last executing test programs: 5.245694814s ago: executing program 2 (id=351): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b685b431c70ea948259c4c869b4fc8db714e"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r1) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300042e010203010902"], 0x0) ioctl$EVIOCRMFF(r1, 0x550c, 0x0) syz_usb_control_io$uac1(r2, 0x0, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) add_key$fscrypt_provisioning(&(0x7f0000000080), &(0x7f00000002c0)={'syz', 0x0}, &(0x7f0000000200)={0x1, 0x0, @auto=[0x22, 0x1e]}, 0xa, r0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', r4, 0x0, 0x1}, 0x18) r5 = syz_open_dev$ttys(0xc, 0x2, 0x1) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000240)='contention_end\x00', r6}, 0x18) ioctl$TIOCSWINSZ(r5, 0x5414, &(0x7f0000000100)={0x40, 0x0, 0xfe, 0x60fa}) r7 = syz_open_dev$radio(&(0x7f0000002100), 0x2, 0x2) readv(r7, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000300)=""/61, 0x3d}], 0x2) sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x8}}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) getsockopt(0xffffffffffffffff, 0x1, 0xb, 0x0, &(0x7f00000024c0)) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x27) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0xca000, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0) syz_emit_ethernet(0x52, &(0x7f00000007c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x1c, 0x2c, 0x0, @remote, @local, {[@routing={0x0, 0x0, 0x0, 0xe}], {{0x8000, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r11, 0x4004ae99, &(0x7f00000001c0)=0x3) 4.536772116s ago: executing program 3 (id=356): r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)) r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000180)={0x53, 0x0, 0x6, 0xa, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000280)="1201b2048020", 0x0, 0x0, 0x4, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) syz_io_uring_submit(r0, 0x0, 0x0) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_io_uring_setup(0x8eb, 0x0, &(0x7f0000000080), 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000100000000100000002000000000000002100000e00000000000956848400"], 0x0, 0x2a}, 0x20) r4 = syz_io_uring_setup(0x88f, &(0x7f0000000400)={0x0, 0xf82e, 0x40, 0x3, 0xffdffffd}, &(0x7f00000004c0)=0x0, &(0x7f0000000340)=0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000580)=ANY=[@ANYRES16], 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x0) r8 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r8, 0x0, 0x61, &(0x7f0000000240)={'filter\x00', 0x4}, 0x64) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, &(0x7f0000000540)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x81}}) io_uring_enter(r4, 0x47f6, 0xffffffff, 0xf, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000480)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x39}, 0x94) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, r9) sendmsg$DEVLINK_CMD_RATE_NEW(r9, 0x0, 0x0) 4.408130728s ago: executing program 3 (id=357): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000040)=@id, 0x10) r1 = socket$pptp(0x18, 0x1, 0x2) clock_gettime(0x0, &(0x7f0000000fc0)={0x0, 0x0}) recvmmsg(r1, &(0x7f0000000640)=[{{&(0x7f0000000080)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)=""/231, 0xe7}, {&(0x7f0000000300)=""/248, 0xf8}, {&(0x7f0000000200)=""/178, 0xb2}, {&(0x7f0000000500)=""/153, 0x99}, {&(0x7f00000005c0)=""/90, 0x5a}, {&(0x7f0000001040)=""/4096, 0x1000}, {&(0x7f0000000880)=""/172, 0xac}], 0x7, &(0x7f0000000940)=""/146, 0x92}, 0x6}, {{&(0x7f0000000a00)=@pppol2tpin6, 0x80, &(0x7f0000000400)=[{&(0x7f0000000a80)=""/233, 0xe9}, {&(0x7f0000000b80)=""/249, 0xf9}, {&(0x7f0000000c80)=""/225, 0xe1}, {&(0x7f0000000d80)=""/94, 0x5e}, {&(0x7f0000000e00)=""/179, 0xb3}], 0x5, &(0x7f0000000ec0)=""/226, 0xe2}, 0x5}], 0x2, 0x20, &(0x7f0000002040)={r2, r3+10000000}) recvmmsg(r0, &(0x7f0000000840)=[{{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000440)=""/159, 0x9f}], 0x1, &(0x7f0000000680)=""/229, 0xe5}, 0x3}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000780)=""/155, 0x9b}], 0x1}, 0x6}], 0x2, 0x10041, 0x0) shutdown(r0, 0x2) 4.350576625s ago: executing program 3 (id=359): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x71, &(0x7f0000000140)=ANY=[], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x2}) socket$kcm(0x2, 0xa, 0x2) write$tun(r5, &(0x7f00000000c0)=ANY=[], 0x10da) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x1c, 0x0, 0x0, 0xb46, 0x9, 0x8, 0x9, 0x3}, 0x0) inotify_init() syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000005280)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @private0, 0xfffffffc}, 0x1c, 0x0}}], 0x1, 0x44) r6 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r6, &(0x7f0000000000)={0xa, 0x0, 0xffffffff, @empty, 0x0, 0x3}, 0x20) connect$l2tp6(r6, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) sendmmsg$inet6(r6, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$inet6_int(r0, 0x29, 0x34, &(0x7f0000000080)=0x401, 0x4) r7 = getpid() prlimit64(r7, 0x1, 0x0, &(0x7f0000000140)) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0xa25, @local, 0x51ca05e6}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r8, 0x0, r9, 0x0, 0xf3a, 0x0) 3.631225065s ago: executing program 2 (id=362): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x20000007, 0x2) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg(r2, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) syz_open_dev$usbmon(&(0x7f0000000080), 0x7ff, 0x58b400) bind$rxrpc(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) r3 = epoll_create1(0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000100)={0xa000000d}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r6, &(0x7f0000000080)={0xc, 0x8, 0x144, {0x0}}, 0x10) symlinkat(&(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00') syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000140)={0x1000009, 0x4000}) ppoll(&(0x7f0000000080)=[{r0, 0x2046}], 0x1, 0x0, 0x0, 0x0) 3.536426792s ago: executing program 0 (id=363): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) close(r1) socket$inet_tcp(0x2, 0x1, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1}, 0x6e) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r2 = syz_io_uring_setup(0x1458, &(0x7f00000003c0)={0x0, 0x4, 0x10180, 0x2000, 0x3ae}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x37aea8e708e70634) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) close(0xffffffffffffffff) r6 = socket$vsock_stream(0x28, 0x1, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) setsockopt$packet_fanout(r6, 0x107, 0x12, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x6a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2040, 0x1}) io_uring_enter(r2, 0x2d3e, 0xfffffffd, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r5, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0}, 0x14008000) socket$netlink(0x10, 0x3, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r7, 0x8983, &(0x7f0000000140)={0x8, 'veth0_vlan\x00', {'pimreg0\x00'}, 0x10}) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) 3.300952425s ago: executing program 1 (id=364): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a45320, &(0x7f00000000c0)={{0x80}, 'port0\x00', 0x3eb, 0x21e2f, 0x3, 0x0, 0x0, 0xc, 0x400, 0x0, 0x9}) openat$sequencer2(0xffffff9c, &(0x7f0000000280), 0x4011, 0x0) readv(r0, &(0x7f0000000400)=[{&(0x7f0000000000)=""/52, 0x34}], 0x1) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000000), 0x4) 3.299769221s ago: executing program 1 (id=365): r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)) r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000180)={0x53, 0x0, 0x6, 0xa, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000280)="1201b2048020", 0x0, 0x0, 0x4, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) syz_io_uring_submit(r0, 0x0, 0x0) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_io_uring_setup(0x8eb, 0x0, &(0x7f0000000080), 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000100000000100000002000000000000002100000e00000000000956848400"], 0x0, 0x2a}, 0x20) r4 = syz_io_uring_setup(0x88f, &(0x7f0000000400)={0x0, 0xf82e, 0x40, 0x3, 0xffdffffd}, &(0x7f00000004c0)=0x0, &(0x7f0000000340)=0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000580)=ANY=[@ANYRES16], 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x0) r8 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r8, 0x0, 0x61, &(0x7f0000000240)={'filter\x00', 0x4}, 0x64) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, &(0x7f0000000540)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x81}}) io_uring_enter(r4, 0x47f6, 0xffffffff, 0xf, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000480)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x39}, 0x94) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, r9) sendmsg$DEVLINK_CMD_RATE_NEW(r9, 0x0, 0x0) 3.171183403s ago: executing program 1 (id=366): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x20000007, 0x2) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg(r2, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) syz_open_dev$usbmon(&(0x7f0000000080), 0x7ff, 0x58b400) bind$rxrpc(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) r3 = epoll_create1(0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r6, &(0x7f0000000080)={0xc, 0x8, 0x144, {0x0}}, 0x10) write$binfmt_script(0xffffffffffffffff, 0x0, 0x1) symlinkat(&(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00') syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000140)={0x1000009, 0x4000}) ppoll(&(0x7f0000000080)=[{r0, 0x2046}], 0x1, 0x0, 0x0, 0x0) 2.948142917s ago: executing program 0 (id=367): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(blowfish))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x48582, 0x0) syz_open_dev$vim2m(0x0, 0x6, 0x2) syz_init_net_socket$netrom(0x6, 0x5, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000000140)={0xfffffffd, {{0xa, 0x4e22, 0xa, @dev={0xfe, 0x80, '\x00', 0x17}, 0x9}}}, 0x84) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e22, 0xfd9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) sendmmsg$inet6(r1, 0x0, 0x0, 0x400ca870) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xa8) mount$9p_virtio(&(0x7f0000000180), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x40, &(0x7f0000000440)=ANY=[@ANYBLOB="78224fc427ed619f319b73733d616e792c63616368653d66736361636865"]) chdir(&(0x7f0000000100)='./file0\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x4000) write$vhost_msg_v2(r3, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x2, 0x1}}, 0x48) ioctl$FIONREAD(r3, 0x541b, &(0x7f0000001140)) mmap(&(0x7f0000a7a000/0x4000)=nil, 0x4000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000fc5000/0x1000)=nil, 0x1000, 0x2000005, 0x100010, r2, 0xffffc000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42) 2.750926612s ago: executing program 2 (id=368): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x3081, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x80, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x87}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$tipc(r7, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@newlink={0x34, 0x10, 0x801, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x8028}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x5b4efbb362ec214f}, 0x7000000) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r9, 0x4068aea3, &(0x7f0000000100)={0xbc, 0x0, 0x4}) 2.280673004s ago: executing program 1 (id=369): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x20000007, 0x2) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) syz_open_dev$usbmon(&(0x7f0000000080), 0x7ff, 0x58b400) bind$rxrpc(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0xa000000d}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r4, &(0x7f0000000080)={0xc, 0x8, 0x144, {0x0}}, 0x10) symlinkat(&(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00') syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000140)={0x1000009, 0x4000}) ppoll(&(0x7f0000000080)=[{r0, 0x2046}], 0x1, 0x0, 0x0, 0x0) 2.108850079s ago: executing program 0 (id=370): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x20000007, 0x2) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg(r2, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) syz_open_dev$usbmon(&(0x7f0000000080), 0x7ff, 0x58b400) bind$rxrpc(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r3 = epoll_create1(0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000100)={0xa000000d}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r6, &(0x7f0000000080)={0xc, 0x8, 0x144, {0x0}}, 0x10) write$binfmt_script(0xffffffffffffffff, 0x0, 0x1) symlinkat(&(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00') syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000140)={0x1000009, 0x4000}) ppoll(&(0x7f0000000080)=[{r0, 0x2046}], 0x1, 0x0, 0x0, 0x0) 2.108019501s ago: executing program 1 (id=371): bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x14, 0x4, 0x4, 0x8, 0x1014}, 0x50) pipe2$9p(0x0, 0x9633f182736682ca) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)={0x50, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0xfffc}, [@IPSET_ATTR_ADT={0x3c, 0x8, 0x0, 0x1, [{0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @dev={0xfe, 0x80, '\x00', 0x43}}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PROTO={0x5, 0x7, 0x6}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x10004082}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0) recvmmsg(r4, &(0x7f0000004040)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x20, 0x0) io_uring_setup(0x652, &(0x7f0000000600)={0x0, 0x1, 0x40}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) socket$kcm(0x2, 0x200000000000001, 0x106) r5 = openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) writev(r5, &(0x7f0000000340)=[{&(0x7f0000000300)='0', 0x1}], 0x1) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x2}, 0x8) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) 1.761072569s ago: executing program 2 (id=372): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r0, 0x6, 0x9, 0x0, 0x37) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x6}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = io_uring_setup(0x5b42, &(0x7f0000000640)={0x0, 0xfffffffe, 0x800, 0x103fc, 0x159}) r5 = socket$rds(0x15, 0x5, 0x0) bind$rds(r5, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x2b) sendmsg$rds(r5, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="0000050000000000000000001000"/29, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000004000000000000000c000000b707000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000019060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) close_range(r4, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, 0x0}, 0x94) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000400)={{0x40, 0x3}, 0x0, 0x4, 0x88, {}, 0x0, 0xffff}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) 1.291094958s ago: executing program 3 (id=373): pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWSETELEM={0x14, 0xc, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}}, @NFT_MSG_NEWFLOWTABLE={0x30, 0x16, 0xa, 0x801, 0x0, 0x0, {0x3}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x6c}, 0x1, 0x0, 0x0, 0x8000}, 0x804) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0) r7 = openat$binfmt(0xffffff9c, 0x0, 0x41, 0x1ff) write$binfmt_misc(r7, &(0x7f0000000140)="3131f88dbb7a69230f975873a592d41a5ef0324d26c63831516b150525e1446eb7fea49cb710d7771629d3374c4b62479e9186b3380b51978829d201c9392fddde664d6feba625052a89d4525e4506be312b854ba8d1859ea97b8926ab9b9f8d7e0490bc", 0x64) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 1.169148678s ago: executing program 0 (id=374): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) syz_open_dev$MSR(&(0x7f0000000040), 0x80000001, 0x0) madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x16) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000001000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) set_mempolicy(0x4005, &(0x7f0000000080)=0x3, 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x200000a, 0x4c831, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r2, 0x40046f41, 0x20000502) r3 = open(&(0x7f0000000200)='./bus\x00', 0x1612c2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r3, r4, 0x0, 0x200) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(r1, 0xc018aa06, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f00006a8000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000fe4000/0x1000)=nil) 1.100255749s ago: executing program 0 (id=375): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) close(r1) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000000180)=@file={0x1}, 0x6e) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r3 = syz_io_uring_setup(0x1458, &(0x7f00000003c0)={0x0, 0x4, 0x10180, 0x2000, 0x3ae}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x37aea8e708e70634) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) close(0xffffffffffffffff) r7 = socket$vsock_stream(0x28, 0x1, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118) setsockopt$packet_fanout(r7, 0x107, 0x12, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x6a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2040, 0x1}) io_uring_enter(r3, 0x2d3e, 0xfffffffd, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r6, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0}, 0x14008000) socket$netlink(0x10, 0x3, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r8, 0x8983, &(0x7f0000000140)={0x8, 'veth0_vlan\x00', {'pimreg0\x00'}, 0x10}) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) 861.122421ms ago: executing program 2 (id=376): socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000003a00060028bd7000fcdbdf250a38d737896a206d7e09000000"], 0x14}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) pipe(0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) select(0x40, &(0x7f00000000c0)={0x6, 0x100000001, 0x800000000000000, 0x3, 0xfa, 0x8b0, 0xb9}, &(0x7f0000000200)={0x2, 0x10001, 0x100000000, 0x9, 0x6, 0x2a11, 0xff, 0x9}, &(0x7f0000000240)={0x4, 0x3ff, 0x2000000000000005, 0x2, 0xd77, 0x3ff, 0x0, 0x80000001}, &(0x7f0000000280)) socketpair$unix(0x1, 0x2, 0x0, 0x0) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xf7fffffb}) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000002c0)=ANY=[@ANYBLOB="b40600180000000073114200000000008510000002000000b7000000000000009500c20000000000950000120000001954663e"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc4, &(0x7f00000005c0)=""/196, 0x0, 0x58, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x400}, 0xffffffffffffffc0) r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r3, 0x5412, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) syz_io_uring_setup(0x3b0e, &(0x7f0000000300)={0x0, 0x40ac, 0x8, 0x2, 0x3b}, 0x0, &(0x7f0000000580)) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_PIT2(r6, 0x4040ae77, &(0x7f0000000040)={0x1}) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_PIT(r6, 0x8048ae66, &(0x7f0000000080)={[{0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff, 0x0, 0x0, 0x3, 0x2, 0x0, 0x2000}, {0x0, 0xfff7, 0x0, 0x5, 0x0, 0x0, 0xfd, 0xd, 0x80, 0x0, 0x0, 0x0, 0x1}, {0x20000, 0x204, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfd, 0x1, 0x4}]}) socket(0x0, 0xa, 0x1000) 565.651082ms ago: executing program 0 (id=377): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x20000007, 0x2) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg(r2, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) syz_open_dev$usbmon(&(0x7f0000000080), 0x7ff, 0x58b400) bind$rxrpc(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) r3 = epoll_create1(0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r6, &(0x7f0000000080)={0xc, 0x8, 0x144, {0x0}}, 0x10) write$binfmt_script(0xffffffffffffffff, 0x0, 0x1) symlinkat(&(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00') syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000140)={0x1000009, 0x4000}) ppoll(&(0x7f0000000080)=[{r0, 0x2046}], 0x1, 0x0, 0x0, 0x0) 556.606851ms ago: executing program 2 (id=378): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x20000007, 0x2) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg(r2, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) syz_open_dev$usbmon(&(0x7f0000000080), 0x7ff, 0x58b400) bind$rxrpc(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r3 = epoll_create1(0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000100)={0xa000000d}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r6, &(0x7f0000000080)={0xc, 0x8, 0x144, {0x0}}, 0x10) write$binfmt_script(0xffffffffffffffff, 0x0, 0x1) symlinkat(&(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00') syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000140)={0x1000009, 0x4000}) ppoll(&(0x7f0000000080)=[{r0, 0x2046}], 0x1, 0x0, 0x0, 0x0) 421.179112ms ago: executing program 3 (id=379): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x20000007, 0x2) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) syz_open_dev$usbmon(&(0x7f0000000080), 0x7ff, 0x58b400) bind$rxrpc(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0xa000000d}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r4, &(0x7f0000000080)={0xc, 0x8, 0x144, {0x0}}, 0x10) symlinkat(&(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00') syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000140)={0x1000009, 0x4000}) ppoll(&(0x7f0000000080)=[{r0, 0x2046}], 0x1, 0x0, 0x0, 0x0) 351.020209ms ago: executing program 3 (id=380): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x3081, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x80, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x87}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$tipc(r7, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@newlink={0x34, 0x10, 0x801, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x8028}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x5b4efbb362ec214f}, 0x7000000) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r9, 0x4068aea3, &(0x7f0000000100)={0xbc, 0x0, 0x4}) 0s ago: executing program 1 (id=381): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x3081, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x80, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x87}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$tipc(r7, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@newlink={0x34, 0x10, 0x801, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x8028}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x5b4efbb362ec214f}, 0x7000000) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r9, 0x4068aea3, &(0x7f0000000100)={0xbc, 0x0, 0x4}) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:26497' (ED25519) to the list of known hosts. [ 40.836921][ T5879] cgroup: Unknown subsys name 'net' [ 40.977210][ T5879] cgroup: Unknown subsys name 'cpuset' [ 40.982061][ T5879] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.018470][ T5879] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.606710][ T5321] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.615399][ T5968] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.615776][ T5963] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.617832][ T5968] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.620273][ T5963] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.624881][ T5968] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.625236][ T5968] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.628074][ T5963] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.631281][ T5968] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.632713][ T5963] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.638138][ T5963] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.640538][ T5963] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.641323][ T5969] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.644304][ T5968] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.649321][ T5968] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.653152][ T5965] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.655729][ T5972] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.659067][ T5965] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.667143][ T5972] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.669905][ T5972] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.953833][ T5966] chnl_net:caif_netlink_parms(): no params data found [ 45.992905][ T5962] chnl_net:caif_netlink_parms(): no params data found [ 46.049143][ T5957] chnl_net:caif_netlink_parms(): no params data found [ 46.079107][ T5970] chnl_net:caif_netlink_parms(): no params data found [ 46.133218][ T5966] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.136813][ T5966] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.140061][ T5966] bridge_slave_0: entered allmulticast mode [ 46.143777][ T5966] bridge_slave_0: entered promiscuous mode [ 46.196822][ T5966] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.199103][ T5966] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.201344][ T5966] bridge_slave_1: entered allmulticast mode [ 46.203954][ T5966] bridge_slave_1: entered promiscuous mode [ 46.250519][ T5962] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.252866][ T5962] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.255657][ T5962] bridge_slave_0: entered allmulticast mode [ 46.258954][ T5962] bridge_slave_0: entered promiscuous mode [ 46.307048][ T5962] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.309286][ T5962] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.311526][ T5962] bridge_slave_1: entered allmulticast mode [ 46.314163][ T5962] bridge_slave_1: entered promiscuous mode [ 46.318021][ T5966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.373835][ T5966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.457591][ T5966] team0: Port device team_slave_0 added [ 46.460872][ T5962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.465505][ T5966] team0: Port device team_slave_1 added [ 46.467641][ T5957] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.469838][ T5957] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.472052][ T5957] bridge_slave_0: entered allmulticast mode [ 46.474735][ T5957] bridge_slave_0: entered promiscuous mode [ 46.477956][ T5957] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.480175][ T5957] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.482413][ T5957] bridge_slave_1: entered allmulticast mode [ 46.485167][ T5957] bridge_slave_1: entered promiscuous mode [ 46.487645][ T5970] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.489839][ T5970] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.492045][ T5970] bridge_slave_0: entered allmulticast mode [ 46.494882][ T5970] bridge_slave_0: entered promiscuous mode [ 46.498659][ T5962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.542500][ T5970] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.545027][ T5970] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.547306][ T5970] bridge_slave_1: entered allmulticast mode [ 46.549895][ T5970] bridge_slave_1: entered promiscuous mode [ 46.568218][ T5966] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.570363][ T5966] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.578942][ T5966] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.647308][ T5966] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.649443][ T5966] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.657360][ T5966] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.662170][ T5957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.667107][ T5957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.671576][ T5970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.677324][ T5962] team0: Port device team_slave_0 added [ 46.699785][ T5970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.704070][ T5962] team0: Port device team_slave_1 added [ 46.782000][ T5962] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.784303][ T5962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.794562][ T5962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.803045][ T5957] team0: Port device team_slave_0 added [ 46.806502][ T5957] team0: Port device team_slave_1 added [ 46.829022][ T5970] team0: Port device team_slave_0 added [ 46.831483][ T5962] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.833684][ T5962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.841721][ T5962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.875053][ T5970] team0: Port device team_slave_1 added [ 46.894015][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.896282][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.904074][ T5957] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.910686][ T5966] hsr_slave_0: entered promiscuous mode [ 46.912960][ T5966] hsr_slave_1: entered promiscuous mode [ 46.931049][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.933768][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.942776][ T5957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.005664][ T5970] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.007856][ T5970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.016511][ T5970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.048565][ T5962] hsr_slave_0: entered promiscuous mode [ 47.051229][ T5962] hsr_slave_1: entered promiscuous mode [ 47.053295][ T5962] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.058287][ T5962] Cannot create hsr debugfs directory [ 47.062198][ T5970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.064982][ T5970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.074963][ T5970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.139569][ T5957] hsr_slave_0: entered promiscuous mode [ 47.142047][ T5957] hsr_slave_1: entered promiscuous mode [ 47.144212][ T5957] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.146825][ T5957] Cannot create hsr debugfs directory [ 47.224597][ T5970] hsr_slave_0: entered promiscuous mode [ 47.226822][ T5970] hsr_slave_1: entered promiscuous mode [ 47.228856][ T5970] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.231240][ T5970] Cannot create hsr debugfs directory [ 47.529526][ T5966] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.539920][ T5966] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.546224][ T5966] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 47.556594][ T5966] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.590573][ T5962] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.595799][ T5962] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.600417][ T5962] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.606679][ T5962] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.650728][ T5970] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 47.655228][ T5970] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 47.665951][ T5959] Bluetooth: hci2: command tx timeout [ 47.665959][ T5972] Bluetooth: hci3: command tx timeout [ 47.671056][ T5970] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 47.674596][ T5959] Bluetooth: hci0: command tx timeout [ 47.678178][ T5970] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 47.743160][ T5957] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.744654][ T5959] Bluetooth: hci1: command tx timeout [ 47.753076][ T5957] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.757881][ T5957] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.764380][ T5966] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.772030][ T5957] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.801625][ T5962] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.807449][ T5966] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.828247][ T1246] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.831407][ T1246] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.840070][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.842398][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.859526][ T5962] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.885690][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.888274][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.900523][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.903273][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.913169][ T5970] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.937460][ T5970] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.942862][ T1246] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.945211][ T1246] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.971325][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.973577][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.987750][ T5957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.998885][ T5962] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 48.026397][ T5957] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.041612][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.043846][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.049677][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.052716][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.065987][ T5970] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 48.096439][ T5966] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.138055][ T5962] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.149460][ T5966] veth0_vlan: entered promiscuous mode [ 48.159775][ T5966] veth1_vlan: entered promiscuous mode [ 48.186459][ T5970] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.188792][ T5962] veth0_vlan: entered promiscuous mode [ 48.201657][ T5966] veth0_macvtap: entered promiscuous mode [ 48.209423][ T5966] veth1_macvtap: entered promiscuous mode [ 48.212943][ T5962] veth1_vlan: entered promiscuous mode [ 48.245625][ T5966] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.257688][ T5966] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.270327][ T5957] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.273956][ T5966] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.277119][ T5966] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.279821][ T5966] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.282456][ T5966] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.291134][ T5962] veth0_macvtap: entered promiscuous mode [ 48.308018][ T5970] veth0_vlan: entered promiscuous mode [ 48.310279][ T5962] veth1_macvtap: entered promiscuous mode [ 48.319410][ T5970] veth1_vlan: entered promiscuous mode [ 48.347613][ T5962] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.359648][ T5962] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.362754][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.363898][ T5962] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.365547][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.368112][ T5962] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.373293][ T5962] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.376502][ T5962] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.409592][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.411095][ T5957] veth0_vlan: entered promiscuous mode [ 48.412176][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.418601][ T5970] veth0_macvtap: entered promiscuous mode [ 48.429342][ T5970] veth1_macvtap: entered promiscuous mode [ 48.439057][ T5957] veth1_vlan: entered promiscuous mode [ 48.447314][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.448802][ T5966] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.449701][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.469320][ T1246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.471915][ T1246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.479967][ T5970] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.485575][ T5957] veth0_macvtap: entered promiscuous mode [ 48.491059][ T5970] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.496942][ T5970] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.499675][ T5970] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.502542][ T5970] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.505388][ T5970] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.509980][ T5957] veth1_macvtap: entered promiscuous mode [ 48.538884][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.552638][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.561894][ T5957] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.567076][ T5957] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.569951][ T5957] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.572760][ T5957] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.582154][ T6048] warning: `syz.2.3' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 48.594040][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.601900][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.628326][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.630801][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.650774][ T1246] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.659087][ T1246] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.675726][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.678128][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.034602][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.034745][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.034761][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.034775][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.034788][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.034802][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.034816][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.034830][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.034843][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.034857][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.116011][ T40] audit: type=1326 audit(1752953005.718:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6054 comm="syz.0.1" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000 [ 49.126216][ T40] audit: type=1326 audit(1752953005.718:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6054 comm="syz.0.1" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000 [ 49.133751][ T40] audit: type=1326 audit(1752953005.728:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6054 comm="syz.0.1" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f65579 code=0x7ffc0000 [ 49.135647][ T6060] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1'. [ 49.146608][ T40] audit: type=1326 audit(1752953005.728:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6054 comm="syz.0.1" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000 [ 49.158929][ T40] audit: type=1326 audit(1752953005.728:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6054 comm="syz.0.1" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000 [ 49.198114][ T40] audit: type=1326 audit(1752953005.728:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6054 comm="syz.0.1" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f65579 code=0x7ffc0000 [ 49.206054][ T40] audit: type=1326 audit(1752953005.728:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6054 comm="syz.0.1" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000 [ 49.214489][ T40] audit: type=1326 audit(1752953005.728:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6054 comm="syz.0.1" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f65579 code=0x7ffc0000 [ 49.222845][ T40] audit: type=1326 audit(1752953005.728:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6054 comm="syz.0.1" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000 [ 49.231052][ T40] audit: type=1326 audit(1752953005.728:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6054 comm="syz.0.1" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000 [ 49.754566][ T5959] Bluetooth: hci2: command tx timeout [ 49.756445][ T5959] Bluetooth: hci0: command tx timeout [ 49.758212][ T5959] Bluetooth: hci3: command tx timeout [ 49.834642][ T5959] Bluetooth: hci1: command tx timeout [ 49.870184][ T6065] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.872959][ T6065] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.953278][ T6068] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 49.956413][ T6065] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 49.965755][ T6065] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 50.037230][ T6065] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.040031][ T6065] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.042781][ T6065] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.046062][ T6065] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.252042][ T6082] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 50.643687][ T6098] netlink: 40 bytes leftover after parsing attributes in process `syz.1.13'. [ 51.824955][ T5959] Bluetooth: hci3: command tx timeout [ 51.825017][ T5972] Bluetooth: hci2: command tx timeout [ 51.827664][ T5965] Bluetooth: hci0: command tx timeout [ 51.904531][ T5965] Bluetooth: hci1: command tx timeout [ 53.906173][ T5959] Bluetooth: hci3: command tx timeout [ 53.906210][ T5972] Bluetooth: hci2: command tx timeout [ 53.912124][ T6143] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.914665][ T6143] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.947959][ T5965] Bluetooth: hci0: command tx timeout [ 53.985511][ T5959] Bluetooth: hci1: command tx timeout [ 54.008227][ T6143] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 54.013960][ T6143] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 54.053576][ T6143] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.056736][ T6143] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.059456][ T6143] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.062167][ T6143] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.177105][ T6152] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 54.882226][ T6173] netlink: 4 bytes leftover after parsing attributes in process `syz.2.27'. [ 55.043140][ T40] kauditd_printk_skb: 64 callbacks suppressed [ 55.043152][ T40] audit: type=1326 audit(1752953011.638:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6175 comm="syz.2.28" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 55.063924][ T40] audit: type=1326 audit(1752953011.658:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6175 comm="syz.2.28" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 55.068303][ T6178] netlink: 40 bytes leftover after parsing attributes in process `syz.2.28'. [ 55.070509][ T40] audit: type=1326 audit(1752953011.658:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6175 comm="syz.2.28" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 55.082032][ T40] audit: type=1326 audit(1752953011.658:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6175 comm="syz.2.28" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 55.090076][ T40] audit: type=1326 audit(1752953011.658:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6175 comm="syz.2.28" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 55.098922][ T40] audit: type=1326 audit(1752953011.658:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6175 comm="syz.2.28" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 55.111937][ T40] audit: type=1326 audit(1752953011.658:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6175 comm="syz.2.28" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 55.121718][ T40] audit: type=1326 audit(1752953011.658:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6175 comm="syz.2.28" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 55.129855][ T40] audit: type=1326 audit(1752953011.658:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6175 comm="syz.2.28" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 55.138163][ T40] audit: type=1326 audit(1752953011.658:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6175 comm="syz.2.28" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 55.357727][ T6186] netlink: 40 bytes leftover after parsing attributes in process `syz.0.29'. [ 56.283537][ T6203] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 56.491227][ T6211] netlink: 40 bytes leftover after parsing attributes in process `syz.3.35'. [ 56.504481][ T60] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 56.668302][ T60] usb 7-1: Using ep0 maxpacket: 8 [ 56.681474][ T60] usb 7-1: config index 0 descriptor too short (expected 3783, got 18) [ 56.687371][ T60] usb 7-1: config 72 has too many interfaces: 169, using maximum allowed: 32 [ 56.691340][ T60] usb 7-1: config 72 has an invalid descriptor of length 134, skipping remainder of the config [ 56.696275][ T60] usb 7-1: config 72 has 0 interfaces, different from the descriptor's value: 169 [ 56.703348][ T60] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 56.712238][ T60] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.747121][ T60] usb 7-1: Product: syz [ 56.748467][ T60] usb 7-1: Manufacturer: syz [ 56.749926][ T60] usb 7-1: SerialNumber: syz [ 57.109631][ T6225] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.112508][ T6225] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.192610][ T6225] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 57.199329][ T6225] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 57.240496][ T6225] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.243354][ T6225] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.246551][ T6225] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.249683][ T6225] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.263055][ T60] usb 7-1: USB disconnect, device number 2 [ 57.803012][ T6242] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 58.340021][ T6255] fuse: Unknown parameter 'group_i00000000000000000000' [ 58.579904][ T6262] ======================================================= [ 58.579904][ T6262] WARNING: The mand mount option has been deprecated and [ 58.579904][ T6262] and is ignored by this kernel. Remove the mand [ 58.579904][ T6262] option from the mount to silence this warning. [ 58.579904][ T6262] ======================================================= [ 58.613158][ T6262] netfs: Couldn't get user pages (rc=-14) [ 59.814981][ T60] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 59.964513][ T60] usb 8-1: Using ep0 maxpacket: 8 [ 59.975203][ T60] usb 8-1: config index 0 descriptor too short (expected 3783, got 18) [ 59.978469][ T60] usb 8-1: config 72 has too many interfaces: 169, using maximum allowed: 32 [ 59.981232][ T60] usb 8-1: config 72 has an invalid descriptor of length 134, skipping remainder of the config [ 59.992349][ T60] usb 8-1: config 72 has 0 interfaces, different from the descriptor's value: 169 [ 59.997874][ T60] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 60.000796][ T60] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.003537][ T60] usb 8-1: Product: syz [ 60.005487][ T60] usb 8-1: Manufacturer: syz [ 60.007064][ T60] usb 8-1: SerialNumber: syz [ 60.285987][ T60] usb 8-1: USB disconnect, device number 2 [ 60.912696][ T6301] block device autoloading is deprecated and will be removed. [ 61.315054][ T6311] netlink: 40 bytes leftover after parsing attributes in process `syz.1.57'. [ 61.354704][ T40] kauditd_printk_skb: 60 callbacks suppressed [ 61.354722][ T40] audit: type=1326 audit(1752953017.928:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.57" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 61.417874][ T40] audit: type=1326 audit(1752953017.928:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.57" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 61.429910][ T40] audit: type=1326 audit(1752953017.968:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.57" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 61.440103][ T40] audit: type=1326 audit(1752953017.968:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.57" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 61.450155][ T40] audit: type=1326 audit(1752953017.968:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.57" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 61.458491][ T40] audit: type=1326 audit(1752953017.968:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.57" exe="/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 61.465581][ T40] audit: type=1326 audit(1752953017.968:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.57" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 61.474571][ T40] audit: type=1326 audit(1752953017.968:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.57" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 61.484577][ T40] audit: type=1326 audit(1752953017.968:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.57" exe="/syz-executor" sig=0 arch=40000003 syscall=228 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 61.520357][ T40] audit: type=1326 audit(1752953017.968:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.57" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 62.908252][ T6346] netlink: 40 bytes leftover after parsing attributes in process `syz.2.64'. [ 63.482183][ T6356] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 64.294478][ T60] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 64.464491][ T60] usb 5-1: Using ep0 maxpacket: 8 [ 64.468460][ T60] usb 5-1: config index 0 descriptor too short (expected 3783, got 18) [ 64.471704][ T60] usb 5-1: config 72 has too many interfaces: 169, using maximum allowed: 32 [ 64.475123][ T60] usb 5-1: config 72 has an invalid descriptor of length 134, skipping remainder of the config [ 64.478836][ T60] usb 5-1: config 72 has 0 interfaces, different from the descriptor's value: 169 [ 64.484791][ T60] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 64.488278][ T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 64.491329][ T60] usb 5-1: Product: syz [ 64.492854][ T60] usb 5-1: Manufacturer: syz [ 64.495025][ T5958] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 64.498408][ T60] usb 5-1: SerialNumber: syz [ 64.986955][ T60] usb 5-1: USB disconnect, device number 2 [ 65.549420][ T6410] process 'syz.0.76' launched './file2' with NULL argv: empty string added [ 65.563251][ T6410] netlink: 44 bytes leftover after parsing attributes in process `syz.0.76'. [ 65.608071][ T6412] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 65.897310][ T6421] block device autoloading is deprecated and will be removed. [ 65.918335][ T6418] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 65.946626][ T6420] netlink: 24 bytes leftover after parsing attributes in process `syz.2.79'. [ 70.787808][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.790009][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.988400][ T40] kauditd_printk_skb: 62 callbacks suppressed [ 77.988410][ T40] audit: type=1326 audit(1752953034.588:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6440 comm="syz.2.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 78.077087][ T40] audit: type=1326 audit(1752953034.588:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6440 comm="syz.2.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 78.083578][ T40] audit: type=1326 audit(1752953034.598:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6440 comm="syz.2.82" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 78.092096][ T40] audit: type=1326 audit(1752953034.598:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6440 comm="syz.2.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 78.102099][ T40] audit: type=1326 audit(1752953034.598:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6440 comm="syz.2.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 78.318516][ T40] audit: type=1326 audit(1752953034.678:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6440 comm="syz.2.82" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 78.325075][ T40] audit: type=1326 audit(1752953034.678:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6440 comm="syz.2.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 78.331513][ T40] audit: type=1326 audit(1752953034.678:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6440 comm="syz.2.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 78.408137][ T40] audit: type=1326 audit(1752953035.008:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6440 comm="syz.2.82" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 78.418761][ T40] audit: type=1326 audit(1752953035.008:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6440 comm="syz.2.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 78.838275][ T6467] fuse: Bad value for 'fd' [ 78.998169][ T6472] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 79.115421][ T6480] netlink: 96 bytes leftover after parsing attributes in process `syz.1.89'. [ 79.475377][ T6481] syz.1.89 uses obsolete (PF_INET,SOCK_PACKET) [ 79.702244][ T6483] overlayfs: missing 'lowerdir' [ 79.930610][ T6483] block device autoloading is deprecated and will be removed. [ 79.953392][ T6490] netlink: 40 bytes leftover after parsing attributes in process `syz.3.91'. [ 80.482439][ T6500] netlink: 40 bytes leftover after parsing attributes in process `syz.2.94'. [ 80.891419][ T6505] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 80.936575][ T6509] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 81.029042][ T59] cfg80211: failed to load regulatory.db [ 81.196059][ T6521] netlink: 40 bytes leftover after parsing attributes in process `syz.0.98'. [ 82.169904][ T6537] netlink: 4 bytes leftover after parsing attributes in process `syz.3.103'. [ 83.199492][ T6553] FAULT_INJECTION: forcing a failure. [ 83.199492][ T6553] name failslab, interval 1, probability 0, space 0, times 1 [ 83.211945][ T6553] CPU: 3 UID: 0 PID: 6553 Comm: syz.2.107 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) [ 83.211971][ T6553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 83.211981][ T6553] Call Trace: [ 83.211987][ T6553] [ 83.211994][ T6553] dump_stack_lvl+0x16c/0x1f0 [ 83.212017][ T6553] should_fail_ex+0x512/0x640 [ 83.212035][ T6553] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 83.212057][ T6553] should_failslab+0xc2/0x120 [ 83.212077][ T6553] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 83.212095][ T6553] ? __alloc_skb+0x2b2/0x380 [ 83.212115][ T6553] __alloc_skb+0x2b2/0x380 [ 83.212131][ T6553] ? __pfx___alloc_skb+0x10/0x10 [ 83.212147][ T6553] ? genl_rcv_msg+0x470/0x800 [ 83.212168][ T6553] ? genl_rcv_msg+0x4bb/0x800 [ 83.212196][ T6553] netlink_ack+0x15d/0xb80 [ 83.212218][ T6553] ? __lock_acquire+0x622/0x1c90 [ 83.212245][ T6553] netlink_rcv_skb+0x332/0x420 [ 83.212266][ T6553] ? __pfx_genl_rcv_msg+0x10/0x10 [ 83.212296][ T6553] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 83.212327][ T6553] ? netlink_deliver_tap+0x1ae/0xd30 [ 83.212345][ T6553] ? is_vmalloc_addr+0x86/0xa0 [ 83.212366][ T6553] genl_rcv+0x28/0x40 [ 83.212386][ T6553] netlink_unicast+0x58d/0x850 [ 83.212410][ T6553] ? __pfx_netlink_unicast+0x10/0x10 [ 83.212438][ T6553] netlink_sendmsg+0x8d1/0xdd0 [ 83.212463][ T6553] ? __pfx_netlink_sendmsg+0x10/0x10 [ 83.212485][ T6553] ? __import_iovec+0x1dd/0x650 [ 83.212523][ T6553] ____sys_sendmsg+0xa95/0xc70 [ 83.212551][ T6553] ? __pfx_____sys_sendmsg+0x10/0x10 [ 83.212572][ T6553] ? get_compat_msghdr+0x11a/0x170 [ 83.212604][ T6553] ___sys_sendmsg+0x134/0x1d0 [ 83.212625][ T6553] ? __pfx____sys_sendmsg+0x10/0x10 [ 83.212658][ T6553] ? find_held_lock+0x2b/0x80 [ 83.212695][ T6553] __sys_sendmsg+0x16d/0x220 [ 83.212713][ T6553] ? __pfx___sys_sendmsg+0x10/0x10 [ 83.212736][ T6553] ? rcu_is_watching+0x12/0xc0 [ 83.212758][ T6553] __do_fast_syscall_32+0x7c/0x3a0 [ 83.212780][ T6553] do_fast_syscall_32+0x32/0x80 [ 83.212797][ T6553] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 83.212818][ T6553] RIP: 0023:0xf70be579 [ 83.212832][ T6553] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 83.212847][ T6553] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 83.212863][ T6553] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480 [ 83.212873][ T6553] RDX: 0000000000044080 RSI: 0000000000000000 RDI: 0000000000000000 [ 83.212882][ T6553] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 83.212890][ T6553] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 83.212897][ T6553] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 83.212915][ T6553] [ 83.265759][ T40] kauditd_printk_skb: 83 callbacks suppressed [ 83.265774][ T40] audit: type=1326 audit(1752953039.758:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6545 comm="syz.3.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 83.301915][ T6555] netlink: 'syz.0.108': attribute type 12 has an invalid length. [ 83.314547][ T40] audit: type=1326 audit(1752953039.758:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6545 comm="syz.3.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 83.317823][ T6555] netlink: 132 bytes leftover after parsing attributes in process `syz.0.108'. [ 83.317927][ T40] audit: type=1326 audit(1752953039.768:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6545 comm="syz.3.105" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 83.358762][ T40] audit: type=1326 audit(1752953039.768:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6545 comm="syz.3.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 83.365323][ T40] audit: type=1326 audit(1752953039.768:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6545 comm="syz.3.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 83.371683][ T40] audit: type=1326 audit(1752953039.768:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6545 comm="syz.3.105" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 83.379661][ T40] audit: type=1326 audit(1752953039.768:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6545 comm="syz.3.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 83.383421][ T6557] netfs: Couldn't get user pages (rc=-14) [ 83.389498][ T40] audit: type=1326 audit(1752953039.768:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6545 comm="syz.3.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 83.399990][ T40] audit: type=1326 audit(1752953039.768:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6545 comm="syz.3.105" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 83.408524][ T40] audit: type=1326 audit(1752953039.768:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6545 comm="syz.3.105" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 84.278584][ T6570] fuse: Unknown parameter 'user_i00000000000000000000' [ 84.285047][ T6562] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 84.353020][ T6575] netlink: 4 bytes leftover after parsing attributes in process `syz.1.114'. [ 84.890205][ T6572] netlink: 4 bytes leftover after parsing attributes in process `syz.0.108'. [ 84.893356][ T6572] netlink: 4 bytes leftover after parsing attributes in process `syz.0.108'. [ 85.209155][ T6588] FAULT_INJECTION: forcing a failure. [ 85.209155][ T6588] name failslab, interval 1, probability 0, space 0, times 0 [ 85.213198][ T6588] CPU: 2 UID: 0 PID: 6588 Comm: syz.1.117 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) [ 85.213212][ T6588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.213218][ T6588] Call Trace: [ 85.213222][ T6588] [ 85.213226][ T6588] dump_stack_lvl+0x16c/0x1f0 [ 85.213240][ T6588] should_fail_ex+0x512/0x640 [ 85.213251][ T6588] ? fs_reclaim_acquire+0xae/0x150 [ 85.213267][ T6588] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 85.213277][ T6588] should_failslab+0xc2/0x120 [ 85.213289][ T6588] __kmalloc_noprof+0xd2/0x510 [ 85.213303][ T6588] tomoyo_realpath_from_path+0xc2/0x6e0 [ 85.213314][ T6588] ? tomoyo_profile+0x47/0x60 [ 85.213326][ T6588] tomoyo_path_number_perm+0x245/0x580 [ 85.213341][ T6588] ? tomoyo_path_number_perm+0x237/0x580 [ 85.213357][ T6588] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 85.213385][ T6588] ? find_held_lock+0x2b/0x80 [ 85.213396][ T6588] ? hook_file_ioctl_common+0x145/0x410 [ 85.213415][ T6588] ? __fget_files+0x20e/0x3c0 [ 85.213427][ T6588] ? fput+0x60/0xf0 [ 85.213440][ T6588] security_file_ioctl_compat+0x9b/0x240 [ 85.213457][ T6588] __ia32_compat_sys_ioctl+0xc3/0x370 [ 85.213474][ T6588] __do_fast_syscall_32+0x7c/0x3a0 [ 85.213486][ T6588] do_fast_syscall_32+0x32/0x80 [ 85.213497][ T6588] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 85.213510][ T6588] RIP: 0023:0xf7f76579 [ 85.213518][ T6588] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 85.213527][ T6588] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 85.213537][ T6588] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008922 [ 85.213544][ T6588] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 85.213549][ T6588] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 85.213555][ T6588] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 85.213560][ T6588] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 85.213572][ T6588] [ 85.213577][ T6588] ERROR: Out of memory at tomoyo_realpath_from_path. [ 85.368350][ T6595] overlayfs: missing 'lowerdir' [ 86.298674][ T6619] netfs: Couldn't get user pages (rc=-14) [ 86.754780][ T6627] xt_CT: You must specify a L4 protocol and not use inversions on it [ 86.758132][ T6627] 9pnet_fd: Insufficient options for proto=fd [ 86.876297][ T6631] overlayfs: missing 'lowerdir' [ 86.900612][ T6629] Zero length message leads to an empty skb [ 87.066325][ T6638] netlink: 40 bytes leftover after parsing attributes in process `syz.3.130'. [ 87.796395][ T6648] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 88.514523][ T9] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 88.674497][ T9] usb 8-1: Using ep0 maxpacket: 8 [ 88.679964][ T9] usb 8-1: config index 0 descriptor too short (expected 3783, got 18) [ 88.683336][ T9] usb 8-1: config 72 has too many interfaces: 169, using maximum allowed: 32 [ 88.687073][ T9] usb 8-1: config 72 has an invalid descriptor of length 134, skipping remainder of the config [ 88.691003][ T9] usb 8-1: config 72 has 0 interfaces, different from the descriptor's value: 169 [ 88.697813][ T9] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 88.701367][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.703846][ T9] usb 8-1: Product: syz [ 88.705397][ T9] usb 8-1: Manufacturer: syz [ 88.706985][ T9] usb 8-1: SerialNumber: syz [ 88.800459][ T6640] Set syz1 is full, maxelem 65536 reached [ 88.844481][ T59] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 88.940112][ T6672] fuse: Unknown parameter 'user_id00000000000000000000' [ 88.978621][ T9] usb 8-1: USB disconnect, device number 3 [ 88.994560][ T59] usb 7-1: Using ep0 maxpacket: 8 [ 88.998489][ T59] usb 7-1: config index 0 descriptor too short (expected 3783, got 18) [ 89.001279][ T59] usb 7-1: config 72 has too many interfaces: 169, using maximum allowed: 32 [ 89.004288][ T59] usb 7-1: config 72 has an invalid descriptor of length 134, skipping remainder of the config [ 89.008918][ T59] usb 7-1: config 72 has 0 interfaces, different from the descriptor's value: 169 [ 89.013493][ T59] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 89.016726][ T59] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.020012][ T59] usb 7-1: Product: syz [ 89.021730][ T59] usb 7-1: Manufacturer: syz [ 89.023526][ T59] usb 7-1: SerialNumber: syz [ 89.419176][ T59] usb 7-1: USB disconnect, device number 3 [ 89.515951][ T6682] netlink: 4 bytes leftover after parsing attributes in process `syz.3.140'. [ 89.826785][ T1326] IPVS: starting estimator thread 0... [ 89.827583][ T6685] program syz.2.141 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 89.896477][ T6693] netlink: 4 bytes leftover after parsing attributes in process `syz.2.143'. [ 89.934977][ T6686] IPVS: using max 27 ests per chain, 64800 per kthread [ 90.010158][ T6701] fuse: Unknown parameter 'user_id00000000000000000000' [ 90.060733][ T6704] FAULT_INJECTION: forcing a failure. [ 90.060733][ T6704] name failslab, interval 1, probability 0, space 0, times 0 [ 90.065982][ T6704] CPU: 1 UID: 0 PID: 6704 Comm: syz.1.148 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) [ 90.066004][ T6704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 90.066015][ T6704] Call Trace: [ 90.066020][ T6704] [ 90.066027][ T6704] dump_stack_lvl+0x16c/0x1f0 [ 90.066050][ T6704] should_fail_ex+0x512/0x640 [ 90.066067][ T6704] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 90.066088][ T6704] should_failslab+0xc2/0x120 [ 90.066106][ T6704] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 90.066123][ T6704] ? alloc_empty_file+0x55/0x1e0 [ 90.066146][ T6704] alloc_empty_file+0x55/0x1e0 [ 90.066165][ T6704] path_openat+0xda/0x2cb0 [ 90.066179][ T6704] ? do_fast_syscall_32+0x32/0x80 [ 90.066193][ T6704] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 90.066218][ T6704] ? __pfx_path_openat+0x10/0x10 [ 90.066240][ T6704] do_filp_open+0x20b/0x470 [ 90.066257][ T6704] ? __pfx_do_filp_open+0x10/0x10 [ 90.066294][ T6704] ? _raw_spin_unlock+0x28/0x50 [ 90.066316][ T6704] ? alloc_fd+0x471/0x7d0 [ 90.066348][ T6704] do_sys_openat2+0x11b/0x1d0 [ 90.066368][ T6704] ? __pfx_do_sys_openat2+0x10/0x10 [ 90.066392][ T6704] ? __fget_files+0x20e/0x3c0 [ 90.066411][ T6704] __ia32_compat_sys_openat+0x16d/0x210 [ 90.066433][ T6704] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 90.066454][ T6704] ? ksys_write+0x1ac/0x250 [ 90.066474][ T6704] ? rcu_is_watching+0x12/0xc0 [ 90.066494][ T6704] __do_fast_syscall_32+0x7c/0x3a0 [ 90.066514][ T6704] do_fast_syscall_32+0x32/0x80 [ 90.066529][ T6704] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 90.066548][ T6704] RIP: 0023:0xf7f76579 [ 90.066560][ T6704] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 90.066575][ T6704] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 90.066593][ T6704] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000100 [ 90.066603][ T6704] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000 [ 90.066612][ T6704] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 90.066621][ T6704] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 90.066632][ T6704] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 90.066651][ T6704] [ 91.281451][ T6735] fuse: Unknown parameter 'user_id00000000000000000000' [ 91.556218][ T6750] netlink: 4 bytes leftover after parsing attributes in process `syz.0.160'. [ 93.098053][ T6793] bridge1: entered promiscuous mode [ 93.110085][ T6793] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 93.112505][ T6793] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 93.117563][ T6793] vhci_hcd vhci_hcd.0: Device attached [ 93.225103][ T59] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 93.354631][ T5958] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 93.357830][ T837] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 93.376723][ T59] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 93.379929][ T59] usb 5-1: config 0 has no interface number 0 [ 93.382553][ T59] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 93.387714][ T59] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 93.392163][ T59] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 93.396886][ T59] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.402985][ T59] usb 5-1: config 0 descriptor?? [ 93.406726][ T6780] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 93.416395][ T59] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 93.506583][ T5958] usb 6-1: config 0 has an invalid descriptor of length 50, skipping remainder of the config [ 93.510905][ T5958] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 93.514940][ T5958] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 93.518607][ T5958] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.524050][ T5958] usb 6-1: config 0 descriptor?? [ 93.620754][ T1018] usb 5-1: USB disconnect, device number 3 [ 93.659016][ T6802] netlink: 40 bytes leftover after parsing attributes in process `syz.3.172'. [ 94.256896][ T6816] fuse: Bad value for 'group_id' [ 94.258489][ T6816] fuse: Bad value for 'group_id' [ 94.846721][ T6844] overlayfs: missing 'lowerdir' [ 95.005089][ T6847] fuse: Bad value for 'fd' [ 95.145740][ T6853] netlink: 40 bytes leftover after parsing attributes in process `syz.3.186'. [ 96.081168][ T6043] usb 6-1: USB disconnect, device number 2 [ 96.088143][ T6794] usb 39-1: recv xbuf, 0 [ 96.096081][ T46] vhci_hcd: stop threads [ 96.099026][ T46] vhci_hcd: release socket [ 96.108065][ T46] vhci_hcd: disconnect device [ 96.244536][ T6867] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 96.244553][ T837] vhci_hcd: vhci_device speed not set [ 96.387458][ T6851] Set syz1 is full, maxelem 65536 reached [ 96.628479][ T6879] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 96.693826][ T6887] fuse: Bad value for 'fd' [ 96.736918][ T6890] netlink: 24 bytes leftover after parsing attributes in process `syz.3.197'. [ 96.814531][ T1326] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 96.984479][ T1326] usb 7-1: Using ep0 maxpacket: 8 [ 96.988512][ T1326] usb 7-1: config index 0 descriptor too short (expected 3783, got 18) [ 96.991994][ T1326] usb 7-1: config 72 has too many interfaces: 169, using maximum allowed: 32 [ 96.996417][ T1326] usb 7-1: config 72 has an invalid descriptor of length 134, skipping remainder of the config [ 97.000715][ T1326] usb 7-1: config 72 has 0 interfaces, different from the descriptor's value: 169 [ 97.006946][ T1326] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 97.010729][ T1326] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.014073][ T1326] usb 7-1: Product: syz [ 97.016329][ T1326] usb 7-1: Manufacturer: syz [ 97.018312][ T1326] usb 7-1: SerialNumber: syz [ 97.288434][ T6903] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.492305][ T6911] netfs: Couldn't get user pages (rc=-14) [ 97.535537][ T1326] usb 7-1: USB disconnect, device number 4 [ 97.988492][ T6925] fuse: Unknown parameter '0x0000000000000003' [ 98.766036][ T6943] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 99.379071][ T6961] syz.1.219 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 100.459983][ T6990] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 100.462372][ T6990] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 100.467286][ T6990] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 100.468794][ T6994] netlink: 4 bytes leftover after parsing attributes in process `syz.2.230'. [ 100.469555][ T6990] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 101.347257][ T7034] netlink: 4 bytes leftover after parsing attributes in process `syz.2.246'. [ 101.454466][ T40] kauditd_printk_skb: 123 callbacks suppressed [ 101.454481][ T40] audit: type=1326 audit(1752953058.048:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.3.247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 101.456981][ T7040] netlink: 40 bytes leftover after parsing attributes in process `syz.3.247'. [ 101.457227][ T40] audit: type=1326 audit(1752953058.058:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.3.247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 101.478428][ T40] audit: type=1326 audit(1752953058.058:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.3.247" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 101.488410][ T40] audit: type=1326 audit(1752953058.058:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.3.247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 101.498214][ T40] audit: type=1326 audit(1752953058.058:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.3.247" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 101.507415][ T40] audit: type=1326 audit(1752953058.058:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.3.247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 101.516877][ T40] audit: type=1326 audit(1752953058.058:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.3.247" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 101.525339][ T40] audit: type=1326 audit(1752953058.058:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.3.247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 101.534118][ T40] audit: type=1326 audit(1752953058.058:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.3.247" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 101.543314][ T40] audit: type=1326 audit(1752953058.068:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7035 comm="syz.3.247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 102.291873][ T7063] FAULT_INJECTION: forcing a failure. [ 102.291873][ T7063] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 102.297319][ T7063] CPU: 1 UID: 0 PID: 7063 Comm: syz.2.253 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) [ 102.297335][ T7063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 102.297342][ T7063] Call Trace: [ 102.297346][ T7063] [ 102.297350][ T7063] dump_stack_lvl+0x16c/0x1f0 [ 102.297365][ T7063] should_fail_ex+0x512/0x640 [ 102.297378][ T7063] _copy_from_user+0x2e/0xd0 [ 102.297398][ T7063] generic_map_update_batch+0x3e9/0x610 [ 102.297421][ T7063] ? __pfx_generic_map_update_batch+0x10/0x10 [ 102.297440][ T7063] ? __pfx_generic_map_update_batch+0x10/0x10 [ 102.297458][ T7063] bpf_map_do_batch+0x5b4/0x680 [ 102.297474][ T7063] __sys_bpf+0x189f/0x4ea0 [ 102.297485][ T7063] ? __pfx___sys_bpf+0x10/0x10 [ 102.297495][ T7063] ? ksys_write+0x190/0x250 [ 102.297508][ T7063] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 102.297528][ T7063] ? fput+0x70/0xf0 [ 102.297541][ T7063] ? ksys_write+0x1ac/0x250 [ 102.297550][ T7063] ? __pfx_ksys_write+0x10/0x10 [ 102.297563][ T7063] __ia32_sys_bpf+0x76/0xe0 [ 102.297574][ T7063] __do_fast_syscall_32+0x7c/0x3a0 [ 102.297587][ T7063] do_fast_syscall_32+0x32/0x80 [ 102.297598][ T7063] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 102.297612][ T7063] RIP: 0023:0xf70be579 [ 102.297621][ T7063] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 102.297631][ T7063] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 102.297641][ T7063] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 00000000800001c0 [ 102.297648][ T7063] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 102.297654][ T7063] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 102.297660][ T7063] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 102.297666][ T7063] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 102.297679][ T7063] [ 102.385375][ T7065] netlink: 40 bytes leftover after parsing attributes in process `syz.0.251'. [ 103.258137][ T7048] Set syz1 is full, maxelem 65536 reached [ 104.160828][ T7097] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 104.801390][ T7127] netlink: 40 bytes leftover after parsing attributes in process `syz.0.271'. [ 105.023607][ T7132] bridge1: left promiscuous mode [ 105.885440][ T7146] netfs: Couldn't get user pages (rc=-14) [ 106.578920][ T7163] fuse: Unknown parameter 'grou00000000000000000000' [ 106.596508][ T7165] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.655549][ T40] kauditd_printk_skb: 110 callbacks suppressed [ 106.655560][ T40] audit: type=1326 audit(1752953063.258:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7160 comm="syz.2.283" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 106.657526][ T7168] netlink: 4 bytes leftover after parsing attributes in process `syz.0.286'. [ 106.663877][ T40] audit: type=1326 audit(1752953063.258:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7160 comm="syz.2.283" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 106.675997][ T40] audit: type=1326 audit(1752953063.278:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7160 comm="syz.2.283" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 106.682900][ T40] audit: type=1326 audit(1752953063.278:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7160 comm="syz.2.283" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 106.690321][ T7166] netlink: 40 bytes leftover after parsing attributes in process `syz.2.283'. [ 106.694760][ T40] audit: type=1326 audit(1752953063.278:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7160 comm="syz.2.283" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 106.701697][ T40] audit: type=1326 audit(1752953063.298:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7160 comm="syz.2.283" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 106.714475][ T40] audit: type=1326 audit(1752953063.298:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7160 comm="syz.2.283" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 106.723210][ T40] audit: type=1326 audit(1752953063.298:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7160 comm="syz.2.283" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 106.732071][ T40] audit: type=1326 audit(1752953063.298:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7160 comm="syz.2.283" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 106.741160][ T40] audit: type=1326 audit(1752953063.298:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7160 comm="syz.2.283" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 106.907044][ T7173] ceph: No mds server is up or the cluster is laggy [ 106.963231][ T6043] libceph: connect (1)[c::]:6789 error -101 [ 106.976235][ T6043] libceph: mon0 (1)[c::]:6789 connect error [ 108.101677][ T7202] fuse: Unknown parameter 'grou00000000000000000000' [ 108.275292][ T7210] netlink: 4 bytes leftover after parsing attributes in process `syz.3.297'. [ 108.339753][ T7213] input: syz0 as /devices/virtual/input/input5 [ 108.341617][ T7213] input: failed to attach handler leds to device input5, error: -6 [ 108.358262][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.360524][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.368693][ T7213] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 108.373528][ T7213] netlink: 12 bytes leftover after parsing attributes in process `syz.2.298'. [ 108.376205][ T7213] netlink: 12 bytes leftover after parsing attributes in process `syz.2.298'. [ 108.768178][ T7223] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 109.028046][ T7227] netfs: Couldn't get user pages (rc=-14) [ 109.336984][ T7236] fuse: Unknown parameter 'fd0x0000000000000003' [ 110.073945][ T7254] comedi comedi2: mpc624: I/O port conflict (0x67f,16) [ 110.557684][ T7269] vxfs: WRONG superblock magic 00000000 at 1 [ 110.560425][ T7269] vxfs: WRONG superblock magic 00000000 at 8 [ 110.562296][ T7269] vxfs: can't find superblock. [ 110.965895][ T7274] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 111.234956][ T7280] netfs: Couldn't get user pages (rc=-14) [ 111.266116][ T7282] fuse: Unknown parameter 'group_i00000000000000000000' [ 112.996527][ T7323] netfs: Couldn't get user pages (rc=-14) [ 114.029362][ T7349] fuse: Unknown parameter 'group_id00000000000000000000' [ 114.205913][ T7359] FAULT_INJECTION: forcing a failure. [ 114.205913][ T7359] name failslab, interval 1, probability 0, space 0, times 0 [ 114.210093][ T7359] CPU: 1 UID: 0 PID: 7359 Comm: syz.0.341 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) [ 114.210107][ T7359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.210113][ T7359] Call Trace: [ 114.210117][ T7359] [ 114.210121][ T7359] dump_stack_lvl+0x16c/0x1f0 [ 114.210136][ T7359] should_fail_ex+0x512/0x640 [ 114.210147][ T7359] ? __kvmalloc_node_noprof+0x124/0x620 [ 114.210159][ T7359] should_failslab+0xc2/0x120 [ 114.210171][ T7359] __kvmalloc_node_noprof+0x137/0x620 [ 114.210182][ T7359] ? hash_ipportip_create+0x3ec/0x1250 [ 114.210199][ T7359] ? hash_ipportip_create+0x3ec/0x1250 [ 114.210213][ T7359] hash_ipportip_create+0x3ec/0x1250 [ 114.210228][ T7359] ? __nla_parse+0x6/0x60 [ 114.210240][ T7359] ? __pfx_hash_ipportip_create+0x10/0x10 [ 114.210255][ T7359] ip_set_create+0x7e4/0x14d0 [ 114.210267][ T7359] ? __pfx_ip_set_create+0x10/0x10 [ 114.210276][ T7359] ? trace_contention_end+0xdd/0x130 [ 114.210300][ T7359] ? find_held_lock+0x2b/0x80 [ 114.210314][ T7359] nfnetlink_rcv_msg+0x9fc/0x1200 [ 114.210333][ T7359] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 114.210349][ T7359] ? stack_trace_save+0x8e/0xc0 [ 114.210361][ T7359] ? __pfx_stack_trace_save+0x10/0x10 [ 114.210388][ T7359] netlink_rcv_skb+0x155/0x420 [ 114.210401][ T7359] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 114.210416][ T7359] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 114.210434][ T7359] ? ns_capable+0xd7/0x110 [ 114.210448][ T7359] nfnetlink_rcv+0x1b3/0x430 [ 114.210462][ T7359] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 114.210476][ T7359] ? netlink_deliver_tap+0x1ae/0xd30 [ 114.210487][ T7359] ? is_vmalloc_addr+0x86/0xa0 [ 114.210499][ T7359] netlink_unicast+0x58d/0x850 [ 114.210513][ T7359] ? __pfx_netlink_unicast+0x10/0x10 [ 114.210529][ T7359] netlink_sendmsg+0x8d1/0xdd0 [ 114.210543][ T7359] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.210556][ T7359] ? __import_iovec+0x1dd/0x650 [ 114.210570][ T7359] ____sys_sendmsg+0xa95/0xc70 [ 114.210586][ T7359] ? __pfx_____sys_sendmsg+0x10/0x10 [ 114.210599][ T7359] ? get_compat_msghdr+0x11a/0x170 [ 114.210615][ T7359] ___sys_sendmsg+0x134/0x1d0 [ 114.210627][ T7359] ? __pfx____sys_sendmsg+0x10/0x10 [ 114.210643][ T7359] ? find_held_lock+0x2b/0x80 [ 114.210661][ T7359] __sys_sendmsg+0x16d/0x220 [ 114.210672][ T7359] ? __pfx___sys_sendmsg+0x10/0x10 [ 114.210688][ T7359] ? rcu_is_watching+0x12/0xc0 [ 114.210701][ T7359] __do_fast_syscall_32+0x7c/0x3a0 [ 114.210713][ T7359] do_fast_syscall_32+0x32/0x80 [ 114.210723][ T7359] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 114.210736][ T7359] RIP: 0023:0xf7f65579 [ 114.210745][ T7359] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 114.210754][ T7359] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 114.210764][ T7359] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 114.210770][ T7359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 114.210776][ T7359] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 114.210782][ T7359] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 114.210787][ T7359] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 114.210799][ T7359] [ 114.600384][ T7376] overlayfs: missing 'lowerdir' [ 114.811462][ T7385] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.349'. [ 114.935563][ T7392] netfs: Couldn't get user pages (rc=-14) [ 115.344596][ T1326] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 115.514556][ T1326] usb 7-1: Using ep0 maxpacket: 8 [ 115.518945][ T1326] usb 7-1: config index 0 descriptor too short (expected 3783, got 18) [ 115.521842][ T1326] usb 7-1: config 72 has too many interfaces: 169, using maximum allowed: 32 [ 115.524616][ T1326] usb 7-1: config 72 has an invalid descriptor of length 134, skipping remainder of the config [ 115.527699][ T1326] usb 7-1: config 72 has 0 interfaces, different from the descriptor's value: 169 [ 115.531989][ T1326] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 115.535000][ T1326] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.537594][ T1326] usb 7-1: Product: syz [ 115.538834][ T1326] usb 7-1: Manufacturer: syz [ 115.540452][ T1326] usb 7-1: SerialNumber: syz [ 115.879387][ T1326] usb 7-1: USB disconnect, device number 5 [ 116.282570][ T7419] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 117.168536][ T7443] netfs: Couldn't get user pages (rc=-14) [ 118.797733][ T7468] netlink: 4 bytes leftover after parsing attributes in process `syz.3.373'. [ 119.323289][ T7475] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 120.016624][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.038630][ T7494] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.041275][ T7494] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.139867][ T7494] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.142690][ T7494] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.145978][ T7494] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.149188][ T7494] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.149451][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.168232][ T46] ------------[ cut here ]------------ [ 120.170516][ T46] WARNING: CPU: 0 PID: 46 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x4d5/0x580 [ 120.174368][ T46] Modules linked in: [ 120.176169][ T46] CPU: 0 UID: 0 PID: 46 Comm: kworker/u32:2 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) [ 120.182350][ T46] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 120.186609][ T46] Workqueue: cfg80211 cfg80211_event_work [ 120.188780][ T46] RIP: 0010:__cfg80211_ibss_joined+0x4d5/0x580 [ 120.191169][ T46] Code: ff ff e8 ee a9 da f6 90 0f 0b 90 e9 58 fe ff ff e8 00 04 3f f7 e9 22 fc ff ff e8 96 03 3f f7 e9 66 fc ff ff e8 cc a9 da f6 90 <0f> 0b 90 e9 6f fc ff ff e8 be a9 da f6 90 0f 0b e8 06 04 3f f7 e9 [ 120.198619][ T46] RSP: 0018:ffffc900006dfaf0 EFLAGS: 00010293 [ 120.200962][ T46] RAX: 0000000000000000 RBX: ffff88805f9a4d90 RCX: 0000000000000006 [ 120.203960][ T46] RDX: ffff8880205cc880 RSI: ffffffff8ae0ab94 RDI: ffffffff8c155ce0 [ 120.207094][ T46] RBP: ffffc900006dfba0 R08: 0000000000000001 R09: 0000000000000001 [ 120.210134][ T46] R10: ffffffff90a95857 R11: 0000000000000001 R12: ffff88805f9a4000 [ 120.213101][ T46] R13: 1ffff920000dbf62 R14: 0000000000000000 R15: ffffc900006dfb30 [ 120.216209][ T46] FS: 0000000000000000(0000) GS:ffff88809752e000(0000) knlGS:0000000000000000 [ 120.219644][ T46] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.222191][ T46] CR2: 000000003041effc CR3: 000000004b9d3000 CR4: 0000000000352ef0 [ 120.225366][ T46] Call Trace: [ 120.226734][ T46] [ 120.227913][ T46] ? do_raw_spin_lock+0x12c/0x2b0 [ 120.229982][ T46] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 120.232300][ T46] ? mark_held_locks+0x49/0x80 [ 120.234206][ T46] ? cfg80211_process_wdev_events+0x3dd/0x5c0 [ 120.236646][ T46] cfg80211_process_wdev_events+0x3dd/0x5c0 [ 120.238969][ T46] cfg80211_process_rdev_events+0x9f/0x130 [ 120.241258][ T46] cfg80211_event_work+0x2e/0x50 [ 120.243207][ T46] process_one_work+0x9cf/0x1b70 [ 120.245263][ T46] ? __pfx_process_one_work+0x10/0x10 [ 120.247355][ T46] ? assign_work+0x1a0/0x250 [ 120.249123][ T46] worker_thread+0x6c8/0xf10 [ 120.250938][ T46] ? __pfx_worker_thread+0x10/0x10 [ 120.252941][ T46] kthread+0x3c2/0x780 [ 120.254643][ T46] ? __pfx_kthread+0x10/0x10 [ 120.256469][ T46] ? rcu_is_watching+0x12/0xc0 [ 120.258307][ T46] ? __pfx_kthread+0x10/0x10 [ 120.260135][ T46] ret_from_fork+0x5d7/0x6f0 [ 120.261933][ T46] ? __pfx_kthread+0x10/0x10 [ 120.263718][ T46] ret_from_fork_asm+0x1a/0x30 [ 120.265656][ T46] [ 120.266878][ T46] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 120.269651][ T46] CPU: 0 UID: 0 PID: 46 Comm: kworker/u32:2 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) [ 120.274124][ T46] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 120.278190][ T46] Workqueue: cfg80211 cfg80211_event_work [ 120.280370][ T46] Call Trace: [ 120.281672][ T46] [ 120.282821][ T46] dump_stack_lvl+0x3d/0x1f0 [ 120.284590][ T46] panic+0x71c/0x800 [ 120.286125][ T46] ? __pfx_panic+0x10/0x10 [ 120.287903][ T46] ? show_trace_log_lvl+0x29b/0x3e0 [ 120.289940][ T46] ? check_panic_on_warn+0x1f/0xb0 [ 120.291931][ T46] ? __cfg80211_ibss_joined+0x4d5/0x580 [ 120.294071][ T46] check_panic_on_warn+0xab/0xb0 [ 120.296009][ T46] __warn+0xf6/0x3c0 [ 120.297555][ T46] ? __cfg80211_ibss_joined+0x4d5/0x580 [ 120.299697][ T46] report_bug+0x3c3/0x580 [ 120.301405][ T46] ? __cfg80211_ibss_joined+0x4d5/0x580 [ 120.303535][ T46] handle_bug+0x184/0x210 [ 120.305261][ T46] exc_invalid_op+0x17/0x50 [ 120.307088][ T46] asm_exc_invalid_op+0x1a/0x20 [ 120.309027][ T46] RIP: 0010:__cfg80211_ibss_joined+0x4d5/0x580 [ 120.311445][ T46] Code: ff ff e8 ee a9 da f6 90 0f 0b 90 e9 58 fe ff ff e8 00 04 3f f7 e9 22 fc ff ff e8 96 03 3f f7 e9 66 fc ff ff e8 cc a9 da f6 90 <0f> 0b 90 e9 6f fc ff ff e8 be a9 da f6 90 0f 0b e8 06 04 3f f7 e9 [ 120.318883][ T46] RSP: 0018:ffffc900006dfaf0 EFLAGS: 00010293 [ 120.321288][ T46] RAX: 0000000000000000 RBX: ffff88805f9a4d90 RCX: 0000000000000006 [ 120.324285][ T46] RDX: ffff8880205cc880 RSI: ffffffff8ae0ab94 RDI: ffffffff8c155ce0 [ 120.327333][ T46] RBP: ffffc900006dfba0 R08: 0000000000000001 R09: 0000000000000001 [ 120.330363][ T46] R10: ffffffff90a95857 R11: 0000000000000001 R12: ffff88805f9a4000 [ 120.333382][ T46] R13: 1ffff920000dbf62 R14: 0000000000000000 R15: ffffc900006dfb30 [ 120.336393][ T46] ? __cfg80211_ibss_joined+0x4d4/0x580 [ 120.338549][ T46] ? do_raw_spin_lock+0x12c/0x2b0 [ 120.340649][ T46] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 120.342971][ T46] ? mark_held_locks+0x49/0x80 [ 120.344913][ T46] ? cfg80211_process_wdev_events+0x3dd/0x5c0 [ 120.347253][ T46] cfg80211_process_wdev_events+0x3dd/0x5c0 [ 120.349567][ T46] cfg80211_process_rdev_events+0x9f/0x130 [ 120.351789][ T46] cfg80211_event_work+0x2e/0x50 [ 120.353720][ T46] process_one_work+0x9cf/0x1b70 [ 120.355657][ T46] ? __pfx_process_one_work+0x10/0x10 [ 120.357760][ T46] ? assign_work+0x1a0/0x250 [ 120.359558][ T46] worker_thread+0x6c8/0xf10 [ 120.361385][ T46] ? __pfx_worker_thread+0x10/0x10 [ 120.363361][ T46] kthread+0x3c2/0x780 [ 120.364976][ T46] ? __pfx_kthread+0x10/0x10 [ 120.366794][ T46] ? rcu_is_watching+0x12/0xc0 [ 120.368653][ T46] ? __pfx_kthread+0x10/0x10 [ 120.370462][ T46] ret_from_fork+0x5d7/0x6f0 [ 120.372251][ T46] ? __pfx_kthread+0x10/0x10 [ 120.374070][ T46] ret_from_fork_asm+0x1a/0x30 [ 120.375958][ T46] [ 120.377864][ T46] Kernel Offset: disabled [ 120.379548][ T46] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:24:36 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000036 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8556baa5 RDI=ffffffff9b09e540 RBP=ffffffff9b09e500 RSP=ffffc900006df460 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=0000000000000036 R14=ffffffff9b09e500 R15=ffffffff8556ba40 RIP=ffffffff8556bacf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809752e000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000003041effc CR3=000000004b9d3000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000004800000000 0000000100000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000004800000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffff88802b23a400 RBX=ffff88804b0d0000 RCX=0000000000000000 RDX=1ffff1100566764b RSI=ffffffff8b836273 RDI=ffff88802b23a418 RBP=ffffc9000371f748 RSP=ffffc9000371f590 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000001 R11=0000000000000001 R12=0000000000000002 R13=ffff88804b0d0558 R14=0000000000000001 R15=ffff88802b33a400 RIP=ffffffff81980ca0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88809762e000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f4ca9da4 CR3=000000004b9d3000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000049f84922a0 RBX=ffff88802b423a00 RCX=00000000000006e0 RDX=0000000000000049 RSI=ffff88802b423a00 RDI=000000000001fdf2 RBP=000000000001fdf2 RSP=ffffc90000538ec8 R8 =0000000000000005 R9 =000000000000003f R10=0000000000000019 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000019 R15=ffff88802b427c80 RIP=ffffffff81680535 RFL=00000003 [------C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88809772e000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000080202018 CR3=000000004b9d3000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7454ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000185ad5 RBX=0000000000000003 RCX=ffffffff8b828c69 RDX=0000000000000000 RSI=ffffffff8de296c6 RDI=ffffffff8c155ce0 RBP=ffffed1003bde000 RSP=ffffc9000048fdf8 R8 =0000000000000001 R9 =ffffed10056a6645 R10=ffff88802b53322b R11=0000000000000001 R12=0000000000000003 R13=ffff88801def0000 R14=ffffffff90a95850 R15=0000000000000000 RIP=ffffffff8b8277cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809782e000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000030501ffc CR3=000000006e284000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000004800000000 0000000100000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000004800000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000