last executing test programs: 4.586745619s ago: executing program 1 (id=1053): socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x40, 0x800000000004, @thr={&(0x7f0000000040)="3307c7ecd75623c9ab635b3740a0b3f215b71cf404f8ca6b5cb1eec15e6b0cb2c4f3f4065bcf783dc1b806d68e273bb1807f3575dba9f4326684878adbcf386be7ecb40871b223ea7c27d188fc6a5410bbf0ed187a15aafc2b3415d856be9a89f3a72dc31c40710043cba3c05f39dcdb410716a50bcb864cab23d3d441c91306d1a652f15655b613c52b84b7db09b94197c3fb1048d93521ed64b846ad490a1c953639c295f0d1c260e010d01d1d475a902caf2bbe0a499385fe3002bbfea89fdbacffe72dd891eca32efb9642ce70e30c4404a644f1090cedcfbefc9d1411", &(0x7f0000000140)="422d92d237cc23e4c84c3764fa98a501c5a5d5ca77c61b050fcdceb2adb07812ea9ad07649cbb6fa4f62b7e9415f878f8c5df44b6c54aad2a93c4c8b2b12e049b07412bc05731ece4a46cc991b3af2b4d7f7dc6a7cc9eb3e5256a3956a170905bee351ef63858ebd0d2e6f530b0b883380bc18b0d35911d1552115ac288a935fa88590d1e884c8bdf2895169de993ec787427f5a25799d6e5cb8be3acf8a234deb30027a120f6be707b3f1c6ef9ef5412250ca8cde293eaeb928f3c511ebfbcb2e1d71f64e71e705ec9a096d66eaa7ed6eff7d0428c5aa0c042e6bd546c129b83d9e32b0331b0ee2905d6ede77826b1537bbf76b5d66a34702"}}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000540)) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2749baca85309be96d5a45bbb29ea06f9cbc7eea15bc1ee369d2707231280f0415df341ab76de90db5ff7ffffffd075b373f51be98db7efbbe8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c1f870adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eacb4389adbb47efb7b3f19046c7f1bd1bf56e58555d96137f95b3aacd74ed1c8a8676468cf2405e48723c6b1ff3698422f88ffed8617dd64330f4c38ba86e3b50da03f4b1e4808aa5c9e9546d7190747c6abc5beab28cec4ff7faa3fab48cdb3d64cfd5d698416752a16f32a54ccef577832e4cf684fce2cb0bab7f6a5821b26483322000000000000596c6e1ac996b8a0924948750b6e52c09d53950e5c8143db8669f8a5bf6511df822532e3c78d019149651255048aab0399e5d6e317b6f3fbc2600ffc3c66c7244b7bcf6b78b5e8c0ee04ce344ceb084b4f2ef09b59a36a92b3874edc559e5bf58a567d385ba92df9121dfa257e60655dcbff581c75107b01b5baaf29ebaf24861c538fefcaecb52a6b69fc450e10645df60a9d50131466113c6aac5abbcf9e9f2f0384da3f9892af413bd87f51f7f0cf61096fd79327fa66effe89a72d7a75d40f0c1ad299f55eafcd52a39649ab6021e30f901933f11092"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x18) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32=r4, @ANYBLOB="08001b"], 0x34}}, 0x4004010) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) ioctl$KVM_GET_MSRS(0xffffffffffffffff, 0xc048aeca, &(0x7f0000000200)) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000080)={'nicvf0\x00', 0x400}) ioctl$TUNSETTXFILTER(r5, 0x401054d5, &(0x7f0000000380)=ANY=[@ANYBLOB="4504"]) r6 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) 4.345721858s ago: executing program 0 (id=1054): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000020000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b70300000000002085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000020000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b70300000000002085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) getpid() (async) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (async) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000400)=ANY=[@ANYRES16=r0, @ANYRES8=r1, @ANYRESHEX=r1], 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000400)=ANY=[@ANYRES16=r0, @ANYRES8=r1, @ANYRESHEX=r1], 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x237, &(0x7f0000000380)={0x0, 0xcfd5, 0x10100, 0x0, 0x0, 0x0, r5}, &(0x7f0000000300), &(0x7f0000000280)) (async) r6 = syz_io_uring_setup(0x237, &(0x7f0000000380)={0x0, 0xcfd5, 0x10100, 0x0, 0x0, 0x0, r5}, &(0x7f0000000300)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r6, 0x2ded, 0x4000, 0x0, 0x0, 0x0) (async) io_uring_enter(r6, 0x2ded, 0x4000, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) (async) mkdirat(0xffffffffffffff9c, 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r9, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b"], 0x15) socket$inet6(0xa, 0x8000000000080001, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') dup(r9) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x4) 3.902925093s ago: executing program 0 (id=1056): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r1, 0x0, 0x0) sendmmsg(r1, &(0x7f00000007c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x10, 0x110, 0x1, '$'}], 0x10, 0xe000}, 0x5}], 0x1, 0xfffe) close_range(r0, 0xffffffffffffffff, 0x0) 3.74935201s ago: executing program 0 (id=1057): userfaultfd(0x1) socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x3e1902, 0x0) ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f0000000140)) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000100)=0x2000004) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, &(0x7f0000000040), 0xc) r3 = socket$qrtr(0x2a, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0, 0x53}}], 0x1, 0x41, 0x0) connect$qrtr(r3, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc) ioctl$sock_qrtr_TIOCINQ(r2, 0x541b, &(0x7f0000000840)) writev(r3, &(0x7f0000000340)=[{&(0x7f0000000080)='~', 0x1}], 0x1) pwritev(r1, &(0x7f00000001c0)=[{&(0x7f00000004c0)="00214717a70700000000030600710a5e31163ceb9d04712000000005000000182ce0ab6d000041a15be2d9d13cd1cb0c238e61cfd6a5d7cd0eaa50e027db032ddbfe85e53b87eb950a450000000000000000", 0x52}], 0x1, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, 0x0, 0x8001000d, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="043e1f0a00c9000001aaaaaa"], 0x22) 3.097358658s ago: executing program 1 (id=1058): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) syz_open_dev$sg(0x0, 0x0, 0x401) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)) r2 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000340)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$TCFLSH(r6, 0x400455c8, 0x0) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000080)=0x4) ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0)) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000440)=0x1) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000140)) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000680)) 2.833552575s ago: executing program 3 (id=1061): socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x40, 0x800000000004, @thr={&(0x7f0000000040)="3307c7ecd75623c9ab635b3740a0b3f215b71cf404f8ca6b5cb1eec15e6b0cb2c4f3f4065bcf783dc1b806d68e273bb1807f3575dba9f4326684878adbcf386be7ecb40871b223ea7c27d188fc6a5410bbf0ed187a15aafc2b3415d856be9a89f3a72dc31c40710043cba3c05f39dcdb410716a50bcb864cab23d3d441c91306d1a652f15655b613c52b84b7db09b94197c3fb1048d93521ed64b846ad490a1c953639c295f0d1c260e010d01d1d475a902caf2bbe0a499385fe3002bbfea89fdbacffe72dd891eca32efb9642ce70e30c4404a644f1090cedcfbefc9d1411", &(0x7f0000000140)="422d92d237cc23e4c84c3764fa98a501c5a5d5ca77c61b050fcdceb2adb07812ea9ad07649cbb6fa4f62b7e9415f878f8c5df44b6c54aad2a93c4c8b2b12e049b07412bc05731ece4a46cc991b3af2b4d7f7dc6a7cc9eb3e5256a3956a170905bee351ef63858ebd0d2e6f530b0b883380bc18b0d35911d1552115ac288a935fa88590d1e884c8bdf2895169de993ec787427f5a25799d6e5cb8be3acf8a234deb30027a120f6be707b3f1c6ef9ef5412250ca8cde293eaeb928f3c511ebfbcb2e1d71f64e71e705ec9a096d66eaa7ed6eff7d0428c5aa0c042e6bd546c129b83d9e32b0331b0ee2905d6ede77826b1537bbf76b5d66a34702"}}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000540)) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2749baca85309be96d5a45bbb29ea06f9cbc7eea15bc1ee369d2707231280f0415df341ab76de90db5ff7ffffffd075b373f51be98db7efbbe8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c1f870adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eacb4389adbb47efb7b3f19046c7f1bd1bf56e58555d96137f95b3aacd74ed1c8a8676468cf2405e48723c6b1ff3698422f88ffed8617dd64330f4c38ba86e3b50da03f4b1e4808aa5c9e9546d7190747c6abc5beab28cec4ff7faa3fab48cdb3d64cfd5d698416752a16f32a54ccef577832e4cf684fce2cb0bab7f6a5821b26483322000000000000596c6e1ac996b8a0924948750b6e52c09d53950e5c8143db8669f8a5bf6511df822532e3c78d019149651255048aab0399e5d6e317b6f3fbc2600ffc3c66c7244b7bcf6b78b5e8c0ee04ce344ceb084b4f2ef09b59a36a92b3874edc559e5bf58a567d385ba92df9121dfa257e60655dcbff581c75107b01b5baaf29ebaf24861c538fefcaecb52a6b69fc450e10645df60a9d50131466113c6aac5abbcf9e9f2f0384da3f9892af413bd87f51f7f0cf61096fd79327fa66effe89a72d7a75d40f0c1ad299f55eafcd52a39649ab6021e30f901933f11092"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x18) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32=r4, @ANYBLOB="08001b"], 0x34}}, 0x4004010) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) ioctl$KVM_GET_MSRS(0xffffffffffffffff, 0xc048aeca, &(0x7f0000000200)) socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nicvf0\x00', 0x400}) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000380)=ANY=[@ANYBLOB="4504"]) r5 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) 2.222942482s ago: executing program 0 (id=1062): syz_open_dev$sg(&(0x7f0000000300), 0x0, 0x0) r0 = getpgid(0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001280), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="210500000000000000004a00000008000300", @ANYRES32=r3], 0x28}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) creat(&(0x7f0000000280)='./file1\x00', 0x8) r6 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c) recvmmsg$unix(r6, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg(r6, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) close(0xffffffffffffffff) ftruncate(0xffffffffffffffff, 0xffff) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) r7 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r5, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, 0xffffffffffffffff, 0x0) r8 = socket$tipc(0x1e, 0x2, 0x0) connect$tipc(r8, &(0x7f0000003100)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x7}}, 0x10) sendmmsg$inet(r8, &(0x7f0000002f40), 0x0, 0x40) r9 = openat$cachefiles(0xffffff9c, &(0x7f0000000040), 0x4100, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r9, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0x2c, 0x4, 0x8, 0x101, 0x0, 0x0, {0x2, 0x0, 0x5}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x9001}, 0x80) 1.801678562s ago: executing program 3 (id=1063): socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x40, 0x800000000004, @thr={&(0x7f0000000040)="3307c7ecd75623c9ab635b3740a0b3f215b71cf404f8ca6b5cb1eec15e6b0cb2c4f3f4065bcf783dc1b806d68e273bb1807f3575dba9f4326684878adbcf386be7ecb40871b223ea7c27d188fc6a5410bbf0ed187a15aafc2b3415d856be9a89f3a72dc31c40710043cba3c05f39dcdb410716a50bcb864cab23d3d441c91306d1a652f15655b613c52b84b7db09b94197c3fb1048d93521ed64b846ad490a1c953639c295f0d1c260e010d01d1d475a902caf2bbe0a499385fe3002bbfea89fdbacffe72dd891eca32efb9642ce70e30c4404a644f1090cedcfbefc9d1411", &(0x7f0000000140)="422d92d237cc23e4c84c3764fa98a501c5a5d5ca77c61b050fcdceb2adb07812ea9ad07649cbb6fa4f62b7e9415f878f8c5df44b6c54aad2a93c4c8b2b12e049b07412bc05731ece4a46cc991b3af2b4d7f7dc6a7cc9eb3e5256a3956a170905bee351ef63858ebd0d2e6f530b0b883380bc18b0d35911d1552115ac288a935fa88590d1e884c8bdf2895169de993ec787427f5a25799d6e5cb8be3acf8a234deb30027a120f6be707b3f1c6ef9ef5412250ca8cde293eaeb928f3c511ebfbcb2e1d71f64e71e705ec9a096d66eaa7ed6eff7d0428c5aa0c042e6bd546c129b83d9e32b0331b0ee2905d6ede77826b1537bbf76b5d66a34702"}}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000540)) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2749baca85309be96d5a45bbb29ea06f9cbc7eea15bc1ee369d2707231280f0415df341ab76de90db5ff7ffffffd075b373f51be98db7efbbe8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c1f870adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eacb4389adbb47efb7b3f19046c7f1bd1bf56e58555d96137f95b3aacd74ed1c8a8676468cf2405e48723c6b1ff3698422f88ffed8617dd64330f4c38ba86e3b50da03f4b1e4808aa5c9e9546d7190747c6abc5beab28cec4ff7faa3fab48cdb3d64cfd5d698416752a16f32a54ccef577832e4cf684fce2cb0bab7f6a5821b26483322000000000000596c6e1ac996b8a0924948750b6e52c09d53950e5c8143db8669f8a5bf6511df822532e3c78d019149651255048aab0399e5d6e317b6f3fbc2600ffc3c66c7244b7bcf6b78b5e8c0ee04ce344ceb084b4f2ef09b59a36a92b3874edc559e5bf58a567d385ba92df9121dfa257e60655dcbff581c75107b01b5baaf29ebaf24861c538fefcaecb52a6b69fc450e10645df60a9d50131466113c6aac5abbcf9e9f2f0384da3f9892af413bd87f51f7f0cf61096fd79327fa66effe89a72d7a75d40f0c1ad299f55eafcd52a39649ab6021e30f901933f11092"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x18) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32=r4, @ANYBLOB="08001b"], 0x34}}, 0x4004010) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) ioctl$KVM_GET_MSRS(0xffffffffffffffff, 0xc048aeca, &(0x7f0000000200)) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) ioctl$TUNSETTXFILTER(r5, 0x401054d5, &(0x7f0000000380)=ANY=[@ANYBLOB="4504"]) r6 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) 1.635721052s ago: executing program 2 (id=1066): r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r1, 0xffffffffffffffff}, 0x4) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x1c, &(0x7f0000000540)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) write$char_usb(r0, &(0x7f00000008c0)='-', 0x1) 1.540058974s ago: executing program 2 (id=1067): r0 = openat$cachefiles(0xffffff9c, &(0x7f0000000000), 0x80, 0x0) write$cgroup_pressure(r0, &(0x7f0000000040)={'some', 0x20, 0x25e3, 0x20, 0x5436}, 0x2f) r1 = syz_open_pts(r0, 0x20080) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000500)={0x0, 0x0, 0x2, [0x8, 0xf4f]}, &(0x7f0000000540)=0xc) (async) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000500)={0x0, 0x0, 0x2, [0x8, 0xf4f]}, &(0x7f0000000540)=0xc) sendmmsg$inet_sctp(r0, &(0x7f00000005c0)=[{&(0x7f0000000080)=@in6={0xa, 0x4e24, 0x9, @mcast2, 0x4}, 0x1c, &(0x7f0000000480)=[{&(0x7f00000000c0)="8d434184b94929625109961af0070be450a3f167b0f294410e38132621f7759c84aaec194be1ee50c9dccdf4a4fdf44ce041b47beda66ada108c627099725f2f2c8850b6f821fc155d46b6206e69e74fb2b52d38f3a6340e1f0707547e1463f78e5326466ffefe9050f791ff37a1ecc5988b70b62ee83aef0cd1d41edc98e99bd268897b6260e47bea0990e10c71b469cddb888da04fc725ede63ba8df96a7d87f374354", 0xa4}, {&(0x7f0000000180)="e147c7", 0x3}, {&(0x7f00000001c0)="c8712264daf6c8ed228992c2706d621eec3d3d431191f13959174029fbc64d21e770d4c8e76f8f2305aaa7122ebeba4b827de6057fa40d3ef0a996e84ccd79f0d2f29091054e1169cd5258ecee0417215e07ba3f13508f8685341f", 0x5b}, {&(0x7f0000000240)="a1d404e492fb53ce26fb9e76124a58506dc43728f7a17658d9e742a1db23f1ab27c531a70fc3c05e", 0x28}, {&(0x7f0000000280)="190e6d71daf640dcf612ae0d63c2cec5b5", 0x11}, {&(0x7f00000002c0)="7a869829e1e1d296d4d74d81c245866c17fca6d147773aca9495962ebaa6230c203f6dfef342c7d150abb2af79c2b1b303d8210f8327659b6e9af3e5989aef5d3dd277dda880591cd384335491432e615348d40f4e97dba7379e3cbfb9c819ba0f7b740f", 0x64}, {&(0x7f0000000340)="3c1fefad700f365d53e17cd1a6abf6ae499b56493aa006e9b19350366301839474a58802a0b9ab5a928b037997", 0x2d}, {&(0x7f0000000380)="2b339efddf289b9520e6e3436a04278718d1eebfd583faec8133123d794adbbeb13976", 0x23}, {&(0x7f00000003c0)="aa89fba1a49ed068a522f52f0f4d2c9ef1dc6bce9cf34553dc8c29a45534ea2a47589267bcc8583f4061f7b3c28999ea6489e220b382d0ad2f972c05e2d1f85d414d688b645a03a922308459afee670bddb967a6ca5d14cd6f25141b8d2176e3144e1d870704b1b6981a2c3144872b70c8de37324236e39a77edb4ea9c8ca1ff439e7ea8a7d6155c636919175c405dbfa92651ced645d70dd408a9d3cca63069ee89e581c2b1bc5e004c09e02b4471ced8cf21", 0xb3}], 0x9, &(0x7f0000000580)=[@sndinfo={0x1c, 0x84, 0x2, {0x5, 0x40e, 0x92, 0x607, r2}}], 0x1c, 0x40000}], 0x1, 0x11) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000640), r0) getsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000680)={@initdev, 0x0}, &(0x7f00000006c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000700)={'batadv_slave_0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f00000007c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x3c, r3, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x4}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x240041d0) ioctl$VT_ACTIVATE(r0, 0x5606, 0x0) (async) ioctl$VT_ACTIVATE(r0, 0x5606, 0x0) openat$cgroup_ro(r0, &(0x7f0000000800)='memory.swap.current\x00', 0x0, 0x0) (async) r6 = openat$cgroup_ro(r0, &(0x7f0000000800)='memory.swap.current\x00', 0x0, 0x0) sendmsg$inet(r6, &(0x7f0000000b80)={&(0x7f0000000840)={0x2, 0x4e22, @private=0xa010100}, 0x10, &(0x7f0000000b00)=[{&(0x7f0000000880)="3dd573d070bf7eba1ab2a4f8131ea381db3586a54af8500cc26139f5ed27ae479423915fa21f5c3ce8092210c75979a63287c7173d46f79ab6a78379265d5cfa901c426dc55d91f4c4c736", 0x4b}, {&(0x7f0000000900)="e468998bcf501ff06e5ca2e064ceda44d1f61e7d2a07e0dd6590600cd3146482187ffcc1231e33f266496f0056dfe1c0d35b53a47e6c0a4fc2358fb2728e8f76da3ee1c8210d8a8a3d2f4c750ae8fdd640ddd0ec2d", 0x55}, {&(0x7f0000000980)="ca7ccb4d2dd39800b46c367bce96ddf3866ba297317cc40de3a8e5da4a914dc6fc2525a2cac7f6291831975f25fb088344248cd63eab0c31bcd89d8984054eebf64cf94f6e81446bd9ecd61e5a66a902c48d4754c669b43087cbe40406c312e598f18f6661805b40df1fdb15dcfb08c5420da8c6b304250271bc9f99a1cb2769f7194b468ae6cdabf81e30b42165", 0x8e}, {&(0x7f0000000a40)="6425cf25c6c5b2ce111a6088d8a6e9ff", 0x10}, {&(0x7f0000000a80)="ac99fcf72622747b5fc6cb90cad388877e01ee215f734448287e05d56a95f491e5daead1a29086fa8bd6be93c3cef9c5799b02073b080260db3ee22fab2ea34d929355f80d869a99e2c22c1054b5e8c2e2453fe5d2ecc35629604270c7acdf70c653184f56ed9f32aa1525d9a2aab1eed4431e7b08303b782297", 0x7a}], 0x5, &(0x7f0000000b40)=[@ip_tos_int={{0x10, 0x0, 0x1, 0x9}}], 0x10}, 0x20008095) (async) sendmsg$inet(r6, &(0x7f0000000b80)={&(0x7f0000000840)={0x2, 0x4e22, @private=0xa010100}, 0x10, &(0x7f0000000b00)=[{&(0x7f0000000880)="3dd573d070bf7eba1ab2a4f8131ea381db3586a54af8500cc26139f5ed27ae479423915fa21f5c3ce8092210c75979a63287c7173d46f79ab6a78379265d5cfa901c426dc55d91f4c4c736", 0x4b}, {&(0x7f0000000900)="e468998bcf501ff06e5ca2e064ceda44d1f61e7d2a07e0dd6590600cd3146482187ffcc1231e33f266496f0056dfe1c0d35b53a47e6c0a4fc2358fb2728e8f76da3ee1c8210d8a8a3d2f4c750ae8fdd640ddd0ec2d", 0x55}, {&(0x7f0000000980)="ca7ccb4d2dd39800b46c367bce96ddf3866ba297317cc40de3a8e5da4a914dc6fc2525a2cac7f6291831975f25fb088344248cd63eab0c31bcd89d8984054eebf64cf94f6e81446bd9ecd61e5a66a902c48d4754c669b43087cbe40406c312e598f18f6661805b40df1fdb15dcfb08c5420da8c6b304250271bc9f99a1cb2769f7194b468ae6cdabf81e30b42165", 0x8e}, {&(0x7f0000000a40)="6425cf25c6c5b2ce111a6088d8a6e9ff", 0x10}, {&(0x7f0000000a80)="ac99fcf72622747b5fc6cb90cad388877e01ee215f734448287e05d56a95f491e5daead1a29086fa8bd6be93c3cef9c5799b02073b080260db3ee22fab2ea34d929355f80d869a99e2c22c1054b5e8c2e2453fe5d2ecc35629604270c7acdf70c653184f56ed9f32aa1525d9a2aab1eed4431e7b08303b782297", 0x7a}], 0x5, &(0x7f0000000b40)=[@ip_tos_int={{0x10, 0x0, 0x1, 0x9}}], 0x10}, 0x20008095) pipe2(&(0x7f0000000bc0), 0x4000) (async) pipe2(&(0x7f0000000bc0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) r8 = openat$sr(0xffffff9c, &(0x7f0000000c00), 0x400140, 0x0) sendmsg$kcm(r8, &(0x7f0000001400)={&(0x7f0000000c40)=@can={0x1d, r4}, 0x80, &(0x7f0000001180)=[{&(0x7f0000000cc0)="a15bab5f2fab5591c4784c1034661956c9e5e5407f73aa1721eac82263a4f0e23b3f6cc2557a560d6133c19ffa70cccee516b9dd2665916c33f45d3106cb6a8d4364f7e74bd0864a4be485", 0x4b}, {&(0x7f0000000d40)="1f92a33ba8cbed737656e12df62e86d301981837b3185a2df51ad0acd81cd641f47bad6e8fc9781885d9ca62d527c7b9f0b2f29ea3dd06a81fbe04197d1eeeff9b244e6b7793a64951b1cc6a8d433fa198e945756aca3a8af28b6a03b7850239c637fa05f15e96568abf1b9d9eee180220bdbfebd3657e8df062f65cc71fde37d45cbf6ad9c783dd0d70844936dd1b8482a0", 0x92}, {&(0x7f0000000e00)="8a590a1e419792299bc3c60743527abcba93b52e58f2257d0c2d8ec4a8fef78aa96f86668b19aab11656757d7e7d38bad05a382e99b6514f8abb4197d52f676f6945ce5ea1631b3a36a4a80fcacf125ec728ff7c1b9aa9888708afa15399c91bbfa1384b295ec35bbfb2620b49ac1e79d3e35495c857f4ab3931a494914e42d44a9615dc6d702c738114547ef9b749ecd5", 0x91}, {&(0x7f0000000ec0)="067ff57cfee39cf3c38dc8ce17a21f0185a453dc81c0c3b116d4671902a3d239ea918da0fb1fdd21fa9792b49f11ab1ebb46c1fb721e29723b7acc6ff5a0f81db65a64c931200540013ffc65cc9d798636edbfea30816efb2d435985b627ab9e4518de1eaa651d1da74883c00328c64dd51d64b9fc3133d3d88e02a83b9f7fe4c0eb4980fedfe2410f738ef2df52ec875cf58a5f9e6c16f15cd7e50a0d4b0f4733a0c6f95a74d8f6068f23ae0d548d8d2b5a8984d5361cc63d7b8bd121f9bbe9267dd10b683d328d530abb0f3601fa8600007659523ecd05b303f8a7545f302ccf39a951d91218aeaca4577d", 0xec}, {&(0x7f0000000fc0)="e55941a304df9f4afb5e76348253bd412cfe58384fd7250537ba39230b4150d4b44e3a4194776faf6ad9da46a6f57d338c35790285e34c2b", 0x38}, {&(0x7f0000001000)="cc4f65d2291c84ce17ba208d3f6fc436405da213880200e83def82451fc28a722ee4ca229613ed6332809f731580ee70cfc6dee423525098c2e6b2ea7120edcce6368b5f476aa35f95fc0da900426c13c016664d7977193faaa8f99ec91d194ef8cde3c5920a4fc3a3ce8337a51a3b1464ec8935dcaca2fa947977", 0x7b}, {&(0x7f0000001080)="b048ab4b899b3b723d8f68e6d7924934b67069eb31ea62fe117591669f5ab8bc28b40c162b2c17fc81b9a76cce2e4475e0cdc676a3eb2f5278257e8386e0027503ab8da216dac6bb4579ebc0a84e8f962ce55f28d7e1add29cab902dc02036202ac5e69ec8211ce28f19926ef37f34cf06cc98eb3340cdef4ef7c2c89d26100303a3f606482dc85ceaf9d5c137465774fd12f4a032b967f274787950ebc421d0be070a8af4b7eff5722c5bbf03d6c41979d35e0462700f9c93e3df30633b67d80eb63ee668fee6a8f7a47543a7759b88f455e6", 0xd3}], 0x7, &(0x7f00000011c0)=[{0x108, 0x11, 0x3, "dafec75f28126c34bdda3b1dc622100497e5beee6ddbe34964b38dd4ee8877a759377a318a02bc129a61e5c4fae59dba170acd61723439818a1bad124bf5aff17d39306d13f737371b752f8e97d32d914b2b5d48b5aa10d7e8ca3aa54bb16f54e96ec0a5c890738c4803841def9dd25f4de9b59bed2622f95c0b734535804596264f936c7d656fd92c252f6663dde7749bb6970797840b43606124faab260d88d9c1dcceec2dc7cdf0c45014076b2bc307fc4a4a6678599796934aaed44ff5041855909e1f6b9fc133177d59f036c08047f28a5e4835e3ed4eaa7c33e4080d7f539ddfa05436255ed6d477569f13a640b2555d34639b8a1c22f929"}, {0xc8, 0x1, 0x3, "037a1c0013eb201e5b5990311a5c6972b0146c1dfbcabe63e5e49b77c5ca881004eed1ac97332c470409651729fe5916ae540cab5d4797af6c068a86fd4059c1ba9edde01f18babb4c371c043d5097ba8d6f5176c61d282c61f047df43f8400e48b55f9b8c99bedcf1cbaa684e5b49dba53d1587dc7cfcbf7c7182a7f8343e3629995f88c4f14bd77eb5fb068f3ac557df63804fbe8bcfc01c9a0f28a8ccc233ae818cfc07cdf328ef9bed55a03880ba1c8040f26e48d7f40ae02f"}, {0x30, 0x14, 0x3, "e9777e6880cc3d3c6dc4453e792657ea452d90528064187306e0186fb219d7144c"}, {0x24, 0x105, 0xffff, "f7bb609fe746c4a2f860d60523f5ee957a63d7e540"}], 0x224}, 0x40) (async) sendmsg$kcm(r8, &(0x7f0000001400)={&(0x7f0000000c40)=@can={0x1d, r4}, 0x80, &(0x7f0000001180)=[{&(0x7f0000000cc0)="a15bab5f2fab5591c4784c1034661956c9e5e5407f73aa1721eac82263a4f0e23b3f6cc2557a560d6133c19ffa70cccee516b9dd2665916c33f45d3106cb6a8d4364f7e74bd0864a4be485", 0x4b}, {&(0x7f0000000d40)="1f92a33ba8cbed737656e12df62e86d301981837b3185a2df51ad0acd81cd641f47bad6e8fc9781885d9ca62d527c7b9f0b2f29ea3dd06a81fbe04197d1eeeff9b244e6b7793a64951b1cc6a8d433fa198e945756aca3a8af28b6a03b7850239c637fa05f15e96568abf1b9d9eee180220bdbfebd3657e8df062f65cc71fde37d45cbf6ad9c783dd0d70844936dd1b8482a0", 0x92}, {&(0x7f0000000e00)="8a590a1e419792299bc3c60743527abcba93b52e58f2257d0c2d8ec4a8fef78aa96f86668b19aab11656757d7e7d38bad05a382e99b6514f8abb4197d52f676f6945ce5ea1631b3a36a4a80fcacf125ec728ff7c1b9aa9888708afa15399c91bbfa1384b295ec35bbfb2620b49ac1e79d3e35495c857f4ab3931a494914e42d44a9615dc6d702c738114547ef9b749ecd5", 0x91}, {&(0x7f0000000ec0)="067ff57cfee39cf3c38dc8ce17a21f0185a453dc81c0c3b116d4671902a3d239ea918da0fb1fdd21fa9792b49f11ab1ebb46c1fb721e29723b7acc6ff5a0f81db65a64c931200540013ffc65cc9d798636edbfea30816efb2d435985b627ab9e4518de1eaa651d1da74883c00328c64dd51d64b9fc3133d3d88e02a83b9f7fe4c0eb4980fedfe2410f738ef2df52ec875cf58a5f9e6c16f15cd7e50a0d4b0f4733a0c6f95a74d8f6068f23ae0d548d8d2b5a8984d5361cc63d7b8bd121f9bbe9267dd10b683d328d530abb0f3601fa8600007659523ecd05b303f8a7545f302ccf39a951d91218aeaca4577d", 0xec}, {&(0x7f0000000fc0)="e55941a304df9f4afb5e76348253bd412cfe58384fd7250537ba39230b4150d4b44e3a4194776faf6ad9da46a6f57d338c35790285e34c2b", 0x38}, {&(0x7f0000001000)="cc4f65d2291c84ce17ba208d3f6fc436405da213880200e83def82451fc28a722ee4ca229613ed6332809f731580ee70cfc6dee423525098c2e6b2ea7120edcce6368b5f476aa35f95fc0da900426c13c016664d7977193faaa8f99ec91d194ef8cde3c5920a4fc3a3ce8337a51a3b1464ec8935dcaca2fa947977", 0x7b}, {&(0x7f0000001080)="b048ab4b899b3b723d8f68e6d7924934b67069eb31ea62fe117591669f5ab8bc28b40c162b2c17fc81b9a76cce2e4475e0cdc676a3eb2f5278257e8386e0027503ab8da216dac6bb4579ebc0a84e8f962ce55f28d7e1add29cab902dc02036202ac5e69ec8211ce28f19926ef37f34cf06cc98eb3340cdef4ef7c2c89d26100303a3f606482dc85ceaf9d5c137465774fd12f4a032b967f274787950ebc421d0be070a8af4b7eff5722c5bbf03d6c41979d35e0462700f9c93e3df30633b67d80eb63ee668fee6a8f7a47543a7759b88f455e6", 0xd3}], 0x7, &(0x7f00000011c0)=[{0x108, 0x11, 0x3, "dafec75f28126c34bdda3b1dc622100497e5beee6ddbe34964b38dd4ee8877a759377a318a02bc129a61e5c4fae59dba170acd61723439818a1bad124bf5aff17d39306d13f737371b752f8e97d32d914b2b5d48b5aa10d7e8ca3aa54bb16f54e96ec0a5c890738c4803841def9dd25f4de9b59bed2622f95c0b734535804596264f936c7d656fd92c252f6663dde7749bb6970797840b43606124faab260d88d9c1dcceec2dc7cdf0c45014076b2bc307fc4a4a6678599796934aaed44ff5041855909e1f6b9fc133177d59f036c08047f28a5e4835e3ed4eaa7c33e4080d7f539ddfa05436255ed6d477569f13a640b2555d34639b8a1c22f929"}, {0xc8, 0x1, 0x3, "037a1c0013eb201e5b5990311a5c6972b0146c1dfbcabe63e5e49b77c5ca881004eed1ac97332c470409651729fe5916ae540cab5d4797af6c068a86fd4059c1ba9edde01f18babb4c371c043d5097ba8d6f5176c61d282c61f047df43f8400e48b55f9b8c99bedcf1cbaa684e5b49dba53d1587dc7cfcbf7c7182a7f8343e3629995f88c4f14bd77eb5fb068f3ac557df63804fbe8bcfc01c9a0f28a8ccc233ae818cfc07cdf328ef9bed55a03880ba1c8040f26e48d7f40ae02f"}, {0x30, 0x14, 0x3, "e9777e6880cc3d3c6dc4453e792657ea452d90528064187306e0186fb219d7144c"}, {0x24, 0x105, 0xffff, "f7bb609fe746c4a2f860d60523f5ee957a63d7e540"}], 0x224}, 0x40) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000001440)={0xaa, 0x4}) syz_open_dev$MSR(&(0x7f0000001480), 0x4, 0x0) (async) r9 = syz_open_dev$MSR(&(0x7f0000001480), 0x4, 0x0) ioctl$X86_IOC_RDMSR_REGS(r9, 0xc02063a0, &(0x7f00000014c0)=[0x5, 0x8000, 0x506, 0x7, 0x6, 0xfffffff8, 0x200, 0x1ff]) timer_create(0x3, &(0x7f0000001500)={0x0, 0x1c, 0x8cd71936a2c92b61}, &(0x7f0000001540)=0x0) clock_gettime(0x0, &(0x7f0000001580)={0x0, 0x0}) timer_settime(r10, 0x1, &(0x7f00000015c0)={{r11, r12+60000000}, {0x0, 0x3938700}}, 0x0) (async) timer_settime(r10, 0x1, &(0x7f00000015c0)={{r11, r12+60000000}, {0x0, 0x3938700}}, 0x0) r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000001600), r13) (async) syz_genetlink_get_family_id$nl802154(&(0x7f0000001600), r13) write$UHID_CREATE2(r8, &(0x7f0000001640)={0xb, {'syz1\x00', 'syz0\x00', 'syz0\x00', 0xf2, 0xa0, 0x10001, 0x8, 0xffff0207, 0x5, "a0dd3428d78ba778d42bdbc496bfa2b1d528b97540a8ee1638a6ada480a8731ea62ef3c21ebbc48f0860a68fb094ec5f1933968042a5e5280612d3540da5c0730a219bed85044ff43115ac9fd6a2a752fc4e751e631e7e78562ce167ab0eef8f6d798a7303e2197946da7931c0d3dbf9bb84b8a21d3275ecadf901ce91fe177a2c77341028be92df28f67046c930d8dc4df726426a0ac33db14655a98c51bab04ee13d9594a0a46234bf0451e3e8e7bd85cdcf1b62124d8b4393f0928a79a3746f84ceb7db2ce08d4514a7788493358c2833c5feca21a422f6f1f5890b7043acd2b75f21a64e4330a5c0744bb3e54911264d"}}, 0x20a) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r7, 0x84, 0x20, &(0x7f0000001880), &(0x7f00000018c0)=0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001b40)={r8, 0x0, 0x0, 0xa2, 0x0, &(0x7f0000001900)=""/162, 0xf, 0x0, 0xa9, 0x8b, &(0x7f00000019c0)="7492c1e8e184807da2ae61d7e2b3449018ef535ad5105c53a3f397b6d5d6989b164d7fe253ed4b514d7a659006a19b741b529d7756d449855eb9adb6f33d846156408892d311f4425e17c1b8d237c91feca0fb562e71013b181907977ef21c5abec612200b6611d0e60ebd16aeb7d1c75572ce442b58e2c4056ec88f47b217241f620c8c78c979debe576869d6075e489592ebec5582d5ad109cd9e2c72a6ce787744ead5b6cf3c994", &(0x7f0000001a80)="be3f0cfd77dd9d590d3f28f8f2b5e91b632a5a99e1f05c3bb74a57793cdda4952690529dabb95d25ba9d473756a7ea6dd68781f4d6d65f4423e52cda1226785b723799fafecaf2af667474100fd9729aab498cef0cac5dc270db2dbcc49cf7b7090d980fbaa23b8a2b5910b8f269188ff006e3cf186015e4055ad7e5c7e5eda42751ba946906f3ea44f017", 0x0, 0x0, 0xd5cb}, 0x4c) getsockopt$SO_J1939_SEND_PRIO(r6, 0x6b, 0x3, &(0x7f0000001bc0), &(0x7f0000001c00)=0x4) ioctl$AUTOFS_IOC_EXPIRE(r8, 0x810c9365, &(0x7f0000001c40)={{0x2}, 0x100, './file0\x00'}) (async) ioctl$AUTOFS_IOC_EXPIRE(r8, 0x810c9365, &(0x7f0000001c40)={{0x2}, 0x100, './file0\x00'}) gettid() eventfd(0x0) 1.465480359s ago: executing program 2 (id=1068): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = dup(r0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="5800000002060500006677d41f755ab5bec36f36000000fffff00000000000050001000600000005000500020000000900020073797a300000000005000400000000000c000780080008000000000011000300686173683a6e67742c6ef57400000000f2122e78fe66b3a79b587c39fd36357b3985176af0d2b287939a714668a7a998f1d5b5888152cebfdd8f8ac2501c542c0c4f20b0b87d036b6956f1fc450da7d9e8712a973bd56dbd3cbd97154c3fea3020c016247181fe3db36af1af83336d69ab99fc7227f11f7f597f9cfc539d8845fe4751b7d8bf317f930100000485563313ee00e4d3aaed2b18e596bdab9f7d4faa4f7a310ae898cf4dc4777b1e2bc0"], 0x58}}, 0x0) 1.465226269s ago: executing program 2 (id=1069): getrandom(0x0, 0x0, 0x3) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[], 0x124}, 0x1, 0x0, 0x0, 0x20000001}, 0xc000) 1.389966039s ago: executing program 2 (id=1070): userfaultfd(0x1) socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x3e1902, 0x0) ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f0000000140)) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000100)=0x2000004) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, &(0x7f0000000040), 0xc) r3 = socket$qrtr(0x2a, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0, 0x53}}], 0x1, 0x41, 0x0) connect$qrtr(r3, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc) ioctl$sock_qrtr_TIOCINQ(r2, 0x541b, &(0x7f0000000840)) writev(r3, &(0x7f0000000340)=[{&(0x7f0000000080)='~', 0x1}], 0x1) pwritev(r1, &(0x7f00000001c0)=[{&(0x7f00000004c0)="00214717a70700000000030600710a5e31163ceb9d04712000000005000000182ce0ab6d000041a15be2d9d13cd1cb0c238e61cfd6a5d7cd0eaa50e027db032ddbfe85e53b87eb950a450000000000000000", 0x52}], 0x1, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, 0x0, 0x8001000d, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="043e1f0a00c9000001aaaaaa"], 0x22) 1.262324088s ago: executing program 0 (id=1072): socket$netlink(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x48, 0x2, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x9}, [@CTA_STATUS_MASK={0x41}, @CTA_SYNPROXY={0x2c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0xfffffffffffffec2, 0x2, 0x1, 0x0, 0x6e}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x1}, @CTA_SYNPROXY_ITS={0x0, 0x2, 0x1, 0x0, 0x6}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x328c000}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_SYNPROXY_ISN={0x0, 0x1, 0x1, 0x0, 0x5}, @CTA_SYNPROXY_TSOFF={0x0, 0x3, 0x1, 0x0, 0x5}, @CTA_SYNPROXY_TSOFF={0x0, 0x3, 0x1, 0x0, 0x4}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x200048e5}, 0xc804) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r3, 0x1, 0x6, @multicast}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0x27}, {0xfffe, 0x6, [{0xc8, 0x7, 0xf}, {0xc9, 0x0, 0x4}, {0xc8, 0xfffc, 0xd}, {0xc9, 0x8001, 0x3ff}, {0x0, 0x4, 0x7}, {0xc9, 0x64, 0x40}]}}}, 0x2a) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010000100"/20, @ANYRES32=0x0, @ANYBLOB="00e7ff0000000000140003007465616d5f736c6176655f300000000008000a"], 0x3c}}, 0x0) 1.090974846s ago: executing program 0 (id=1073): socket$inet_mptcp(0x2, 0x1, 0x106) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r0, 0x0, 0x2b1) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f00000027c0)=';', 0x1}], 0x1}}], 0x1, 0x0) syz_usb_disconnect(0xffffffffffffffff) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000180)='veno\x00', 0x5) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_REINJECT_CONTROL(r3, 0xae71, &(0x7f0000001440)={0x40}) shutdown(r1, 0x2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x1}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x11c, &(0x7f0000000180)=0x1, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r5, 0x47ba, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="e5ff000000000000bc1008001f0000000fa00000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xff06, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) chdir(0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000008f80)={&(0x7f0000000280), 0x6e, &(0x7f0000008e00)=[{&(0x7f0000000300)=""/40, 0x28}, {&(0x7f0000008bc0)=""/251, 0xfb}, {&(0x7f0000008cc0)=""/214, 0xd6}, {&(0x7f0000008dc0)=""/7, 0x7}], 0x4, &(0x7f0000000500)=[@cred={{0x18}}, @cred={{0x18}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x118}, 0x100) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x0, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000340)=[{0x0, 0x1, 0xa, 0xb}, {0x2, 0x2, 0xf, 0x7}, {0x4, 0x2, 0x13, 0x2}, {0x0, 0x5, 0x5, 0x9}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r8 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0) kcmp(r8, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) 723.006149ms ago: executing program 3 (id=1074): socket$kcm(0x10, 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffe5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000240)) r2 = getpid() syz_pidfd_open(r2, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r3, 0x40a0ae49, &(0x7f0000000140)={0x10001, 0x6, 0x6000, 0x2000, &(0x7f000019b000/0x2000)=nil, 0xb, r0}) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f00000004c0)={0x60, 0x0, &(0x7f000023d000/0x4000)=nil, &(0x7f00004fa000/0x4000)=nil, 0x0, &(0x7f0000000ec0)=[{}], 0x1, 0x1ff, 0x0, 0x0, 0x0, 0xd}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xf, 0x0) r4 = fsopen(&(0x7f0000000100)='mqueue\x00', 0x0) r5 = openat$nullb(0xffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$BLKTRACESETUP(r5, 0xc0401273, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r4, 0x0, &(0x7f0000000040)='dirsync\x00', 0x0, 0x0) r6 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000003d80)={0x0, 0x0, &(0x7f0000002cc0)=[{&(0x7f00000019c0)="9257ef7814f0894f2b296cfd717fdb15b985ad41b78d6f84016e7f0d72ce3e5cca0ac618532d2f36345c8028e6045e736d834605386dd44d8d42b9f1683043a504fc72ceea3c88812f0df2aacb6c85f323584dc65af3959b10e904746449a87d517805de5d147a5bbf991f939c73047c2d85cf0f324903ee6a6291e705e8bced91760b6be097ed260f556538da30373c472dee51fdcaf89589034c26f29d9ee05584b8dfa2dec4369ca751d1c11b96ba56b0e3cee4f874fbd216e8dba45cf10298be39671e9c01", 0xc7}], 0x1}, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000001980)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r7}, 0x10) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b02d25a806f8c2d94f90224fc602f1a04000a740100073582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0) socket(0x2a, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x6e8d, &(0x7f00000000c0)) r8 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x0) ftruncate(r8, 0x3f) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x12, r8, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 631.379683ms ago: executing program 1 (id=1075): memfd_create(&(0x7f00000000c0)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\x90\x8bp\x10\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xac)\x81\x1e\x8a\f\x11D\x90\xf5\xbb\x1c\xac\xc7\xad\xdc\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x9d\x85\xea\x1a*\x1bC\xd8\x1c\xe8\x9bYS', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'essiv(authenc(rmd160-generic,cbc-camellia-aesni-avx2),sha1-avx)\x00'}, 0x58) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000240)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f0000000240)=""/90) bind$alg(r1, &(0x7f0000000700)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc-twofish-avx)\x00'}, 0x58) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = dup(r4) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r6, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r6, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) shutdown(r6, 0x1) recvmmsg(r6, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000003780)=[{&(0x7f0000003740)=""/4, 0x4}], 0x1}}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000003a00)=""/190, 0xbe}], 0x1}, 0x2}], 0x2, 0x40000121, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="820000000200000071000040"]) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r7) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x15c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x104, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MEDIA={0x18, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}]}]}, 0x15c}}, 0x0) sendmsg$netlink(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000001"], 0x24d8}], 0x1}, 0x0) r9 = socket(0x2b, 0x1, 0x1) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x14, r11, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) listen(r7, 0x0) connect$inet(r9, &(0x7f0000000080)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2b}}, 0x10) 451.305043ms ago: executing program 3 (id=1076): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r1, 0x0, 0x0) sendmmsg(r1, &(0x7f00000007c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x10, 0x110, 0x1, '$'}], 0x10, 0xe000}, 0x5}], 0x1, 0xfffe) close_range(r0, 0xffffffffffffffff, 0x0) 390.09725ms ago: executing program 3 (id=1077): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDGKBMODE(r2, 0x4bfa, &(0x7f0000000080)) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000e1"]) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x7, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r6}, 0x10) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r9 = dup(r8) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r9}, 0x2c, {[], [], 0x6b}}) ioctl$KDSKBSENT(r4, 0x4b49, 0x0) 203.801205ms ago: executing program 1 (id=1078): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0x200000100000011, 0x3, 0x0) epoll_create1(0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x77359400}}, 0x0) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)) (async) r0 = socket$inet6(0xa, 0x6, 0x0) getsockopt$inet6_int(r0, 0x29, 0x49, 0x0, &(0x7f00000006c0)) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[], 0x34}}, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x57) (async) ioctl$KVM_NMI(r3, 0xae9a) (async, rerun: 32) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x3, 0x8, 0x70], 0x0, 0x4000}) (rerun: 32) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async, rerun: 64) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)) (async, rerun: 64) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket$netlink(0x10, 0x3, 0xa) sendmsg$nl_xfrm(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000bc0)=@polexpire={0xb8, 0x1b, 0x800, 0x70bd2d, 0x25dfdbff, {{{@in6=@mcast1, @in=@dev={0xac, 0x14, 0x14, 0x9c}, 0x4e24, 0x4, 0x4e20, 0x4, 0xa, 0x20}, {0x5fcc6dbd, 0x5, 0xa984, 0xfffffffffffffff7, 0x1, 0x896, 0x5, 0x5}, {0x10000, 0x400000000000000, 0x936, 0x6}, 0x6, 0x6e6bb0, 0x0, 0x0, 0x1, 0x2}, 0xca}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000084}, 0x4000) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='bcache_write\x00'}, 0x18) 96.509177ms ago: executing program 3 (id=1079): r0 = syz_usb_connect(0x0, 0x3f, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x280, 0x0, 0x111, 0x4b4, 0x148, 0xd4feffff, 0x210, 0x20a, 0x278, 0x210, 0x278, 0x3, 0x0, {[{{@ipv6={@private1, @empty, [], [], 'batadv_slave_0\x00', 'wg2\x00'}, 0x0, 0xa8, 0xe8}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "d84876682c92a4d47629fcd3ef7b37abac55cee6d46a27676749efe14680"}}}, {{@uncond, 0x0, 0xa8, 0xc8}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f0000000080)=0x100000, 0x4) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1) ioctl$FS_IOC_GETVERSION(r1, 0x40025b0c, &(0x7f0000000040)) 95.629505ms ago: executing program 2 (id=1080): syz_open_dev$sg(&(0x7f0000000300), 0x0, 0x0) r0 = getpgid(0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001280), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="210500000000000000004a00000008000300", @ANYRES32=r3], 0x28}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) creat(&(0x7f0000000280)='./file1\x00', 0x8) r6 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c) recvmmsg$unix(r6, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg(r6, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) close(0xffffffffffffffff) ftruncate(0xffffffffffffffff, 0xffff) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) r7 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r5, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, 0xffffffffffffffff, 0x0) r8 = socket$tipc(0x1e, 0x2, 0x0) connect$tipc(r8, &(0x7f0000003100)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x7}}, 0x10) sendmmsg$inet(r8, &(0x7f0000002f40), 0x0, 0x40) r9 = openat$cachefiles(0xffffff9c, &(0x7f0000000040), 0x4100, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r9, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0x2c, 0x4, 0x8, 0x101, 0x0, 0x0, {0x2, 0x0, 0x5}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x9001}, 0x80) 67.89015ms ago: executing program 1 (id=1081): prctl$PR_SET_MM(0x41555856, 0xf7354000, &(0x7f0000ffa000/0x4000)=nil) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x1c, 0x1e, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x1c}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x0, 0x4, @dev, 0xd}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000300)='bbr\x00', 0x4) r2 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r2, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=1082): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x2, 0x4, 0x5c0, 0xffffffff, 0xc8, 0x4f8, 0xc8, 0xfeffffff, 0xffffffff, 0x4f8, 0x4f8, 0x4f8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [], [], 'macsec0\x00', 'rose0\x00'}, 0x2f2, 0xa4, 0xc8}, @REJECT={0x24}}, {{@uncond, 0x0, 0x1fc, 0x220, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x4, 0x0, 0x40, 0x0, 0x2, 0xf8e74ba, 0xfe8c, 0x5d8}}}]}, @common=@unspec=@CONNSECMARK={0x24}}, {{@uncond, 0x0, 0x1dc, 0x210, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@local, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @private1, @empty, @mcast1, @mcast1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @mcast2, @local, @remote, @private1, @private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2]}}]}, @common=@inet=@SET3={0x34}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x61c) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280), 0x400a00, 0x0) preadv(r2, &(0x7f0000000240)=[{0x0}], 0x1, 0x100, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x14}}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000000700)={0xc, &(0x7f0000000640)=ANY=[@ANYRES32=r2], &(0x7f00000006c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000a00)={0x24, &(0x7f0000000740)=ANY=[], &(0x7f0000000840)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000880)={0x0, 0x8, 0x1, 0xfe}, &(0x7f00000008c0)={0x20, 0x80, 0x1c, {0xd, 0x9, 0x81, 0x946a, 0x281, 0xb, 0x1, 0x4000002, 0x5, 0x5, 0x5, 0x8}}, &(0x7f0000000a40)={0x20, 0x85, 0x4, 0xd27e}, &(0x7f0000000940)={0x20, 0x83, 0x2}, &(0x7f0000000980)={0x20, 0x87, 0x2, 0x9}, &(0x7f0000000740)={0x20, 0x89, 0x2}}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={0x0}) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r5) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r6 = inotify_init1(0x0) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x163902, 0x0) read$sequencer(r7, &(0x7f0000000040)=""/85, 0x8) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f0000000140)={0x0, 0x0}) r9 = syz_open_procfs(r8, &(0x7f0000000600)='fd/4\x00') capset(0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0x8004587d, &(0x7f0000001ec0)={@desc={0x1, 0x0, @desc2}}) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, 0x0) write$binfmt_elf32(r9, &(0x7f0000000640)=ANY=[], 0xffffffffffffffc9) kernel console output (not intermixed with test programs): 518][ T7015] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 102.226071][ T7015] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 102.227510][ T6998] netlink: 8 bytes leftover after parsing attributes in process `syz.1.466'. [ 102.227769][ T7015] __do_fast_syscall_32+0x73/0x120 [ 102.231397][ T7015] do_fast_syscall_32+0x32/0x80 [ 102.232668][ T7015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 102.234302][ T7015] RIP: 0023:0xf7f34579 [ 102.235402][ T7015] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 102.240324][ T7015] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 102.242502][ T7015] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 102.244557][ T7015] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 102.246578][ T7015] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 102.248627][ T7015] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 102.250657][ T7015] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 102.252712][ T7015] [ 102.253598][ C0] vkms_vblank_simulate: vblank timer overrun [ 102.822870][ T12] tipc: Subscription rejected, illegal request [ 102.899672][ T7041] netlink: 12 bytes leftover after parsing attributes in process `syz.2.481'. [ 103.137985][ T7048] netlink: 4 bytes leftover after parsing attributes in process `syz.3.483'. [ 103.161284][ T7048] netlink: 4 bytes leftover after parsing attributes in process `syz.3.483'. [ 103.165716][ T5350] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 103.321741][ T7061] netlink: 4 bytes leftover after parsing attributes in process `syz.0.488'. [ 103.338793][ T39] audit: type=1804 audit(1729430935.144:2052): pid=7061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.488" name="/newroot/113/bus/bus" dev="overlay" ino=635 res=1 errno=0 [ 103.357936][ T7061] Invalid ELF header magic: != ELF [ 103.595791][ T830] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 103.755733][ T830] usb 5-1: unable to get BOS descriptor or descriptor too short [ 103.763737][ T830] usb 5-1: not running at top speed; connect to a high speed hub [ 103.768865][ T830] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 103.774914][ T830] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 103.778959][ T830] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 103.782185][ T830] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 103.789707][ T830] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 103.793010][ T830] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.796334][ T830] usb 5-1: Product: syz [ 103.797921][ T830] usb 5-1: Manufacturer: syz [ 103.799454][ T830] usb 5-1: SerialNumber: syz [ 104.010866][ T830] usb 5-1: 0:2 : does not exist [ 104.017138][ T830] usb 5-1: USB disconnect, device number 8 [ 104.025908][ T5342] udevd[5342]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 104.095278][ T7086] vivid-004: disconnect [ 104.097810][ T7085] vivid-004: reconnect [ 104.126277][ T5403] usb 14-1: device descriptor read/8, error -110 [ 104.288395][ T7095] netlink: 12 bytes leftover after parsing attributes in process `syz.3.501'. [ 104.526094][ T5403] usb usb14-port1: attempt power cycle [ 104.586009][ T830] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 104.735713][ T830] usb 7-1: Using ep0 maxpacket: 16 [ 104.742382][ T830] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 104.747259][ T830] usb 7-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 104.755865][ T830] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.761510][ T830] usb 7-1: config 0 descriptor?? [ 104.764940][ T830] input: bcm5974 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input8 [ 104.969337][ T7102] input: syz0 as /devices/virtual/input/input9 [ 105.033528][ T4824] bcm5974 7-1:0.0: could not read from device [ 105.041021][ T4824] bcm5974 7-1:0.0: could not read from device [ 105.044253][ T4824] bcm5974 7-1:0.0: could not read from device [ 105.046359][ T830] usb 7-1: USB disconnect, device number 6 [ 105.067296][ T7124] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 105.086367][ T5403] usb usb14-port1: unable to enumerate USB device [ 105.743049][ T7134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 105.996050][ T830] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 106.135987][ T7145] netlink: 12 bytes leftover after parsing attributes in process `syz.1.518'. [ 106.155807][ T830] usb 7-1: Using ep0 maxpacket: 8 [ 106.160202][ T830] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 106.162359][ T830] usb 7-1: config 246 descriptor has 1 excess byte, ignoring [ 106.164231][ T830] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 106.166675][ T830] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 106.169601][ T830] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 106.172417][ T830] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 106.175204][ T830] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 106.179203][ T830] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 106.181469][ T830] usb 7-1: config 246 descriptor has 1 excess byte, ignoring [ 106.183354][ T830] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 106.185801][ T830] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 106.188726][ T830] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 106.191529][ T830] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 106.194300][ T830] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 106.202751][ T830] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 106.205014][ T830] usb 7-1: config 246 descriptor has 1 excess byte, ignoring [ 106.206987][ T830] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 106.209402][ T830] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 106.212353][ T830] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 106.215211][ T830] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 106.218162][ T830] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 106.316383][ T830] usb 7-1: string descriptor 0 read error: -22 [ 106.318024][ T830] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 106.320219][ T830] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.371554][ T830] adutux 7-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 106.450042][ T7161] ======================================================= [ 106.450042][ T7161] WARNING: The mand mount option has been deprecated and [ 106.450042][ T7161] and is ignored by this kernel. Remove the mand [ 106.450042][ T7161] option from the mount to silence this warning. [ 106.450042][ T7161] ======================================================= [ 106.589665][ T7165] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 107.031460][ T7168] netlink: 4 bytes leftover after parsing attributes in process `syz.1.524'. [ 107.309402][ T5401] usb 7-1: USB disconnect, device number 7 [ 107.385823][ T7185] FAULT_INJECTION: forcing a failure. [ 107.385823][ T7185] name fail_futex, interval 1, probability 0, space 0, times 1 [ 107.390417][ T7185] CPU: 3 UID: 0 PID: 7185 Comm: syz.1.528 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 107.394139][ T7185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 107.397799][ T7185] Call Trace: [ 107.398946][ T7185] [ 107.400059][ T7185] dump_stack_lvl+0x16c/0x1f0 [ 107.401666][ T7185] should_fail_ex+0x497/0x5b0 [ 107.403293][ T7185] ? futex_top_waiter+0x1c7/0x260 [ 107.404988][ T7185] should_fail_futex+0x4c/0x60 [ 107.406748][ T7185] futex_lock_pi_atomic+0x1ba/0x980 [ 107.408617][ T7185] ? __pfx_futex_lock_pi_atomic+0x10/0x10 [ 107.410561][ T7185] ? do_raw_spin_lock+0x12d/0x2c0 [ 107.411900][ T7185] ? futex_requeue+0x2e5/0x1cf0 [ 107.413110][ T7185] ? futex_top_waiter+0x1c7/0x260 [ 107.414393][ T7185] futex_requeue+0x890/0x1cf0 [ 107.415716][ T7185] ? __pfx_futex_requeue+0x10/0x10 [ 107.417275][ T7185] ? ksys_write+0x12f/0x260 [ 107.418477][ T7185] ? find_held_lock+0x2d/0x110 [ 107.419706][ T7185] ? ksys_write+0x21e/0x260 [ 107.420897][ T7185] ? __pfx_lock_release+0x10/0x10 [ 107.422188][ T7185] ? vfs_write+0x14d/0x1140 [ 107.423535][ T7185] do_futex+0x1af/0x350 [ 107.424650][ T7185] ? __pfx_do_futex+0x10/0x10 [ 107.426251][ T7185] __ia32_sys_futex_time32+0x1da/0x460 [ 107.428083][ T7185] ? __pfx___ia32_sys_futex_time32+0x10/0x10 [ 107.430072][ T7185] ? ksys_write+0x1ad/0x260 [ 107.431617][ T7185] ? __pfx_ksys_write+0x10/0x10 [ 107.433060][ T7185] __do_fast_syscall_32+0x73/0x120 [ 107.434335][ T7185] do_fast_syscall_32+0x32/0x80 [ 107.435739][ T7185] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 107.437676][ T7185] RIP: 0023:0xf7f95579 [ 107.438740][ T7185] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 107.444169][ T7185] RSP: 002b:00000000f56c456c EFLAGS: 00000296 ORIG_RAX: 00000000000000f0 [ 107.446857][ T7185] RAX: ffffffffffffffda RBX: 000000002000cffc RCX: 000000000000000c [ 107.448923][ T7185] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000020048000 [ 107.451079][ T7185] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 107.453320][ T7185] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 107.455417][ T7185] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 107.457441][ T7185] [ 107.532469][ T7193] netlink: 'syz.1.532': attribute type 1 has an invalid length. [ 107.534478][ T7193] netlink: 88156 bytes leftover after parsing attributes in process `syz.1.532'. [ 107.574583][ T7195] netlink: 12 bytes leftover after parsing attributes in process `syz.1.533'. [ 107.725729][ T30] usb 8-1: new full-speed USB device number 4 using dummy_hcd [ 107.761988][ T7200] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(14) [ 107.763806][ T7200] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 107.766460][ T7200] vhci_hcd vhci_hcd.0: Device attached [ 107.769787][ T7202] vhci_hcd: connection closed [ 107.771908][ T1097] vhci_hcd: stop threads [ 107.774282][ T1097] vhci_hcd: release socket [ 107.775456][ T1097] vhci_hcd: disconnect device [ 107.780071][ T1097] Bluetooth: hci5: Frame reassembly failed (-84) [ 107.888870][ T30] usb 8-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid maxpacket 1536, setting to 64 [ 107.896019][ T30] usb 8-1: config 1 interface 0 has no altsetting 0 [ 107.900316][ T30] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 107.903603][ T30] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.910315][ T30] usb 8-1: Product: syz [ 107.911522][ T30] usb 8-1: Manufacturer: syz [ 107.912746][ T30] usb 8-1: SerialNumber: syz [ 107.919609][ T7189] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 108.494170][ T7211] tipc: Enabling of bearer rejected, already enabled [ 108.630154][ T7222] netlink: 'syz.1.541': attribute type 1 has an invalid length. [ 108.632706][ T7222] netlink: 88156 bytes leftover after parsing attributes in process `syz.1.541'. [ 108.729334][ T7226] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 108.770588][ T7229] netlink: 12 bytes leftover after parsing attributes in process `syz.2.544'. [ 109.658368][ T7241] tipc: Enabling of bearer rejected, failed to enable media [ 109.796158][ T5348] Bluetooth: hci5: command 0x1003 tx timeout [ 109.796289][ T5350] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 110.277454][ T7252] netlink: 64 bytes leftover after parsing attributes in process `syz.1.551'. [ 110.384651][ T7259] netlink: 4 bytes leftover after parsing attributes in process `syz.1.553'. [ 110.475825][ T9] usb 8-1: USB disconnect, device number 4 [ 110.519789][ T7267] FAULT_INJECTION: forcing a failure. [ 110.519789][ T7267] name fail_futex, interval 1, probability 0, space 0, times 0 [ 110.523718][ T7267] CPU: 0 UID: 0 PID: 7267 Comm: syz.0.555 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 110.526717][ T7267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 110.529512][ T7267] Call Trace: [ 110.530398][ T7267] [ 110.531199][ T7267] dump_stack_lvl+0x16c/0x1f0 [ 110.532487][ T7267] should_fail_ex+0x497/0x5b0 [ 110.533726][ T7267] ? __pfx___lock_acquire+0x10/0x10 [ 110.535092][ T7267] ? io_prep_async_work+0x654/0x770 [ 110.536454][ T7267] get_futex_key+0x1b1/0x1090 [ 110.537698][ T7267] ? __pfx_get_futex_key+0x10/0x10 [ 110.539051][ T7267] futex_wait_setup+0xb8/0x250 [ 110.540313][ T7267] ? __pfx_futex_wait_setup+0x10/0x10 [ 110.541859][ T7267] ? ctx_flush_and_put.constprop.0+0xca/0x410 [ 110.544095][ T7267] futex_wait_requeue_pi+0x253/0x8e0 [ 110.546030][ T7267] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 110.547703][ T7267] ? find_held_lock+0x2d/0x110 [ 110.548975][ T7267] ? _raw_spin_unlock_irq+0x23/0x50 [ 110.550350][ T7267] ? __pfx_futex_wake_mark+0x10/0x10 [ 110.551831][ T7267] do_futex+0x2b0/0x350 [ 110.552926][ T7267] ? __pfx_do_futex+0x10/0x10 [ 110.554161][ T7267] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 110.555724][ T7267] ? arch_do_signal_or_restart+0x212/0x7e0 [ 110.557251][ T7267] __ia32_sys_futex_time32+0x1da/0x460 [ 110.558693][ T7267] ? xfd_validate_state+0x5d/0x180 [ 110.560050][ T7267] ? __pfx___ia32_sys_futex_time32+0x10/0x10 [ 110.561743][ T7267] do_int80_emulation+0x104/0x200 [ 110.563596][ T7267] asm_int80_emulation+0x1a/0x20 [ 110.565191][ T7267] RIP: 0023:0xf7f34579 [ 110.566258][ T7267] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 110.571213][ T7267] RSP: 002b:00000000f569556c EFLAGS: 00000296 ORIG_RAX: 00000000000000f0 [ 110.573418][ T7267] RAX: ffffffffffffffda RBX: 000000002000cffc RCX: 000000000000000b [ 110.575498][ T7267] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020048000 [ 110.577656][ T7267] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 110.579717][ T7267] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 110.581904][ T7267] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 110.584681][ T7267] [ 110.606006][ T7271] tipc: Enabling of bearer rejected, failed to enable media [ 110.690335][ T7280] @: renamed from vlan0 (while UP) [ 110.697980][ T7280] netlink: 'syz.0.561': attribute type 4 has an invalid length. [ 110.971808][ T7292] fuse: Bad value for 'fd' [ 111.230027][ C1] Adjusting tsc more than 11% (5229281 vs 7162514) [ 111.808369][ T7308] netlink: 'syz.1.569': attribute type 3 has an invalid length. [ 111.817523][ T7308] netlink: 666 bytes leftover after parsing attributes in process `syz.1.569'. [ 111.842892][ T7313] FAULT_INJECTION: forcing a failure. [ 111.842892][ T7313] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.846494][ T7313] CPU: 3 UID: 0 PID: 7313 Comm: syz.1.570 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 111.849199][ T7313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 111.851943][ T7313] Call Trace: [ 111.852828][ T7313] [ 111.853612][ T7313] dump_stack_lvl+0x16c/0x1f0 [ 111.854878][ T7313] should_fail_ex+0x497/0x5b0 [ 111.856129][ T7313] _copy_from_iter+0x29b/0x13e0 [ 111.857420][ T7313] ? __pfx__copy_from_iter+0x10/0x10 [ 111.858814][ T7313] ? __virt_addr_valid+0x1a4/0x590 [ 111.860165][ T7313] ? __virt_addr_valid+0x5e/0x590 [ 111.861538][ T7313] ? const_folio_flags.constprop.0+0x56/0x150 [ 111.863142][ T7313] ? __phys_addr_symbol+0x30/0x80 [ 111.864455][ T7313] ? __check_object_size+0x488/0x710 [ 111.865837][ T7313] sctp_user_addto_chunk+0x87/0x230 [ 111.867207][ T7313] sctp_datamsg_from_user+0x5b3/0x1320 [ 111.868634][ T7313] sctp_sendmsg_to_asoc+0xafd/0x1ad0 [ 111.870017][ T7313] ? sctp_assoc_add_peer+0x254/0x14b0 [ 111.871433][ T7313] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 111.872921][ T7313] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 111.874445][ T7313] ? lock_acquire+0x2f/0xb0 [ 111.875646][ T7313] ? sctp_endpoint_lookup_assoc+0xac/0x2a0 [ 111.877171][ T7313] sctp_sendmsg+0x129c/0x1f10 [ 111.878410][ T7313] ? __pfx___lock_acquire+0x10/0x10 [ 111.879788][ T7313] ? __pfx_sctp_sendmsg+0x10/0x10 [ 111.881146][ T7313] ? lock_acquire+0x2f/0xb0 [ 111.882342][ T7313] ? __pfx_aa_sk_perm+0x10/0x10 [ 111.883628][ T7313] ? __pfx_sctp_sendmsg+0x10/0x10 [ 111.884930][ T7313] inet_sendmsg+0x119/0x140 [ 111.886134][ T7313] __sys_sendto+0x426/0x4d0 [ 111.887347][ T7313] ? __pfx___sys_sendto+0x10/0x10 [ 111.888675][ T7313] ? ksys_write+0x1ad/0x260 [ 111.889872][ T7313] ? __pfx_ksys_write+0x10/0x10 [ 111.891155][ T7313] __ia32_sys_sendto+0xdd/0x1b0 [ 111.892437][ T7313] ? lockdep_hardirqs_on+0x7c/0x110 [ 111.893802][ T7313] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 111.895513][ T7313] __do_fast_syscall_32+0x73/0x120 [ 111.896866][ T7313] do_fast_syscall_32+0x32/0x80 [ 111.898144][ T7313] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 111.899803][ T7313] RIP: 0023:0xf7f95579 [ 111.900917][ T7313] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 111.905967][ T7313] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 111.908169][ T7313] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020847fff [ 111.910220][ T7313] RDX: 0000000000034000 RSI: 00000000000000e0 RDI: 000000002005ffe4 [ 111.912283][ T7313] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 111.914330][ T7313] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 111.916383][ T7313] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 111.918442][ T7313] [ 111.962239][ T7319] netlink: 80 bytes leftover after parsing attributes in process `syz.0.573'. [ 111.964613][ T7319] netlink: 80 bytes leftover after parsing attributes in process `syz.0.573'. [ 111.985916][ T7321] FAULT_INJECTION: forcing a failure. [ 111.985916][ T7321] name failslab, interval 1, probability 0, space 0, times 0 [ 111.989196][ T7321] CPU: 3 UID: 0 PID: 7321 Comm: syz.1.574 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 111.991934][ T7321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 111.994718][ T7321] Call Trace: [ 111.995600][ T7321] [ 111.996570][ T7321] dump_stack_lvl+0x16c/0x1f0 [ 111.997878][ T7321] should_fail_ex+0x497/0x5b0 [ 111.999134][ T7321] ? fs_reclaim_acquire+0xae/0x150 [ 112.000480][ T7321] should_failslab+0xc2/0x120 [ 112.001772][ T7321] kmem_cache_alloc_node_noprof+0x71/0x310 [ 112.003313][ T7321] ? __alloc_skb+0x2b3/0x380 [ 112.004537][ T7321] __alloc_skb+0x2b3/0x380 [ 112.005718][ T7321] ? __pfx___alloc_skb+0x10/0x10 [ 112.006370][ T7323] netlink: 12 bytes leftover after parsing attributes in process `syz.0.575'. [ 112.007030][ T7321] ? aa_sk_perm+0x2f5/0xb20 [ 112.010563][ T7321] ? __might_fault+0x13b/0x190 [ 112.011846][ T7321] ? __pfx_aa_sk_perm+0x10/0x10 [ 112.013146][ T7321] pfkey_sendmsg+0x16e/0x840 [ 112.014377][ T7321] ____sys_sendmsg+0x9ae/0xb40 [ 112.015651][ T7321] ? __pfx_____sys_sendmsg+0x10/0x10 [ 112.017175][ T7321] ? get_compat_msghdr+0x11b/0x170 [ 112.018519][ T7321] ? __pfx___lock_acquire+0x10/0x10 [ 112.019923][ T7321] ___sys_sendmsg+0x135/0x1e0 [ 112.021205][ T7321] ? __pfx____sys_sendmsg+0x10/0x10 [ 112.022582][ T7321] ? lock_acquire+0x2f/0xb0 [ 112.023795][ T7321] ? __fget_files+0x40/0x3f0 [ 112.025021][ T7321] ? __pfx___might_resched+0x10/0x10 [ 112.026408][ T7321] ? fdget+0x176/0x210 [ 112.027504][ T7321] __sys_sendmmsg+0x2a5/0x450 [ 112.028752][ T7321] ? __pfx___sys_sendmmsg+0x10/0x10 [ 112.030117][ T7321] ? vfs_write+0x14d/0x1140 [ 112.031327][ T7321] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 112.032930][ T7321] ? fput+0x30/0x390 [ 112.033963][ T7321] ? ksys_write+0x1ad/0x260 [ 112.035162][ T7321] ? __pfx_ksys_write+0x10/0x10 [ 112.036440][ T7321] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 112.037914][ T7321] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 112.039630][ T7321] __do_fast_syscall_32+0x73/0x120 [ 112.041007][ T7321] do_fast_syscall_32+0x32/0x80 [ 112.042281][ T7321] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 112.043957][ T7321] RIP: 0023:0xf7f95579 [ 112.045035][ T7321] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 112.050005][ T7321] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 112.052185][ T7321] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 112.054243][ T7321] RDX: 00000000000002c8 RSI: 0000000000000000 RDI: 0000000000000000 [ 112.056301][ T7321] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 112.058358][ T7321] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 112.060425][ T7321] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 112.062531][ T7321] [ 112.204498][ T7338] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 112.425926][ T1097] Bluetooth: Error in BCSP hdr checksum [ 113.062200][ T7366] netlink: 'syz.1.592': attribute type 1 has an invalid length. [ 113.064246][ T7366] netlink: 88156 bytes leftover after parsing attributes in process `syz.1.592'. [ 114.263873][ T7398] netlink: 12 bytes leftover after parsing attributes in process `syz.1.601'. [ 114.315341][ T7406] netlink: 'syz.3.602': attribute type 1 has an invalid length. [ 114.317335][ T7406] netlink: 88156 bytes leftover after parsing attributes in process `syz.3.602'. [ 114.365790][ T7415] netlink: 12 bytes leftover after parsing attributes in process `syz.3.603'. [ 114.808365][ T5350] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 114.893070][ T7440] syzkaller0: entered promiscuous mode [ 114.894608][ T7440] syzkaller0: entered allmulticast mode [ 114.899211][ T1097] syzkaller0: tun_net_xmit 48 [ 114.904206][ T7440] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 114.905924][ T7440] syzkaller0: Linktype set failed because interface is up [ 116.598250][ T7451] __nla_validate_parse: 1 callbacks suppressed [ 116.598261][ T7451] netlink: 14 bytes leftover after parsing attributes in process `syz.1.606'. [ 116.603447][ T7454] netlink: 'syz.1.606': attribute type 10 has an invalid length. [ 116.607785][ T7454] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 116.669928][ T7462] netlink: 'syz.3.611': attribute type 1 has an invalid length. [ 116.671870][ T7462] netlink: 88156 bytes leftover after parsing attributes in process `syz.3.611'. [ 116.786976][ T7474] netlink: 'syz.0.623': attribute type 1 has an invalid length. [ 116.798549][ T7474] netlink: 88156 bytes leftover after parsing attributes in process `syz.0.623'. [ 116.860712][ T7476] fuse: Bad value for 'fd' [ 116.907884][ T7480] netlink: 'syz.3.625': attribute type 1 has an invalid length. [ 116.912954][ T7480] netlink: 88156 bytes leftover after parsing attributes in process `syz.3.625'. [ 117.481467][ T7492] netlink: 12 bytes leftover after parsing attributes in process `syz.3.619'. [ 118.236623][ T7515] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 118.303794][ T1424] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 118.477280][ T1424] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 118.479864][ T1424] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.481976][ T1424] usb 7-1: Product: syz [ 118.483122][ T1424] usb 7-1: Manufacturer: syz [ 118.484429][ T1424] usb 7-1: SerialNumber: syz [ 118.501736][ T1424] usb 7-1: config 0 descriptor?? [ 118.545903][ T7523] netlink: 'syz.0.630': attribute type 10 has an invalid length. [ 118.548626][ T7523] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.551952][ T7523] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.560790][ T7523] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.563364][ T7523] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.566100][ T7523] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.568720][ T7523] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.572897][ T7523] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 118.575393][ T7520] netlink: 8 bytes leftover after parsing attributes in process `syz.3.629'. [ 118.581482][ T7520] netlink: 40 bytes leftover after parsing attributes in process `syz.3.629'. [ 118.595710][ T7520] netlink: 36 bytes leftover after parsing attributes in process `syz.3.629'. [ 118.598115][ T7520] netlink: 16 bytes leftover after parsing attributes in process `syz.3.629'. [ 118.601141][ T7520] netlink: 36 bytes leftover after parsing attributes in process `syz.3.629'. [ 118.638127][ T5350] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 118.738023][ T5406] usb 7-1: USB disconnect, device number 8 [ 119.215763][ T7534] netlink: 'syz.1.633': attribute type 1 has an invalid length. [ 120.563309][ T7561] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 120.977300][ T39] audit: type=1326 audit(1729430951.586:2053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7578 comm="syz.2.646" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x0 [ 121.087125][ T7580] FAULT_INJECTION: forcing a failure. [ 121.087125][ T7580] name failslab, interval 1, probability 0, space 0, times 0 [ 121.091302][ T7580] CPU: 1 UID: 0 PID: 7580 Comm: syz.2.646 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 121.094727][ T7580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 121.097720][ T7580] Call Trace: [ 121.098758][ T7580] [ 121.099805][ T7580] dump_stack_lvl+0x16c/0x1f0 [ 121.101458][ T7580] should_fail_ex+0x497/0x5b0 [ 121.103020][ T7580] ? fs_reclaim_acquire+0xae/0x150 [ 121.104397][ T7580] should_failslab+0xc2/0x120 [ 121.105738][ T7580] kmem_cache_alloc_lru_noprof+0x72/0x2f0 [ 121.107315][ T7580] ? proc_alloc_inode+0x25/0x200 [ 121.108705][ T7580] ? __pfx_proc_alloc_inode+0x10/0x10 [ 121.110122][ T7580] proc_alloc_inode+0x25/0x200 [ 121.111402][ T7580] alloc_inode+0x5d/0x230 [ 121.112672][ T7580] new_inode+0x22/0x210 [ 121.113822][ T7580] proc_pid_make_inode+0x22/0x160 [ 121.115320][ T7580] proc_pident_instantiate+0x85/0x320 [ 121.116776][ T7580] proc_tgid_base_lookup+0x214/0x280 [ 121.118192][ T7580] __lookup_slow+0x24f/0x460 [ 121.119443][ T7580] ? __pfx___lookup_slow+0x10/0x10 [ 121.120804][ T7580] ? walk_component+0x342/0x5b0 [ 121.122097][ T7580] ? lookup_fast+0x155/0x540 [ 121.123360][ T7580] walk_component+0x350/0x5b0 [ 121.124662][ T7580] link_path_walk.part.0.constprop.0+0x669/0xd40 [ 121.126550][ T7580] path_openat+0x228/0x2d60 [ 121.127978][ T7580] ? __lock_acquire+0x163e/0x3ce0 [ 121.129351][ T7580] ? __pfx_path_openat+0x10/0x10 [ 121.130653][ T7580] ? __pfx___lock_acquire+0x10/0x10 [ 121.132009][ T7580] do_filp_open+0x1dc/0x430 [ 121.133196][ T7580] ? __pfx_do_filp_open+0x10/0x10 [ 121.134512][ T7580] ? find_held_lock+0x2d/0x110 [ 121.135760][ T7580] ? __pfx_kfree_link+0x10/0x10 [ 121.137031][ T7580] ? _raw_spin_unlock+0x28/0x50 [ 121.138300][ T7580] ? alloc_fd+0x2d7/0x6c0 [ 121.139440][ T7580] do_sys_openat2+0x17a/0x1e0 [ 121.140666][ T7580] ? __pfx_do_sys_openat2+0x10/0x10 [ 121.142011][ T7580] ? __fget_files+0x244/0x3f0 [ 121.143256][ T7580] __ia32_compat_sys_openat+0x16e/0x210 [ 121.144687][ T7580] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 121.146259][ T7580] ? ksys_write+0x1ad/0x260 [ 121.147449][ T7580] __do_fast_syscall_32+0x73/0x120 [ 121.148773][ T7580] do_fast_syscall_32+0x32/0x80 [ 121.150037][ T7580] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 121.151678][ T7580] RIP: 0023:0xf7fd6579 [ 121.152734][ T7580] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 121.157657][ T7580] RSP: 002b:00000000f57354a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000127 [ 121.159722][ T7580] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f57354f0 [ 121.161668][ T7580] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f745bff4 [ 121.163658][ T7580] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 121.165693][ T7580] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 121.167732][ T7580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 121.169727][ T7580] [ 121.801425][ T7604] netlink: 'syz.3.655': attribute type 10 has an invalid length. [ 121.803675][ T7604] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.806653][ T7604] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.811485][ T7604] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.813319][ T7604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.815270][ T7604] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.817121][ T7604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.820382][ T7604] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 122.654245][ T7625] binder: BINDER_SET_CONTEXT_MGR already set [ 122.657002][ T7625] binder: 7624:7625 ioctl 4018620d 20000040 returned -16 [ 122.659612][ T7625] binder: 7624:7625 ioctl c0306201 200003c0 returned -22 [ 122.779127][ T7628] __nla_validate_parse: 10 callbacks suppressed [ 122.779138][ T7628] netlink: 12 bytes leftover after parsing attributes in process `syz.0.662'. [ 122.992248][ T7635] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 123.009069][ T7635] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 123.416859][ T7640] netlink: 14 bytes leftover after parsing attributes in process `syz.3.664'. [ 123.419919][ T7640] netlink: 'syz.3.664': attribute type 10 has an invalid length. [ 123.633789][ T7640] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 123.820060][ T7642] netlink: 'syz.1.665': attribute type 10 has an invalid length. [ 123.824225][ T7642] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.826228][ T7642] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.830087][ T7642] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.831929][ T7642] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.834193][ T7642] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.836062][ T7642] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.839404][ T7642] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 123.897840][ T5350] Bluetooth: hci3: unexpected event for opcode 0x1005 [ 123.999206][ T7650] netlink: 12 bytes leftover after parsing attributes in process `syz.1.668'. [ 124.323674][ T7653] netlink: 12 bytes leftover after parsing attributes in process `syz.3.669'. [ 124.939045][ T7668] netlink: 12 bytes leftover after parsing attributes in process `syz.1.673'. [ 125.039609][ T7671] netlink: 36 bytes leftover after parsing attributes in process `syz.0.672'. [ 125.042631][ T7671] netlink: 16 bytes leftover after parsing attributes in process `syz.0.672'. [ 125.045636][ T7671] netlink: 36 bytes leftover after parsing attributes in process `syz.0.672'. [ 125.048762][ T7671] netlink: 36 bytes leftover after parsing attributes in process `syz.0.672'. [ 125.338719][ T7681] netlink: 8 bytes leftover after parsing attributes in process `syz.0.676'. [ 125.365347][ T7684] FAULT_INJECTION: forcing a failure. [ 125.365347][ T7684] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 125.380022][ T7684] CPU: 3 UID: 0 PID: 7684 Comm: syz.0.677 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 125.383099][ T7684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 125.385863][ T7684] Call Trace: [ 125.386945][ T7684] [ 125.387727][ T7684] dump_stack_lvl+0x16c/0x1f0 [ 125.388956][ T7684] should_fail_ex+0x497/0x5b0 [ 125.390182][ T7684] _copy_from_user+0x30/0xf0 [ 125.391409][ T7684] input_event_from_user+0x22d/0x3b0 [ 125.392809][ T7684] ? __pfx_input_event_from_user+0x10/0x10 [ 125.394336][ T7684] ? input_inject_event+0x193/0x370 [ 125.395704][ T7684] evdev_write+0x377/0x750 [ 125.396872][ T7684] ? __pfx_evdev_write+0x10/0x10 [ 125.398164][ T7684] ? bpf_lsm_file_permission+0x9/0x10 [ 125.399591][ T7684] ? security_file_permission+0x71/0x210 [ 125.401077][ T7684] ? __pfx_evdev_write+0x10/0x10 [ 125.402343][ T7684] vfs_write+0x28e/0x1140 [ 125.403438][ T7684] ? __fget_files+0x23a/0x3f0 [ 125.404661][ T7684] ? __pfx_lock_release+0x10/0x10 [ 125.405979][ T7684] ? trace_lock_acquire+0x14a/0x1d0 [ 125.407330][ T7684] ? __pfx_vfs_write+0x10/0x10 [ 125.408575][ T7684] ? lock_acquire+0x2f/0xb0 [ 125.409761][ T7684] ? __fget_files+0x40/0x3f0 [ 125.410973][ T7684] ? __fget_files+0x244/0x3f0 [ 125.412228][ T7684] ksys_write+0x1fa/0x260 [ 125.413354][ T7684] ? __pfx_ksys_write+0x10/0x10 [ 125.414649][ T7684] __do_fast_syscall_32+0x73/0x120 [ 125.415992][ T7684] do_fast_syscall_32+0x32/0x80 [ 125.417263][ T7684] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 125.418922][ T7684] RIP: 0023:0xf7f34579 [ 125.420148][ T7684] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 125.425157][ T7684] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 125.427327][ T7684] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 125.429417][ T7684] RDX: 00000000000012d8 RSI: 0000000000000000 RDI: 0000000000000000 [ 125.431470][ T7684] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 125.433528][ T7684] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 125.435572][ T7684] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 125.437630][ T7684] [ 125.438476][ C3] vkms_vblank_simulate: vblank timer overrun [ 125.496952][ T7686] netlink: 'syz.2.678': attribute type 1 has an invalid length. [ 125.956121][ T7696] netlink: 'syz.2.681': attribute type 1 has an invalid length. [ 126.996676][ T39] audit: type=1326 audit(1729430957.171:2054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7717 comm="syz.2.686" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 127.002441][ T39] audit: type=1326 audit(1729430957.180:2055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7717 comm="syz.2.686" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 127.008115][ T39] audit: type=1326 audit(1729430957.180:2056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7717 comm="syz.2.686" exe="/syz-executor" sig=0 arch=40000003 syscall=395 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 127.014852][ T39] audit: type=1326 audit(1729430957.190:2057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7717 comm="syz.2.686" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 127.022595][ T39] audit: type=1326 audit(1729430957.208:2058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7717 comm="syz.2.686" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 127.028215][ T39] audit: type=1326 audit(1729430957.208:2059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7717 comm="syz.2.686" exe="/syz-executor" sig=0 arch=40000003 syscall=397 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 127.038368][ T39] audit: type=1326 audit(1729430957.218:2060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7717 comm="syz.2.686" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 127.045174][ T39] audit: type=1326 audit(1729430957.218:2061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7717 comm="syz.2.686" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 127.050811][ T39] audit: type=1326 audit(1729430957.218:2062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7717 comm="syz.2.686" exe="/syz-executor" sig=0 arch=40000003 syscall=397 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 127.056465][ T39] audit: type=1326 audit(1729430957.218:2063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7717 comm="syz.2.686" exe="/syz-executor" sig=0 arch=40000003 syscall=397 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 127.260363][ T7733] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 128.484949][ T7754] __nla_validate_parse: 9 callbacks suppressed [ 128.484960][ T7754] netlink: 12 bytes leftover after parsing attributes in process `syz.0.697'. [ 128.520720][ T7756] nftables ruleset with unbound chain [ 128.550441][ T7760] netlink: 8 bytes leftover after parsing attributes in process `syz.3.699'. [ 129.547187][ T7772] netlink: 'syz.1.709': attribute type 1 has an invalid length. [ 129.549434][ T7772] netlink: 88156 bytes leftover after parsing attributes in process `syz.1.709'. [ 130.077997][ T7765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.151102][ T64] IPVS: starting estimator thread 0... [ 130.255355][ T7786] IPVS: using max 38 ests per chain, 91200 per kthread [ 131.164086][ T7799] netlink: 4 bytes leftover after parsing attributes in process `syz.0.708'. [ 132.282823][ T7829] syz.0.719: vmalloc error: size 32768, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 132.287453][ T7829] CPU: 0 UID: 0 PID: 7829 Comm: syz.0.719 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 132.290178][ T7829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 132.292953][ T7829] Call Trace: [ 132.293836][ T7829] [ 132.294626][ T7829] dump_stack_lvl+0x16c/0x1f0 [ 132.295870][ T7829] warn_alloc+0x24d/0x3a0 [ 132.297008][ T7829] ? __pfx_warn_alloc+0x10/0x10 [ 132.298290][ T7829] ? policy_nodemask+0xea/0x4e0 [ 132.299713][ T7829] ? alloc_pages_mpol_noprof+0x315/0x610 [ 132.301186][ T7829] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 132.302789][ T7829] ? __pfx___might_resched+0x10/0x10 [ 132.304167][ T7829] __vmalloc_node_range_noprof+0x1326/0x15a0 [ 132.305733][ T7829] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 132.307077][ T7829] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 132.308730][ T7829] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 132.310072][ T7829] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 132.311504][ T7829] vmalloc_user_noprof+0x6b/0x90 [ 132.312803][ T7829] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 132.314130][ T7829] vb2_vmalloc_alloc+0x11e/0x3d0 [ 132.315435][ T7829] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 132.316975][ T7829] __vb2_queue_alloc+0x896/0x1230 [ 132.318384][ T7829] vb2_core_reqbufs+0xa73/0xfb0 [ 132.319737][ T7829] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 132.321203][ T7829] __vb2_init_fileio+0x3f3/0x1110 [ 132.322541][ T7829] ? trace_contention_end+0xea/0x140 [ 132.323907][ T7829] __vb2_perform_fileio+0x9de/0x1620 [ 132.325285][ T7829] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 132.326779][ T7829] vb2_fop_read+0x213/0x3e0 [ 132.327969][ T7829] v4l2_read+0x226/0x360 [ 132.329083][ T7829] ? __pfx_v4l2_read+0x10/0x10 [ 132.330331][ T7829] vfs_read+0x1ce/0xbd0 [ 132.331451][ T7829] ? __fget_files+0x23a/0x3f0 [ 132.333060][ T7829] ? __pfx_lock_release+0x10/0x10 [ 132.334439][ T7829] ? trace_lock_acquire+0x14a/0x1d0 [ 132.335800][ T7829] ? __pfx_vfs_read+0x10/0x10 [ 132.337029][ T7829] ? lock_acquire+0x2f/0xb0 [ 132.338217][ T7829] ? __fget_files+0x40/0x3f0 [ 132.339433][ T7829] ? __fget_files+0x244/0x3f0 [ 132.340672][ T7829] ksys_read+0x12f/0x260 [ 132.341783][ T7829] ? __pfx_ksys_read+0x10/0x10 [ 132.343063][ T7829] __do_fast_syscall_32+0x73/0x120 [ 132.344414][ T7829] do_fast_syscall_32+0x32/0x80 [ 132.345696][ T7829] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.347354][ T7829] RIP: 0023:0xf7f34579 [ 132.348416][ T7829] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 132.353341][ T7829] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 132.355487][ T7829] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000200 [ 132.357520][ T7829] RDX: 00000000ffffff42 RSI: 0000000000000000 RDI: 0000000000000000 [ 132.359554][ T7829] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 132.361585][ T7829] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 132.363731][ T7829] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 132.365860][ T7829] [ 132.369026][ T7829] Mem-Info: [ 132.369893][ T7829] active_anon:11306 inactive_anon:2063 isolated_anon:0 [ 132.369893][ T7829] active_file:5389 inactive_file:46855 isolated_file:0 [ 132.369893][ T7829] unevictable:2807 dirty:383 writeback:0 [ 132.369893][ T7829] slab_reclaimable:7712 slab_unreclaimable:60034 [ 132.369893][ T7829] mapped:26965 shmem:9817 pagetables:720 [ 132.369893][ T7829] sec_pagetables:308 bounce:0 [ 132.369893][ T7829] kernel_misc_reclaimable:0 [ 132.369893][ T7829] free:41397 free_pcp:9961 free_cma:0 [ 132.383364][ T7829] Node 0 active_anon:10608kB inactive_anon:4284kB active_file:0kB inactive_file:1248kB unevictable:4280kB isolated(anon):0kB isolated(file):0kB mapped:15968kB dirty:16kB writeback:0kB shmem:15704kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9308kB pagetables:1168kB sec_pagetables:1176kB all_unreclaimable? no [ 132.391916][ T7829] Node 1 active_anon:41652kB inactive_anon:0kB active_file:20324kB inactive_file:187404kB unevictable:6948kB isolated(anon):0kB isolated(file):0kB mapped:94992kB dirty:1516kB writeback:0kB shmem:26664kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:2260kB pagetables:1712kB sec_pagetables:56kB all_unreclaimable? no [ 132.400424][ T7829] Node 0 DMA free:2796kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:16kB inactive_anon:0kB active_file:0kB inactive_file:16kB unevictable:688kB writepending:16kB present:15992kB managed:15360kB mlocked:688kB bounce:0kB free_pcp:516kB local_pcp:80kB free_cma:0kB [ 132.407925][ T7829] lowmem_reserve[]: 0 273 0 0 0 [ 132.409216][ T7829] Node 0 DMA32 free:17760kB boost:0kB min:13904kB low:17380kB high:20856kB reserved_highatomic:2048KB active_anon:9548kB inactive_anon:5220kB active_file:784kB inactive_file:448kB unevictable:3592kB writepending:0kB present:1032196kB managed:306284kB mlocked:2092kB bounce:0kB free_pcp:4396kB local_pcp:184kB free_cma:0kB [ 132.417203][ T7829] lowmem_reserve[]: 0 0 0 0 0 [ 132.418475][ T7829] Node 1 DMA32 free:137212kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:45252kB inactive_anon:0kB active_file:20324kB inactive_file:187404kB unevictable:6948kB writepending:1516kB present:1048432kB managed:948252kB mlocked:5412kB bounce:0kB free_pcp:36084kB local_pcp:7316kB free_cma:0kB [ 132.426420][ T7829] lowmem_reserve[]: 0 0 0 0 0 [ 132.428236][ T7829] Node 0 DMA: 11*4kB (UE) 45*8kB (U) 135*16kB (UE) 8*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2820kB [ 132.432186][ T7829] Node 0 DMA32: 277*4kB (UMH) 318*8kB (UMEH) 121*16kB (UMEH) 69*32kB (UEH) 56*64kB (UME) 8*128kB (UE) 12*256kB (UME) 4*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 17524kB [ 132.436871][ T7829] Node 1 DMA32: 2*4kB (ME) 9*8kB (ME) 48*16kB (UE) 6*32kB (UE) 48*64kB (UE) 50*128kB (UME) 40*256kB (UME) 39*512kB (UME) 6*1024kB (UME) 12*2048kB (UME) 16*4096kB (UM) = 136976kB [ 132.442529][ T7829] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 132.445033][ T7829] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 132.447813][ T7829] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 132.450764][ T7829] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 132.453271][ T7829] 64023 total pagecache pages [ 132.454546][ T7829] 112 pages in swap cache [ 132.455715][ T7829] Free swap = 120056kB [ 132.456848][ T7829] Total swap = 124996kB [ 132.457979][ T7829] 524155 pages RAM [ 132.459104][ T7829] 0 pages HighMem/MovableOnly [ 132.460937][ T7829] 206681 pages reserved [ 132.462157][ T7829] 0 pages cma reserved [ 132.500433][ T7836] netlink: 12 bytes leftover after parsing attributes in process `syz.0.722'. [ 132.968060][ T7844] FAULT_INJECTION: forcing a failure. [ 132.968060][ T7844] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 132.971563][ T7844] CPU: 3 UID: 0 PID: 7844 Comm: syz.3.725 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 132.974356][ T7844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 132.977133][ T7844] Call Trace: [ 132.978010][ T7844] [ 132.978796][ T7844] dump_stack_lvl+0x16c/0x1f0 [ 132.980037][ T7844] should_fail_ex+0x497/0x5b0 [ 132.981273][ T7844] _copy_to_iter+0x29b/0x13e0 [ 132.982530][ T7844] ? chacha_block_generic+0x181/0x260 [ 132.983935][ T7844] ? __pfx__copy_to_iter+0x10/0x10 [ 132.985269][ T7844] ? lockdep_hardirqs_on+0x7c/0x110 [ 132.986656][ T7844] ? crng_make_state+0x48e/0x6d0 [ 132.987959][ T7844] get_random_bytes_user+0x180/0x3c0 [ 132.989344][ T7844] ? __pfx_get_random_bytes_user+0x10/0x10 [ 132.990885][ T7844] ? __mutex_unlock_slowpath+0x164/0x650 [ 132.992371][ T7844] __ia32_sys_getrandom+0x187/0x2b0 [ 132.993735][ T7844] ? __pfx___ia32_sys_getrandom+0x10/0x10 [ 132.995269][ T7844] __do_fast_syscall_32+0x73/0x120 [ 132.996654][ T7844] do_fast_syscall_32+0x32/0x80 [ 132.997936][ T7844] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.999600][ T7844] RIP: 0023:0xf73ce579 [ 133.000676][ T7844] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 133.005684][ T7844] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000163 [ 133.007883][ T7844] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00000000ffffff9a [ 133.009976][ T7844] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 133.012068][ T7844] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 133.014113][ T7844] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 133.016186][ T7844] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 133.018244][ T7844] [ 133.123062][ T7846] netlink: 12 bytes leftover after parsing attributes in process `syz.3.726'. [ 133.395223][ T7852] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 133.433963][ T7852] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 133.545714][ T7858] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 133.843275][ T5350] Bluetooth: hci3: connection err: -111 [ 134.234080][ T1376] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.236380][ T1376] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.799864][ T7883] netlink: 12 bytes leftover after parsing attributes in process `syz.0.746'. [ 136.049787][ T7905] netlink: 12 bytes leftover after parsing attributes in process `syz.0.742'. [ 136.559810][ T7910] netlink: 12 bytes leftover after parsing attributes in process `syz.2.743'. [ 136.663530][ T7914] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 137.004145][ T7918] netlink: 'syz.0.745': attribute type 1 has an invalid length. [ 137.006999][ T7918] netlink: 88156 bytes leftover after parsing attributes in process `syz.0.745'. [ 137.903685][ T7939] netlink: 12 bytes leftover after parsing attributes in process `syz.2.752'. [ 137.951612][ T7941] netlink: 12 bytes leftover after parsing attributes in process `syz.1.753'. [ 138.833590][ T7953] netlink: 12 bytes leftover after parsing attributes in process `syz.2.755'. [ 138.936209][ T7955] netlink: 'syz.1.756': attribute type 1 has an invalid length. [ 138.942152][ T7955] netlink: 88156 bytes leftover after parsing attributes in process `syz.1.756'. [ 139.011707][ T7960] netlink: 12 bytes leftover after parsing attributes in process `syz.1.757'. [ 139.758708][ T7967] netlink: 12 bytes leftover after parsing attributes in process `syz.0.766'. [ 139.817457][ T7968] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 139.872427][ T7968] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 139.949224][ T7973] tipc: Enabling of bearer rejected, already enabled [ 140.350830][ T7980] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 140.800286][ T7983] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 141.235203][ T7985] netlink: 'syz.2.765': attribute type 1 has an invalid length. [ 141.237138][ T7985] netlink: 88156 bytes leftover after parsing attributes in process `syz.2.765'. [ 141.258266][ T7987] netlink: 12 bytes leftover after parsing attributes in process `syz.1.764'. [ 141.268495][ T7989] netlink: 12 bytes leftover after parsing attributes in process `syz.2.767'. [ 141.745965][ T5350] Bluetooth: hci1: connection err: -111 [ 142.222849][ T8000] netlink: 'syz.1.769': attribute type 1 has an invalid length. [ 142.225269][ T8000] netlink: 88156 bytes leftover after parsing attributes in process `syz.1.769'. [ 142.310650][ T8004] netlink: 12 bytes leftover after parsing attributes in process `syz.2.771'. [ 142.453718][ T5348] Bluetooth: hci5: sending frame failed (-49) [ 142.456077][ T5350] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 143.246040][ T8014] netlink: 'syz.0.781': attribute type 1 has an invalid length. [ 143.248102][ T8014] netlink: 88156 bytes leftover after parsing attributes in process `syz.0.781'. [ 143.283025][ T8012] netlink: 'syz.2.772': attribute type 1 has an invalid length. [ 143.285070][ T8012] netlink: 88156 bytes leftover after parsing attributes in process `syz.2.772'. [ 143.334761][ T39] kauditd_printk_skb: 112 callbacks suppressed [ 143.334772][ T39] audit: type=1326 audit(1729430972.456:2176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8005 comm="syz.1.779" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7fc00000 [ 143.369147][ T8017] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 143.442756][ T8023] netlink: 8 bytes leftover after parsing attributes in process `syz.2.775'. [ 144.297564][ T8026] netlink: 12 bytes leftover after parsing attributes in process `syz.0.776'. [ 144.413151][ T8030] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 144.704422][ T8036] netlink: 12 bytes leftover after parsing attributes in process `syz.2.778'. [ 145.303048][ T8045] netlink: 'syz.0.783': attribute type 1 has an invalid length. [ 145.832435][ T5348] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 145.836863][ T5348] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 145.839409][ T5348] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 145.842596][ T5348] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 145.845499][ T5348] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 145.848334][ T5348] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 146.044435][ T1099] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.055186][ T8056] chnl_net:caif_netlink_parms(): no params data found [ 146.095668][ T8056] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.097712][ T8056] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.099639][ T8056] bridge_slave_0: entered allmulticast mode [ 146.101833][ T8056] bridge_slave_0: entered promiscuous mode [ 146.104744][ T8056] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.106516][ T8056] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.108464][ T8056] bridge_slave_1: entered allmulticast mode [ 146.110481][ T8056] bridge_slave_1: entered promiscuous mode [ 146.130819][ T8056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 146.135160][ T8056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 146.199578][ T1099] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.221097][ T8056] team0: Port device team_slave_0 added [ 146.223965][ T8056] team0: Port device team_slave_1 added [ 146.244751][ T8056] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 146.247129][ T8056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.254936][ T8056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 146.259375][ T8056] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 146.261194][ T8056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.268510][ T8056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 146.277649][ T8069] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 146.292301][ T1099] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.305208][ T8069] overlayfs: missing 'lowerdir' [ 146.305242][ T8056] hsr_slave_0: entered promiscuous mode [ 146.312397][ T8056] hsr_slave_1: entered promiscuous mode [ 146.312551][ T5348] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 146.316897][ T8056] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 146.319495][ T8056] Cannot create hsr debugfs directory [ 146.363239][ T1099] bond0: (slave netdevsim0): Releasing backup interface [ 146.369727][ T1099] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.372126][ T8071] trusted_key: encrypted_key: keylen parameter is missing [ 146.477058][ T5403] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 146.499249][ T8074] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 146.505436][ T1099] bridge_slave_1: left allmulticast mode [ 146.507225][ T1099] bridge_slave_1: left promiscuous mode [ 146.511831][ T1099] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.522512][ T1099] bridge_slave_0: left allmulticast mode [ 146.524014][ T1099] bridge_slave_0: left promiscuous mode [ 146.525517][ T1099] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.645950][ T1099] dvmrp0 (unregistering): left allmulticast mode [ 146.649325][ T5403] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 146.652278][ T5403] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 146.655046][ T5403] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 146.657707][ T5403] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 146.668800][ T5403] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 146.671371][ T5403] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.674248][ T5403] usb 6-1: config 0 descriptor?? [ 146.678549][ T1099] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 146.808123][ T1099] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 146.816056][ T1099] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 146.819951][ T1099] bond0 (unregistering): Released all slaves [ 147.129366][ T5403] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 147.136528][ T5403] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 147.333708][ T1099] hsr_slave_0: left promiscuous mode [ 147.363297][ T1099] hsr_slave_1: left promiscuous mode [ 147.388591][ T1099] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 147.390598][ T1099] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 147.419534][ T1099] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 147.421528][ T1099] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 147.452134][ T1099] veth1_macvtap: left promiscuous mode [ 147.453865][ T1099] veth0_macvtap: left promiscuous mode [ 147.455398][ T1099] veth1_vlan: left promiscuous mode [ 147.456961][ T1099] veth0_vlan: left promiscuous mode [ 147.476173][ T9] usb 6-1: USB disconnect, device number 5 [ 148.070056][ T5348] Bluetooth: hci4: command tx timeout [ 148.155934][ T1099] team0 (unregistering): Port device team_slave_1 removed [ 148.197839][ T8095] netlink: 'syz.1.793': attribute type 1 has an invalid length. [ 148.200665][ T8095] __nla_validate_parse: 2 callbacks suppressed [ 148.200674][ T8095] netlink: 88156 bytes leftover after parsing attributes in process `syz.1.793'. [ 148.250041][ T8097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.794'. [ 148.250212][ T1099] team0 (unregistering): Port device team_slave_0 removed [ 149.202197][ T8103] netlink: 12 bytes leftover after parsing attributes in process `syz.1.795'. [ 149.250979][ T8056] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 149.251941][ T8105] netlink: 12 bytes leftover after parsing attributes in process `syz.0.796'. [ 149.256406][ T8056] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 149.259615][ T8056] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 149.262528][ T8056] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 149.303004][ T8056] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.309715][ T8056] 8021q: adding VLAN 0 to HW filter on device team0 [ 149.319510][ T1213] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.321474][ T1213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.344791][ T1213] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.346657][ T1213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.519073][ T1099] IPVS: stop unused estimator thread 0... [ 149.561575][ T8056] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.598575][ T8056] veth0_vlan: entered promiscuous mode [ 149.610090][ T8056] veth1_vlan: entered promiscuous mode [ 149.638747][ T8056] veth0_macvtap: entered promiscuous mode [ 149.644811][ T8056] veth1_macvtap: entered promiscuous mode [ 149.667244][ T8056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.669906][ T8056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.672451][ T8056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.678408][ T8056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.681124][ T8056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.683853][ T8056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.686828][ T8056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.689601][ T8056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.693176][ T8056] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 149.698411][ T8056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.710692][ T8056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.715410][ T8056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.720888][ T8056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.726130][ T8056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.731662][ T8056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.734871][ T8056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.739842][ T8056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.743713][ T8056] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.751292][ T8056] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.753840][ T8056] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.756461][ T8056] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.760389][ T8056] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.809942][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.812020][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.819765][ T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.822563][ T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.187841][ T8124] netlink: 12 bytes leftover after parsing attributes in process `syz.0.799'. [ 150.218812][ T30] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 150.293895][ T5348] Bluetooth: hci4: command tx timeout [ 150.389849][ T5401] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 150.391311][ T30] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 150.395045][ T30] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 150.397855][ T30] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 150.407619][ T30] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 150.413569][ T30] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 150.415936][ T30] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.422149][ T30] usb 8-1: config 0 descriptor?? [ 150.562868][ T5401] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 150.567351][ T5401] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 150.572213][ T5401] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 150.574704][ T5401] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 150.582022][ T5401] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 150.586448][ T5401] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.594779][ T5401] usb 6-1: config 0 descriptor?? [ 150.883008][ T30] usbhid 8-1:0.0: can't add hid device: -71 [ 150.885140][ T30] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 150.888415][ T30] usb 8-1: USB disconnect, device number 5 [ 151.029963][ T5401] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 151.035395][ T5401] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 151.299122][ T8122] FAULT_INJECTION: forcing a failure. [ 151.299122][ T8122] name failslab, interval 1, probability 0, space 0, times 0 [ 151.302507][ T8122] CPU: 0 UID: 0 PID: 8122 Comm: syz.1.798 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 151.305211][ T8122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 151.307995][ T8122] Call Trace: [ 151.308902][ T8122] [ 151.309684][ T8122] dump_stack_lvl+0x16c/0x1f0 [ 151.310934][ T8122] should_fail_ex+0x497/0x5b0 [ 151.312174][ T8122] ? fs_reclaim_acquire+0xae/0x150 [ 151.313446][ T8122] should_failslab+0xc2/0x120 [ 151.314689][ T8122] __kmalloc_noprof+0xcb/0x410 [ 151.315985][ T8122] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 151.317444][ T8122] tomoyo_realpath_from_path+0xbf/0x710 [ 151.318882][ T8122] ? tomoyo_path_number_perm+0x232/0x5b0 [ 151.320337][ T8122] tomoyo_path_number_perm+0x245/0x5b0 [ 151.321744][ T8122] ? tomoyo_path_number_perm+0x232/0x5b0 [ 151.323338][ T8122] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 151.324923][ T8122] ? trace_lock_acquire+0x14a/0x1d0 [ 151.326293][ T8122] ? lock_acquire+0x2f/0xb0 [ 151.327537][ T8122] ? __fget_files+0x40/0x3f0 [ 151.328758][ T8122] ? __fget_files+0x244/0x3f0 [ 151.329997][ T8122] security_file_ioctl_compat+0x9b/0x240 [ 151.331476][ T8122] __do_compat_sys_ioctl+0x52/0x2b0 [ 151.332836][ T8122] __do_fast_syscall_32+0x73/0x120 [ 151.334172][ T8122] do_fast_syscall_32+0x32/0x80 [ 151.335456][ T8122] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 151.337137][ T8122] RIP: 0023:0xf7f95579 [ 151.338191][ T8122] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 151.343085][ T8122] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 151.345205][ T8122] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000004805 [ 151.347241][ T8122] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 151.349249][ T8122] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 151.351257][ T8122] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 151.353276][ T8122] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 151.355318][ T8122] [ 151.359216][ T57] usb 6-1: USB disconnect, device number 6 [ 151.366336][ T8122] ERROR: Out of memory at tomoyo_realpath_from_path. [ 151.566253][ T8141] netlink: 36 bytes leftover after parsing attributes in process `syz.3.804'. [ 151.939946][ T5401] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 152.207206][ T5401] usb 5-1: Using ep0 maxpacket: 32 [ 152.217628][ T5401] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 152.219848][ T5401] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 152.222037][ T5401] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 152.224311][ T5401] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 152.226729][ T5401] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 152.229577][ T5401] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 152.232881][ T5401] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 152.235200][ T5401] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.243114][ T5401] usb 5-1: config 0 descriptor?? [ 152.309540][ T8145] netlink: 12 bytes leftover after parsing attributes in process `syz.1.806'. [ 152.423775][ T8147] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 152.538754][ T5348] Bluetooth: hci4: command tx timeout [ 153.304861][ T8152] netlink: 12 bytes leftover after parsing attributes in process `syz.1.807'. [ 153.610014][ T5401] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 153.618360][ T5401] usb 5-1: USB disconnect, device number 9 [ 153.623912][ T5401] usblp0: removed [ 154.724890][ T8164] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 154.741200][ T5348] Bluetooth: hci4: command tx timeout [ 155.312053][ T8171] netlink: 'syz.3.812': attribute type 1 has an invalid length. [ 155.314088][ T8171] netlink: 88156 bytes leftover after parsing attributes in process `syz.3.812'. [ 156.077237][ T8178] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 156.283648][ T8184] netlink: 12 bytes leftover after parsing attributes in process `syz.0.815'. [ 156.323006][ T8187] netlink: 12 bytes leftover after parsing attributes in process `syz.1.817'. [ 156.548360][ T5350] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 156.559004][ T5350] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 156.561890][ T5350] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 156.566041][ T5350] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 156.580434][ T5350] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 156.590416][ T5350] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 156.863975][ T8194] chnl_net:caif_netlink_parms(): no params data found [ 157.095265][ T8194] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.103661][ T8194] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.125026][ T8194] bridge_slave_0: entered allmulticast mode [ 157.138376][ T8194] bridge_slave_0: entered promiscuous mode [ 157.199789][ T8194] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.201646][ T8194] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.203560][ T8194] bridge_slave_1: entered allmulticast mode [ 157.205528][ T8194] bridge_slave_1: entered promiscuous mode [ 157.353507][ T8194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.357098][ T8194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.437225][ T8194] team0: Port device team_slave_0 added [ 157.439993][ T8194] team0: Port device team_slave_1 added [ 157.525197][ T8194] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.527045][ T8194] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.541858][ T8194] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.546547][ T8194] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.548379][ T8194] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.557643][ T8209] netlink: 'syz.0.821': attribute type 1 has an invalid length. [ 157.559653][ T8209] netlink: 88156 bytes leftover after parsing attributes in process `syz.0.821'. [ 157.563393][ T8194] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.613508][ T8194] hsr_slave_0: entered promiscuous mode [ 157.615610][ T8194] hsr_slave_1: entered promiscuous mode [ 157.628611][ T8194] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 157.631391][ T8194] Cannot create hsr debugfs directory [ 157.692027][ T8213] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 157.766496][ T5401] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 157.929846][ T8194] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.951771][ T5401] usb 6-1: config 0 has no interfaces? [ 157.953285][ T5401] usb 6-1: New USB device found, idVendor=1668, idProduct=0323, bcdDevice=5f.ca [ 157.955627][ T5401] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.976997][ T5401] usb 6-1: config 0 descriptor?? [ 158.057572][ T8194] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.086053][ T8216] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 158.173584][ T8194] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.222996][ T8206] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.226481][ T8206] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.244249][ T64] usb 6-1: USB disconnect, device number 7 [ 158.269322][ T8194] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.429595][ T8194] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 158.442046][ T8194] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 158.453724][ T8194] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 158.463134][ T8194] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 158.540049][ T8194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.558795][ T8194] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.567644][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.569574][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.613018][ T1213] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.615049][ T1213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.760755][ T5350] Bluetooth: hci5: command tx timeout [ 158.810302][ T8194] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.856361][ T8194] veth0_vlan: entered promiscuous mode [ 158.866421][ T8194] veth1_vlan: entered promiscuous mode [ 158.953427][ T8224] syzkaller0: entered promiscuous mode [ 158.954920][ T8224] syzkaller0: entered allmulticast mode [ 158.961144][ T8194] veth0_macvtap: entered promiscuous mode [ 159.016844][ T8227] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 159.088864][ T8194] veth1_macvtap: entered promiscuous mode [ 159.409010][ T8232] netlink: 12 bytes leftover after parsing attributes in process `syz.3.827'. [ 160.957664][ T8194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.960410][ T8194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.971525][ T8194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.974428][ T8194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.976914][ T8194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.979566][ T8194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.982086][ T8194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.985930][ T8194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.988475][ T8194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.991149][ T8194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.994477][ T8194] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 160.995066][ T5350] Bluetooth: hci5: command tx timeout [ 161.245894][ T8194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.248682][ T8194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.251339][ T8194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.254737][ T8194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.257843][ T8194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.260596][ T8194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.264301][ T8194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.267046][ T8194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.269661][ T8194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.272543][ T8194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.277578][ T8194] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 161.286867][ T8244] netlink: 'syz.3.830': attribute type 1 has an invalid length. [ 161.288840][ T8244] netlink: 88156 bytes leftover after parsing attributes in process `syz.3.830'. [ 161.302519][ T8194] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.307106][ T8194] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.310269][ T8194] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.312881][ T8194] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.447302][ T8245] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 161.722594][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.724697][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.762248][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.766794][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.911352][ T8255] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 162.288619][ T1424] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 162.464158][ T1424] usb 7-1: config 0 has no interfaces? [ 162.465627][ T1424] usb 7-1: New USB device found, idVendor=1668, idProduct=0323, bcdDevice=5f.ca [ 162.468199][ T1424] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.476180][ T1424] usb 7-1: config 0 descriptor?? [ 162.713610][ T8257] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.727321][ T8257] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 162.756522][ T1424] usb 7-1: USB disconnect, device number 9 [ 162.900205][ T8265] netlink: 12 bytes leftover after parsing attributes in process `syz.3.836'. [ 163.207942][ T5348] Bluetooth: hci5: command tx timeout [ 163.689156][ T9] usb 7-1: new low-speed USB device number 10 using dummy_hcd [ 163.822648][ T8274] netlink: 12 bytes leftover after parsing attributes in process `syz.3.839'. [ 163.851378][ T9] usb 7-1: No LPM exit latency info found, disabling LPM. [ 163.856335][ T9] usb 7-1: config 0 has an invalid interface number: 150 but max is 0 [ 163.859191][ T9] usb 7-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 163.862331][ T9] usb 7-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 163.865099][ T9] usb 7-1: config 0 has no interface number 0 [ 163.866755][ T9] usb 7-1: config 0 interface 150 altsetting 3 endpoint 0x7 has invalid maxpacket 64, setting to 8 [ 163.869806][ T9] usb 7-1: config 0 interface 150 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 15 [ 163.873926][ T9] usb 7-1: config 0 interface 150 has no altsetting 0 [ 164.749192][ T5350] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 164.812338][ T39] audit: type=1326 audit(1729430992.548:2177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8259 comm="syz.0.834" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 164.887078][ T5348] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 164.893142][ T45] Bluetooth: hci6: Frame reassembly failed (-84) [ 164.928071][ T8284] FAULT_INJECTION: forcing a failure. [ 164.928071][ T8284] name failslab, interval 1, probability 0, space 0, times 0 [ 164.931657][ T8284] CPU: 1 UID: 0 PID: 8284 Comm: syz.0.843 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 164.935198][ T8284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 164.937994][ T8284] Call Trace: [ 164.939137][ T8284] [ 164.940156][ T8284] dump_stack_lvl+0x16c/0x1f0 [ 164.941782][ T8284] should_fail_ex+0x497/0x5b0 [ 164.943208][ T8284] ? fs_reclaim_acquire+0xae/0x150 [ 164.944580][ T8284] should_failslab+0xc2/0x120 [ 164.945833][ T8284] __kmalloc_node_noprof+0xd1/0x440 [ 164.947219][ T8284] ? __vmalloc_node_range_noprof+0x3d8/0x15a0 [ 164.948829][ T8284] __vmalloc_node_range_noprof+0x3d8/0x15a0 [ 164.950427][ T8284] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 164.951874][ T8284] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 164.954006][ T8284] ? __pfx___lock_acquire+0x10/0x10 [ 164.955907][ T8284] ? __pfx_aa_get_newest_label+0x10/0x10 [ 164.957840][ T8284] ? __pfx___lock_acquire+0x10/0x10 [ 164.959640][ T8284] ? __pfx_mark_lock+0x10/0x10 [ 164.961302][ T8284] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 164.963218][ T8284] __vmalloc_noprof+0x6d/0x90 [ 164.964842][ T8284] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 164.966725][ T8284] bpf_prog_alloc_no_stats+0x54/0x5e0 [ 164.968549][ T8284] ? security_capable+0x7e/0x260 [ 164.970235][ T8284] bpf_prog_alloc+0x3b/0x230 [ 164.971847][ T8284] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 164.973853][ T8284] bpf_prog_load+0x1b4e/0x2670 [ 164.975505][ T8284] ? __pfx_mark_lock+0x10/0x10 [ 164.977142][ T8284] ? __pfx_bpf_prog_load+0x10/0x10 [ 164.978877][ T8284] ? find_held_lock+0x2d/0x110 [ 164.980518][ T8284] __sys_bpf+0x4c8c/0x5780 [ 164.982043][ T8284] ? ksys_write+0x21e/0x260 [ 164.983620][ T8284] ? __pfx___sys_bpf+0x10/0x10 [ 164.985268][ T8284] ? lock_acquire.part.0+0x11b/0x380 [ 164.987076][ T8284] ? find_held_lock+0x2d/0x110 [ 164.988641][ T8284] ? bpf_trace_run2+0x266/0x590 [ 164.990241][ T8284] ? __pfx_lock_release+0x10/0x10 [ 164.991550][ T8284] ? __pfx_bpf_trace_run2+0x10/0x10 [ 164.992915][ T8284] ? fput+0x30/0x390 [ 164.993906][ T8284] ? __pfx_ksys_write+0x10/0x10 [ 164.995352][ T8284] __ia32_sys_bpf+0x76/0xe0 [ 164.996981][ T8284] __do_fast_syscall_32+0x73/0x120 [ 164.998776][ T8284] do_fast_syscall_32+0x32/0x80 [ 165.000096][ T8284] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 165.001736][ T8284] RIP: 0023:0xf7f34579 [ 165.002866][ T8284] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 165.008174][ T8284] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 165.010330][ T8284] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000200002c0 [ 165.012370][ T8284] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 165.014444][ T8284] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 165.016471][ T8284] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 165.018514][ T8284] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 165.020561][ T8284] [ 165.022207][ T8284] syz.0.843: vmalloc error: size 4096, failed to allocated page array size 8, mode:0x500dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 165.027322][ T8284] CPU: 1 UID: 0 PID: 8284 Comm: syz.0.843 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 165.030035][ T8284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 165.032818][ T8284] Call Trace: [ 165.033880][ T8284] [ 165.034669][ T8284] dump_stack_lvl+0x16c/0x1f0 [ 165.035905][ T8284] warn_alloc+0x24d/0x3a0 [ 165.037046][ T8284] ? __pfx_warn_alloc+0x10/0x10 [ 165.038328][ T8284] ? dump_stack_lvl+0x197/0x1f0 [ 165.039600][ T8284] ? dump_stack_lvl+0x1a1/0x1f0 [ 165.040875][ T8284] ? should_fail_ex+0x2de/0x5b0 [ 165.042181][ T8284] ? rcu_is_watching+0x12/0xc0 [ 165.043600][ T8284] ? trace_kmalloc+0x2d/0xe0 [ 165.045080][ T8284] ? __kmalloc_node_noprof+0x22f/0x440 [ 165.046834][ T8284] __vmalloc_node_range_noprof+0x114a/0x15a0 [ 165.048408][ T8284] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 165.049849][ T8284] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 165.051497][ T8284] ? __pfx___lock_acquire+0x10/0x10 [ 165.052868][ T8284] ? __pfx_aa_get_newest_label+0x10/0x10 [ 165.054757][ T8284] ? __pfx___lock_acquire+0x10/0x10 [ 165.056574][ T8284] ? __pfx_mark_lock+0x10/0x10 [ 165.058290][ T8284] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 165.060244][ T8284] __vmalloc_noprof+0x6d/0x90 [ 165.061919][ T8284] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 165.063829][ T8284] bpf_prog_alloc_no_stats+0x54/0x5e0 [ 165.065229][ T8284] ? security_capable+0x7e/0x260 [ 165.066544][ T8284] bpf_prog_alloc+0x3b/0x230 [ 165.067997][ T8284] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 165.070190][ T8284] bpf_prog_load+0x1b4e/0x2670 [ 165.071511][ T8284] ? __pfx_mark_lock+0x10/0x10 [ 165.072760][ T8284] ? __pfx_bpf_prog_load+0x10/0x10 [ 165.074121][ T8284] ? find_held_lock+0x2d/0x110 [ 165.075389][ T8284] __sys_bpf+0x4c8c/0x5780 [ 165.076555][ T8284] ? ksys_write+0x21e/0x260 [ 165.077737][ T8284] ? __pfx___sys_bpf+0x10/0x10 [ 165.078992][ T8284] ? lock_acquire.part.0+0x11b/0x380 [ 165.080373][ T8284] ? find_held_lock+0x2d/0x110 [ 165.081617][ T8284] ? bpf_trace_run2+0x266/0x590 [ 165.082944][ T8284] ? __pfx_lock_release+0x10/0x10 [ 165.084792][ T8284] ? __pfx_bpf_trace_run2+0x10/0x10 [ 165.086707][ T8284] ? fput+0x30/0x390 [ 165.088157][ T8284] ? __pfx_ksys_write+0x10/0x10 [ 165.089695][ T8284] __ia32_sys_bpf+0x76/0xe0 [ 165.090914][ T8284] __do_fast_syscall_32+0x73/0x120 [ 165.092250][ T8284] do_fast_syscall_32+0x32/0x80 [ 165.093553][ T8284] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 165.095194][ T8284] RIP: 0023:0xf7f34579 [ 165.096264][ T8284] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 165.101202][ T8284] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 165.103589][ T8284] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000200002c0 [ 165.106450][ T8284] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 165.109255][ T8284] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 165.111308][ T8284] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 165.113540][ T8284] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 165.116205][ T8284] [ 165.125687][ T8284] Mem-Info: [ 165.126646][ T8284] active_anon:11692 inactive_anon:125 isolated_anon:0 [ 165.126646][ T8284] active_file:5909 inactive_file:46937 isolated_file:0 [ 165.126646][ T8284] unevictable:768 dirty:51 writeback:0 [ 165.126646][ T8284] slab_reclaimable:7615 slab_unreclaimable:59610 [ 165.126646][ T8284] mapped:27643 shmem:6065 pagetables:761 [ 165.126646][ T8284] sec_pagetables:312 bounce:0 [ 165.126646][ T8284] kernel_misc_reclaimable:0 [ 165.126646][ T8284] free:41968 free_pcp:3044 free_cma:0 [ 165.138501][ T8284] Node 0 active_anon:356kB inactive_anon:500kB active_file:752kB inactive_file:12kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:5312kB dirty:36kB writeback:0kB shmem:1548kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9392kB pagetables:1208kB sec_pagetables:1188kB all_unreclaimable? yes [ 165.147114][ T8284] Node 1 active_anon:46412kB inactive_anon:0kB active_file:22884kB inactive_file:187736kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:105260kB dirty:168kB writeback:0kB shmem:22712kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:2332kB pagetables:1836kB sec_pagetables:60kB all_unreclaimable? no [ 165.155887][ T8284] Node 0 DMA free:1296kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:24kB inactive_file:0kB unevictable:0kB writepending:4kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:132kB local_pcp:44kB free_cma:0kB [ 165.162971][ T8284] lowmem_reserve[]: 0 273 0 0 0 [ 165.164547][ T8284] Node 0 DMA32 free:21972kB boost:0kB min:13904kB low:17380kB high:20856kB reserved_highatomic:4096KB active_anon:356kB inactive_anon:500kB active_file:728kB inactive_file:12kB unevictable:1536kB writepending:4kB present:1032196kB managed:306284kB mlocked:0kB bounce:0kB free_pcp:1892kB local_pcp:1336kB free_cma:0kB [ 165.172117][ T8284] lowmem_reserve[]: 0 0 0 0 0 [ 165.173589][ T8284] Node 1 DMA32 free:144604kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:46412kB inactive_anon:0kB active_file:22884kB inactive_file:187736kB unevictable:1536kB writepending:248kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:10152kB local_pcp:8328kB free_cma:0kB [ 165.187484][ T8284] lowmem_reserve[]: 0 0 0 0 0 [ 165.188760][ T8284] Node 0 DMA: 52*4kB (UE) 21*8kB (UE) 14*16kB (UE) 22*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 1304kB [ 165.192248][ T8284] Node 0 DMA32: 134*4kB (UMEH) 142*8kB (UMEH) 90*16kB (UMEH) 162*32kB (UMEH) 93*64kB (UMEH) 9*128kB (UME) 7*256kB (ME) 7*512kB (UME) 1*1024kB (M) 0*2048kB 0*4096kB = 21800kB [ 165.196873][ T8284] Node 1 DMA32: 59*4kB (UME) 94*8kB (UME) 190*16kB (UME) 46*32kB (UME) 95*64kB (UME) 54*128kB (UME) 31*256kB (UME) 29*512kB (ME) 11*1024kB (ME) 11*2048kB (UME) 17*4096kB (UM) = 144700kB [ 165.201638][ T8284] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 165.204239][ T8284] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 165.206621][ T8284] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 165.209237][ T8284] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 165.211615][ T8284] 59093 total pagecache pages [ 165.212847][ T8284] 192 pages in swap cache [ 165.213981][ T8284] Free swap = 116068kB [ 165.215068][ T8284] Total swap = 124996kB [ 165.216147][ T8284] 524155 pages RAM [ 165.217155][ T8284] 0 pages HighMem/MovableOnly [ 165.218485][ T8284] 206681 pages reserved [ 165.219563][ T8284] 0 pages cma reserved [ 165.342993][ T8287] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 165.431679][ T5348] Bluetooth: hci5: command tx timeout [ 166.405425][ T8296] netlink: 'syz.0.847': attribute type 1 has an invalid length. [ 166.407496][ T8296] netlink: 88156 bytes leftover after parsing attributes in process `syz.0.847'. [ 166.496656][ T8298] netlink: 12 bytes leftover after parsing attributes in process `syz.0.848'. [ 166.690410][ T9] usb 7-1: New USB device found, idVendor=1b3d, idProduct=0140, bcdDevice=81.d0 [ 166.692796][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.699773][ T9] usb 7-1: Product: 늄짽颦荨넌涢㸴朥평샤斘袣煙ț [ 166.706251][ T5348] Bluetooth: hci3: connection err: -111 [ 166.710380][ T9] usb 7-1: Manufacturer: Ж [ 166.731869][ T9] usb 7-1: config 0 descriptor?? [ 166.733789][ T9] usb 7-1: can't set config #0, error -71 [ 166.744044][ T9] usb 7-1: USB disconnect, device number 10 [ 167.068333][ T5350] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 167.068484][ T5357] Bluetooth: hci6: command 0x1003 tx timeout [ 167.212251][ T39] audit: type=1326 audit(1729430994.784:2178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.3.841" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7fc00000 [ 167.377969][ T8311] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 168.131165][ T8326] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 168.138466][ T5350] Bluetooth: hci1: connection err: -111 [ 168.960669][ T8332] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 169.125951][ T8336] 9pnet_fd: Insufficient options for proto=fd [ 169.140663][ T8336] bond0: entered promiscuous mode [ 169.152457][ T8336] bond_slave_0: entered promiscuous mode [ 169.154500][ T8336] bond_slave_1: entered promiscuous mode [ 169.465732][ T8344] netlink: 12 bytes leftover after parsing attributes in process `syz.1.859'. [ 169.547746][ T8346] netlink: 12 bytes leftover after parsing attributes in process `syz.2.860'. [ 170.689614][ T8363] syz.1.865: attempt to access beyond end of device [ 170.689614][ T8363] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 170.710343][ T5357] Bluetooth: hci1: connection err: -111 [ 170.765054][ T8363] kvm: kvm [8360]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x4000004a) [ 171.359126][ T8392] netlink: 12 bytes leftover after parsing attributes in process `syz.1.873'. [ 172.163545][ T8398] netlink: 'syz.0.882': attribute type 1 has an invalid length. [ 172.166385][ T8398] netlink: 88156 bytes leftover after parsing attributes in process `syz.0.882'. [ 172.267916][ T8400] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 173.054159][ T5350] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 173.193806][ T39] audit: type=1326 audit(1729431000.387:2179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8375 comm="syz.3.869" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7fc00000 [ 173.530842][ T8420] netlink: 12 bytes leftover after parsing attributes in process `syz.1.879'. [ 173.589211][ T5350] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 173.591292][ T45] Bluetooth: hci6: Frame reassembly failed (-84) [ 173.594836][ T1097] Bluetooth: hci6: Frame reassembly failed (-84) [ 173.853028][ T8430] netlink: 'syz.0.883': attribute type 1 has an invalid length. [ 173.855189][ T8432] netlink: 'syz.2.885': attribute type 1 has an invalid length. [ 173.855702][ T8430] netlink: 88156 bytes leftover after parsing attributes in process `syz.0.883'. [ 173.861766][ T8432] netlink: 88156 bytes leftover after parsing attributes in process `syz.2.885'. [ 174.296612][ T8442] No control pipe specified [ 174.329645][ T8442] overlayfs: failed to get index nlink (file1/file0, err=-61) [ 175.125165][ T8459] netlink: 'syz.2.893': attribute type 1 has an invalid length. [ 175.128342][ T8459] netlink: 88156 bytes leftover after parsing attributes in process `syz.2.893'. [ 175.279462][ T8461] syz.0.894: attempt to access beyond end of device [ 175.279462][ T8461] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 175.305656][ T8464] netlink: 'syz.2.895': attribute type 1 has an invalid length. [ 175.308553][ T8464] netlink: 88156 bytes leftover after parsing attributes in process `syz.2.895'. [ 175.339918][ T8461] kvm: kvm [8460]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x4000004a) [ 175.780170][ T5357] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 175.847230][ T39] audit: type=1326 audit(1729431002.866:2180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8417 comm="syz.3.878" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7fc00000 [ 175.907906][ T8478] netlink: 12 bytes leftover after parsing attributes in process `syz.3.897'. [ 176.065047][ T8484] FAULT_INJECTION: forcing a failure. [ 176.065047][ T8484] name failslab, interval 1, probability 0, space 0, times 0 [ 176.069158][ T8484] CPU: 3 UID: 0 PID: 8484 Comm: syz.0.899 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 176.071939][ T8484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 176.075568][ T8484] Call Trace: [ 176.076799][ T8484] [ 176.077888][ T8484] dump_stack_lvl+0x16c/0x1f0 [ 176.079615][ T8484] should_fail_ex+0x497/0x5b0 [ 176.081231][ T8484] ? fs_reclaim_acquire+0xae/0x150 [ 176.083045][ T8484] should_failslab+0xc2/0x120 [ 176.084727][ T8484] __kmalloc_noprof+0xcb/0x410 [ 176.086445][ T8484] ? tomoyo_realpath_from_path+0x1b7/0x710 [ 176.088502][ T8484] tomoyo_realpath_from_path+0xbf/0x710 [ 176.090206][ T8484] ? tomoyo_fill_path_info+0x233/0x420 [ 176.091698][ T8484] tomoyo_path2_perm+0x369/0x760 [ 176.093058][ T8484] ? __pfx_tomoyo_path2_perm+0x10/0x10 [ 176.094604][ T8484] ? d_splice_alias+0x4d2/0xdf0 [ 176.095889][ T8484] ? current_check_refer_path+0x2be/0x710 [ 176.097363][ T8484] ? __pfx_current_check_refer_path+0x10/0x10 [ 176.098949][ T8484] tomoyo_path_rename+0x102/0x1b0 [ 176.100258][ T8484] ? __pfx_tomoyo_path_rename+0x10/0x10 [ 176.101683][ T8484] ? _raw_spin_unlock+0x28/0x50 [ 176.102994][ T8484] security_path_rename+0x18e/0x3c0 [ 176.104558][ T8484] do_renameat2+0x7a0/0xdd0 [ 176.105700][ T8484] ? __pfx_do_renameat2+0x10/0x10 [ 176.107005][ T8484] ? trace_lock_acquire+0x14a/0x1d0 [ 176.108346][ T8484] ? lock_acquire+0x2f/0xb0 [ 176.109525][ T8484] ? __might_fault+0xe3/0x190 [ 176.110750][ T8484] ? __might_fault+0xe3/0x190 [ 176.111971][ T8484] ? getname_flags.part.0+0x1c5/0x550 [ 176.113526][ T8484] __ia32_sys_rename+0x7c/0xa0 [ 176.114769][ T8484] __do_fast_syscall_32+0x73/0x120 [ 176.116091][ T8484] do_fast_syscall_32+0x32/0x80 [ 176.117351][ T8484] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 176.119048][ T8484] RIP: 0023:0xf7f34579 [ 176.120126][ T8484] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 176.125075][ T8484] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000026 [ 176.127333][ T8484] RAX: ffffffffffffffda RBX: 0000000020000400 RCX: 0000000020000f00 [ 176.129352][ T8484] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 176.131393][ T8484] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 176.133687][ T8484] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 176.136386][ T8484] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 176.139288][ T8484] [ 176.146216][ T8484] ERROR: Out of memory at tomoyo_realpath_from_path. [ 176.446096][ T8496] netlink: 'syz.1.903': attribute type 1 has an invalid length. [ 176.448361][ T8496] netlink: 88156 bytes leftover after parsing attributes in process `syz.1.903'. [ 176.628019][ T8499] netlink: 'syz.1.904': attribute type 1 has an invalid length. [ 176.636608][ T8499] netlink: 88156 bytes leftover after parsing attributes in process `syz.1.904'. [ 177.067425][ T8509] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 177.171459][ T45] Bluetooth: hci6: Frame reassembly failed (-84) [ 177.183672][ T5357] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 177.197519][ T8513] netlink: 'syz.3.908': attribute type 10 has an invalid length. [ 177.428714][ T8513] team0: Port device wlan1 added [ 178.269573][ T8522] netlink: 12 bytes leftover after parsing attributes in process `syz.1.910'. [ 178.385846][ T8525] netlink: 12 bytes leftover after parsing attributes in process `syz.3.911'. [ 179.336602][ T8531] netlink: 12 bytes leftover after parsing attributes in process `syz.1.920'. [ 179.356460][ T8533] netlink: 12 bytes leftover after parsing attributes in process `syz.3.912'. [ 179.372180][ T5350] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 179.372463][ T5357] Bluetooth: hci6: command 0x1003 tx timeout [ 179.447652][ T39] audit: type=1326 audit(1729431006.233:2181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8508 comm="syz.0.907" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 179.728263][ T8548] netlink: 12 bytes leftover after parsing attributes in process `syz.0.916'. [ 180.448721][ T8562] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 181.125390][ T830] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 181.211552][ T8569] netlink: 12 bytes leftover after parsing attributes in process `syz.2.922'. [ 181.309054][ T830] usb 5-1: Using ep0 maxpacket: 32 [ 181.326433][ T830] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 181.341497][ T830] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 181.344826][ T830] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 181.346957][ T830] usb 5-1: Product: syz [ 181.348072][ T830] usb 5-1: Manufacturer: syz [ 181.361582][ T830] usb 5-1: SerialNumber: syz [ 181.365176][ T830] usb 5-1: config 0 descriptor?? [ 181.366951][ T8567] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 181.592812][ T830] usb 5-1: USB disconnect, device number 10 [ 182.087517][ T830] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 182.229096][ T8583] netlink: 188 bytes leftover after parsing attributes in process `syz.2.925'. [ 182.231449][ T8583] netlink: 'syz.2.925': attribute type 1 has an invalid length. [ 182.280481][ T830] usb 5-1: too many configurations: 13, using maximum allowed: 8 [ 182.294242][ T830] usb 5-1: config 0 has no interfaces? [ 182.296593][ T830] usb 5-1: config 0 has no interfaces? [ 182.299208][ T830] usb 5-1: config 0 has no interfaces? [ 182.302435][ T830] usb 5-1: config 0 has no interfaces? [ 182.304884][ T830] usb 5-1: config 0 has no interfaces? [ 182.307237][ T830] usb 5-1: config 0 has no interfaces? [ 182.310371][ T830] usb 5-1: config 0 has no interfaces? [ 182.313030][ T830] usb 5-1: config 0 has no interfaces? [ 182.321160][ T830] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 182.333816][ T830] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.344078][ T830] usb 5-1: Product: syz [ 182.345697][ T830] usb 5-1: Manufacturer: syz [ 182.356087][ T830] usb 5-1: SerialNumber: syz [ 182.369639][ T830] usb 5-1: config 0 descriptor?? [ 182.625437][ T5401] usb 5-1: USB disconnect, device number 11 [ 182.858789][ T8590] netlink: 12 bytes leftover after parsing attributes in process `syz.1.927'. [ 183.214380][ T8596] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 183.278119][ T8598] netlink: 12 bytes leftover after parsing attributes in process `syz.2.929'. [ 183.327600][ T57] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 183.509307][ T57] usb 5-1: Using ep0 maxpacket: 32 [ 183.520730][ T57] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 183.525085][ T57] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 183.527555][ T57] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 183.529620][ T57] usb 5-1: Product: syz [ 183.531082][ T57] usb 5-1: Manufacturer: syz [ 183.532399][ T57] usb 5-1: SerialNumber: syz [ 183.535709][ T57] usb 5-1: config 0 descriptor?? [ 183.537500][ T8567] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 183.765056][ T9] usb 5-1: USB disconnect, device number 12 [ 184.357871][ T8611] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 184.761587][ T8615] netlink: 12 bytes leftover after parsing attributes in process `syz.3.934'. [ 185.873861][ T8625] netlink: 12 bytes leftover after parsing attributes in process `syz.2.938'. [ 187.113692][ T78] Bluetooth: hci6: Frame reassembly failed (-84) [ 187.113741][ T5357] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 187.685816][ T8660] netlink: 12 bytes leftover after parsing attributes in process `syz.1.945'. [ 187.899988][ T8664] netlink: 'syz.3.946': attribute type 1 has an invalid length. [ 187.902051][ T8664] netlink: 88156 bytes leftover after parsing attributes in process `syz.3.946'. [ 188.075036][ T8677] netlink: 'syz.3.957': attribute type 1 has an invalid length. [ 188.077062][ T8677] netlink: 88156 bytes leftover after parsing attributes in process `syz.3.957'. [ 188.083324][ T8669] vivid-000: disconnect [ 188.089316][ T8668] vivid-000: reconnect [ 188.147250][ T8679] netlink: 12 bytes leftover after parsing attributes in process `syz.0.950'. [ 188.543349][ T5357] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 188.546135][ T5357] CPU: 2 UID: 0 PID: 5357 Comm: kworker/u33:8 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 188.548927][ T5357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 188.551726][ T5357] Workqueue: hci4 hci_rx_work [ 188.552971][ T5357] Call Trace: [ 188.553852][ T5357] [ 188.554667][ T5357] dump_stack_lvl+0x16c/0x1f0 [ 188.555948][ T5357] sysfs_warn_dup+0x7f/0xa0 [ 188.557145][ T5357] sysfs_create_dir_ns+0x24d/0x2b0 [ 188.558501][ T5357] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 188.559962][ T5357] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 188.561451][ T5357] ? kobject_add_internal+0x12d/0x990 [ 188.562888][ T5357] ? do_raw_spin_unlock+0x172/0x230 [ 188.564251][ T5357] kobject_add_internal+0x2c8/0x990 [ 188.565609][ T5357] kobject_add+0x16f/0x240 [ 188.566796][ T5357] ? __pfx_kobject_add+0x10/0x10 [ 188.568088][ T5357] ? class_to_subsys+0x3e/0x160 [ 188.569364][ T5357] ? do_raw_spin_unlock+0x172/0x230 [ 188.570738][ T5357] ? kobject_put+0xab/0x5a0 [ 188.571934][ T5357] device_add+0x289/0x1a70 [ 188.573117][ T5357] ? __pfx_dev_set_name+0x10/0x10 [ 188.574423][ T5357] ? __pfx_device_add+0x10/0x10 [ 188.575694][ T5357] ? mgmt_send_event_skb+0x2f2/0x460 [ 188.577075][ T5357] hci_conn_add_sysfs+0x17e/0x230 [ 188.578409][ T5357] le_conn_complete_evt+0xfc7/0x1cf0 [ 188.579781][ T5357] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 188.581239][ T5357] ? trace_contention_end+0xea/0x140 [ 188.582657][ T5357] ? __mutex_lock+0x1a6/0x9c0 [ 188.583895][ T5357] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 188.585436][ T5357] ? skb_pull_data+0x166/0x210 [ 188.586774][ T5357] hci_le_meta_evt+0x2e2/0x5d0 [ 188.588031][ T5357] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 188.589694][ T5357] hci_event_packet+0x666/0x1190 [ 188.591008][ T5357] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 188.592390][ T5357] ? __pfx_hci_event_packet+0x10/0x10 [ 188.593793][ T5357] ? mark_held_locks+0x9f/0xe0 [ 188.595077][ T5357] ? kcov_remote_start+0x3cf/0x6e0 [ 188.596445][ T5357] ? lockdep_hardirqs_on+0x7c/0x110 [ 188.597794][ T5357] hci_rx_work+0x2c6/0x16c0 [ 188.598996][ T5357] ? lock_acquire+0x2f/0xb0 [ 188.600186][ T5357] ? process_one_work+0x8bb/0x1b30 [ 188.601532][ T5357] process_one_work+0x958/0x1b30 [ 188.602864][ T5357] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 188.604332][ T5357] ? __pfx_process_one_work+0x10/0x10 [ 188.605733][ T5357] ? assign_work+0x1a0/0x250 [ 188.606970][ T5357] worker_thread+0x6c8/0xf00 [ 188.608193][ T5357] ? __kthread_parkme+0x148/0x220 [ 188.609508][ T5357] ? __pfx_worker_thread+0x10/0x10 [ 188.610860][ T5357] kthread+0x2c1/0x3a0 [ 188.611927][ T5357] ? _raw_spin_unlock_irq+0x23/0x50 [ 188.613288][ T5357] ? __pfx_kthread+0x10/0x10 [ 188.614519][ T5357] ret_from_fork+0x45/0x80 [ 188.615725][ T5357] ? __pfx_kthread+0x10/0x10 [ 188.616935][ T5357] ret_from_fork_asm+0x1a/0x30 [ 188.618210][ T5357] [ 188.619417][ T5357] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 188.623008][ T5357] Bluetooth: hci4: failed to register connection device [ 189.192490][ T5348] Bluetooth: hci3: connection err: -111 [ 189.293030][ T5350] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 189.399966][ T39] audit: type=1326 audit(1729431015.540:2182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8653 comm="syz.2.943" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7fc00000 [ 190.151785][ T8710] binder: 8708:8710 ioctl f501 0 returned -22 [ 190.270273][ T8720] netlink: 12 bytes leftover after parsing attributes in process `syz.2.963'. [ 190.281848][ T8716] netlink: 'syz.3.961': attribute type 1 has an invalid length. [ 190.283919][ T8716] netlink: 88156 bytes leftover after parsing attributes in process `syz.3.961'. [ 190.526274][ T5350] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 190.528499][ T11] Bluetooth: hci6: Frame reassembly failed (-84) [ 190.533154][ T11] Bluetooth: hci6: Frame reassembly failed (-84) [ 190.535676][ T11] Bluetooth: hci6: Frame reassembly failed (-84) [ 190.537419][ T11] Bluetooth: hci6: Frame reassembly failed (-84) [ 190.544639][ T11] Bluetooth: hci6: Frame reassembly failed (-84) [ 190.772438][ T39] audit: type=1326 audit(1729431016.822:2183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8726 comm="syz.0.965" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x0 [ 190.843156][ T5350] Bluetooth: hci4: command tx timeout [ 190.948489][ T5350] Bluetooth: hci3: connection err: -111 [ 191.243590][ T8738] netlink: 64 bytes leftover after parsing attributes in process `syz.2.968'. [ 191.727918][ T8753] netlink: 'syz.2.972': attribute type 1 has an invalid length. [ 191.729977][ T8753] netlink: 88156 bytes leftover after parsing attributes in process `syz.2.972'. [ 192.190468][ T8767] netlink: 12 bytes leftover after parsing attributes in process `syz.1.976'. [ 192.498873][ T8772] netlink: 28 bytes leftover after parsing attributes in process `syz.0.977'. [ 192.713999][ T5348] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 192.811381][ T39] audit: type=1326 audit(1729431018.721:2184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8722 comm="syz.3.964" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7fc00000 [ 192.998240][ T8777] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 193.078847][ T8778] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 193.272500][ T5357] Bluetooth: hci3: connection err: -111 [ 193.962078][ T8788] netlink: 'syz.0.982': attribute type 1 has an invalid length. [ 193.964140][ T8788] netlink: 88156 bytes leftover after parsing attributes in process `syz.0.982'. [ 194.416365][ T8796] netlink: 4 bytes leftover after parsing attributes in process `syz.0.985'. [ 194.484809][ T8800] netlink: 12 bytes leftover after parsing attributes in process `syz.1.988'. [ 194.536235][ T5348] Bluetooth: hci6: sending frame failed (-49) [ 194.539420][ T5357] Bluetooth: hci6: Opcode 0x1003 failed: -49 [ 194.581172][ T8802] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 194.655837][ T8806] netlink: 12 bytes leftover after parsing attributes in process `syz.2.989'. [ 195.583959][ T8815] netlink: 'syz.0.991': attribute type 1 has an invalid length. [ 195.586539][ T8815] netlink: 88156 bytes leftover after parsing attributes in process `syz.0.991'. [ 195.592922][ T39] audit: type=1326 audit(1729431021.330:2185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8793 comm="syz.3.986" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7fc00000 [ 195.673003][ T8819] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1000'. [ 196.028663][ T8832] netlink: 'syz.0.995': attribute type 21 has an invalid length. [ 196.419878][ T5357] Bluetooth: hci1: connection err: -111 [ 197.258350][ T5357] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 197.260858][ T78] Bluetooth: hci6: Frame reassembly failed (-84) [ 197.637335][ T8854] netlink: 'syz.0.1002': attribute type 1 has an invalid length. [ 197.639607][ T8854] netlink: 88156 bytes leftover after parsing attributes in process `syz.0.1002'. [ 198.052031][ T8861] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 198.124169][ T8862] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 198.251921][ T8865] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1006'. [ 199.091306][ T8871] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1007'. [ 199.294872][ T39] audit: type=1804 audit(1729431024.791:2186): pid=8877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1009" name="/newroot/43/file0/bus" dev="9p" ino=36317161 res=1 errno=0 [ 199.470457][ T5357] Bluetooth: hci6: command 0x1003 tx timeout [ 199.470691][ T5348] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 199.535722][ T39] audit: type=1326 audit(1729431025.025:2187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8850 comm="syz.3.1001" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7fc00000 [ 199.608088][ T8886] netlink: 'syz.3.1011': attribute type 1 has an invalid length. [ 199.610380][ T8886] netlink: 88156 bytes leftover after parsing attributes in process `syz.3.1011'. [ 199.710754][ T8888] input: syz0 as /devices/virtual/input/input11 [ 199.746169][ T8888] netlink: 'syz.3.1012': attribute type 8 has an invalid length. [ 199.753775][ T8888] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 199.768482][ T8888] sp0: Synchronizing with TNC [ 199.781420][ T8888] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1012'. [ 199.910542][ T1376] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.912827][ T1376] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.496623][ T8897] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 200.575771][ T8900] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 201.059493][ T8906] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 201.094302][ T8906] kvm: pic: non byte read [ 201.103168][ T8906] kvm: pic: level sensitive irq not supported [ 201.105892][ T8906] kvm: pic: non byte read [ 201.116566][ T8906] kvm: pic: level sensitive irq not supported [ 201.118699][ T8906] kvm: pic: non byte read [ 201.124323][ T8906] kvm: pic: level sensitive irq not supported [ 201.126618][ T8906] kvm: pic: non byte read [ 201.155374][ T8906] netlink: 'syz.2.1018': attribute type 11 has an invalid length. [ 201.226032][ T1099] Bluetooth: hci6: Frame reassembly failed (-84) [ 201.235971][ T5357] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 201.435147][ T8914] netlink: 'syz.2.1020': attribute type 1 has an invalid length. [ 201.437629][ T8914] netlink: 88156 bytes leftover after parsing attributes in process `syz.2.1020'. [ 201.605944][ T8916] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1021'. [ 202.913268][ T8933] orangefs_mount: mount request failed with -4 [ 202.962719][ T8935] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1028'. [ 202.989371][ T8939] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1030'. [ 203.087936][ T8937] netlink: 'syz.1.1029': attribute type 1 has an invalid length. [ 203.090791][ T8937] netlink: 88156 bytes leftover after parsing attributes in process `syz.1.1029'. [ 203.404708][ T5348] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 203.452914][ T8951] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1032'. [ 203.496412][ T39] audit: type=1326 audit(1729431028.720:2188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8909 comm="syz.0.1019" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 204.285507][ T8976] pimreg: entered allmulticast mode [ 204.288197][ T8976] pimreg: left allmulticast mode [ 204.633399][ T8984] team0: entered promiscuous mode [ 204.635124][ T8984] team_slave_0: entered promiscuous mode [ 204.636728][ T8984] team_slave_1: entered promiscuous mode [ 204.639698][ T8983] team0: left promiscuous mode [ 204.641269][ T8983] team_slave_0: left promiscuous mode [ 204.643036][ T8983] team_slave_1: left promiscuous mode [ 204.688592][ T8986] netlink: 'syz.0.1039': attribute type 1 has an invalid length. [ 204.690863][ T8986] netlink: 88156 bytes leftover after parsing attributes in process `syz.0.1039'. [ 204.723842][ T8988] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1042'. [ 205.110251][ T1097] Bluetooth: hci6: Frame reassembly failed (-84) [ 205.110418][ T5357] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 206.468028][ T5357] Bluetooth: hci1: connection err: -111 [ 207.096166][ T9014] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1047'. [ 207.253193][ T5350] Bluetooth: hci6: command 0x1003 tx timeout [ 207.255456][ T5348] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 207.361314][ T39] audit: type=1326 audit(1729431032.340:2189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8997 comm="syz.1.1041" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7fc00000 [ 207.394810][ T9020] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 207.428687][ T9023] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1050'. [ 207.523467][ T9029] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1051'. [ 208.601739][ T9039] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 209.477776][ T5348] Bluetooth: hci1: connection err: -111 [ 210.093332][ T78] Bluetooth: hci6: Frame reassembly failed (-84) [ 210.097470][ T5348] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 210.371860][ T9065] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 210.865654][ T9068] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1062'. [ 211.406179][ T9081] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 211.590738][ T9092] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1068'. [ 211.797828][ T5348] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 211.799544][ T9099] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1072'. [ 211.800542][ T5348] CPU: 1 UID: 0 PID: 5348 Comm: kworker/u33:2 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 211.803588][ T9099] team0: entered promiscuous mode [ 211.805620][ T5348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 211.805632][ T5348] Workqueue: hci5 hci_rx_work [ 211.805666][ T5348] Call Trace: [ 211.811827][ T5348] [ 211.812595][ T5348] dump_stack_lvl+0x16c/0x1f0 [ 211.813832][ T5348] sysfs_warn_dup+0x7f/0xa0 [ 211.815022][ T5348] sysfs_create_dir_ns+0x24d/0x2b0 [ 211.816358][ T5348] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 211.817823][ T5348] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 211.818850][ T9099] team_slave_0: entered promiscuous mode [ 211.819211][ T5348] ? kobject_add_internal+0x12d/0x990 [ 211.822096][ T5348] ? do_raw_spin_unlock+0x172/0x230 [ 211.823389][ T5348] kobject_add_internal+0x2c8/0x990 [ 211.824681][ T5348] kobject_add+0x16f/0x240 [ 211.825822][ T5348] ? __pfx_kobject_add+0x10/0x10 [ 211.827112][ T5348] ? class_to_subsys+0x3e/0x160 [ 211.828389][ T5348] ? do_raw_spin_unlock+0x172/0x230 [ 211.828921][ T9099] team_slave_1: entered promiscuous mode [ 211.829881][ T5348] ? kobject_put+0xab/0x5a0 [ 211.829898][ T5348] device_add+0x289/0x1a70 [ 211.833672][ T5348] ? __pfx_dev_set_name+0x10/0x10 [ 211.834993][ T5348] ? __pfx_device_add+0x10/0x10 [ 211.836273][ T5348] ? mgmt_send_event_skb+0x2f2/0x460 [ 211.837647][ T5348] hci_conn_add_sysfs+0x17e/0x230 [ 211.838974][ T5348] le_conn_complete_evt+0xfc7/0x1cf0 [ 211.840342][ T5348] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 211.841838][ T5348] ? trace_contention_end+0xea/0x140 [ 211.843216][ T5348] ? __mutex_lock+0x1a6/0x9c0 [ 211.844443][ T5348] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 211.845978][ T5348] ? skb_pull_data+0x166/0x210 [ 211.847173][ T5348] hci_le_meta_evt+0x2e2/0x5d0 [ 211.848363][ T5348] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 211.849944][ T5348] hci_event_packet+0x666/0x1190 [ 211.851229][ T5348] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 211.852594][ T5348] ? __pfx_hci_event_packet+0x10/0x10 [ 211.853989][ T5348] ? mark_held_locks+0x9f/0xe0 [ 211.855241][ T5348] ? kcov_remote_start+0x3cf/0x6e0 [ 211.856569][ T5348] ? lockdep_hardirqs_on+0x7c/0x110 [ 211.857932][ T5348] hci_rx_work+0x2c6/0x16c0 [ 211.859118][ T5348] ? lock_acquire+0x2f/0xb0 [ 211.860305][ T5348] ? process_one_work+0x8bb/0x1b30 [ 211.861647][ T5348] process_one_work+0x958/0x1b30 [ 211.862961][ T5348] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 211.864416][ T5348] ? __pfx_process_one_work+0x10/0x10 [ 211.865819][ T5348] ? assign_work+0x1a0/0x250 [ 211.867031][ T5348] worker_thread+0x6c8/0xf00 [ 211.868244][ T5348] ? __pfx_worker_thread+0x10/0x10 [ 211.869571][ T5348] kthread+0x2c1/0x3a0 [ 211.870649][ T5348] ? _raw_spin_unlock_irq+0x23/0x50 [ 211.872001][ T5348] ? __pfx_kthread+0x10/0x10 [ 211.873206][ T5348] ret_from_fork+0x45/0x80 [ 211.874375][ T5348] ? __pfx_kthread+0x10/0x10 [ 211.875580][ T5348] ret_from_fork_asm+0x1a/0x30 [ 211.876838][ T5348] [ 211.878970][ T5348] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 211.882736][ T5348] Bluetooth: hci5: failed to register connection device [ 211.893649][ T9099] team_slave_0: entered allmulticast mode [ 211.902066][ T9099] team0: Port device team_slave_0 removed [ 211.918463][ T9098] team0: left promiscuous mode [ 211.919770][ T9098] team_slave_1: left promiscuous mode [ 212.299209][ T5348] Bluetooth: hci6: command 0x1003 tx timeout [ 212.302177][ T5350] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 212.388703][ T39] audit: type=1326 audit(1729431037.045:2190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9055 comm="syz.1.1058" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7fc00000 [ 212.549200][ T9112] netlink: 'syz.3.1074': attribute type 1 has an invalid length. [ 212.559666][ T9112] netlink: 88156 bytes leftover after parsing attributes in process `syz.3.1074'. [ 212.702003][ T9109] netlink: 9404 bytes leftover after parsing attributes in process `syz.1.1075'. [ 212.995892][ T9139] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1080'. [ 213.050579][ T9143] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' SYZFAIL: bad allocate request allocated=0 size=4294966767/4294966768 (errno 11: Resource temporarily unavailable) [ 213.328900][ T5327] sshd (5327) used greatest stack depth: 20592 bytes left [ 213.809119][ T1213] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.865674][ T8656] Buffer I/O error on dev loop7, logical block 4095, async page read [ 213.950031][ T1213] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.011003][ T1213] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.140541][ T1213] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.274523][ T1213] bridge_slave_1: left allmulticast mode [ 214.276634][ T1213] bridge_slave_1: left promiscuous mode [ 214.281279][ T1213] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.284137][ T1213] bridge_slave_0: left allmulticast mode [ 214.285595][ T1213] bridge_slave_0: left promiscuous mode [ 214.287142][ T1213] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.461242][ T1213] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 214.630947][ T1213] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 214.634641][ T1213] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 214.637824][ T1213] bond0 (unregistering): Released all slaves [ 214.766155][ T1213] tipc: Disabling bearer [ 214.773614][ T1213] tipc: Left network mode [ 215.026425][ T1213] hsr_slave_0: left promiscuous mode [ 215.028289][ T1213] hsr_slave_1: left promiscuous mode [ 215.030077][ T1213] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 215.032014][ T1213] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 215.034361][ T1213] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 215.037028][ T1213] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 215.053767][ T1213] veth0_macvtap: left promiscuous mode [ 215.055275][ T1213] veth1_vlan: left promiscuous mode [ 215.056701][ T1213] veth0_vlan: left promiscuous mode [ 215.695795][ T1213] team0 (unregistering): Port device team_slave_1 removed [ 216.804437][ T1213] IPVS: stop unused estimator thread 0... [ 216.965555][ T1213] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.056807][ T1213] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.156165][ T1213] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.261098][ T1213] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.375813][ T1213] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.455253][ T1213] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.518415][ T1213] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.584412][ T1213] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.678587][ T1213] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.778205][ T1213] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.844669][ T1213] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.966456][ T1213] bond0: (slave netdevsim0): Releasing backup interface [ 217.978313][ T1213] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.126839][ T1213] bridge_slave_1: left allmulticast mode [ 218.128508][ T1213] bridge_slave_1: left promiscuous mode [ 218.130060][ T1213] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.133839][ T1213] bridge_slave_0: left allmulticast mode [ 218.135345][ T1213] bridge_slave_0: left promiscuous mode [ 218.139349][ T1213] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.150335][ T1213] bridge_slave_1: left allmulticast mode [ 218.151850][ T1213] bridge_slave_1: left promiscuous mode [ 218.153353][ T1213] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.159764][ T1213] bridge_slave_0: left allmulticast mode [ 218.161303][ T1213] bridge_slave_0: left promiscuous mode [ 218.162827][ T1213] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.167300][ T1213] bridge_slave_1: left allmulticast mode [ 218.168988][ T1213] bridge_slave_1: left promiscuous mode [ 218.170513][ T1213] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.180555][ T1213] bridge_slave_0: left allmulticast mode [ 218.182651][ T1213] bridge_slave_0: left promiscuous mode [ 218.184744][ T1213] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.724025][ T1213] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 218.927671][ T1213] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 218.930299][ T1213] bond_slave_0: left promiscuous mode [ 218.933681][ T1213] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 218.936314][ T1213] bond_slave_1: left promiscuous mode [ 218.939223][ T1213] bond0 (unregistering): Released all slaves [ 219.013486][ T1213] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 219.017145][ T1213] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 219.020657][ T1213] bond0 (unregistering): Released all slaves [ 219.092196][ T1213] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 219.095950][ T1213] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 219.099717][ T1213] bond0 (unregistering): Released all slaves [ 219.284857][ T1213] tipc: Disabling bearer [ 219.287002][ T1213] tipc: Left network mode [ 219.617190][ T1213] [ 219.617875][ T1213] ====================================================== [ 219.619657][ T1213] WARNING: possible circular locking dependency detected [ 219.621465][ T1213] 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 Not tainted [ 219.623321][ T1213] ------------------------------------------------------ [ 219.625100][ T1213] kworker/u32:10/1213 is trying to acquire lock: [ 219.626733][ T1213] ffff88801a82cd40 (team->team_lock_key#6){+.+.}-{3:3}, at: team_del_slave+0x31/0x1b0 [ 219.629168][ T1213] [ 219.629168][ T1213] but task is already holding lock: [ 219.631048][ T1213] ffff888024bc0768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0xfe/0x760 [ 219.634007][ T1213] [ 219.634007][ T1213] which lock already depends on the new lock. [ 219.634007][ T1213] [ 219.637677][ T1213] [ 219.637677][ T1213] the existing dependency chain (in reverse order) is: [ 219.640367][ T1213] [ 219.640367][ T1213] -> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}: [ 219.642374][ T1213] __mutex_lock+0x175/0x9c0 [ 219.643713][ T1213] ieee80211_open+0x12f/0x260 [ 219.645052][ T1213] __dev_open+0x2d4/0x4e0 [ 219.646340][ T1213] dev_open+0xf4/0x160 [ 219.647594][ T1213] team_add_slave+0xa8c/0x1ff0 [ 219.648959][ T1213] do_set_master+0x1bc/0x230 [ 219.650282][ T1213] do_setlink+0xa82/0x3ee0 [ 219.651563][ T1213] __rtnl_newlink+0xc3a/0x1920 [ 219.652974][ T1213] rtnl_newlink+0x67/0xa0 [ 219.654390][ T1213] rtnetlink_rcv_msg+0x3c7/0xea0 [ 219.655794][ T1213] netlink_rcv_skb+0x165/0x410 [ 219.657154][ T1213] netlink_unicast+0x53c/0x7f0 [ 219.658531][ T1213] netlink_sendmsg+0x8b8/0xd70 [ 219.659893][ T1213] ____sys_sendmsg+0x9ae/0xb40 [ 219.661256][ T1213] ___sys_sendmsg+0x135/0x1e0 [ 219.662618][ T1213] __sys_sendmsg+0x117/0x1f0 [ 219.663934][ T1213] __do_fast_syscall_32+0x73/0x120 [ 219.665378][ T1213] do_fast_syscall_32+0x32/0x80 [ 219.666769][ T1213] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 219.668523][ T1213] [ 219.668523][ T1213] -> #0 (team->team_lock_key#6){+.+.}-{3:3}: [ 219.670621][ T1213] __lock_acquire+0x250b/0x3ce0 [ 219.672009][ T1213] lock_acquire.part.0+0x11b/0x380 [ 219.673503][ T1213] __mutex_lock+0x175/0x9c0 [ 219.674808][ T1213] team_del_slave+0x31/0x1b0 [ 219.676122][ T1213] team_device_event+0xd0/0x770 [ 219.677497][ T1213] notifier_call_chain+0xb9/0x410 [ 219.678922][ T1213] call_netdevice_notifiers_info+0xbe/0x140 [ 219.680582][ T1213] unregister_netdevice_many_notify+0x8d5/0x1e50 [ 219.682346][ T1213] unregister_netdevice_queue+0x307/0x3f0 [ 219.683975][ T1213] _cfg80211_unregister_wdev+0x624/0x7f0 [ 219.685557][ T1213] ieee80211_remove_interfaces+0x36d/0x760 [ 219.687190][ T1213] ieee80211_unregister_hw+0x55/0x3a0 [ 219.688719][ T1213] mac80211_hwsim_del_radio+0x268/0x370 [ 219.690289][ T1213] hwsim_exit_net+0x33f/0x6d0 [ 219.691634][ T1213] ops_exit_list+0xb0/0x180 [ 219.692996][ T1213] cleanup_net+0x5b7/0xb40 [ 219.694306][ T1213] process_one_work+0x958/0x1b30 [ 219.695707][ T1213] worker_thread+0x6c8/0xf00 [ 219.697025][ T1213] kthread+0x2c1/0x3a0 [ 219.698226][ T1213] ret_from_fork+0x45/0x80 [ 219.699500][ T1213] ret_from_fork_asm+0x1a/0x30 [ 219.700865][ T1213] [ 219.700865][ T1213] other info that might help us debug this: [ 219.700865][ T1213] [ 219.703494][ T1213] Possible unsafe locking scenario: [ 219.703494][ T1213] [ 219.705370][ T1213] CPU0 CPU1 [ 219.706739][ T1213] ---- ---- [ 219.708091][ T1213] lock(&rdev->wiphy.mtx); [ 219.709261][ T1213] lock(team->team_lock_key#6); [ 219.711177][ T1213] lock(&rdev->wiphy.mtx); [ 219.712990][ T1213] lock(team->team_lock_key#6); [ 219.714271][ T1213] [ 219.714271][ T1213] *** DEADLOCK *** [ 219.714271][ T1213] [ 219.716326][ T1213] 5 locks held by kworker/u32:10/1213: [ 219.717724][ T1213] #0: ffff88801baff148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1212/0x1b30 [ 219.720358][ T1213] #1: ffffc9000755fd80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 219.722911][ T1213] #2: ffffffff8faae790 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xbb/0xb40 [ 219.725358][ T1213] #3: ffffffff8fac43a8 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x4d/0x3a0 [ 219.727860][ T1213] #4: ffff888024bc0768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0xfe/0x760 [ 219.730580][ T1213] [ 219.730580][ T1213] stack backtrace: [ 219.732093][ T1213] CPU: 3 UID: 0 PID: 1213 Comm: kworker/u32:10 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 219.734875][ T1213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 219.737615][ T1213] Workqueue: netns cleanup_net [ 219.738860][ T1213] Call Trace: [ 219.739728][ T1213] [ 219.740496][ T1213] dump_stack_lvl+0x116/0x1f0 [ 219.741746][ T1213] print_circular_bug+0x419/0x5d0 [ 219.743055][ T1213] check_noncircular+0x31a/0x400 [ 219.744339][ T1213] ? __pfx_check_noncircular+0x10/0x10 [ 219.745759][ T1213] ? lockdep_lock+0xc6/0x200 [ 219.746960][ T1213] ? __pfx_lockdep_lock+0x10/0x10 [ 219.748263][ T1213] __lock_acquire+0x250b/0x3ce0 [ 219.749598][ T1213] ? __pfx___lock_acquire+0x10/0x10 [ 219.750945][ T1213] ? skb_dequeue+0x126/0x180 [ 219.752209][ T1213] lock_acquire.part.0+0x11b/0x380 [ 219.753816][ T1213] ? team_del_slave+0x31/0x1b0 [ 219.755550][ T1213] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 219.757569][ T1213] ? rcu_is_watching+0x12/0xc0 [ 219.759225][ T1213] ? trace_lock_acquire+0x14a/0x1d0 [ 219.760555][ T1213] ? team_del_slave+0x31/0x1b0 [ 219.761823][ T1213] ? lock_acquire+0x2f/0xb0 [ 219.763021][ T1213] ? team_del_slave+0x31/0x1b0 [ 219.764254][ T1213] __mutex_lock+0x175/0x9c0 [ 219.765427][ T1213] ? team_del_slave+0x31/0x1b0 [ 219.766669][ T1213] ? __mutex_lock+0x1a6/0x9c0 [ 219.767886][ T1213] ? team_del_slave+0x31/0x1b0 [ 219.769116][ T1213] ? __pfx___mutex_lock+0x10/0x10 [ 219.770413][ T1213] ? __pfx___mutex_lock+0x10/0x10 [ 219.771712][ T1213] ? lockdep_hardirqs_on+0x7c/0x110 [ 219.773124][ T1213] ? rt_flush_dev+0x479/0x620 [ 219.774820][ T1213] ? team_del_slave+0x31/0x1b0 [ 219.776558][ T1213] team_del_slave+0x31/0x1b0 [ 219.778253][ T1213] team_device_event+0xd0/0x770 [ 219.780030][ T1213] notifier_call_chain+0xb9/0x410 [ 219.781462][ T1213] ? __pfx_team_device_event+0x10/0x10 [ 219.782901][ T1213] call_netdevice_notifiers_info+0xbe/0x140 [ 219.784571][ T1213] unregister_netdevice_many_notify+0x8d5/0x1e50 [ 219.786208][ T1213] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 219.787940][ T1213] ? find_held_lock+0x2d/0x110 [ 219.789179][ T1213] ? kernfs_remove_by_name_ns+0xc4/0x130 [ 219.790621][ T1213] ? __pfx_lock_release+0x10/0x10 [ 219.791920][ T1213] ? __call_rcu_common.constprop.0+0x36e/0x7a0 [ 219.793872][ T1213] unregister_netdevice_queue+0x307/0x3f0 [ 219.795981][ T1213] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 219.798256][ T1213] _cfg80211_unregister_wdev+0x624/0x7f0 [ 219.800009][ T1213] ieee80211_remove_interfaces+0x36d/0x760 [ 219.801517][ T1213] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 219.803168][ T1213] ieee80211_unregister_hw+0x55/0x3a0 [ 219.804534][ T1213] mac80211_hwsim_del_radio+0x268/0x370 [ 219.805911][ T1213] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 219.807468][ T1213] ? hwsim_exit_net+0x2f3/0x6d0 [ 219.808724][ T1213] ? __local_bh_enable_ip+0xa4/0x120 [ 219.810085][ T1213] hwsim_exit_net+0x33f/0x6d0 [ 219.811291][ T1213] ? __pfx_hwsim_exit_net+0x10/0x10 [ 219.812634][ T1213] ? __pfx___might_resched+0x10/0x10 [ 219.814478][ T1213] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 219.816436][ T1213] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 219.818504][ T1213] ? __pfx_hwsim_exit_net+0x10/0x10 [ 219.820089][ T1213] ops_exit_list+0xb0/0x180 [ 219.821261][ T1213] cleanup_net+0x5b7/0xb40 [ 219.822446][ T1213] ? __pfx_cleanup_net+0x10/0x10 [ 219.823891][ T1213] ? trace_lock_acquire+0x14a/0x1d0 [ 219.825244][ T1213] ? process_one_work+0x8bb/0x1b30 [ 219.826576][ T1213] ? lock_acquire+0x2f/0xb0 [ 219.827761][ T1213] ? process_one_work+0x8bb/0x1b30 [ 219.829085][ T1213] process_one_work+0x958/0x1b30 [ 219.830385][ T1213] ? __pfx_cleanup_net+0x10/0x10 [ 219.831650][ T1213] ? __pfx_process_one_work+0x10/0x10 [ 219.833078][ T1213] ? assign_work+0x1a0/0x250 [ 219.834275][ T1213] worker_thread+0x6c8/0xf00 [ 219.835473][ T1213] ? __kthread_parkme+0x148/0x220 [ 219.836773][ T1213] ? __pfx_worker_thread+0x10/0x10 [ 219.838105][ T1213] kthread+0x2c1/0x3a0 [ 219.839151][ T1213] ? _raw_spin_unlock_irq+0x23/0x50 [ 219.840507][ T1213] ? __pfx_kthread+0x10/0x10 [ 219.841736][ T1213] ret_from_fork+0x45/0x80 [ 219.842922][ T1213] ? __pfx_kthread+0x10/0x10 [ 219.844586][ T1213] ret_from_fork_asm+0x1a/0x30 [ 219.846353][ T1213] [ 219.851503][ T1213] team0: Port device wlan1 removed [ 220.221278][ T1213] hsr_slave_0: left promiscuous mode [ 220.223117][ T1213] hsr_slave_1: left promiscuous mode [ 220.224910][ T1213] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 220.226781][ T1213] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 220.233523][ T1213] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 220.235399][ T1213] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 220.253796][ T1213] hsr_slave_0: left promiscuous mode [ 220.255433][ T1213] hsr_slave_1: left promiscuous mode [ 220.257022][ T1213] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 220.258891][ T1213] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 220.260872][ T1213] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 220.262748][ T1213] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 220.266582][ T1213] hsr_slave_0: left promiscuous mode [ 220.268157][ T1213] hsr_slave_1: left promiscuous mode [ 220.269732][ T1213] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 220.271598][ T1213] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 220.273608][ T1213] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 220.275733][ T1213] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 220.280179][ T1213] veth1_macvtap: left promiscuous mode [ 220.281594][ T1213] veth0_macvtap: left promiscuous mode [ 220.283018][ T1213] veth1_vlan: left promiscuous mode [ 220.284366][ T1213] veth0_vlan: left promiscuous mode [ 220.286405][ T1213] veth1_macvtap: left promiscuous mode [ 220.287849][ T1213] veth0_macvtap: left promiscuous mode [ 220.289249][ T1213] veth1_vlan: left promiscuous mode [ 220.290603][ T1213] veth0_vlan: left promiscuous mode [ 220.292306][ T1213] veth0_macvtap: left promiscuous mode [ 220.293758][ T1213] veth1_vlan: left promiscuous mode [ 220.295138][ T1213] veth0_vlan: left promiscuous mode [ 220.526364][ T1213] team0 (unregistering): Port device team_slave_1 removed [ 220.564018][ T1213] team0 (unregistering): Port device team_slave_0 removed [ 220.977827][ T1213] team0 (unregistering): Port device team_slave_1 removed [ 221.014788][ T1213] team0 (unregistering): Port device team_slave_0 removed [ 221.525348][ T1213] team0 (unregistering): Port device team_slave_1 removed [ 221.573378][ T1213] team0 (unregistering): Port device team_slave_0 removed [ 223.010581][ T1213] IPVS: stop unused estimator thread 0... VM DIAGNOSIS: 13:30:45 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000007 RBX=1ffff920009e1e9f RCX=0000000000000002 RDX=0000000000000000 RSI=0000000000000000 RDI=ffff88801f512f1c RBP=0000000000000246 RSP=ffffc90004f0f4f0 R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff901ce54f R11=0000000000000000 R12=0000000000000000 R13=ffffffff8ddb7780 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff816a4523 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000021000000 CR3=0000000057580000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffffea00017d7640 RCX=ffffffff81f9eb74 RDX=ffff88802285a440 RSI=ffffffff81f9f823 RDI=0000000000000007 RBP=ffff88804124d3d0 RSP=ffffc900072df588 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000080000001 R13=0000000000000001 R14=0000000000000001 R15=ffffea00017d7640 RIP=ffffffff818cba11 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffce6508fbc CR3=000000004af26000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000ffff3f01 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=7011edf17011edf1 7011edf17011edf1 7011edf17011edf1 7011edf17011edf1 7011edf17011edf1 7011edf17011edf1 7011edf17011edf1 7011edf17011edf1 ZMM22=2b62875b2b62875b 2b62875b2b62875b 2b62875b2b62875b 2b62875b2b62875b 2b62875b2b62875b 2b62875b2b62875b 2b62875b2b62875b 2b62875b2b62875b ZMM23=c6995c82c6995c82 c6995c82c6995c82 c6995c82c6995c82 c6995c82c6995c82 c6995c82c6995c82 c6995c82c6995c82 c6995c82c6995c82 c6995c82c6995c82 ZMM24=33ea90ca33ea90ca 33ea90ca33ea90ca 33ea90ca33ea90ca 33ea90ca33ea90ca 33ea90ca33ea90ca 33ea90ca33ea90ca 33ea90ca33ea90ca 33ea90ca33ea90ca ZMM25=157f70eb157f70eb 157f70eb157f70eb 157f70eb157f70eb 157f70eb157f70eb 157f70eb157f70eb 157f70eb157f70eb 157f70eb157f70eb 157f70eb157f70eb ZMM26=ec318e41ec318e41 ec318e41ec318e41 ec318e41ec318e41 ec318e41ec318e41 ec318e41ec318e41 ec318e41ec318e41 ec318e41ec318e41 ec318e41ec318e41 ZMM27=907ba5de907ba5de 907ba5de907ba5de 907ba5de907ba5de 907ba5de907ba5de 907ba5de907ba5de 907ba5de907ba5de 907ba5de907ba5de 907ba5de907ba5de ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=e2080000e2080000 e2080000e2080000 e2080000e2080000 e2080000e2080000 e2080000e2080000 e2080000e2080000 e2080000e2080000 e2080000e2080000 info registers vcpu 2 CPU#2 RAX=dffffc0000000000 RBX=00000000f43d810a RCX=000000009c4a26ed RDX=935134c4facd942d RSI=0000000057f35a1d RDI=ffffffff969924f0 RBP=ffffffff96993b58 RSP=ffffc90004f973a0 R8 =0000000000000000 R9 =fffffbfff2d32188 R10=ffffffff96990c47 R11=0000000000000000 R12=dffffc0000000000 R13=ffff888021f32f98 R14=0000000000000002 R15=ffff888021f32440 RIP=ffffffff8169ff8c RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000057ac04ac CR3=000000002942a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000430043 RBX=0000000000000003 RCX=ffffffff8b139ef9 RDX=0000000000000000 RSI=ffffffff8b4cc960 RDI=ffffffff8bb12d20 RBP=ffffed10036ec488 RSP=ffffc90000497e08 R8 =0000000000000001 R9 =ffffed10056e7025 R10=ffff88802b73812b R11=0000000000000000 R12=0000000000000003 R13=ffff88801b762440 R14=ffffffff901ce548 R15=0000000000000000 RIP=ffffffff8b13b2df RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f56944c4 CR3=000000002ad5c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000008000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000