x0, '\x00'/100}}}}}}, 0x0) 1.657640215s ago: executing program 3 (id=2603): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r2, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, &(0x7f0000000100), 0x10) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) modify_ldt$write2(0x11, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0xfffffffffffffffe, 0x9, 0x9, 0x1, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x2d}}}, 0xa0) socket$kcm(0x11, 0xa, 0x300) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000280)={'gre0\x00', &(0x7f00000003c0)={'erspan0\x00', 0x0, 0x10, 0x10, 0x5, 0x5, {{0x1f, 0x4, 0x2, 0x24, 0x7c, 0x67, 0x0, 0x6, 0x2f, 0x0, @multicast1, @empty, {[@lsrr={0x83, 0x7, 0x93, [@dev={0xac, 0x14, 0x14, 0x32}]}, @timestamp_prespec={0x44, 0x3c, 0x89, 0x3, 0x4, [{@remote, 0x8}, {@loopback, 0x7}, {@multicast1, 0x9}, {@multicast2, 0x5}, {@private=0xa010100, 0x40}, {@multicast1, 0x5}, {@rand_addr=0x64010102, 0x8}]}, @ssrr={0x89, 0x1f, 0xb8, [@rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, @local, @local, @empty, @remote]}, @ra={0x94, 0x4}]}}}}}) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r5, 0x5, 0xe, 0x0, &(0x7f0000000000)="255161fc12e31d068d10d1c2bd39", 0x0, 0x1f, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) syz_open_pts(0xffffffffffffffff, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113) r7 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0) pwritev2(r7, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r6, 0x40000000) 1.496783607s ago: executing program 1 (id=2604): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = dup(r3) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240b1c3f83800f9977752021441c5e2bbf48ab947b98a60207c9644beaf86de619f10619566f1d64dcb7ed6fe56c1cbd6ea7897e17eaa2b7a91972083d0388287e6c6bfd2d28edf944a8713c8a1441f44b9622fbfb820482785ca5093b0f43aaaf677a7203adcf0e8de91f8db1e020b240c742df8a9e358b1302b68f49cd57ac7ae0019c02dd717b14d8f8792514750144f32b057bd1de9f6c09591100dc3eb"], 0x64}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x40044) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x19, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000005000000000000000700000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000d9b9843185", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000ff0340007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000820000008500000050000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r6}, 0x10) r7 = syz_io_uring_setup(0x10d, 0x0, &(0x7f0000000340)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r9 = socket$inet6(0xa, 0x2, 0x3a) r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00') read$FUSE(r10, &(0x7f0000004180)={0x2020}, 0x2020) sendmsg$SMC_PNETID_DEL(r10, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16, @ANYBLOB="100027bd7000fbdbdf2503000000140002006261746164765f736c6176655f30000005000400010000000900010073797a31000000001400020070696d367265673100000000000000001400020076657468315f746f5f68737200000000ae9c3ba11568eb780be59fb0f1d2b390766c9506131c0d727f92a8de9944651ef78b136c35f7082cb297bc5280131ca9ab80227331ddda3071104377bfa506493c3f68219cbb12d404eea24ab2173fa0516935e3483b2b07b329ec11d7ab8f9838238f48c696bd457190716a1beef8d292324950723051dc3eb0fe102c670fdfe44368244290092cade5de4019db9d713f584243aba14fdb1b94375b9d11c95e7ac723c0402e907156416598cbc8062c2b07fa8842f455a3f0140eabd6f7d0a660b5ac01b17de3557e2db5e6250cf34d26cb8558612c730b320e79b70a627420d7cb2a83eda82879f367332c94cfbe3aac6fecfbbe0866513080981552148bae10672d156ab0ad17d6c2d94f6370df82e23d48054d0dc088aac955310a91d8532f14b7f25378b0c6ed380d9299ea26eabb82628d4e5417bed7c250c1327bf433427bae06d021cce97268e6dace42226e8551ce7cfec56095f3efd7b297522bf31a3a431f663fd61dbb7b53e5df3d56e35dcfec6da3dd9d6a97a5eb318538499592d753d1f01fca6d877720c834e084c77df3ea458d2cb143821585ef2f14f87f86369944de0697ac918cfa6a4a54d124bd027d2b61042a885c2bdcfa720786e89276dc818c503e22c745cce77993700cfe0240c612c3d05b3b4325eaaa46d46766"], 0x64}, 0x1, 0x0, 0x0, 0x20008440}, 0x804) connect$inet6(r9, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) sendto$inet6(r9, &(0x7f0000000100)="800037e9220ca1ce", 0x8, 0x0, &(0x7f0000000140)={0xa, 0x4e24, 0x6, @mcast2, 0xf}, 0x1c) syz_io_uring_submit(r8, 0x0, &(0x7f00000002c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x11, 0x0, 0xa33, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0) 1.279725543s ago: executing program 0 (id=2605): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, &(0x7f0000000140), &(0x7f00000000c0)=0x4) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r2 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)}], 0x1, 0x2040801) sendmsg$key(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={0x0}}, 0x80) r3 = openat$cdrom(0xffffff9c, &(0x7f00000001c0), 0x2000, 0x0) readv(r3, &(0x7f0000000380)=[{&(0x7f0000000200)=""/195, 0xc3}], 0x1) ioctl$CDROMRESET(r3, 0x5312) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x22}}}}, 0x84) setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000400)=ANY=[@ANYBLOB="0300000002004e23e00000020000ffa400000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a23f10e9708681fefed56f1cd1abaed5923d2e96788565c4638505b69dcc5272c7450e63dc4b963e655abf7ecc3a942ac2b1f489ed94713486cb5ea3da675541da92a077a9ee6836bdd9ce496a8d05b2a0049115e5b0cc64d89d9b51dd22cb6cbdae405d7ece0487b50f9d5ce4b296831941cb20"], 0x90) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00') r6 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYRES32], 0x44}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x2c, 0x11, 0x1, 0x2000000, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xffff}}, [{0x8, 0xb, 0x200}]}, 0x2c}}, 0x0) ioctl$BSG_GET_RESERVED_SIZE(r5, 0x2272, &(0x7f00000003c0)) sendmsg$key(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) unshare(0x46000000) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='ufs\x00', 0x2a08840, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) 758.173214ms ago: executing program 3 (id=2606): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x2c, 0x10, 0x403, 0x70bd25, 0xf0ffffff, {0x0, 0x0, 0x0, r2, 0x500}, [@IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008004}, 0x8000) 757.898763ms ago: executing program 3 (id=2607): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50010000100001002dbd700000000000640101020000000000000000000000000000000000000000000000000000000100"/60, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000232000000000000000000000000000000000000010000000000000000000000000000000000000000080000000000000000000000090000000000000000000000000000000600000000000000a3355f93000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000002000200bf00000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c001700000000000000000000000000ff7fffff00000000"], 0x150}, 0x1, 0x0, 0x0, 0x4048091}, 0x0) (async) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) (async) keyctl$restrict_keyring(0xa, 0x0, &(0x7f0000000300)='asymmetric\x00', 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000300)={0x84, @loopback, 0x4e22, 0x1, 'nq\x00', 0x0, 0x10000}, 0x2c) (async) setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000001280)={0x20000000000084, @remote, 0x0, 0x1, 'wlc\x00', 0x26, 0x0, 0x2}, 0x2c) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) (async) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f071, 0x1}) (async) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000080)={0x0, 0x8000, 0x30, 0xe5c, 0x1}, 0x0) bind$bt_hci(r2, &(0x7f0000000040), 0x6) (async) ioctl$sock_bt_hci(r2, 0x800448d7, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="580000001000390400"/20, @ANYRES32=r5, @ANYBLOB="0198000003130000380012800e0001006970366772657461700000002400028014000700fc0000000000000000000000000000010400120008", @ANYRES32=0x0, @ANYBLOB="15243e59fa01fcca9f1c805fd1b12d325d13a5db2098683d17fc"], 0x58}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0) 689.724406ms ago: executing program 3 (id=2608): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) recvmmsg$unix(r3, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x20000000, 0x0) 551.459296ms ago: executing program 1 (id=2609): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x74, 0x2c, 0xd27, 0x70bd25, 0x7ffd, {0x0, 0x0, 0x0, r3, {0x7, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_route={{0xa}, {0x44, 0x2, [@TCA_ROUTE4_POLICE={0x40, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x8, 0x20000000, 0x80000001, 0x1, 0x450b, {0x2, 0x0, 0xf00b, 0x1, 0x1}, {0x8, 0x0, 0x2, 0x14, 0x4, 0x3}, 0xfffff448, 0x80000000, 0x4}}]}]}}]}, 0x74}, 0x1, 0xffe4, 0x0, 0x1}, 0x800) 336.71037ms ago: executing program 1 (id=2610): r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x13}], 0x2) r2 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') read$FUSE(r2, &(0x7f0000003800)={0x2020}, 0x2020) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x28, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) write$RDMA_USER_CM_CMD_BIND(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(r2, 0xd0009411, &(0x7f0000000d40)={{0x0, 0x7f, 0xfff, 0x8, 0x7, 0x5, 0x0, 0xfffffff9, 0x7, 0xb14, 0x4, 0x2, 0xebf4, 0x4fc, 0x3ff}}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000000740)={{r4, 0x4, 0x10, 0x1, 0xa, 0xb8eb, 0x100000001, 0x800, 0x80000000, 0x9, 0x1, 0x9, 0x8, 0xf, 0x68}, 0x28, [0x0, 0x0, 0x0, 0x0, 0x0]}) sendmsg$SOCK_DIAG_BY_FAMILY(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f00000001c0)={0x20, 0x14, 0x105, 0x70bc2a, 0x2ddfdb7b, {0x11}, [@INET_DIAG_REQ_BYTECODE={0x9, 0x1, "053e3e71ed"}]}, 0x20}, 0x1, 0x0, 0x0, 0x8086}, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) syz_open_dev$dri(0x0, 0x0, 0x0) r5 = fsopen(&(0x7f0000000000)='udf\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x3, 0x0, 0xe, 0x60a00, 0xffffffffffffffff, 0xfffffff8, '\x00', 0x0, r0, 0x4, 0x5, 0x4, 0x7}, 0x50) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, 0x0, &(0x7f00000000c0)='io#harset', 0x0) openat$tcp_congestion(0xffffff9c, &(0x7f0000000280), 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) write$cgroup_int(r6, &(0x7f0000000040)=0x3, 0x12) 85.93794ms ago: executing program 0 (id=2611): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) openat$sw_sync(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$FUSE(r1, &(0x7f00000040c0)={0x2020}, 0x2020) openat$audio(0xffffff9c, &(0x7f0000000000), 0x8001, 0x0) (async) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r1, 0xc0884123, &(0x7f00000000c0)={0x4, "9fa41370929ac2f453fd19d28f9801b6a5a347e4cedaa67e8cd59274345dfd9373800343256ea8bbac7d5e0c66f4745137be3fc2e087af920525e52871e21cb9", {0x7ff, 0x1}}) (async) write$dsp(r0, &(0x7f00000003c0)="db2900170000000b000029be178351adfa43d1a7ccbe2f9313dad3750c9f190668dfc98330628fcac2d021875812e1ccb623bf39b82773380741fe4b318e145c09e86fa18f04f35d6d67e62749a4ed79a44c69807d88548105b877f4f2000002000000000019ad98d77115f9ea3ca7969c778c1783093990d585aed31928e768308578082bae96256a1364c79f1de77cac2d2fe0b3dc827932c9f967480e716309210e1230ea836f8139d4dbc1170851626e12e51c09a8a7c7fedfd43217e43a9ef2027c3f66dbb674e86c379c192de0ba02bc1d2411e9716ce407e248eae31d7fe4a87a2e300e0025ccb464ce816942abd9d9d612649be4deda79619f2548d3ebd79790d4bcd4a2bf5e50934000000040000000000000000000000e6d808511c62e4c982228c3e1c94e80440b064d206dba5b9ddd3af14b", 0x138) (async) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) (async) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000180)=0x101) 0s ago: executing program 0 (id=2612): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400448c0}, 0x0) (fail_nth: 34) 0s ago: executing program 0 (id=2613): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000007c0)={0x4c, r1, 0x1, 0x0, 0x0, {{0x3b, 0x0, 0x6000}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x2a, 0x33, @action={{{}, {}, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x0, 0x84, 0xff}, @val={0x76, 0x6, {0x4, 0x5, 0x19, 0x3}}}}}}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x4c}}, 0x0) kernel console output (not intermixed with test programs): 99] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1883'. [ 405.205858][T13899] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1883'. [ 405.225854][T13901] netlink: 'syz.2.1884': attribute type 21 has an invalid length. [ 405.229687][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 405.232068][T13901] netlink: 'syz.2.1884': attribute type 1 has an invalid length. [ 405.234465][T13901] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1884'. [ 405.336088][T13903] bond0: (slave batadv_slave_0): Releasing backup interface [ 405.415688][T13906] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1883'. [ 405.429572][T13906] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1883'. [ 406.269695][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 406.417122][ T6040] usb 44-1: device descriptor read/8, error -110 [ 406.711741][T13917] syz_tun: entered promiscuous mode [ 406.714694][T13917] batadv_slave_0: entered promiscuous mode [ 406.717885][T13917] debugfs: 'hsr1' already exists in 'hsr' [ 406.720283][T13917] Cannot create hsr debugfs directory [ 406.722055][T13917] hsr1: Slave A (syz_tun) is not up; please bring it up to get a fully working HSR network [ 406.725143][T13917] hsr1: Slave B (batadv_slave_0) is not up; please bring it up to get a fully working HSR network [ 406.729875][T13917] hsr1: entered allmulticast mode [ 406.731473][T13917] syz_tun: entered allmulticast mode [ 406.733207][T13917] batadv_slave_0: entered allmulticast mode [ 406.830692][ T6040] usb usb44-port1: attempt power cycle [ 407.299658][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 407.342383][T13939] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 407.410196][ T6040] usb usb44-port1: unable to enumerate USB device [ 407.472983][T13946] netlink: zone id is out of range [ 407.538996][T13946] netlink: set zone limit has 4 unknown bytes [ 408.009820][T13958] FAULT_INJECTION: forcing a failure. [ 408.009820][T13958] name failslab, interval 1, probability 0, space 0, times 0 [ 408.014563][T13958] CPU: 1 UID: 0 PID: 13958 Comm: syz.0.1896 Not tainted syzkaller #0 PREEMPT(full) [ 408.014599][T13958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 408.014609][T13958] Call Trace: [ 408.014616][T13958] [ 408.014623][T13958] dump_stack_lvl+0x16c/0x1f0 [ 408.014653][T13958] should_fail_ex+0x512/0x640 [ 408.014683][T13958] should_failslab+0xc2/0x120 [ 408.014705][T13958] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 408.014727][T13958] ? skb_clone+0x190/0x3f0 [ 408.014762][T13958] skb_clone+0x190/0x3f0 [ 408.014786][T13958] netlink_deliver_tap+0xabd/0xd30 [ 408.014815][T13958] netlink_unicast+0x64c/0x870 [ 408.014845][T13958] ? __pfx_netlink_unicast+0x10/0x10 [ 408.014868][T13958] ? __pfx___might_resched+0x10/0x10 [ 408.014895][T13958] netlink_sendmsg+0x8d1/0xdd0 [ 408.014922][T13958] ? __pfx_netlink_sendmsg+0x10/0x10 [ 408.014949][T13958] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 408.014971][T13958] ____sys_sendmsg+0xa98/0xc70 [ 408.014994][T13958] ? __pfx_____sys_sendmsg+0x10/0x10 [ 408.015012][T13958] ? get_compat_msghdr+0x11a/0x170 [ 408.015048][T13958] ___sys_sendmsg+0x134/0x1d0 [ 408.015074][T13958] ? __pfx____sys_sendmsg+0x10/0x10 [ 408.015111][T13958] ? find_held_lock+0x2b/0x80 [ 408.015146][T13958] __sys_sendmsg+0x16d/0x220 [ 408.015173][T13958] ? __pfx___sys_sendmsg+0x10/0x10 [ 408.015210][T13958] ? rcu_is_watching+0x12/0xc0 [ 408.015232][T13958] __do_fast_syscall_32+0x7c/0x300 [ 408.015262][T13958] do_fast_syscall_32+0x32/0x80 [ 408.015278][T13958] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 408.015299][T13958] RIP: 0023:0xf704e579 [ 408.015314][T13958] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 408.015331][T13958] RSP: 002b:00000000f543e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 408.015348][T13958] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080009b40 [ 408.015359][T13958] RDX: 0000000020040040 RSI: 0000000000000000 RDI: 0000000000000000 [ 408.015369][T13958] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 408.015378][T13958] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 408.015388][T13958] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 408.015427][T13958] [ 408.339646][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 409.389722][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 409.958581][T13992] netlink: zone id is out of range [ 409.970277][T13992] netlink: set zone limit has 4 unknown bytes [ 410.406081][ T40] kauditd_printk_skb: 17 callbacks suppressed [ 410.406097][ T40] audit: type=1804 audit(1758026491.484:1394): pid=14000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1907" name="/newroot/440/file0" dev="tmpfs" ino=2377 res=1 errno=0 [ 410.419686][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 410.684195][T14006] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 411.469665][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 411.783412][T14022] netlink: zone id is out of range [ 411.785358][T14022] netlink: zone id is out of range [ 411.787469][T14022] netlink: zone id is out of range [ 411.789105][T14022] netlink: zone id is out of range [ 411.819444][T14022] netlink: set zone limit has 4 unknown bytes [ 411.896803][T14026] all: renamed from bridge_slave_0 (while UP) [ 411.953981][T14016] fuse: Bad value for 'fd' [ 412.499676][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 412.693655][T14041] netlink: zone id is out of range [ 412.700698][T14041] netlink: zone id is out of range [ 412.858491][T14043] Invalid logical block size (2) [ 412.860810][T14043] xt_l2tp: v2 sid > 0xffff: 1114112 [ 413.238760][T14067] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 414.287720][T14079] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 414.290036][T14079] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 414.293212][T14079] vhci_hcd vhci_hcd.0: Device attached [ 414.301993][T14081] vhci_hcd: connection closed [ 414.302194][ T13] vhci_hcd: stop threads [ 414.305193][ T13] vhci_hcd: release socket [ 414.306672][ T13] vhci_hcd: disconnect device [ 414.495322][T14092] IPVS: Unknown mcast interface: veth0_virt_wifi [ 414.694075][T14101] program syz.0.1933 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 415.619662][ C1] net_ratelimit: 6 callbacks suppressed [ 415.619674][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 415.802047][T14124] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 416.283901][T14129] netlink: zone id is out of range [ 416.287306][T14129] netlink: zone id is out of range [ 416.318846][T14129] netlink: set zone limit has 4 unknown bytes [ 416.346876][T14131] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 416.367451][T14133] fuse: Unknown parameter 'group_i00000000000000000000' [ 416.571374][T14136] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1944'. [ 416.659660][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 416.908920][T14152] input: syz1 as /devices/virtual/input/input23 [ 417.081412][T14154] FAULT_INJECTION: forcing a failure. [ 417.081412][T14154] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 417.086859][T14154] CPU: 3 UID: 0 PID: 14154 Comm: syz.3.1948 Not tainted syzkaller #0 PREEMPT(full) [ 417.086879][T14154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 417.086888][T14154] Call Trace: [ 417.086893][T14154] [ 417.086899][T14154] dump_stack_lvl+0x16c/0x1f0 [ 417.086924][T14154] should_fail_ex+0x512/0x640 [ 417.086949][T14154] _copy_to_user+0x32/0xd0 [ 417.086965][T14154] simple_read_from_buffer+0xcb/0x170 [ 417.086981][T14154] proc_fail_nth_read+0x197/0x240 [ 417.086997][T14154] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 417.087014][T14154] ? rw_verify_area+0xcf/0x6c0 [ 417.087028][T14154] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 417.087042][T14154] vfs_read+0x1e4/0xcf0 [ 417.087062][T14154] ? __pfx_vfs_read+0x10/0x10 [ 417.087075][T14154] ? find_held_lock+0x2b/0x80 [ 417.087095][T14154] ? __fget_files+0x20e/0x3c0 [ 417.087116][T14154] ksys_read+0x12a/0x250 [ 417.087130][T14154] ? __pfx_ksys_read+0x10/0x10 [ 417.087147][T14154] ? rcu_is_watching+0x12/0xc0 [ 417.087165][T14154] __do_fast_syscall_32+0x7c/0x300 [ 417.087188][T14154] do_fast_syscall_32+0x32/0x80 [ 417.087200][T14154] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 417.087217][T14154] RIP: 0023:0xf708e579 [ 417.087228][T14154] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 417.087241][T14154] RSP: 002b:00000000f547e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 417.087255][T14154] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f547e620 [ 417.087263][T14154] RDX: 000000000000000f RSI: 00000000f7414ff4 RDI: 0000000000000000 [ 417.087271][T14154] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 417.087279][T14154] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 417.087287][T14154] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 417.087306][T14154] [ 417.346940][T14158] mkiss: ax0: crc mode is auto. [ 417.403237][T14160] 9pnet_fd: Insufficient options for proto=fd [ 417.504911][T14163] netlink: zone id is out of range [ 417.507738][T14163] netlink: zone id is out of range [ 417.509404][T14163] netlink: zone id is out of range [ 417.536330][T14163] netlink: set zone limit has 4 unknown bytes [ 417.699650][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 417.830903][T14171] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1955'. [ 417.833577][T14171] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1955'. [ 417.907345][T14176] geneve2: entered promiscuous mode [ 417.909881][T14176] geneve2: entered allmulticast mode [ 418.112695][T14182] netlink: 'syz.2.1960': attribute type 12 has an invalid length. [ 418.115773][T14182] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.1960'. [ 418.186596][T14184] program syz.1.1961 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 418.220034][ T1022] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 418.372410][ T1022] usb 5-1: Using ep0 maxpacket: 16 [ 418.380462][ T1022] usb 5-1: config 0 has no interfaces? [ 418.385712][ T1022] usb 5-1: New USB device found, idVendor=0458, idProduct=704a, bcdDevice=3a.55 [ 418.396614][ T1022] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 418.400423][ T1022] usb 5-1: Product: syz [ 418.401948][ T1022] usb 5-1: Manufacturer: syz [ 418.406790][ T1022] usb 5-1: SerialNumber: syz [ 418.416239][ T1022] usb 5-1: config 0 descriptor?? [ 418.434188][T14192] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1964'. [ 418.440714][T14192] block nbd2: Attempted send on invalid socket [ 418.444440][T14192] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 418.448015][T14192] SQUASHFS error: Failed to read block 0x0: -5 [ 418.451491][T14192] unable to read squashfs_super_block [ 418.538554][T14197] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1963'. [ 418.734673][T14200] bond2: entered promiscuous mode [ 418.737712][ T6066] usb 5-1: USB disconnect, device number 12 [ 419.265038][T14208] netlink: 'syz.3.1967': attribute type 1 has an invalid length. [ 419.267971][T14208] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1967'. [ 419.445355][T14217] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1969'. [ 420.239767][T14230] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1973'. [ 420.804830][T14248] FAULT_INJECTION: forcing a failure. [ 420.804830][T14248] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 420.810423][T14248] CPU: 1 UID: 0 PID: 14248 Comm: syz.2.1979 Not tainted syzkaller #0 PREEMPT(full) [ 420.810445][T14248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 420.810455][T14248] Call Trace: [ 420.810461][T14248] [ 420.810467][T14248] dump_stack_lvl+0x16c/0x1f0 [ 420.810495][T14248] should_fail_ex+0x512/0x640 [ 420.810524][T14248] should_fail_alloc_page+0xe7/0x130 [ 420.810546][T14248] prepare_alloc_pages+0x3c2/0x610 [ 420.810570][T14248] ? rcu_is_watching+0x12/0xc0 [ 420.810628][T14248] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 420.810651][T14248] ? __pfx_vmap_small_pages_range_noflush+0x10/0x10 [ 420.810683][T14248] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 420.810701][T14248] ? is_vmalloc_addr+0x86/0xa0 [ 420.810720][T14248] ? is_vmalloc_or_module_addr+0x47/0x60 [ 420.810737][T14248] ? kasan_unpoison+0x27/0x60 [ 420.810754][T14248] ? __kasan_unpoison_vmalloc+0x22/0x30 [ 420.810780][T14248] ? comedi_buf_alloc+0x2fa/0x9d0 [ 420.810795][T14248] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 420.810820][T14248] ? policy_nodemask+0xea/0x4e0 [ 420.810843][T14248] alloc_pages_mpol+0x1fb/0x550 [ 420.810864][T14248] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 420.810892][T14248] alloc_pages_noprof+0x131/0x390 [ 420.810914][T14248] get_zeroed_page_noprof+0x18/0xb0 [ 420.810936][T14248] comedi_buf_alloc+0x63e/0x9d0 [ 420.810954][T14248] ? __init_waitqueue_head+0xca/0x150 [ 420.810979][T14248] comedi_device_postconfig+0x399/0xc80 [ 420.811005][T14248] ? pcmmio_attach+0x6e/0xe10 [ 420.811029][T14248] comedi_device_attach+0x3cf/0x900 [ 420.811058][T14248] do_devconfig_ioctl+0x1b1/0x710 [ 420.811076][T14248] ? __mutex_lock+0x1c5/0x1060 [ 420.811115][T14248] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 420.811146][T14248] ? kasan_save_stack+0x42/0x60 [ 420.811163][T14248] ? kasan_save_stack+0x33/0x60 [ 420.811179][T14248] ? kasan_save_track+0x14/0x30 [ 420.811196][T14248] ? kasan_save_free_info+0x3b/0x60 [ 420.811210][T14248] ? __kasan_slab_free+0x60/0x70 [ 420.811227][T14248] ? kfree+0x2b4/0x4d0 [ 420.811241][T14248] ? tomoyo_path_number_perm+0x470/0x580 [ 420.811267][T14248] comedi_unlocked_ioctl+0x165d/0x2f00 [ 420.811296][T14248] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 420.811337][T14248] ? kasan_quarantine_put+0x10a/0x240 [ 420.811354][T14248] ? lockdep_hardirqs_on+0x7c/0x110 [ 420.811380][T14248] ? find_held_lock+0x2b/0x80 [ 420.811397][T14248] ? tomoyo_path_number_perm+0x295/0x580 [ 420.811422][T14248] ? tomoyo_path_number_perm+0x18d/0x580 [ 420.811444][T14248] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 420.811468][T14248] comedi_compat_ioctl+0x1d0/0x990 [ 420.811490][T14248] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 420.811512][T14248] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 420.811537][T14248] ? do_vfs_ioctl+0x128/0x14f0 [ 420.811563][T14248] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 420.811602][T14248] ? find_held_lock+0x2b/0x80 [ 420.811618][T14248] ? hook_file_ioctl_common+0x145/0x410 [ 420.811646][T14248] ? __fget_files+0x20e/0x3c0 [ 420.811670][T14248] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 420.811692][T14248] __ia32_compat_sys_ioctl+0x242/0x370 [ 420.811720][T14248] __do_fast_syscall_32+0x7c/0x300 [ 420.811747][T14248] do_fast_syscall_32+0x32/0x80 [ 420.811762][T14248] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 420.811781][T14248] RIP: 0023:0xf709e579 [ 420.811795][T14248] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 420.811811][T14248] RSP: 002b:00000000f548e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 420.811827][T14248] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400 [ 420.811837][T14248] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 420.811846][T14248] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 420.811855][T14248] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 420.811864][T14248] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 420.811886][T14248] [ 420.812214][T14248] comedi comedi3: Buffer allocation failed [ 420.820829][ C1] net_ratelimit: 10 callbacks suppressed [ 420.820844][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 421.081232][T14256] /dev/loop0: Can't lookup blockdev [ 421.235444][T14261] netlink: zone id is out of range [ 421.238342][T14261] netlink: zone id is out of range [ 421.240233][T14261] netlink: zone id is out of range [ 421.264735][T14261] netlink: set zone limit has 4 unknown bytes [ 421.388232][T14264] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1983'. [ 421.400827][T14267] 9pnet_fd: Insufficient options for proto=fd [ 421.464411][T14271] bridge0: port 1(syz_tun) entered blocking state [ 421.466483][T14271] bridge0: port 1(syz_tun) entered disabled state [ 421.468553][T14271] syz_tun: entered allmulticast mode [ 421.477354][T14271] syz_tun: entered promiscuous mode [ 421.482956][T14271] bridge0: port 1(syz_tun) entered blocking state [ 421.485061][T14271] bridge0: port 1(syz_tun) entered forwarding state [ 421.859686][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 421.983957][T14282] sd 0:0:0:0: PR command failed: 1026 [ 421.986280][T14282] sd 0:0:0:0: Sense Key : Illegal Request [current] [ 421.989132][T14282] sd 0:0:0:0: Add. Sense: Invalid command operation code [ 422.909655][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 423.239222][T14325] block nbd2: Attempted send on invalid socket [ 423.274667][T14325] I/O error, dev nbd2, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 423.303464][T14327] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 423.317651][T14325] qnx4: unable to read the superblock [ 423.402197][T14338] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi) [ 423.939656][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 424.349821][T14371] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2012'. [ 424.487180][T14376] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 424.979672][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 425.627935][T14399] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 425.630070][T14399] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 425.632718][T14399] vhci_hcd vhci_hcd.0: Device attached [ 425.680802][T14398] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2015'. [ 426.029651][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 426.049773][ T6040] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 426.949544][T14419] binder_alloc: 14418: binder_alloc_buf size -40 failed, no address space [ 426.953728][T14419] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 427.059659][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 428.003093][T14451] input: syz1 as /devices/virtual/input/input24 [ 428.099655][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 428.409712][T14400] vhci_hcd: connection reset by peer [ 428.411661][T11293] vhci_hcd: stop threads [ 428.413072][T11293] vhci_hcd: release socket [ 428.414590][T11293] vhci_hcd: disconnect device [ 428.690393][T14462] program syz.3.2038 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 428.697939][T14462] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2038'. [ 429.037258][T14480] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2042'. [ 429.041080][T14480] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 429.068607][T14480] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2042'. [ 429.080262][T14485] FAULT_INJECTION: forcing a failure. [ 429.080262][T14485] name failslab, interval 1, probability 0, space 0, times 0 [ 429.085058][T14485] CPU: 3 UID: 0 PID: 14485 Comm: syz.3.2046 Not tainted syzkaller #0 PREEMPT(full) [ 429.085076][T14485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 429.085085][T14485] Call Trace: [ 429.085091][T14485] [ 429.085097][T14485] dump_stack_lvl+0x16c/0x1f0 [ 429.085126][T14485] should_fail_ex+0x512/0x640 [ 429.085152][T14485] ? __kvmalloc_node_noprof+0x124/0x620 [ 429.085175][T14485] should_failslab+0xc2/0x120 [ 429.085198][T14485] __kvmalloc_node_noprof+0x137/0x620 [ 429.085218][T14485] ? bpf_check+0x6885/0xc4d0 [ 429.085244][T14485] ? bpf_check+0x6885/0xc4d0 [ 429.085262][T14485] bpf_check+0x6885/0xc4d0 [ 429.085281][T14485] ? __pfx___mutex_trylock_common+0x10/0x10 [ 429.085331][T14485] ? __pfx_bpf_check+0x10/0x10 [ 429.085349][T14485] ? __lock_acquire+0xb97/0x1ce0 [ 429.085394][T14485] ? __asan_memset+0x23/0x50 [ 429.085412][T14485] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 429.085439][T14485] bpf_prog_load+0xe41/0x2490 [ 429.085470][T14485] ? __pfx_bpf_prog_load+0x10/0x10 [ 429.085520][T14485] __sys_bpf+0x4a3f/0x4de0 [ 429.085548][T14485] ? __pfx___sys_bpf+0x10/0x10 [ 429.085574][T14485] ? ksys_write+0x190/0x250 [ 429.085597][T14485] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 429.085639][T14485] ? fput+0x9b/0xd0 [ 429.085663][T14485] ? ksys_write+0x1ac/0x250 [ 429.085682][T14485] ? __pfx_ksys_write+0x10/0x10 [ 429.085704][T14485] __ia32_sys_bpf+0x76/0xe0 [ 429.085719][T14485] __do_fast_syscall_32+0x7c/0x300 [ 429.085744][T14485] do_fast_syscall_32+0x32/0x80 [ 429.085759][T14485] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 429.085777][T14485] RIP: 0023:0xf708e579 [ 429.085791][T14485] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 429.085808][T14485] RSP: 002b:00000000f547e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 429.085824][T14485] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800054c0 [ 429.085835][T14485] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 429.085845][T14485] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 429.085854][T14485] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 429.085864][T14485] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 429.085887][T14485] [ 429.139779][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 430.179694][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 430.340427][T14521] ptrace attach of "/syz-executor exec"[5974] was attempted by " ú“\x0c¬¹H;¤'ýëãSde/È|¥zPüÚиWåÌ\x0b”PŠ<ÇI7ô{‚ŸûWr•×¢Ó‡amL5Ûï{ô„Þ¶-Ú¨ÜøžØ¸­…›¼»E“fŽYSõ7£?šVê½sˆëŒ\x0b†MÈüÚáÐ÷Æ`ÖÓðg‰ï°Ø±/â—’ýäUéµCŽÎöOGËDn›û\x07Âæw™¹m}O²ñq¦ã¬p×]ŒðK|I(Ùïó‹9¯/èk¾ìY_¡Ö¤vqyØóÿ×rƲÈ.+/ñnîyŠ]§6ÖB\x5c*‰ÈõLo§Ÿ× …\x0a ¢BÚ\x0dáÛAnÿë¬õ\x0bptQUolLê„ÓobBàÀM¦ñÖãóȹ.š»T3#(Dª\x1bªº˜™ä?-íMóŠMÞ\x0dÅ{ÞX¯óâ˜Lhl1G‡J(°ï‰Ÿ™\x0a˜«À¹\x07ê‚b\x0cf¸Û\x5c–L™e#ç½y„wÝO%Ë0õ¥,Ž¨zÇ‚œrÏ\x5cHô\x22ý@)EâlĪoª´=æÉ0}Æ|šö¶—m ÀÉ~ŽM÷ÏUK\x0býQoDU1h$étïQf‘\x0b½;\x0bvNõT/ñörP£Àx0mþ؇dG>Ît5QêI§¡šÝ0kŸópžì”;†€Èî©tÒ>?7~ðéÕžþç8ç)>‡\x0a.Fâv\x5c0CPª{©\x07Ô­4OT)®¥ü%ù³DkfCkF ç±¥;¡Ðm\x0c•vä\x0cTʪz5©ñmÖ¢´—ïvÜÄà‰Ä«'c®üß^ت°g_\x0bÆ…8±)c,¨(qøáeäB¾ðãã‘»SPt4äo¹ ¾I„HwL#©–@mU¡pªE¢^aÒÉgh~d¬_ö­9\x07r|ÖçGJj+&Ò½k(‘\x07”êërnéE§4¼(ŸõÇó#ë×\x0b YÅβBÇäˆ\x0aЦ&ÆþRý`µ?èóL1t¸Ž÷ÎÕ«wËÑ.Mç=3ª|G‹÷ƒ“sùmƒgî4`|\x22{б춋¬½†1â[{þȯw/B‹_g»6-òqyk*™o¯’\x0d\x5cc8ÀèÌÿ\x5c [ 431.034118][T14536] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2060'. [ 431.107852][T14542] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2063'. [ 431.129809][ T6040] vhci_hcd: vhci_device speed not set [ 431.219693][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 431.282856][T14555] overlayfs: failed to resolve './file1': -2 [ 431.771058][T14567] netlink: 'syz.0.2069': attribute type 7 has an invalid length. [ 431.773529][T14567] netlink: 'syz.0.2069': attribute type 8 has an invalid length. [ 431.978668][T14571] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2069'. [ 432.094630][T14580] syz_tun: left allmulticast mode [ 432.096352][T14580] syz_tun: left promiscuous mode [ 432.098204][T14580] bridge0: port 1(syz_tun) entered disabled state [ 432.217545][T14580] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2072'. [ 432.269737][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 432.859448][T14603] geneve2: entered promiscuous mode [ 432.861128][T14603] geneve2: entered allmulticast mode [ 433.055978][T14608] netlink: zone id is out of range [ 433.060297][T14608] netlink: zone id is out of range [ 433.062227][T14608] netlink: zone id is out of range [ 433.081200][T14608] netlink: set zone limit has 4 unknown bytes [ 433.309642][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 433.399731][T14618] overlayfs: failed to resolve './file1': -2 [ 433.953293][T14623] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 434.272507][T14627] FAULT_INJECTION: forcing a failure. [ 434.272507][T14627] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 434.280836][T14627] CPU: 1 UID: 0 PID: 14627 Comm: syz.2.2083 Not tainted syzkaller #0 PREEMPT(full) [ 434.280859][T14627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 434.280869][T14627] Call Trace: [ 434.280875][T14627] [ 434.280881][T14627] dump_stack_lvl+0x16c/0x1f0 [ 434.280925][T14627] should_fail_ex+0x512/0x640 [ 434.280954][T14627] should_fail_alloc_page+0xe7/0x130 [ 434.280976][T14627] prepare_alloc_pages+0x3c2/0x610 [ 434.280999][T14627] ? rcu_is_watching+0x12/0xc0 [ 434.281018][T14627] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 434.281038][T14627] ? __lock_acquire+0xb97/0x1ce0 [ 434.281069][T14627] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 434.281089][T14627] ? do_raw_spin_lock+0x12c/0x2b0 [ 434.281111][T14627] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 434.281134][T14627] ? find_held_lock+0x2b/0x80 [ 434.281157][T14627] ? __lock_acquire+0xb97/0x1ce0 [ 434.281177][T14627] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 434.281202][T14627] ? policy_nodemask+0xea/0x4e0 [ 434.281224][T14627] alloc_pages_mpol+0x1fb/0x550 [ 434.281245][T14627] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 434.281272][T14627] folio_alloc_mpol_noprof+0x36/0x2f0 [ 434.281296][T14627] shmem_alloc_folio+0x135/0x160 [ 434.281314][T14627] shmem_alloc_and_add_folio+0x499/0xc20 [ 434.281338][T14627] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 434.281359][T14627] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 434.281382][T14627] shmem_get_folio_gfp+0x67f/0x1600 [ 434.281406][T14627] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 434.281433][T14627] ? filemap_map_pages+0xf58/0x1670 [ 434.281455][T14627] shmem_fault+0x1fe/0xa30 [ 434.281475][T14627] ? __pfx_shmem_fault+0x10/0x10 [ 434.281496][T14627] ? __pfx_filemap_map_pages+0x10/0x10 [ 434.281522][T14627] ? __pfx_filemap_map_pages+0x10/0x10 [ 434.281539][T14627] __do_fault+0x10a/0x490 [ 434.281560][T14627] ? __pfx_filemap_map_pages+0x10/0x10 [ 434.281576][T14627] do_pte_missing+0xf50/0x3ba0 [ 434.281593][T14627] ? find_held_lock+0x2b/0x80 [ 434.281609][T14627] ? __handle_mm_fault+0x14fd/0x2a50 [ 434.281629][T14627] __handle_mm_fault+0x152a/0x2a50 [ 434.281653][T14627] ? __pfx___handle_mm_fault+0x10/0x10 [ 434.281671][T14627] ? __pte_offset_map_lock+0x174/0x310 [ 434.281693][T14627] ? find_held_lock+0x2b/0x80 [ 434.281716][T14627] ? follow_page_pte.constprop.0+0x5cf/0x1390 [ 434.281746][T14627] handle_mm_fault+0x589/0xd10 [ 434.281768][T14627] __get_user_pages+0x551/0x34a0 [ 434.281801][T14627] ? __pfx___get_user_pages+0x10/0x10 [ 434.281831][T14627] populate_vma_page_range+0x267/0x3f0 [ 434.281856][T14627] ? __pfx_populate_vma_page_range+0x10/0x10 [ 434.281879][T14627] ? __pfx_find_vma_intersection+0x10/0x10 [ 434.281903][T14627] ? do_mmap+0x69c/0x1210 [ 434.281928][T14627] __mm_populate+0x1d8/0x380 [ 434.281944][T14627] ? __pfx___mm_populate+0x10/0x10 [ 434.281969][T14627] ? up_write+0x1b2/0x520 [ 434.281994][T14627] vm_mmap_pgoff+0x37f/0x470 [ 434.282019][T14627] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 434.282039][T14627] ? handle_mm_fault+0x290/0xd10 [ 434.282061][T14627] ? ksys_write+0x1ac/0x250 [ 434.282083][T14627] ksys_mmap_pgoff+0x7d/0x5c0 [ 434.282103][T14627] ? rcu_is_watching+0x12/0xc0 [ 434.282118][T14627] ? __ia32_sys_mmap_pgoff+0x11/0x1b0 [ 434.282142][T14627] __do_fast_syscall_32+0x7c/0x300 [ 434.282169][T14627] do_fast_syscall_32+0x32/0x80 [ 434.282183][T14627] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 434.282203][T14627] RIP: 0023:0xf709e579 [ 434.282216][T14627] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 434.282232][T14627] RSP: 002b:00000000f548e55c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 434.282247][T14627] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000b36000 [ 434.282258][T14627] RDX: 0000000006ebbeef RSI: 0000000000008031 RDI: 00000000ffffffff [ 434.282267][T14627] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 434.282277][T14627] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 434.282286][T14627] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 434.282307][T14627] [ 434.440572][ C1] vkms_vblank_simulate: vblank timer overrun [ 434.443169][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 434.485549][T14635] all: renamed from bridge_slave_0 [ 434.703983][T14647] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 434.799927][T14651] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2090'. [ 435.368962][T14654] binder: BINDER_SET_CONTEXT_MGR already set [ 435.373441][T14654] binder: 14653:14654 ioctl 4018620d 80004a80 returned -16 [ 435.469655][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 435.561791][T14659] I/O error, dev loop1, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2 [ 435.565170][T14659] gfs2: error -5 reading superblock [ 435.629781][ T29] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 435.789736][ T29] usb 5-1: Using ep0 maxpacket: 16 [ 435.793363][ T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 435.796864][ T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 436.135449][ T29] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 436.154278][T14674] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2099'. [ 436.163234][T14674] geneve2: entered promiscuous mode [ 436.165015][T14674] geneve2: entered allmulticast mode [ 436.168617][ T80] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 19999 - 0 [ 436.174915][ T80] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 19999 - 0 [ 436.180098][ T80] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 19999 - 0 [ 436.183822][ T80] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 19999 - 0 [ 436.330552][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.334186][ T29] usb 5-1: config 0 descriptor?? [ 436.509701][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 436.532778][T14685] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 436.744435][ T29] usbhid 5-1:0.0: can't add hid device: -32 [ 436.753356][ T29] usbhid 5-1:0.0: probe with driver usbhid failed with error -32 [ 436.756126][T14654] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2093'. [ 436.769403][T14654] batadv3: entered promiscuous mode [ 436.779841][T14654] batadv3: entered allmulticast mode [ 436.785806][T14654] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2093'. [ 436.815133][T14654] binder: 14653:14654 ioctl c0306201 0 returned -14 [ 436.817610][T14654] binder: 14653:14654 ioctl c018937b 80000900 returned -22 [ 436.821888][ T29] usb 5-1: USB disconnect, device number 13 [ 436.947405][T14693] binder: 14692:14693 unknown command 0 [ 436.949845][T14693] binder: 14692:14693 ioctl c0306201 80000080 returned -22 [ 437.357851][T14700] fuse: Bad value for 'fd' [ 437.445078][T14703] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 437.539695][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 437.890357][T14709] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2109'. [ 438.027487][T14709] bond0 (unregistering): Released all slaves [ 438.579680][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 438.924921][T14725] netlink: zone id is out of range [ 438.926742][T14725] netlink: zone id is out of range [ 438.928906][T14725] netlink: zone id is out of range [ 438.930643][T14725] netlink: zone id is out of range [ 438.952512][T14725] netlink: set zone limit has 4 unknown bytes [ 439.245047][T14734] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2115'. [ 439.248543][T14734] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2115'. [ 439.537656][T14739] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2116'. [ 439.540643][T14739] netlink: 'syz.0.2116': attribute type 5 has an invalid length. [ 439.543116][T14739] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2116'. [ 439.553005][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.555484][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.565857][T14739] geneve2: entered promiscuous mode [ 439.567720][T14739] geneve2: entered allmulticast mode [ 439.571584][T11293] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 439.576130][T11293] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 439.580739][T11295] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 439.583413][T11295] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 439.619701][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 440.131114][T14747] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 440.455339][T14759] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 440.496739][T14761] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2122'. [ 440.504342][T14761] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2122'. [ 441.595531][T14776] net_ratelimit: 1 callbacks suppressed [ 441.595541][T14776] netlink: zone id is out of range [ 441.599226][T14776] netlink: zone id is out of range [ 441.601873][T14776] netlink: zone id is out of range [ 441.603502][T14776] netlink: zone id is out of range [ 441.621422][T14776] netlink: set zone limit has 4 unknown bytes [ 441.709647][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 442.470497][T14791] netlink: 'syz.0.2131': attribute type 1 has an invalid length. [ 442.739679][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 442.972117][ T54] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 443.019352][T14807] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 443.141482][ T54] usb 6-1: config 1 has an invalid interface number: 7 but max is 0 [ 443.145054][ T54] usb 6-1: config 1 has no interface number 0 [ 443.148013][ T54] usb 6-1: config 1 interface 7 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1023 [ 443.156361][ T54] usb 6-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.1d [ 443.159570][ T54] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.162558][ T54] usb 6-1: Product: syz [ 443.164255][ T54] usb 6-1: Manufacturer: syz [ 443.166039][ T54] usb 6-1: SerialNumber: syz [ 443.170102][T14799] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 443.174943][ T54] usb 6-1: Error in usbnet_get_endpoints (-22) [ 443.377704][ T1022] usb 6-1: USB disconnect, device number 12 [ 443.531032][T14811] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 443.533806][T14811] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 443.538495][T14811] vhci_hcd vhci_hcd.0: Device attached [ 443.779755][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 443.808298][T14813] vhci_hcd: connection closed [ 443.809798][ T6040] usb 44-1: SetAddress Request (55) to port 0 [ 443.810118][T11295] vhci_hcd: stop threads [ 443.811609][ T6040] usb 44-1: new SuperSpeed USB device number 55 using vhci_hcd [ 443.814137][T11295] vhci_hcd: release socket [ 443.819416][T11295] vhci_hcd: disconnect device [ 443.829785][ T6040] usb 44-1: enqueue for inactive port 0 [ 443.965070][T14820] tmpfs: Bad value for 'mpol' [ 443.967873][T14820] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2138'. [ 444.323363][ T6040] usb usb44-port1: attempt power cycle [ 444.500391][T14833] I/O error, dev loop3, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2 [ 444.504549][T14833] gfs2: error -5 reading superblock [ 444.819926][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 444.911306][ T6040] usb usb44-port1: unable to enumerate USB device [ 445.023428][T14838] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2143'. [ 445.265152][T14850] netlink: zone id is out of range [ 445.402007][T14857] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2148'. [ 445.450633][T14851] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.454266][T14851] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 445.547935][T14851] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.552472][T14851] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 445.634596][T14851] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.638158][T14851] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 445.757613][T14867] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 445.798708][T14851] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.816116][T14851] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 445.977884][T11297] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 256 - 0 [ 445.984861][T11297] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 446.000654][T11297] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 256 - 0 [ 446.003179][T11297] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 446.015743][T11297] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 256 - 0 [ 446.018499][T11297] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 446.028384][T11297] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 256 - 0 [ 446.035722][T11297] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 446.086852][T14870] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2151'. [ 446.136000][T14871] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 446.137987][T14871] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 446.148973][T14871] vhci_hcd vhci_hcd.0: Device attached [ 446.158277][T14880] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2153'. [ 446.493703][T14872] vhci_hcd: connection closed [ 446.493996][ T29] usb 42-1: SetAddress Request (50) to port 0 [ 446.495104][ T13] vhci_hcd: stop threads [ 446.496190][ T29] usb 42-1: new SuperSpeed USB device number 50 using vhci_hcd [ 446.498691][ T13] vhci_hcd: release socket [ 446.506361][ T13] vhci_hcd: disconnect device [ 446.530555][ T29] usb 42-1: enqueue for inactive port 0 [ 446.899647][ C1] net_ratelimit: 5 callbacks suppressed [ 446.899659][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 446.951268][ T29] usb usb42-port1: attempt power cycle [ 446.981524][T14889] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2156'. [ 447.240184][T14907] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 447.264275][T14907] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2158'. [ 447.268039][T14907] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2158'. [ 447.510250][ T29] usb usb42-port1: unable to enumerate USB device [ 447.558933][T14912] dlm: no local IP address has been set [ 447.562105][T14912] dlm: cannot start dlm midcomms -107 [ 447.939718][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 448.037939][T14925] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 448.296011][T14928] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 448.298642][T14928] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 448.307949][T14928] vhci_hcd vhci_hcd.0: Device attached [ 448.625622][ T6007] usb 38-1: SetAddress Request (44) to port 0 [ 448.627605][ T6007] usb 38-1: new SuperSpeed USB device number 44 using vhci_hcd [ 448.726892][T14929] vhci_hcd: connection reset by peer [ 448.731620][T11295] vhci_hcd: stop threads [ 448.736690][T11295] vhci_hcd: release socket [ 448.738495][T11295] vhci_hcd: disconnect device [ 448.786488][ T29] libceph: connect (1)[c::]:6789 error -22 [ 448.788958][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 448.807848][T14935] ceph: No mds server is up or the cluster is laggy [ 448.979697][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 449.526370][T14946] netlink: 'syz.2.2171': attribute type 12 has an invalid length. [ 449.532807][T14946] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.2171'. [ 450.019729][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 450.092231][T14966] bond0: option mode: unable to set because the bond device is up [ 450.331196][T14968] bridge0: port 1(erspan0) entered blocking state [ 450.342858][T14968] bridge0: port 1(erspan0) entered disabled state [ 450.350751][T14968] erspan0: entered allmulticast mode [ 450.370632][T14968] erspan0: entered promiscuous mode [ 450.372645][T14968] bridge0: port 1(erspan0) entered blocking state [ 450.374727][T14968] bridge0: port 1(erspan0) entered forwarding state [ 451.059699][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 451.445864][T14984] binder: 14983:14984 ioctl c0306201 80000640 returned -22 [ 451.448430][T14984] binder: 14983:14984 ioctl 400454ca 800000c0 returned -22 [ 451.515176][T14986] all: renamed from bridge_slave_0 (while UP) [ 451.659802][ T6806] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 451.984380][T15005] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 451.986437][T15005] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 451.989164][T15005] vhci_hcd vhci_hcd.0: Device attached [ 452.099664][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 452.127816][T15006] vhci_hcd: connection closed [ 452.129255][ T13] vhci_hcd: stop threads [ 452.133002][ T13] vhci_hcd: release socket [ 452.134777][ T13] vhci_hcd: disconnect device [ 452.292413][ T6806] usb 5-1: config 0 has an invalid interface number: 32 but max is 0 [ 452.442853][T11297] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 452.445556][T11297] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 452.526357][ T6806] usb 5-1: config 0 has no interface number 0 [ 452.529663][ T6806] usb 5-1: too many endpoints for config 0 interface 32 altsetting 101: 120, using maximum allowed: 30 [ 452.533534][ T6806] usb 5-1: config 0 interface 32 altsetting 101 has 0 endpoint descriptors, different from the interface descriptor's value: 120 [ 452.537587][ T6806] usb 5-1: config 0 interface 32 has no altsetting 0 [ 452.543078][ T6806] usb 5-1: config 0 has an invalid interface number: 32 but max is 0 [ 452.545589][ T6806] usb 5-1: config 0 has no interface number 0 [ 452.547494][ T6806] usb 5-1: too many endpoints for config 0 interface 32 altsetting 101: 120, using maximum allowed: 30 [ 452.554626][ T6806] usb 5-1: config 0 interface 32 altsetting 101 has 0 endpoint descriptors, different from the interface descriptor's value: 120 [ 452.558828][ T6806] usb 5-1: config 0 interface 32 has no altsetting 0 [ 452.561824][ T6806] usb 5-1: config 0 has an invalid interface number: 32 but max is 0 [ 452.565162][ T6806] usb 5-1: config 0 has no interface number 0 [ 452.567742][ T6806] usb 5-1: too many endpoints for config 0 interface 32 altsetting 101: 120, using maximum allowed: 30 [ 452.572486][ T6806] usb 5-1: config 0 interface 32 altsetting 101 has 0 endpoint descriptors, different from the interface descriptor's value: 120 [ 452.577622][ T6806] usb 5-1: config 0 interface 32 has no altsetting 0 [ 452.582536][ T6806] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb [ 452.586221][ T6806] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=201 [ 452.589252][ T6806] usb 5-1: Product: syz [ 452.590862][ T6806] usb 5-1: Manufacturer: syz [ 452.592612][ T6806] usb 5-1: SerialNumber: syz [ 452.596812][ T6806] usb 5-1: config 0 descriptor?? [ 452.876487][T15016] bond0: option mode: unable to set because the bond device is up [ 452.992323][T15020] bridge0: port 2(erspan0) entered blocking state [ 452.994455][T15020] bridge0: port 2(erspan0) entered disabled state [ 452.998584][T15020] erspan0: entered allmulticast mode [ 453.001891][T15020] erspan0: entered promiscuous mode [ 453.139777][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 453.394524][T15028] Invalid logical block size (2) [ 453.400530][T15028] xt_l2tp: v2 sid > 0xffff: 1114112 [ 453.519904][T15030] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 453.521967][T15030] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 453.524333][T15030] vhci_hcd vhci_hcd.0: Device attached [ 453.552564][T15032] vhci_hcd: connection closed [ 453.552853][ T13] vhci_hcd: stop threads [ 453.555869][ T13] vhci_hcd: release socket [ 453.557291][ T13] vhci_hcd: disconnect device [ 453.699700][ T6007] usb 38-1: device descriptor read/8, error -110 [ 454.100853][ T6007] usb usb38-port1: attempt power cycle [ 454.179707][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 454.532765][ T6806] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in warm state. [ 454.536019][ T6806] dvb-usb: bulk message failed: -22 (2/0) [ 454.545027][ T6806] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 454.549298][ T6806] dvbdev: DVB: registering new adapter (DigitalNow DVB-T Dual USB) [ 454.554479][ T6806] usb 5-1: media controller created [ 454.660437][ T6007] usb usb38-port1: unable to enumerate USB device [ 454.743092][T15057] overlayfs: failed to resolve './file0/../file0': -20 [ 454.745607][ T6806] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 454.760374][T15058] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 454.762995][T15058] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 454.766406][T15058] vhci_hcd vhci_hcd.0: Device attached [ 454.873996][ T6806] cxusb: set interface failed [ 454.876196][ T6806] dvb-usb: bulk message failed: -22 (1/0) [ 455.059734][ T6007] usb 38-1: SetAddress Request (48) to port 0 [ 455.061683][ T6007] usb 38-1: new SuperSpeed USB device number 48 using vhci_hcd [ 455.118665][ T6806] DVB: Unable to find symbol mt352_attach() [ 455.122924][ T6806] dvb-usb: bulk message failed: -22 (5/0) [ 455.125997][ T6806] zl10353_read_register: readreg error (reg=127, ret==-121) [ 455.130226][ T6806] dvb-usb: no frontend was attached by 'DigitalNow DVB-T Dual USB' [ 455.189677][ T6806] rc_core: IR keymap rc-dvico-mce not found [ 455.191622][ T6806] Registered IR keymap rc-empty [ 455.194219][ T6806] rc rc0: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0 [ 455.197957][ T6806] input: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0/input27 [ 455.202730][T15068] bond0: option mode: unable to set because the bond device has slaves [ 455.203620][ T6806] dvb-usb: schedule remote query interval to 100 msecs. [ 455.207671][ T6806] dvb-usb: DigitalNow DVB-T Dual USB successfully initialized and connected. [ 455.211889][ T6806] usb 5-1: USB disconnect, device number 14 [ 455.219722][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 455.242432][ T6806] dvb-usb: DigitalNow DVB-T Dual USB successfully deinitialized and disconnected. [ 455.292047][T15059] vhci_hcd: connection reset by peer [ 455.293882][T11293] vhci_hcd: stop threads [ 455.295210][T11293] vhci_hcd: release socket [ 455.297104][T11293] vhci_hcd: disconnect device [ 455.324156][T15072] bridge0: port 3(erspan0) entered blocking state [ 455.326436][T15072] bridge0: port 3(erspan0) entered disabled state [ 455.328655][T15072] erspan0: entered allmulticast mode [ 455.332040][T15072] erspan0: entered promiscuous mode [ 455.924855][T15089] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2207'. [ 455.948348][T15089] batadv2: entered allmulticast mode [ 456.072522][T15090] input: syz1 as /devices/virtual/input/input28 [ 456.259730][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 456.914963][T15108] binder: 15107:15108 ioctl c0306201 80000640 returned -22 [ 456.917622][T15108] binder: 15107:15108 ioctl 400454ca 800000c0 returned -22 [ 456.971138][T15110] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 457.146842][T15113] erspan0: left allmulticast mode [ 457.149063][T15113] erspan0: left promiscuous mode [ 457.151467][T15113] bridge0: port 2(erspan0) entered disabled state [ 457.157277][T15113] syz_tun: left allmulticast mode [ 457.159485][T15113] syz_tun: left promiscuous mode [ 457.161833][T15113] bridge0: port 1(syz_tun) entered disabled state [ 457.166698][T15113] tipc: Resetting bearer [ 457.171873][T15113] team0: Port device vlan0 removed [ 457.180552][T15113] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2216'. [ 457.230477][T15117] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2217'. [ 457.268745][T15115] netlink: zone id is out of range [ 457.271708][T15115] netlink: zone id is out of range [ 457.277668][T15115] netlink: zone id is out of range [ 457.283663][T15115] netlink: zone id is out of range [ 457.309703][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 457.316484][T15115] netlink: set zone limit has 4 unknown bytes [ 458.162163][T15138] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2223'. [ 458.216460][T15138] batadv2: entered allmulticast mode [ 458.249381][T15139] input: syz1 as /devices/virtual/input/input29 [ 458.349674][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 459.241722][T15152] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 459.243790][T15152] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 459.246676][T15152] vhci_hcd vhci_hcd.0: Device attached [ 459.379644][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 459.785104][T15153] vhci_hcd: connection closed [ 459.786315][ T13] vhci_hcd: stop threads [ 459.789141][ T13] vhci_hcd: release socket [ 459.792674][ T13] vhci_hcd: disconnect device [ 459.869157][T15167] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2231'. [ 459.872295][T15167] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2231'. [ 459.895094][T15163] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 460.099936][ T6007] usb 38-1: device descriptor read/8, error -110 [ 460.419679][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 460.948312][T15179] fuse: Unknown parameter 'g¥0x0000000000000003' [ 460.952076][T15181] fuse: Unknown parameter 'g¥0x0000000000000003' [ 461.100345][ T6007] usb usb38-port1: attempt power cycle [ 461.459654][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 461.574286][T15189] netlink: 'syz.0.2238': attribute type 1 has an invalid length. [ 461.583297][T15189] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2238'. [ 461.700935][ T6007] usb usb38-port1: unable to enumerate USB device [ 462.499720][ C1] net_ratelimit: 5 callbacks suppressed [ 462.499732][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 462.777160][T15210] geneve3: entered promiscuous mode [ 462.779415][T15210] geneve3: entered allmulticast mode [ 463.539869][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 463.722001][T15238] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 463.838002][T15242] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2251'. [ 464.263653][T15255] netlink: zone id is out of range [ 464.265494][T15255] netlink: zone id is out of range [ 464.268402][T15255] netlink: zone id is out of range [ 464.272256][T15255] netlink: zone id is out of range [ 464.297302][T15255] netlink: set zone limit has 4 unknown bytes [ 464.589733][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 465.620036][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 466.176630][T15289] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 466.178650][T15289] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 466.181703][T15289] vhci_hcd vhci_hcd.0: Device attached [ 466.343284][T15293] /dev/sr0: Can't open blockdev [ 466.383800][T15295] vhci_hcd: connection closed [ 466.384891][T11293] vhci_hcd: stop threads [ 466.389514][T11293] vhci_hcd: release socket [ 466.391905][T11293] vhci_hcd: disconnect device [ 466.669902][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 467.346432][T15315] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2265'. [ 467.503536][T15319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 467.699729][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 468.038065][T15325] overlayfs: failed to resolve './file1': -2 [ 468.039242][T15326] netlink: zone id is out of range [ 468.042449][T15326] netlink: zone id is out of range [ 468.045365][T15326] netlink: zone id is out of range [ 468.047406][T15326] netlink: zone id is out of range [ 468.061381][T15326] netlink: set zone limit has 4 unknown bytes [ 468.740122][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 469.789980][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 470.340289][T15355] overlay: Unknown parameter 'smackfsfloor' [ 470.549284][ T5335] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 470.558441][ T5335] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 470.568190][ T5335] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 470.576602][ T5335] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 470.586525][ T5335] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 470.599520][ T5976] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 470.602834][ T5976] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 470.608084][ T5976] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 470.612348][ T5976] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 470.615976][ T5976] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 470.624928][T13925] syz_tun (unregistering): left promiscuous mode [ 470.706765][T15364] overlayfs: failed to resolve './file1': -2 [ 470.796460][T15358] chnl_net:caif_netlink_parms(): no params data found [ 470.819798][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 470.912556][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.917556][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 470.986028][T15358] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.988298][T15358] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.990872][T15358] bridge_slave_0: entered allmulticast mode [ 470.993539][T15358] bridge_slave_0: entered promiscuous mode [ 470.997515][T15358] bridge0: port 2(bridge_slave_1) entered blocking state [ 471.000199][T15358] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.003549][T15358] bridge_slave_1: entered allmulticast mode [ 471.007254][T15358] bridge_slave_1: entered promiscuous mode [ 471.045545][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.049849][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 471.080813][T15358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 471.082424][T15358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 471.111481][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.111515][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 471.141920][T15358] team0: Port device team_slave_0 added [ 471.143690][T15358] team0: Port device team_slave_1 added [ 471.198142][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.202754][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 471.216200][T15358] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 471.218307][T15358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 471.229850][T15358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 471.237868][T15358] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 471.240132][T15358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 471.250239][T15358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 471.313232][T15358] hsr_slave_0: entered promiscuous mode [ 471.316311][T15358] hsr_slave_1: entered promiscuous mode [ 471.319249][T15358] debugfs: 'hsr0' already exists in 'hsr' [ 471.321785][T15358] Cannot create hsr debugfs directory [ 471.432675][ T13] erspan0: left allmulticast mode [ 471.435203][ T13] erspan0: left promiscuous mode [ 471.439905][ T13] bridge0: port 3(erspan0) entered disabled state [ 471.445717][ T13] bridge_slave_1: left allmulticast mode [ 471.448015][ T13] bridge_slave_1: left promiscuous mode [ 471.450627][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.456184][ T13] bridge_slave_0: left allmulticast mode [ 471.458497][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.801736][T15380] netlink: 'syz.3.2284': attribute type 1 has an invalid length. [ 471.856226][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 471.858827][T15379] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2284'. [ 471.860545][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 471.867740][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 471.872257][ T13] bond0 (unregistering): Released all slaves [ 471.978526][T15386] program syz.0.2285 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 472.017348][ T13] bond1 (unregistering): Released all slaves [ 472.027364][ T13] bond2 (unregistering): Released all slaves [ 472.074178][T15380] 8021q: adding VLAN 0 to HW filter on device bond1 [ 472.078509][T15381] bond1: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 472.131288][ T13] tipc: Left network mode [ 472.657701][T15358] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 472.667616][T15358] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 472.670201][ T5976] Bluetooth: hci4: command tx timeout [ 472.678714][T15358] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 472.683394][T15358] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 472.898842][T15358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 472.900123][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 472.914009][T15358] 8021q: adding VLAN 0 to HW filter on device team0 [ 472.933954][T11293] bridge0: port 1(bridge_slave_0) entered blocking state [ 472.937089][T11293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 472.946041][T11293] bridge0: port 2(bridge_slave_1) entered blocking state [ 472.949102][T11293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 473.157163][T15358] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 473.175099][ T13] batadv_slave_0: left promiscuous mode [ 473.181889][ T13] hsr_slave_0: left promiscuous mode [ 473.184917][ T13] hsr_slave_1: left promiscuous mode [ 473.186928][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 473.189312][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 473.193184][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 473.195640][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 473.231860][ T13] veth1_macvtap: left promiscuous mode [ 473.233929][ T13] veth0_macvtap: left allmulticast mode [ 473.235901][ T13] veth0_macvtap: left promiscuous mode [ 473.238002][ T13] veth1_vlan: left promiscuous mode [ 473.242404][ T13] veth0_vlan: left promiscuous mode [ 473.902719][ T13] team0 (unregistering): Port device team_slave_1 removed [ 473.939826][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 474.517763][ T54] infiniband syz1: ib_query_port failed (-19) [ 474.554693][T15358] veth0_vlan: entered promiscuous mode [ 474.560590][T15358] veth1_vlan: entered promiscuous mode [ 474.580112][T15358] veth0_macvtap: entered promiscuous mode [ 474.586074][T15358] veth1_macvtap: entered promiscuous mode [ 474.602159][T15358] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 474.613065][T15358] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 474.620259][T15423] overlayfs: failed to resolve './file1': -2 [ 474.624559][T11297] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.628331][T11297] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.632673][T11297] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.636380][T11297] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.701702][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.704956][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.739899][ T5976] Bluetooth: hci4: command tx timeout [ 474.742930][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.746145][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.964043][ T5335] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 474.972934][ T5335] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 474.978849][ T5335] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 474.984282][ T5335] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 474.988658][ T5335] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 475.159475][T15433] chnl_net:caif_netlink_parms(): no params data found [ 475.257728][T15441] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2296'. [ 475.325617][T15433] bridge0: port 1(bridge_slave_0) entered blocking state [ 475.327906][T15433] bridge0: port 1(bridge_slave_0) entered disabled state [ 475.330390][T15433] bridge_slave_0: entered allmulticast mode [ 475.333082][T15433] bridge_slave_0: entered promiscuous mode [ 475.336424][T15433] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.338688][T15433] bridge0: port 2(bridge_slave_1) entered disabled state [ 475.341099][T15433] bridge_slave_1: entered allmulticast mode [ 475.343809][T15433] bridge_slave_1: entered promiscuous mode [ 475.375246][T15433] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 475.379765][T15433] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 475.444260][T15433] team0: Port device team_slave_0 added [ 475.453407][T15433] team0: Port device team_slave_1 added [ 475.506151][T15433] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 475.508461][T15433] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 475.518769][T15433] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 475.526902][T15433] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 475.529995][T15433] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 475.539314][T15433] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 475.611430][T15433] hsr_slave_0: entered promiscuous mode [ 475.613836][T15433] hsr_slave_1: entered promiscuous mode [ 475.616355][T15433] debugfs: 'hsr0' already exists in 'hsr' [ 475.619890][T15433] Cannot create hsr debugfs directory [ 475.785785][T15433] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 475.836707][T15458] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2301'. [ 475.877459][T15433] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 475.970450][T15433] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 476.036666][T15459] infiniband syz0: set active [ 476.039264][T15459] infiniband syz0: added veth1_vlan [ 476.043475][T15459] syz0: rxe_create_cq: returned err = -12 [ 476.046217][T15459] infiniband syz0: Couldn't create ib_mad CQ [ 476.048990][T15459] infiniband syz0: Couldn't open port 1 [ 476.074879][T15433] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 476.075343][T15459] RDS/IB: syz0: added [ 476.081534][T15459] smc: adding ib device syz0 with port count 1 [ 476.084588][T15459] smc: ib device syz0 port 1 has pnetid [ 476.231363][T15433] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 476.239060][T15433] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 476.249193][T15433] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 476.255165][T15433] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 476.343255][T15433] 8021q: adding VLAN 0 to HW filter on device bond0 [ 476.358149][T15433] 8021q: adding VLAN 0 to HW filter on device team0 [ 476.367265][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 476.370168][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 476.384007][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 476.387049][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 476.830622][ T5976] Bluetooth: hci4: command tx timeout [ 477.070700][ T5976] Bluetooth: hci0: command tx timeout [ 477.400689][T15489] i2c i2c-1: Invalid block write size 34 [ 477.436828][T15489] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 477.452492][T15489] cramfs: wrong magic [ 477.518460][T15433] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 477.565044][T15433] veth0_vlan: entered promiscuous mode [ 477.583013][T15433] veth1_vlan: entered promiscuous mode [ 477.616080][T15433] veth0_macvtap: entered promiscuous mode [ 477.620531][T15433] veth1_macvtap: entered promiscuous mode [ 477.635213][T15433] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 477.643918][T15433] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 477.662324][ T80] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.665159][ T80] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.673729][ T80] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.679408][ T80] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.727189][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 477.734760][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 477.761683][T11297] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 477.765096][T11297] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 478.378690][ T80] bond0 (unregistering): Released all slaves [ 478.471297][ T80] bond1 (unregistering): (slave veth0_to_bond): Releasing active interface [ 478.477161][ T80] bond1 (unregistering): Released all slaves [ 478.593309][T15529] sctp: [Deprecated]: syz.0.2314 (pid 15529) Use of int in maxseg socket option. [ 478.593309][T15529] Use struct sctp_assoc_value instead [ 478.602185][ T80] tipc: Disabling bearer [ 478.613273][ T80] tipc: Disabling bearer [ 478.631506][ T80] tipc: Left network mode [ 478.899995][ T5976] Bluetooth: hci4: command tx timeout [ 479.149717][ T5976] Bluetooth: hci0: command tx timeout [ 479.532476][T15545] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 479.553132][T15545] ubi31: attaching mtd0 [ 479.557915][T15545] ubi31: scanning is finished [ 479.562415][T15545] ubi31: empty MTD device detected [ 479.994507][T15545] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 480.000648][T15545] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 480.009659][T15545] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 480.014706][T15545] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 480.024792][T15545] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 480.027083][T15545] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 480.037774][T15545] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4139886382 [ 480.060860][T15545] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 480.066937][T15551] ubi31: background thread "ubi_bgt31d" started, PID 15551 [ 480.287347][ T80] hsr_slave_0: left promiscuous mode [ 480.292558][ T80] hsr_slave_1: left promiscuous mode [ 480.355320][T15557] binder: BINDER_SET_CONTEXT_MGR already set [ 480.357263][T15557] binder: 15556:15557 ioctl 4018620d 80004a80 returned -16 [ 480.599882][ T859] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 480.754081][ T859] usb 5-1: Using ep0 maxpacket: 16 [ 480.757748][ T859] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 480.763126][ T859] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 480.766805][ T859] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 480.773104][ T859] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.780813][ T859] usb 5-1: config 0 descriptor?? [ 481.197239][ T859] usbhid 5-1:0.0: can't add hid device: -32 [ 481.200315][ T859] usbhid 5-1:0.0: probe with driver usbhid failed with error -32 [ 481.204844][T15557] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2319'. [ 481.219834][ T5976] Bluetooth: hci0: command tx timeout [ 481.341148][T15574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2319'. [ 481.407592][T15577] binder: 15556:15577 ioctl c0306201 0 returned -14 [ 481.411305][T15577] binder: 15556:15577 ioctl c018937b 80000900 returned -22 [ 481.605960][T15583] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2324'. [ 482.197326][ T6040] usb 5-1: USB disconnect, device number 15 [ 482.207393][T15583] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 482.670543][ T80] IPVS: stop unused estimator thread 0... [ 482.884629][T15615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 483.299826][ T5976] Bluetooth: hci0: command tx timeout [ 483.916917][ T40] audit: type=1326 audit(1758288964.995:1395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15631 comm="syz.1.2335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 483.925293][ T40] audit: type=1326 audit(1758288964.995:1396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15631 comm="syz.1.2335" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 483.932062][ T40] audit: type=1326 audit(1758288964.995:1397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15631 comm="syz.1.2335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 483.938795][ T40] audit: type=1326 audit(1758288964.995:1398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15631 comm="syz.1.2335" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 483.945696][ T40] audit: type=1326 audit(1758288964.995:1399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15631 comm="syz.1.2335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 483.953033][ T40] audit: type=1326 audit(1758288964.995:1400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15631 comm="syz.1.2335" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 483.959735][ T40] audit: type=1326 audit(1758288964.995:1401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15631 comm="syz.1.2335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 483.966422][ T40] audit: type=1326 audit(1758288964.995:1402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15631 comm="syz.1.2335" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 483.973171][ T40] audit: type=1326 audit(1758288964.995:1403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15631 comm="syz.1.2335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 483.979943][ T40] audit: type=1326 audit(1758288964.995:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15631 comm="syz.1.2335" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70ae579 code=0x7ffc0000 [ 484.034955][T15640] bridge0: port 1(syz_tun) entered blocking state [ 484.037375][T15640] bridge0: port 1(syz_tun) entered disabled state [ 484.370065][T15646] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2340'. [ 484.396558][T15646] batadv5: entered allmulticast mode [ 484.443074][T15649] input: syz1 as /devices/virtual/input/input31 [ 484.516825][T15652] netlink: 'syz.2.2342': attribute type 10 has an invalid length. [ 484.522624][T15653] overlayfs: failed to resolve './file1': -2 [ 484.774183][T15663] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2345'. [ 484.801777][T15664] netlink: zone id is out of range [ 484.804040][T15664] netlink: zone id is out of range [ 484.807742][T15664] netlink: zone id is out of range [ 484.810107][T15664] netlink: zone id is out of range [ 484.886458][T15664] netlink: set zone limit has 4 unknown bytes [ 485.633761][T15685] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 485.639540][ T13] Bluetooth: hci1: Frame reassembly failed (-84) [ 486.272047][T15706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2356'. [ 486.275077][T15706] netlink: 'syz.2.2356': attribute type 5 has an invalid length. [ 486.277701][T15706] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2356'. [ 486.298538][T15706] geneve0: entered promiscuous mode [ 486.300881][T15706] geneve0: entered allmulticast mode [ 486.305739][ T80] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 486.309034][ T80] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 486.313341][ T80] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 486.316522][ T80] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 486.467680][T15700] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2355'. [ 486.723537][T15715] 9pnet_fd: p9_fd_create_tcp (15715): problem connecting socket to 127.0.0.1 [ 486.782478][T15716] overlayfs: failed to resolve './file1': -2 [ 487.088203][T15725] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2362'. [ 487.267072][T15730] ISOFS: Unable to identify CD-ROM format. [ 487.700347][ T5976] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 487.913917][T15738] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2366'. [ 488.015634][T15747] netlink: 'syz.3.2367': attribute type 12 has an invalid length. [ 488.018194][T15747] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.2367'. [ 488.343198][T15766] overlayfs: failed to resolve './file1': -2 [ 489.553857][T15803] netlink: 'syz.2.2382': attribute type 12 has an invalid length. [ 489.556454][T15803] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.2382'. [ 490.204134][T15821] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 490.206481][T15821] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 490.209335][T15821] vhci_hcd vhci_hcd.0: Device attached [ 490.354378][T15826] 9pnet_fd: p9_fd_create_tcp (15826): problem connecting socket to 127.0.0.1 [ 490.413975][T15827] overlayfs: failed to resolve './file1': -2 [ 490.542292][ T6007] usb 40-1: SetAddress Request (43) to port 0 [ 490.545040][ T6007] usb 40-1: new SuperSpeed USB device number 43 using vhci_hcd [ 490.756909][T15822] vhci_hcd: connection reset by peer [ 490.759381][ T13] vhci_hcd: stop threads [ 490.760919][ T13] vhci_hcd: release socket [ 490.762433][ T13] vhci_hcd: disconnect device [ 491.361889][T15844] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 491.546575][T15847] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2396'. [ 491.553053][T15842] netlink: 'syz.0.2394': attribute type 3 has an invalid length. [ 491.556181][T15842] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2394'. [ 492.081234][T15867] geneve2: entered promiscuous mode [ 492.089183][T15867] geneve2: entered allmulticast mode [ 492.381942][T15872] netlink: 9896 bytes leftover after parsing attributes in process `syz.2.2405'. [ 493.207350][T15881] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 493.209477][T15881] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 493.219832][T15881] vhci_hcd vhci_hcd.0: Device attached [ 493.224617][T15882] vhci_hcd: connection closed [ 493.228450][T11296] vhci_hcd: stop threads [ 493.238599][T11296] vhci_hcd: release socket [ 493.243214][T11296] vhci_hcd: disconnect device [ 493.574189][T15895] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2410'. [ 493.828935][T15903] bond1: entered promiscuous mode [ 494.813556][T15929] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2419'. [ 495.518727][ T6040] IPVS: starting estimator thread 0... [ 495.630269][ T6007] usb 40-1: device descriptor read/8, error -110 [ 495.639771][T15942] IPVS: using max 43 ests per chain, 103200 per kthread [ 495.981577][T15950] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 495.983988][T15950] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 495.986947][T15950] vhci_hcd vhci_hcd.0: Device attached [ 496.038328][T15953] Bluetooth: hci1: Frame reassembly failed (-84) [ 496.048376][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 496.058172][ T6007] usb usb40-port1: attempt power cycle [ 496.204682][T15951] vhci_hcd: connection closed [ 496.205873][ T46] vhci_hcd: stop threads [ 496.212549][ T46] vhci_hcd: release socket [ 496.214881][ T46] vhci_hcd: disconnect device [ 496.780302][ T6007] usb usb40-port1: unable to enumerate USB device [ 497.066545][T15959] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 497.310360][ T5972] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 497.314172][ T5972] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 497.325614][ T5972] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 497.328527][ T5972] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 497.331584][ T5972] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 497.356263][T10876] syz_tun (unregistering): left promiscuous mode [ 497.682331][T15986] chnl_net:caif_netlink_parms(): no params data found [ 497.802005][T15986] bridge0: port 1(bridge_slave_0) entered blocking state [ 497.805640][T15986] bridge0: port 1(bridge_slave_0) entered disabled state [ 497.808054][T15986] bridge_slave_0: entered allmulticast mode [ 497.814226][T15986] bridge_slave_0: entered promiscuous mode [ 497.818371][T15986] bridge0: port 2(bridge_slave_1) entered blocking state [ 497.821718][T15986] bridge0: port 2(bridge_slave_1) entered disabled state [ 497.824579][T15986] bridge_slave_1: entered allmulticast mode [ 497.828491][T15986] bridge_slave_1: entered promiscuous mode [ 497.884603][T15986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 497.890905][T15986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 497.955753][T15986] team0: Port device team_slave_0 added [ 497.961119][T15986] team0: Port device team_slave_1 added [ 498.037354][T15986] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 498.044986][T15986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 498.054070][T15986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 498.058699][T15986] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 498.061014][T15986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 498.069162][T15986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 498.108773][ T5972] Bluetooth: hci1: command 0x1003 tx timeout [ 498.112150][ T5976] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 498.133549][T15986] hsr_slave_0: entered promiscuous mode [ 498.135976][T15986] hsr_slave_1: entered promiscuous mode [ 498.307591][T15986] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 498.313932][T15986] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 498.333898][T16009] vxcan1: entered allmulticast mode [ 498.389527][T15986] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 498.395603][T15986] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 498.550293][T15986] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 498.585342][T15986] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 498.781525][T15986] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 498.796692][T15986] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 498.841758][T16028] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 498.844320][T16028] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 498.847456][T16028] vhci_hcd vhci_hcd.0: Device attached [ 499.121203][ T46] dvmrp9 (unregistering): left allmulticast mode [ 499.139679][ T6040] usb 44-1: SetAddress Request (59) to port 0 [ 499.141657][ T6040] usb 44-1: new SuperSpeed USB device number 59 using vhci_hcd [ 499.267206][T16043] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 499.276716][T16029] vhci_hcd: connection reset by peer [ 499.278699][T11295] vhci_hcd: stop threads [ 499.280734][T11295] vhci_hcd: release socket [ 499.282784][T11295] vhci_hcd: disconnect device [ 499.375961][T15986] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 499.380077][T15986] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 499.386382][T15986] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 499.389711][ T5976] Bluetooth: hci5: command tx timeout [ 499.392521][T15986] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 499.419221][ T46] tipc: Disabling bearer [ 499.423604][ T46] tipc: Left network mode [ 499.470235][T15986] 8021q: adding VLAN 0 to HW filter on device bond0 [ 499.501598][T15986] 8021q: adding VLAN 0 to HW filter on device team0 [ 499.508723][T11295] bridge0: port 1(bridge_slave_0) entered blocking state [ 499.511627][T11295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 499.521845][T11295] bridge0: port 2(bridge_slave_1) entered blocking state [ 499.525160][T11295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 499.646994][T15986] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 499.672041][T15986] veth0_vlan: entered promiscuous mode [ 499.676825][T15986] veth1_vlan: entered promiscuous mode [ 499.701916][T15986] veth0_macvtap: entered promiscuous mode [ 499.706397][T15986] veth1_macvtap: entered promiscuous mode [ 499.714598][T15986] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 499.722360][T15986] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 499.728241][T11295] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 499.731545][T11295] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 499.734988][T11295] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 499.737819][T11295] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 499.790380][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 499.797601][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 499.825020][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 499.828445][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 499.930359][T16070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2443'. [ 500.225716][T16064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 500.378101][T16079] loop4: detected capacity change from 0 to 524287935 [ 500.404100][ T46] batadv_slave_0: left promiscuous mode [ 500.415558][ T46] hsr_slave_0: left promiscuous mode [ 500.447626][ T46] veth1_macvtap: left promiscuous mode [ 500.450418][ T46] veth0_macvtap: left promiscuous mode [ 500.452811][ T46] veth1_vlan: left promiscuous mode [ 501.033529][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.035605][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.459760][ T5976] Bluetooth: hci5: command tx timeout [ 501.677200][ T46] team0 (unregistering): Port device vlan0 removed [ 501.810700][T16096] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2448'. [ 502.637814][T16086] vxcan1: entered allmulticast mode [ 502.898436][T16096] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.902023][T16096] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.946104][T16096] vxcan1: left allmulticast mode [ 503.020280][T16096] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 503.028476][T16096] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 503.156726][T16096] geneve0: left promiscuous mode [ 503.158350][T16096] geneve0: left allmulticast mode [ 503.228710][T11297] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.233075][T11297] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0 [ 503.237703][T11297] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.240760][T11297] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 256 - 0 [ 503.244279][ T53] syz0: Port: 1 Link DOWN [ 503.257674][T11297] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.269727][T11297] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 256 - 0 [ 503.274174][T11297] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.278840][T11297] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 256 - 0 [ 503.540625][ T5976] Bluetooth: hci5: command tx timeout [ 504.147110][T16132] netlink: 'syz.2.2457': attribute type 5 has an invalid length. [ 504.190179][ T6040] usb 44-1: device descriptor read/8, error -110 [ 504.379446][T16139] netlink: zone id is out of range [ 504.389282][T16139] netlink: zone id is out of range [ 504.396233][T16139] netlink: zone id is out of range [ 504.400863][T16139] netlink: zone id is out of range [ 504.455617][T16139] netlink: set zone limit has 4 unknown bytes [ 504.683360][ T6040] usb usb44-port1: attempt power cycle [ 505.370201][ T6040] usb usb44-port1: unable to enumerate USB device [ 505.527656][T16166] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2464'. [ 505.619687][ T5976] Bluetooth: hci5: command tx timeout [ 506.217753][T16176] binder: 16175:16176 unknown command 0 [ 506.221650][T16176] binder: 16175:16176 ioctl c0306201 80000080 returned -22 [ 506.580808][T16181] netlink: 'syz.2.2469': attribute type 7 has an invalid length. [ 506.584535][T16181] netlink: 'syz.2.2469': attribute type 8 has an invalid length. [ 506.803193][T16185] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2470'. [ 506.807291][T16185] netlink: 'syz.0.2470': attribute type 15 has an invalid length. [ 506.848621][T16185] vxlan0: entered promiscuous mode [ 506.855661][T11297] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 506.858420][T11297] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 506.862458][T11297] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 506.865728][T11297] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 506.875606][T16186] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2469'. [ 507.118113][T16190] netlink: zone id is out of range [ 507.120422][T16190] netlink: zone id is out of range [ 507.122030][T16190] netlink: zone id is out of range [ 507.132461][T16190] netlink: set zone limit has 4 unknown bytes [ 507.624749][T16205] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2476'. [ 508.117535][T16213] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 508.119755][T16213] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 508.130275][T16213] vhci_hcd vhci_hcd.0: Device attached [ 508.399698][ T6040] usb 40-1: SetAddress Request (47) to port 0 [ 508.407330][ T6040] usb 40-1: new SuperSpeed USB device number 47 using vhci_hcd [ 508.730298][T16214] vhci_hcd: connection reset by peer [ 508.732815][ T80] vhci_hcd: stop threads [ 508.734189][ T80] vhci_hcd: release socket [ 508.735694][ T80] vhci_hcd: disconnect device [ 510.530730][T16259] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2493'. [ 510.901205][T16276] veth1_to_bond: entered allmulticast mode [ 510.904167][T16275] veth1_to_bond: left allmulticast mode [ 510.936096][T16280] FAULT_INJECTION: forcing a failure. [ 510.936096][T16280] name failslab, interval 1, probability 0, space 0, times 0 [ 510.942451][T16280] CPU: 0 UID: 0 PID: 16280 Comm: syz.0.2501 Not tainted syzkaller #0 PREEMPT(full) [ 510.942473][T16280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 510.942480][T16280] Call Trace: [ 510.942485][T16280] [ 510.942489][T16280] dump_stack_lvl+0x16c/0x1f0 [ 510.942533][T16280] should_fail_ex+0x512/0x640 [ 510.942557][T16280] ? fs_reclaim_acquire+0xae/0x150 [ 510.942576][T16280] should_failslab+0xc2/0x120 [ 510.942590][T16280] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 510.942604][T16280] ? simple_xattr_get+0x179/0x1d0 [ 510.942620][T16280] ? vfs_getxattr_alloc+0x23b/0x340 [ 510.942634][T16280] krealloc_noprof+0x1ff/0x3a0 [ 510.942649][T16280] vfs_getxattr_alloc+0x23b/0x340 [ 510.942663][T16280] ? __pfx_vfs_getxattr_alloc+0x10/0x10 [ 510.942676][T16280] ? do_raw_spin_unlock+0x172/0x230 [ 510.942696][T16280] cap_inode_getsecurity+0xe9/0x850 [ 510.942710][T16280] ? __pfx_cap_inode_getsecurity+0x10/0x10 [ 510.942721][T16280] ? tomoyo_path_number_perm+0x18d/0x580 [ 510.942736][T16280] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 510.942752][T16280] security_inode_getsecurity+0xe8/0x2f0 [ 510.942768][T16280] vfs_getxattr+0x23e/0x290 [ 510.942780][T16280] ? __pfx_vfs_getxattr+0x10/0x10 [ 510.942795][T16280] ovl_other_xattr_get+0xf5/0x160 [ 510.942809][T16280] ? __pfx_ovl_other_xattr_get+0x10/0x10 [ 510.942822][T16280] ? xattr_resolve_name+0x27b/0x3f0 [ 510.942835][T16280] ? __pfx_ovl_other_xattr_get+0x10/0x10 [ 510.942846][T16280] __vfs_getxattr+0x13a/0x1a0 [ 510.942858][T16280] ? __pfx___vfs_getxattr+0x10/0x10 [ 510.942869][T16280] ? current_time+0x11d/0x1a0 [ 510.942882][T16280] ? __pfx_current_time+0x10/0x10 [ 510.942897][T16280] cap_inode_need_killpriv+0x40/0x60 [ 510.942909][T16280] security_inode_need_killpriv+0x1b9/0x1e0 [ 510.942923][T16280] notify_change+0x731/0x1230 [ 510.942944][T16280] chown_common+0x54e/0x680 [ 510.942962][T16280] ? __pfx_chown_common+0x10/0x10 [ 510.942977][T16280] ? find_held_lock+0x2b/0x80 [ 510.942992][T16280] ? mnt_get_write_access+0x20c/0x300 [ 510.943011][T16280] do_fchownat+0x1a7/0x200 [ 510.943026][T16280] ? __pfx_do_fchownat+0x10/0x10 [ 510.943042][T16280] ? __pfx_ksys_write+0x10/0x10 [ 510.943057][T16280] __ia32_sys_lchown16+0xe6/0x120 [ 510.943096][T16280] __do_fast_syscall_32+0x7c/0x300 [ 510.943118][T16280] do_fast_syscall_32+0x32/0x80 [ 510.943127][T16280] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 510.943141][T16280] RIP: 0023:0xf702e579 [ 510.943150][T16280] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 510.943160][T16280] RSP: 002b:00000000f541e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000010 [ 510.943170][T16280] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000000000 [ 510.943177][T16280] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 510.943183][T16280] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 510.943189][T16280] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 510.943195][T16280] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 510.943209][T16280] [ 510.946826][T16283] overlayfs: failed to resolve './file1': -2 [ 511.266229][T16300] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 511.712339][T16304] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2509'. [ 511.813371][T16313] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2513'. [ 511.822026][T16313] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2513'. [ 512.066994][T16319] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2514'. [ 512.099242][T16321] overlayfs: conflicting lowerdir path [ 512.314321][T16326] raw_sendmsg: syz.0.2517 forgot to set AF_INET. Fix it! [ 512.884145][T16336] tipc: Started in network mode [ 512.889846][T16336] tipc: Node identity c, cluster identity 4711 [ 512.895775][T16336] tipc: Node number set to 12 [ 513.329094][T16341] FAULT_INJECTION: forcing a failure. [ 513.329094][T16341] name failslab, interval 1, probability 0, space 0, times 0 [ 513.334226][T16341] CPU: 0 UID: 0 PID: 16341 Comm: syz.0.2520 Not tainted syzkaller #0 PREEMPT(full) [ 513.334241][T16341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 513.334248][T16341] Call Trace: [ 513.334252][T16341] [ 513.334257][T16341] dump_stack_lvl+0x16c/0x1f0 [ 513.334278][T16341] should_fail_ex+0x512/0x640 [ 513.334294][T16341] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 513.334308][T16341] should_failslab+0xc2/0x120 [ 513.334323][T16341] __kmalloc_cache_noprof+0x6a/0x3e0 [ 513.334334][T16341] ? nft_target_select_ops+0x32b/0x620 [ 513.334352][T16341] nft_target_select_ops+0x32b/0x620 [ 513.334367][T16341] ? __pfx_nft_target_select_ops+0x10/0x10 [ 513.334382][T16341] nf_tables_expr_parse+0x605/0x9c0 [ 513.334397][T16341] ? __pfx_nf_tables_expr_parse+0x10/0x10 [ 513.334426][T16341] ? nf_tables_newrule+0x8b6/0x28e0 [ 513.334444][T16341] nf_tables_newrule+0xa44/0x28e0 [ 513.334463][T16341] ? __pfx_nf_tables_newrule+0x10/0x10 [ 513.334486][T16341] ? __nla_parse+0x40/0x60 [ 513.334500][T16341] nfnetlink_rcv_batch+0x18ea/0x2330 [ 513.334521][T16341] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 513.334537][T16341] ? __local_bh_enable_ip+0xa4/0x120 [ 513.334550][T16341] ? __dev_queue_xmit+0xaf1/0x4490 [ 513.334564][T16341] ? __dev_queue_xmit+0xb12/0x4490 [ 513.334583][T16341] ? __pfx___dev_queue_xmit+0x10/0x10 [ 513.334609][T16341] ? __nla_parse+0x40/0x60 [ 513.334623][T16341] nfnetlink_rcv+0x3c1/0x430 [ 513.334636][T16341] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 513.334652][T16341] netlink_unicast+0x5a7/0x870 [ 513.334671][T16341] ? __pfx_netlink_unicast+0x10/0x10 [ 513.334688][T16341] ? __pfx___might_resched+0x10/0x10 [ 513.334704][T16341] netlink_sendmsg+0x8d1/0xdd0 [ 513.334724][T16341] ? __pfx_netlink_sendmsg+0x10/0x10 [ 513.334743][T16341] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 513.334758][T16341] ____sys_sendmsg+0xa98/0xc70 [ 513.334772][T16341] ? __pfx_____sys_sendmsg+0x10/0x10 [ 513.334783][T16341] ? get_compat_msghdr+0x11a/0x170 [ 513.334810][T16341] ___sys_sendmsg+0x134/0x1d0 [ 513.334834][T16341] ? __pfx____sys_sendmsg+0x10/0x10 [ 513.334870][T16341] ? find_held_lock+0x2b/0x80 [ 513.334902][T16341] __sys_sendmsg+0x16d/0x220 [ 513.334928][T16341] ? __pfx___sys_sendmsg+0x10/0x10 [ 513.334955][T16341] ? rcu_is_watching+0x12/0xc0 [ 513.334968][T16341] __do_fast_syscall_32+0x7c/0x300 [ 513.334987][T16341] do_fast_syscall_32+0x32/0x80 [ 513.334997][T16341] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 513.335011][T16341] RIP: 0023:0xf702e579 [ 513.335020][T16341] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 513.335031][T16341] RSP: 002b:00000000f541e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 513.335065][T16341] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080009b40 [ 513.335077][T16341] RDX: 0000000020040040 RSI: 0000000000000000 RDI: 0000000000000000 [ 513.335085][T16341] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 513.335091][T16341] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 513.335098][T16341] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 513.335112][T16341] [ 513.459689][ T6040] usb 40-1: device descriptor read/8, error -110 [ 513.559445][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 513.559481][ T40] audit: type=1400 audit(1758288994.635:1413): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=16344 comm="syz.0.2523" [ 513.624978][T16348] netlink: zone id is out of range [ 513.627027][T16348] netlink: zone id is out of range [ 513.630067][T16348] netlink: zone id is out of range [ 513.631823][T16348] netlink: zone id is out of range [ 513.643700][T16348] netlink: set zone limit has 4 unknown bytes [ 513.888235][ T6040] usb usb40-port1: attempt power cycle [ 513.899187][T16354] fuse: Bad value for 'user_id' [ 513.900725][T16354] fuse: Bad value for 'user_id' [ 514.406366][T16373] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2528'. [ 514.486882][T16374] syzkaller0: entered promiscuous mode [ 515.353265][T16386] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 515.355945][T16386] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 515.359222][T16386] vhci_hcd vhci_hcd.0: Device attached [ 515.494109][T16387] vhci_hcd: connection closed [ 515.494412][ T12] vhci_hcd: stop threads [ 515.503056][ T12] vhci_hcd: release socket [ 515.504648][ T12] vhci_hcd: disconnect device [ 515.532238][T16392] netlink: zone id is out of range [ 515.539790][T16392] netlink: zone id is out of range [ 515.577352][T16392] netlink: set zone limit has 4 unknown bytes [ 515.603404][ T6040] usb usb40-port1: unable to enumerate USB device [ 516.762254][T16399] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2532'. [ 516.765885][T16399] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2532'. [ 516.779853][T16399] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2532'. [ 516.965929][T16408] NILFS (md0): device size too small [ 516.969380][T16412] NILFS (md0): device size too small [ 516.977056][T16408] ata1.00: invalid multi_count 128 ignored [ 517.030974][T16416] overlayfs: failed to resolve './file1': -2 [ 517.270563][T16422] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(14) [ 517.272695][T16422] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 517.275758][T16422] vhci_hcd vhci_hcd.0: Device attached [ 517.530177][ T34] usb 43-1: new high-speed USB device number 3 using vhci_hcd [ 517.751352][T16403] 9pnet_fd: p9_fd_create_tcp (16403): problem connecting socket to 127.0.0.1 [ 518.132581][T16423] vhci_hcd: connection reset by peer [ 518.136650][ T46] vhci_hcd: stop threads [ 518.138191][ T46] vhci_hcd: release socket [ 518.140363][ T46] vhci_hcd: disconnect device [ 518.264488][T16431] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2541'. [ 518.490597][T16437] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 518.868210][T16452] netlink: zone id is out of range [ 518.873205][T16452] netlink: zone id is out of range [ 518.947500][T16452] netlink: set zone limit has 4 unknown bytes [ 518.972432][T16454] overlayfs: failed to resolve './file1': -2 [ 519.048261][T16455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2545'. [ 519.058984][T16455] netlink: 'syz.1.2545': attribute type 5 has an invalid length. [ 519.064234][T16455] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2545'. [ 519.091867][T16455] geneve2: entered promiscuous mode [ 519.120103][T16455] geneve2: entered allmulticast mode [ 519.125281][ T46] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 256 - 0 [ 519.137574][ T46] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 256 - 0 [ 519.169911][ T46] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 256 - 0 [ 519.173304][ T46] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 256 - 0 [ 520.697058][T16487] netlink: 'syz.2.2553': attribute type 12 has an invalid length. [ 520.699753][T16487] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.2553'. [ 520.785337][T16492] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 520.787430][T16492] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 520.790320][T16492] vhci_hcd vhci_hcd.0: Device attached [ 521.218841][T16494] vhci_hcd: connection closed [ 521.219206][ T12] vhci_hcd: stop threads [ 521.222116][ T12] vhci_hcd: release socket [ 521.223609][ T12] vhci_hcd: disconnect device [ 521.233043][ T40] audit: type=1804 audit(1758289002.315:1414): pid=16511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2558" name="/newroot/594/bus/file0" dev="overlay" ino=3208 res=1 errno=0 [ 521.301257][T16514] netlink: zone id is out of range [ 521.303156][T16514] netlink: zone id is out of range [ 521.324200][T16514] netlink: set zone limit has 4 unknown bytes [ 521.481186][T16517] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input32 [ 522.341457][ T5976] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 522.344313][ T5976] Bluetooth: hci5: Injecting HCI hardware error event [ 522.347792][ T5972] Bluetooth: hci5: hardware error 0x00 [ 522.645353][T16537] wireguard0: entered promiscuous mode [ 522.649439][T16537] wireguard0: entered allmulticast mode [ 522.649775][ T34] vhci_hcd: vhci_device speed not set [ 522.905263][T16545] overlayfs: failed to resolve './file1': -2 [ 522.980707][T16549] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2567'. [ 523.517743][T16562] netlink: 'syz.2.2569': attribute type 4 has an invalid length. [ 523.649903][T16563] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 523.652302][T16563] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 523.655739][T16563] vhci_hcd vhci_hcd.0: Device attached [ 523.989857][ T53] usb 40-1: SetAddress Request (51) to port 0 [ 523.991894][ T53] usb 40-1: new SuperSpeed USB device number 51 using vhci_hcd [ 524.060383][ T6040] usb usb44-port1: attempt power cycle [ 524.308338][T16569] lo speed is unknown, defaulting to 1000 [ 524.310382][T16569] lo speed is unknown, defaulting to 1000 [ 524.314267][T16569] lo speed is unknown, defaulting to 1000 [ 524.334794][T16569] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 524.378809][T16569] lo speed is unknown, defaulting to 1000 [ 524.385059][T16569] lo speed is unknown, defaulting to 1000 [ 524.390073][T16569] lo speed is unknown, defaulting to 1000 [ 524.397446][T16569] lo speed is unknown, defaulting to 1000 [ 524.420301][ T5972] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 524.781674][ T6040] usb usb44-port1: unable to enumerate USB device [ 524.929802][T16565] vhci_hcd: connection reset by peer [ 524.932564][ T80] vhci_hcd: stop threads [ 524.933937][ T80] vhci_hcd: release socket [ 524.935400][ T80] vhci_hcd: disconnect device [ 524.960635][T16575] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 525.231091][T16583] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 525.374643][T16593] 8021q: adding VLAN 0 to HW filter on device bond0 [ 525.377703][T16593] 8021q: adding VLAN 0 to HW filter on device team0 [ 525.383318][T16593] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 525.644652][T16593] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2577'. [ 525.647572][T16593] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2577'. [ 525.767179][ T5976] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 525.782276][ T5976] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 525.785957][ T5976] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 525.794924][ T5976] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 525.804924][ T5976] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 525.977875][T16599] FAULT_INJECTION: forcing a failure. [ 525.977875][T16599] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 525.982580][T16599] CPU: 1 UID: 0 PID: 16599 Comm: syz.3.2579 Not tainted syzkaller #0 PREEMPT(full) [ 525.982598][T16599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 525.982606][T16599] Call Trace: [ 525.982610][T16599] [ 525.982632][T16599] dump_stack_lvl+0x16c/0x1f0 [ 525.982656][T16599] should_fail_ex+0x512/0x640 [ 525.982679][T16599] _copy_from_iter+0x29f/0x1720 [ 525.982696][T16599] ? __pfx__copy_from_iter+0x10/0x10 [ 525.982709][T16599] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 525.982733][T16599] copy_page_from_iter+0xde/0x180 [ 525.982748][T16599] tun_build_skb.constprop.0+0x2e8/0x1500 [ 525.982770][T16599] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 525.982788][T16599] ? __lock_acquire+0x62e/0x1ce0 [ 525.982815][T16599] tun_get_user+0x14ae/0x3ce0 [ 525.982836][T16599] ? __pfx_tun_get_user+0x10/0x10 [ 525.982851][T16599] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 525.982869][T16599] ? find_held_lock+0x2b/0x80 [ 525.982881][T16599] ? tun_get+0x191/0x370 [ 525.982897][T16599] tun_chr_write_iter+0xdc/0x210 [ 525.982913][T16599] vfs_write+0x7d0/0x11d0 [ 525.982947][T16599] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 525.982977][T16599] ? __pfx_vfs_write+0x10/0x10 [ 525.982990][T16599] ? find_held_lock+0x2b/0x80 [ 525.983012][T16599] ksys_write+0x12a/0x250 [ 525.983026][T16599] ? __pfx_ksys_write+0x10/0x10 [ 525.983042][T16599] ? rcu_is_watching+0x12/0xc0 [ 525.983056][T16599] __do_fast_syscall_32+0x7c/0x300 [ 525.983077][T16599] do_fast_syscall_32+0x32/0x80 [ 525.983088][T16599] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 525.983103][T16599] RIP: 0023:0xf70be579 [ 525.983113][T16599] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 525.983126][T16599] RSP: 002b:00000000f54ae520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 525.983137][T16599] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000e00 [ 525.983145][T16599] RDX: 000000000000006c RSI: 00000000f7444ff4 RDI: 0000000000000000 [ 525.983152][T16599] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 525.983159][T16599] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 525.983166][T16599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 525.983181][T16599] [ 526.068153][T16596] lo speed is unknown, defaulting to 1000 [ 526.107881][ T46] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.112043][ T46] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 526.188211][ T46] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.196092][ T46] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 526.221207][T16605] overlayfs: failed to resolve './file1': -2 [ 526.252397][T16596] chnl_net:caif_netlink_parms(): no params data found [ 526.302707][ T46] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.306361][ T46] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 526.368608][ T46] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.371871][ T46] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 526.379418][T16596] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.382263][T16596] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.384941][T16596] bridge_slave_0: entered allmulticast mode [ 526.388817][T16596] bridge_slave_0: entered promiscuous mode [ 526.396659][T16596] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.402026][T16596] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.405092][T16596] bridge_slave_1: entered allmulticast mode [ 526.408938][T16596] bridge_slave_1: entered promiscuous mode [ 526.463741][T16596] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 526.478276][T16596] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 526.531943][T16596] team0: Port device team_slave_0 added [ 526.546955][T16596] team0: Port device team_slave_1 added [ 526.617393][T16596] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 526.620551][T16596] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 526.632322][T16596] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 526.651115][T16596] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 526.654107][T16596] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 526.665757][T16596] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 526.667773][T16611] binder: 16610:16611 unknown command 0 [ 526.672801][T16611] binder: 16610:16611 ioctl c0306201 80000080 returned -22 [ 526.706955][ T46] erspan0: left allmulticast mode [ 526.710009][ T46] erspan0: left promiscuous mode [ 526.712554][ T46] bridge0: port 1(erspan0) entered disabled state [ 527.271729][ T46] bond0 (unregistering): Released all slaves [ 527.367052][ T46] bond1 (unregistering): Released all slaves [ 527.377857][ T46] bond2 (unregistering): Released all slaves [ 527.457027][T16596] hsr_slave_0: entered promiscuous mode [ 527.460490][T16596] hsr_slave_1: entered promiscuous mode [ 527.462597][T16596] debugfs: 'hsr0' already exists in 'hsr' [ 527.464496][T16596] Cannot create hsr debugfs directory [ 527.466567][ T46] : left promiscuous mode [ 527.778829][T16634] comedi comedi0: Minor 3 specified more than once! [ 527.859720][ T5972] Bluetooth: hci1: command tx timeout [ 528.197831][ T46] hsr_slave_0: left promiscuous mode [ 528.202744][ T46] hsr_slave_1: left promiscuous mode [ 528.238527][ T46] veth1_macvtap: left promiscuous mode [ 528.241041][ T46] veth0_macvtap: left allmulticast mode [ 528.243404][ T46] veth0_macvtap: left promiscuous mode [ 528.245909][ T46] veth1_vlan: left promiscuous mode [ 528.248026][ T46] veth0_vlan: left promiscuous mode [ 529.379999][ T53] usb 40-1: device descriptor read/8, error -110 [ 529.770662][ T53] usb usb40-port1: attempt power cycle [ 529.808640][T16596] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 529.813357][T16596] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 529.817396][T16596] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 529.822957][T16596] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 529.883261][T16596] 8021q: adding VLAN 0 to HW filter on device bond0 [ 529.897680][T16596] 8021q: adding VLAN 0 to HW filter on device team0 [ 529.907809][T11296] bridge0: port 1(bridge_slave_0) entered blocking state [ 529.910168][T11296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 529.920241][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 529.922842][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 529.950026][ T5972] Bluetooth: hci1: command tx timeout [ 530.115562][T16596] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 530.144213][T16596] veth0_vlan: entered promiscuous mode [ 530.153626][T16596] veth1_vlan: entered promiscuous mode [ 530.176587][T16596] veth0_macvtap: entered promiscuous mode [ 530.187311][T16596] veth1_macvtap: entered promiscuous mode [ 530.202456][T16596] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 530.212770][T16596] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 530.225465][T11297] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.229025][T11297] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.252538][T11297] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.255633][T11297] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.263001][ T46] IPVS: stop unused estimator thread 0... [ 530.344682][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 530.345377][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 530.350444][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 530.364923][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 530.383458][ T53] usb usb40-port1: unable to enumerate USB device [ 530.706571][T16687] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 530.712875][T16687] cramfs: wrong magic [ 531.050213][ T40] audit: type=1804 audit(1758289012.125:1415): pid=16692 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2598" name="/newroot/90/file0" dev="tmpfs" ino=497 res=1 errno=0 [ 531.569515][ T40] audit: type=1804 audit(1758289012.645:1416): pid=16710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2603" name="/newroot/69/bus/bus" dev="overlay" ino=391 res=1 errno=0 [ 531.578786][ T7672] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 531.582353][ T40] audit: type=1804 audit(1758289012.645:1417): pid=16710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2603" name="/newroot/69/bus/bus" dev="overlay" ino=391 res=1 errno=0 [ 531.739953][ T7672] usb 7-1: Using ep0 maxpacket: 16 [ 531.786412][ T7672] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 531.868947][ T7672] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 531.878418][ T7672] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 532.019679][ T5972] Bluetooth: hci1: command tx timeout [ 532.087698][T16719] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2605'. [ 532.145363][ T7672] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 532.148625][ T7672] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.157159][ T7672] usb 7-1: config 0 descriptor?? [ 532.258386][T16722] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.260942][T16722] bridge0: port 1(bridge_slave_0) entered disabled state [ 532.263849][T16722] bridge0: entered promiscuous mode [ 532.371672][T16719] lo speed is unknown, defaulting to 1000 [ 532.570833][ T7672] hid_parser_main: 5 callbacks suppressed [ 532.570854][ T7672] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 532.576240][ T7672] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 532.579151][ T7672] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 532.599752][ T7672] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 532.602150][ T7672] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 532.606019][ T7672] input: HID 0955:7214 Haptics as /devices/virtual/input/input33 [ 532.619231][ T7672] shield 0003:0955:7214.0007: Registered Thunderstrike controller [ 532.622018][ T7672] shield 0003:0955:7214.0007: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 532.780553][T16704] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 532.783563][T16704] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 532.787050][T16704] netlink: 'syz.2.2601': attribute type 2 has an invalid length. [ 532.789500][T16704] netlink: 244 bytes leftover after parsing attributes in process `syz.2.2601'. [ 532.793846][ T7672] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 532.794437][ T6040] usb 7-1: USB disconnect, device number 12 [ 532.797966][ T7672] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 532.803790][ T7672] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 532.807415][ T7672] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 532.992065][T16745] FAULT_INJECTION: forcing a failure. [ 532.992065][T16745] name failslab, interval 1, probability 0, space 0, times 0 [ 532.995943][T16745] CPU: 0 UID: 0 PID: 16745 Comm: syz.0.2612 Not tainted syzkaller #0 PREEMPT(full) [ 532.995958][T16745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 532.995964][T16745] Call Trace: [ 532.995969][T16745] [ 532.995973][T16745] dump_stack_lvl+0x16c/0x1f0 [ 532.996031][T16745] should_fail_ex+0x512/0x640 [ 532.996054][T16745] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 532.996070][T16745] should_failslab+0xc2/0x120 [ 532.996084][T16745] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 532.996098][T16745] ? __kernfs_new_node+0xd2/0x8e0 [ 532.996114][T16745] __kernfs_new_node+0xd2/0x8e0 [ 532.996130][T16745] ? __pfx___kernfs_new_node+0x10/0x10 [ 532.996147][T16745] ? find_held_lock+0x2b/0x80 [ 532.996159][T16745] ? kernfs_root+0xee/0x2a0 [ 532.996175][T16745] kernfs_new_node+0x13c/0x1e0 [ 532.996193][T16745] __kernfs_create_file+0x53/0x350 [ 532.996205][T16745] sysfs_add_file_mode_ns+0x207/0x3c0 [ 532.996222][T16745] internal_create_group+0x578/0xf30 [ 532.996239][T16745] ? __pfx_internal_create_group+0x10/0x10 [ 532.996254][T16745] ? sysfs_create_dir_ns+0x14c/0x2b0 [ 532.996267][T16745] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 532.996280][T16745] ? find_held_lock+0x2b/0x80 [ 532.996292][T16745] internal_create_groups+0x9d/0x150 [ 532.996308][T16745] kobject_add_internal+0x311/0x9b0 [ 532.996322][T16745] kobject_init_and_add+0x11b/0x190 [ 532.996333][T16745] ? __pfx_kobject_init_and_add+0x10/0x10 [ 532.996352][T16745] rpc_sysfs_xprt_setup+0x187/0x300 [ 532.996371][T16745] xprt_switch_alloc+0x2ce/0x3c0 [ 532.996383][T16745] rpc_create_xprt+0x2dc/0x440 [ 532.996396][T16745] rpc_create+0x469/0x7f0 [ 532.996409][T16745] ? __pfx_rpc_create+0x10/0x10 [ 532.996420][T16745] ? __mutex_trylock_common+0xe9/0x250 [ 532.996438][T16745] ? __lock_acquire+0xb97/0x1ce0 [ 532.996464][T16745] ? __pfx___might_resched+0x10/0x10 [ 532.996476][T16745] ? rcu_is_watching+0x12/0xc0 [ 532.996490][T16745] rpcb_create_af_local+0x11b/0x310 [ 532.996509][T16745] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 532.996532][T16745] ? find_held_lock+0x2b/0x80 [ 532.996543][T16745] ? rpcb_create_local+0x1da/0x270 [ 532.996562][T16745] rpcb_create_local+0x1ee/0x270 [ 532.996579][T16745] svc_bind+0x1e8/0x260 [ 532.996597][T16745] nfsd_create_serv+0x2d2/0x480 [ 532.996610][T16745] ? __pfx_nfsd_create_serv+0x10/0x10 [ 532.996622][T16745] ? __nla_validate_parse+0x600/0x2880 [ 532.996637][T16745] nfsd_nl_listener_set_doit+0xdd/0x1b10 [ 532.996657][T16745] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 532.996672][T16745] ? __nla_parse+0x40/0x60 [ 532.996686][T16745] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 532.996699][T16745] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 532.996715][T16745] genl_family_rcv_msg_doit+0x209/0x2f0 [ 532.996728][T16745] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 532.996738][T16745] ? rcu_is_watching+0x12/0xc0 [ 532.996754][T16745] ? bpf_lsm_capable+0x9/0x10 [ 532.996764][T16745] ? security_capable+0x7e/0x260 [ 532.996778][T16745] genl_rcv_msg+0x55c/0x800 [ 532.996791][T16745] ? __pfx_genl_rcv_msg+0x10/0x10 [ 532.996803][T16745] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 532.996819][T16745] ? __lock_acquire+0x62e/0x1ce0 [ 532.996835][T16745] netlink_rcv_skb+0x158/0x420 [ 532.996852][T16745] ? __pfx_genl_rcv_msg+0x10/0x10 [ 532.996864][T16745] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 532.996886][T16745] ? netlink_deliver_tap+0x1ae/0xd30 [ 532.996902][T16745] ? is_vmalloc_addr+0x86/0xa0 [ 532.996915][T16745] genl_rcv+0x28/0x40 [ 532.996925][T16745] netlink_unicast+0x5a7/0x870 [ 532.996944][T16745] ? __pfx_netlink_unicast+0x10/0x10 [ 532.996961][T16745] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 532.996981][T16745] netlink_sendmsg+0x8d1/0xdd0 [ 532.997000][T16745] ? __pfx_netlink_sendmsg+0x10/0x10 [ 532.997019][T16745] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 532.997033][T16745] ____sys_sendmsg+0xa98/0xc70 [ 532.997048][T16745] ? __pfx_____sys_sendmsg+0x10/0x10 [ 532.997059][T16745] ? get_compat_msghdr+0x11a/0x170 [ 532.997081][T16745] ___sys_sendmsg+0x134/0x1d0 [ 532.997098][T16745] ? __pfx____sys_sendmsg+0x10/0x10 [ 532.997121][T16745] ? find_held_lock+0x2b/0x80 [ 532.997141][T16745] __sys_sendmsg+0x16d/0x220 [ 532.997157][T16745] ? __pfx___sys_sendmsg+0x10/0x10 [ 532.997180][T16745] ? rcu_is_watching+0x12/0xc0 [ 532.997193][T16745] __do_fast_syscall_32+0x7c/0x300 [ 532.997211][T16745] do_fast_syscall_32+0x32/0x80 [ 532.997221][T16745] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 532.997234][T16745] RIP: 0023:0xf702e579 [ 532.997243][T16745] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 532.997254][T16745] RSP: 002b:00000000f541e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 532.997264][T16745] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 532.997271][T16745] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 532.997277][T16745] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 532.997283][T16745] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 532.997289][T16745] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 532.997303][T16745] [ 532.997441][T16745] kobject: kobject_add_internal failed for xprt-0-local (error: -12 parent: switch-0) [ 533.228422][T16747] ------------[ cut here ]------------ [ 533.230947][T16747] no supported rates for sta 08:02:11:00:00:01 (0xf, band 0) in rate_mask 0xffffffff with flags 0x10 [ 533.235220][T16747] WARNING: CPU: 0 PID: 16747 at net/mac80211/rate.c:398 __rate_control_send_low+0x661/0x780 [ 533.238606][T16747] Modules linked in: [ 533.240817][T16747] CPU: 0 UID: 0 PID: 16747 Comm: syz.0.2613 Not tainted syzkaller #0 PREEMPT(full) [ 533.245584][T16747] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 533.250064][T16747] RIP: 0010:__rate_control_send_low+0x661/0x780 [ 533.252784][T16747] Code: a4 a0 d4 00 00 00 e8 4e eb b3 f6 44 8b 44 24 24 45 89 e9 89 d9 48 8b 74 24 08 44 89 e2 48 c7 c7 c0 0a 09 8d e8 b0 e2 72 f6 90 <0f> 0b 90 90 e9 26 fd ff ff 48 8b 3c 24 e8 2d 52 19 f7 e9 fb fc ff [ 533.260786][T16747] RSP: 0018:ffffc9000341ed40 EFLAGS: 00010282 [ 533.263361][T16747] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000c402000 [ 533.265885][T16747] RDX: 0000000000080000 RSI: ffffffff817a0305 RDI: 0000000000000001 [ 533.268715][T16747] RBP: ffff88805efbc668 R08: 0000000000000001 R09: 0000000000000000 [ 533.271288][T16747] R10: 0000000000000000 R11: 0000000000000000 R12: 000000000000000f [ 533.273740][T16747] R13: 0000000000000010 R14: 000000000000000c R15: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 533.276184][T16747] FS: 0000000000000000(0000) GS:ffff8880974ba000(0063) knlGS:00000000f541eb40 [ 533.279788][T16747] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 533.282555][T16747] CR2: 00000000f541d528 CR3: 0000000025693000 CR4: 0000000000352ef0 [ 533.285656][T16747] Call Trace: [ 533.286943][T16747] [ 533.288153][T16747] ? kasan_save_stack+0x42/0x60 [ 533.289768][T16747] rate_control_send_low+0x116/0x820 [ 533.291517][T16747] ? genl_family_rcv_msg_doit+0x209/0x2f0 [ 533.293332][T16747] ? genl_rcv_msg+0x55c/0x800 [ 533.294916][T16747] rate_control_get_rate+0x1be/0x5e0 [ 533.296612][T16747] ieee80211_tx_h_rate_ctrl+0xad3/0x1a90 [ 533.298880][T16747] ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10 [ 533.300908][T16747] ? lock_acquire+0x179/0x350 [ 533.302529][T16747] invoke_tx_handlers_late+0x119a/0x27a0 [ 533.304479][T16747] ? invoke_tx_handlers_early+0x663/0x2720 [ 533.306396][T16747] ieee80211_tx+0x304/0x420 [ 533.308053][T16747] ? __pfx_ieee80211_tx+0x10/0x10 [ 533.310156][T16747] ? ieee80211_skb_resize+0x22a/0x630 [ 533.312312][T16747] ? ieee80211_set_qos_hdr+0xba/0x3f0 [ 533.314509][T16747] ieee80211_xmit+0x30f/0x3e0 [ 533.316453][T16747] __ieee80211_tx_skb_tid_band+0x2c2/0x720 [ 533.318807][T16747] ieee80211_tx_skb_tid+0x176/0x4f0 [ 533.320980][T16747] ieee80211_mgmt_tx+0x14d2/0x2310 [ 533.323183][T16747] cfg80211_mlme_mgmt_tx+0x7e8/0x1690 [ 533.325309][T16747] nl80211_tx_mgmt+0x804/0xd60 [ 533.327204][T16747] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 533.329324][T16747] ? nl80211_pre_doit+0x1b0/0xb10 [ 533.331440][T16747] genl_family_rcv_msg_doit+0x209/0x2f0 [ 533.333597][T16747] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 533.336076][T16747] ? bpf_lsm_capable+0x9/0x10 [ 533.337895][T16747] ? security_capable+0x7e/0x260 [ 533.339924][T16747] ? ns_capable+0xd7/0x110 [ 533.341692][T16747] genl_rcv_msg+0x55c/0x800 [ 533.343506][T16747] ? __pfx_genl_rcv_msg+0x10/0x10 [ 533.345492][T16747] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 533.347653][T16747] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 533.349819][T16747] ? __pfx_nl80211_post_doit+0x10/0x10 [ 533.352058][T16747] netlink_rcv_skb+0x158/0x420 [ 533.353965][T16747] ? __pfx_genl_rcv_msg+0x10/0x10 [ 533.355975][T16747] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 533.358066][T16747] ? netlink_deliver_tap+0x1ae/0xd30 [ 533.360368][T16747] genl_rcv+0x28/0x40 [ 533.361681][T16747] netlink_unicast+0x5a7/0x870 [ 533.363684][T16747] ? __pfx_netlink_unicast+0x10/0x10 [ 533.365760][T16747] ? __pfx___might_resched+0x10/0x10 [ 533.367902][T16747] netlink_sendmsg+0x8d1/0xdd0 [ 533.369877][T16747] ? __pfx_netlink_sendmsg+0x10/0x10 [ 533.371965][T16747] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 533.374394][T16747] ____sys_sendmsg+0xa98/0xc70 [ 533.376282][T16747] ? __pfx_____sys_sendmsg+0x10/0x10 [ 533.378337][T16747] ? get_compat_msghdr+0x11a/0x170 [ 533.380429][T16747] ? __pfx_futex_wake_mark+0x10/0x10 [ 533.382509][T16747] ___sys_sendmsg+0x134/0x1d0 [ 533.384418][T16747] ? __pfx____sys_sendmsg+0x10/0x10 [ 533.386483][T16747] ? find_held_lock+0x2b/0x80 [ 533.388371][T16747] __sys_sendmsg+0x16d/0x220 [ 533.390259][T16747] ? __pfx___sys_sendmsg+0x10/0x10 [ 533.392246][T16747] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 533.394443][T16747] ? rcu_is_watching+0x12/0xc0 [ 533.396361][T16747] __do_fast_syscall_32+0x7c/0x300 [ 533.398377][T16747] do_fast_syscall_32+0x32/0x80 [ 533.400411][T16747] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 533.402841][T16747] RIP: 0023:0xf702e579 [ 533.404473][T16747] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 533.411996][T16747] RSP: 002b:00000000f541e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 533.415264][T16747] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000c00 [ 533.418401][T16747] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 533.421558][T16747] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 533.424656][T16747] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 533.427747][T16747] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 533.430920][T16747] [ 533.432152][T16747] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 533.435007][T16747] CPU: 0 UID: 0 PID: 16747 Comm: syz.0.2613 Not tainted syzkaller #0 PREEMPT(full) [ 533.438102][T16747] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 533.441540][T16747] Call Trace: [ 533.442599][T16747] [ 533.443560][T16747] dump_stack_lvl+0x3d/0x1f0 [ 533.445018][T16747] vpanic+0x6e8/0x7a0 [ 533.446280][T16747] ? __pfx_vpanic+0x10/0x10 [ 533.447732][T16747] ? __rate_control_send_low+0x661/0x780 [ 533.449516][T16747] panic+0xca/0xd0 [ 533.450705][T16747] ? __pfx_panic+0x10/0x10 [ 533.452128][T16747] check_panic_on_warn+0xab/0xb0 [ 533.453687][T16747] __warn+0xf6/0x3c0 [ 533.454951][T16747] ? __pfx_vprintk_emit+0x10/0x10 [ 533.456539][T16747] ? __rate_control_send_low+0x661/0x780 [ 533.458346][T16747] report_bug+0x3c3/0x580 [ 533.459763][T16747] ? __rate_control_send_low+0x661/0x780 [ 533.461531][T16747] handle_bug+0x184/0x210 [ 533.462902][T16747] exc_invalid_op+0x17/0x50 [ 533.464390][T16747] asm_exc_invalid_op+0x1a/0x20 [ 533.465908][T16747] RIP: 0010:__rate_control_send_low+0x661/0x780 [ 533.467934][T16747] Code: a4 a0 d4 00 00 00 e8 4e eb b3 f6 44 8b 44 24 24 45 89 e9 89 d9 48 8b 74 24 08 44 89 e2 48 c7 c7 c0 0a 09 8d e8 b0 e2 72 f6 90 <0f> 0b 90 90 e9 26 fd ff ff 48 8b 3c 24 e8 2d 52 19 f7 e9 fb fc ff [ 533.473992][T16747] RSP: 0018:ffffc9000341ed40 EFLAGS: 00010282 [ 533.475899][T16747] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000c402000 [ 533.478345][T16747] RDX: 0000000000080000 RSI: ffffffff817a0305 RDI: 0000000000000001 [ 533.480802][T16747] RBP: ffff88805efbc668 R08: 0000000000000001 R09: 0000000000000000 [ 533.483253][T16747] R10: 0000000000000000 R11: 0000000000000000 R12: 000000000000000f [ 533.485713][T16747] R13: 0000000000000010 R14: 000000000000000c R15: 0000000000000000 [ 533.488192][T16747] ? __warn_printk+0x1a5/0x350 [ 533.489738][T16747] ? kasan_save_stack+0x42/0x60 [ 533.491269][T16747] rate_control_send_low+0x116/0x820 [ 533.492925][T16747] ? genl_family_rcv_msg_doit+0x209/0x2f0 [ 533.494701][T16747] ? genl_rcv_msg+0x55c/0x800 [ 533.496188][T16747] rate_control_get_rate+0x1be/0x5e0 [ 533.497853][T16747] ieee80211_tx_h_rate_ctrl+0xad3/0x1a90 [ 533.499649][T16747] ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10 [ 533.501567][T16747] ? lock_acquire+0x179/0x350 [ 533.503080][T16747] invoke_tx_handlers_late+0x119a/0x27a0 [ 533.504842][T16747] ? invoke_tx_handlers_early+0x663/0x2720 [ 533.506678][T16747] ieee80211_tx+0x304/0x420 [ 533.508129][T16747] ? __pfx_ieee80211_tx+0x10/0x10 [ 533.509726][T16747] ? ieee80211_skb_resize+0x22a/0x630 [ 533.511421][T16747] ? ieee80211_set_qos_hdr+0xba/0x3f0 [ 533.513100][T16747] ieee80211_xmit+0x30f/0x3e0 [ 533.514603][T16747] __ieee80211_tx_skb_tid_band+0x2c2/0x720 [ 533.516455][T16747] ieee80211_tx_skb_tid+0x176/0x4f0 [ 533.518033][T16747] ieee80211_mgmt_tx+0x14d2/0x2310 [ 533.519597][T16747] cfg80211_mlme_mgmt_tx+0x7e8/0x1690 [ 533.521279][T16747] nl80211_tx_mgmt+0x804/0xd60 [ 533.522782][T16747] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 533.524445][T16747] ? nl80211_pre_doit+0x1b0/0xb10 [ 533.526030][T16747] genl_family_rcv_msg_doit+0x209/0x2f0 [ 533.527791][T16747] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 533.529700][T16747] ? bpf_lsm_capable+0x9/0x10 [ 533.531179][T16747] ? security_capable+0x7e/0x260 [ 533.532736][T16747] ? ns_capable+0xd7/0x110 [ 533.534146][T16747] genl_rcv_msg+0x55c/0x800 [ 533.535616][T16747] ? __pfx_genl_rcv_msg+0x10/0x10 [ 533.537202][T16747] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 533.538915][T16747] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 533.540582][T16747] ? __pfx_nl80211_post_doit+0x10/0x10 [ 533.542305][T16747] netlink_rcv_skb+0x158/0x420 [ 533.543886][T16747] ? __pfx_genl_rcv_msg+0x10/0x10 [ 533.545485][T16747] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 533.547161][T16747] ? netlink_deliver_tap+0x1ae/0xd30 [ 533.548823][T16747] genl_rcv+0x28/0x40 [ 533.550085][T16747] netlink_unicast+0x5a7/0x870 [ 533.551602][T16747] ? __pfx_netlink_unicast+0x10/0x10 [ 533.553253][T16747] ? __pfx___might_resched+0x10/0x10 [ 533.554941][T16747] netlink_sendmsg+0x8d1/0xdd0 [ 533.556468][T16747] ? __pfx_netlink_sendmsg+0x10/0x10 [ 533.558172][T16747] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 533.560157][T16747] ____sys_sendmsg+0xa98/0xc70 [ 533.561656][T16747] ? __pfx_____sys_sendmsg+0x10/0x10 [ 533.563359][T16747] ? get_compat_msghdr+0x11a/0x170 [ 533.564968][T16747] ? __pfx_futex_wake_mark+0x10/0x10 [ 533.566629][T16747] ___sys_sendmsg+0x134/0x1d0 [ 533.568126][T16747] ? __pfx____sys_sendmsg+0x10/0x10 [ 533.569767][T16747] ? find_held_lock+0x2b/0x80 [ 533.571203][T16747] __sys_sendmsg+0x16d/0x220 [ 533.572668][T16747] ? __pfx___sys_sendmsg+0x10/0x10 [ 533.574287][T16747] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 533.576081][T16747] ? rcu_is_watching+0x12/0xc0 [ 533.577630][T16747] __do_fast_syscall_32+0x7c/0x300 [ 533.579318][T16747] do_fast_syscall_32+0x32/0x80 [ 533.580869][T16747] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 533.582842][T16747] RIP: 0023:0xf702e579 [ 533.584135][T16747] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 533.590094][T16747] RSP: 002b:00000000f541e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 533.592681][T16747] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000c00 [ 533.595165][T16747] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 533.597724][T16747] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 533.600518][T16747] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 533.603078][T16747] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 533.605559][T16747] [ 533.607186][T16747] Kernel Offset: disabled [ 533.608554][T16747] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:39:17 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8561dc95 RDI=ffffffff9b102740 RBP=ffffffff9b102700 RSP=ffffc9000341e6b0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b102700 R15=ffffffff8561dc30 RIP=ffffffff8561dcbf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880974ba000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f541d528 CR3=0000000025693000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000004 RBX=0000000000000080 RCX=ffffffff8a01b0e4 RDX=0000000000000000 RSI=ffffffff8a01bcdf RDI=ffff8880244fce34 RBP=ffff8880244fce20 RSP=ffffc9000324fbd0 R8 =0000000000000001 R9 =0000000000000080 R10=0000000000000080 R11=0000000000000000 R12=ffff88804ce516ac R13=ffff88804ce50cc0 R14=0000000000000002 R15=ffffffff9b2af5c0 RIP=ffffffff8a01bcfe RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f7237745300 ffffffff 00c00000 GS =0000 ffff8880975ba000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000056544622b000 CR3=000000004c3e0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 0000003000000012 0004000000080024 0000000000280034 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000a3c 0000001400000000 0000000000000000 0000000000000015 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8008000008000fff ffffff0201080008 0158ea3a000006a0 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030780021881c390 f408000100000208 06060117bc000800 0790030408000788 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0340808080080007 8003000800020800 0380020602759800 23647261632f6972 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 642f7665642f01ff ffffffffffffffe1 0803800300080000 0800038002060075 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 980023647261632f 6972642f7665642f 01ffffffffffffff ffe1080380030e80 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff02020800 018080080001fd80 80020c0140bc3208 0006808086080000 ZMM25=7421596774215967 7421596774215967 7421596774215967 7421596774215967 7421596774215967 7421596774215967 7421596774215967 7421596774215967 ZMM26=9b13a3ce9b13a3ce 9b13a3ce9b13a3ce 9b13a3ce9b13a3ce 9b13a3ce9b13a3ce 9b13a3ce9b13a3ce 9b13a3ce9b13a3ce 9b13a3ce9b13a3ce 9b13a3ce9b13a3ce ZMM27=341751ca341751ca 341751ca341751ca 341751ca341751ca 341751ca341751ca 341751ca341751ca 341751ca341751ca 341751ca341751ca 341751ca341751ca ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=5211000052110000 5211000052110000 5211000052110000 5211000052110000 5211000052110000 5211000052110000 5211000052110000 5211000052110000 info registers vcpu 2 CPU#2 RAX=ffffc900073a0000 RBX=0000000000000000 RCX=ffff888043d71070 RDX=000000000000009d RSI=ffffffff86b176f8 RDI=ffff888043d712d0 RBP=0000000000000001 RSP=ffffc90000538b60 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000001 R13=0000000000004e20 R14=ffff888043d71070 R15=0000000000000001 RIP=ffffffff86b17735 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976ba000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f4480fbc CR3=00000000233d3000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=dffffc0000000000 RBX=ffff88802616c880 RCX=ffffffff815cc7f9 RDX=1ffff11004c2d910 RSI=0000000000000008 RDI=ffff88802616c880 RBP=ffff888022ee0000 RSP=ffffc900031df800 R8 =0000000000000000 R9 =ffffed1004c2d910 R10=ffff88802616c887 R11=0000000000000001 R12=0000000000000000 R13=ffff88802616cdd8 R14=0000000000000003 R15=ffff88802616e0f8 RIP=ffffffff815cc80e RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977ba000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080006000 CR3=00000000233d3000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 da27203e968189b3 9136bf9c12fd1613 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 be054ae9350e267c 148601769f1f6ac8 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 455b1b8fa6f0dafd 234f3ba4107fe96d ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f94a21863d77b657 b55e923b0ad20a13 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000036c0 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000143009d7e64 00000144009e7324 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000014300800100 0080010000a62fba ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000014400800100 008b4860fe5ff5e2 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0080010000000144 00000144fda86f5c ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6336c77e685fdd92 a9dcd6f88045ac0c ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 565ee2c556e0561a 8e9b7ba1bbc1e7a0 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000