last executing test programs: 5.967690984s ago: executing program 2 (id=449): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'ip_vti0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x8, 0x40, 0x2, 0x10001, {{0x16, 0x4, 0x2, 0x0, 0x58, 0x66, 0x0, 0xa, 0x4, 0x0, @local, @dev={0xac, 0x14, 0x14, 0x30}, {[@timestamp_addr={0x44, 0x44, 0x89, 0x1, 0x4, [{@private=0xa010100, 0x6}, {@empty, 0x3}, {@multicast1}, {@loopback}, {@multicast2, 0x8}, {@private=0xa010102, 0x2}, {@private=0xa010102, 0xfffff800}, {@loopback, 0x7}]}]}}}}}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlink={0x24, 0x10, 0x400, 0x0, 0x0, {0x0, 0x0, 0x74, r1, 0x80}, [@IFLA_AF_SPEC={0x4}]}, 0x24}}, 0x4000010) accept4$x25(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x3, 0xc, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2) r6 = syz_open_dev$loop(&(0x7f0000000440), 0x7, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) r8 = syz_open_dev$loop(&(0x7f0000000040), 0x8f, 0x0) ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f0000001280)={r7, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x20000000000004, 0x0, 0x0, 0xe, 0xd, "fee8a2ab78fc179fd1f8a0e91ddaaca7ca64c6a4b4e00d9683dda1af01000000deff1200100000000000000000000000000800", "2809e8dbe1b22d0000b420a1a93c7540f476779e0117613dd4070000030000000000000000000000000000000800000000faffffff00", "e7460000102000000000e4440000002000000000000000000000008bd02800", [0xe4]}}) ioctl$LOOP_CHANGE_FD(r8, 0x4c06, r6) fanotify_init(0x20, 0x800) setgroups(0x0, 0x0) msgrcv(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1000) syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x425b}, &(0x7f0000000240)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000004c0)=@IORING_OP_STATX={0x15, 0x8, 0x0, 0xffffffffffffffff, &(0x7f0000000500), &(0x7f0000000480)='./file0\x00', 0x20}) socket$alg(0x26, 0x5, 0x0) 5.407104731s ago: executing program 0 (id=454): llistxattr(&(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)=""/66, 0x42) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r2, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) read$FUSE(r4, &(0x7f0000002a00)={0x2020}, 0x2020) write$FUSE_CREATE_OPEN(r4, 0x0, 0xfffffedb) sendfile(r4, r4, &(0x7f0000000080), 0x7f03) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) io_setup(0x2e, &(0x7f0000000100)=0x0) io_submit(r6, 0x1, &(0x7f00000001c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000140)='^', 0x1}]) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000001500010300000000000000000c0000000800040001"], 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000) 5.36164743s ago: executing program 1 (id=455): mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYRES16=0x0], 0x10}, 0x8000) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x844}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) fcntl$addseals(r2, 0x409, 0xc) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x854239e56bfbee90, r5, 0x85a7a000) ioperm(0x284, 0x7f, 0xe3) (async) ioperm(0x284, 0x7f, 0xe3) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a300000000040000000030a01080000000000000000010000000900030073797a32000000001400048008000240fffffffe08000140000000030900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d657461000000001400028008000140000000120800024000000015140000001100010000000000000000000000000a43e31f8e12600a44901b025c7a677cabe84b71b5212193e8194554c9ef434d6c323c028a02dc5dd58a16e51547616e78fc053de2eb533c99cb5ef9c8d5df1e4a019e579248daf311b8a2cc9a74bcf0e37b1ea45ae2a7eef9aa0f54"], 0xd8}}, 0x0) (async) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a300000000040000000030a01080000000000000000010000000900030073797a32000000001400048008000240fffffffe08000140000000030900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d657461000000001400028008000140000000120800024000000015140000001100010000000000000000000000000a43e31f8e12600a44901b025c7a677cabe84b71b5212193e8194554c9ef434d6c323c028a02dc5dd58a16e51547616e78fc053de2eb533c99cb5ef9c8d5df1e4a019e579248daf311b8a2cc9a74bcf0e37b1ea45ae2a7eef9aa0f54"], 0xd8}}, 0x0) ioperm(0x7fffffff, 0x1, 0x8) (async) ioperm(0x7fffffff, 0x1, 0x8) socket$netlink(0x10, 0x3, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="280000000600000029000000b9"], 0x28}}], 0x1, 0x44010) r7 = io_uring_setup(0x2c48, &(0x7f0000000280)={0x0, 0xdfc8, 0x80, 0x2, 0x1af}) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r7, 0x18, &(0x7f0000000000), 0x1) (async) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r7, 0x18, &(0x7f0000000000), 0x1) r8 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r8) (async) r9 = dup(r8) write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xfffffd2c) (async) write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xfffffd2c) 5.061852249s ago: executing program 2 (id=457): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0xa101, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x13, 0x0, &(0x7f0000000c00)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB], 0x30}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_open_dev$radio(&(0x7f0000000100), 0x0, 0x2) ioctl$VIDIOC_S_TUNER(r6, 0x4054561e, 0x0) r7 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)={0xa4, r7, 0x405, 0x70bd27, 0x25dfdbfd, {}, [{{0x8, 0x1, r8}, {0x88, 0x2, 0x0, 0x1, [{0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x402}}, {0x8}}}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) vmsplice(r2, &(0x7f00000001c0), 0x0, 0x1) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000ff0f0076beaf00d72a33c1967c061800"/31, @ANYRES32=0x0, @ANYBLOB="06610300000000001400030076657468315f746f5f6261746164760008000a00", @ANYRES32=r10, @ANYBLOB], 0x3c}}, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000440)={0x0, 0xa1ff, &(0x7f0000000400)={&(0x7f0000000280)={0x34, r3, 0x1, 0x0, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'team0\x00'}}}}}, 0x34}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r11 = socket(0x10, 0x803, 0x0) sendto(r11, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(0xffffffffffffffff) 4.715175275s ago: executing program 1 (id=458): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000000c0)={0x80000018}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x10000, 0x1, 0x8000000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f0000000440), 0x4) bind$inet(r6, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r6, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x63}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000380)=@gcm_256={{0x304}, "e49e951bfb0c065a", "0ee52035783e8665be4f0298d525dfbff20b621fb95fa5c2df2922bedea9e057", "04deb67f", "bd131d021da991c3"}, 0x38) r7 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001c00110c0000001400000f0007000000", @ANYRES32=r8, @ANYBLOB="800202000a0002"], 0x48}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 4.466253813s ago: executing program 0 (id=461): ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000200)) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000440)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000480)) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000020940)=0x0, &(0x7f00000001c0)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r5, 0x112, 0xb, 0x0, 0x27) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002fc0)={0x2020}, 0x2020) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$inet(0x2, 0x4, 0x6) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x5}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a8c000000060a0b040000000000000000020000400900020073797a32000000000900010073797a30000000006000048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000c080003400000001720000180070001007274"], 0xb4}}, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000380)={0x0, 'bridge_slave_0\x00', {}, 0x1ff}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x8, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) pipe(&(0x7f00000000c0)) r9 = socket$kcm(0x11, 0x3, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x30, 0x3e, 0x1, 0x80000, 0x0, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x10, 0x0, 0x1, [@nested={0x4, 0xb}]}]}, @typed={0xc, 0x2, 0x0, 0x0, @u64}]}, 0x30}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) setsockopt$sock_attach_bpf(r9, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r9, &(0x7f0000000080)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f00000002c0)=[{0x0}], 0x1}, 0x0) getsockopt$inet_mreqsrc(r6, 0x0, 0x28, &(0x7f0000000280)={@local, @empty, @loopback}, &(0x7f0000000240)=0xc) 4.095978725s ago: executing program 2 (id=462): openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd/3\x00') r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_any}, {@loose}, {@cache_none}, {@access_client}, {@msize={'msize', 0x3d, 0x7f}}, {@access_any}, {@version_u}, {@noxattr}]}}) 3.967318068s ago: executing program 2 (id=463): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1) syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) r1 = dup(r0) read$FUSE(r1, &(0x7f00000008c0)={0x2020}, 0x2020) 3.875953428s ago: executing program 0 (id=464): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0) ioctl$TCSETSW2(r0, 0x5425, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x240000c0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x34, r4, 0x1, 0x70bd2f, 0xfffffffc, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x18, 0x11d, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x4f}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4044000}, 0x200408dc) sendmsg$NL80211_CMD_GET_POWER_SAVE(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r4, 0x18, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x2, 0x1e}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4080}, 0x1) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) r6 = shmget$private(0x0, 0x3000, 0x1000, &(0x7f0000ffc000/0x3000)=nil) shmctl$SHM_STAT_ANY(r6, 0xf, &(0x7f0000000280)=""/73) 3.875145751s ago: executing program 1 (id=465): openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) (async) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) (async) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r2, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r2, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x4c}}, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r9, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40) (async) sendmsg$NFT_BATCH(r9, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40) sendmsg$NFT_BATCH(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d65b"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40) close(0x3) (async) close(0x3) 3.635147614s ago: executing program 1 (id=466): syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r0, &(0x7f0000000100)=[{&(0x7f00000000c0)='4', 0x1}], 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)={0x74, 0x2, 0x1, 0x401, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x9}, @CTA_PROTOINFO={0x0, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x0, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_STATE={0x0, 0x1, 0x77}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x0, 0x3, 0x1, 0x0, 0x4}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x0, 0x3, 0x1, 0x0, 0x27ea}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x0, 0x2, 0x1, 0x0, 0xbb3e}, @CTA_PROTOINFO_SCTP_VTAG_REPLY, @CTA_PROTOINFO_SCTP_STATE={0x0, 0x1, 0x1}, @CTA_PROTOINFO_SCTP_STATE={0x0, 0x1, 0xf}]}}]}, 0x24}}, 0x24048010) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001500010328bd7000fbdbdf250c000004"], 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000) r4 = syz_open_dev$I2C(&(0x7f0000000040), 0x7f9f, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0) ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x0}) r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r5, &(0x7f0000000200)=[{&(0x7f0000000240)="396f6f4c43ed972434a35461f35e69c932ee130e87834faf2c2156fff2745e79cf26c8984800fc5878b9683debd4415ee27a312ff1ce721a026cda24899b378317e82f5d553840283b17926f6ac83e", 0x4f}], 0x1) 3.619358781s ago: executing program 0 (id=467): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) r2 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0) ioctl$I2C_PEC(r2, 0x708, 0x7) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0}) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@broadcast, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x0, 0x2, 0xb7, 0xffffffff}}, 0xe4) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x9000000) 3.555241201s ago: executing program 3 (id=469): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000049c0)={0x3, 0x5, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x22}, @call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000400)={{{@in=@broadcast}}, {{@in=@local}, 0x0, @in=@initdev}}, &(0x7f0000000040)=0xe4) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=@delsa={0x124, 0x11, 0x8, 0x70bd28, 0x25dfdbfc, {@in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4d6, 0xa, 0x33}, [@tmpl={0x4}, @algo_crypt={0x48, 0x2, {{'ctr(blowfish)\x00'}}}, @algo_auth_trunc={0x99, 0x14, {{'blake2b-512-generic\x00'}, 0x268, 0x60, "534f20190b54757c6ca1817c3af32f97c4b5f4da072cc7a6ea146ec07b5e0a9f5ee5dd6b5e23383b5b60ea38cab428d699b888936c1130beae9875d189c4ed98df482829ea24b1c6423aeeb74d"}}, @lastused={0xc, 0xf, 0xfffffffffffff6eb}, @XFRMA_IF_ID={0x8, 0x1f, 0x4}]}, 0x124}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001e00010026bd7000fbdbdf2507000000", @ANYRES32=r2, @ANYBLOB="000002000a0007"], 0x28}}, 0x20000800) 3.476029396s ago: executing program 3 (id=470): r0 = io_uring_setup(0x2cef, 0x0) io_uring_register$IORING_REGISTER_CLOCK(r0, 0x1d, &(0x7f0000000000)={0x1}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) timerfd_create(0x1, 0x800) ioctl$BTRFS_IOC_SET_FEATURES(r2, 0x40309439, &(0x7f0000000040)={0x3}) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='fdinfo/3\x00') read$FUSE(r3, &(0x7f00000040c0)={0x2020}, 0x2020) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0200e61706f09e29231c00bb0100f33d187f9ceef01a6bf0b76bd575a50000b204ff5b1db7547b839e2d7c748d7ea58ed88b9b44923c411361e66acbd4ebfa7e3752073ed29562f09556ad7001cb4bbf9567ca3133829c2306c7d173f927", @ANYRES32=0x0, @ANYBLOB="fcffffff00"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0xfd70, 0x0, &(0x7f0000000340)="c1dfb080cd21d308098e00000000", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0xa08000, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000180)=@default_ibss_ssid, 0x6, 0x0) socket$nl_route(0x10, 0x3, 0x0) 3.090889295s ago: executing program 1 (id=471): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x2, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(r0, 0xc0186416, &(0x7f00000000c0)={0x8, 0x9, 0x7, 0x400, 0x8, 0x2}) r1 = userfaultfd(0x80001) r2 = openat(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x8102, 0x0) sendfile(r2, r2, 0x0, 0x6) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000600)={0xaa, 0x138}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="340000003c0007010000000000000000017c00000400fc800c00018006000600800a0000080002800400728008000700", @ANYRES32=r3, @ANYBLOB="26eeb9ac05660e75f113c7408acd1fc480cf34dc56a0e24615b2906892cdfbfb125492c611f918b9002c92fcdd79a4a372a43d9fa36321632d9218ca2389e93bc5348d0a75f17d99b04f232668e190348f0919bc9275546205283064919f789003f4764c64525d83211d08accd99361b47fde4a0e8cd4481835f2be85124710133692d2276b088663e35ae4abb8d4e557e04e1a8"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x3}) syz_genetlink_get_family_id$smc(&(0x7f00000000c0), 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000140)='coredump_filter\x00') mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"]) r5 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0}) timer_create(0x2, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="a03700002d00010026"], 0x37a0}, 0x1, 0x0, 0x0, 0x4000d}, 0x40) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000000000/0x800000)=nil, 0x800000}) 3.035325265s ago: executing program 2 (id=472): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10000, 0x3, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffff7}, {0x0, 0x8, 0xfffffffffffffffc, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@empty, 0x2, 0x6c}, 0xa, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0xdf, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r4, 0x84, 0x7, 0x0, &(0x7f0000000400)) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x99fe681834aac99b, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff}) ioctl$KVM_RUN(r6, 0xae80, 0x0) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0}, 0x94) unshare(0x4a040a00) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) r7 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r7, 0x29, 0xb, &(0x7f0000000000)=0xcb1f, 0x4) 2.630741806s ago: executing program 0 (id=473): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000000c0)={0x80000018}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x10000, 0x1, 0x8000000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f0000000440), 0x4) bind$inet(r6, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r6, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x63}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000380)=@gcm_256={{0x304}, "e49e951bfb0c065a", "0ee52035783e8665be4f0298d525dfbff20b621fb95fa5c2df2922bedea9e057", "04deb67f", "bd131d021da991c3"}, 0x38) r7 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001c00110c0000001400000f0007000000", @ANYRES32=r8, @ANYBLOB="800202000a0002"], 0x48}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 2.451636244s ago: executing program 3 (id=474): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = syz_open_dev$sndctrl(&(0x7f0000002b80), 0x1, 0x8000) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc2c45513, &(0x7f0000002e00)={{0x8, 0x7, 0x3, 0x2, 'syz0\x00', 0x7b}, 0x0, [0x8, 0x200000a, 0x1000, 0x0, 0xb3d, 0x7fffffff, 0x6, 0x5, 0xbc0, 0x7, 0x15b, 0x7, 0x5944, 0x5, 0x7, 0x8004a7, 0x9, 0x5, 0xb, 0x3, 0x2c, 0x400, 0x2000040, 0x10000000, 0x7, 0x0, 0x2, 0x800, 0x3, 0x3, 0x4, 0x6, 0x6, 0xfff, 0x3ff, 0x1, 0x5, 0x3, 0x5, 0x6, 0x3, 0x7fff, 0xffff8007, 0xe, 0xe, 0x0, 0x2, 0x5, 0xe, 0x4, 0x9, 0x80000001, 0x400, 0x1ff, 0x9, 0xfffff647, 0x408, 0x4, 0x1, 0x9, 0x8, 0x9, 0x5, 0x8, 0x98, 0xbe, 0x1, 0xa, 0x7, 0x80000000, 0x81, 0x10001, 0x2, 0x80000001, 0x69e, 0xb, 0x7000000, 0x1, 0x8, 0x9, 0x7, 0x9, 0x1, 0x3, 0xfffffffd, 0xffff, 0x6, 0x8, 0x7ff, 0x4, 0xef, 0xff, 0x4, 0x3, 0xf86, 0x58a0, 0x1, 0x9, 0x895, 0x6, 0x9, 0x89, 0xfffffffe, 0xa1a9, 0xe0b2, 0x9, 0xfffff561, 0x12, 0x3, 0x3, 0xfffffffa, 0x3, 0x2, 0x1, 0x2ba, 0x1, 0xe, 0x5, 0x8, 0x2, 0xf2, 0x4, 0x1ff, 0x7, 0x2, 0x7, 0x6, 0xff]}) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="540100001a0001000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000006c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000001a733ad3202242f4e7e60000001c000400000000000000000000000000000000000000000000000001480003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000178dcfc100"/274], 0x154}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x7, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) lsetxattr$trusted_overlay_nlink(0x0, 0x0, 0x0, 0x0, 0x3) r2 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x13, 0xffffffffffffffff, 0xd5cd9000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r2, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, 0x0, &(0x7f0000000280)) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='mpol=prefer:', @ANYRESDEC=0x0]) umount2(&(0x7f00000001c0)='./file0\x00', 0x2) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xa) socketpair$unix(0x1, 0x2, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) openat$ptp0(0xffffffffffffff9c, 0x0, 0x80042, 0x0) 2.074887831s ago: executing program 2 (id=475): r0 = io_uring_setup(0x3382, &(0x7f0000000000)={0x0, 0x0, 0xc2, 0x0, 0x4}) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000180)={0xffffff80, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0xf, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @empty}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x6, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@private0, @in=@broadcast}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}, @sadb_x_sec_ctx={0x1, 0x18, 0x2, 0x3f}]}, 0xa8}}, 0x0) r2 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, 0x0) pause() fcntl$setsig(r3, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r4}], 0x2c, 0xffffffffffbffff8) dup2(r3, r4) fcntl$setown(r3, 0x8, r2) tkill(r2, 0x13) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r5, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000001, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r5, &(0x7f00000000c0)="8f2a", 0x2) 1.598482154s ago: executing program 0 (id=476): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) (async) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB]) (async) r2 = dup(r0) (async) r3 = socket$l2tp6(0xa, 0x2, 0x73) getsockopt$inet_mreqn(r2, 0x0, 0x24, 0x0, &(0x7f0000000380)) (async) ioctl$sock_inet6_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f00000003c0)={@loopback, 0x23}) (async) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) (async) syz_emit_ethernet(0xbe, &(0x7f0000000740)=ANY=[], 0x0) (async) write$binfmt_elf64(r2, &(0x7f0000000740)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x5, 0x9, 0xb2, 0x2, 0x2, 0x3e, 0x3, 0x192, 0x40, 0x19b, 0x7, 0x5f, 0x38, 0x2, 0xffff, 0x9ebd, 0x4}, [{0x6, 0xfffffeff, 0xb93, 0x6, 0x6, 0x5, 0x2, 0x10000}, {0x7, 0x1, 0x7, 0xffffffffffff36aa, 0xfffffffffffffffe, 0x5, 0xb6, 0xf15}], "41b150b1a0bfc27d3661a0af824f339b0745f41eb2090397c05ac36c202b01315526cff30c0e62d654aafc", ['\x00', '\x00', '\x00', '\x00']}, 0x4db) r4 = socket$netlink(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x2, 0xc9, 0xc9, 0x5}}}, 0x8) (async) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r5, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) (async) r6 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r6, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) (async) sendmmsg$inet(r6, &(0x7f0000000380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@ip_retopts={{0x10}}], 0x10}}], 0x1, 0x20048890) (async) syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="04221d02ffffffffffff040760f2f30700ffaaaaaaaa94e249010325fdaa1201079d431b0400ac076776783bd65d53e08672ae9de88d199c15f8ca08fa5a996f71489025d748d8e2195e7fd5749c7388d0684796059ad0416c8fb77ee5bead3c57f574d9c9409c4b0cdf90caec4d5004ad14cb1c7f8d633457cc2c4ddc3ea4d0cfd920f9"], 0x20) (async) bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r2}, 0x8) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0, 0x3}, 0x94) r7 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) (async) connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) (async) setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, 0x0, 0x0) (async) sendto$inet(r7, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) (async) recvfrom$inet(r7, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 1.585902381s ago: executing program 3 (id=477): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) ioctl$F2FS_IOC_DEFRAGMENT(r0, 0xc010f508, &(0x7f0000000000)={0x5, 0x7}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002280)={'syz_tun\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="3303120081fd140000007ef52f555f2a0c09000000fd88a800f7880000aa9900", 0x20, 0x4000881, &(0x7f00000000c0)={0x11, 0x0, r1, 0x1, 0xcf}, 0x14) 1.50624614s ago: executing program 3 (id=478): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000022c0)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(ghash-generic)\x00'}, 0x58) close(0x3) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x6, @loopback}, @in6={0xa, 0x4e23, 0x0, @private0}], 0x2c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0xda9, @mcast2, 0x9}], 0xfffffffffffffce4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) close(r2) socket$netlink(0x10, 0x3, 0xf) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) truncate(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', 0x7ff) r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) close_range(r4, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000380)={0xf0f002, 0x2}) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000040), 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) 369.213µs ago: executing program 3 (id=479): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000080)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x300, 0x34}, @ipv4=@tcp={{0x9, 0x4, 0x0, 0x3c, 0x38, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0xfe, 0x0}, @local, {[@noop, @timestamp={0x44, 0xc, 0x94, 0x0, 0x7, [0x3, 0x5]}]}}, {{0xc00, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}, 0x46) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2a, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r2, r4, 0x25, 0x2, @val=@perf_event}, 0x18) syz_emit_ethernet(0x2dc00, &(0x7f0000000780)=ANY=[], 0x0) 0s ago: executing program 1 (id=480): bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f00000005c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000"], 0x50) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) connect$unix(0xffffffffffffffff, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0xa0, 0x258, 0x690, 0x384, 0xda, 0x10000, 0x20, 0x0, {0x4, 0x7}, {0x5, 0x1}, {0xfffffffe, 0x2, 0x1}, {0x800, 0x5, 0x1}, 0x5, 0x1, 0x3ff, 0x1000, 0x1, 0x7, 0x63, 0x10002, 0x5, 0x7fff, 0x10001, 0x7, 0x24, 0x100, 0x0, 0x2}) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000100000095"], &(0x7f0000000100)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000540)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"}) close(0x3) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000001c0)={r4, &(0x7f00000001c0), &(0x7f00000001c0), 0x2}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c000000000000202020487f7183399c51da097b1af8ff00000000bfa100000000000007010000f808000000b70300000000a5dfceeb0b02e766330d2a9e813b898b447bd8658bfca79c9675df4c1498d4c5688fd497d1f665533a3e82ef981f27f357ce2629cd96e2ffac4a12633d1e36183e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r5}, 0x10) syz_emit_ethernet(0x7d, &(0x7f0000000880)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa000d010000c03b0100002b4bf9cf62b937e4a790d05c50ed6d798c611eb10f311cac60cf28b39381cb09ae3591c94318940cda5291caa366416f776dfed450ca37a48067a1cb031f46e249bd654fe3bba8"], 0x0) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r6, &(0x7f0000000740)={0x1f, @none}, 0x8) listen(r6, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:45660' (ED25519) to the list of known hosts. [ 41.234328][ T5923] cgroup: Unknown subsys name 'net' [ 41.378919][ T5923] cgroup: Unknown subsys name 'cpuset' [ 41.382634][ T5923] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.199814][ T5923] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 46.151848][ T5980] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 46.156058][ T5980] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 46.159823][ T5980] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 46.163598][ T5980] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 46.164089][ T5981] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 46.167021][ T5980] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 46.169849][ T5981] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 46.175321][ T5981] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 46.178873][ T63] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 46.184333][ T5980] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 46.186791][ T63] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 46.188339][ T5988] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 46.189581][ T5980] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 46.190006][ T5980] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 46.199988][ T5980] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 46.201307][ T5988] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 46.202742][ T5980] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 46.206061][ T5988] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 46.208943][ T5980] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 46.214408][ T5988] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 46.488777][ T5975] chnl_net:caif_netlink_parms(): no params data found [ 46.529972][ T5982] chnl_net:caif_netlink_parms(): no params data found [ 46.549277][ T5976] chnl_net:caif_netlink_parms(): no params data found [ 46.668048][ T5989] chnl_net:caif_netlink_parms(): no params data found [ 46.798464][ T5975] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.801604][ T5975] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.804932][ T5975] bridge_slave_0: entered allmulticast mode [ 46.810141][ T5975] bridge_slave_0: entered promiscuous mode [ 46.815815][ T5975] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.818895][ T5975] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.821985][ T5975] bridge_slave_1: entered allmulticast mode [ 46.825838][ T5975] bridge_slave_1: entered promiscuous mode [ 46.910048][ T5975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.941583][ T5982] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.944148][ T5982] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.946805][ T5982] bridge_slave_0: entered allmulticast mode [ 46.949691][ T5982] bridge_slave_0: entered promiscuous mode [ 46.958381][ T5975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.961300][ T5976] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.963698][ T5976] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.968149][ T5976] bridge_slave_0: entered allmulticast mode [ 46.970716][ T5976] bridge_slave_0: entered promiscuous mode [ 46.974082][ T5976] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.976699][ T5976] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.978922][ T5976] bridge_slave_1: entered allmulticast mode [ 46.981863][ T5976] bridge_slave_1: entered promiscuous mode [ 47.010046][ T5982] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.012637][ T5982] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.015185][ T5982] bridge_slave_1: entered allmulticast mode [ 47.019535][ T5982] bridge_slave_1: entered promiscuous mode [ 47.146204][ T5982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.164600][ T5975] team0: Port device team_slave_0 added [ 47.168130][ T5975] team0: Port device team_slave_1 added [ 47.172237][ T5976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.176419][ T5982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.179290][ T5989] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.181719][ T5989] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.184126][ T5989] bridge_slave_0: entered allmulticast mode [ 47.187212][ T5989] bridge_slave_0: entered promiscuous mode [ 47.208679][ T5976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.240636][ T5989] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.242984][ T5989] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.245302][ T5989] bridge_slave_1: entered allmulticast mode [ 47.248062][ T5989] bridge_slave_1: entered promiscuous mode [ 47.282097][ T5976] team0: Port device team_slave_0 added [ 47.322198][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.324471][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.333717][ T5975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.339167][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.341345][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.350656][ T5975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.355455][ T5976] team0: Port device team_slave_1 added [ 47.359939][ T5982] team0: Port device team_slave_0 added [ 47.400208][ T5982] team0: Port device team_slave_1 added [ 47.403795][ T5989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.409448][ T5989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.479617][ T5976] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.482413][ T5976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.494231][ T5976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.563471][ T5976] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.566203][ T5976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.575054][ T5976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.580444][ T5982] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.583138][ T5982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.592336][ T5982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.612157][ T5989] team0: Port device team_slave_0 added [ 47.621566][ T5982] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.623989][ T5982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.634590][ T5982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.642173][ T5975] hsr_slave_0: entered promiscuous mode [ 47.644952][ T5975] hsr_slave_1: entered promiscuous mode [ 47.648703][ T5989] team0: Port device team_slave_1 added [ 47.698105][ T5989] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.701036][ T5989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.711502][ T5989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.717502][ T5989] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.719749][ T5989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.728796][ T5989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.828125][ T5976] hsr_slave_0: entered promiscuous mode [ 47.831495][ T5976] hsr_slave_1: entered promiscuous mode [ 47.834418][ T5976] debugfs: 'hsr0' already exists in 'hsr' [ 47.837532][ T5976] Cannot create hsr debugfs directory [ 47.875000][ T5982] hsr_slave_0: entered promiscuous mode [ 47.879854][ T5982] hsr_slave_1: entered promiscuous mode [ 47.882222][ T5982] debugfs: 'hsr0' already exists in 'hsr' [ 47.884129][ T5982] Cannot create hsr debugfs directory [ 48.008591][ T5989] hsr_slave_0: entered promiscuous mode [ 48.011746][ T5989] hsr_slave_1: entered promiscuous mode [ 48.014758][ T5989] debugfs: 'hsr0' already exists in 'hsr' [ 48.018585][ T5989] Cannot create hsr debugfs directory [ 48.246899][ T5988] Bluetooth: hci0: command tx timeout [ 48.246906][ T5983] Bluetooth: hci1: command tx timeout [ 48.256873][ T5988] Bluetooth: hci2: command tx timeout [ 48.256991][ T5983] Bluetooth: hci3: command tx timeout [ 48.368334][ T5975] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 48.376480][ T5975] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 48.381446][ T5975] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 48.391468][ T5975] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 48.421737][ T5989] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 48.429591][ T5989] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 48.437145][ T5989] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 48.446887][ T5989] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 48.505207][ T5976] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 48.519171][ T5976] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 48.523468][ T5976] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 48.542272][ T5976] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 48.604307][ T5982] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 48.612153][ T5982] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 48.619480][ T5982] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 48.625898][ T5982] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 48.658306][ T5989] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.663389][ T5975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.695162][ T5975] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.703260][ T5989] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.711740][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.714068][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.724505][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.726734][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.742643][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.745834][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.762741][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.765154][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.789550][ T5976] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.797232][ T5982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.825921][ T5976] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.838515][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.840723][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.845101][ T5982] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.857242][ T96] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.860345][ T96] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.865480][ T96] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.868449][ T96] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.889872][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.892262][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.961744][ T5989] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.002570][ T5989] veth0_vlan: entered promiscuous mode [ 49.010703][ T5989] veth1_vlan: entered promiscuous mode [ 49.029593][ T5989] veth0_macvtap: entered promiscuous mode [ 49.034127][ T5989] veth1_macvtap: entered promiscuous mode [ 49.045843][ T5989] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.055898][ T5989] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.061262][ T5975] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.071313][ T1143] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.075377][ T1143] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.087098][ T1143] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.095691][ T1143] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.134274][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.138528][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.144831][ T5976] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.153100][ T5982] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.166605][ T5975] veth0_vlan: entered promiscuous mode [ 49.173668][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.174658][ T5975] veth1_vlan: entered promiscuous mode [ 49.176663][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.204172][ T5989] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 49.214454][ T5976] veth0_vlan: entered promiscuous mode [ 49.222605][ T5976] veth1_vlan: entered promiscuous mode [ 49.228738][ T5975] veth0_macvtap: entered promiscuous mode [ 49.239473][ T5975] veth1_macvtap: entered promiscuous mode [ 49.259382][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.271411][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.276947][ T5982] veth0_vlan: entered promiscuous mode [ 49.287348][ T1143] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.296588][ T5982] veth1_vlan: entered promiscuous mode [ 49.299058][ T1143] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.302874][ T1143] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.310701][ T5976] veth0_macvtap: entered promiscuous mode [ 49.321007][ T1143] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.330620][ T5976] veth1_macvtap: entered promiscuous mode [ 49.355606][ T5982] veth0_macvtap: entered promiscuous mode [ 49.374447][ T5976] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.391700][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.394419][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.396768][ T5982] veth1_macvtap: entered promiscuous mode [ 49.401507][ T5976] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.420848][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.423341][ T96] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.423500][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.433062][ T5982] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.443040][ T96] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.449026][ T5982] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.455829][ T1175] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.460150][ T1175] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.465225][ T81] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.472770][ T81] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.475488][ T81] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.479066][ T81] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.524368][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.532422][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.554838][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.556665][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.561470][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.561600][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.593677][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.600889][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.745967][ T6072] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3'. [ 49.746866][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.749761][ T6072] Zero length message leads to an empty skb [ 50.336985][ T5983] Bluetooth: hci2: command tx timeout [ 50.337037][ T5988] Bluetooth: hci0: command tx timeout [ 50.337076][ T5981] Bluetooth: hci3: command tx timeout [ 50.337109][ T5981] Bluetooth: hci1: command tx timeout [ 51.338674][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 51.379021][ T6085] overlayfs: maximum fs stacking depth exceeded [ 51.726705][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 51.748136][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 51.850267][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 52.133541][ T6094] netlink: 32 bytes leftover after parsing attributes in process `syz.3.10'. [ 52.141313][ T6094] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10'. [ 52.220216][ T6094] Bluetooth: MGMT ver 1.23 [ 52.406460][ T5988] Bluetooth: hci1: command tx timeout [ 52.406469][ T5980] Bluetooth: hci3: command tx timeout [ 52.416522][ T5988] Bluetooth: hci2: command tx timeout [ 52.416836][ T5980] Bluetooth: hci0: command tx timeout [ 52.518682][ T6101] overlayfs: maximum fs stacking depth exceeded [ 52.771719][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 52.846524][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 52.852760][ T6105] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12'. [ 52.976767][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 53.079101][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 53.286637][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 54.300180][ T6144] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 54.487611][ T5980] Bluetooth: hci2: command tx timeout [ 54.487789][ T5988] Bluetooth: hci0: command tx timeout [ 54.489727][ T5983] Bluetooth: hci1: command tx timeout [ 54.489750][ T5981] Bluetooth: hci3: command tx timeout [ 54.683927][ T6153] overlayfs: maximum fs stacking depth exceeded [ 55.502671][ T6161] overlayfs: failed lookup in lower (/, name='file0', err=-66): unsupported object type [ 55.561335][ T6170] ubi31: attaching mtd0 [ 55.563848][ T6170] ubi31: scanning is finished [ 55.565388][ T6170] ubi31: empty MTD device detected [ 55.644514][ T6170] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 55.647301][ T6170] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 55.649665][ T6170] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 55.652322][ T6170] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 55.654726][ T6170] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 55.658091][ T6170] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 55.660715][ T6170] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2990453922 [ 55.664437][ T6170] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 55.667985][ T6174] ubi31: background thread "ubi_bgt31d" started, PID 6174 [ 55.772369][ T6171] overlayfs: maximum fs stacking depth exceeded [ 56.441160][ T6184] overlayfs: maximum fs stacking depth exceeded [ 56.895721][ T6187] overlayfs: maximum fs stacking depth exceeded [ 57.381771][ T6197] overlayfs: maximum fs stacking depth exceeded [ 58.090341][ T6200] overlayfs: maximum fs stacking depth exceeded [ 58.972959][ T6216] overlayfs: maximum fs stacking depth exceeded [ 59.115879][ T6219] block device autoloading is deprecated and will be removed. [ 60.216709][ T6232] overlayfs: maximum fs stacking depth exceeded [ 60.308151][ T6233] overlayfs: maximum fs stacking depth exceeded [ 61.089233][ T6242] netlink: 104 bytes leftover after parsing attributes in process `syz.0.38'. [ 61.244119][ T6247] netlink: 8 bytes leftover after parsing attributes in process `syz.2.36'. [ 61.429207][ T6247] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.432072][ T6247] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.066536][ T6247] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 62.078251][ T6247] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 62.418083][ T46] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.421369][ T46] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.425057][ T46] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.430441][ T46] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.862848][ T6267] overlayfs: maximum fs stacking depth exceeded [ 63.932735][ T6274] overlayfs: maximum fs stacking depth exceeded [ 64.621863][ T6289] netlink: 8 bytes leftover after parsing attributes in process `syz.2.48'. [ 64.813764][ T6294] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 64.816636][ T6294] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 64.820648][ T6294] vhci_hcd vhci_hcd.0: Device attached [ 64.905299][ T6295] vhci_hcd: connection closed [ 64.932223][ T96] vhci_hcd: stop threads [ 64.935901][ T96] vhci_hcd: release socket [ 64.946523][ T96] vhci_hcd: disconnect device [ 65.248348][ T6301] netlink: 8 bytes leftover after parsing attributes in process `syz.1.51'. [ 66.128900][ T6316] FAULT_INJECTION: forcing a failure. [ 66.128900][ T6316] name failslab, interval 1, probability 0, space 0, times 1 [ 66.132947][ T6316] CPU: 3 UID: 0 PID: 6316 Comm: syz.2.55 Not tainted syzkaller #0 PREEMPT(full) [ 66.132962][ T6316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.132968][ T6316] Call Trace: [ 66.132972][ T6316] [ 66.132977][ T6316] dump_stack_lvl+0x16c/0x1f0 [ 66.132994][ T6316] should_fail_ex+0x512/0x640 [ 66.133008][ T6316] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 66.133022][ T6316] should_failslab+0xc2/0x120 [ 66.133036][ T6316] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 66.133048][ T6316] ? prepare_creds+0x2c/0x7d0 [ 66.133064][ T6316] prepare_creds+0x2c/0x7d0 [ 66.133080][ T6316] lookup_user_key+0x978/0x1300 [ 66.133097][ T6316] ? __pfx_lookup_user_key+0x10/0x10 [ 66.133115][ T6316] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 66.133133][ T6316] __do_sys_add_key+0x256/0x470 [ 66.133144][ T6316] ? __pfx___do_sys_add_key+0x10/0x10 [ 66.133152][ T6316] ? ksys_write+0x1ac/0x250 [ 66.133166][ T6316] ? rcu_is_watching+0x12/0xc0 [ 66.133178][ T6316] __do_fast_syscall_32+0x7c/0x3a0 [ 66.133193][ T6316] do_fast_syscall_32+0x32/0x80 [ 66.133207][ T6316] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 66.133219][ T6316] RIP: 0023:0xf7fc7579 [ 66.133228][ T6316] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 66.133238][ T6316] RSP: 002b:00000000f54d655c EFLAGS: 00000296 ORIG_RAX: 000000000000011e [ 66.133248][ T6316] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 0000000080000180 [ 66.133254][ T6316] RDX: 0000000080000100 RSI: 00000000000000ca RDI: 00000000fffffffe [ 66.133259][ T6316] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 66.133265][ T6316] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 66.133270][ T6316] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 66.133282][ T6316] [ 66.185736][ T6317] netlink: 12 bytes leftover after parsing attributes in process `syz.0.56'. [ 66.327737][ T6325] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 66.392365][ T6330] bridge_slave_0: left allmulticast mode [ 66.401548][ T6330] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.607175][ T6342] capability: warning: `syz.2.64' uses deprecated v2 capabilities in a way that may be insecure [ 67.618425][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.71'. [ 67.654965][ T6364] FAULT_INJECTION: forcing a failure. [ 67.654965][ T6364] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 67.659313][ T6364] CPU: 0 UID: 0 PID: 6364 Comm: syz.1.72 Not tainted syzkaller #0 PREEMPT(full) [ 67.659327][ T6364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 67.659333][ T6364] Call Trace: [ 67.659338][ T6364] [ 67.659342][ T6364] dump_stack_lvl+0x16c/0x1f0 [ 67.659396][ T6364] should_fail_ex+0x512/0x640 [ 67.659421][ T6364] ? __pfx_do_get_feature_msr+0x10/0x10 [ 67.659434][ T6364] _copy_to_user+0x32/0xd0 [ 67.659444][ T6364] ? __pfx_do_get_feature_msr+0x10/0x10 [ 67.659457][ T6364] msr_io+0x21f/0x2a0 [ 67.659470][ T6364] ? __pfx_msr_io+0x10/0x10 [ 67.659481][ T6364] ? tomoyo_path_number_perm+0x18d/0x580 [ 67.659496][ T6364] kvm_arch_dev_ioctl+0x39b/0x760 [ 67.659508][ T6364] ? __pfx_kvm_arch_dev_ioctl+0x10/0x10 [ 67.659522][ T6364] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 67.659537][ T6364] ? do_vfs_ioctl+0x128/0x14f0 [ 67.659553][ T6364] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 67.659567][ T6364] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 67.659581][ T6364] kvm_dev_ioctl+0x721/0x1af0 [ 67.659594][ T6364] ? find_held_lock+0x2b/0x80 [ 67.659604][ T6364] ? hook_file_ioctl_common+0x145/0x410 [ 67.659618][ T6364] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 67.659629][ T6364] ? __fget_files+0x20e/0x3c0 [ 67.659642][ T6364] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 67.659652][ T6364] __ia32_compat_sys_ioctl+0x23f/0x370 [ 67.659669][ T6364] __do_fast_syscall_32+0x7c/0x3a0 [ 67.659684][ T6364] do_fast_syscall_32+0x32/0x80 [ 67.659698][ T6364] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 67.659710][ T6364] RIP: 0023:0xf70be579 [ 67.659719][ T6364] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 67.659728][ T6364] RSP: 002b:00000000f54ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 67.659738][ T6364] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c008ae88 [ 67.659744][ T6364] RDX: 0000000080000740 RSI: 0000000000000000 RDI: 0000000000000000 [ 67.659750][ T6364] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 67.659756][ T6364] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 67.659762][ T6364] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 67.659773][ T6364] [ 67.772037][ T6367] pimreg3: entered allmulticast mode [ 68.064118][ T6378] block nbd0: NBD_DISCONNECT [ 68.126992][ T6379] netlink: 'syz.0.76': attribute type 2 has an invalid length. [ 68.129557][ T6379] netlink: 'syz.0.76': attribute type 1 has an invalid length. [ 68.132331][ T6379] netlink: 224 bytes leftover after parsing attributes in process `syz.0.76'. [ 69.149129][ T6396] FAULT_INJECTION: forcing a failure. [ 69.149129][ T6396] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 69.156229][ T6396] CPU: 3 UID: 0 PID: 6396 Comm: syz.1.82 Not tainted syzkaller #0 PREEMPT(full) [ 69.156244][ T6396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.156250][ T6396] Call Trace: [ 69.156254][ T6396] [ 69.156258][ T6396] dump_stack_lvl+0x16c/0x1f0 [ 69.156276][ T6396] should_fail_ex+0x512/0x640 [ 69.156293][ T6396] _copy_from_user+0x2e/0xd0 [ 69.156309][ T6396] input_event_from_user+0x137/0x290 [ 69.156338][ T6396] ? __pfx_input_event_from_user+0x10/0x10 [ 69.156351][ T6396] ? input_inject_event+0x1c0/0x3b0 [ 69.156363][ T6396] evdev_write+0x26b/0x440 [ 69.156375][ T6396] ? __pfx_evdev_write+0x10/0x10 [ 69.156384][ T6396] ? common_file_perm+0x1a9/0x340 [ 69.156397][ T6396] ? bpf_lsm_file_permission+0x9/0x10 [ 69.156412][ T6396] ? security_file_permission+0x71/0x210 [ 69.156427][ T6396] ? rw_verify_area+0xcf/0x6c0 [ 69.156438][ T6396] ? __pfx_evdev_write+0x10/0x10 [ 69.156447][ T6396] vfs_write+0x29d/0x11d0 [ 69.156461][ T6396] ? __pfx_vfs_write+0x10/0x10 [ 69.156471][ T6396] ? find_held_lock+0x2b/0x80 [ 69.156482][ T6396] ? __fget_files+0x204/0x3c0 [ 69.156495][ T6396] ? __fget_files+0x20e/0x3c0 [ 69.156505][ T6396] ? handle_mm_fault+0x1c0/0xd10 [ 69.156519][ T6396] ksys_write+0x1f8/0x250 [ 69.156530][ T6396] ? __pfx_ksys_write+0x10/0x10 [ 69.156543][ T6396] ? rcu_is_watching+0x12/0xc0 [ 69.156555][ T6396] __do_fast_syscall_32+0x7c/0x3a0 [ 69.156570][ T6396] do_fast_syscall_32+0x32/0x80 [ 69.156584][ T6396] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 69.156604][ T6396] RIP: 0023:0xf70be579 [ 69.156613][ T6396] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 69.156622][ T6396] RSP: 002b:00000000f54ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 69.156632][ T6396] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 69.156638][ T6396] RDX: 000000000000ff0f RSI: 0000000000000000 RDI: 0000000000000000 [ 69.156644][ T6396] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 69.156649][ T6396] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 69.156655][ T6396] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 69.156667][ T6396] [ 69.801749][ T6415] netlink: 12 bytes leftover after parsing attributes in process `syz.2.84'. [ 70.229843][ T6417] FAULT_INJECTION: forcing a failure. [ 70.229843][ T6417] name failslab, interval 1, probability 0, space 0, times 0 [ 70.233772][ T6417] CPU: 3 UID: 0 PID: 6417 Comm: syz.3.88 Not tainted syzkaller #0 PREEMPT(full) [ 70.233786][ T6417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.233792][ T6417] Call Trace: [ 70.233796][ T6417] [ 70.233800][ T6417] dump_stack_lvl+0x16c/0x1f0 [ 70.233817][ T6417] should_fail_ex+0x512/0x640 [ 70.233831][ T6417] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 70.233844][ T6417] should_failslab+0xc2/0x120 [ 70.233857][ T6417] __kmalloc_cache_noprof+0x6a/0x3e0 [ 70.233867][ T6417] ? __up_read+0x1f8/0x750 [ 70.233881][ T6417] ? kobject_uevent_env+0x265/0x1870 [ 70.233893][ T6417] kobject_uevent_env+0x265/0x1870 [ 70.233903][ T6417] ? __pfx_dev_uevent_name+0x10/0x10 [ 70.233917][ T6417] ? kobject_put+0xab/0x5a0 [ 70.233933][ T6417] device_release_driver_internal+0x51c/0x620 [ 70.233950][ T6417] usb_driver_release_interface+0x109/0x190 [ 70.233964][ T6417] proc_disconnect_claim+0x219/0x370 [ 70.233976][ T6417] ? __pfx_proc_disconnect_claim+0x10/0x10 [ 70.234004][ T6417] ? find_held_lock+0x2b/0x80 [ 70.234016][ T6417] usbdev_ioctl+0x16e3/0x4070 [ 70.234030][ T6417] ? __pfx_usbdev_ioctl+0x10/0x10 [ 70.234047][ T6417] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 70.234063][ T6417] ? do_vfs_ioctl+0x128/0x14f0 [ 70.234079][ T6417] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 70.234098][ T6417] ? find_held_lock+0x2b/0x80 [ 70.234107][ T6417] ? hook_file_ioctl_common+0x145/0x410 [ 70.234124][ T6417] ? __fget_files+0x20e/0x3c0 [ 70.234136][ T6417] ? __pfx_usbdev_ioctl+0x10/0x10 [ 70.234148][ T6417] compat_ptr_ioctl+0x6b/0xa0 [ 70.234162][ T6417] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 70.234176][ T6417] __ia32_compat_sys_ioctl+0x23f/0x370 [ 70.234193][ T6417] __do_fast_syscall_32+0x7c/0x3a0 [ 70.234208][ T6417] do_fast_syscall_32+0x32/0x80 [ 70.234222][ T6417] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 70.234234][ T6417] RIP: 0023:0xf705e579 [ 70.234242][ T6417] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 70.234252][ T6417] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 70.234262][ T6417] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000008108551b [ 70.234268][ T6417] RDX: 0000000080000380 RSI: 0000000000000000 RDI: 0000000000000000 [ 70.234274][ T6417] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 70.234279][ T6417] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 70.234284][ T6417] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 70.234297][ T6417] [ 70.934392][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.937176][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.073452][ T6433] FAULT_INJECTION: forcing a failure. [ 71.073452][ T6433] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 71.077551][ T6433] CPU: 2 UID: 0 PID: 6433 Comm: syz.0.93 Not tainted syzkaller #0 PREEMPT(full) [ 71.077565][ T6433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.077571][ T6433] Call Trace: [ 71.077575][ T6433] [ 71.077579][ T6433] dump_stack_lvl+0x16c/0x1f0 [ 71.077596][ T6433] should_fail_ex+0x512/0x640 [ 71.077614][ T6433] _copy_from_user+0x2e/0xd0 [ 71.077630][ T6433] copy_mount_options+0x76/0x190 [ 71.077646][ T6433] __ia32_sys_mount+0x1ac/0x310 [ 71.077660][ T6433] ? __pfx___ia32_sys_mount+0x10/0x10 [ 71.077674][ T6433] ? rcu_is_watching+0x12/0xc0 [ 71.077687][ T6433] __do_fast_syscall_32+0x7c/0x3a0 [ 71.077702][ T6433] do_fast_syscall_32+0x32/0x80 [ 71.077715][ T6433] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 71.077733][ T6433] RIP: 0023:0xf7f15579 [ 71.077741][ T6433] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 71.077751][ T6433] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 71.077761][ T6433] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000340 [ 71.077767][ T6433] RDX: 0000000080000400 RSI: 0000000000000006 RDI: 0000000080000040 [ 71.077773][ T6433] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 71.077779][ T6433] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 71.077785][ T6433] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 71.077796][ T6433] [ 71.235377][ T6440] FAULT_INJECTION: forcing a failure. [ 71.235377][ T6440] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 71.240083][ T6440] CPU: 3 UID: 0 PID: 6440 Comm: syz.0.95 Not tainted syzkaller #0 PREEMPT(full) [ 71.240099][ T6440] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.240105][ T6440] Call Trace: [ 71.240110][ T6440] [ 71.240114][ T6440] dump_stack_lvl+0x16c/0x1f0 [ 71.240132][ T6440] should_fail_ex+0x512/0x640 [ 71.240150][ T6440] _copy_from_user+0x2e/0xd0 [ 71.240166][ T6440] get_compat_msghdr+0xa7/0x170 [ 71.240181][ T6440] ? __pfx_get_compat_msghdr+0x10/0x10 [ 71.240199][ T6440] ___sys_sendmsg+0x1ae/0x1d0 [ 71.240215][ T6440] ? __pfx____sys_sendmsg+0x10/0x10 [ 71.240235][ T6440] ? find_held_lock+0x2b/0x80 [ 71.240254][ T6440] __sys_sendmsg+0x16d/0x220 [ 71.240269][ T6440] ? __pfx___sys_sendmsg+0x10/0x10 [ 71.240288][ T6440] ? rcu_is_watching+0x12/0xc0 [ 71.240301][ T6440] __do_fast_syscall_32+0x7c/0x3a0 [ 71.240334][ T6440] do_fast_syscall_32+0x32/0x80 [ 71.240348][ T6440] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 71.240362][ T6440] RIP: 0023:0xf7f15579 [ 71.240370][ T6440] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 71.240380][ T6440] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 71.240391][ T6440] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002540 [ 71.240397][ T6440] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 71.240403][ T6440] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 71.240409][ T6440] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 71.240415][ T6440] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 71.240428][ T6440] [ 71.381743][ T6442] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 71.440261][ T6442] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 71.446817][ T6442] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 71.453154][ T6442] netlink: 4 bytes leftover after parsing attributes in process `syz.0.96'. [ 71.930669][ T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 72.096557][ T24] usb 7-1: Using ep0 maxpacket: 16 [ 72.100792][ T24] usb 7-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 72.104060][ T24] usb 7-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 72.109232][ T24] usb 7-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 72.117319][ T24] usb 7-1: config 1 interface 0 has no altsetting 0 [ 72.123467][ T24] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 72.129020][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.136385][ T24] usb 7-1: Product: syz [ 72.138045][ T24] usb 7-1: Manufacturer: syz [ 72.140030][ T24] usb 7-1: SerialNumber: syz [ 72.353604][ T6460] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 72.358940][ T6460] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 72.363543][ T6460] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 72.377086][ T6460] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 72.389448][ T24] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 72.398035][ T24] usb 7-1: USB disconnect, device number 2 [ 72.405317][ T24] usblp0: removed [ 72.414823][ T6120] udevd[6120]: setting mode of /dev/bus/usb/007/002 to 020664 failed: Read-only file system [ 72.421471][ T6120] udevd[6120]: setting owner of /dev/bus/usb/007/002 to uid=0, gid=7 failed: Read-only file system [ 72.446520][ T6120] udevd[6120]: symlink '../bus/usb/007/002' '/dev/char/189:769.tmp-c189:769' failed: Read-only file system [ 72.454169][ T6120] udevd[6120]: symlink '../bus/usb/007/002' '/dev/char/189:769.tmp-c189:769' failed: Read-only file system [ 72.867506][ T6488] netlink: 12 bytes leftover after parsing attributes in process `syz.1.110'. [ 73.134056][ T6501] af_packet: tpacket_rcv: packet too big, clamped from 112 to 4294967272. macoff=96 [ 73.707471][ T6120] udevd[6120]: symlink '../../loop7' '/dev/disk/by-diskseq/73.tmp-b7:7' failed: Read-only file system [ 73.716389][ T6120] udevd[6120]: symlink '../../loop7' '/dev/disk/by-diskseq/73.tmp-b7:7' failed: Read-only file system [ 73.724156][ T6120] udevd[6120]: symlink '../../loop7' '/dev/disk/by-diskseq/73.tmp-b7:7' failed: Read-only file system [ 73.924244][ T6527] netlink: 28 bytes leftover after parsing attributes in process `syz.1.125'. [ 74.064149][ T6537] fuse: Bad value for 'fd' [ 74.247221][ T6553] netlink: 12 bytes leftover after parsing attributes in process `syz.1.128'. [ 75.584573][ T6588] netlink: 104 bytes leftover after parsing attributes in process `syz.0.139'. [ 75.763895][ T6592] overlayfs: maximum fs stacking depth exceeded [ 76.154906][ T6599] netlink: 12 bytes leftover after parsing attributes in process `syz.2.141'. [ 76.836479][ T40] audit: type=1326 audit(1756997667.507:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6605 comm="syz.0.144" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 76.857701][ T40] audit: type=1326 audit(1756997667.507:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6605 comm="syz.0.144" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 76.864066][ T40] audit: type=1326 audit(1756997667.517:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6605 comm="syz.0.144" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 76.874541][ T40] audit: type=1326 audit(1756997667.517:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6605 comm="syz.0.144" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 76.890162][ T40] audit: type=1326 audit(1756997667.517:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6605 comm="syz.0.144" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 76.906723][ T40] audit: type=1326 audit(1756997667.517:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6605 comm="syz.0.144" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 76.927514][ T40] audit: type=1326 audit(1756997667.527:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6605 comm="syz.0.144" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 76.933995][ T40] audit: type=1326 audit(1756997667.527:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6605 comm="syz.0.144" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 76.940801][ T40] audit: type=1326 audit(1756997667.547:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6605 comm="syz.0.144" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 76.950917][ T40] audit: type=1326 audit(1756997667.547:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6605 comm="syz.0.144" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 77.495734][ T6633] netlink: 104 bytes leftover after parsing attributes in process `syz.1.151'. [ 77.790529][ T6637] Driver unsupported XDP return value 0 on prog (id 18) dev N/A, expect packet loss! [ 77.840569][ T6639] syzkaller1: entered promiscuous mode [ 77.842556][ T6639] syzkaller1: entered allmulticast mode [ 78.756256][ T6641] rtc_cmos 00:05: Alarms can be up to one day in the future [ 79.162682][ T61] rtc_cmos 00:05: Alarms can be up to one day in the future [ 79.169470][ T6665] netlink: 'syz.0.160': attribute type 21 has an invalid length. [ 79.172063][ T6665] netlink: 'syz.0.160': attribute type 1 has an invalid length. [ 79.174581][ T6665] netlink: 144 bytes leftover after parsing attributes in process `syz.0.160'. [ 79.191033][ T61] rtc_cmos 00:05: Alarms can be up to one day in the future [ 79.240980][ T61] rtc_cmos 00:05: Alarms can be up to one day in the future [ 79.264468][ T61] rtc_cmos 00:05: Alarms can be up to one day in the future [ 79.277479][ T61] rtc rtc0: __rtc_set_alarm: err=-22 [ 79.542510][ T6654] bridge0: entered allmulticast mode [ 79.648002][ T6669] netlink: 'syz.0.161': attribute type 1 has an invalid length. [ 79.651416][ T6669] netlink: 'syz.0.161': attribute type 1 has an invalid length. [ 79.658495][ T6669] netlink: 'syz.0.161': attribute type 1 has an invalid length. [ 79.823807][ T6679] FAULT_INJECTION: forcing a failure. [ 79.823807][ T6679] name failslab, interval 1, probability 0, space 0, times 0 [ 79.829480][ T6679] CPU: 0 UID: 0 PID: 6679 Comm: syz.0.164 Not tainted syzkaller #0 PREEMPT(full) [ 79.829503][ T6679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.829512][ T6679] Call Trace: [ 79.829519][ T6679] [ 79.829526][ T6679] dump_stack_lvl+0x16c/0x1f0 [ 79.829555][ T6679] should_fail_ex+0x512/0x640 [ 79.829579][ T6679] ? fs_reclaim_acquire+0xae/0x150 [ 79.829606][ T6679] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 79.829631][ T6679] should_failslab+0xc2/0x120 [ 79.829655][ T6679] __kmalloc_noprof+0xd2/0x510 [ 79.829682][ T6679] tomoyo_realpath_from_path+0xc2/0x6e0 [ 79.829709][ T6679] ? tomoyo_profile+0x47/0x60 [ 79.829729][ T6679] tomoyo_path_number_perm+0x245/0x580 [ 79.829749][ T6679] ? tomoyo_path_number_perm+0x237/0x580 [ 79.829772][ T6679] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 79.829820][ T6679] ? find_held_lock+0x2b/0x80 [ 79.829839][ T6679] ? hook_file_ioctl_common+0x145/0x410 [ 79.829868][ T6679] ? __fget_files+0x20e/0x3c0 [ 79.829891][ T6679] security_file_ioctl_compat+0x9b/0x240 [ 79.829922][ T6679] __ia32_compat_sys_ioctl+0xc3/0x370 [ 79.829952][ T6679] __do_fast_syscall_32+0x7c/0x3a0 [ 79.829980][ T6679] do_fast_syscall_32+0x32/0x80 [ 79.830003][ T6679] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 79.830025][ T6679] RIP: 0023:0xf7f15579 [ 79.830040][ T6679] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 79.830056][ T6679] RSP: 002b:00000000f540555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 79.830073][ T6679] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c028aa05 [ 79.830083][ T6679] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 79.830093][ T6679] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 79.830103][ T6679] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 79.830112][ T6679] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 79.830136][ T6679] [ 79.830208][ T6679] ERROR: Out of memory at tomoyo_realpath_from_path. [ 80.160353][ T6684] netlink: 104 bytes leftover after parsing attributes in process `syz.0.165'. [ 80.489627][ T6690] netlink: 'syz.2.166': attribute type 5 has an invalid length. [ 80.680487][ T6695] netlink: 16 bytes leftover after parsing attributes in process `syz.3.168'. [ 81.074377][ T5980] Bluetooth: hci3: unknown advertising packet type: 0x6b [ 81.074408][ T5980] Bluetooth: hci3: Dropping invalid advertising data [ 81.080249][ T5980] Bluetooth: hci3: Malformed LE Event: 0x02 [ 81.135396][ T911] cfg80211: failed to load regulatory.db [ 81.136204][ T6705] orangefs: client-core tried to read wrong size [ 81.206294][ T6711] netlink: 'syz.0.173': attribute type 11 has an invalid length. [ 81.210744][ T6711] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.173'. [ 81.316315][ T6708] hub 9-0:1.0: USB hub found [ 81.318344][ T6708] hub 9-0:1.0: 1 port detected [ 81.419035][ T6721] netlink: 7 bytes leftover after parsing attributes in process `syz.0.176'. [ 81.424450][ T6721] netlink: 7 bytes leftover after parsing attributes in process `syz.0.176'. [ 81.499966][ T6721] raw_sendmsg: syz.0.176 forgot to set AF_INET. Fix it! [ 81.628669][ T6730] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 81.685786][ T6731] : entered promiscuous mode [ 82.340107][ T6738] netlink: 104 bytes leftover after parsing attributes in process `syz.1.181'. [ 83.314890][ T6765] cgroup: Unknown subsys name 'cpuset' [ 83.318366][ T6765] netlink: 8 bytes leftover after parsing attributes in process `syz.3.187'. [ 83.523723][ T6773] FAULT_INJECTION: forcing a failure. [ 83.523723][ T6773] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 83.534637][ T6773] CPU: 2 UID: 0 PID: 6773 Comm: syz.2.190 Not tainted syzkaller #0 PREEMPT(full) [ 83.534661][ T6773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 83.534670][ T6773] Call Trace: [ 83.534676][ T6773] [ 83.534684][ T6773] dump_stack_lvl+0x16c/0x1f0 [ 83.534710][ T6773] should_fail_ex+0x512/0x640 [ 83.534737][ T6773] _copy_from_user+0x2e/0xd0 [ 83.534760][ T6773] ia32_restore_sigcontext+0xc3/0x630 [ 83.534783][ T6773] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 83.534801][ T6773] ? rcu_is_watching+0x12/0xc0 [ 83.534812][ T6773] ? _raw_spin_unlock_irq+0x23/0x50 [ 83.534833][ T6773] ? lockdep_hardirqs_on+0x7c/0x110 [ 83.534847][ T6773] __do_compat_sys_rt_sigreturn+0x120/0x1f0 [ 83.534863][ T6773] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 83.534880][ T6773] ? rcu_is_watching+0x12/0xc0 [ 83.534893][ T6773] do_int80_emulation+0x104/0x460 [ 83.534915][ T6773] asm_int80_emulation+0x1a/0x20 [ 83.534991][ T6773] RIP: 0023:0xf7fc75a7 [ 83.535005][ T6773] Code: 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 90 58 b8 77 00 00 00 cd 80 90 8d b4 26 00 00 00 00 b8 ad 00 00 00 cd 80 <90> 90 90 90 90 90 90 90 90 55 89 e5 57 8d 3d 2c dc ff ff 56 53 e8 [ 83.535018][ T6773] RSP: 002b:00000000f54d5940 EFLAGS: 00000286 ORIG_RAX: 00000000000000ad [ 83.535033][ T6773] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f54d59cc [ 83.535043][ T6773] RDX: 00000000f54d594c RSI: 0000000000000000 RDI: 0000000000000000 [ 83.535051][ T6773] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 83.535061][ T6773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 83.535070][ T6773] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 83.535091][ T6773] [ 83.674881][ T40] kauditd_printk_skb: 11 callbacks suppressed [ 83.674892][ T40] audit: type=1326 audit(1756997674.357:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6767 comm="syz.3.189" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x0 [ 83.919989][ T6777] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 83.922155][ T6777] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 83.925659][ T6777] vhci_hcd vhci_hcd.0: Device attached [ 84.176450][ T6640] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 84.457877][ T6778] vhci_hcd: connection reset by peer [ 84.461464][ T1143] vhci_hcd: stop threads [ 84.462894][ T1143] vhci_hcd: release socket [ 84.464980][ T1143] vhci_hcd: disconnect device [ 84.917819][ T6790] ======================================================= [ 84.917819][ T6790] WARNING: The mand mount option has been deprecated and [ 84.917819][ T6790] and is ignored by this kernel. Remove the mand [ 84.917819][ T6790] option from the mount to silence this warning. [ 84.917819][ T6790] ======================================================= [ 84.954124][ T6790] overlayfs: failed to resolve './bus/file0': -89 [ 85.042070][ T6794] netlink: 24 bytes leftover after parsing attributes in process `syz.2.196'. [ 85.148289][ T6797] fuse: Bad value for 'user_id' [ 85.150814][ T6797] fuse: Bad value for 'user_id' [ 85.243233][ T6120] udevd[6120]: symlink '../../loop8' '/dev/disk/by-diskseq/75.tmp-b7:8' failed: Read-only file system [ 85.264378][ T6120] udevd[6120]: symlink '../../loop8' '/dev/disk/by-diskseq/76.tmp-b7:8' failed: Read-only file system [ 85.341820][ T6800] netlink: 'syz.1.198': attribute type 13 has an invalid length. [ 85.345336][ T6801] netlink: 'syz.1.198': attribute type 13 has an invalid length. [ 86.034250][ T6120] udevd[6120]: symlink '../../loop8' '/dev/disk/by-diskseq/76.tmp-b7:8' failed: Read-only file system [ 86.077294][ T6120] udevd[6120]: symlink '../../loop8' '/dev/disk/by-diskseq/76.tmp-b7:8' failed: Read-only file system [ 86.274852][ T6819] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 87.635088][ T6836] pim6reg1: entered promiscuous mode [ 87.637990][ T6836] pim6reg1: entered allmulticast mode [ 87.662582][ T6838] fuse: Unknown parameter 'f^ºE7ë' [ 87.728598][ T5980] Bluetooth: hci3: unexpected event for opcode 0x0407 [ 87.729964][ T6843] netlink: 256 bytes leftover after parsing attributes in process `syz.1.213'. [ 87.774415][ T6846] netlink: 256 bytes leftover after parsing attributes in process `syz.1.214'. [ 87.779602][ T6846] netlink: 72 bytes leftover after parsing attributes in process `syz.1.214'. [ 87.833188][ T6850] warning: `syz.1.215' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 88.343796][ T6865] overlayfs: maximum fs stacking depth exceeded [ 89.366627][ T6640] vhci_hcd: vhci_device speed not set [ 90.171391][ T6896] netlink: 20 bytes leftover after parsing attributes in process `syz.0.227'. [ 90.175154][ T6896] xfrm0: entered promiscuous mode [ 90.177990][ T6896] xfrm0: entered allmulticast mode [ 90.314716][ T6902] syz.1.229 uses obsolete (PF_INET,SOCK_PACKET) [ 90.683124][ T6907] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 90.685254][ T6907] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 90.687947][ T6907] vhci_hcd vhci_hcd.0: Device attached [ 90.758183][ T6908] vhci_hcd: connection closed [ 90.758954][ T1143] vhci_hcd: stop threads [ 90.763972][ T1143] vhci_hcd: release socket [ 90.766148][ T1143] vhci_hcd: disconnect device [ 91.302812][ T6919] overlayfs: failed to resolve './bus': -2 [ 91.390805][ T6924] netlink: 'syz.1.233': attribute type 34 has an invalid length. [ 92.056520][ T841] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 92.208337][ T841] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 92.230157][ T841] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 92.234001][ T841] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.256443][ T841] usb 5-1: Product: syz [ 92.260334][ T841] usb 5-1: Manufacturer: syz [ 92.262346][ T841] usb 5-1: SerialNumber: syz [ 92.267228][ T841] usb 5-1: config 0 descriptor?? [ 92.646458][ T1469] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 92.708678][ T6938] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.711515][ T6938] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.856501][ T1469] usb 7-1: Using ep0 maxpacket: 8 [ 92.859668][ T1469] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 92.865769][ T1469] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 92.874148][ T1469] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 92.879462][ T1469] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 92.883058][ T1469] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 92.901261][ T1469] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 92.904518][ T1469] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.126798][ T1469] usb 7-1: usb_control_msg returned -32 [ 93.129109][ T1469] usbtmc 7-1:16.0: can't read capabilities [ 94.327009][ T7018] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 94.330676][ T7018] block device autoloading is deprecated and will be removed. [ 94.345561][ T7017] md: md2 stopped. [ 95.275809][ T7036] netlink: 32 bytes leftover after parsing attributes in process `syz.3.252'. [ 95.279001][ T7036] bridge: RTM_NEWNEIGH with invalid ether address [ 95.912275][ T840] usb 7-1: USB disconnect, device number 3 [ 96.028545][ T911] libceph: connect (1)[c::]:6789 error -101 [ 96.030714][ T911] libceph: mon0 (1)[c::]:6789 connect error [ 96.111176][ T7061] random: crng reseeded on system resumption [ 96.217105][ T40] audit: type=1800 audit(1756997686.897:24): pid=7059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.257" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 96.332812][ T7050] ceph: No mds server is up or the cluster is laggy [ 96.436437][ T911] libceph: connect (1)[c::]:6789 error -101 [ 96.439087][ T911] libceph: mon0 (1)[c::]:6789 connect error [ 97.752934][ T7079] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 97.768559][ T7079] kvm: pic: non byte read [ 98.009680][ T7091] trusted_key: encrypted_key: insufficient parameters specified [ 98.609116][ T7098] block nbd0: Attempted send on invalid socket [ 98.611522][ T7098] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 98.615344][ T7098] exFAT-fs (nbd0): unable to read boot sector [ 98.620024][ T7098] exFAT-fs (nbd0): failed to read boot sector [ 98.624836][ T7098] exFAT-fs (nbd0): failed to recognize exfat type [ 98.998406][ T34] IPVS: starting estimator thread 0... [ 99.003699][ T7105] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 99.146723][ T7107] IPVS: using max 46 ests per chain, 110400 per kthread [ 99.570425][ T7116] overlayfs: maximum fs stacking depth exceeded [ 99.873060][ T96] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.882748][ T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.499684][ T7139] FAULT_INJECTION: forcing a failure. [ 101.499684][ T7139] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 101.505187][ T7139] CPU: 0 UID: 0 PID: 7139 Comm: syz.1.282 Not tainted syzkaller #0 PREEMPT(full) [ 101.505209][ T7139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 101.505220][ T7139] Call Trace: [ 101.505226][ T7139] [ 101.505233][ T7139] dump_stack_lvl+0x16c/0x1f0 [ 101.505282][ T7139] should_fail_ex+0x512/0x640 [ 101.505316][ T7139] _copy_from_user+0x2e/0xd0 [ 101.505345][ T7139] move_addr_to_kernel+0x65/0x170 [ 101.505365][ T7139] __sys_bind+0x11b/0x260 [ 101.505385][ T7139] ? __pfx___sys_bind+0x10/0x10 [ 101.505403][ T7139] ? __fget_files+0x20e/0x3c0 [ 101.505431][ T7139] ? __pfx_ksys_write+0x10/0x10 [ 101.505458][ T7139] __ia32_sys_bind+0x71/0xb0 [ 101.505476][ T7139] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 101.505506][ T7139] __do_fast_syscall_32+0x7c/0x3a0 [ 101.505533][ T7139] do_fast_syscall_32+0x32/0x80 [ 101.505557][ T7139] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 101.505579][ T7139] RIP: 0023:0xf70be579 [ 101.505594][ T7139] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 101.505609][ T7139] RSP: 002b:00000000f54ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000169 [ 101.505626][ T7139] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800004c0 [ 101.505637][ T7139] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 101.505646][ T7139] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 101.505655][ T7139] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 101.505665][ T7139] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 101.505687][ T7139] [ 101.932960][ T7166] netlink: 4 bytes leftover after parsing attributes in process `syz.1.287'. [ 101.936449][ T840] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 102.089833][ T7167] overlayfs: maximum fs stacking depth exceeded [ 102.151344][ T840] usb 7-1: Using ep0 maxpacket: 8 [ 102.154299][ T840] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 102.156947][ T840] usb 7-1: config 0 has no interface number 0 [ 102.158857][ T840] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 102.162216][ T840] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 102.166119][ T840] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 102.172311][ T840] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 102.176821][ T840] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 102.179890][ T840] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.187191][ T840] usb 7-1: config 0 descriptor?? [ 102.194013][ T840] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 102.395499][ T7142] fuse: Bad value for 'user_id' [ 102.398072][ T7142] fuse: Bad value for 'user_id' [ 102.403377][ T60] usb 7-1: USB disconnect, device number 4 [ 102.407119][ T60] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 102.764939][ T7178] netlink: 'syz.0.294': attribute type 1 has an invalid length. [ 102.784616][ T7178] 8021q: adding VLAN 0 to HW filter on device bond1 [ 102.816911][ T7178] bond1: (slave wlan0): Enslaving as an active interface with a down link [ 102.834446][ T7178] vlan2: entered allmulticast mode [ 102.836741][ T7178] veth1: entered allmulticast mode [ 102.841688][ T7178] veth1: entered promiscuous mode [ 102.843805][ T7178] veth1: left promiscuous mode [ 102.846660][ T7178] bond1: (slave vlan2): making interface the new active one [ 102.849085][ T7178] bond1: (slave wlan0): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 102.854796][ T7178] veth1: entered promiscuous mode [ 102.861169][ T7178] vlan2: entered promiscuous mode [ 102.863295][ T7178] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 104.044345][ T7209] overlayfs: maximum fs stacking depth exceeded [ 104.418735][ T7219] netlink: 5 bytes leftover after parsing attributes in process `syz.2.306'. [ 104.470775][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.473787][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.701202][ T7231] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 106.032046][ T7250] mmap: syz.0.310 (7250) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 107.397834][ T7282] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 107.406463][ T840] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 107.560892][ T840] usb 7-1: config index 0 descriptor too short (expected 45, got 36) [ 107.564405][ T840] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.571132][ T840] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 107.582366][ T840] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 107.590020][ T7285] fuse: Bad value for 'fd' [ 107.595417][ T840] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 107.612426][ T840] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 107.616178][ T840] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.670775][ T840] usb 7-1: config 0 descriptor?? [ 107.681066][ T7281] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 108.148771][ T840] plantronics 0003:047F:FFFF.0002: reserved main item tag 0xd [ 108.195735][ T840] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 108.503541][ T911] usb 7-1: USB disconnect, device number 5 [ 108.954291][ T7315] fuse: Bad value for 'fd' [ 111.060764][ T7364] netlink: 'syz.2.331': attribute type 3 has an invalid length. [ 111.064268][ T7364] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.331'. [ 111.570906][ T7378] tipc: Enabling of bearer rejected, failed to enable media [ 112.011727][ T7390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.340'. [ 112.122630][ T7397] fuse: Unknown parameter '184467440737095516150x0000000000000008' [ 112.622510][ T7404] hub 9-0:1.0: USB hub found [ 112.625139][ T7404] hub 9-0:1.0: 1 port detected [ 113.356442][ T841] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 113.528014][ T841] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 113.531621][ T841] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.537825][ T841] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 113.541406][ T841] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 113.544731][ T841] usb 7-1: Manufacturer: syz [ 113.551950][ T841] usb 7-1: config 0 descriptor?? [ 113.606513][ T841] rc_core: IR keymap rc-hauppauge not found [ 113.608883][ T841] Registered IR keymap rc-empty [ 113.612480][ T841] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 113.621479][ T841] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input6 [ 113.739144][ T7426] netlink: 'syz.0.351': attribute type 1 has an invalid length. [ 113.763757][ T7417] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.767660][ T7417] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.047957][ T911] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 114.544008][ T7445] overlayfs: failed to clone lowerpath [ 115.072087][ T40] audit: type=1326 audit(1756997705.757:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7458 comm="syz.2.361" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x0 [ 115.787578][ T12] vlan2: left promiscuous mode [ 115.796981][ T1330] usb 7-1: USB disconnect, device number 6 [ 116.040314][ T7466] overlayfs: maximum fs stacking depth exceeded [ 116.770684][ T7480] ceph: No mds server is up or the cluster is laggy [ 116.779929][ T1330] libceph: connect (1)[c::]:6789 error -101 [ 116.789014][ T1330] libceph: mon0 (1)[c::]:6789 connect error [ 116.798007][ T7488] binder_alloc: 7486: binder_alloc_buf size -16 failed, no address space [ 116.801567][ T7488] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 116.898935][ T7495] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 116.901680][ T7495] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 116.904953][ T7495] vhci_hcd vhci_hcd.0: Device attached [ 116.929063][ T7496] vhci_hcd: connection closed [ 116.929230][ T1143] vhci_hcd: stop threads [ 116.932142][ T1143] vhci_hcd: release socket [ 116.934381][ T1143] vhci_hcd: disconnect device [ 117.834707][ T7507] overlay: Unknown parameter 'euid>00000000000000000000' [ 117.979567][ T7514] netlink: 24 bytes leftover after parsing attributes in process `syz.3.378'. [ 118.172683][ T7518] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 118.175709][ T7518] block device autoloading is deprecated and will be removed. [ 118.184667][ T7514] md: md2 stopped. [ 118.295367][ T7509] overlayfs: failed to clone lowerpath [ 118.452587][ T7521] nfs: Unknown parameter 'lowerdir' [ 120.115804][ T40] audit: type=1326 audit(1756997710.797:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15598 code=0x7ffc0000 [ 120.124260][ T40] audit: type=1326 audit(1756997710.797:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15598 code=0x7ffc0000 [ 120.131086][ T40] audit: type=1326 audit(1756997710.797:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15598 code=0x7ffc0000 [ 120.138177][ T40] audit: type=1326 audit(1756997710.797:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15598 code=0x7ffc0000 [ 120.144796][ T40] audit: type=1326 audit(1756997710.797:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15598 code=0x7ffc0000 [ 120.152851][ T40] audit: type=1326 audit(1756997710.797:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15598 code=0x7ffc0000 [ 120.160570][ T40] audit: type=1326 audit(1756997710.797:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15598 code=0x7ffc0000 [ 120.167451][ T40] audit: type=1326 audit(1756997710.797:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15598 code=0x7ffc0000 [ 120.174282][ T40] audit: type=1326 audit(1756997710.797:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15598 code=0x7ffc0000 [ 120.181627][ T40] audit: type=1326 audit(1756997710.797:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15598 code=0x7ffc0000 [ 121.275967][ T7596] netlink: 20 bytes leftover after parsing attributes in process `syz.1.393'. [ 121.733165][ T7600] hub 9-0:1.0: USB hub found [ 121.735269][ T7600] hub 9-0:1.0: 1 port detected [ 123.106706][ T911] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 123.260195][ T911] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 123.265644][ T911] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 123.269957][ T911] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.275530][ T911] usb 7-1: config 0 descriptor?? [ 123.282911][ T911] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 123.398499][ T7643] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 123.715079][ T7652] tipc: Started in network mode [ 123.716756][ T7652] tipc: Node identity 080211000001, cluster identity 4711 [ 123.719463][ T7652] tipc: Enabled bearer , priority 0 [ 123.845072][ T7665] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 123.848749][ T7665] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 124.687336][ T7679] netlink: 32 bytes leftover after parsing attributes in process `syz.1.426'. [ 124.690084][ T7679] bridge: RTM_NEWNEIGH with invalid ether address [ 124.693369][ T7681] netlink: 104 bytes leftover after parsing attributes in process `syz.3.427'. [ 124.727628][ T1469] tipc: Node number set to 134418688 [ 125.783916][ T6120] udevd[6120]: symlink '../../loop8' '/dev/disk/by-diskseq/77.tmp-b7:8' failed: Read-only file system [ 125.889303][ T911] usb 7-1: USB disconnect, device number 7 [ 126.059940][ T7707] netlink: 'syz.0.437': attribute type 10 has an invalid length. [ 126.063352][ T7707] netlink: 40 bytes leftover after parsing attributes in process `syz.0.437'. [ 126.068450][ T7707] dummy0: entered promiscuous mode [ 126.072375][ T7707] bridge0: port 3(dummy0) entered blocking state [ 126.074767][ T7707] bridge0: port 3(dummy0) entered disabled state [ 126.076960][ T7707] dummy0: entered allmulticast mode [ 126.079758][ T7707] bridge0: port 3(dummy0) entered blocking state [ 126.082037][ T7707] bridge0: port 3(dummy0) entered forwarding state [ 126.116561][ T7711] netlink: 32 bytes leftover after parsing attributes in process `syz.2.436'. [ 126.120519][ T7711] bridge: RTM_NEWNEIGH with invalid ether address [ 126.130272][ T7713] random: crng reseeded on system resumption [ 126.428033][ T7721] FAULT_INJECTION: forcing a failure. [ 126.428033][ T7721] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 126.432100][ T7721] CPU: 1 UID: 0 PID: 7721 Comm: syz.0.439 Not tainted syzkaller #0 PREEMPT(full) [ 126.432124][ T7721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 126.432131][ T7721] Call Trace: [ 126.432135][ T7721] [ 126.432150][ T7721] dump_stack_lvl+0x16c/0x1f0 [ 126.432170][ T7721] should_fail_ex+0x512/0x640 [ 126.432186][ T7721] _copy_from_user+0x2e/0xd0 [ 126.432203][ T7721] copy_from_sockptr_offset.constprop.0+0x153/0x1a0 [ 126.432217][ T7721] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 126.432237][ T7721] do_ipv6_setsockopt+0x86e/0x4350 [ 126.432251][ T7721] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 126.432262][ T7721] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 126.432278][ T7721] ? kvm_sched_clock_read+0x11/0x20 [ 126.432291][ T7721] ? sched_clock+0x38/0x60 [ 126.432309][ T7721] ? lock_acquire+0x179/0x350 [ 126.432328][ T7721] ? __pfx___might_resched+0x10/0x10 [ 126.432339][ T7721] ? __lock_acquire+0x62e/0x1ce0 [ 126.432354][ T7721] ? aa_sk_perm+0x2f4/0xb10 [ 126.432367][ T7721] ? __pfx_aa_sk_perm+0x10/0x10 [ 126.432382][ T7721] ? ipv6_setsockopt+0xcb/0x170 [ 126.432392][ T7721] ipv6_setsockopt+0xcb/0x170 [ 126.432405][ T7721] tcp_setsockopt+0xa7/0x100 [ 126.432417][ T7721] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 126.432435][ T7721] do_sock_setsockopt+0xf3/0x1d0 [ 126.432452][ T7721] __sys_setsockopt+0x120/0x1a0 [ 126.432467][ T7721] __ia32_sys_setsockopt+0xbc/0x160 [ 126.432479][ T7721] ? lockdep_hardirqs_on+0x7c/0x110 [ 126.432492][ T7721] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 126.432506][ T7721] __do_fast_syscall_32+0x7c/0x3a0 [ 126.432522][ T7721] do_fast_syscall_32+0x32/0x80 [ 126.432535][ T7721] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 126.432548][ T7721] RIP: 0023:0xf7f15579 [ 126.432556][ T7721] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 126.432566][ T7721] RSP: 002b:00000000f53e455c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 126.432576][ T7721] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000000029 [ 126.432582][ T7721] RDX: 000000000000002f RSI: 0000000080000240 RDI: 0000000000000108 [ 126.432588][ T7721] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 126.432593][ T7721] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 126.432599][ T7721] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 126.432611][ T7721] [ 127.111197][ T40] kauditd_printk_skb: 946 callbacks suppressed [ 127.111443][ T40] audit: type=1326 audit(1756997717.797:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.0.444" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 127.130649][ T40] audit: type=1326 audit(1756997717.797:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.0.444" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 127.137699][ T40] audit: type=1326 audit(1756997717.797:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.0.444" exe="/syz-executor" sig=0 arch=40000003 syscall=374 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 127.144791][ T40] audit: type=1326 audit(1756997717.797:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.0.444" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 127.152724][ T40] audit: type=1326 audit(1756997717.797:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.0.444" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 127.159644][ T40] audit: type=1326 audit(1756997717.797:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.0.444" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 127.172172][ T40] audit: type=1326 audit(1756997717.797:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.0.444" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 127.202602][ T40] audit: type=1326 audit(1756997717.797:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.0.444" exe="/syz-executor" sig=0 arch=40000003 syscall=343 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 127.209480][ T40] audit: type=1326 audit(1756997946.810:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.0.444" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 127.217888][ T40] audit: type=1326 audit(1756997946.810:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.0.444" exe="/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 128.110846][ T6120] udevd[6120]: symlink '../../loop3' '/dev/disk/by-diskseq/80.tmp-b7:3' failed: Read-only file system [ 128.132523][ T6120] udevd[6120]: symlink '../../loop3' '/dev/disk/by-diskseq/80.tmp-b7:3' failed: Read-only file system [ 128.167467][ T7756] bond1: (slave wlan0): Releasing active interface [ 128.169832][ T7756] bond1: (slave wlan0): the permanent HWaddr of slave - 08:02:11:00:00:00 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 128.175016][ T7756] vlan2: entered promiscuous mode [ 128.260624][ T6120] udevd[6120]: symlink '../../loop3' '/dev/disk/by-diskseq/80.tmp-b7:3' failed: Read-only file system [ 128.409081][ T6120] udevd[6120]: symlink '../../loop3' '/dev/disk/by-diskseq/80.tmp-b7:3' failed: Read-only file system [ 128.424519][ T7761] netlink: 'syz.3.453': attribute type 1 has an invalid length. [ 128.444057][ T7761] policy can only be matched on NF_INET_PRE_ROUTING [ 128.444068][ T7761] unable to load match [ 128.449868][ T7761] netlink: 4 bytes leftover after parsing attributes in process `syz.3.453'. [ 128.478398][ T6120] udevd[6120]: symlink '../../loop3' '/dev/disk/by-diskseq/80.tmp-b7:3' failed: Read-only file system [ 128.707740][ T6120] udevd[6120]: symlink '../../loop3' '/dev/disk/by-diskseq/80.tmp-b7:3' failed: Read-only file system [ 128.740468][ T6120] udevd[6120]: symlink '../../loop3' '/dev/disk/by-diskseq/80.tmp-b7:3' failed: Read-only file system [ 128.937784][ T7777] team0: No ports can be present during mode change [ 128.941401][ T7777] tipc: Started in network mode [ 128.943513][ T7777] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 128.946507][ T7777] tipc: Enabled bearer , priority 0 [ 129.140987][ T7781] netlink: 32 bytes leftover after parsing attributes in process `syz.1.458'. [ 129.146382][ T7781] bridge: RTM_NEWNEIGH with invalid ether address [ 129.239842][ T6120] udevd[6120]: symlink '../../loop3' '/dev/disk/by-diskseq/81.tmp-b7:3' failed: Read-only file system [ 129.248078][ T7783] tipc: Enabling of bearer rejected, already enabled [ 129.252550][ T7783] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode [ 129.266494][ T7783] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode [ 129.281718][ T7783] tipc: Resetting bearer [ 129.315517][ T6120] udevd[6120]: symlink '../../loop3' '/dev/disk/by-diskseq/81.tmp-b7:3' failed: Read-only file system [ 129.484208][ T7788] netlink: 20 bytes leftover after parsing attributes in process `syz.0.461'. [ 129.487439][ T7788] netlink: 20 bytes leftover after parsing attributes in process `syz.0.461'. [ 129.495176][ T7788] openvswitch: netlink: IP tunnel dst address not specified [ 129.946526][ T61] tipc: Node number set to 11578026 [ 129.951322][ T7804] netlink: 'syz.1.465': attribute type 1 has an invalid length. [ 129.971362][ T7804] bond1: (slave vxcan1): The slave device specified does not support setting the MAC address [ 129.976225][ T7804] bond1: (slave vxcan1): Error -95 calling set_mac_address [ 129.987895][ T7805] bond1: (slave vxcan1): The slave device specified does not support setting the MAC address [ 129.991901][ T7805] bond1: (slave vxcan1): Error -95 calling set_mac_address [ 130.020221][ T7810] gretap1: entered promiscuous mode [ 130.025435][ T7810] bond1: (slave gretap1): making interface the new active one [ 130.028965][ T7810] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 130.037174][ T7810] macvlan2: entered promiscuous mode [ 130.039582][ T7810] macvlan2: entered allmulticast mode [ 130.042525][ T7810] bond1: entered promiscuous mode [ 130.045725][ T7810] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 130.051510][ T7810] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 130.059658][ T7810] bond1: left promiscuous mode [ 130.289778][ T7822] netlink: 'syz.3.469': attribute type 7 has an invalid length. [ 130.632428][ T7836] overlayfs: maximum fs stacking depth exceeded [ 130.795228][ T7852] : entered promiscuous mode [ 131.380113][ T6120] udevd[6120]: symlink '../../loop3' '/dev/disk/by-diskseq/81.tmp-b7:3' failed: Read-only file system [ 131.380722][ T7873] netlink: 104 bytes leftover after parsing attributes in process `syz.3.474'. [ 131.408963][ T7874] netlink: 32 bytes leftover after parsing attributes in process `syz.0.473'. [ 131.411953][ T7874] bridge: RTM_NEWNEIGH with invalid ether address [ 132.215604][ T7882] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.243515][ T6120] udevd[6120]: symlink '../../loop3' '/dev/disk/by-diskseq/81.tmp-b7:3' failed: Read-only file system [ 132.281170][ T6120] udevd[6120]: symlink '../../loop3' '/dev/disk/by-diskseq/81.tmp-b7:3' failed: Read-only file system [ 132.305226][ T7882] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.338227][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.340242][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.407729][ T7889] hub 9-0:1.0: USB hub found [ 132.410045][ T7889] hub 9-0:1.0: 1 port detected [ 132.436402][ T6120] udevd[6120]: symlink '../../loop3' '/dev/disk/by-diskseq/81.tmp-b7:3' failed: Read-only file system [ 132.452328][ T7892] syzkaller1: entered promiscuous mode [ 132.454924][ T7892] syzkaller1: entered allmulticast mode [ 146.983283][ T5983] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 146.988043][ T5983] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 146.991994][ T5983] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 146.994953][ T5983] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 146.997895][ T5983] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 147.897832][ T34] usb 5-1: USB disconnect, device number 2 [ 147.933672][ T1423] ================================================================== [ 147.936048][ T1423] BUG: KASAN: slab-use-after-free in tty_write_room+0x7d/0x90 [ 147.938374][ T1423] Read of size 8 at addr ffff88806b79d020 by task aoe_tx0/1423 [ 147.942096][ T1423] [ 147.943135][ T1423] CPU: 2 UID: 0 PID: 1423 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) [ 147.943148][ T1423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 147.943154][ T1423] Call Trace: [ 147.943158][ T1423] [ 147.943162][ T1423] dump_stack_lvl+0x116/0x1f0 [ 147.943179][ T1423] print_report+0xcd/0x630 [ 147.943191][ T1423] ? __virt_addr_valid+0x81/0x610 [ 147.943204][ T1423] ? __phys_addr+0xe8/0x180 [ 147.943216][ T1423] ? tty_write_room+0x7d/0x90 [ 147.943225][ T1423] kasan_report+0xe0/0x110 [ 147.943238][ T1423] ? tty_write_room+0x7d/0x90 [ 147.943248][ T1423] tty_write_room+0x7d/0x90 [ 147.943258][ T1423] handle_tx+0x14f/0x630 [ 147.943271][ T1423] dev_hard_start_xmit+0x97/0x740 [ 147.943284][ T1423] __dev_queue_xmit+0xa46/0x4490 [ 147.943296][ T1423] ? lockdep_hardirqs_on+0x7c/0x110 [ 147.943308][ T1423] ? finish_task_switch.isra.0+0x221/0xc10 [ 147.943319][ T1423] ? rcu_is_watching+0x12/0xc0 [ 147.943330][ T1423] ? __pfx___dev_queue_xmit+0x10/0x10 [ 147.943340][ T1423] ? __schedule+0x11a3/0x5de0 [ 147.943353][ T1423] ? __lock_acquire+0xb97/0x1ce0 [ 147.943368][ T1423] ? do_raw_spin_lock+0x12c/0x2b0 [ 147.943383][ T1423] ? find_held_lock+0x2b/0x80 [ 147.943392][ T1423] ? skb_dequeue+0x126/0x180 [ 147.943402][ T1423] ? find_held_lock+0x2b/0x80 [ 147.943412][ T1423] ? rcu_is_watching+0x12/0xc0 [ 147.943422][ T1423] tx+0xcc/0x190 [ 147.943435][ T1423] ? __pfx_tx+0x10/0x10 [ 147.943446][ T1423] kthread+0x1e1/0x3e0 [ 147.943457][ T1423] ? find_held_lock+0x2b/0x80 [ 147.943466][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.943477][ T1423] ? __pfx_default_wake_function+0x10/0x10 [ 147.943486][ T1423] ? lockdep_hardirqs_on+0x7c/0x110 [ 147.943499][ T1423] ? __kthread_parkme+0x19e/0x250 [ 147.943511][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.943522][ T1423] kthread+0x3c5/0x780 [ 147.943535][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.943549][ T1423] ? rcu_is_watching+0x12/0xc0 [ 147.943558][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.943572][ T1423] ret_from_fork+0x5d7/0x6f0 [ 147.943586][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.943599][ T1423] ret_from_fork_asm+0x1a/0x30 [ 147.943614][ T1423] [ 147.943618][ T1423] [ 148.010330][ T1423] Allocated by task 6938: [ 148.011678][ T1423] kasan_save_stack+0x33/0x60 [ 148.013187][ T1423] kasan_save_track+0x14/0x30 [ 148.014679][ T1423] __kasan_kmalloc+0xaa/0xb0 [ 148.016145][ T1423] alloc_tty_struct+0x96/0x8c0 [ 148.017653][ T1423] tty_init_dev.part.0+0x1e/0x500 [ 148.019242][ T1423] tty_open+0xa50/0xf90 [ 148.020559][ T1423] chrdev_open+0x231/0x6a0 [ 148.021973][ T1423] do_dentry_open+0x97f/0x1530 [ 148.023540][ T1423] vfs_open+0x82/0x3f0 [ 148.024820][ T1423] path_openat+0x1de4/0x2cb0 [ 148.026270][ T1423] do_filp_open+0x20b/0x470 [ 148.027737][ T1423] do_sys_openat2+0x11b/0x1d0 [ 148.029238][ T1423] __ia32_compat_sys_openat+0x16d/0x210 [ 148.030990][ T1423] __do_fast_syscall_32+0x7c/0x3a0 [ 148.032614][ T1423] do_fast_syscall_32+0x32/0x80 [ 148.034138][ T1423] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 148.036127][ T1423] [ 148.036898][ T1423] Freed by task 6065: [ 148.038168][ T1423] kasan_save_stack+0x33/0x60 [ 148.039664][ T1423] kasan_save_track+0x14/0x30 [ 148.041132][ T1423] kasan_save_free_info+0x3b/0x60 [ 148.042732][ T1423] __kasan_slab_free+0x60/0x70 [ 148.044261][ T1423] kfree+0x2b4/0x4d0 [ 148.045526][ T1423] process_one_work+0x9cf/0x1b70 [ 148.047108][ T1423] worker_thread+0x6c8/0xf10 [ 148.048542][ T1423] kthread+0x3c5/0x780 [ 148.049848][ T1423] ret_from_fork+0x5d7/0x6f0 [ 148.051336][ T1423] ret_from_fork_asm+0x1a/0x30 [ 148.052874][ T1423] [ 148.053643][ T1423] Last potentially related work creation: [ 148.055436][ T1423] kasan_save_stack+0x33/0x60 [ 148.056925][ T1423] kasan_record_aux_stack+0xa7/0xc0 [ 148.058566][ T1423] insert_work+0x36/0x230 [ 148.059948][ T1423] __queue_work+0x97e/0x1160 [ 148.061411][ T1423] queue_work_on+0x1a4/0x1f0 [ 148.062898][ T1423] release_tty+0x4de/0x5d0 [ 148.064309][ T1423] tty_release_struct+0xb7/0xe0 [ 148.065841][ T1423] tty_release+0xe2d/0x1430 [ 148.067289][ T1423] __fput+0x3ff/0xb70 [ 148.068558][ T1423] task_work_run+0x14d/0x240 [ 148.070026][ T1423] do_exit+0x86f/0x2bf0 [ 148.071357][ T1423] do_group_exit+0xd3/0x2a0 [ 148.072797][ T1423] get_signal+0x2673/0x26d0 [ 148.074263][ T1423] arch_do_signal_or_restart+0x8f/0x790 [ 148.076008][ T1423] exit_to_user_mode_loop+0x84/0x110 [ 148.077673][ T1423] __do_fast_syscall_32+0x2ac/0x3a0 [ 148.079320][ T1423] do_fast_syscall_32+0x32/0x80 [ 148.080858][ T1423] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 148.082856][ T1423] [ 148.083627][ T1423] The buggy address belongs to the object at ffff88806b79d000 [ 148.083627][ T1423] which belongs to the cache kmalloc-cg-2k of size 2048 [ 148.087998][ T1423] The buggy address is located 32 bytes inside of [ 148.087998][ T1423] freed 2048-byte region [ffff88806b79d000, ffff88806b79d800) [ 148.090769][ T5988] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 148.092076][ T5981] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 148.092201][ T1423] [ 148.092205][ T1423] The buggy address belongs to the physical page: [ 148.092210][ T1423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806b79f000 pfn:0x6b798 [ 148.092220][ T1423] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 148.092227][ T1423] memcg:ffff888068daf981 [ 148.092232][ T1423] flags: 0x4fff00000000240(workingset|head|node=1|zone=1|lastcpupid=0x7ff) [ 148.092241][ T1423] page_type: f5(slab) [ 148.092250][ T1423] raw: 04fff00000000240 ffff88801b84c140 ffff888040402708 ffffea00012dd210 [ 148.092259][ T1423] raw: ffff88806b79f000 0000000000080005 00000000f5000000 ffff888068daf981 [ 148.092267][ T1423] head: 04fff00000000240 ffff88801b84c140 ffff888040402708 ffffea00012dd210 [ 148.092276][ T1423] head: ffff88806b79f000 0000000000080005 00000000f5000000 ffff888068daf981 [ 148.092284][ T1423] head: 04fff00000000003 ffffea0001ade601 00000000ffffffff 00000000ffffffff [ 148.092293][ T1423] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 148.092298][ T1423] page dumped because: kasan: bad access detected [ 148.092302][ T1423] page_owner tracks the page as allocated [ 148.092306][ T1423] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5976, tgid 5976 (syz-executor), ts 48462830948, free_ts 48451061124 [ 148.093800][ T5981] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 148.094255][ T5981] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 148.095898][ T5981] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 148.096572][ T5988] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 148.096984][ T5988] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 148.097008][ T1423] post_alloc_hook+0x1c0/0x230 [ 148.097020][ T1423] get_page_from_freelist+0x132b/0x38e0 [ 148.097030][ T1423] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 148.097041][ T1423] alloc_pages_mpol+0x1fb/0x550 [ 148.097053][ T1423] new_slab+0x247/0x330 [ 148.097721][ T5988] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 148.097976][ T5988] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 148.105110][ T5988] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 148.105692][ T1423] ___slab_alloc+0xcf2/0x1740 [ 148.164073][ T1423] __slab_alloc.constprop.0+0x56/0xb0 [ 148.165759][ T1423] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 148.167763][ T1423] kmemdup_noprof+0x29/0x60 [ 148.169206][ T1423] neigh_sysctl_register+0xb2/0x670 [ 148.170852][ T1423] addrconf_sysctl_register+0xb9/0x1f0 [ 148.172589][ T1423] ipv6_add_dev+0xb31/0x15f0 [ 148.174047][ T1423] addrconf_notify+0x53e/0x19e0 [ 148.175594][ T1423] notifier_call_chain+0xb9/0x410 [ 148.177167][ T1423] call_netdevice_notifiers_info+0xbe/0x140 [ 148.179024][ T1423] register_netdevice+0x182e/0x2270 [ 148.180664][ T1423] page last free pid 5989 tgid 5989 stack trace: [ 148.182660][ T1423] __free_frozen_pages+0x7d5/0x10f0 [ 148.184324][ T1423] __put_partials+0x165/0x1c0 [ 148.185827][ T1423] qlist_free_all+0x4d/0x120 [ 148.187304][ T1423] kasan_quarantine_reduce+0x195/0x1e0 [ 148.189015][ T1423] __kasan_slab_alloc+0x69/0x90 [ 148.190567][ T1423] __kmalloc_node_track_caller_noprof+0x1d3/0x510 [ 148.192655][ T1423] kmemdup_noprof+0x29/0x60 [ 148.194194][ T1423] neigh_sysctl_register+0xb2/0x670 [ 148.195922][ T1423] devinet_sysctl_register+0xb6/0x200 [ 148.197610][ T1423] inetdev_event+0x1638/0x18a0 [ 148.199137][ T1423] notifier_call_chain+0xb9/0x410 [ 148.200725][ T1423] call_netdevice_notifiers_info+0xbe/0x140 [ 148.202592][ T1423] netif_change_name+0x557/0x920 [ 148.204186][ T1423] do_setlink.constprop.0+0x3362/0x4380 [ 148.205940][ T1423] rtnl_newlink+0x1446/0x2000 [ 148.207441][ T1423] rtnetlink_rcv_msg+0x95b/0xe90 [ 148.209001][ T1423] [ 148.209769][ T1423] Memory state around the buggy address: [ 148.211528][ T1423] ffff88806b79cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 148.214034][ T1423] ffff88806b79cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 148.216554][ T1423] >ffff88806b79d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 148.219054][ T1423] ^ [ 148.220666][ T1423] ffff88806b79d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 148.223205][ T1423] ffff88806b79d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 148.225637][ T1423] ================================================================== [ 148.228115][ T1423] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 148.230366][ T1423] CPU: 2 UID: 0 PID: 1423 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) [ 148.233207][ T1423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 148.236573][ T1423] Call Trace: [ 148.237644][ T1423] [ 148.238598][ T1423] dump_stack_lvl+0x3d/0x1f0 [ 148.240091][ T1423] vpanic+0x6e8/0x7a0 [ 148.241378][ T1423] ? __pfx_vpanic+0x10/0x10 [ 148.242846][ T1423] ? tty_write_room+0x7d/0x90 [ 148.244349][ T1423] panic+0xca/0xd0 [ 148.245556][ T1423] ? __pfx_panic+0x10/0x10 [ 148.246981][ T1423] ? check_panic_on_warn+0x1f/0xb0 [ 148.248584][ T1423] check_panic_on_warn+0xab/0xb0 [ 148.250120][ T1423] end_report+0x107/0x170 [ 148.251464][ T1423] kasan_report+0xee/0x110 [ 148.252879][ T1423] ? tty_write_room+0x7d/0x90 [ 148.254376][ T1423] tty_write_room+0x7d/0x90 [ 148.255825][ T1423] handle_tx+0x14f/0x630 [ 148.257180][ T1423] dev_hard_start_xmit+0x97/0x740 [ 148.258786][ T1423] __dev_queue_xmit+0xa46/0x4490 [ 148.260350][ T1423] ? lockdep_hardirqs_on+0x7c/0x110 [ 148.262006][ T1423] ? finish_task_switch.isra.0+0x221/0xc10 [ 148.263873][ T1423] ? rcu_is_watching+0x12/0xc0 [ 148.265400][ T1423] ? __pfx___dev_queue_xmit+0x10/0x10 [ 148.267106][ T1423] ? __schedule+0x11a3/0x5de0 [ 148.268597][ T1423] ? __lock_acquire+0xb97/0x1ce0 [ 148.270175][ T1423] ? do_raw_spin_lock+0x12c/0x2b0 [ 148.271779][ T1423] ? find_held_lock+0x2b/0x80 [ 148.273288][ T1423] ? skb_dequeue+0x126/0x180 [ 148.274770][ T1423] ? find_held_lock+0x2b/0x80 [ 148.276266][ T1423] ? rcu_is_watching+0x12/0xc0 [ 148.277780][ T1423] tx+0xcc/0x190 [ 148.278940][ T1423] ? __pfx_tx+0x10/0x10 [ 148.280265][ T1423] kthread+0x1e1/0x3e0 [ 148.281574][ T1423] ? find_held_lock+0x2b/0x80 [ 148.283081][ T1423] ? __pfx_kthread+0x10/0x10 [ 148.284545][ T1423] ? __pfx_default_wake_function+0x10/0x10 [ 148.286381][ T1423] ? lockdep_hardirqs_on+0x7c/0x110 [ 148.288025][ T1423] ? __kthread_parkme+0x19e/0x250 [ 148.289620][ T1423] ? __pfx_kthread+0x10/0x10 [ 148.291096][ T1423] kthread+0x3c5/0x780 [ 148.292392][ T1423] ? __pfx_kthread+0x10/0x10 [ 148.293858][ T1423] ? rcu_is_watching+0x12/0xc0 [ 148.295414][ T1423] ? __pfx_kthread+0x10/0x10 [ 148.296889][ T1423] ret_from_fork+0x5d7/0x6f0 [ 148.298365][ T1423] ? __pfx_kthread+0x10/0x10 [ 148.299849][ T1423] ret_from_fork_asm+0x1a/0x30 [ 148.301371][ T1423] [ 148.303110][ T1423] Kernel Offset: disabled [ 148.304478][ T1423] Rebooting in 86400 seconds.. VM DIAGNOSIS: 14:55:38 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffff888055bc5000 RCX=0000000000000580 RDX=fffffbfff1bea290 RSI=fffffbfff1bea28e RDI=ffff888055bc5a80 RBP=ffffea000156f140 RSP=ffffc9002430f870 R8 =0000000000040001 R9 =0000000000000000 R10=ffffed100ab78a00 R11=dffffc0000000000 R12=0000000000002dc2 R13=ffffea000156f180 R14=0000000000000000 R15=ffffea000156f140 RIP=ffffffff8b8fc4bb RFL=00010246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880974c0000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fff1a3b5168 CR3=000000006b046000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000104080 Opmask01=0000000000000000 Opmask02=00000000bfdfdfdf Opmask03=0000000020400004 Opmask04=00000000ffffefff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff1a3bda20 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558ec6c03740 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558ec6c3a7f0 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff00000000ff 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737312 7373737373737373 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373734216000673 431e161e035c1810 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302e6364755f796d 6d75642f6364752f 302e6364755f796d 6d75642f6d726f66 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 005600051f40494c 43055c5155484005 424b4c55554c4e53 004057005b1a0f00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 069fbb6ba05af12c 0000558b9e519005 00000000000000d1 0000000000000030 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 0000558b9e2fc557 0000000000000021 0000003177617264 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 322e392d3533712d 63707276703a2939 3030322c39484349 2b35335128435064 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7261646e6174536e 703a554d45516e76 733a302e3072623a 343130322f31302f ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343064623a312b32 316f70627e322d33 2e36312e312d6e61 696265642d332e36 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000000 RBX=ffff888023f5a440 RCX=ffffc90023ea74d4 RDX=0000000000000000 RSI=ffffffff81cb33de RDI=ffff888023f5a884 RBP=ffff888023f5a440 RSP=ffffc90023ea7500 R8 =0ac0d5affe09d4ff R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=ffffffff81a676b0 R13=ffffc90023ea7630 R14=0000000000000000 R15=ffff888023f5a440 RIP=ffffffff81a03907 RFL=00000a03 [-O----C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880975c0000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000558ec6be2820 CR3=000000006755b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002000002 Opmask01=0000000000000002 Opmask02=000000007ffeffff Opmask03=0000000020400004 Opmask04=00000000ffffefff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558ec6c06500 0000558ec6c06500 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558ec6bf0ab0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558ec6c3a7f0 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f70a2bf1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff00000000ff 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737312 7373737373737373 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373734216000673 431e161e035c1810 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e69646165520073 25203a656c696620 7974706d6520676e 697070696b530065 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4245484d4952005f 090c164940454a0c 55585c41490c4b42 455c5c4547530049 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7361647c2a737369 63637c2a65686361 63627c2a6476787c 2a64767c2a64737c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 0000558b9e2fc557 0000000000000021 0000003177617264 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 322e392d3533712d 63707276703a2939 3030322c39484349 2b35335128435064 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7261646e6174536e 703a554d45516e76 733a302e3072623a 343130322f31302f ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343064623a312b32 316f70627e322d33 2e36312e312d6e61 696265642d332e36 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000000006f RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff856179f5 RDI=ffffffff9b0fc700 RBP=ffffffff9b0fc6c0 RSP=ffffc90007b3f438 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=000000000000006f R14=ffffffff9b0fc6c0 R15=ffffffff85617990 RIP=ffffffff85617a1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976c0000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7163b20 CR3=000000000e380000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000001f54a7 RBX=0000000000000003 RCX=ffffffff8b90fbf9 RDX=0000000000000000 RSI=ffffffff8de4dc69 RDI=ffffffff8c162f00 RBP=ffffed1003867000 RSP=ffffc9000048fdf8 R8 =0000000000000001 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000000 R12=0000000000000003 R13=ffff88801c338000 R14=ffffffff90ab9290 R15=0000000000000000 RIP=ffffffff8b90e75f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977c0000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000ffc14b54 CR3=000000006772f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000104080 Opmask01=0000000000000000 Opmask02=000000000101001f Opmask03=0000000020400004 Opmask04=00000000ffffefff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558ec6c3ad00 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558ec6bd7320 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f70a2bf1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff00000000ff 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737312 7373737373737373 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373734216000673 431e161e035c1810 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6d2f33647261632f 646e756f732f302e 303a312d352f312d 352f356273752f30 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 33726578696d2f33 647261632f646e75 6f732f302e303a31 2d352f312d352f35 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6273752f302e6463 685f796d6d75642f 6d726f6674616c70 2f73656369766564 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 0000558b9e2fc557 0000000000000021 0000003177617264 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 322e392d3533712d 63707276703a2939 3030322c39484349 2b35335128435064 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7261646e6174536e 703a554d45516e76 733a302e3072623a 343130322f31302f ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343064623a312b32 316f70627e322d33 2e36312e312d6e61 696265642d332e36 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000