last executing test programs: 2.331241421s ago: executing program 2 (id=3183): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) 2.331085536s ago: executing program 2 (id=3184): mount_setattr(0xffffffffffffffff, 0x0, 0x800, &(0x7f0000000280)={0x10000a, 0x1, 0x140000}, 0x20) r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10) (async, rerun: 64) sendmsg$nl_route(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)=@getlink={0x20, 0x12, 0x18efde40b3708357, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2080}}, 0x20}}, 0x0) (async, rerun: 64) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x7fffffff, 0x9, 0x2, "3259c546daccf1ae1e008faa00000000f4ff400200", 0x59555956}) 2.25609875s ago: executing program 2 (id=3185): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x64040, 0xd0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$caif_seqpacket(0x25, 0x5, 0x1) r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x62ed, 0x20000, 0x3, 0x30b, 0x0, r0}, &(0x7f00000003c0)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x4004004, 0x1}) io_uring_enter(r4, 0x47f9, 0x0, 0x7, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x200}, 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000440)={{0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x18, 0x7fff}, 0x0, 0x0, 0x9, 0x4, 0xf3a, 0x8, 0x0, 0x5, 0x3, 0x81}) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r7, 0xc0a85320, &(0x7f0000000180)={{0x80}, 'port0\x00', 0x7e, 0xa1c07, 0x6, 0x0, 0x100000}) epoll_create(0x101) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x18557f, 0x0) socket$inet(0x2, 0x2, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) r9 = openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r9, 0xc0d05640, &(0x7f00000001c0)={0x4, @pix={0x0, 0x0, 0x34565559, 0x0, 0x2000000, 0x0, 0x25, 0xfffffffd, 0x0, 0x3}}) sendmsg$nl_xfrm(r8, &(0x7f0000000080)={0x0, 0xfffffffffffffe9b, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYRESOCT=r7], 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x20040810) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) syz_open_dev$usbfs(0x0, 0x75, 0x40082) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, &(0x7f0000000300)={{@host, 0xd}, 0x1}) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00') read$FUSE(r10, &(0x7f0000002280)={0x2020}, 0x2020) pread64(r10, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 2.106729572s ago: executing program 3 (id=3186): syz_emit_ethernet(0x2a, &(0x7f0000000100)={@multicast, @random="8a0a63cdec59", @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x14}, @remote}}}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r1, 0x8910, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_map={0x7, 0xab54, 0x512c, 0x6, 0x9, 0x5}}) prctl$PR_SCHED_CORE(0x53564d41, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0xf, &(0x7f0000000580)={&(0x7f0000000780)=ANY=[@ANYRESOCT=r1, @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100766c616e0040009c9d0f263f757d000c00028006f0333c00050000000000314ee587f8069fc19584d6ecb4debd1a3cbcc611fdf95e9bd2f0e7bd166de5c173e862cb9ba1e2ddcbfd45f6e28abdcaf4f9ca7f4c85348718d4ceaffbf3d1f97c6382c4141ff78074277b4138616924391bfb316d2263b6024944438bdbf56ae4d41edcfeaba57f4ce6ec75a8eb718093bf7dd104ac645a72a0415671e008bcadb25ab8af0959c652688443997c81"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_PROTOCOLS(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000040)={&(0x7f0000000240)={0x44, 0x0, 0x10, 0x70bd2b, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @empty}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @loopback}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8010}, 0x40000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x3bc, 0x1e4, 0x9403, 0x0, 0x1e4, 0x2c0, 0x2f4, 0x3d8, 0x3d8, 0x2f4, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x1bc, 0x1e4, 0x0, {}, [@common=@srh1={{0x8c}, {0x6, 0x8a, 0x1, 0xb, 0x3, @mcast2, @local, @local, [0x0, 0xffffffff, 0x0, 0xffffffff], [0xffffff00, 0xff000000, 0xffffff00, 0xff], [0xffffffff, 0xff000000, 0x0, 0x7550ccb710be24b3], 0x8, 0x2006}}, @common=@srh1={{0x8c}, {0x16, 0xb9, 0x50, 0x40, 0x3, @remote, @private2={0xfc, 0x2, '\x00', 0xfe}, @ipv4={'\x00', '\xff\xff', @remote}, [0xff, 0xffffff00, 0x0, 0xff000000], [0xffffff00, 0xff000000, 0xff000000], [0x0, 0xffffffff, 0x0, 0xff000000], 0x407, 0x1060}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x2, 0x1}, {0x2, 0x3}}}}, {{@uncond, 0x0, 0xc8, 0x110, 0x0, {}, [@inet=@rpfilter={{0x24}, {0x1}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x418) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) unshare(0x2000000) r6 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) sendmsg$NL80211_CMD_GET_WIPHY(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="1400", @ANYRES16, @ANYBLOB="01000100f021644460b0310eb0c8f97074de6bb84a53e60fce8457c0f082fce1166086b2e850149579d38e43d6877d8fba32cc0dd9d362cedb08ac8465c7b7dec29b468e8600156111eb8837e26b5c82f328a8725e99755f60062bd9c49a962a978b117d58de39d26f21184575445e6e8427631cd3ee755c9e791b4b5d2e3c78b9124c9835d1f7534f0be9a6669c990df04f1d3b60d27c066ca4c953540c1600fe56ec7a66242feaa44424d08be0959b89fef4807807119c5f821880b3604848006828d891339519ef926c156ee43b8b9a02a176703916690dc69cc2b72dbbef89ce33ca845060869af8bc"], 0x14}, 0x1, 0x0, 0x0, 0x400c880}, 0x0) setsockopt$sock_timeval(r5, 0x1, 0x15, &(0x7f0000000140)={0x0, 0x7530}, 0x10) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r7, 0x84, 0x0, &(0x7f0000000040)={r9, 0xd87, 0xffffffff, 0x4}, 0x10) 2.051212439s ago: executing program 3 (id=3187): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x14) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2) read(r2, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x14) 1.988290497s ago: executing program 3 (id=3188): getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=@newtaction={0x1e34, 0x30, 0x1, 0x0, 0x0, {}, [{0x1e20, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_pedit={0x1dd8, 0x8, 0x0, 0x0, {{0xa}, {0x1d48, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0xa4, 0x5, 0x0, 0x1, [{0x34, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}]}, {0x24, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}]}, {0x34, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_PARMS_EX={0xe68, 0x4, {{{0x5, 0x0, 0x5, 0x7, 0x6}, 0x2, 0x6, [{0x5, 0x30, 0xfffffff7, 0xc9, 0x8000, 0x5}, {0xfffffff7, 0x6, 0x5, 0x4, 0x5fd, 0x35a76b64}, {0x2000000, 0x1f4000, 0xa, 0x8, 0x1, 0x100}]}, [{0x8000, 0x101, 0x8, 0x7, 0xff, 0x200}, {0xfffffff9, 0x2, 0x7, 0xfffff001, 0x0, 0x8}, {0x4, 0xc, 0x7fff, 0x80000000, 0x5, 0x7fff}, {0x1, 0x4, 0x7fff, 0x0, 0xfffffe01, 0xffff}, {0x6, 0x550, 0x78, 0x80, 0x8, 0x8000}, {0x9e5, 0x5, 0x6, 0x1, 0xf, 0x2cc}, {0x9, 0x8, 0x7de, 0x2, 0x264, 0x4}, {0x2, 0x7, 0x6, 0x9, 0x0, 0x4}, {0x0, 0x2, 0x2, 0xfff, 0x1, 0x5}, {0x6, 0x2, 0x6, 0x8, 0x2, 0x9}, {0xba0, 0x3, 0x8001, 0x2, 0x5, 0x1}, {0xe, 0x3, 0x6, 0x5, 0x9b84, 0x8}, {0x1, 0x4, 0x7, 0x5, 0x3, 0x1}, {0x2ff, 0xffffff00, 0xfc000000, 0x6, 0x4189, 0x2}, {0x9, 0x1, 0x4, 0x401, 0x5}, {0x4, 0x0, 0x8, 0x2, 0xfff, 0xcd}, {0x0, 0x8, 0xffff, 0x7, 0x86b, 0x9}, {0x3, 0xffff7fff, 0x9, 0x7fffffff, 0x8001, 0x7}, {0x10001, 0x5ae1, 0x40, 0x1, 0xc, 0x4}, {0x812f, 0x1, 0x591, 0x7, 0x8, 0x2}, {0x847e, 0xffffffc0, 0x10001, 0x0, 0x7, 0xf}, {0x1ff, 0x141a, 0xffffff50, 0xc, 0x1ff, 0x90c923c5}, {0x2b6, 0xd82, 0x101, 0x0, 0x40, 0x8001}, {0x8, 0x8, 0x9, 0x6, 0x3, 0x7}, {0x1, 0xc0, 0x8, 0x5, 0x1, 0x7}, {0xe, 0x10, 0x6, 0x2, 0xc2e, 0x100}, {0x0, 0x400, 0x74, 0x2, 0x8, 0x7}, {0x6, 0x43b4, 0x4, 0x10000, 0x6e, 0x3}, {0x9, 0x3a2f, 0x7, 0x7ff, 0x1ff, 0xdbe}, {0xb, 0x2032, 0xa7, 0x2, 0xb3f, 0xffffffff}, {0x9, 0x2, 0x9, 0x9, 0x101, 0x800}, {0x9, 0x0, 0x7, 0x7, 0x2735, 0x1}, {0x4, 0x6, 0x9, 0x8, 0x6, 0x200}, {0x1, 0x80000001, 0x800, 0xffffffff, 0x53, 0x7f}, {0x0, 0x6, 0x7, 0x21f, 0x81, 0x8}, {0x8, 0x6, 0xfffff800, 0x80, 0xfffffffb, 0x6}, {0xfff, 0x2, 0x3, 0x94, 0x2}, {0x7876, 0x1, 0x7ff, 0x7295000, 0x7ff, 0x9}, {0x1000, 0xe72, 0x9, 0x27e63a8, 0xfff, 0x200}, {0xc, 0x7ff, 0xa48, 0x2, 0x5, 0x6}, {0x8001, 0x5, 0x101, 0x0, 0x93}, {0x80, 0x6, 0x5, 0x101, 0xa4, 0x1d97}, {0x10000, 0x2, 0x0, 0xea, 0x0, 0x7}, {0x8001, 0x2, 0x100, 0x200, 0x800, 0x5}, {0x2, 0x3, 0x8, 0x7, 0x9, 0x359}, {0x200, 0x5, 0x7f, 0xf79, 0x1, 0x5}, {0x2, 0x2, 0x7, 0x89, 0x5}, {0x6, 0x3, 0x1, 0x8, 0x80000000, 0x4}, {0x5, 0x101, 0x400, 0x2, 0x1, 0x7}, {0x6, 0x1000, 0x6df5, 0xfad, 0x2, 0x8}, {0x7, 0x26, 0xea4, 0x97, 0x7, 0x81}, {0x0, 0x6, 0x101, 0x2, 0x7, 0x7f}, {0x1, 0xa, 0x10000, 0x200, 0x8, 0x9}, {0x0, 0x0, 0x3, 0x400, 0x7fff, 0x2}, {0x7fff, 0x4, 0x1a, 0x4, 0x5}, {0xfffffffb, 0x6, 0x5, 0x8, 0x1, 0x20}, {0x1ff, 0x5, 0x3, 0x8cd7, 0x8001, 0x7}, {0x8, 0x3c9fbc91, 0x4, 0xbf8, 0x8001, 0x5}, {0x1, 0x9ce, 0x7, 0x8000, 0xc, 0x6}, {0x3495, 0x7, 0x0, 0xf, 0x4, 0x41b}, {0xb3, 0x3, 0xfff, 0x5, 0x9, 0x1e}, {0x1394d2cf, 0x7ff, 0x8, 0x40, 0xdc, 0xfffffffb}, {0x2, 0xd9, 0x6, 0x3, 0x5, 0x7}, {0x9, 0xcc5, 0x3, 0x5, 0x1ff, 0x3}, {0x9, 0x101, 0x7, 0x6, 0x9, 0x8}, {0x1ff, 0x5, 0x1, 0x6, 0x200000, 0x100}, {0x7, 0x5, 0x80000001, 0x80000001, 0x9, 0x6}, {0x7, 0x2, 0x4, 0x3, 0x100, 0x5}, {0x6, 0x0, 0x3, 0x0, 0x6, 0x9}, {0x8, 0x6, 0x5, 0x9, 0x4, 0x7f}, {0x8, 0x7ff, 0x7f, 0x4, 0x1, 0x7}, {0x4, 0x8, 0x5, 0xb, 0xffffffc0, 0x1}, {0x4, 0x5, 0x400, 0xfffffb8b, 0x3, 0x6}, {0x7, 0x10, 0x9, 0x400, 0x2, 0x1c0000}, {0x7, 0x2, 0x45, 0x99d, 0x6, 0x7fffffff}, {0x7, 0x39, 0x7ff, 0x101, 0x0, 0x7}, {0xf6, 0x4, 0x10, 0x1, 0x5}, {0x80, 0x972, 0x4, 0x4, 0x4, 0x9}, {0x7, 0x7ff, 0x2, 0x1, 0x957, 0x10}, {0x831, 0x4, 0xd, 0xfffff000, 0x8, 0x200}, {0x0, 0x5, 0x7, 0x80000000, 0xffffffff, 0x8}, {0xfffffffd, 0x83d, 0x0, 0x2, 0xa6000000, 0x9}, {0x8, 0xb, 0x9, 0x6, 0x8, 0x7ed}, {0x7, 0x1, 0x6, 0x0, 0x93, 0x1}, {0x0, 0x419, 0x5, 0x7, 0x4a, 0x10000}, {0x7, 0xff, 0x100, 0x4, 0xe, 0x400}, {0x7ff, 0x40, 0x0, 0x80000000, 0x800, 0x401}, {0x9, 0x1, 0x800, 0x5, 0x4, 0x1}, {0x7f, 0xdc71, 0x2, 0x8, 0x1, 0xfd2d}, {0x8caa, 0xee94, 0x9, 0x8, 0x0, 0x3}, {0xfe24, 0x4, 0x7, 0x8657, 0x1, 0x5}, {0x8, 0xf, 0x5a, 0x9, 0x8000, 0x8000}, {0x6, 0x34, 0xfacf, 0x4, 0x4, 0x63ad}, {0x0, 0xf, 0xffffffff, 0x1, 0x80, 0x9ac}, {0xa1f, 0xfffff12e, 0x2, 0x8, 0x32f, 0x1000}, {0x0, 0x4, 0xff, 0x3, 0x4, 0x7}, {0x5, 0x0, 0x4, 0x9, 0x10000, 0x2}, {0x8001, 0x1, 0x1ff, 0x4, 0x4, 0x3}, {0x9, 0x4, 0x50ae, 0x1, 0x7, 0xc0000000}, {0x89af, 0x6, 0x1, 0x7, 0x4, 0xf}, {0xffffffff, 0x40, 0x1, 0x401, 0x9, 0x7539f96b}, {0x4, 0x94, 0x5, 0xc, 0x6, 0x8}, {0x928, 0x3ff, 0x9, 0x0, 0x3, 0x5}, {0x9, 0x1ff, 0x8, 0xfb, 0x0, 0x1c}, {0x2, 0x1, 0xda, 0x7ff, 0x9, 0x9a9f}, {0x2, 0x4, 0x1, 0x1, 0x8, 0xabd0}, {0x7, 0x41d, 0x18d, 0x5e7, 0x7f, 0x9}, {0xfffffff7, 0x1acc, 0x3fe, 0x10, 0x7ff, 0xd9}, {0x0, 0xfffffff7, 0x10000, 0x99, 0xb, 0x4}, {0x0, 0x10000, 0x1, 0x5f, 0xff, 0x8000}, {0x1, 0x5, 0x3, 0x4, 0x7, 0x7fff}, {0x10001, 0xfffffffc, 0x200, 0x8000, 0x6, 0x4}, {0x7, 0xa, 0x70000, 0xd06, 0xffffff5a, 0x6}, {0x7, 0x81, 0x7fffffff, 0x2, 0x1ff, 0x3}, {0x2, 0xe, 0x4, 0x6, 0x7}, {0x8e, 0x4, 0x7, 0x7, 0x1}, {0xfa7, 0x9, 0x2, 0x705, 0x7f, 0x4}, {0x5, 0x200, 0x8, 0x9, 0x7, 0xffffffff}, {0xd65, 0x9, 0x4, 0x6758, 0x8001, 0x80000000}, {0x400, 0x2, 0x3, 0x3, 0x8, 0x4}, {0x5, 0x7, 0x9, 0xffffff01, 0x7, 0xfffffc01}, {0x903, 0x7f1, 0x4, 0x6, 0x80000001, 0x800}, {0x9, 0x2, 0x2, 0x7, 0x3, 0x1}, {0x7, 0x3, 0x2, 0x7, 0xb1, 0x2}, {0x9, 0x9, 0x7, 0x7, 0x8001, 0x8}, {0x1, 0x1, 0x7, 0x0, 0x7, 0x8}, {0x6e3e, 0x4, 0x104, 0x3, 0x8, 0x1e}, {0x9, 0x10000, 0xda1, 0x7f, 0x800, 0x1000}], [{0x4}, {0x4, 0x1}, {0x4, 0x1}, {0x5}, {0x4, 0x1}, {0x2}, {0x5}, {0x5, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x4}, {0x3, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x5}, {0x1, 0x1}, {0x3}, {0x3, 0x1}, {0x3}, {0x0, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x5}, {0xfd5d1f454df9b820}, {0x4}, {0x1, 0x1}, {0x5}, {0x3, 0x1}, {0x2, 0x1}, {0x2, 0x2}, {}, {0x3}, {0x4}, {0x2, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x2, 0x1}, {0x5}, {0x1, 0x1}, {0x3}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {}, {0x5, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x1}, {0x5}, {0x66ae095cfa82bdef, 0x1}, {0x1}, {0x5}, {0x2}, {0x4, 0x1}, {0x2}, {}, {0x1}, {0x2}, {0x2}, {0x0, 0x1}, {0x3, 0x1}, {0x2}, {0x2}, {0x3}, {0x5, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x4}, {0x2, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {0x4}, {}, {0x1}, {0x2}, {0x3}, {}, {0x4}, {0x2, 0x1}, {0x7, 0x1}, {0x2}, {}, {0x2, 0x1}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x5}, {}, {0x2, 0x1}, {0x4}, {0x5}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {0x4}, {0x0, 0x1}, {0x4, 0x1}, {0x5}, {0x3}, {0x3}, {}, {0x5, 0x1}, {0x4, 0x1}, {0x4}, {0x3, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x4}, {0x4}, {0x3, 0x1}]}}, @TCA_PEDIT_PARMS_EX={0xe38, 0x4, {{{0x6, 0x7, 0x20000000, 0x2, 0x2}, 0xc, 0x10, [{0xfc4, 0x7, 0x1, 0xcc7, 0xfffffffb}]}, [{0x8, 0x3, 0x5, 0x3, 0x10, 0x7}, {0x5, 0x9, 0x10000, 0xa, 0x9f1d, 0x1}, {0xd7, 0x4, 0xffffffff, 0x5, 0x4, 0x9}, {0x6, 0x400, 0x7f, 0x432, 0x4, 0x6}, {0xfffffffe, 0x2, 0x10, 0x5, 0xc, 0x5}, {0xd, 0x8, 0x7, 0x2, 0x6, 0x80000001}, {0x8000, 0x8, 0x57260000, 0xdf, 0xf, 0x4}, {0x7fffffff, 0xffffff80, 0x938d, 0x2, 0x9a, 0x2}, {0x1, 0x10, 0x1, 0x2, 0x9, 0x1}, {0x8, 0x3ff80, 0x8, 0x7db7c2c4, 0xffff, 0xb}, {0x6, 0x7, 0x7, 0x7, 0x4, 0x6}, {0x9, 0x7, 0xf2d, 0x0, 0x8, 0x7ff}, {0x1, 0x8, 0x6, 0x3, 0x7, 0x8000}, {0x6, 0x2, 0x1, 0x6, 0x70000000, 0x26}, {0x40, 0x81, 0x46b, 0x8000, 0x0, 0x6}, {0x10, 0x2, 0x4, 0xffff363b, 0x7ff}, {0x6, 0x2, 0x7, 0x1, 0x8001, 0x4ad}, {0x3, 0x101, 0x9, 0x2, 0x0, 0x168}, {0x5, 0x100, 0x6, 0x3, 0x8, 0x3}, {0x4, 0x1, 0x9, 0x0, 0xfffffffe, 0x8}, {0xd, 0x3, 0xfffffffb, 0x7, 0x8, 0x8}, {0x10, 0x10000, 0x2, 0x1, 0x5, 0x4}, {0x1, 0xc47, 0x3ff, 0xff, 0x4, 0x4}, {0x0, 0xffffc203, 0x7a, 0x3, 0xfff, 0x401}, {0xaef, 0x7, 0x4, 0x1bb5, 0x2, 0xfffffff9}, {0x3, 0x4, 0x6, 0x8, 0x0, 0x7}, {0x8001, 0x3, 0x1, 0x7, 0x6, 0x3}, {0x8, 0x3, 0x0, 0x4, 0x400, 0x7}, {0xad3, 0xffffffff, 0x9, 0x3, 0x9, 0x4}, {0x5, 0x0, 0x10001, 0x800000, 0x4, 0xe}, {0x5, 0x6, 0x4, 0x2, 0x4, 0x1}, {0x200, 0x7fff, 0x7, 0x136, 0x1000, 0xffff0000}, {0xf, 0x4, 0x9, 0xfffffd5e, 0x4, 0x716c}, {0xe5, 0x50000, 0xcfe, 0x2, 0x72, 0x5}, {0x80000000, 0xa4d5, 0x3, 0x4, 0x1, 0x9}, {0xc80a, 0x4, 0x7, 0x88c, 0x4, 0x7cf}, {0x1, 0xfffffff0, 0x10, 0x3, 0x200, 0x6}, {0x4, 0xd, 0x1, 0x1, 0xf, 0x9}, {0x9, 0x6, 0xffff, 0x4, 0x10a, 0x7}, {0x7, 0x8, 0xf, 0x7, 0x5, 0x7}, {0x9, 0x5, 0x1, 0xffffffff, 0x74663cf0, 0x7590000}, {0x101, 0x0, 0x6, 0x8, 0xfffff9eb, 0x1ff}, {0x9, 0xe, 0x7, 0x0, 0x5, 0x3}, {0xb, 0xfffffff8, 0x9, 0x7ff, 0x3, 0x8}, {0x0, 0x9, 0xfffffff9, 0x6, 0x9, 0x53b3320}, {0x6, 0x4, 0x236e, 0x101, 0x0, 0x1}, {0x0, 0x5, 0x5, 0x1, 0x4, 0x1b}, {0xfffffffe, 0x7, 0x0, 0x1, 0x5, 0x470}, {0x6, 0x2, 0x8, 0x3, 0x5, 0x5}, {0x6, 0x3, 0xfff, 0x7, 0x800, 0x5}, {0x200, 0x9, 0xdf, 0x8ca, 0xfffffff8, 0x80}, {0x6, 0xc38, 0x2, 0x1ff, 0x200000, 0x2}, {0xac, 0x2, 0x3, 0x3, 0x8, 0x5e18}, {0x0, 0x4, 0x4, 0x1, 0x200, 0x7fff}, {0x9, 0x25a1530c, 0x4, 0x3, 0x2, 0xfffffeff}, {0x5, 0xdf, 0x7, 0x8, 0x3, 0x7}, {0x80, 0x3, 0x1ec, 0x80, 0x31c0000, 0x9d2}, {0xfffffffd, 0x7, 0x3, 0x0, 0xfff, 0x8}, {0x21a, 0x5a, 0x3, 0xe7, 0x7, 0x3}, {0x2, 0x6, 0x3, 0xfb, 0xb, 0x5aee}, {0x7, 0x3, 0x15, 0xff, 0x4, 0x2149}, {0x5, 0xffff0000, 0x5, 0x5, 0x1, 0x8}, {0xfffffe01, 0xb6, 0x400, 0x0, 0x80000001, 0x5}, {0xc, 0x7, 0xffff, 0x3, 0x3, 0x92df}, {0x5, 0x5, 0x1ff, 0x0, 0x800, 0x7}, {0x7, 0x100, 0x5, 0xd, 0xffffffff, 0x8000}, {0x0, 0xd, 0x5f, 0x8, 0xf, 0x720}, {0x200, 0xfffffffc, 0x9, 0x94b, 0x0, 0x5}, {0x80, 0x10000, 0xe50, 0xe03, 0x5, 0x1}, {0x18000000, 0x6, 0x4, 0x8, 0x0, 0x7}, {0x1ce, 0x6, 0xe, 0x2, 0x80000001, 0x9}, {0x0, 0x6, 0x5326, 0xffff8000, 0xff, 0x6}, {0x4, 0x7, 0x8001, 0x4, 0x9, 0x9}, {0x9, 0x1fd2c, 0x7ff, 0x3, 0x0, 0x85}, {0xe, 0xd3, 0x9, 0x0, 0x8, 0x90c1063}, {0xa8, 0x4, 0x2, 0x7, 0x4, 0xd6db}, {0xa5, 0xa9, 0x7, 0x8, 0x101, 0x99f}, {0x401, 0x10, 0xbc, 0x40, 0x805}, {0x9, 0x6, 0x6800000, 0xc003, 0x8000, 0x5}, {0x7, 0x0, 0x7, 0xd, 0xfffffe00, 0x800}, {0x2, 0x8, 0x0, 0x101, 0x6, 0x6}, {0x0, 0xfffffff9, 0xd94, 0x0, 0x8, 0x9}, {0x2, 0x9, 0x4, 0x8, 0x8, 0xff}, {0x8239, 0x122, 0xfff, 0x8, 0x2}, {0x0, 0x4, 0xfff, 0x0, 0x8, 0x9f}, {0x8, 0x2805ceb8, 0x8, 0x0, 0x1, 0x2}, {0x7, 0x6, 0x4, 0x0, 0x800000, 0x3}, {0x5, 0x401, 0x5, 0x7, 0x5, 0x6c}, {0x88b4, 0x1ff, 0xd, 0x1, 0xc62, 0x5d}, {0x6000, 0x0, 0x6a, 0x4, 0x1, 0xffff}, {0x7f, 0xfffffff8, 0x0, 0x2, 0x0, 0x8}, {0x9, 0x2, 0x2, 0x4cd4, 0x1, 0xe}, {0x341f, 0x7, 0x7, 0x7f, 0x6b, 0x1}, {0x5, 0x8, 0x9, 0x9, 0x6, 0x2}, {0xd2, 0x1b, 0x5, 0xa, 0x1, 0x8}, {0x7, 0x7, 0xa73, 0x9, 0x1aa5ffdc}, {0x5, 0x3, 0x7fffffff, 0x7, 0x3, 0xbe}, {0x2, 0xc000000, 0x9, 0xd, 0xac0, 0x2}, {0xc, 0x9, 0x9, 0x80000001, 0x7f, 0xe}, {0x8, 0x7, 0x9, 0x6, 0x80000001, 0x1452}, {0x6, 0x7, 0xe0000000, 0x9, 0x200, 0x5}, {0x101, 0x0, 0x98, 0x9, 0x5, 0x1}, {0x2, 0x3, 0x7fffffff, 0x200, 0x7, 0xab}, {0x1000, 0x9, 0xfffff801, 0x8001, 0xffff8577, 0x5}, {0x101, 0x5, 0x32e, 0x2, 0x5, 0x40000000}, {0x1ff, 0xcf1, 0x6, 0x4e1, 0x3, 0x4}, {0x35c3, 0x1, 0x5, 0x0, 0xffff, 0x5}, {0x4, 0xff, 0x4, 0x0, 0x4}, {0x1, 0x9eee, 0x6, 0xfffffff8, 0x7fff, 0x5}, {0xfea, 0x5, 0x8, 0x344, 0x1, 0xd}, {0x6, 0x61, 0xd, 0x5, 0x0, 0x10001}, {0x1ff, 0x80000001, 0x8, 0x7, 0x2, 0xfffffe7d}, {0x8000, 0x2, 0x159, 0x401, 0x7, 0x5}, {0x6, 0x7f, 0x2, 0x1, 0x81, 0x9}, {0x5da, 0x4, 0x7, 0xcb, 0x7, 0x5}, {0xd, 0x3, 0xedde, 0x4, 0xffff, 0x3}, {0x9, 0x5, 0xffff, 0xeda, 0x4, 0x8000}, {0xa, 0x20, 0x8000, 0x0, 0xfffffffe, 0x10000}, {0x0, 0x8, 0x1ff, 0x3, 0xff, 0x3}, {0x84, 0x10, 0xd175, 0x1, 0x9, 0x5}, {0x61f, 0x6, 0x1, 0x117, 0x7, 0x40}, {0xd6b, 0x6, 0xffffffff, 0x7, 0x1, 0x401}, {0x2, 0x1, 0x8, 0x6, 0x255, 0x1}, {0x6, 0x8, 0x2, 0x8000, 0x8000, 0xfffffff8}, {0x5, 0x3ff, 0x8, 0x7, 0xa, 0xa}, {0x400, 0xff, 0x5, 0x2000, 0x32f2, 0xfff}, {0x7, 0x0, 0xffffffff, 0x418, 0x9, 0x3}, {0x7, 0x2, 0xad7, 0x1, 0x7, 0x6}], [{0x3}, {0x0, 0x1}, {0x2, 0x1}, {}, {0x4, 0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x1, 0x1}, {0x3}, {}, {0x5}, {0x4}, {0x0, 0x1}, {0x1}, {0x1}, {0x5, 0x1}, {0x3}, {0x1, 0x1}, {0x4, 0x1}, {}, {0x4}, {0x5, 0x1}, {0x2, 0x1}, {0x3}, {0x3}, {0x1}, {0x0, 0x1}, {0x4}, {0x5, 0xc3cbf0f0294a548e}, {0x4}, {0x1, 0x1}, {0x2}, {0x4}, {0x0, 0x1}, {0x4}, {0x3, 0x1}, {0x1, 0x1}, {0x1}, {0x2, 0x1}, {}, {}, {0x4}, {0x1, 0x1}, {0x2}, {0x3}, {0x2, 0x1}, {0x4, 0x1}, {}, {0x1, 0x1}, {0x5, 0x1}, {0x1}, {0x4}, {0x0, 0x1}, {0x3, 0x7c211b9e48c3bcba}, {0x4}, {0x0, 0x2}, {0x2, 0x1}, {0x3}, {0x1, 0x1}, {0x2, 0x1}, {0x2}, {0x5, 0x1}, {0x4}, {0x0, 0x1}, {0x3}, {0x1}, {0x4}, {0x1}, {0x4}, {0x2}, {0x3}, {0x1, 0x1}, {0x1, 0x1}, {}, {0x5}, {0x5, 0x1}, {0x4}, {}, {0x2}, {0x5}, {0x0, 0x2ebbfacbdc44b7be}, {0x0, 0x1}, {0x2, 0x1}, {0x3}, {0x4}, {0x4}, {0x5}, {}, {0xc5ed572ef11534c}, {0x1}, {0x2, 0x1}, {0x1}, {}, {0x1}, {0x2, 0x1}, {0x2}, {0x3, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x5}, {0x0, 0x1}, {0x1}, {0x5}, {0x5, 0x1}, {0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x1}, {0x1}, {0x0, 0x1}, {0x5}, {}, {0x5, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x2}, {0x5, 0x2}, {0x2, 0x1}, {0x4}, {0x2, 0x1}, {0x0, 0x1}, {0x1}, {0x1, 0x1}, {0x5}]}}]}, {0x67, 0x6, "99cc4ad3078af5dbee360b01f304c042234e37a00cf32d755495d292d57f8b9c1df52cd6abda60e61905b0327bd76f6002e23c86f23d673d48cde1a95af21e07c85fdef3a41375207b1cbdb8fcc616c4156d08ae219d817ce6f80a3d371f061d34d7b9"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x1e34}, 0x1, 0x0, 0x0, 0x804}, 0x4040001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x4000000002) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0) ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000280)={{0x5}, 'syz1\x00', 0x10}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00f7ffffff1e00ff130012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0) ioctl$UI_DEV_CREATE(r4, 0x5501) ioctl$UI_DEV_DESTROY(r4, 0x5502) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a580000afe48000060a09040000000000000000020000002c000480280001800a00010072616e676500004000000000040003800900010073797a30000000000900020073797a32000000001400000011000100000000fcff0000000000000a00"/131], 0x80}}, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000100000000001a00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0xf, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r8, 0x0, 0x10, 0x38, &(0x7f00000002c0)="0000000003000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={&(0x7f0000000640)="008ba4026138c95a77702660e19b133bfedf8a271b4ad23f2eb8947da7ee3404ea6ade7b0f1b3f46fa52a8f3472b5796b7f7905b9138aec4bd45b74f59804a11a53c3cab209986c2a7d6656827383da29c2dd36b89e35cb527068e0e5955fd6ce4fc6a3100bb3e069cc786edc9ee9defaecac60d683fbd0266487c201b41dd71598d474cd2603d4c8902c2e3da0d16864520815ef855f5e199c154ac130a84fc9f31ce794e632cb7cb735c656e53c56369b8080b8624e72120a67262b2028d33cfbcc26ba8fd7884bf849bfb7fbc202e8a1172743eb7ea299099ea769cecd5c65f850c727c3f10f4", &(0x7f00000004c0)=""/72, &(0x7f0000000740)="effc933fe97c092030ca0851ca0cc117e36a7e03595e3af0c20ebb7e88059987afe046f064cfa53bb46c81b7863201e3f94db67db895893f0f", &(0x7f00000007c0)="df74c55f844757ee72779411b6043dd1c270b9048ad1f690a1dd3174496dc63d4f16ba8ef113afbf4139d33458e94867b75fd01544123aeb56aa0f50817c7bb7eef34c440e32c12df88697d1ffa6fe1a918b750f3768ac90aaa83e573281748a56722a4805", 0x1, 0xffffffffffffffff, 0x4}, 0x38) 1.294052168s ago: executing program 1 (id=3197): syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r0 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x7b3c, 0x10100, 0x0, 0x600000}, &(0x7f00000002c0)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 1.29370142s ago: executing program 2 (id=3198): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000012c0)=ANY=[@ANYBLOB="cc1a00001b00d11582dc00000000000000000000000000000000000000000000fe88000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0008000800080000000200"], 0xcc}}, 0x0) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="54000000120001032dbd700000000000090000dc00"/56, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000f1002000000000000000000000d38fb9b682e8a229a6656be309860443eea4808cdf76ba24601d9ab594a61a85ef938b2c9b2fb567d9d66bfa45ec8ffd47ab453ff504bd6dd9e8f00f02000000000000008062e71bd35fee89423c3bd0a1554595afdf19e2796bfb237b5b92e9f06e91a4d4fc30998abf1b4b42b7c49f1ba4566342fbc8c4a5a1312cae083f4361f1c6eafecb"], 0x54}}, 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r4}, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) socket$alg(0x26, 0x5, 0x0) r7 = openat$pidfd(0xffffff9c, &(0x7f0000000100), 0x80, 0x0) pidfd_send_signal(r7, 0x30, &(0x7f0000000140)={0x11, 0x4, 0x6}, 0x0) r8 = socket$kcm(0x10, 0x2, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000e00)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004070000000000000500000000000e1ff95000000000000002ba76bb33123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee04000000670d25010000020000040000009fc404000000c788b277beee11bf9b0a4def23d410f6accd3641110bec4e90a6341965dac03d04683712a0b09edc9e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e3e8eea3fd8cf49827ca311f5b87e1ca8433a8acd715f5888b2007f0000000000000000010000000000fb00010000000000414027efc84293af6a22000000005335001db43a5c000000000000000024000000000000000000e75a89faff01210cce39bf405f1e846c1242000000000000cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617da7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c30891f7e5ff7fd6fce424c2200af6c3784a1975fa657de38a3a32a4fd67ce446ac5431d07db79240acaf091231b986e77d05d988d6edc71df48dca02113a38300c2bf2b5543ffc1669557b3819d8c396d2c2361629d1022f722ec23812770d72cd0010000007889b8c7044f563a1f68d4eff895fdbc463f747c08f40105869035000000000000000000000000000000000000000000000000080000003ddf4aa4b1c8baa0ae6feb6737c275dc2740f742b5425f1d581961471cdb0500000000000000d4123f955267fe4a75c114f874e086287547d4099aeec9f1538ee25a365ccf4a9b604e88e12ff25184d4e3c6f7f623559435b26b50fb7113000000f0bc440550ee91302f5a000000000000000000000000006d0000e67ccc00148ac4c43021cce9f24f4b2f9492c32e7af05c648978d9980ba49789906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec2c3f4523110c0acef5383b5a2720caeb68f1e9c05b05d89467ded84da093dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696ad3a042a7097ddefe0671f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32881dfd15dc84e79d326337e21e041654f06bd7f000000000000000000000000000000282ffe0000000009350cfa3ab109ab4a7d95938c5334a0dd177f1a7389ee570d95e543a27546d3770740f354df6dd6b1bfe4104d2262f33f596d606ccce75a3c3d5f9ad94a7316b0c6ad14f1398a6b39b07121f636da418b34d48677cf8d2d99ee8ac50142bcdcc73dd73cc6ec46896ffb35ac82ac7a9309ea07396d2814dc630ad1a9913934849be25f7b81b59aaa9fa2e9d6ecafcfa1de81b2d3581ab1138537f98d2240b6c2bf40569da4e2bb77532ab9220347d78319617d17e14f7331486e86b2145980b95c88ae11b1c6b6ea6c2b2311d6ce6315cc451dd50ac746acd59d075b41f9a747894956b10453ccf6527d8f579256e9849bbaf6c7c84362209d3d2320101d57"], &(0x7f0000000140)='GPL\x00'}, 0x94) setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f00000002c0)=r9, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="020000000400000006000000aa0b"], 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000940), &(0x7f0000000200), 0xa7c, r10}, 0x38) setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff0c048862d5058e974ff12027026e000207835eeb1317b208feefaf234b080000004c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0700c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419540a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1", 0x118) gettid() rt_sigaction(0x24, &(0x7f0000000040)={&(0x7f00000001c0)="f30f00cff365d9ff360fae416c2e652e660f5b5f27a1ce2a1e2ec4e3ed0f43fff10ffbb39c0c00008fc9a893a4d502000000f26567774367f2ab16e1450f0f1d060000001dc4627dad4d660808646466f3d74e25974e259709b60000", 0x48000004, 0x0, {[0x9, 0x400]}}, 0x0, 0x8, &(0x7f0000000240)) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) 1.292464182s ago: executing program 1 (id=3199): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) r1 = openat$nvram(0xffffff9c, &(0x7f0000000080), 0x121000, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r4, @ANYBLOB="01"], 0x3c}}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x0, 0x0, r1, 0x40, '\x00', r4, 0xffffffffffffffff, 0x1, 0x1, 0x2}, 0x50) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@ipv4_delrule={0x50, 0x21, 0x200, 0x70bd26, 0x25dfdbfc, {0x2, 0x80, 0x0, 0x5, 0x6, 0x0, 0x0, 0x6, 0x8}, [@FRA_GENERIC_POLICY=@FRA_SUPPRESS_IFGROUP={0x8, 0xd, 0x5}, @FRA_SRC={0x8, 0x2, @empty}, @FRA_GENERIC_POLICY=@FRA_FWMASK={0x8, 0x10, 0x8}, @FRA_GENERIC_POLICY=@FRA_TABLE={0x8, 0xf, 0x3}, @FRA_FLOW={0x8, 0xb, 0x9}, @FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x9}]}, 0x50}, 0x9}, 0x0) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mknodat$loop(0xffffffffffffffff, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) mkdir(&(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00') sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00"], 0x48}}, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0), 0x492492492492627, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x800c5011, &(0x7f0000000040)) io_uring_setup(0x7327, &(0x7f00000000c0)={0x0, 0xebcc, 0x1, 0x1, 0x24}) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000140)=0x4) close_range(r0, 0xffffffffffffffff, 0x0) 1.090775902s ago: executing program 0 (id=3201): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000000)={0x0, 0xf00, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000001714b57900000000000000000800010000000000080003"], 0x20}}, 0x0) 1.090458039s ago: executing program 0 (id=3202): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket$unix(0x1, 0x2, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni-avx2\x00'}, 0x58) r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r3, 0x800442d3, &(0x7f0000000680)={0x0, 0x10, 0xb21e, @random="c3a3e5c1548e", 'ip6tnl0\x00'}) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f00000001c0)=[{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000000)="b7d37722b521b85429d41476c2e9e568de9de94a04f87186d6d3fcb035ef996ad0623f3d53843019e54cc547", 0x2c}, {&(0x7f0000000540)="cf1607220e39070b08485896e9ca94dc0fd0e62bbbc644a3351e17c601af68d4a4f0f73917", 0x25}, {&(0x7f0000000080)="36e0fd03e9daffda1a6ea08bb80f18b72c0f9f034a06c492", 0x18}], 0x3, &(0x7f0000000700)=ANY=[@ANYBLOB="58000000170100000200000047000000c10dfcb4cf3bb39b3c68799af299212a6b249090d0d4bf32e933e7231c10bff2243c818529c46f75f1da12ec05f9ec20009a1db6b08ccda53b77dd0af8a540da2ddae0f8dd1c1300ed94c5dd3dae9933d9e375f2b613ee3b9d3d87862b4c18ccd761ece9eaf3a3c8b037857fc302fe0573fd7bf2e7ef807240be3bcffa63de44cc89582622"], 0x58, 0x8000}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x80) r5 = request_key(&(0x7f0000000040)='rxrpc_s\x00', &(0x7f0000000180)={'syz', 0x0}, &(0x7f0000000300)='skcipher\x00', 0xfffffffffffffffb) r6 = add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @auto=[0x30, 0x63, 0x39, 0x30, 0x30, 0x66, 0x33, 0x36, 0x30, 0x39, 0x61, 0x66, 0x62, 0x32, 0x36, 0x66]}, &(0x7f00000007c0)={0x0, "1644f53ee2e7751c6d3b490f56bb60c78781d9a6008c272f5b14768517d45cb751303ade82859d169b85cf784235dae6a94bc89c76162bbd5e82a8a668e91874", 0x30}, 0x48, 0xfffffffffffffffc) keyctl$instantiate(0xc, r5, &(0x7f0000000340)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'cbc-camellia-aesni-avx2\x00'}, 0x42, r6) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000580), &(0x7f0000000140)=0xffffffffffffff1d) bind$unix(r1, &(0x7f00000003c0)=@abs={0x1}, 0x2) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000001714b57900000000000000000800010000000000080003"], 0x20}}, 0x0) 1.026206635s ago: executing program 0 (id=3203): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) 1.025872385s ago: executing program 0 (id=3204): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x300, 0x80000000, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x6a, 0x1, {0xe4b, 0x11e41e76, 0x10000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x36) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$rxrpc(0x21, 0x2, 0xa) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000005c0)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x1000000) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) 1.003636231s ago: executing program 3 (id=3205): r0 = socket$phonet(0x23, 0x2, 0x1) r1 = openat$zero(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_SEND(r0, 0x40449426, &(0x7f0000000100)={{r1}, 0x7, &(0x7f00000000c0)=[0x4, 0x6, 0x0, 0x9, 0x1, 0x8, 0x401], 0x80, 0x3, 0x1}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000180)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="0100000000000000000003000000040025017d399021f1448e615f2fdb14044dcde90a7070a915690be81e0ed2e7e668dcd7b6fab68252f79f11f787a312df0dfdfffffffffffffff63feb1c924c8dc6352a1f68dc29048726097df7b8b5395b05485e41d9a5fd1ed61a96d63cc337d166e668c840660424f165034ecbb428f2a1"], 0x18}}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wg2\x00'}) 916.000423ms ago: executing program 3 (id=3206): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB="04010000100001002bbd7000f4dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0000000008000200140003006e657464657673696d300000000000000a000100aaaaaaaaaaaa0000c4001680c000018010000600070080008d8700000800000077000c"], 0x104}, 0x1, 0x0, 0x0, 0x4044810}, 0x0) 915.457718ms ago: executing program 3 (id=3207): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x64040, 0xd0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$caif_seqpacket(0x25, 0x5, 0x1) r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x62ed, 0x20000, 0x3, 0x30b, 0x0, r0}, &(0x7f00000003c0)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x4004004, 0x1}) io_uring_enter(r4, 0x47f9, 0x0, 0x7, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x200}, 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000440)={{0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x18, 0x7fff}, 0x0, 0x0, 0x9, 0x4, 0xf3a, 0x8, 0x0, 0x5, 0x3, 0x81}) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r7, 0xc0a85320, &(0x7f0000000180)={{0x80}, 'port0\x00', 0x7e, 0xa1c07, 0x6, 0x0, 0x100000}) epoll_create(0x101) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x18557f, 0x0) socket$inet(0x2, 0x2, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) r9 = openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r9, 0xc0d05640, &(0x7f00000001c0)={0x4, @pix={0x0, 0x0, 0x34565559, 0x0, 0x2000000, 0x0, 0x25, 0xfffffffd, 0x0, 0x3}}) sendmsg$nl_xfrm(r8, &(0x7f0000000080)={0x0, 0xfffffffffffffe9b, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYRESOCT=r7], 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x20040810) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) syz_open_dev$usbfs(0x0, 0x75, 0x40082) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, &(0x7f0000000300)={{@host, 0xd}, 0x1}) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00') read$FUSE(r10, &(0x7f0000002280)={0x2020}, 0x2020) pread64(r10, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 812.923955ms ago: executing program 2 (id=3208): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x18, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x0) (fail_nth: 3) 674.555072ms ago: executing program 2 (id=3209): creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00001f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2", @ANYRESOCT, @ANYBLOB="460e13d96702e5b7be2eac7408294accaa1e89e56c10eca2d5a4a2"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x4000}, 0x10}, 0x94) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x8, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x1}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x18, &(0x7f0000000380)=ANY=[@ANYRES64=r0, @ANYRES32=r1, @ANYBLOB="00000000040000001a77100008000000b7080000000000007b8af8ff00000000b70800000c0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r1, @ANYBLOB="6383c68100000000dc3e10c5c71a463fb200000000b705000008000024ae362dd3bb1deafc6fd33c7b", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000007f7c0038c6070000185300000800"/56], &(0x7f0000000280)='syzkaller\x00', 0x8, 0x3d, &(0x7f0000000440)=""/61, 0x41000, 0x28, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000480)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x3, 0xe, 0x4}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000500)=[{0x0, 0x3, 0xb, 0x2}], 0x10, 0x8001}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0xf2, 0x1}}, 0x3c) 330.550836ms ago: executing program 1 (id=3210): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 246.309025ms ago: executing program 1 (id=3211): syz_emit_ethernet(0x2a, &(0x7f0000000100)={@multicast, @random="8a0a63cdec59", @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x14}, @remote}}}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r1, 0x8910, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_map={0x7, 0xab54, 0x512c, 0x6, 0x9, 0x5}}) prctl$PR_SCHED_CORE(0x53564d41, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0xf, &(0x7f0000000580)={&(0x7f0000000780)=ANY=[@ANYRESOCT=r1, @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100766c616e0040009c9d0f263f757d000c00028006f0333c00050000000000314ee587f8069fc19584d6ecb4debd1a3cbcc611fdf95e9bd2f0e7bd166de5c173e862cb9ba1e2ddcbfd45f6e28abdcaf4f9ca7f4c85348718d4ceaffbf3d1f97c6382c4141ff78074277b4138616924391bfb316d2263b6024944438bdbf56ae4d41edcfeaba57f4ce6ec75a8eb718093bf7dd104ac645a72a0415671e008bcadb25ab8af0959c652688443997c81"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_PROTOCOLS(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000040)={&(0x7f0000000240)={0x44, 0x0, 0x10, 0x70bd2b, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @empty}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @loopback}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8010}, 0x40000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x3bc, 0x1e4, 0x9403, 0x0, 0x1e4, 0x2c0, 0x2f4, 0x3d8, 0x3d8, 0x2f4, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x1bc, 0x1e4, 0x0, {}, [@common=@srh1={{0x8c}, {0x6, 0x8a, 0x1, 0xb, 0x3, @mcast2, @local, @local, [0x0, 0xffffffff, 0x0, 0xffffffff], [0xffffff00, 0xff000000, 0xffffff00, 0xff], [0xffffffff, 0xff000000, 0x0, 0x7550ccb710be24b3], 0x8, 0x2006}}, @common=@srh1={{0x8c}, {0x16, 0xb9, 0x50, 0x40, 0x3, @remote, @private2={0xfc, 0x2, '\x00', 0xfe}, @ipv4={'\x00', '\xff\xff', @remote}, [0xff, 0xffffff00, 0x0, 0xff000000], [0xffffff00, 0xff000000, 0xff000000], [0x0, 0xffffffff, 0x0, 0xff000000], 0x407, 0x1060}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x2, 0x1}, {0x2, 0x3}}}}, {{@uncond, 0x0, 0xc8, 0x110, 0x0, {}, [@inet=@rpfilter={{0x24}, {0x1}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x418) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) unshare(0x2000000) r6 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000000c0), 0x1048b, 0x0) sendmsg$NL80211_CMD_GET_WIPHY(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="1400", @ANYRES16, @ANYBLOB="01000100f021644460b0310eb0c8f97074de6bb84a53e60fce8457c0f082fce1166086b2e850149579d38e43d6877d8fba32cc0dd9d362cedb08ac8465c7b7dec29b468e8600156111eb8837e26b5c82f328a8725e99755f60062bd9c49a962a978b117d58de39d26f21184575445e6e8427631cd3ee755c9e791b4b5d2e3c78b9124c9835d1f7534f0be9a6669c990df04f1d3b60d27c066ca4c953540c1600fe56ec7a66242feaa44424d08be0959b89fef4807807119c5f821880b3604848006828d891339519ef926c156ee43b8b9a02a176703916690dc69cc2b72dbbef89ce33ca845060869af8bc"], 0x14}, 0x1, 0x0, 0x0, 0x400c880}, 0x0) setsockopt$sock_timeval(r5, 0x1, 0x15, &(0x7f0000000140)={0x0, 0x7530}, 0x10) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r7, 0x84, 0x0, &(0x7f0000000040)={r9, 0xd87, 0xffffffff, 0x4}, 0x10) 245.923564ms ago: executing program 1 (id=3212): mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x200000e, 0x6c033, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80801) r1 = syz_clone(0x11, 0x0, 0xb, 0x0, 0x0, 0x0) r2 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r2, 0x0) r3 = getpgid(r1) r4 = syz_pidfd_open(r3, 0x0) pidfd_send_signal(r4, 0x0, 0x0, 0x4) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) dup(0xffffffffffffffff) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000068000/0x1000)=nil, 0x1000}, 0x1}) mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil) 309.587µs ago: executing program 0 (id=3213): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6}]}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14, 0x10}}, 0xb4}, 0x1, 0x0, 0xfffe}, 0x0) 99.054µs ago: executing program 1 (id=3214): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) io_uring_register$IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x1d, &(0x7f0000000000)={0x1}, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xb635773f06ebbee9, 0x11, 0xffffffffffffffff, 0x2000) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) recvmmsg(r2, 0x0, 0x0, 0x40002163, 0x0) ioctl$int_out(r1, 0x0, &(0x7f0000000040)) openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0) r4 = dup2(r1, r2) ioctl$VIDIOC_SUBDEV_G_CROP(r4, 0xc038563b, &(0x7f0000000080)={0x2, 0x0, {0x4, 0x2, 0x401, 0x3623b8f8}}) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f3, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x0, 0xab00, 0xfffffffe, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @empty}}}}) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000180)=@default_ibss_ssid, 0x6, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018", @ANYRESHEX, @ANYRESHEX=r5], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r7}, 0x25) r8 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r8, 0x29, 0x2c, &(0x7f0000000180)={0x3, {{0xa, 0x4e20, 0xa42, @mcast1, 0xbf9}}, {{0xa, 0x4e24, 0xc7e2, @empty, 0xfffffe01}}}, 0x108) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000040)=0x1) 0s ago: executing program 0 (id=3215): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff034}, {0x6, 0x0, 0x0, 0x2}]}, 0x8) sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x439, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21801, 0x1107}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2f}}, @IFLA_IPTUN_6RD_RELAY_PREFIXLEN={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x4048084) kernel console output (not intermixed with test programs): 16572] bridge0: port 2(bridge_slave_1) entered blocking state [ 501.202191][T16572] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.204202][T16572] bridge_slave_1: entered allmulticast mode [ 501.206905][T16572] bridge_slave_1: entered promiscuous mode [ 501.244043][T16572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 501.248404][T16572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 501.288685][T16572] team0: Port device team_slave_0 added [ 501.301615][T16572] team0: Port device team_slave_1 added [ 501.307914][ T1145] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.311869][ T1145] netdevsim netdevsim3 eth0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 501.450869][T16572] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 501.453233][T16572] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 501.461274][T16572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 501.466867][T16572] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 501.469036][T16572] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 501.477346][T16572] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 501.541354][ T5946] Bluetooth: hci3: command tx timeout [ 501.629229][T16572] hsr_slave_0: entered promiscuous mode [ 501.632333][T16572] hsr_slave_1: entered promiscuous mode [ 502.200530][T16603] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2383'. [ 502.268202][T16604] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2383'. [ 502.388938][ T1145] bond0 (unregistering): left promiscuous mode [ 502.515046][ T1145] bond1 (unregistering): (slave macvlan2): Releasing active interface [ 502.518277][ T1145] macvlan2 (unregistering): left promiscuous mode [ 502.526361][ T1145] bond0 (unregistering): Released all slaves [ 502.533308][ T1145] bond1 (unregistering): Released all slaves [ 502.647089][ T1145] : left promiscuous mode [ 502.780638][ T1145] tipc: Left network mode [ 503.005773][ T840] usb 6-1: new low-speed USB device number 20 using dummy_hcd [ 503.005827][ T5946] Bluetooth: hci0: command tx timeout [ 503.120796][ T1145] hsr_slave_0: left promiscuous mode [ 503.125144][ T1145] hsr_slave_1: left promiscuous mode [ 503.155402][ T1145] veth1_macvtap: left promiscuous mode [ 503.157229][ T1145] veth0_macvtap: left promiscuous mode [ 503.159028][ T1145] veth1_vlan: left promiscuous mode [ 503.161856][ T1145] veth0_vlan: left promiscuous mode [ 503.166982][ T840] usb 6-1: Invalid ep0 maxpacket: 9 [ 503.196124][T16622] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2385'. [ 503.306234][ T840] usb 6-1: new low-speed USB device number 21 using dummy_hcd [ 503.386751][ T6024] usb 7-1: USB disconnect, device number 14 [ 503.428104][T16628] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2385'. [ 503.466131][ T840] usb 6-1: Invalid ep0 maxpacket: 9 [ 503.472120][ T840] usb usb6-port1: attempt power cycle [ 503.764833][ T5946] Bluetooth: hci3: command tx timeout [ 503.829147][ T840] usb 6-1: new low-speed USB device number 22 using dummy_hcd [ 503.850753][ T840] usb 6-1: Invalid ep0 maxpacket: 9 [ 503.991670][ T840] usb 6-1: new low-speed USB device number 23 using dummy_hcd [ 504.012223][ T840] usb 6-1: Invalid ep0 maxpacket: 9 [ 504.014102][ T840] usb usb6-port1: unable to enumerate USB device [ 504.326303][T16623] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 504.391783][T16572] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 504.396628][T16572] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 504.410584][T16572] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 504.414940][T16572] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 504.453812][T16572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 504.462585][T16572] 8021q: adding VLAN 0 to HW filter on device team0 [ 504.488815][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 504.491065][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 504.497935][ T9643] bridge0: port 2(bridge_slave_1) entered blocking state [ 504.499943][ T9643] bridge0: port 2(bridge_slave_1) entered forwarding state [ 504.653331][T16572] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 504.656964][ T1145] IPVS: stop unused estimator thread 0... [ 504.687644][T16572] veth0_vlan: entered promiscuous mode [ 504.693934][T16572] veth1_vlan: entered promiscuous mode [ 504.709029][T16572] veth0_macvtap: entered promiscuous mode [ 504.712619][T16572] veth1_macvtap: entered promiscuous mode [ 504.721524][T16572] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 504.729709][T16572] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 504.735180][ T9643] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 504.738791][ T9643] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 504.744915][ T9643] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 504.749209][ T9643] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 504.781125][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 504.783559][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 504.797151][ T9643] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 504.799803][ T9643] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 505.315895][ T5946] Bluetooth: hci0: command tx timeout [ 505.370988][T16663] syzkaller1: entered promiscuous mode [ 505.372723][T16663] syzkaller1: entered allmulticast mode [ 505.743958][T16679] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2392'. [ 505.757878][T16679] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2392'. [ 506.400976][T16690] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2396'. [ 506.543400][T16691] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 506.593893][T16691] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2396'. [ 507.206625][T16702] fuse: Bad value for 'group_id' [ 507.209437][T16702] fuse: Bad value for 'group_id' [ 507.528015][ T5946] Bluetooth: hci0: command tx timeout [ 509.900683][T16741] hugetlbfs: Unknown parameter 'nr' [ 510.910926][ T40] audit: type=1804 audit(1760390333.426:954): pid=16760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2415" name="/newroot/22/file0" dev="tmpfs" ino=132 res=1 errno=0 [ 510.929521][T16759] /dev/sr0: Can't open blockdev [ 511.033841][T16763] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.036534][T16763] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.116000][T16763] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 511.128842][T16763] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 511.247186][ T1145] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.250991][ T1145] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.254737][ T1145] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.258719][ T1145] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.369018][T16775] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2421'. [ 511.376246][T16773] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 511.392441][T16776] netlink: 'syz.3.2420': attribute type 3 has an invalid length. [ 511.394881][T16776] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2420'. [ 511.565583][T16778] overlay: Bad value for 'xino' [ 511.575975][T16778] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 512.364988][T16801] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2428'. [ 512.368655][T16801] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2428'. [ 512.755851][T16806] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 512.758575][T16806] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 512.761996][T16806] vhci_hcd vhci_hcd.0: Device attached [ 512.787294][T16806] loop2: detected capacity change from 0 to 7 [ 512.796564][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 512.800362][ C1] buffer_io_error: 334 callbacks suppressed [ 512.800376][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 512.809916][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 512.814564][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 512.818848][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 512.822643][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 512.828073][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 512.832679][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 512.841852][ C2] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 512.845756][ C2] Buffer I/O error on dev loop2, logical block 0, async page read [ 512.850549][ C2] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 512.854603][ C2] Buffer I/O error on dev loop2, logical block 0, async page read [ 512.858969][ C2] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 512.862961][ C2] Buffer I/O error on dev loop2, logical block 0, async page read [ 512.866708][T14444] ldm_validate_partition_table(): Disk read failed. [ 512.874749][ C2] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 512.878520][ C2] Buffer I/O error on dev loop2, logical block 0, async page read [ 512.890862][ C2] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 512.894661][ C2] Buffer I/O error on dev loop2, logical block 0, async page read [ 512.899963][ C2] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 512.903560][ C2] Buffer I/O error on dev loop2, logical block 0, async page read [ 512.912902][T14444] Dev loop2: unable to read RDB block 0 [ 512.922537][T16809] input: syz0 as /devices/virtual/input/input25 [ 512.943285][T14444] loop2: unable to read partition table [ 512.948168][T14444] loop2: partition table beyond EOD, truncated [ 513.056325][ T1021] usb 43-1: new low-speed USB device number 3 using vhci_hcd [ 513.178767][T16812] netlink: 'syz.1.2432': attribute type 21 has an invalid length. [ 513.181421][T16812] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2432'. [ 513.185335][T16812] netlink: 'syz.1.2432': attribute type 5 has an invalid length. [ 513.188305][T16812] netlink: 'syz.1.2432': attribute type 6 has an invalid length. [ 513.191219][T16812] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2432'. [ 513.318317][T16806] ldm_validate_partition_table(): Disk read failed. [ 513.323036][T16806] Dev loop2: unable to read RDB block 0 [ 513.329713][T16806] loop2: unable to read partition table [ 513.332332][T16806] loop2: partition table beyond EOD, truncated [ 513.335930][T16806] loop_reread_partitions: partition scan of loop2 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 513.403750][ T5353] ldm_validate_partition_table(): Disk read failed. [ 513.406646][ T5353] Dev loop2: unable to read RDB block 0 [ 513.409699][ T5353] loop2: unable to read partition table [ 513.410024][T16818] binder: BC_ACQUIRE_RESULT not supported [ 513.411616][ T5353] loop2: partition table beyond EOD, truncated [ 513.414150][T16818] binder: 16817:16818 ioctl c0306201 80000140 returned -22 [ 513.502572][ T40] audit: type=1326 audit(1760390335.849:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16827 comm="syz.2.2437" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x0 [ 513.579031][T16831] FAULT_INJECTION: forcing a failure. [ 513.579031][T16831] name failslab, interval 1, probability 0, space 0, times 0 [ 513.584155][T16831] CPU: 1 UID: 0 PID: 16831 Comm: syz.1.2438 Not tainted syzkaller #0 PREEMPT(full) [ 513.584175][T16831] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 513.584184][T16831] Call Trace: [ 513.584202][T16831] [ 513.584210][T16831] dump_stack_lvl+0x16c/0x1f0 [ 513.584237][T16831] should_fail_ex+0x512/0x640 [ 513.584259][T16831] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 513.584281][T16831] should_failslab+0xc2/0x120 [ 513.584295][T16831] kmem_cache_alloc_node_noprof+0x78/0x770 [ 513.584313][T16831] ? __alloc_skb+0x2b2/0x380 [ 513.584336][T16831] ? __alloc_skb+0x2b2/0x380 [ 513.584353][T16831] __alloc_skb+0x2b2/0x380 [ 513.584372][T16831] ? __pfx___alloc_skb+0x10/0x10 [ 513.584392][T16831] ? genl_rcv_msg+0x480/0x800 [ 513.584406][T16831] ? genl_rcv_msg+0x4bb/0x800 [ 513.584425][T16831] netlink_ack+0x15d/0xb80 [ 513.584452][T16831] netlink_rcv_skb+0x332/0x420 [ 513.584474][T16831] ? __pfx_genl_rcv_msg+0x10/0x10 [ 513.584489][T16831] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 513.584519][T16831] ? netlink_deliver_tap+0x1ae/0xd30 [ 513.584542][T16831] genl_rcv+0x28/0x40 [ 513.584555][T16831] netlink_unicast+0x5aa/0x870 [ 513.584579][T16831] ? __pfx_netlink_unicast+0x10/0x10 [ 513.584608][T16831] netlink_sendmsg+0x8c8/0xdd0 [ 513.584632][T16831] ? __pfx_netlink_sendmsg+0x10/0x10 [ 513.584654][T16831] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 513.584669][T16831] ____sys_sendmsg+0xa98/0xc70 [ 513.584684][T16831] ? __pfx_____sys_sendmsg+0x10/0x10 [ 513.584713][T16831] ? get_compat_msghdr+0x11a/0x170 [ 513.584736][T16831] ___sys_sendmsg+0x134/0x1d0 [ 513.584755][T16831] ? __pfx____sys_sendmsg+0x10/0x10 [ 513.584779][T16831] ? find_held_lock+0x2b/0x80 [ 513.584807][T16831] __sys_sendmsg+0x16d/0x220 [ 513.584824][T16831] ? __pfx___sys_sendmsg+0x10/0x10 [ 513.584847][T16831] ? rcu_is_watching+0x12/0xc0 [ 513.584866][T16831] __do_fast_syscall_32+0x7c/0x300 [ 513.584885][T16831] do_fast_syscall_32+0x32/0x80 [ 513.584905][T16831] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 513.584920][T16831] RIP: 0023:0xf708d579 [ 513.584929][T16831] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 513.584939][T16831] RSP: 002b:00000000f547d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 513.584951][T16831] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 513.584958][T16831] RDX: 000000000000c000 RSI: 0000000000000000 RDI: 0000000000000000 [ 513.584965][T16831] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 513.584971][T16831] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 513.584978][T16831] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 513.584992][T16831] [ 513.703133][T16807] vhci_hcd: connection reset by peer [ 513.707896][ T12] vhci_hcd: stop threads [ 513.709485][ T12] vhci_hcd: release socket [ 513.710962][ T12] vhci_hcd: disconnect device [ 514.370967][T16840] macvtap1: entered promiscuous mode [ 514.373449][T16840] veth1_to_hsr: entered promiscuous mode [ 514.376021][T16840] macvtap1: entered allmulticast mode [ 514.378289][T16840] veth1_to_hsr: entered allmulticast mode [ 514.395970][T16840] macvtap2: entered promiscuous mode [ 514.398348][T16840] macvtap2: entered allmulticast mode [ 514.545495][T16852] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2444'. [ 514.554251][T16852] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2444'. [ 514.572028][T16850] bridge0: entered allmulticast mode [ 514.574797][T16850] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2445'. [ 514.578841][T16850] bridge_slave_1: left allmulticast mode [ 514.581254][T16850] bridge_slave_1: left promiscuous mode [ 514.583831][T16850] bridge0: port 2(bridge_slave_1) entered disabled state [ 514.588943][T16850] bridge_slave_0: left allmulticast mode [ 514.591504][T16850] bridge_slave_0: left promiscuous mode [ 514.594330][T16850] bridge0: port 1(bridge_slave_0) entered disabled state [ 514.616805][T16850] bridge0 (unregistering): left allmulticast mode [ 514.764131][T16856] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 514.822530][T16857] netlink: 'syz.1.2446': attribute type 3 has an invalid length. [ 514.825411][T16857] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2446'. [ 514.826741][T16856] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 515.161756][ T840] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 515.321508][ T840] usb 8-1: Using ep0 maxpacket: 8 [ 515.325130][ T840] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 515.327624][ T840] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 515.331306][ T840] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 515.334888][ T840] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 515.339810][ T840] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 515.345877][ T840] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 515.350304][ T840] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.454091][ T40] audit: type=1326 audit(1760390337.673:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16869 comm="syz.2.2450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 515.461012][ T40] audit: type=1326 audit(1760390337.673:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16869 comm="syz.2.2450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 515.468468][ T40] audit: type=1326 audit(1760390337.673:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16869 comm="syz.2.2450" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 515.476411][ T40] audit: type=1326 audit(1760390337.673:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16869 comm="syz.2.2450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 515.482852][ T40] audit: type=1326 audit(1760390337.673:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16869 comm="syz.2.2450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 515.490448][ T40] audit: type=1326 audit(1760390337.673:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16869 comm="syz.2.2450" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 515.497444][ T40] audit: type=1326 audit(1760390337.673:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16869 comm="syz.2.2450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 515.505134][ T40] audit: type=1326 audit(1760390337.673:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16869 comm="syz.2.2450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 515.574444][ T840] usb 8-1: GET_CAPABILITIES returned 0 [ 515.576876][ T840] usbtmc 8-1:16.0: can't read capabilities [ 516.686729][T16895] netlink: 'syz.0.2457': attribute type 3 has an invalid length. [ 516.792146][T16907] sctp: [Deprecated]: syz.0.2461 (pid 16907) Use of struct sctp_assoc_value in delayed_ack socket option. [ 516.792146][T16907] Use struct sctp_sack_info instead [ 516.871526][T16910] __nla_validate_parse: 5 callbacks suppressed [ 516.871537][T16910] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2458'. [ 516.879547][T16910] batadv1: entered allmulticast mode [ 516.929949][T16914] input: syz1 as /devices/virtual/input/input26 [ 517.697374][T16953] netlink: 148 bytes leftover after parsing attributes in process `syz.2.2469'. [ 517.703042][ T40] kauditd_printk_skb: 45 callbacks suppressed [ 517.703052][ T40] audit: type=1326 audit(1760390339.778:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16951 comm="syz.2.2469" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 517.714682][ T40] audit: type=1326 audit(1760390339.778:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16951 comm="syz.2.2469" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 517.721776][ T40] audit: type=1326 audit(1760390339.778:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16951 comm="syz.2.2469" exe="/syz-executor" sig=0 arch=40000003 syscall=182 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 517.729206][ T40] audit: type=1326 audit(1760390339.778:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16951 comm="syz.2.2469" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 517.735633][ T40] audit: type=1326 audit(1760390339.778:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16951 comm="syz.2.2469" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 517.742392][ T40] audit: type=1326 audit(1760390339.778:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16951 comm="syz.2.2469" exe="/syz-executor" sig=0 arch=40000003 syscall=241 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 517.749025][ T40] audit: type=1326 audit(1760390339.778:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16951 comm="syz.2.2469" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 517.756312][ T40] audit: type=1326 audit(1760390339.778:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16951 comm="syz.2.2469" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 517.765963][ T40] audit: type=1326 audit(1760390339.778:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16951 comm="syz.2.2469" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 517.775898][ T40] audit: type=1326 audit(1760390339.778:1018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16951 comm="syz.2.2469" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 518.346959][ T60] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 518.532184][ T60] usb 6-1: config index 0 descriptor too short (expected 39, got 27) [ 518.534588][ T60] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 518.537199][ T60] usb 6-1: config 0 interface 0 has no altsetting 0 [ 518.550128][ T1021] vhci_hcd: vhci_device speed not set [ 518.551478][ T60] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 518.554793][ T60] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 518.556989][ T60] usb 6-1: Product: syz [ 518.558132][ T60] usb 6-1: Manufacturer: syz [ 518.559266][ T60] usb 6-1: SerialNumber: syz [ 518.561875][ T60] usb 6-1: config 0 descriptor?? [ 518.566552][ T60] hub 6-1:0.0: bad descriptor, ignoring hub [ 518.568168][ T60] hub 6-1:0.0: probe with driver hub failed with error -5 [ 518.571564][ T60] usb 6-1: selecting invalid altsetting 0 [ 518.756043][T16982] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2475'. [ 518.765322][T16982] batadv1: entered allmulticast mode [ 518.825119][T16983] input: syz1 as /devices/virtual/input/input27 [ 521.094225][T17010] qnx4: unable to read the superblock [ 521.213683][T16863] usbtmc 8-1:16.0: usb_control_msg returned -110 [ 521.230291][ T60] usb 8-1: USB disconnect, device number 9 [ 521.319205][ T1021] usb 6-1: USB disconnect, device number 24 [ 521.634206][T17024] netlink: 'syz.1.2487': attribute type 3 has an invalid length. [ 521.636970][T17024] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2487'. [ 521.712322][T17030] loop0: detected capacity change from 0 to 2560 [ 521.752963][T14444] buffer_io_error: 55 callbacks suppressed [ 521.752979][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 521.762807][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 521.768158][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 521.771644][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 521.775399][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 521.810965][T17039] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2490'. [ 522.174054][T17058] netlink: 'syz.2.2496': attribute type 5 has an invalid length. [ 522.346684][T17061] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2494'. [ 522.984997][T17068] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2498'. [ 523.092644][T17076] netlink: 'syz.3.2502': attribute type 21 has an invalid length. [ 523.338679][T17092] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2508'. [ 523.407171][T17095] FAULT_INJECTION: forcing a failure. [ 523.407171][T17095] name failslab, interval 1, probability 0, space 0, times 0 [ 523.410990][T17095] CPU: 2 UID: 0 PID: 17095 Comm: syz.1.2509 Not tainted syzkaller #0 PREEMPT(full) [ 523.411004][T17095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 523.411011][T17095] Call Trace: [ 523.411016][T17095] [ 523.411020][T17095] dump_stack_lvl+0x16c/0x1f0 [ 523.411041][T17095] should_fail_ex+0x512/0x640 [ 523.411057][T17095] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 523.411073][T17095] should_failslab+0xc2/0x120 [ 523.411084][T17095] kmem_cache_alloc_noprof+0x75/0x6e0 [ 523.411098][T17095] ? key_alloc+0x3e0/0x1330 [ 523.411115][T17095] ? key_alloc+0x3e0/0x1330 [ 523.411126][T17095] key_alloc+0x3e0/0x1330 [ 523.411145][T17095] ? __pfx_key_alloc+0x10/0x10 [ 523.411157][T17095] ? __pfx_sprintf+0x10/0x10 [ 523.411174][T17095] keyring_alloc+0x44/0xc0 [ 523.411191][T17095] call_sbin_request_key+0x380/0xda0 [ 523.411207][T17095] ? __pfx_call_sbin_request_key+0x10/0x10 [ 523.411221][T17095] ? key_alloc+0xac0/0x1330 [ 523.411234][T17095] ? __pfx_key_instantiate_and_link+0x10/0x10 [ 523.411259][T17095] ? __pfx_request_key_auth_new+0x10/0x10 [ 523.411278][T17095] ? __pfx_call_sbin_request_key+0x10/0x10 [ 523.411290][T17095] request_key_and_link+0xeb1/0x1370 [ 523.411306][T17095] ? __pfx_request_key_and_link+0x10/0x10 [ 523.411318][T17095] ? __pfx___might_resched+0x10/0x10 [ 523.411333][T17095] ? find_held_lock+0x2b/0x80 [ 523.411349][T17095] ? __pfx_asymmetric_key_cmp_name+0x10/0x10 [ 523.411361][T17095] ? __pfx_keyring_search_iterator+0x10/0x10 [ 523.411378][T17095] ? _copy_from_user+0x59/0xd0 [ 523.411391][T17095] __do_sys_request_key+0x23a/0x3d0 [ 523.411408][T17095] ? __pfx___do_sys_request_key+0x10/0x10 [ 523.411424][T17095] ? ksys_write+0x1ac/0x250 [ 523.411442][T17095] ? rcu_is_watching+0x12/0xc0 [ 523.411459][T17095] __do_fast_syscall_32+0x7c/0x300 [ 523.411477][T17095] do_fast_syscall_32+0x32/0x80 [ 523.411493][T17095] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 523.411507][T17095] RIP: 0023:0xf708d579 [ 523.411516][T17095] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 523.411526][T17095] RSP: 002b:00000000f547d55c EFLAGS: 00000296 ORIG_RAX: 000000000000011f [ 523.411537][T17095] RAX: ffffffffffffffda RBX: 0000000080000040 RCX: 0000000080001ffb [ 523.411543][T17095] RDX: 0000000080001fee RSI: 0000000000000000 RDI: 0000000000000000 [ 523.411550][T17095] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 523.411556][T17095] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 523.411562][T17095] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 523.411576][T17095] [ 523.606434][ T40] kauditd_printk_skb: 34 callbacks suppressed [ 523.606448][ T40] audit: type=1326 audit(1760390345.296:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17096 comm="syz.1.2510" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708d579 code=0x0 [ 524.212438][T17109] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2513'. [ 524.560997][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 524.565950][T17116] netlink: 'syz.1.2515': attribute type 3 has an invalid length. [ 524.568445][T17116] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2515'. [ 525.016330][T17127] netlink: 'syz.0.2518': attribute type 2 has an invalid length. [ 525.098858][T17136] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2523'. [ 525.101729][T17136] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 525.171959][T17138] netlink: 'syz.3.2524': attribute type 3 has an invalid length. [ 525.174447][T17138] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2524'. [ 525.425629][T17165] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2530'. [ 526.174089][T17178] tipc: Started in network mode [ 526.175699][T17178] tipc: Node identity 0e42460726f3, cluster identity 4711 [ 526.178066][T17178] tipc: Enabled bearer , priority 0 [ 526.180702][T17178] syzkaller0: entered promiscuous mode [ 526.182500][T17178] syzkaller0: entered allmulticast mode [ 526.195481][T17178] syzkaller0: MTU too low for tipc bearer [ 526.197355][T17178] tipc: Disabling bearer [ 526.297008][T17180] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 526.337830][T17180] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 526.356781][T17181] netlink: 'syz.2.2536': attribute type 3 has an invalid length. [ 526.359672][T17181] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2536'. [ 526.368973][T17183] 9pnet_fd: Insufficient options for proto=fd [ 526.420240][T17185] IPv6: NLM_F_CREATE should be specified when creating new route [ 526.614514][T17196] tipc: Enabled bearer , priority 0 [ 526.617835][T17196] syzkaller0: entered promiscuous mode [ 526.619658][T17196] syzkaller0: entered allmulticast mode [ 526.641053][T17196] tipc: Resetting bearer [ 526.645173][T17195] tipc: Resetting bearer [ 526.657059][T17195] tipc: Disabling bearer [ 526.900842][T17207] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2544'. [ 527.810541][T17214] netlink: 'syz.2.2547': attribute type 3 has an invalid length. [ 527.813867][T17214] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2547'. [ 528.129001][ T24] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 528.300048][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 528.366858][ T24] usb 7-1: unable to get BOS descriptor or descriptor too short [ 528.369478][ T24] usb 7-1: no configurations [ 528.370961][ T24] usb 7-1: can't read configurations, error -22 [ 528.771772][ T40] audit: type=1326 audit(1760390350.132:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17234 comm="syz.0.2554" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x0 [ 528.817436][T17232] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2553'. [ 528.820399][T17232] netlink: 31 bytes leftover after parsing attributes in process `syz.1.2553'. [ 528.823324][T17232] netlink: 'syz.1.2553': attribute type 3 has an invalid length. [ 528.826009][T17232] netlink: 'syz.1.2553': attribute type 2 has an invalid length. [ 528.828384][T17232] netlink: 31 bytes leftover after parsing attributes in process `syz.1.2553'. [ 529.000254][T17243] comedi comedi0: comedi_config --init_data is deprecated [ 529.243653][ T40] audit: type=1326 audit(1760390350.572:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17246 comm="syz.2.2558" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 529.261184][ T40] audit: type=1326 audit(1760390350.572:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17246 comm="syz.2.2558" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 529.269565][ T40] audit: type=1326 audit(1760390350.572:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17246 comm="syz.2.2558" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 529.283278][ T40] audit: type=1326 audit(1760390350.572:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17246 comm="syz.2.2558" exe="/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 529.304936][ T40] audit: type=1326 audit(1760390350.572:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17246 comm="syz.2.2558" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 529.311557][ T40] audit: type=1326 audit(1760390350.572:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17246 comm="syz.2.2558" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 529.332980][ T40] audit: type=1326 audit(1760390350.572:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17246 comm="syz.2.2558" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 529.352670][ T40] audit: type=1326 audit(1760390350.572:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17246 comm="syz.2.2558" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 529.360598][ T40] audit: type=1326 audit(1760390350.656:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17246 comm="syz.2.2558" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 529.367475][ T40] audit: type=1326 audit(1760390350.656:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17246 comm="syz.2.2558" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 529.773433][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 529.787466][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 530.586722][T17278] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2563'. [ 530.764960][T17288] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 531.008620][T17297] : renamed from wg2 (while UP) [ 531.233938][T17288] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2563'. [ 532.255863][T17325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 532.329997][T17325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 532.393393][T17325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 532.506326][T17330] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 532.508396][T17330] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 532.510990][T17330] vhci_hcd vhci_hcd.0: Device attached [ 532.598623][T17322] delete_channel: no stack [ 532.610840][T17331] vhci_hcd: connection closed [ 532.611065][ T59] vhci_hcd: stop threads [ 532.614986][ T59] vhci_hcd: release socket [ 532.616884][ T59] vhci_hcd: disconnect device [ 533.046239][T17343] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2575'. [ 533.334731][T17355] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2579'. [ 533.390193][T17357] loop9: detected capacity change from 0 to 7 [ 533.395528][T17357] Dev loop9: unable to read RDB block 7 [ 533.397352][T17357] loop9: AHDI p4 [ 533.399112][T17357] loop9: partition table partially beyond EOD, truncated [ 533.439580][T17358] bond0: (slave bond_slave_0): Releasing backup interface [ 533.445809][T17358] bond0: (slave bond_slave_1): Releasing backup interface [ 533.459354][T17358] team0: Port device team_slave_0 removed [ 533.463482][T17358] team0: Port device team_slave_1 removed [ 533.466152][T17358] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 533.469637][T17358] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 533.512007][T17358] team0: Mode changed to "loadbalance" [ 533.518097][T17358] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2579'. [ 533.910274][T17383] fuse: Bad value for 'rootmode' [ 534.624213][T17409] netlink: 'syz.2.2596': attribute type 3 has an invalid length. [ 534.626727][T17409] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2596'. [ 534.660431][T17416] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2597'. [ 534.666318][T17416] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2597'. [ 534.778612][ T60] delete_channel: no stack [ 535.260918][T17428] trusted_key: encrypted_key: key user:syz not found [ 535.292558][T17432] netlink: 7 bytes leftover after parsing attributes in process `syz.1.2603'. [ 535.299817][T17432] netlink: 7 bytes leftover after parsing attributes in process `syz.1.2603'. [ 535.423301][T17440] netlink: 'syz.1.2606': attribute type 3 has an invalid length. [ 535.426040][T17440] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2606'. [ 535.457634][T17445] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2607'. [ 535.597433][T17446] bridge_slave_0: left allmulticast mode [ 535.599375][T17446] bridge_slave_0: left promiscuous mode [ 535.601962][T17446] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.609577][T17446] bridge_slave_1: left allmulticast mode [ 535.611560][T17446] bridge_slave_1: left promiscuous mode [ 535.616479][T17446] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.641948][T17446] bond0: (slave bond_slave_0): Releasing backup interface [ 535.690462][T17446] bond0: (slave bond_slave_1): Releasing backup interface [ 535.746871][T17446] team0: Port device team_slave_0 removed [ 535.752154][T17463] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2607'. [ 535.762608][T17446] team0: Port device team_slave_1 removed [ 535.765256][T17446] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 535.767731][T17446] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 535.771113][T17446] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 535.850356][T17452] team0: Mode changed to "loadbalance" [ 535.854204][T17458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 535.872773][ T6025] syz2: Port: 1 Link DOWN [ 536.495276][ T5943] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 536.500037][ T5943] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 536.504978][ T5943] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 536.508880][ T5943] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 536.512429][ T5943] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 536.769693][ T1145] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 536.773740][ T1145] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 536.787203][T17476] chnl_net:caif_netlink_parms(): no params data found [ 536.837899][T17487] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 536.882876][ T1145] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 536.885960][ T1145] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 536.891902][T17476] bridge0: port 1(bridge_slave_0) entered blocking state [ 536.894262][T17476] bridge0: port 1(bridge_slave_0) entered disabled state [ 536.896663][T17476] bridge_slave_0: entered allmulticast mode [ 536.899338][T17476] bridge_slave_0: entered promiscuous mode [ 536.902543][T17476] bridge0: port 2(bridge_slave_1) entered blocking state [ 536.904906][T17476] bridge0: port 2(bridge_slave_1) entered disabled state [ 536.908341][T17476] bridge_slave_1: entered allmulticast mode [ 536.911469][T17476] bridge_slave_1: entered promiscuous mode [ 536.958867][T17476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 536.975826][ T1145] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 536.979110][ T1145] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 536.989347][T17476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 537.024800][T17476] team0: Port device team_slave_0 added [ 537.028282][T17476] team0: Port device team_slave_1 added [ 537.057147][T17476] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 537.059318][T17476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 537.067872][T17476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 537.093466][ T1145] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 537.096637][ T1145] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.104420][T17476] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 537.106583][T17476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 537.114490][T17476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 537.167550][T17476] hsr_slave_0: entered promiscuous mode [ 537.170085][T17476] hsr_slave_1: entered promiscuous mode [ 537.172129][T17476] debugfs: 'hsr0' already exists in 'hsr' [ 537.176725][T17476] Cannot create hsr debugfs directory [ 538.044904][ T1145] bond1 (unregistering): (slave macvlan2): Releasing active interface [ 538.056662][ T1145] bond0 (unregistering): Released all slaves [ 538.063674][ T1145] bond1 (unregistering): Released all slaves [ 538.159049][T17521] bridge_slave_0: left allmulticast mode [ 538.161484][T17521] bridge_slave_0: left promiscuous mode [ 538.168187][T17521] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.185004][T17521] bridge_slave_1: left allmulticast mode [ 538.187424][T17521] bridge_slave_1: left promiscuous mode [ 538.191561][T17521] bridge0: port 2(bridge_slave_1) entered disabled state [ 538.202792][T17521] bond0: (slave bond_slave_0): Releasing backup interface [ 538.214305][T17521] bond0: (slave bond_slave_1): Releasing backup interface [ 538.222132][T17521] team0: Port device team_slave_0 removed [ 538.229299][T17521] team0: Port device team_slave_1 removed [ 538.231466][T17521] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 538.236716][T17521] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 538.244529][T17521] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 538.249693][ T1145] tipc: Left network mode [ 538.258147][ T1145] IPVS: stopping master sync thread 6800 ... [ 538.270200][T17528] team0: Mode changed to "loadbalance" [ 538.458561][T17530] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 538.659442][ T5946] Bluetooth: hci1: command tx timeout [ 538.676616][T17476] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 538.680837][T17476] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 538.684942][T17476] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 538.688853][T17476] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 538.743617][T17476] 8021q: adding VLAN 0 to HW filter on device bond0 [ 538.754056][T17476] 8021q: adding VLAN 0 to HW filter on device team0 [ 538.759443][ T9643] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.762238][ T9643] bridge0: port 1(bridge_slave_0) entered forwarding state [ 538.773104][ T9643] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.775412][ T9643] bridge0: port 2(bridge_slave_1) entered forwarding state [ 538.792915][ T1145] hsr_slave_0: left promiscuous mode [ 538.796092][ T1145] hsr_slave_1: left promiscuous mode [ 538.816422][ T1145] veth1_macvtap: left allmulticast mode [ 538.818794][ T1145] veth1_macvtap: left promiscuous mode [ 538.821437][ T1145] veth0_macvtap: left promiscuous mode [ 538.823217][ T1145] veth1_vlan: left promiscuous mode [ 538.824867][ T1145] veth0_vlan: left promiscuous mode [ 538.864593][ T1145] pim6reg (unregistering): left allmulticast mode [ 539.371394][T17571] __nla_validate_parse: 14 callbacks suppressed [ 539.371454][T17571] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2629'. [ 539.376450][T17571] netlink: 11 bytes leftover after parsing attributes in process `syz.1.2629'. [ 539.379408][T17571] netlink: 'syz.1.2629': attribute type 6 has an invalid length. [ 539.381903][T17571] netlink: 'syz.1.2629': attribute type 6 has an invalid length. [ 539.667404][T17574] binder: 17564:17574 ioctl c0306201 80000300 returned -22 [ 540.417271][ T40] audit: type=1804 audit(1760390361.030:1065): pid=17579 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2631" name="/newroot/76/file0" dev="tmpfs" ino=417 res=1 errno=0 [ 540.477785][T17578] /dev/sr0: Can't open blockdev [ 540.532456][T17476] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 540.562018][T17476] veth0_vlan: entered promiscuous mode [ 540.567711][T17476] veth1_vlan: entered promiscuous mode [ 540.582010][T17476] veth0_macvtap: entered promiscuous mode [ 540.588006][T17476] veth1_macvtap: entered promiscuous mode [ 540.600082][T17476] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 540.608751][T17476] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 540.622778][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.626494][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.629257][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.633278][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.662854][T15721] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 540.665341][T15721] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 540.682530][ T9647] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 540.686039][ T9647] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 540.751868][ T1145] IPVS: stop unused estimator thread 0... [ 540.795284][T17589] vivid-000: disconnect [ 540.883132][ T5946] Bluetooth: hci1: command tx timeout [ 541.010809][T17575] vivid-000: reconnect [ 541.062653][T17597] FAULT_INJECTION: forcing a failure. [ 541.062653][T17597] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 541.068154][T17597] CPU: 1 UID: 0 PID: 17597 Comm: syz.3.2633 Not tainted syzkaller #0 PREEMPT(full) [ 541.068169][T17597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 541.068176][T17597] Call Trace: [ 541.068179][T17597] [ 541.068183][T17597] dump_stack_lvl+0x16c/0x1f0 [ 541.068204][T17597] should_fail_ex+0x512/0x640 [ 541.068224][T17597] _copy_from_user+0x2e/0xd0 [ 541.068235][T17597] snd_pcm_oss_write2+0x1c2/0x410 [ 541.068250][T17597] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 541.068262][T17597] ? snd_pcm_kernel_ioctl+0x267/0x2e0 [ 541.068279][T17597] ? snd_pcm_oss_prepare+0x11e/0x220 [ 541.068292][T17597] snd_pcm_oss_write+0x710/0xa10 [ 541.068306][T17597] ? security_file_permission+0x71/0x210 [ 541.068323][T17597] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 541.068336][T17597] vfs_write+0x2a0/0x11d0 [ 541.068355][T17597] ? __pfx_vfs_write+0x10/0x10 [ 541.068368][T17597] ? find_held_lock+0x2b/0x80 [ 541.068383][T17597] ? __fget_files+0x204/0x3c0 [ 541.068404][T17597] ? __fget_files+0x20e/0x3c0 [ 541.068416][T17597] ? handle_mm_fault+0x1f0/0xd10 [ 541.068432][T17597] ksys_write+0x12a/0x250 [ 541.068447][T17597] ? __pfx_ksys_write+0x10/0x10 [ 541.068463][T17597] ? rcu_is_watching+0x12/0xc0 [ 541.068480][T17597] __do_fast_syscall_32+0x7c/0x300 [ 541.068498][T17597] do_fast_syscall_32+0x32/0x80 [ 541.068514][T17597] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 541.068528][T17597] RIP: 0023:0xf7f94579 [ 541.068537][T17597] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 541.068547][T17597] RSP: 002b:00000000f544455c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 541.068558][T17597] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800001c0 [ 541.068565][T17597] RDX: 00000000ffffffd9 RSI: 0000000000000000 RDI: 0000000000000000 [ 541.068571][T17597] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 541.068577][T17597] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 541.068583][T17597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 541.068597][T17597] [ 541.080003][T17599] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2635'. [ 541.206399][T17599] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 541.270327][T17599] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2635'. [ 541.941994][ T6024] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 542.114023][ T6024] usb 6-1: config index 0 descriptor too short (expected 39, got 27) [ 542.117489][ T6024] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 542.121729][ T6024] usb 6-1: config 0 interface 0 has no altsetting 0 [ 542.127184][ T6024] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 542.133388][ T6024] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 542.136095][ T6024] usb 6-1: Product: syz [ 542.137460][ T6024] usb 6-1: Manufacturer: syz [ 542.138924][ T6024] usb 6-1: SerialNumber: syz [ 542.141732][ T6024] usb 6-1: config 0 descriptor?? [ 542.145144][ T6024] hub 6-1:0.0: bad descriptor, ignoring hub [ 542.147273][ T6024] hub 6-1:0.0: probe with driver hub failed with error -5 [ 542.149826][T17626] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 542.151340][ T6024] usb 6-1: selecting invalid altsetting 0 [ 542.196760][T17626] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 542.213822][T17627] netlink: 'syz.0.2643': attribute type 3 has an invalid length. [ 542.216388][T17627] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2643'. [ 542.477938][ T6024] usb 6-1: USB disconnect, device number 25 [ 542.743220][ T6024] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 542.890514][T17635] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2646'. [ 542.917503][ T6024] usb 6-1: config index 0 descriptor too short (expected 39, got 27) [ 542.920097][ T6024] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 542.923107][ T6024] usb 6-1: config 0 interface 0 has no altsetting 0 [ 542.928373][T17635] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 542.969822][T17635] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2646'. [ 542.972096][ T6024] usb 6-1: string descriptor 0 read error: -22 [ 542.978877][ T6024] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 542.981687][ T6024] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 542.992869][ T6024] usb 6-1: config 0 descriptor?? [ 543.000894][ T6024] hub 6-1:0.0: bad descriptor, ignoring hub [ 543.003155][ T6024] hub 6-1:0.0: probe with driver hub failed with error -5 [ 543.006682][ T6024] usb 6-1: selecting invalid altsetting 0 [ 543.063476][T17640] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 543.065617][T17640] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 543.068161][T17640] vhci_hcd vhci_hcd.0: Device attached [ 543.106764][ T5946] Bluetooth: hci1: command tx timeout [ 543.278199][ T6024] vhci_hcd: vhci_device speed not set [ 543.331279][T16571] usb 6-1: USB disconnect, device number 26 [ 543.342004][ T6024] usb 41-1: new full-speed USB device number 3 using vhci_hcd [ 543.554295][T17651] bond0: (slave vlan2): Opening slave failed [ 543.697556][T17660] bridge0: entered allmulticast mode [ 543.699524][T17660] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2653'. [ 543.702304][T17660] bridge_slave_1: left allmulticast mode [ 543.704074][T17660] bridge_slave_1: left promiscuous mode [ 543.706307][T17660] bridge0: port 2(bridge_slave_1) entered disabled state [ 543.709925][T17660] bridge_slave_0: left allmulticast mode [ 543.711718][T17660] bridge_slave_0: left promiscuous mode [ 543.713627][T17660] bridge0: port 1(bridge_slave_0) entered disabled state [ 543.728132][T17660] bridge0 (unregistering): left allmulticast mode [ 543.748218][T17641] vhci_hcd: connection reset by peer [ 543.750524][ T9647] vhci_hcd: stop threads [ 543.758779][ T9647] vhci_hcd: release socket [ 543.760659][ T9647] vhci_hcd: disconnect device [ 543.999853][T17665] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2654'. [ 544.173973][T11727] IPVS: starting estimator thread 0... [ 544.293387][T17687] IPVS: using max 44 ests per chain, 105600 per kthread [ 544.470815][T17693] netlink: 'syz.0.2659': attribute type 1 has an invalid length. [ 544.473307][T17693] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2659'. [ 545.320340][T17710] netlink: 'syz.1.2663': attribute type 3 has an invalid length. [ 545.322874][T17710] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2663'. [ 545.330354][ T5946] Bluetooth: hci1: command tx timeout [ 545.411391][T17713] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 545.492395][T17717] FAULT_INJECTION: forcing a failure. [ 545.492395][T17717] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 545.495569][T17718] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2671'. [ 545.496574][T17717] CPU: 3 UID: 0 PID: 17717 Comm: syz.1.2666 Not tainted syzkaller #0 PREEMPT(full) [ 545.496589][T17717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 545.496596][T17717] Call Trace: [ 545.496600][T17717] [ 545.496605][T17717] dump_stack_lvl+0x16c/0x1f0 [ 545.496625][T17717] should_fail_ex+0x512/0x640 [ 545.496645][T17717] _copy_to_user+0x32/0xd0 [ 545.496657][T17717] simple_read_from_buffer+0xcb/0x170 [ 545.496672][T17717] proc_fail_nth_read+0x197/0x240 [ 545.496688][T17717] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 545.496704][T17717] ? rw_verify_area+0xcf/0x6c0 [ 545.496717][T17717] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 545.496732][T17717] vfs_read+0x1e4/0xcf0 [ 545.496750][T17717] ? __pfx_vfs_read+0x10/0x10 [ 545.496763][T17717] ? find_held_lock+0x2b/0x80 [ 545.496782][T17717] ? __fget_files+0x20e/0x3c0 [ 545.496801][T17717] ksys_read+0x12a/0x250 [ 545.496815][T17717] ? __pfx_ksys_read+0x10/0x10 [ 545.496830][T17717] ? fput+0x9b/0xd0 [ 545.496839][T17717] ? rcu_is_watching+0x12/0xc0 [ 545.496856][T17717] __do_fast_syscall_32+0x7c/0x300 [ 545.496874][T17717] do_fast_syscall_32+0x32/0x80 [ 545.496891][T17717] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 545.496905][T17717] RIP: 0023:0xf708d579 [ 545.496914][T17717] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 545.496924][T17717] RSP: 002b:00000000f547d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 545.496934][T17717] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f547d620 [ 545.496941][T17717] RDX: 000000000000000f RSI: 00000000f7425ff4 RDI: 0000000000000000 [ 545.496947][T17717] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 545.496953][T17717] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 545.496959][T17717] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 545.496973][T17717] [ 545.514447][T17720] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2665'. [ 545.531615][T17718] batadv1: entered allmulticast mode [ 545.575695][T17724] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2665'. [ 546.068967][ T59] Bluetooth: Error in BCSP hdr checksum [ 546.314561][T17740] netlink: 'syz.0.2668': attribute type 3 has an invalid length. [ 546.316997][T17740] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2668'. [ 546.346023][T15721] Bluetooth: Error in BCSP hdr checksum [ 546.609807][ T40] audit: type=1800 audit(1760390366.820:1066): pid=17751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2672" name="bus" dev="overlay" ino=119 res=0 errno=0 [ 546.638598][ T59] Bluetooth: Error in BCSP hdr checksum [ 547.136248][T17755] netlink: 'syz.2.2674': attribute type 3 has an invalid length. [ 547.136262][T17755] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2674'. [ 547.428229][T17759] tty tty1: ldisc open failed (-12), clearing slot 0 [ 547.441435][T17760] tty tty1: ldisc open failed (-12), clearing slot 0 [ 547.525093][T17776] netlink: 'syz.0.2678': attribute type 3 has an invalid length. [ 547.527552][T17776] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2678'. [ 547.775017][T17781] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2679'. [ 547.814803][T17781] batadv1: entered allmulticast mode [ 547.982976][ T5946] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 547.984168][ T5943] Bluetooth: hci2: command 0x1003 tx timeout [ 548.190414][T17788] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2680'. [ 548.203075][T17788] batadv1: entered allmulticast mode [ 548.330379][T17800] input: syz1 as /devices/virtual/input/input29 [ 548.783708][T17814] netlink: 'syz.2.2688': attribute type 3 has an invalid length. [ 548.786221][T17814] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2688'. [ 548.826249][ T6024] vhci_hcd: vhci_device speed not set [ 548.939211][T17821] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 549.100289][ T40] audit: type=1326 audit(1760390369.149:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17826 comm="syz.1.2690" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708d579 code=0x0 [ 551.381340][T17844] __nla_validate_parse: 1 callbacks suppressed [ 551.381472][T17844] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2694'. [ 551.398889][T17844] batadv1: entered allmulticast mode [ 552.627490][T17861] netlink: 'syz.1.2697': attribute type 3 has an invalid length. [ 552.629963][T17861] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2697'. [ 552.945517][T17867] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2699'. [ 553.026480][T17867] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2699'. [ 554.024107][T17899] netlink: 'syz.1.2707': attribute type 3 has an invalid length. [ 554.027019][T17899] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2707'. [ 554.028503][ T40] audit: type=1326 audit(1760390373.760:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17892 comm="syz.0.2706" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x0 [ 554.118764][T17903] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2708'. [ 554.291240][T17912] FAULT_INJECTION: forcing a failure. [ 554.291240][T17912] name failslab, interval 1, probability 0, space 0, times 0 [ 554.295339][T17912] CPU: 2 UID: 0 PID: 17912 Comm: syz.2.2712 Not tainted syzkaller #0 PREEMPT(full) [ 554.295354][T17912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 554.295361][T17912] Call Trace: [ 554.295366][T17912] [ 554.295370][T17912] dump_stack_lvl+0x16c/0x1f0 [ 554.295391][T17912] should_fail_ex+0x512/0x640 [ 554.295409][T17912] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 554.295426][T17912] should_failslab+0xc2/0x120 [ 554.295437][T17912] kmem_cache_alloc_node_noprof+0x78/0x770 [ 554.295451][T17912] ? __alloc_skb+0x2b2/0x380 [ 554.295470][T17912] ? __alloc_skb+0x2b2/0x380 [ 554.295483][T17912] ? __pfx_netlink_insert+0x10/0x10 [ 554.295499][T17912] __alloc_skb+0x2b2/0x380 [ 554.295513][T17912] ? __pfx___alloc_skb+0x10/0x10 [ 554.295528][T17912] ? netlink_autobind.isra.0+0x158/0x370 [ 554.295548][T17912] netlink_alloc_large_skb+0x69/0x140 [ 554.295565][T17912] netlink_sendmsg+0x698/0xdd0 [ 554.295586][T17912] ? __pfx_netlink_sendmsg+0x10/0x10 [ 554.295605][T17912] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 554.295619][T17912] ____sys_sendmsg+0xa98/0xc70 [ 554.295632][T17912] ? __pfx_____sys_sendmsg+0x10/0x10 [ 554.295643][T17912] ? get_compat_msghdr+0x11a/0x170 [ 554.295664][T17912] ___sys_sendmsg+0x134/0x1d0 [ 554.295681][T17912] ? __pfx____sys_sendmsg+0x10/0x10 [ 554.295703][T17912] ? find_held_lock+0x2b/0x80 [ 554.295726][T17912] __sys_sendmsg+0x16d/0x220 [ 554.295742][T17912] ? __pfx___sys_sendmsg+0x10/0x10 [ 554.295764][T17912] ? rcu_is_watching+0x12/0xc0 [ 554.295780][T17912] __do_fast_syscall_32+0x7c/0x300 [ 554.295799][T17912] do_fast_syscall_32+0x32/0x80 [ 554.295815][T17912] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 554.295829][T17912] RIP: 0023:0xf70bd579 [ 554.295838][T17912] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 554.295848][T17912] RSP: 002b:00000000f54ad55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 554.295858][T17912] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 554.295865][T17912] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 554.295871][T17912] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 554.295877][T17912] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 554.295883][T17912] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 554.295896][T17912] [ 554.714190][T17920] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 554.784562][T17925] FAULT_INJECTION: forcing a failure. [ 554.784562][T17925] name failslab, interval 1, probability 0, space 0, times 0 [ 554.788888][T17925] CPU: 0 UID: 0 PID: 17925 Comm: syz.3.2715 Not tainted syzkaller #0 PREEMPT(full) [ 554.788936][T17925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 554.788943][T17925] Call Trace: [ 554.788948][T17925] [ 554.788954][T17925] dump_stack_lvl+0x16c/0x1f0 [ 554.788975][T17925] should_fail_ex+0x512/0x640 [ 554.788992][T17925] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 554.789011][T17925] should_failslab+0xc2/0x120 [ 554.789022][T17925] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 554.789039][T17925] ? key_alloc+0x43e/0x1330 [ 554.789052][T17925] ? kmem_cache_alloc_noprof+0x2a1/0x6e0 [ 554.789069][T17925] ? kmemdup_noprof+0x29/0x60 [ 554.789083][T17925] kmemdup_noprof+0x29/0x60 [ 554.789098][T17925] key_alloc+0x43e/0x1330 [ 554.789117][T17925] ? __pfx_key_alloc+0x10/0x10 [ 554.789129][T17925] ? __pfx_sprintf+0x10/0x10 [ 554.789147][T17925] keyring_alloc+0x44/0xc0 [ 554.789164][T17925] call_sbin_request_key+0x380/0xda0 [ 554.789181][T17925] ? __pfx_call_sbin_request_key+0x10/0x10 [ 554.789194][T17925] ? key_alloc+0xac0/0x1330 [ 554.789208][T17925] ? __pfx_key_instantiate_and_link+0x10/0x10 [ 554.789233][T17925] ? __pfx_request_key_auth_new+0x10/0x10 [ 554.789252][T17925] ? __pfx_call_sbin_request_key+0x10/0x10 [ 554.789264][T17925] request_key_and_link+0xeb1/0x1370 [ 554.789283][T17925] ? __pfx_request_key_and_link+0x10/0x10 [ 554.789296][T17925] ? __pfx___might_resched+0x10/0x10 [ 554.789312][T17925] ? find_held_lock+0x2b/0x80 [ 554.789329][T17925] ? __pfx_asymmetric_key_cmp_name+0x10/0x10 [ 554.789341][T17925] ? __pfx_keyring_search_iterator+0x10/0x10 [ 554.789358][T17925] ? _copy_from_user+0x59/0xd0 [ 554.789371][T17925] __do_sys_request_key+0x23a/0x3d0 [ 554.789389][T17925] ? __pfx___do_sys_request_key+0x10/0x10 [ 554.789405][T17925] ? ksys_write+0x1ac/0x250 [ 554.789423][T17925] ? rcu_is_watching+0x12/0xc0 [ 554.789440][T17925] __do_fast_syscall_32+0x7c/0x300 [ 554.789459][T17925] do_fast_syscall_32+0x32/0x80 [ 554.789476][T17925] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 554.789490][T17925] RIP: 0023:0xf7f94579 [ 554.789499][T17925] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 554.789510][T17925] RSP: 002b:00000000f548655c EFLAGS: 00000296 ORIG_RAX: 000000000000011f [ 554.789520][T17925] RAX: ffffffffffffffda RBX: 0000000080000040 RCX: 0000000080001ffb [ 554.789533][T17925] RDX: 0000000080001fee RSI: 0000000000000000 RDI: 0000000000000000 [ 554.789539][T17925] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 554.789545][T17925] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 554.789552][T17925] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 554.789566][T17925] [ 554.939384][ T840] IPVS: starting estimator thread 0... [ 554.939923][T17919] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2714'. [ 554.950877][T17929] netlink: 'syz.0.2716': attribute type 3 has an invalid length. [ 554.953719][T17929] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2716'. [ 555.037561][T17934] IPVS: using max 44 ests per chain, 105600 per kthread [ 555.891255][T17963] netlink: 'syz.2.2726': attribute type 3 has an invalid length. [ 555.895703][T17963] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2726'. [ 556.497832][T17999] netlink: 'syz.0.2738': attribute type 3 has an invalid length. [ 556.500217][T17999] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2738'. [ 556.533649][T18006] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 556.981198][T18018] loop0: detected capacity change from 0 to 2560 [ 557.124295][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 557.127107][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 557.130037][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 557.147902][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 557.150803][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 557.241485][T18023] netlink: 'syz.2.2742': attribute type 2 has an invalid length. [ 557.525910][T18039] netlink: 'syz.1.2748': attribute type 3 has an invalid length. [ 557.530810][T18039] __nla_validate_parse: 3 callbacks suppressed [ 557.530851][T18039] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2748'. [ 558.684969][T18070] binder: 18069:18070 ioctl 400c620e 80000040 returned -22 [ 558.742419][T18072] tipc: Started in network mode [ 558.744109][T18072] tipc: Node identity d21e7b6b3f6, cluster identity 4711 [ 558.747289][T18072] tipc: Enabled bearer , priority 0 [ 558.750100][T18072] syzkaller0: entered promiscuous mode [ 558.751849][T18072] syzkaller0: entered allmulticast mode [ 558.765253][T18072] tipc: Resetting bearer [ 558.773705][T18071] tipc: Resetting bearer [ 558.783598][T18071] tipc: Disabling bearer [ 558.893425][T18081] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2762'. [ 559.237641][T18096] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2763'. [ 559.247881][T18096] netlink: 11 bytes leftover after parsing attributes in process `syz.2.2763'. [ 559.256647][T18096] netlink: 'syz.2.2763': attribute type 6 has an invalid length. [ 559.264259][T18096] netlink: 'syz.2.2763': attribute type 6 has an invalid length. [ 559.454573][T18097] /dev/sr0: Can't open blockdev [ 560.375533][T18103] /dev/sr0: Can't open blockdev [ 561.199581][T18126] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2773'. [ 561.232806][T18128] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 561.235109][T18128] IPv6: NLM_F_CREATE should be set when creating new route [ 561.254998][T18130] batadv_slave_0: entered promiscuous mode [ 561.287867][T18132] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2776'. [ 561.688532][T18145] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 563.002468][T18157] overlay: ./file1 is not a directory [ 563.234603][ T40] audit: type=1800 audit(1760390382.357:1069): pid=18167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2784" name="bus" dev="overlay" ino=627 res=0 errno=0 [ 563.779876][T18169] netlink: 'syz.1.2794': attribute type 10 has an invalid length. [ 563.784149][T18169] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 563.811877][T18172] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 563.814855][T18172] IPv6: NLM_F_CREATE should be set when creating new route [ 565.037477][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.040418][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.966875][T18220] FAULT_INJECTION: forcing a failure. [ 565.966875][T18220] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 565.970902][T18220] CPU: 3 UID: 0 PID: 18220 Comm: syz.1.2797 Not tainted syzkaller #0 PREEMPT(full) [ 565.970917][T18220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 565.970924][T18220] Call Trace: [ 565.970928][T18220] [ 565.970933][T18220] dump_stack_lvl+0x16c/0x1f0 [ 565.970953][T18220] should_fail_ex+0x512/0x640 [ 565.970972][T18220] _copy_to_user+0x32/0xd0 [ 565.970984][T18220] simple_read_from_buffer+0xcb/0x170 [ 565.970999][T18220] proc_fail_nth_read+0x197/0x240 [ 565.971015][T18220] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 565.971031][T18220] ? rw_verify_area+0xcf/0x6c0 [ 565.971044][T18220] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 565.971059][T18220] vfs_read+0x1e4/0xcf0 [ 565.971077][T18220] ? __pfx_vfs_read+0x10/0x10 [ 565.971090][T18220] ? find_held_lock+0x2b/0x80 [ 565.971108][T18220] ? __fget_files+0x20e/0x3c0 [ 565.971127][T18220] ksys_read+0x12a/0x250 [ 565.971142][T18220] ? __pfx_ksys_read+0x10/0x10 [ 565.971158][T18220] ? rcu_is_watching+0x12/0xc0 [ 565.971175][T18220] __do_fast_syscall_32+0x7c/0x300 [ 565.971193][T18220] do_fast_syscall_32+0x32/0x80 [ 565.971213][T18220] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 565.971227][T18220] RIP: 0023:0xf708d579 [ 565.971236][T18220] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 565.971246][T18220] RSP: 002b:00000000f547d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 565.971257][T18220] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f547d620 [ 565.971263][T18220] RDX: 000000000000000f RSI: 00000000f7425ff4 RDI: 0000000000000000 [ 565.971269][T18220] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 565.971275][T18220] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 565.971282][T18220] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 565.971295][T18220] [ 566.134894][T18227] bond1: entered promiscuous mode [ 566.152063][T18227] bridge0: port 1(syz_tun) entered blocking state [ 566.154114][T18227] bridge0: port 1(syz_tun) entered disabled state [ 566.156663][T18227] syz_tun: entered allmulticast mode [ 566.160227][T18227] syz_tun: entered promiscuous mode [ 566.174168][T18227] netlink: 'syz.3.2799': attribute type 10 has an invalid length. [ 566.254117][T18227] infiniband syz1: set down [ 566.255646][T18227] infiniband syz1: added syz_tun [ 566.273158][T18227] RDS/IB: syz1: added [ 566.274569][T18227] smc: adding ib device syz1 with port count 1 [ 566.276608][T18227] smc: ib device syz1 port 1 has no pnetid [ 568.117926][T18265] batman_adv: batadv0: Adding interface: gretap1 [ 568.119954][T18265] batman_adv: batadv0: Interface activated: gretap1 [ 568.236022][T18271] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2813'. [ 568.245341][T18271] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2813'. [ 568.486605][T18276] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2814'. [ 568.492012][T18276] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2814'. [ 568.917008][T18280] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2816'. [ 569.075178][T18284] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 569.148702][T18281] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2816'. [ 569.261479][T18288] bond1: entered promiscuous mode [ 569.301763][T18288] netlink: 'syz.0.2817': attribute type 10 has an invalid length. [ 569.309011][T18288] rdma_rxe: rxe_newlink: failed to add syz_tun [ 570.851733][T15721] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.855157][T15721] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 572.041848][T18343] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2829'. [ 572.391944][T18349] netlink: 7 bytes leftover after parsing attributes in process `syz.3.2830'. [ 572.578780][T18349] netlink: 7 bytes leftover after parsing attributes in process `syz.3.2830'. [ 573.219322][T18376] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 573.221899][T18376] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 573.225535][T18376] vhci_hcd vhci_hcd.0: Device attached [ 573.575574][T11727] usb 38-1: SetAddress Request (14) to port 0 [ 573.577761][T11727] usb 38-1: new SuperSpeed USB device number 14 using vhci_hcd [ 573.596359][T18387] trusted_key: encrypted_key: key user:syz not found [ 573.869757][T18377] vhci_hcd: connection reset by peer [ 573.875925][T15721] vhci_hcd: stop threads [ 573.877732][T15721] vhci_hcd: release socket [ 573.879686][T15721] vhci_hcd: disconnect device [ 574.092250][T18392] FAULT_INJECTION: forcing a failure. [ 574.092250][T18392] name failslab, interval 1, probability 0, space 0, times 0 [ 574.096811][T18392] CPU: 1 UID: 0 PID: 18392 Comm: syz.2.2838 Not tainted syzkaller #0 PREEMPT(full) [ 574.096845][T18392] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 574.096856][T18392] Call Trace: [ 574.096875][T18392] [ 574.096882][T18392] dump_stack_lvl+0x16c/0x1f0 [ 574.096924][T18392] should_fail_ex+0x512/0x640 [ 574.096948][T18392] ? __kmalloc_cache_noprof+0x5f/0x780 [ 574.096963][T18392] ? __pfx_ethnl_tsinfo_start+0x10/0x10 [ 574.096980][T18392] should_failslab+0xc2/0x120 [ 574.096990][T18392] ? __pfx_ethnl_tsinfo_start+0x10/0x10 [ 574.097005][T18392] __kmalloc_cache_noprof+0x72/0x780 [ 574.097018][T18392] ? ethnl_tsinfo_start+0x95/0x3a0 [ 574.097034][T18392] ? __pfx_ethnl_tsinfo_start+0x10/0x10 [ 574.097049][T18392] ? ethnl_tsinfo_start+0x95/0x3a0 [ 574.097063][T18392] ethnl_tsinfo_start+0x95/0x3a0 [ 574.097079][T18392] ? __pfx_ethnl_tsinfo_start+0x10/0x10 [ 574.097094][T18392] genl_start+0x5ff/0x980 [ 574.097107][T18392] __netlink_dump_start+0x60e/0x990 [ 574.097126][T18392] genl_family_rcv_msg_dumpit+0x1e2/0x2e0 [ 574.097139][T18392] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 574.097154][T18392] ? __pfx_genl_get_cmd+0x10/0x10 [ 574.097163][T18392] ? __pfx_genl_start+0x10/0x10 [ 574.097173][T18392] ? __pfx_genl_dumpit+0x10/0x10 [ 574.097182][T18392] ? __pfx_genl_done+0x10/0x10 [ 574.097195][T18392] ? __radix_tree_lookup+0x21f/0x2c0 [ 574.097212][T18392] genl_rcv_msg+0x46e/0x800 [ 574.097225][T18392] ? __pfx_genl_rcv_msg+0x10/0x10 [ 574.097236][T18392] ? __pfx_ethnl_tsinfo_start+0x10/0x10 [ 574.097250][T18392] ? __pfx_ethnl_tsinfo_dumpit+0x10/0x10 [ 574.097264][T18392] ? __pfx_ethnl_tsinfo_done+0x10/0x10 [ 574.097284][T18392] netlink_rcv_skb+0x158/0x420 [ 574.097300][T18392] ? __pfx_genl_rcv_msg+0x10/0x10 [ 574.097312][T18392] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 574.097335][T18392] ? netlink_deliver_tap+0x1ae/0xd30 [ 574.097353][T18392] genl_rcv+0x28/0x40 [ 574.097362][T18392] netlink_unicast+0x5aa/0x870 [ 574.097380][T18392] ? __pfx_netlink_unicast+0x10/0x10 [ 574.097402][T18392] netlink_sendmsg+0x8c8/0xdd0 [ 574.097421][T18392] ? __pfx_netlink_sendmsg+0x10/0x10 [ 574.097444][T18392] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 574.097458][T18392] ____sys_sendmsg+0xa98/0xc70 [ 574.097472][T18392] ? __pfx_____sys_sendmsg+0x10/0x10 [ 574.097483][T18392] ? get_compat_msghdr+0x11a/0x170 [ 574.097505][T18392] ___sys_sendmsg+0x134/0x1d0 [ 574.097522][T18392] ? __pfx____sys_sendmsg+0x10/0x10 [ 574.097544][T18392] ? find_held_lock+0x2b/0x80 [ 574.097568][T18392] __sys_sendmsg+0x16d/0x220 [ 574.097584][T18392] ? __pfx___sys_sendmsg+0x10/0x10 [ 574.097606][T18392] ? rcu_is_watching+0x12/0xc0 [ 574.097623][T18392] __do_fast_syscall_32+0x7c/0x300 [ 574.097654][T18392] do_fast_syscall_32+0x32/0x80 [ 574.097671][T18392] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 574.097684][T18392] RIP: 0023:0xf70bd579 [ 574.097693][T18392] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 574.097703][T18392] RSP: 002b:00000000f546b55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 574.097714][T18392] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240 [ 574.097721][T18392] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 574.097727][T18392] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 574.097733][T18392] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 574.097738][T18392] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 574.097752][T18392] [ 574.351932][T18394] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2839'. [ 574.484389][T18395] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 574.570125][T18395] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2839'. [ 575.572910][T18413] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2842'. [ 575.580337][T18413] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2842'. [ 575.899038][T18426] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2847'. [ 575.943816][T18426] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2847'. [ 576.032185][T18435] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2848'. [ 576.037685][T18435] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2848'. [ 576.070455][T18438] xt_NFQUEUE: number of queues (65349) out of range (got 65604) [ 576.365023][T18444] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2850'. [ 576.502167][T18450] syz_tun: left allmulticast mode [ 576.505599][T18450] syz_tun: left promiscuous mode [ 576.507854][T18450] bridge0: port 1(syz_tun) entered disabled state [ 576.516555][T18450] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 576.588400][T18450] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2850'. [ 577.069213][T18461] netlink: 'syz.0.2853': attribute type 6 has an invalid length. [ 577.073072][T18461] netlink: 'syz.0.2853': attribute type 6 has an invalid length. [ 577.496733][T18468] netlink: 'syz.1.2854': attribute type 3 has an invalid length. [ 578.674292][T18497] binder: 18495:18497 unknown command 274 [ 578.676283][T18497] binder: 18495:18497 ioctl c0306201 800004c0 returned -22 [ 578.957140][T18504] netlink: 'syz.1.2860': attribute type 21 has an invalid length. [ 579.027760][T11727] usb 38-1: device descriptor read/8, error -110 [ 579.455929][T11727] usb usb38-port1: attempt power cycle [ 579.742691][T18512] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 579.830148][T18524] __nla_validate_parse: 6 callbacks suppressed [ 579.830165][T18524] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2863'. [ 580.065075][T11727] usb usb38-port1: unable to enumerate USB device [ 580.096532][T16506] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 580.165018][T18531] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2869'. [ 580.256831][T16506] usb 7-1: Using ep0 maxpacket: 32 [ 580.260776][T16506] usb 7-1: config 4 has an invalid descriptor of length 49, skipping remainder of the config [ 580.265473][T16506] usb 7-1: config 4 has 0 interfaces, different from the descriptor's value: 9 [ 580.272789][T16506] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 580.276720][T16506] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.280701][T16506] usb 7-1: Product: syz [ 580.282778][T16506] usb 7-1: Manufacturer: syz [ 580.284870][T16506] usb 7-1: SerialNumber: syz [ 580.552927][T16506] usb 7-1: USB disconnect, device number 17 [ 580.834183][ T34] usb 6-1: new full-speed USB device number 27 using dummy_hcd [ 581.006705][ T34] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 581.020371][ T34] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 581.024407][ T34] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid wMaxPacketSize 0 [ 581.027678][ T34] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 581.032017][ T34] usb 6-1: config 0 interface 0 has no altsetting 0 [ 581.039080][ T34] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 581.042585][ T34] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 581.050050][ T34] usb 6-1: Product: syz [ 581.051367][ T34] usb 6-1: Manufacturer: syz [ 581.053039][ T34] usb 6-1: SerialNumber: syz [ 581.079222][ T34] usb 6-1: config 0 descriptor?? [ 581.171409][ T34] ldusb 6-1:0.0: Interrupt in endpoint not found [ 581.176437][T18539] netlink: 'syz.3.2872': attribute type 21 has an invalid length. [ 581.179225][T18539] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2872'. [ 581.869850][ T40] audit: type=1326 audit(1760390399.792:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18552 comm="syz.3.2876" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f94579 code=0x0 [ 582.388981][T18560] netlink: 'syz.0.2878': attribute type 1 has an invalid length. [ 582.391447][T18560] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2878'. [ 583.160677][T18582] netlink: 'syz.0.2883': attribute type 3 has an invalid length. [ 583.163776][T18582] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2883'. [ 583.305024][T18591] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2885'. [ 583.357829][T18593] Bluetooth: MGMT ver 1.23 [ 583.730384][ T40] audit: type=1800 audit(1760390401.532:1071): pid=18602 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2889" name="bus" dev="overlay" ino=440 res=0 errno=0 [ 583.978974][T18608] netlink: 'syz.3.2892': attribute type 3 has an invalid length. [ 583.982228][T18608] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2892'. [ 584.023179][T18612] Cannot find del_set index 2 as target [ 584.257684][ T6025] usb 6-1: USB disconnect, device number 27 [ 584.467216][T18632] netlink: 'syz.0.2901': attribute type 3 has an invalid length. [ 584.470377][T18632] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2901'. [ 584.485163][T18637] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2902'. [ 584.489962][T18637] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2902'. [ 584.528203][T18639] Cannot find del_set index 2 as target [ 584.687903][T18644] batadv1: entered allmulticast mode [ 584.741171][T18648] input: syz1 as /devices/virtual/input/input31 [ 585.353560][T18661] __nla_validate_parse: 1 callbacks suppressed [ 585.353577][T18661] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2906'. [ 585.922546][T18676] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2911'. [ 586.049599][T18681] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 586.172003][T18677] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2911'. [ 586.478610][T18694] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2915'. [ 586.487308][T18694] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2915'. [ 587.335892][T18702] tipc: Enabled bearer , priority 0 [ 587.338413][T18702] syzkaller0: entered promiscuous mode [ 587.340285][T18702] syzkaller0: entered allmulticast mode [ 587.353901][T18702] tipc: Resetting bearer [ 587.378510][T18701] tipc: Resetting bearer [ 587.392488][T18701] tipc: Disabling bearer [ 587.577879][T18707] netlink: 'syz.3.2918': attribute type 3 has an invalid length. [ 587.583960][T18707] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2918'. [ 587.964840][ T6025] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 588.126894][ T6025] usb 6-1: Using ep0 maxpacket: 16 [ 588.260106][T18732] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2923'. [ 588.350945][T18735] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2924'. [ 588.356338][T18735] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2924'. [ 589.334825][T18745] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2928'. [ 589.449298][T18746] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 589.819906][T18752] netlink: 'syz.0.2929': attribute type 1 has an invalid length. [ 590.233370][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 590.773633][ T6025] usb 6-1: unable to get BOS descriptor or descriptor too short [ 590.793394][ T6025] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 590.795840][ T6025] usb 6-1: can't read configurations, error -71 [ 590.913612][T18772] __nla_validate_parse: 2 callbacks suppressed [ 590.913622][T18772] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2934'. [ 590.971394][T18774] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2934'. [ 591.052989][T18778] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2938'. [ 591.056084][T18776] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2933'. [ 591.112258][T18778] overlay: Bad value for 'workdir' [ 591.795160][T18790] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2940'. [ 591.799266][T18790] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 592.245455][T18810] netlink: 'syz.3.2946': attribute type 4 has an invalid length. [ 592.911050][T18816] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2948'. [ 592.916983][T18816] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2948'. [ 593.071935][T18820] netlink: 'syz.2.2949': attribute type 2 has an invalid length. [ 593.338920][T18827] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2950'. [ 593.435069][T18831] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2952'. [ 594.079977][T16506] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 594.261594][T16506] usb 6-1: Using ep0 maxpacket: 16 [ 594.266591][T16506] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 594.272318][T16506] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 594.282985][T16506] usb 6-1: Product: syz [ 594.284290][T16506] usb 6-1: Manufacturer: syz [ 594.285731][T16506] usb 6-1: SerialNumber: syz [ 594.289147][T16506] usb 6-1: config 0 descriptor?? [ 594.394232][T18845] netlink: 'syz.2.2957': attribute type 3 has an invalid length. [ 594.396641][T18845] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2957'. [ 594.580946][T18855] tipc: Started in network mode [ 594.582847][T18855] tipc: Node identity eaa6d9c34c1a, cluster identity 4711 [ 594.586894][T18855] tipc: Enabled bearer , priority 0 [ 594.590893][T18855] syzkaller0: entered promiscuous mode [ 594.592838][T18855] syzkaller0: entered allmulticast mode [ 594.611369][T18855] syzkaller0: mtu greater than device maximum [ 594.615440][T18854] tipc: Resetting bearer [ 594.639917][T18854] tipc: Disabling bearer [ 594.855071][T18861] netlink: 'syz.1.2954': attribute type 4 has an invalid length. [ 594.932293][T18861] netlink: 'syz.1.2954': attribute type 4 has an invalid length. [ 595.132603][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.135619][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.138392][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.141352][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.143899][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.146454][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.149043][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.151576][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.154291][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.156926][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.159630][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.162511][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.165306][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.167996][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.170795][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.173438][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.176114][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.179454][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.182931][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.186398][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.189942][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.192913][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.195625][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.199103][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.202563][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.206045][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.209710][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.213230][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.216707][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.220134][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.223621][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.227763][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.231568][T18867] 9pnet_virtio: no channels available for device 127.0.0.1 [ 595.307395][T18870] Cannot find del_set index 2 as target [ 595.449871][T18876] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 595.612863][T18882] netlink: 'syz.0.2966': attribute type 3 has an invalid length. [ 595.671696][T18886] Cannot find del_set index 2 as target [ 596.032346][T18898] Cannot find del_set index 2 as target [ 596.264711][T18905] __nla_validate_parse: 8 callbacks suppressed [ 596.264773][T18905] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2974'. [ 596.298667][T18908] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2976'. [ 597.055911][ T6025] usb 6-1: USB disconnect, device number 30 [ 597.139431][T18918] tipc: Enabled bearer , priority 0 [ 597.142087][T18918] syzkaller0: entered promiscuous mode [ 597.143796][T18918] syzkaller0: entered allmulticast mode [ 597.448952][T18931] pim6reg: entered allmulticast mode [ 597.458115][T18931] pim6reg: left allmulticast mode [ 597.478015][T18935] Cannot find del_set index 2 as target [ 597.575029][T18931] tipc: Trying to set illegal importance in message [ 597.834299][T18942] loop0: detected capacity change from 0 to 2560 [ 597.839156][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 597.844641][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 597.847436][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 597.850197][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 597.853039][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 598.030626][T18917] tipc: Resetting bearer [ 598.047398][T18917] tipc: Disabling bearer [ 598.253780][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 598.256624][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 598.259319][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 598.263006][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 598.265631][T14444] Buffer I/O error on dev loop0, logical block 0, async page read [ 598.553486][T18959] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2987'. [ 599.092026][T18965] Cannot find del_set index 2 as target [ 599.240041][T18971] Cannot find del_set index 2 as target [ 599.501257][T18978] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2993'. [ 599.553202][T18981] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2994'. [ 599.560038][T18981] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2994'. [ 600.253253][T18992] Cannot find del_set index 2 as target [ 600.264323][T18991] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2996'. [ 600.740130][T16506] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 600.911168][T16506] usb 7-1: Using ep0 maxpacket: 8 [ 600.921235][T16506] usb 7-1: unable to get BOS descriptor or descriptor too short [ 600.923895][T16506] usb 7-1: no configurations [ 600.925380][T16506] usb 7-1: can't read configurations, error -22 [ 601.081727][T19003] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3001'. [ 601.119659][T19005] Cannot find del_set index 2 as target [ 601.478320][T19013] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3004'. [ 601.482111][T19013] netlink: 11 bytes leftover after parsing attributes in process `syz.0.3004'. [ 601.486903][T19013] netlink: 'syz.0.3004': attribute type 6 has an invalid length. [ 601.490891][T19013] netlink: 'syz.0.3004': attribute type 6 has an invalid length. [ 601.762051][T19021] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3005'. [ 601.764363][T19022] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3006'. [ 601.804781][T19022] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3006'. [ 602.346466][T19026] Cannot find del_set index 2 as target [ 602.509757][T19030] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3009'. [ 602.565944][T19032] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3008'. [ 602.677538][T19042] binder: 19035:19042 ioctl 0 80000040 returned -22 [ 602.686126][T19042] binder: 19035:19042 ioctl c038563b 80000080 returned -22 [ 602.711747][ T1145] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 602.764815][T19045] netlink: 'syz.2.3012': attribute type 3 has an invalid length. [ 602.767294][T19045] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3012'. [ 603.404608][T19054] Invalid logical block size (-33554433) [ 603.433087][T19056] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3015'. [ 603.564401][T19059] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 603.619492][T19059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3015'. [ 603.968153][T19076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 604.025956][T19076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 604.085823][T19076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 604.234667][T19081] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3017'. [ 604.426366][T19084] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3019'. [ 604.973721][T16571] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 605.137671][T16571] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 605.140924][T16571] usb 7-1: config 0 interface 0 has no altsetting 0 [ 605.145415][T16571] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 605.148183][T16571] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 605.150756][T16571] usb 7-1: Product: syz [ 605.152142][T16571] usb 7-1: Manufacturer: syz [ 605.153641][T16571] usb 7-1: SerialNumber: syz [ 605.162640][T16571] usb 7-1: config 0 descriptor?? [ 605.179562][T16571] usb 7-1: selecting invalid altsetting 0 [ 605.296781][T19107] netlink: 'syz.1.3026': attribute type 1 has an invalid length. [ 605.301530][T19107] netlink: 'syz.1.3026': attribute type 2 has an invalid length. [ 606.043185][T19118] bond0: (slave bond_slave_0): Releasing backup interface [ 606.101987][T19118] bond0: (slave bond_slave_1): Releasing backup interface [ 606.166536][T19124] netlink: 'syz.3.3028': attribute type 3 has an invalid length. [ 606.211690][T19118] team0: Port device team_slave_0 removed [ 606.223116][T19118] team0: Port device team_slave_1 removed [ 606.227234][T19118] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 606.229938][T19118] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 606.234726][T19118] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 606.251976][T19121] team0: Mode changed to "loadbalance" [ 606.417595][ T6025] usb 7-1: USB disconnect, device number 20 [ 606.511974][T19130] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 606.513899][T19130] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 606.523585][T19130] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 606.526222][T19130] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 606.533583][T19130] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 606.536122][T19130] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 607.277374][T19144] netlink: 'syz.0.3032': attribute type 1 has an invalid length. [ 607.340047][T19147] __nla_validate_parse: 6 callbacks suppressed [ 607.340059][T19147] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3032'. [ 607.612940][T19150] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3033'. [ 607.705852][T19144] bond2: entered promiscuous mode [ 607.709931][T19144] 8021q: adding VLAN 0 to HW filter on device bond2 [ 607.982770][T19154] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3034'. [ 608.003749][T19154] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3034'. [ 608.269188][T19163] binder: 19161:19163 ioctl 0 80000040 returned -22 [ 608.275645][T19163] binder: 19161:19163 ioctl c038563b 80000080 returned -22 [ 608.294458][T15721] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 608.297275][T15721] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 608.628957][ T40] audit: type=1326 audit(1760390424.824:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19155 comm="syz.2.3035" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70bd579 code=0x0 [ 609.149220][T19169] netlink: 'syz.3.3039': attribute type 3 has an invalid length. [ 609.151874][T19169] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3039'. [ 609.379454][T19188] fuse: Bad value for 'rootmode' [ 609.719493][T19177] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3040'. [ 610.038310][T19208] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3048'. [ 610.043488][T19208] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3048'. [ 610.096597][T19209] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3046'. [ 610.179849][T19213] Cannot find del_set index 2 as target [ 610.404969][T19222] FAULT_INJECTION: forcing a failure. [ 610.404969][T19222] name failslab, interval 1, probability 0, space 0, times 0 [ 610.409424][T19222] CPU: 1 UID: 0 PID: 19222 Comm: syz.3.3052 Not tainted syzkaller #0 PREEMPT(full) [ 610.409460][T19222] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 610.409471][T19222] Call Trace: [ 610.409477][T19222] [ 610.409484][T19222] dump_stack_lvl+0x16c/0x1f0 [ 610.409515][T19222] should_fail_ex+0x512/0x640 [ 610.409540][T19222] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 610.409568][T19222] should_failslab+0xc2/0x120 [ 610.409587][T19222] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 610.409609][T19222] ? d_lookup+0xe7/0x190 [ 610.409630][T19222] ? alloc_inode+0x64/0x240 [ 610.409651][T19222] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 610.409671][T19222] ? alloc_inode+0x64/0x240 [ 610.409687][T19222] alloc_inode+0x64/0x240 [ 610.409704][T19222] new_inode+0x22/0x1c0 [ 610.409725][T19222] __debugfs_create_file+0x11c/0x6b0 [ 610.409751][T19222] debugfs_create_file_full+0x41/0x60 [ 610.409775][T19222] ? __pfx_do_setup+0x10/0x10 [ 610.409801][T19222] ref_tracker_dir_debugfs+0x19d/0x290 [ 610.409819][T19222] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 610.409855][T19222] ? __kmalloc_noprof+0x34f/0x880 [ 610.409877][T19222] ? alloc_netdev_mqs+0xd7/0x1550 [ 610.409905][T19222] ? lockdep_init_map_type+0x5c/0x280 [ 610.409929][T19222] alloc_netdev_mqs+0x314/0x1550 [ 610.409959][T19222] internal_dev_create+0x8a/0x520 [ 610.409985][T19222] ovs_vport_add+0x147/0x4d0 [ 610.410012][T19222] new_vport+0x16/0x1d0 [ 610.410030][T19222] ovs_dp_cmd_new+0x6ba/0xe60 [ 610.410058][T19222] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 610.410084][T19222] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 610.410107][T19222] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 610.410131][T19222] genl_family_rcv_msg_doit+0x209/0x2f0 [ 610.410152][T19222] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 610.410179][T19222] ? bpf_lsm_capable+0x9/0x10 [ 610.410195][T19222] ? security_capable+0x7e/0x260 [ 610.410214][T19222] ? ns_capable+0xd7/0x110 [ 610.410241][T19222] genl_rcv_msg+0x55c/0x800 [ 610.410264][T19222] ? __pfx_genl_rcv_msg+0x10/0x10 [ 610.410284][T19222] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 610.410309][T19222] ? __lock_acquire+0x622/0x1c90 [ 610.410348][T19222] netlink_rcv_skb+0x158/0x420 [ 610.410375][T19222] ? __pfx_genl_rcv_msg+0x10/0x10 [ 610.410397][T19222] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 610.410438][T19222] ? netlink_deliver_tap+0x1ae/0xd30 [ 610.410469][T19222] genl_rcv+0x28/0x40 [ 610.410486][T19222] netlink_unicast+0x5aa/0x870 [ 610.410518][T19222] ? __pfx_netlink_unicast+0x10/0x10 [ 610.410557][T19222] netlink_sendmsg+0x8c8/0xdd0 [ 610.410589][T19222] ? __pfx_netlink_sendmsg+0x10/0x10 [ 610.410620][T19222] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 610.410642][T19222] ____sys_sendmsg+0xa98/0xc70 [ 610.410664][T19222] ? __pfx_____sys_sendmsg+0x10/0x10 [ 610.410681][T19222] ? get_compat_msghdr+0x11a/0x170 [ 610.410716][T19222] ___sys_sendmsg+0x134/0x1d0 [ 610.410743][T19222] ? __pfx____sys_sendmsg+0x10/0x10 [ 610.410779][T19222] ? find_held_lock+0x2b/0x80 [ 610.410819][T19222] __sys_sendmsg+0x16d/0x220 [ 610.410843][T19222] ? __pfx___sys_sendmsg+0x10/0x10 [ 610.410879][T19222] ? rcu_is_watching+0x12/0xc0 [ 610.410905][T19222] __do_fast_syscall_32+0x7c/0x300 [ 610.410933][T19222] do_fast_syscall_32+0x32/0x80 [ 610.410958][T19222] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 610.410979][T19222] RIP: 0023:0xf7f94579 [ 610.410992][T19222] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 610.411008][T19222] RSP: 002b:00000000f548655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 610.411023][T19222] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 610.411034][T19222] RDX: 0000000000004040 RSI: 0000000000000000 RDI: 0000000000000000 [ 610.411044][T19222] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 610.411054][T19222] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 610.411064][T19222] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 610.411094][T19222] [ 610.412467][T19222] debugfs: out of free dentries, can not create file 'netdev@ffff88804b8e8610' [ 610.557793][T19222] : entered promiscuous mode [ 610.868532][T19230] netlink: 7 bytes leftover after parsing attributes in process `syz.2.3055'. [ 611.200104][T19241] Cannot find del_set index 2 as target [ 611.510005][T19244] Cannot find del_set index 2 as target [ 612.221937][ T40] audit: type=1326 audit(1760390428.163:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19256 comm="syz.0.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 612.228630][ T40] audit: type=1326 audit(1760390428.163:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19256 comm="syz.0.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 612.235535][ T40] audit: type=1326 audit(1760390428.163:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19256 comm="syz.0.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=394 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 612.242080][ T40] audit: type=1326 audit(1760390428.163:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19256 comm="syz.0.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 612.248916][ T40] audit: type=1326 audit(1760390428.163:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19256 comm="syz.0.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 612.258417][ T40] audit: type=1326 audit(1760390428.163:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19256 comm="syz.0.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 612.265871][ T40] audit: type=1326 audit(1760390428.172:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19256 comm="syz.0.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 612.272499][ T40] audit: type=1326 audit(1760390428.172:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19256 comm="syz.0.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 612.279500][ T40] audit: type=1326 audit(1760390428.172:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19256 comm="syz.0.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 612.425349][T19272] misc userio: Invalid payload size [ 612.747598][T19277] Cannot find del_set index 2 as target [ 612.921101][T19280] dlm: plock device version mismatch: kernel (1.2.0), user (419430401.38.131584) [ 612.952697][T19284] batadv_slave_1: renamed from bridge0 (while UP) [ 614.155802][T19312] __nla_validate_parse: 5 callbacks suppressed [ 614.155819][T19312] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3078'. [ 614.172434][T19312] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3078'. [ 614.178736][T19314] binder: 19313:19314 ioctl c0306201 80000b80 returned -11 [ 614.629193][T19325] netlink: 'syz.0.3083': attribute type 3 has an invalid length. [ 614.631865][T19325] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3083'. [ 615.226908][T19349] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3087'. [ 615.339487][T19350] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3090'. [ 615.343671][T19350] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3090'. [ 615.353601][T19350] netlink: 31 bytes leftover after parsing attributes in process `syz.2.3090'. [ 615.390173][T19350] netlink: 'syz.2.3090': attribute type 3 has an invalid length. [ 615.396812][T19350] netlink: 'syz.2.3090': attribute type 2 has an invalid length. [ 615.399828][T19350] netlink: 31 bytes leftover after parsing attributes in process `syz.2.3090'. [ 615.403127][T19350] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3090'. [ 615.916936][T19358] netlink: 'syz.3.3092': attribute type 11 has an invalid length. [ 615.985074][ T40] kauditd_printk_skb: 31 callbacks suppressed [ 615.985085][ T40] audit: type=1804 audit(1760390431.708:1113): pid=19357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3091" name="/newroot/199/file0" dev="tmpfs" ino=1075 res=1 errno=0 [ 616.083126][T19355] /dev/sr0: Can't open blockdev [ 616.124026][T19366] binder: 19363:19366 ioctl 0 80000040 returned -22 [ 616.132513][T19366] binder: 19363:19366 ioctl c038563b 80000080 returned -22 [ 616.150434][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 616.152974][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 616.772010][T19378] Cannot find del_set index 2 as target [ 616.919601][T19382] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3099'. [ 616.922380][T19382] netlink: 'syz.2.3099': attribute type 6 has an invalid length. [ 616.924783][T19382] netlink: 'syz.2.3099': attribute type 6 has an invalid length. [ 618.135812][T19400] binder: 19396:19400 ioctl 0 80000040 returned -22 [ 618.138713][T19400] binder: 19396:19400 ioctl c038563b 80000080 returned -22 [ 618.148455][ T9647] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 619.114400][T19416] netlink: 'syz.3.3108': attribute type 3 has an invalid length. [ 619.136023][T19411] netlink: 'syz.1.3109': attribute type 3 has an invalid length. [ 619.172008][T19419] Cannot find del_set index 2 as target [ 620.218121][T19438] __nla_validate_parse: 4 callbacks suppressed [ 620.218138][T19438] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3115'. [ 620.522454][T19450] netlink: 'syz.2.3120': attribute type 3 has an invalid length. [ 620.524998][T19450] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3120'. [ 620.564265][T19456] Cannot find del_set index 2 as target [ 621.386888][T19471] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3124'. [ 621.447687][T19475] binder: 19472:19475 ioctl 0 80000040 returned -22 [ 621.456432][T19475] binder: 19472:19475 ioctl c038563b 80000080 returned -22 [ 622.087621][T19479] Cannot find del_set index 2 as target [ 622.282066][T19482] binder: 19480:19482 ioctl 0 80000040 returned -22 [ 622.284845][T19482] binder: 19480:19482 ioctl c038563b 80000080 returned -22 [ 622.336835][ T1145] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 622.391655][T19486] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3128'. [ 622.499273][T19487] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 622.578029][T19487] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3128'. [ 623.097577][T19504] netlink: 'syz.2.3130': attribute type 3 has an invalid length. [ 623.100134][T19504] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3130'. [ 623.211768][T19511] Cannot find del_set index 2 as target [ 623.248968][T19512] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3133'. [ 623.486591][T19518] binder: 19516:19518 ioctl 0 80000040 returned -22 [ 623.491767][T19518] binder: 19516:19518 ioctl c038563b 80000080 returned -22 [ 623.889830][T19531] netlink: 'syz.1.3140': attribute type 3 has an invalid length. [ 623.893269][T19531] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3140'. [ 624.315490][T19555] binder: 19553:19555 ioctl 0 80000040 returned -22 [ 624.343658][T19555] binder: 19553:19555 ioctl c038563b 80000080 returned -22 [ 624.513233][T19560] binder: 19557:19560 ioctl 0 80000040 returned -22 [ 624.518069][T19560] binder: 19557:19560 ioctl c038563b 80000080 returned -22 [ 625.890333][T19570] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3145'. [ 626.110833][T19576] binder: 19572:19576 ioctl 0 80000040 returned -22 [ 626.116600][T19576] binder: 19572:19576 ioctl c038563b 80000080 returned -22 [ 626.170297][T19578] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 626.176970][ T1145] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 626.964740][T19578] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3145'. [ 627.216064][T19594] Cannot find del_set index 2 as target [ 627.225654][T19591] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 627.229272][T19591] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 627.287403][T19597] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3152'. [ 627.318320][T19598] binder: 19595:19598 ioctl 0 80000040 returned -22 [ 627.327680][T19598] binder: 19595:19598 ioctl c038563b 80000080 returned -22 [ 627.344767][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 627.348331][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 627.573782][ T34] usb 8-1: new low-speed USB device number 10 using dummy_hcd [ 627.743911][ T34] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 627.763429][T19600] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3155'. [ 627.763499][ T34] usb 8-1: config 0 has no interface number 0 [ 627.811369][ T34] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 627.826704][ T34] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 627.850307][ T34] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 627.866874][ T34] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 627.891130][ T34] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 627.919695][ T34] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 627.938599][ T34] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 627.960863][ T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.056724][ T34] usb 8-1: config 0 descriptor?? [ 628.082430][T19597] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 628.133330][T19597] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 628.334499][ T34] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 628.372353][T19610] Cannot find del_set index 2 as target [ 628.409551][T19606] comedi comedi1: comedi_config --init_data is deprecated [ 628.864173][T19614] : renamed from bond_slave_0 [ 629.088661][T19616] tmpfs: Unknown parameter 'hash' [ 629.180252][T19618] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3161'. [ 629.274213][T19622] binder: 19620:19622 ioctl 0 80000040 returned -22 [ 629.280336][T19622] binder: 19620:19622 ioctl c038563b 80000080 returned -22 [ 629.342061][T19616] random: crng reseeded on system resumption [ 629.683013][ T40] audit: type=1800 audit(1760390444.523:1114): pid=19630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3163" name="bus" dev="overlay" ino=1096 res=0 errno=0 [ 629.731033][T19633] binder: 19631:19633 ioctl 0 80000040 returned -22 [ 629.737462][T19633] binder: 19631:19633 ioctl c038563b 80000080 returned -22 [ 630.549130][ T24] usb 8-1: USB disconnect, device number 10 [ 630.612724][ T24] ldusb 8-1:0.55: LD USB Device #0 now disconnected [ 630.718707][T19644] netlink: 'syz.1.3167': attribute type 3 has an invalid length. [ 630.721165][T19644] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3167'. [ 630.768397][T19651] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3170'. [ 630.861711][T19649] netlink: 'syz.2.3171': attribute type 3 has an invalid length. [ 630.864564][T19649] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3171'. [ 630.940968][T19640] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 630.946042][T19659] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 630.965834][T19669] Cannot find del_set index 2 as target [ 631.010522][T19659] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3170'. [ 631.419643][ T40] audit: type=1800 audit(1760390446.151:1115): pid=19678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3176" name="bus" dev="overlay" ino=1217 res=0 errno=0 [ 632.303490][T19692] netlink: 'syz.2.3180': attribute type 3 has an invalid length. [ 632.305931][T19692] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3180'. [ 632.387913][T19693] : renamed from bond_slave_0 [ 632.399644][T19698] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3181'. [ 632.435515][T19698] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3181'. [ 632.748041][T19717] Cannot find del_set index 2 as target [ 633.246065][T19737] netlink: 'syz.1.3190': attribute type 3 has an invalid length. [ 633.254733][T19737] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3190'. [ 633.263227][T19743] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3188'. [ 633.277573][T19743] batadv1: entered allmulticast mode [ 633.293902][T19746] FAULT_INJECTION: forcing a failure. [ 633.293902][T19746] name failslab, interval 1, probability 0, space 0, times 0 [ 633.299587][T19748] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3191'. [ 633.303996][T19746] CPU: 2 UID: 0 PID: 19746 Comm: syz.1.3192 Not tainted syzkaller #0 PREEMPT(full) [ 633.304020][T19746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 633.304032][T19746] Call Trace: [ 633.304039][T19746] [ 633.304047][T19746] dump_stack_lvl+0x16c/0x1f0 [ 633.304077][T19746] should_fail_ex+0x512/0x640 [ 633.304120][T19746] ? __kmalloc_cache_noprof+0x5f/0x780 [ 633.304147][T19746] should_failslab+0xc2/0x120 [ 633.304188][T19746] __kmalloc_cache_noprof+0x72/0x780 [ 633.304212][T19746] ? assoc_array_insert+0x2fa/0x3970 [ 633.304237][T19746] ? assoc_array_insert+0x2fa/0x3970 [ 633.304256][T19746] assoc_array_insert+0x2fa/0x3970 [ 633.304289][T19746] ? __pfx_assoc_array_insert+0x10/0x10 [ 633.304307][T19746] ? key_instantiate_and_link+0x398/0x4b0 [ 633.304335][T19746] ? down_write+0x14d/0x200 [ 633.304353][T19746] ? __pfx_down_write+0x10/0x10 [ 633.304374][T19746] __key_link_begin+0xf5/0x260 [ 633.304399][T19746] key_link+0x103/0x310 [ 633.304424][T19746] ? __pfx_key_link+0x10/0x10 [ 633.304450][T19746] ? keyring_alloc+0x8e/0xc0 [ 633.304476][T19746] call_sbin_request_key+0x3dd/0xda0 [ 633.304503][T19746] ? __pfx_call_sbin_request_key+0x10/0x10 [ 633.304527][T19746] ? key_alloc+0xac0/0x1330 [ 633.304550][T19746] ? __pfx_key_instantiate_and_link+0x10/0x10 [ 633.304593][T19746] ? __pfx_request_key_auth_new+0x10/0x10 [ 633.304624][T19746] ? __pfx_call_sbin_request_key+0x10/0x10 [ 633.304645][T19746] request_key_and_link+0xeb1/0x1370 [ 633.304671][T19746] ? __pfx_request_key_and_link+0x10/0x10 [ 633.304691][T19746] ? __pfx___might_resched+0x10/0x10 [ 633.304715][T19746] ? find_held_lock+0x2b/0x80 [ 633.304742][T19746] ? __pfx_asymmetric_key_cmp_name+0x10/0x10 [ 633.304762][T19746] ? __pfx_keyring_search_iterator+0x10/0x10 [ 633.304790][T19746] ? _copy_from_user+0x59/0xd0 [ 633.304813][T19746] __do_sys_request_key+0x23a/0x3d0 [ 633.304842][T19746] ? __pfx___do_sys_request_key+0x10/0x10 [ 633.304872][T19746] ? ksys_write+0x1ac/0x250 [ 633.304903][T19746] ? rcu_is_watching+0x12/0xc0 [ 633.304932][T19746] __do_fast_syscall_32+0x7c/0x300 [ 633.304961][T19746] do_fast_syscall_32+0x32/0x80 [ 633.304988][T19746] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 633.305010][T19746] RIP: 0023:0xf708d579 [ 633.305025][T19746] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 633.305041][T19746] RSP: 002b:00000000f547d55c EFLAGS: 00000296 ORIG_RAX: 000000000000011f [ 633.305059][T19746] RAX: ffffffffffffffda RBX: 0000000080000040 RCX: 0000000080001ffb [ 633.305070][T19746] RDX: 0000000080001fee RSI: 0000000000000000 RDI: 0000000000000000 [ 633.305081][T19746] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 633.305091][T19746] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 633.305101][T19746] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 633.305126][T19746] [ 633.327495][T19749] input: syz1 as /devices/virtual/input/input32 [ 633.358000][T19751] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3194'. [ 633.662227][T19766] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3199'. [ 633.917173][T19782] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3206'. [ 633.920065][T19782] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 634.596005][T19800] Cannot find del_set index 2 as target [ 634.919250][T19810] binder: 19808:19810 ioctl 0 80000040 returned -22 [ 634.922106][T19810] binder: 19808:19810 ioctl c038563b 80000080 returned -22 [ 634.934902][ T59] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 634.947879][ C2] ------------[ cut here ]------------ [ 634.949570][ C2] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0 [ 634.952944][ C2] WARNING: CPU: 2 PID: 17476 at net/mac80211/rate.c:401 __rate_control_send_low+0x667/0x780 [ 634.956832][ C2] Modules linked in: [ 634.958701][ C2] CPU: 2 UID: 0 PID: 17476 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 634.963161][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 634.966487][ C2] RIP: 0010:__rate_control_send_low+0x667/0x780 [ 634.968342][ C2] Code: a4 a0 d4 00 00 00 e8 88 e4 e3 f6 44 8b 44 24 24 45 89 e9 89 d9 48 8b 74 24 08 44 89 e2 48 c7 c7 e0 51 e4 8c e8 ca 68 a2 f6 90 <0f> 0b 90 90 e9 20 fd ff ff 48 8b 3c 24 e8 e7 75 4b f7 e9 f5 fc ff [ 634.974319][ C2] RSP: 0018:ffffc90000538930 EFLAGS: 00010282 [ 634.976214][ C2] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817b2e58 [ 634.978571][ C2] RDX: ffff888023dd8000 RSI: ffffffff817b2e65 RDI: 0000000000000001 [ 634.981421][ C2] RBP: ffff8880452588e8 R08: 0000000000000001 R09: 0000000000000000 [ 634.984321][ C2] R10: 0000000000000000 R11: 0000000000000001 R12: 00000000ffffffff [ 634.986736][ C2] R13: 0000000000000000 R14: 000000000000000c R15: ffff8880452588f0 [ 634.989168][ C2] FS: 0000000000000000(0000) GS:ffff8880979e1000(0063) knlGS:0000000056e7e440 [ 634.991683][ C2] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 634.993554][ C2] CR2: 00000000fff37d80 CR3: 0000000066ad9000 CR4: 0000000000352ef0 [ 634.996086][ C2] Call Trace: [ 634.997247][ C2] [ 634.998209][ C2] rate_control_send_low+0x52a/0x810 [ 634.999823][ C2] ? kmalloc_reserve+0x18b/0x2c0 [ 635.001332][ C2] rate_control_get_rate+0x1be/0x5e0 [ 635.002864][ C2] ieee80211_beacon_get_finish+0x467/0x670 [ 635.004773][ C2] ? __pfx_ieee80211_beacon_get_finish+0x10/0x10 [ 635.006689][ C2] __ieee80211_beacon_get+0xc56/0x1e40 [ 635.008341][ C2] ? __lock_acquire+0xb8a/0x1c90 [ 635.009866][ C2] ieee80211_beacon_get_tim+0xa6/0x280 [ 635.011570][ C2] ? __pfx_ieee80211_beacon_get_tim+0x10/0x10 [ 635.013582][ C2] mac80211_hwsim_beacon_tx+0x4dc/0xa40 [ 635.015845][ C2] __iterate_interfaces+0x2e5/0x650 [ 635.018042][ C2] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 635.020572][ C2] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 635.023070][ C2] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 635.025586][ C2] ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 [ 635.028419][ C2] mac80211_hwsim_beacon+0x105/0x1b0 [ 635.030534][ C2] __hrtimer_run_queues+0x202/0xad0 [ 635.032192][ C2] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 635.033981][ C2] ? read_tsc+0x9/0x20 [ 635.035252][ C2] hrtimer_run_softirq+0x17d/0x350 [ 635.036840][ C2] handle_softirqs+0x219/0x8e0 [ 635.038357][ C2] ? __pfx_handle_softirqs+0x10/0x10 [ 635.040030][ C2] __irq_exit_rcu+0x109/0x170 [ 635.041490][ C2] irq_exit_rcu+0x9/0x30 [ 635.042826][ C2] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 635.044583][ C2] [ 635.045495][ C2] [ 635.046467][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 635.048456][ C2] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 [ 635.051063][ C2] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 26 f1 32 f6 48 89 df e8 0e 45 33 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 01 00 00 00 e8 c5 4f 23 f6 65 8b 05 7e 45 3e 08 85 c0 74 16 5b [ 635.056960][ C2] RSP: 0018:ffffc9000322fb90 EFLAGS: 00000246 [ 635.058800][ C2] RAX: 0000000000000006 RBX: ffff88807ffd7180 RCX: 0000000000000006 [ 635.061215][ C2] RDX: 0000000000000000 RSI: ffffffff8db0011e RDI: ffffffff8bf1e7c0 [ 635.063663][ C2] RBP: 0000000000000293 R08: 0000000000000001 R09: 0000000000000001 [ 635.066685][ C2] R10: ffffffff908363d7 R11: ffff88807ffd6d18 R12: ffff88807ffd6b80 [ 635.069187][ C2] R13: 0000000000000009 R14: ffff88807ffd7178 R15: 000000000000003f [ 635.072077][ C2] free_frozen_page_commit+0x7d8/0x1320 [ 635.074038][ C2] __free_frozen_pages+0x7fd/0x1160 [ 635.075690][ C2] __put_partials+0x130/0x170 [ 635.077191][ C2] qlist_free_all+0x4d/0x120 [ 635.078903][ C2] kasan_quarantine_reduce+0x195/0x1e0 [ 635.080574][ C2] __kasan_slab_alloc+0x69/0x90 [ 635.082198][ C2] kmem_cache_alloc_noprof+0x250/0x6e0 [ 635.084127][ C2] ? getname_flags.part.0+0x4c/0x550 [ 635.086250][ C2] ? getname_flags.part.0+0x4c/0x550 [ 635.087924][ C2] getname_flags.part.0+0x4c/0x550 [ 635.089779][ C2] getname_flags+0x93/0xf0 [ 635.091245][ C2] user_path_at+0x24/0x60 [ 635.093053][ C2] __ia32_sys_umount+0x109/0x190 [ 635.095489][ C2] ? __pfx___ia32_sys_umount+0x10/0x10 [ 635.097570][ C2] ? rcu_is_watching+0x12/0xc0 [ 635.099183][ C2] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 635.101749][ C2] __do_fast_syscall_32+0x7c/0x300 [ 635.103913][ C2] do_fast_syscall_32+0x32/0x80 [ 635.105512][ C2] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 635.108219][ C2] RIP: 0023:0xf704d579 [ 635.110488][ C2] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 635.118568][ C2] RSP: 002b:00000000fff37658 EFLAGS: 00000292 ORIG_RAX: 0000000000000034 [ 635.121386][ C2] RAX: ffffffffffffffda RBX: 00000000fff38794 RCX: 0000000000000009 [ 635.123959][ C2] RDX: 00000000f73e5ff4 RSI: 00000000f7236ae8 RDI: 00000000fff38794 [ 635.126497][ C2] RBP: 00000000000001dd R08: 0000000000000000 R09: 0000000000000000 [ 635.129084][ C2] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 635.131865][ C2] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 635.134576][ C2] [ 635.135701][ C2] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 635.137929][ C2] CPU: 2 UID: 0 PID: 17476 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 635.140859][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 635.144247][ C2] Call Trace: [ 635.145307][ C2] [ 635.146222][ C2] dump_stack_lvl+0x3d/0x1f0 [ 635.147682][ C2] vpanic+0x640/0x6f0 [ 635.148950][ C2] ? __rate_control_send_low+0x667/0x780 [ 635.150709][ C2] panic+0xca/0xd0 [ 635.151945][ C2] ? __pfx_panic+0x10/0x10 [ 635.153360][ C2] ? check_panic_on_warn+0x1f/0xb0 [ 635.154965][ C2] check_panic_on_warn+0xab/0xb0 [ 635.156468][ C2] __warn+0xf6/0x3c0 [ 635.157651][ C2] ? __pfx_vprintk_emit+0x10/0x10 [ 635.159198][ C2] ? __rate_control_send_low+0x667/0x780 [ 635.160943][ C2] report_bug+0x3c3/0x580 [ 635.162319][ C2] ? __rate_control_send_low+0x667/0x780 [ 635.164086][ C2] handle_bug+0x184/0x210 [ 635.165460][ C2] exc_invalid_op+0x17/0x50 [ 635.166881][ C2] asm_exc_invalid_op+0x1a/0x20 [ 635.168326][ C2] RIP: 0010:__rate_control_send_low+0x667/0x780 [ 635.170175][ C2] Code: a4 a0 d4 00 00 00 e8 88 e4 e3 f6 44 8b 44 24 24 45 89 e9 89 d9 48 8b 74 24 08 44 89 e2 48 c7 c7 e0 51 e4 8c e8 ca 68 a2 f6 90 <0f> 0b 90 90 e9 20 fd ff ff 48 8b 3c 24 e8 e7 75 4b f7 e9 f5 fc ff [ 635.175896][ C2] RSP: 0018:ffffc90000538930 EFLAGS: 00010282 [ 635.177751][ C2] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817b2e58 [ 635.180130][ C2] RDX: ffff888023dd8000 RSI: ffffffff817b2e65 RDI: 0000000000000001 [ 635.182551][ C2] RBP: ffff8880452588e8 R08: 0000000000000001 R09: 0000000000000000 [ 635.185344][ C2] R10: 0000000000000000 R11: 0000000000000001 R12: 00000000ffffffff [ 635.187634][ C2] R13: 0000000000000000 R14: 000000000000000c R15: ffff8880452588f0 [ 635.189876][ C2] ? __warn_printk+0x198/0x350 [ 635.191301][ C2] ? __warn_printk+0x1a5/0x350 [ 635.192813][ C2] rate_control_send_low+0x52a/0x810 [ 635.194456][ C2] ? kmalloc_reserve+0x18b/0x2c0 [ 635.195955][ C2] rate_control_get_rate+0x1be/0x5e0 [ 635.197518][ C2] ieee80211_beacon_get_finish+0x467/0x670 [ 635.199289][ C2] ? __pfx_ieee80211_beacon_get_finish+0x10/0x10 [ 635.201279][ C2] __ieee80211_beacon_get+0xc56/0x1e40 [ 635.202996][ C2] ? __lock_acquire+0xb8a/0x1c90 [ 635.204616][ C2] ieee80211_beacon_get_tim+0xa6/0x280 [ 635.206261][ C2] ? __pfx_ieee80211_beacon_get_tim+0x10/0x10 [ 635.208071][ C2] mac80211_hwsim_beacon_tx+0x4dc/0xa40 [ 635.209815][ C2] __iterate_interfaces+0x2e5/0x650 [ 635.211466][ C2] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 635.213367][ C2] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 635.215292][ C2] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 635.217113][ C2] ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 [ 635.219195][ C2] mac80211_hwsim_beacon+0x105/0x1b0 [ 635.220835][ C2] __hrtimer_run_queues+0x202/0xad0 [ 635.222457][ C2] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 635.224161][ C2] ? read_tsc+0x9/0x20 [ 635.225301][ C2] hrtimer_run_softirq+0x17d/0x350 [ 635.226714][ C2] handle_softirqs+0x219/0x8e0 [ 635.228140][ C2] ? __pfx_handle_softirqs+0x10/0x10 [ 635.229743][ C2] __irq_exit_rcu+0x109/0x170 [ 635.231157][ C2] irq_exit_rcu+0x9/0x30 [ 635.232484][ C2] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 635.234187][ C2] [ 635.235105][ C2] [ 635.236022][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 635.237819][ C2] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 [ 635.239747][ C2] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 26 f1 32 f6 48 89 df e8 0e 45 33 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 01 00 00 00 e8 c5 4f 23 f6 65 8b 05 7e 45 3e 08 85 c0 74 16 5b [ 635.245499][ C2] RSP: 0018:ffffc9000322fb90 EFLAGS: 00000246 [ 635.247309][ C2] RAX: 0000000000000006 RBX: ffff88807ffd7180 RCX: 0000000000000006 [ 635.249640][ C2] RDX: 0000000000000000 RSI: ffffffff8db0011e RDI: ffffffff8bf1e7c0 [ 635.252064][ C2] RBP: 0000000000000293 R08: 0000000000000001 R09: 0000000000000001 [ 635.254526][ C2] R10: ffffffff908363d7 R11: ffff88807ffd6d18 R12: ffff88807ffd6b80 [ 635.256892][ C2] R13: 0000000000000009 R14: ffff88807ffd7178 R15: 000000000000003f [ 635.259276][ C2] free_frozen_page_commit+0x7d8/0x1320 [ 635.261032][ C2] __free_frozen_pages+0x7fd/0x1160 [ 635.262680][ C2] __put_partials+0x130/0x170 [ 635.264213][ C2] qlist_free_all+0x4d/0x120 [ 635.265675][ C2] kasan_quarantine_reduce+0x195/0x1e0 [ 635.267390][ C2] __kasan_slab_alloc+0x69/0x90 [ 635.268845][ C2] kmem_cache_alloc_noprof+0x250/0x6e0 [ 635.270448][ C2] ? getname_flags.part.0+0x4c/0x550 [ 635.272113][ C2] ? getname_flags.part.0+0x4c/0x550 [ 635.273712][ C2] getname_flags.part.0+0x4c/0x550 [ 635.275275][ C2] getname_flags+0x93/0xf0 [ 635.276767][ C2] user_path_at+0x24/0x60 [ 635.278097][ C2] __ia32_sys_umount+0x109/0x190 [ 635.279544][ C2] ? __pfx___ia32_sys_umount+0x10/0x10 [ 635.281158][ C2] ? rcu_is_watching+0x12/0xc0 [ 635.282633][ C2] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 635.284796][ C2] __do_fast_syscall_32+0x7c/0x300 [ 635.286344][ C2] do_fast_syscall_32+0x32/0x80 [ 635.287820][ C2] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 635.289724][ C2] RIP: 0023:0xf704d579 [ 635.290962][ C2] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 635.296706][ C2] RSP: 002b:00000000fff37658 EFLAGS: 00000292 ORIG_RAX: 0000000000000034 [ 635.299246][ C2] RAX: ffffffffffffffda RBX: 00000000fff38794 RCX: 0000000000000009 [ 635.301623][ C2] RDX: 00000000f73e5ff4 RSI: 00000000f7236ae8 RDI: 00000000fff38794 [ 635.303998][ C2] RBP: 00000000000001dd R08: 0000000000000000 R09: 0000000000000000 [ 635.306234][ C2] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 635.308659][ C2] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 635.311082][ C2] [ 635.312759][ C2] Kernel Offset: disabled [ 635.314095][ C2] Rebooting in 86400 seconds.. VM DIAGNOSIS: 21:08:27 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000001 RBX=ffff88802b23a4c0 RCX=0000000000000100 RDX=0000000000000001 RSI=0000000000000002 RDI=ffff88802b23a4c2 RBP=dffffc0000000000 RSP=ffffc90007bafb68 R8 =0000000000000001 R9 =ffff88802b23b414 R10=ffff88802b23a4c3 R11=0000000000000001 R12=0000000000007fe4 R13=0000000000000000 R14=ffff88802b23b400 R15=ffffed1005647498 RIP=ffffffff8b65c208 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977e1000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002e8eeffc CR3=0000000027120000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff888020cb8000 RCX=0000000000000001 RDX=0000000000000000 RSI=00000000ffffffff RDI=ffff88802b23a4d8 RBP=ffff88802050c900 RSP=ffffc9000473f7b0 R8 =0000000000004d61 R9 =0000000000000001 R10=ffff88802050c907 R11=0000000000000001 R12=ffff88802050c900 R13=00000000ffffffff R14=ffff88802b33a4c0 R15=ffff88802b33a4c0 RIP=ffffffff8b62f625 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978e1000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080002138 CR3=0000000027120000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001b800000000 0000000800000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff852db115 RDI=ffffffff9adf1e40 RBP=ffffffff9adf1e00 RSP=ffffc900005382a0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9adf1e00 R15=ffffffff852db0b0 RIP=ffffffff852db13f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880979e1000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000fff37d80 CR3=0000000066ad9000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000001 RBX=ffffea000192e574 RCX=ffffffff820a814c RDX=fffff94000325caf RSI=0000000000000004 RDI=ffffea000192e574 RBP=0000000000000082 RSP=ffffc9000d49f658 R8 =0000000000000001 R9 =fffff94000325cae R10=ffffea000192e577 R11=0000000000000001 R12=ffffea000192e540 R13=ffffea000192e530 R14=ffffea000192e540 R15=dffffc0000000000 RIP=ffffffff820a814f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097ae1000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f855c0 CR3=00000000625a1000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000