last executing test programs: 4.788159427s ago: executing program 2 (id=455): r0 = socket$key(0xf, 0x3, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x2, 0x6, 0x101}, 0x14}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000140)="3d6ee2e04b91ab10143d9abe86dd", 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000140)=@req={0x200, 0xfffffff9, 0x0, 0x7f}, 0x10) recvmmsg$unix(r3, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000180)=""/251, 0xfb}], 0x1}}], 0x1, 0x40010020, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000f500008500000086000000850000002a000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$sock_inet_udp_SIOCINQ(r5, 0x541b, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0x1d, &(0x7f0000000200)=ANY=[@ANYRES64=0xffffffffffffffff], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = syz_clone(0x49080100, &(0x7f0000000580)="5b1c3842894aa2f54ef249d393ee2b058ca06756d1c5c6085fe82f6ab91284716cfd5a1220d3c7209cbb26c5c67e8f9b8b9c631c411236528ff5b23d1192b511661db7d2abeca341ebcd59a20d69f1f09e57d33c5dfc618b491f22cb293050b7a82f914350e549e3277053b6206d7357476bd80751ccbe208f7ed43221c7db7209eedbd56aa60c21463c7c72e3b61a74a5a6073393b055e75d531cee951e24a2a0db7e1ea06f9ab4648cdd19f5cd256df6f4f141915702a974610aa8397704dde23c10a61b1a10ccf266c7cde6a63976", 0xd0, &(0x7f0000000680), &(0x7f00000006c0), &(0x7f0000000700)="a50b50b4db9c81ea1b4131ecdfe8f8cfa17a782286bd7b819b7ab76a11ccd62e9495236211369916b4f8562b58db446d669c6db10f2ebbf9237c2ad8280e5fe413ad0cd01e3d747be7e9676dbe8ea697f4513fd2a5997d0ede0ff5dd83dcff0792089c82dcb2e546f50a9fdb33ddaa695eff214585ca7cdc6e6d56f858d7d46d03521d5bca0904fae4112a3a0b0b1137fca5a45aa55051c956d1d221f99abe49ad37489da4b2c010558263f1f5") sched_setscheduler(r8, 0x0, &(0x7f00000007c0)=0x3) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="020300030d0000000000000000000000030005000000000002004e20ac1e0101000000000000000002000100000000000000000b0000000002000900000000000000000000000000030006000000000002004e230a01010200000000000000000100140007", @ANYRES16=r1, @ANYRES32=0x0, @ANYRES8=r7, @ANYRES8=r6], 0x68}}, 0x0) 4.388721668s ago: executing program 2 (id=457): getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x8, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000580)=@updpolicy={0xbc, 0x19, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@local, 0x0, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x4, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}, 0x10000000, 0x0, 0x0, 0x1, 0x1}, [@XFRMA_IF_ID={0x8, 0x1f, 0x3}]}, 0xbc}}, 0x0) sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) 4.336451833s ago: executing program 2 (id=458): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(0xffffffffffffffff, 0x4068aea3, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r1, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f000000de40)=ANY=[@ANYRES64=r0, @ANYBLOB="629ecf677b43f6678dbc87c93e8df07f9e3fd4b2f6502e6beee9696dac9c82aad545aa893ea10865dc32dcda617fd4f11b0d416ccb36119903ff553a53b12b487aa4246dfc46d0e7434c2fdb027762086bde7b54793fb1"], 0x2000}], 0x1}, 0x80000c0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$KVM_SET_USER_MEMORY_REGION2(0xffffffffffffffff, 0x40a0ae49, &(0x7f0000000300)={0x10002, 0x3, 0xdddd0000, 0x2000, &(0x7f0000ffb000/0x2000)=nil, 0x7}) sendmmsg$unix(r4, 0x0, 0x0, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = openat$nci(0xffffff9c, &(0x7f0000000280), 0x2, 0x0) write$nci(r6, &(0x7f00000003c0)=@NCI_OP_CORE_RESET_RSP={0x0, 0x0, 0x2, 0x0, 0x4, {0x1, 0x40, 0x8}}, 0x6) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'vlan0\x00'}) sendto$inet6(r5, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x9000000}}, 0x1c) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) r8 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$VT_DISALLOCATE(r8, 0x5608) socket$netlink(0x10, 0x3, 0x0) syz_emit_ethernet(0x76, &(0x7f0000000080)={@link_local, @random="86082b9827c1", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb3e02", 0x40, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "974367", 0x0, 0x11, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [@dstopts={0x0, 0x1, '\x00', [@padn={0x1, 0x33, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}]}}}}}}}, 0x0) 3.007773663s ago: executing program 2 (id=464): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9f, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x400ad80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000006780)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3ab706204ee39c9dae21a1718ee351ebc92d2f0d482a863ae5c0b4d768ffe745af2c53a083d9b761b", 0xfff7}], 0x1}}], 0x1, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000100)='./file0\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) pwritev2(r5, &(0x7f0000000980)=[{0x0}, {&(0x7f0000000500)="be81e1310fb465f31a42f6efa58772d291c57be2782f6ff63ea3517e50771580447f7d195ee15e186027d518b2c77a051895fece1dc014c33d6928ab0376cf4077399b51451472f53be50af6897bc0fa353cad9156d19de3665191fdf17a2f07f4286cea5c10fbb81feb85e406524a47b1978139eaa8daec929e00572df90f9d8a3ce9b03cc2ee0eb9b4875c4e3d02e9570f627ef6771beca770bc6b2a", 0x9d}, {&(0x7f0000001980)="d8e266371b5a156dd615cef16752ad1da46006beac8c2afe470fda4ab99cbefd1d99a8bd233725239a987587077bf416a7cfa51b1f90320b2b3be3c625ae7a1ceb556334ffdf2aeb3ccb275458c596b17ba4ba1b9065b27d2c5d7f651119daedb16067158ebbb3835ba06546990a9e283378df9dcc41e1f31764da215dd047e02c235e3f0fb673961d3e8fc263c657418e7c5343cfc0388779bab9eba0af8a39635e940a42c857b5dbf0c85abec5bb56dff74ed0ba59c908a7d073fe79f650e0ea161760177e5b0bb98c0e70c8dffd7557afe30962031ecc63b9369ec0e882378a0c11c9f4d393b1bfec24fb155c078f1875f5987fd4220cf4ea1de57fea6bfbe21ed47227add291d38593a6b8472b12f2c241e5772cf9de4c1f7969f6a8f0862978773f3f5b557bd8d744db1970c0145f8df60c7364c46e06f1d19e89fabd5fcc92bf1d5f4583f9823dd68c4e097c8e306779c2ee47edf20b44a3ddcf9fbfe78a133343bf9195e5d2008f29e5c94b7885c817733deec78e744745d39ce3d9d3cbaa60fa5034e5afdcb2061f5c4600f17157826e8b86ac8ab7dffd10a494d60ca78197953abe66c0f94c4b7f678228baa85a9c375cc119cfca5b3447d8d7249db4f85875a5d30c9182ace809fd471311f4ae548088c382d2dbf903480b192511e74ceac914588c9a8c5eee734c523e54d56d72625bf2c50de0c6e14c68ffb9178ad095e11e64db74563b9cb566b9d513d6cfb172737fdbcba17110cf8f6983ee01017cf66dd47a37e0357789cb749e67a21520e8fcab8572826a6490c8bc427155afe3b79421d4cc5a41c72850a25e9241e6b2cb678188d8bcb1b9764e23a05570979e951d03b4c307d9350b307dbd634890d2dfd0ea90ddf5ac4b48c5a4c669112e853aaa62116126e9ce4c4e90f981a370c57f8b834011eabf792ccdd762eb46d48b814db572e856df3455d53a4552b0619c27faec3c921d79b15d984270d91a10702bf21044746f2fa2ce5176005715949524b787c724f55cce45d94427403553ed6437fb599f106abc670f625bb38e3a90ba894ddf0654464a8e22d68ba2b26978b52bb2a7a0fda821a0122355990fd9a14f3be86c8244ca3a15abb799c02aed2fc9f1cf8b9458b0e1d8ae8cdeda9de40adef98ca0def017d438714eac2873b3df14bb8f5c455fa76579edd04c5ae64b48638bb62dc9b678264713bc9e40b11559da793a125b5d4f5772bd7a369218b17d16c217e101e381422bb32003e6dcc0d0113b256569b43a8865b986b826f7073af99f6ed11753f88758470befc513628d25c50f7dc24ec14cc7354a659353c09779c83aa87d2cf9bc04f59522d065e4a55cb990d20e93ada39726e4baf5a23284ad19ba9eb8bbb5023eb12b4acb02768fe6599d36a3d7fc7c2a8cd9369997b7c179ebe385117f0e7b60fce56f033426d0ca78ef0dd953a0c6b2114b9034fc4fa0d576448171fc32eff97836c00a92674e47224779ef2f2dd3385dbfc88d6e7f6eb78c73a1668e5cf8ecf2d39ec62788ae1f3786262d3cdf8a208ab0a28196e6163a06809d3c0c41f3cd79a7e7d72b7c2c66c8662b8405532d8d00e8cf740f6388cc595405b4cd6d1ee6db4168379394a7ebea3c4ec1375b0a0ea05288a5fcfca8ccbcc198e8d319ca5121fbf70ed5dabece1a733b2c591a20d8faa59e30acc62ef5a74de7397308379aebd69fd52bf155b47c7dfeb0576205ec81b2f96b6137c375464a6dc8bbdef6693bec4dcb23286c2f102b1cc5a18a0251cfaaacee3cc7f61a6a99ae216350284901eec57c6d23380f2f5dcbdbf1b463509b42372064d14ecab7b4812b5304fe5ef48125ab446c7b93e5bab9f1a19f004170788ed59e278c06cee96b6e4cfd73ac7d85fffee05be3a5b3e613b1d14ac3074f4e872d01b742376c178d7b74866dadf7155255ea0e9b41edad219be52de205f1ce40f7b0cdcb674e35e9704e3f69d84499a8fa623f2c799be4e85e64af46cd73ba1c051b9e72a1778b1a3fd90b937c5d4c7afc59db11645c1806f8903992b7216d56de591d3e4985483df2a48061349498e6504605a0a730b9a84589ca7af5142168b887a80818cb5d7ee132998eb90d8598d52b3149ff9bacb321024443aff0f41244d35e210b9de2436fbe29e2495dbe70bf50caedbb2ae75bfde2af185e93", 0x60d}, {0x0}], 0x4, 0x5, 0xa, 0x14) readv(r0, &(0x7f0000000100)=[{&(0x7f00000001c0)=""/21, 0xb}], 0x3e8) r6 = socket$kcm(0x2, 0xa, 0x2) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r5) sendmsg$NL80211_CMD_LEAVE_OCB(r5, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000003c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="02002dbd7000fedbdf256d000000080003003b5335af1d0ac671f67259fe334f2f1d21b58267e90feb220be58ee4fac2324ef518ee2bec9aacec284731f937ad25ee034272a577d29afcfc8780de240454a1afc945ca8f55816ceb098e65a1557e6d89cfb041593a3d7ddaabdd847ea2cd0293df643e9f88ab0c054d32dcb19aacd01997ad59b0918c779407e2c9e16bb2c9727da824855e5bcb6e61f56ab2f87b6cd798dd562cf4332ffb6f003761cdfa8b75e6e3b3c33b15a927e3e4bbce7afb8f08ee9338f187343be7ae2f8cdae2a22168080c8b63d9658a9ab1a14cb1ac8620e16ec7dcf0a2b79f94a15c80ea06", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40040) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r6, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) 2.794691438s ago: executing program 0 (id=465): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x48441, 0x0) r1 = dup(r0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCFLSH(r0, 0x80047456, 0x1) (fail_nth: 3) 2.658231047s ago: executing program 3 (id=467): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) mount(0x0, 0x0, 0x0, 0x400080, &(0x7f00000001c0)='discard') r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdfffff}, &(0x7f0000000000)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) openat$vmci(0xffffff9c, &(0x7f0000000800), 0x2, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) pipe(&(0x7f0000000180)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x7fffffffffffffff, 0xfffffffffffffffd, 0x3, 0x20, 0x9, 0x4}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0xfffffffffffffffe, 0x9, 0x5, 0x3, 0x4, 0x20}, 0x0, 0x0) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) recvfrom$inet6(r4, &(0x7f0000000300)=""/44, 0x2c, 0x140, 0x0, 0x0) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) close(r5) io_uring_enter(r0, 0x75fa, 0xe475, 0x0, 0x0, 0x0) 2.657775125s ago: executing program 0 (id=468): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000080000000c00000000000000", @ANYRES32, @ANYBLOB="00000200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r1, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xff01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) r2 = gettid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000) sendfile(r1, r1, 0x0, 0x40008) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x12, 0x17, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000011000000bf09000000000000550901000074f696e500000000000000180100002020702500000000002020207baaf8ff00000000bda100000000000027010000f8ffffffb702000008000000b7030000000000002500000006000000be91000000000000b502ecffffff00008500000005000000b70000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8) unshare(0x22020600) r7 = socket(0x26, 0x5, 0x2) ioctl$F2FS_IOC_WRITE_CHECKPOINT(r7, 0xf507, 0x0) prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000ffe000/0x2000)=nil) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') lseek(r8, 0x1000000, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 2.547126352s ago: executing program 1 (id=469): r0 = socket(0x200000000000011, 0x2, 0x0) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @random="933c547ecfa7"}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x4, 0x8000}, 0x4) syz_emit_ethernet(0x6a, &(0x7f0000000280)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x13, 0x0, 0x2, 0x1, 0x11, 0x0, @empty, @empty=0x5000000}, {0x0, 0x0, 0x48, 0x0, @wg=@cookie={0x3, 0x1, "a483f184f0334b90f7455389810a695fc32c36677d0b0816", "89a1a2e06cb164e9140c6f4df2c09fa2b0d4fac08c4d603fb6907c2a6aabe251"}}}}}}, 0x0) 2.503648758s ago: executing program 1 (id=470): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x281}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r0 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, 0x0, 0x0, 0x0) getpgrp(0x0) socket$igmp(0x2, 0x3, 0x2) socket$igmp(0x2, 0x3, 0x2) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000000c0)='ext4_es_find_extent_range_exit\x00', r1, 0x0, 0x8}, 0x18) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="180000002400010300000000000000000100000004"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4010) recvmmsg(r4, &(0x7f0000004140)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000340)=""/250, 0xfa}, {&(0x7f0000000080)=""/31, 0x1f}, {&(0x7f0000000440)=""/167, 0xa7}, {&(0x7f0000000500)=""/4096, 0x1000}], 0x4}, 0x80000000}], 0x2, 0xa0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r6, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r7, 0x0, 0x20000000) 2.257506212s ago: executing program 1 (id=471): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$rose(0xb, 0x5, 0x0) socket$kcm(0x10, 0x2, 0x10) r1 = fsmount(0xffffffffffffffff, 0x0, 0x78) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[], 0xe4}}, 0x0) socketpair$unix(0x1, 0x4, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TCFLSH(r4, 0x400455c8, 0x0) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x64, 0x2, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0xfa11, 0xffffffff}, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = memfd_create(&(0x7f0000000180)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaaSc\xf3]WhI\xf4\x89\x85!mPl\x90\xa5\x93\x19\f\x9a\xae\xd5a\x9bU5\x1a\x86\x9d)5y\xef\x90\xea5\x81\xfeO;\xd4zh?\xbdW\xe0\x84\xe6\x9d\xcb\xcd\xb6\xad3\x7fWY\x02\xa2\x8baG\x00\x0e\x8e/\xc1\xaf\xd0\xbcH9\x04\x00\x00\x00z\x16\xdf\xf3hLpLaA\x89n]>,^M\x82\x8e\xe40\x97_\x809y)Z\xeb\x9d\xbawv\xe9\xc0\x16\xdc\xf5\xcb\xdb\x96\xd6\xba@\xa7\x1bl\xca\xe0\x1e3\x81\xc6S\x86\xf7\xf0\xba\x1b\x14N\xa2\x04\xdb\xb5X\xe4y\xef\xe8\xdb\xd5r\x11\xfb\xe4v\xef\x06\xbb\x00\x96CR\xe0~5\x16=:A2\x9c\b\xd9\xa0CB\r\xe9\xb8$\xfe\x8d\xb1Gg\xa9\xac<\xbf\x10]\b9\xd9\x89\xaf\xa6\xd1\x10\x1fq\xba\x06_NW\xdb67Xv(\xa8\xce\x1b\xe6\xbd\x947\x8f)8\xe5\xb3\xac;\x7f+\xf67\xea\x1ei\x92w-)\xa1B/\xb8S\xacT\x91\xa8\xf5dM\x0e7:9\xdb~V\xb7\xd5\x13^v\x14\xe6O\xea\x00\x87\x8dkG\xdf%\xebe\x83\xb97\x01| \xb3\xd8W\xe8o\x17\x97\xd9\x14o\x92\xb9\x9a\x8c\xd7\xcf\xa2\x11\xc3\xa5\xb3\xd2\xdeQ\xa7\x05\x7f\x99Lq(\xcd\\\xa2y\x14or\x1efn', 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000002, 0x4010012, r5, 0xffffc000) ftruncate(r5, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x85, &(0x7f0000000080)={0x0, 0xb, 0x0, 0x0, 0x7995}, 0xfcd6, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) syz_emit_ethernet(0x129, &(0x7f0000000580)={@local, @local, @val={@val={0x88a8, 0x2, 0x0, 0x1}, {0x8100, 0x2, 0x1}}, {@mpls_mc={0x8848, {[{0xe, 0x0, 0x1}, {0x8000}, {0x8, 0x0, 0x1}, {0xfff}, {0x4, 0x0, 0x1}], @ipv4=@tipc={{0x34, 0x4, 0x2, 0x4, 0xff, 0x68, 0x0, 0x6, 0x6, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x21}, {[@rr={0x7, 0x7, 0xce, [@remote]}, @timestamp_prespec={0x44, 0x14, 0x3e, 0x3, 0xd, [{@broadcast, 0x2}, {@dev={0xac, 0x14, 0x14, 0x3b}, 0x8000}]}, @timestamp={0x44, 0x14, 0xbe, 0x0, 0xe, [0x200, 0x1, 0x7, 0x3ff]}, @cipso={0x86, 0x41, 0x1, [{0x1, 0xa, "ea9c26cf208414c4"}, {0x6, 0x10, "681a16b031068983f88ae26058b0"}, {0x7, 0xb, "80f16f6b9a7ee921d1"}, {0x2, 0x4, "bc6a"}, {0x0, 0x12, "eb7fc047c41e41d2eb794f6cd1f58c0f"}]}, @timestamp_prespec={0x44, 0x24, 0x52, 0x3, 0x3, [{@dev={0xac, 0x14, 0x14, 0xe}, 0xa}, {@loopback, 0x7}, {@broadcast, 0xffffffff}, {@broadcast, 0xc0000000}]}, @cipso={0x86, 0x22, 0x3, [{0x5, 0x10, "e1e08c6e34ce7c4c3f31180bebdd"}, {0x7, 0xc, "7cac1456c025143f9767"}]}, @generic={0x88, 0x6, "842041a5"}]}}, @payload_named={{{{{0x2f, 0x0, 0x1, 0x0, 0x0, 0xa, 0x2, 0x2, 0x346, 0x0, 0x1, 0x7, 0x4, 0x2, 0x1ff, 0x7, 0x2, 0x4e24, 0x4e20}, 0x2, 0x2}, 0x3, 0x3}}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}}}}}, 0x0) mmap$dsp(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000002, 0x8010, r1, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x0) ioctl$USBDEVFS_FREE_STREAMS(r6, 0x802c550a, &(0x7f0000000000)=ANY=[]) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r7 = syz_open_dev$usbfs(&(0x7f0000000080), 0x0, 0x733902) ioctl$USBDEVFS_DROP_PRIVILEGES(r7, 0x4004551e, &(0x7f0000000040)=0x3) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f00000002c0)=@usbdevfs_driver={0x101, 0x5, 0x0}) sendmsg$IPSET_CMD_SAVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYRES64=r5, @ANYRES8], 0x1c}}, 0x80) 2.0025845s ago: executing program 1 (id=472): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000400)={'team0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x21}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000180)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x5885, 0x80, 0x10000000}, &(0x7f0000000340), 0x0) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r6, 0x26, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r7 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/4\x00') read$char_usb(r7, &(0x7f0000000000)=""/178, 0xb2) io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) write$char_usb(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB], 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)={@map, 0xffffffffffffffff, 0x5, 0x0, 0x0, @void, @value}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x403, 0x12000000, 0x0, {0x0, 0x0, 0x4, 0x0, 0x311}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r1}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x8044) 1.887180249s ago: executing program 2 (id=473): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000400)={'team0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x21}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000180)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x5885, 0x80, 0x10000000}, &(0x7f0000000340), 0x0) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r6, 0x26, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r7 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/4\x00') read$char_usb(r7, &(0x7f0000000000)=""/178, 0xb2) io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) write$char_usb(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32, @ANYRES64=0x0], 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)={@map, 0xffffffffffffffff, 0x5, 0x0, 0x0, @void, @value}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x403, 0x12000000, 0x0, {0x0, 0x0, 0x4, 0x0, 0x311}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r1}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x8044) 1.77595293s ago: executing program 3 (id=474): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000001000)='cpu.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r2, &(0x7f0000000080)={'some', 0x20, 0x2000000005, 0x20, 0x10000000fffff}, 0x2f) r3 = openat$cgroup_procs(r1, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x8, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x9, 0x7, 0x1, 0x4, 0x2, 0x1, 0x1, 0xff, 0x5, 0x0, 0xe, 0x9, 0xa, 0x2, 0xd, 0x5}}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x0, 0x180, 0x7, 0xffffffffffffffff, 0xf1, 0x0, 0x8000000000000, 0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x1, 0x384290}) ioctl$KVM_RUN(r6, 0xae80, 0x0) write$cgroup_pid(r3, &(0x7f00000005c0), 0x12) 1.304217878s ago: executing program 0 (id=475): prctl$PR_SET_SECUREBITS(0x1c, 0xf) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat$binderfs(0xffffff9c, 0x0, 0x2, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x80083, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, 0x0) ioctl$TIOCGSID(r0, 0x5429, 0x0) memfd_secret(0x7c2c44e850a180fd) ioctl$BINDER_FREEZE(r1, 0x400c620e, 0x0) sched_setaffinity(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$I2C(&(0x7f0000001940), 0x0, 0x0) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x0}) r4 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) write$qrtrtun(r4, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = gettid() r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r6}, 0x10) r7 = epoll_create(0x20003fd) r8 = eventfd(0x0) kcmp$KCMP_EPOLL_TFD(r5, r5, 0x7, r8, &(0x7f0000000080)={r7, r8}) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000540), r9) add_key$fscrypt_v1(&(0x7f0000000300), 0x0, 0x0, 0x0, 0xfffffffffffffffa) r10 = syz_clone(0x40848000, &(0x7f0000000100)="67b41c908a5a065dfbd02dc7a7977605bac0a78921dd7f764b42bc5ffb4163515bebbe2d5c5a1a63bfc1afdf5b09cede2249e85b4c608e136b19cbd93e24b161a315a3103dcf13ab05cf4f7f725a7c74134cca7a205b58a75cb4662d411e02caf9912fd450d670cc78a8fb02f6a92e2ef8cfb2be73bb", 0x76, &(0x7f0000000040), &(0x7f00000001c0), &(0x7f0000000200)="db2fd7e46a9f3d77a997b5f19ba354cb58eaf79218a4f7d090d06ea76f3415eba472d8b81cd541792ddb35dc6d9f44d55a16a43ece129984b15ab987cb7a2089ce808a4937efbcf01fb01a3e39c81a1a1c5a986f237944f5f595c27b4dabfdbdfdabedd6564b52e649d58b1f4b1b7e04ad32a7985c812893923920cf9eecea14cee16eba8fc470b971062ce9c1e293077b6bfc46890e050d0a2854998abfc9a33d74c0891f43fa407a7864c07f03e03b") capset(&(0x7f00000002c0)={0x20080522, r10}, &(0x7f0000000340)={0x5, 0xfa6, 0x8, 0xf, 0x1, 0x9}) r11 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r11, &(0x7f0000000440), 0x10) listen(r11, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) 1.178186803s ago: executing program 0 (id=476): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0xf0, &(0x7f0000000900)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 1.035934366s ago: executing program 0 (id=477): getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x8, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000580)=@updpolicy={0xbc, 0x19, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@local, 0x0, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x4, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}, 0x10000000, 0x0, 0x0, 0x1, 0x1}, [@XFRMA_IF_ID={0x8, 0x1f, 0x3}]}, 0xbc}}, 0x0) sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) 1.035588466s ago: executing program 3 (id=478): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x8}, [@ldst={0x6, 0x3}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x6}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 908.261751ms ago: executing program 3 (id=479): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYRES32, @ANYRES32, @ANYBLOB="08000500030000"], 0x24}}, 0x0) (fail_nth: 8) 907.913837ms ago: executing program 3 (id=480): openat$procfs(0xffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000240)='contention_end\x00', r0}, 0x18) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x14, 0x0, 0x4}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r1) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000012c0), r1) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0xa, 0x20}, {}, {}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$NLBL_MGMT_C_VERSION(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000080)={0x2c, r2, 0xf03, 0x0, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x15, 0x1, '\x00'/17}]}, 0x2c}}, 0x0) 907.680862ms ago: executing program 0 (id=481): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a000000010000003f0000004000000042000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000001a40), 0x1003, r3}, 0x38) (fail_nth: 7) 886.016026ms ago: executing program 1 (id=482): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) mount(0x0, 0x0, 0x0, 0x400080, &(0x7f00000001c0)='discard') r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdfffff}, &(0x7f0000000000)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) openat$vmci(0xffffff9c, &(0x7f0000000800), 0x2, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) pipe(&(0x7f0000000180)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x7fffffffffffffff, 0xfffffffffffffffd, 0x3, 0x20, 0x9, 0x4}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0xfffffffffffffffe, 0x9, 0x5, 0x3, 0x4, 0x20}, 0x0, 0x0) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) recvfrom$inet6(r4, &(0x7f0000000300)=""/44, 0x2c, 0x140, 0x0, 0x0) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) close(r5) io_uring_enter(r0, 0x75fa, 0xe475, 0x0, 0x0, 0x0) 788.27434ms ago: executing program 3 (id=483): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRES16=0x0], &(0x7f0000000340)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0xf, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_open_dev$loop(&(0x7f00000001c0), 0x10, 0x42000) ioctl$LOOP_CHANGE_FD(r1, 0x4c05, 0xffffffffffffffff) writev(0xffffffffffffffff, &(0x7f0000001440)=[{&(0x7f0000000940)="03000000000201", 0x7}], 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x110) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000800)=ANY=[@ANYRESDEC=0x0]) chdir(&(0x7f00000000c0)='./file0\x00') write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x1000) getsockname$tipc(0xffffffffffffffff, 0x0, &(0x7f0000000100)) fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') r2 = socket(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000200)={@empty}, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x0) sendmmsg(r2, 0x0, 0x0, 0x0) r4 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) r5 = socket$packet(0x11, 0x3, 0x300) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x518, 0x0, 0x18c, 0x203, 0x340, 0x19030000, 0x450, 0x2e0, 0x2e0, 0x450, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2f8, 0x340, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {0x16}, {}, {}, {}, {}, {0x0, 0xff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x20}]}}, @common=@hl={{0x24}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0xc8, 0x110, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x574) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00', 0x0}) prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r6, r8}, 0x40) ftruncate(r4, 0x2007ffb) sendfile(r4, r4, 0x0, 0x1000000201005) syz_open_dev$hidraw(0x0, 0x1, 0x14a042) 670.006209ms ago: executing program 2 (id=484): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000080000000c00000000000000", @ANYRES32, @ANYBLOB="00000200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r1, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xff01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) r2 = gettid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000) sendfile(r1, r1, 0x0, 0x40008) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x12, 0x17, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000011000000bf09000000000000550901000074f696e500000000000000180100002020702500000000002020207baaf8ff00000000bda100000000000027010000f8ffffffb702000008000000b7030000000000002500000006000000be91000000000000b502ecffffff00008500000005000000b70000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8) unshare(0x22020600) r7 = socket(0x26, 0x5, 0x2) ioctl$F2FS_IOC_WRITE_CHECKPOINT(r7, 0xf507, 0x0) prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000ffe000/0x2000)=nil) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') lseek(r8, 0x1000000, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 0s ago: executing program 1 (id=485): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="2400f000", @ANYRES16=r1, @ANYRES32, @ANYRES32, @ANYBLOB="08000500030000"], 0x24}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:2858' (ED25519) to the list of known hosts. [ 48.330854][ T5920] cgroup: Unknown subsys name 'net' [ 48.480294][ T5920] cgroup: Unknown subsys name 'cpuset' [ 48.484210][ T5920] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 49.443089][ T5920] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.109470][ T5940] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.112464][ T5940] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.115651][ T5940] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.119444][ T5940] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.122533][ T5940] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.133808][ T5941] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 53.135750][ T5940] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.142250][ T5941] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.142480][ T5940] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 53.147214][ T5941] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.148806][ T5940] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 53.155011][ T5941] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.155325][ T5940] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 53.159230][ T5941] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.160858][ T5940] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 53.173027][ T5940] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 53.179560][ T5292] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 53.182307][ T5292] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 53.186303][ T5292] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 53.192506][ T5292] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 53.358958][ T5935] chnl_net:caif_netlink_parms(): no params data found [ 53.512363][ T5944] chnl_net:caif_netlink_parms(): no params data found [ 53.519785][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.523892][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.526931][ T5935] bridge_slave_0: entered allmulticast mode [ 53.530301][ T5935] bridge_slave_0: entered promiscuous mode [ 53.536660][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.541141][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.544284][ T5935] bridge_slave_1: entered allmulticast mode [ 53.548093][ T5935] bridge_slave_1: entered promiscuous mode [ 53.704681][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.733466][ T5947] chnl_net:caif_netlink_parms(): no params data found [ 53.745014][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.851972][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.856132][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.861453][ T5944] bridge_slave_0: entered allmulticast mode [ 53.865347][ T5944] bridge_slave_0: entered promiscuous mode [ 53.876260][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.880199][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.883509][ T5944] bridge_slave_1: entered allmulticast mode [ 53.887345][ T5944] bridge_slave_1: entered promiscuous mode [ 53.980285][ T5935] team0: Port device team_slave_0 added [ 53.982362][ T5936] chnl_net:caif_netlink_parms(): no params data found [ 53.990660][ T5935] team0: Port device team_slave_1 added [ 54.057554][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.145602][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.206331][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.209555][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.219082][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.224156][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.227642][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.230928][ T5947] bridge_slave_0: entered allmulticast mode [ 54.234841][ T5947] bridge_slave_0: entered promiscuous mode [ 54.272643][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.275812][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.286778][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.292589][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.294899][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.297615][ T5947] bridge_slave_1: entered allmulticast mode [ 54.302065][ T5947] bridge_slave_1: entered promiscuous mode [ 54.334736][ T5944] team0: Port device team_slave_0 added [ 54.405846][ T5944] team0: Port device team_slave_1 added [ 54.464846][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.467521][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.470377][ T5936] bridge_slave_0: entered allmulticast mode [ 54.473605][ T5936] bridge_slave_0: entered promiscuous mode [ 54.479400][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.500667][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.502947][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.511202][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.516215][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.519062][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.521910][ T5936] bridge_slave_1: entered allmulticast mode [ 54.524990][ T5936] bridge_slave_1: entered promiscuous mode [ 54.529882][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.553127][ T5935] hsr_slave_0: entered promiscuous mode [ 54.555644][ T5935] hsr_slave_1: entered promiscuous mode [ 54.558953][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.561170][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.570273][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.641143][ T5947] team0: Port device team_slave_0 added [ 54.644525][ T5947] team0: Port device team_slave_1 added [ 54.710110][ T5936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.732936][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.735144][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.744826][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.749806][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.752272][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.760929][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.765733][ T5936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.812751][ T5944] hsr_slave_0: entered promiscuous mode [ 54.815687][ T5944] hsr_slave_1: entered promiscuous mode [ 54.818302][ T5944] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.820750][ T5944] Cannot create hsr debugfs directory [ 54.863089][ T5936] team0: Port device team_slave_0 added [ 54.868380][ T5936] team0: Port device team_slave_1 added [ 54.908613][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.911116][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.919853][ T5936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.929611][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.931771][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.939697][ T5936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.050651][ T5947] hsr_slave_0: entered promiscuous mode [ 55.054357][ T5947] hsr_slave_1: entered promiscuous mode [ 55.057539][ T5947] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.060665][ T5947] Cannot create hsr debugfs directory [ 55.129114][ T5936] hsr_slave_0: entered promiscuous mode [ 55.132047][ T5936] hsr_slave_1: entered promiscuous mode [ 55.134674][ T5936] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.140791][ T5936] Cannot create hsr debugfs directory [ 55.168174][ T67] Bluetooth: hci2: command tx timeout [ 55.168468][ T5292] Bluetooth: hci0: command tx timeout [ 55.247573][ T5292] Bluetooth: hci3: command tx timeout [ 55.248762][ T67] Bluetooth: hci1: command tx timeout [ 55.438718][ T5935] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 55.449349][ T5935] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 55.468097][ T5935] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 55.472892][ T5935] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 55.516363][ T5944] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.521078][ T5944] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.525364][ T5944] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.533727][ T5944] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.580458][ T5947] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 55.587392][ T5947] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.593771][ T5947] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.602125][ T5947] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.653044][ T5936] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.665454][ T5936] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.671059][ T5936] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.682529][ T5936] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.728472][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.749636][ T5935] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.769350][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.781985][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.785066][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.792275][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.806246][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.809396][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.834162][ T5944] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.845592][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.864350][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.867892][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.874074][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.877869][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.884701][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.888037][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.909786][ T1250] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.912962][ T1250] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.950622][ T5936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.963392][ T5947] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.966829][ T5947] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.998090][ T5936] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.005849][ T106] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.009341][ T106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.030071][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.033220][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.088594][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.136783][ T5935] veth0_vlan: entered promiscuous mode [ 56.150304][ T5935] veth1_vlan: entered promiscuous mode [ 56.157681][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.165682][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.221355][ T5935] veth0_macvtap: entered promiscuous mode [ 56.244936][ T5935] veth1_macvtap: entered promiscuous mode [ 56.260655][ T5944] veth0_vlan: entered promiscuous mode [ 56.269278][ T5947] veth0_vlan: entered promiscuous mode [ 56.276683][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.285155][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.295534][ T5936] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.301487][ T5944] veth1_vlan: entered promiscuous mode [ 56.310336][ T5947] veth1_vlan: entered promiscuous mode [ 56.317300][ T5935] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.321515][ T5935] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.325591][ T5935] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.329935][ T5935] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.408315][ T5944] veth0_macvtap: entered promiscuous mode [ 56.422789][ T5944] veth1_macvtap: entered promiscuous mode [ 56.427889][ T5947] veth0_macvtap: entered promiscuous mode [ 56.433743][ T106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.436385][ T106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.472112][ T5947] veth1_macvtap: entered promiscuous mode [ 56.476511][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.479291][ T5936] veth0_vlan: entered promiscuous mode [ 56.480136][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.491332][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.496596][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.503012][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.515794][ T5936] veth1_vlan: entered promiscuous mode [ 56.520831][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.525783][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.531617][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.535418][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.542028][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.546262][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.551216][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.559243][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.567361][ T5935] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.572544][ T5944] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.579087][ T5944] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.583085][ T5944] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.586713][ T5944] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.599289][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.602920][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.606090][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.611391][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.618464][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.625094][ T5947] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.628561][ T5947] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.632288][ T5947] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.635172][ T5947] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.691358][ T5936] veth0_macvtap: entered promiscuous mode [ 56.701467][ T5936] veth1_macvtap: entered promiscuous mode [ 56.713812][ T1189] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.716354][ T1189] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.732959][ T5936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.738521][ T5936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.742703][ T5936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.748247][ T5936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.751444][ T5936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.755651][ T5936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.761694][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.805777][ T5936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.811511][ T5936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.816245][ T5936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.821120][ T5936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.825044][ T5936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.829924][ T5936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.835589][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.858205][ T5936] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.861078][ T5936] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.864343][ T5936] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.867995][ T5936] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.883880][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.888282][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.922363][ T1189] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.925550][ T1189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.950453][ T47] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.953370][ T47] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.980759][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.983973][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.017550][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.022699][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.127768][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.247350][ T67] Bluetooth: hci0: command tx timeout [ 57.257728][ T67] Bluetooth: hci2: command tx timeout [ 57.327833][ T67] Bluetooth: hci3: command tx timeout [ 57.327961][ T5292] Bluetooth: hci1: command tx timeout [ 57.674988][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 57.698682][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.704747][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.715443][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.777249][ T0] NOHZ tick-stop error: local softirq work is pending, handler #340!!! [ 57.780524][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 57.807193][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.810881][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.813993][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 58.357295][ T5980] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 58.560173][ T5980] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 58.564905][ T5980] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 58.569234][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.580092][ T5980] usb 5-1: config 0 descriptor?? [ 58.798017][ T5980] usbhid 5-1:0.0: can't add hid device: -71 [ 58.800356][ T5980] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 58.809805][ T5980] usb 5-1: USB disconnect, device number 2 [ 59.278574][ T34] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 59.327475][ T5292] Bluetooth: hci2: command tx timeout [ 59.327584][ T67] Bluetooth: hci0: command tx timeout [ 59.407299][ T67] Bluetooth: hci3: command tx timeout [ 59.407310][ T5292] Bluetooth: hci1: command tx timeout [ 59.477382][ T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 59.481916][ T34] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 59.485802][ T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.510840][ T34] usb 5-1: config 0 descriptor?? [ 59.687518][ T6049] netlink: 36 bytes leftover after parsing attributes in process `syz.1.9'. [ 59.692007][ T6049] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9'. [ 59.695930][ T6049] netlink: 36 bytes leftover after parsing attributes in process `syz.1.9'. [ 59.701172][ T6049] netlink: 36 bytes leftover after parsing attributes in process `syz.1.9'. [ 59.834373][ T6051] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6'. [ 60.234489][ T6056] ip6tnl1: entered promiscuous mode [ 60.236862][ T6056] ip6tnl1: entered allmulticast mode [ 60.244348][ T6056] team0: Device ip6tnl1 is of different type [ 60.306931][ T34] usbhid 5-1:0.0: can't add hid device: -71 [ 60.309765][ T34] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 60.316418][ T34] usb 5-1: USB disconnect, device number 3 [ 61.031166][ T6063] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 61.163763][ T6063] syz.2.12 uses obsolete (PF_INET,SOCK_PACKET) [ 61.408325][ T67] Bluetooth: hci2: command tx timeout [ 61.410720][ T67] Bluetooth: hci0: command tx timeout [ 61.487109][ T67] Bluetooth: hci3: command tx timeout [ 61.497604][ T67] Bluetooth: hci1: command tx timeout [ 62.115881][ T6077] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 62.172792][ T6077] warning: `syz.2.14' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 62.240788][ T6077] bridge_slave_0: left allmulticast mode [ 62.242737][ T6077] bridge_slave_0: left promiscuous mode [ 62.245723][ T6077] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.251803][ T6087] netlink: 'syz.2.14': attribute type 10 has an invalid length. [ 62.258598][ T6077] bridge_slave_1: left allmulticast mode [ 62.260800][ T6077] bridge_slave_1: left promiscuous mode [ 62.263333][ T6077] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.271992][ T6077] bond0: (slave bond_slave_0): Releasing backup interface [ 62.279076][ T6077] bond0: (slave bond_slave_1): Releasing backup interface [ 62.296507][ T6077] team0: Port device team_slave_0 removed [ 62.311029][ T6077] team0: Port device team_slave_1 removed [ 62.314923][ T6077] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 62.318911][ T6077] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 62.396495][ T6077] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 62.399936][ T6077] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 62.429630][ T6087] mac80211_hwsim hwsim3 wlan1: left allmulticast mode [ 62.445178][ T6087] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.534808][ T6087] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 62.643892][ T6091] Zero length message leads to an empty skb [ 63.594091][ T6107] netlink: 36 bytes leftover after parsing attributes in process `syz.0.20'. [ 63.597520][ T6107] netlink: 16 bytes leftover after parsing attributes in process `syz.0.20'. [ 63.600597][ T6107] netlink: 36 bytes leftover after parsing attributes in process `syz.0.20'. [ 63.604065][ T6107] netlink: 36 bytes leftover after parsing attributes in process `syz.0.20'. [ 63.957848][ T6118] ip6tnl1: entered promiscuous mode [ 63.959861][ T6118] ip6tnl1: entered allmulticast mode [ 63.967060][ T6118] team0: Device ip6tnl1 is up. Set it down before adding it as a team port [ 65.023921][ T40] audit: type=1804 audit(1745657410.016:2): pid=6127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.26" name="/newroot/6/file0" dev="tmpfs" ino=49 res=1 errno=0 [ 65.170714][ T6129] netlink: 216 bytes leftover after parsing attributes in process `syz.1.27'. [ 65.173951][ T6129] netlink: 24 bytes leftover after parsing attributes in process `syz.1.27'. [ 65.177304][ T6129] netlink: 16 bytes leftover after parsing attributes in process `syz.1.27'. [ 65.322748][ T6135] netlink: 36 bytes leftover after parsing attributes in process `syz.3.28'. [ 65.326078][ T6135] netlink: 16 bytes leftover after parsing attributes in process `syz.3.28'. [ 65.329727][ T6135] netlink: 36 bytes leftover after parsing attributes in process `syz.3.28'. [ 65.333216][ T6135] netlink: 36 bytes leftover after parsing attributes in process `syz.3.28'. [ 66.583527][ T40] audit: type=1326 audit(1745657411.576:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.2.34" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 66.602588][ T40] audit: type=1326 audit(1745657411.596:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.2.34" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 66.627319][ T40] audit: type=1326 audit(1745657411.596:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.2.34" exe="/syz-executor" sig=0 arch=40000003 syscall=282 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 66.637549][ T6154] loop6: detected capacity change from 0 to 524287999 [ 66.641805][ T40] audit: type=1326 audit(1745657411.596:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.2.34" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 66.649930][ T6155] netlink: 36 bytes leftover after parsing attributes in process `syz.1.33'. [ 66.649963][ T6155] netlink: 16 bytes leftover after parsing attributes in process `syz.1.33'. [ 66.649972][ T6155] netlink: 36 bytes leftover after parsing attributes in process `syz.1.33'. [ 66.664041][ T40] audit: type=1326 audit(1745657411.596:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.2.34" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 66.674459][ T40] audit: type=1326 audit(1745657411.596:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.2.34" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 66.683109][ T40] audit: type=1326 audit(1745657411.606:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.2.34" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 66.694725][ T40] audit: type=1326 audit(1745657411.606:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.2.34" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 66.704732][ T40] audit: type=1326 audit(1745657411.616:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.2.34" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 67.410734][ T6163] ip6tnl1: entered promiscuous mode [ 67.412593][ T6163] ip6tnl1: entered allmulticast mode [ 67.416802][ T6163] team0: Device ip6tnl1 is of different type [ 69.577343][ T6185] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 70.444302][ T6205] __nla_validate_parse: 1 callbacks suppressed [ 70.445405][ T6205] netlink: 4 bytes leftover after parsing attributes in process `syz.2.47'. [ 70.951636][ T6220] lo: entered promiscuous mode [ 70.954595][ T6220] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 72.948235][ T6247] @: renamed from vlan0 (while UP) [ 73.372221][ T6259] ipt_REJECT: ECHOREPLY no longer supported. [ 74.536815][ T6270] ip6tnl1: entered promiscuous mode [ 74.538720][ T6270] ip6tnl1: entered allmulticast mode [ 74.542283][ T6270] team0: Device ip6tnl1 is of different type [ 75.288174][ T6279] netlink: 36 bytes leftover after parsing attributes in process `syz.0.68'. [ 75.292007][ T6279] netlink: 16 bytes leftover after parsing attributes in process `syz.0.68'. [ 75.295660][ T6279] netlink: 36 bytes leftover after parsing attributes in process `syz.0.68'. [ 75.302063][ T6279] netlink: 36 bytes leftover after parsing attributes in process `syz.0.68'. [ 75.548809][ T6282] netlink: 36 bytes leftover after parsing attributes in process `syz.1.69'. [ 75.552910][ T6282] netlink: 16 bytes leftover after parsing attributes in process `syz.1.69'. [ 75.556869][ T6282] netlink: 36 bytes leftover after parsing attributes in process `syz.1.69'. [ 75.561291][ T6282] netlink: 36 bytes leftover after parsing attributes in process `syz.1.69'. [ 76.060499][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.063583][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 78.128926][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 78.128941][ T40] audit: type=1326 audit(1745657423.126:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.2.78" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e579 code=0x0 [ 79.429324][ T6348] netlink: 36 bytes leftover after parsing attributes in process `syz.0.83'. [ 79.432832][ T6348] netlink: 16 bytes leftover after parsing attributes in process `syz.0.83'. [ 79.435907][ T6348] netlink: 36 bytes leftover after parsing attributes in process `syz.0.83'. [ 79.439145][ T6348] netlink: 36 bytes leftover after parsing attributes in process `syz.0.83'. [ 80.026249][ T6356] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 81.818325][ T6380] fuse: Bad value for 'fd' [ 81.846257][ T6382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.93'. [ 81.912278][ T6384] xt_CT: You must specify a L4 protocol and not use inversions on it [ 82.806222][ T6399] netlink: 36 bytes leftover after parsing attributes in process `syz.1.96'. [ 82.810382][ T6399] netlink: 16 bytes leftover after parsing attributes in process `syz.1.96'. [ 82.813205][ T6399] netlink: 36 bytes leftover after parsing attributes in process `syz.1.96'. [ 82.816144][ T6399] netlink: 36 bytes leftover after parsing attributes in process `syz.1.96'. [ 83.650041][ T6410] netlink: 'syz.0.102': attribute type 4 has an invalid length. [ 84.221382][ T6425] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 84.225275][ T6425] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 84.229446][ T6425] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 84.232387][ T6425] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 85.033587][ T6431] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 85.353994][ T6466] netlink: 'syz.0.116': attribute type 10 has an invalid length. [ 85.356377][ T6466] netlink: 40 bytes leftover after parsing attributes in process `syz.0.116'. [ 85.406416][ T6466] team0: Port device geneve0 added [ 86.280782][ T6499] trusted_key: encrypted_key: insufficient parameters specified [ 86.292596][ T6499] trusted_key: encrypted_key: keyword 'uvdate' not recognized [ 86.298362][ T59] cfg80211: failed to load regulatory.db [ 86.299369][ T6499] netlink: 'syz.0.119': attribute type 10 has an invalid length. [ 86.302643][ T6499] netlink: 40 bytes leftover after parsing attributes in process `syz.0.119'. [ 86.315962][ T6502] fuse: Bad value for 'fd' [ 86.442637][ T6507] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 87.478268][ T6530] FAULT_INJECTION: forcing a failure. [ 87.478268][ T6530] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 87.482962][ T6530] CPU: 3 UID: 0 PID: 6530 Comm: syz.3.129 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 87.482979][ T6530] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.482986][ T6530] Call Trace: [ 87.482991][ T6530] [ 87.482996][ T6530] dump_stack_lvl+0x16c/0x1f0 [ 87.483014][ T6530] should_fail_ex+0x512/0x640 [ 87.483034][ T6530] _copy_from_iter+0x2a4/0x15b0 [ 87.483054][ T6530] ? find_held_lock+0x2b/0x80 [ 87.483066][ T6530] ? __pfx__copy_from_iter+0x10/0x10 [ 87.483091][ T6530] bcm_sendmsg+0x18c/0x4470 [ 87.483104][ T6530] ? __pfx___might_resched+0x10/0x10 [ 87.483116][ T6530] ? __lock_acquire+0xaa4/0x1ba0 [ 87.483130][ T6530] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 87.483149][ T6530] ? __pfx_bcm_sendmsg+0x10/0x10 [ 87.483217][ T6530] ? __import_iovec+0x1c8/0x660 [ 87.483246][ T6530] ____sys_sendmsg+0xa95/0xc70 [ 87.483264][ T6530] ? __pfx_____sys_sendmsg+0x10/0x10 [ 87.483278][ T6530] ? get_compat_msghdr+0x11a/0x170 [ 87.483304][ T6530] ___sys_sendmsg+0x134/0x1d0 [ 87.483317][ T6530] ? __pfx____sys_sendmsg+0x10/0x10 [ 87.483354][ T6530] __sys_sendmsg+0x16d/0x220 [ 87.483366][ T6530] ? __pfx___sys_sendmsg+0x10/0x10 [ 87.483389][ T6530] ? rcu_is_watching+0x12/0xc0 [ 87.483403][ T6530] __do_fast_syscall_32+0x73/0x120 [ 87.483421][ T6530] do_fast_syscall_32+0x32/0x80 [ 87.483436][ T6530] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 87.483452][ T6530] RIP: 0023:0xf7f08579 [ 87.483462][ T6530] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 87.483474][ T6530] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 87.483486][ T6530] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300 [ 87.483493][ T6530] RDX: 0000000000040884 RSI: 0000000000000000 RDI: 0000000000000000 [ 87.483501][ T6530] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 87.483508][ T6530] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 87.483514][ T6530] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 87.483529][ T6530] [ 87.502963][ T6532] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0 [ 88.813962][ T6559] FAULT_INJECTION: forcing a failure. [ 88.813962][ T6559] name failslab, interval 1, probability 0, space 0, times 0 [ 88.818319][ T6559] CPU: 0 UID: 0 PID: 6559 Comm: syz.1.135 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 88.818335][ T6559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.818342][ T6559] Call Trace: [ 88.818346][ T6559] [ 88.818362][ T6559] dump_stack_lvl+0x16c/0x1f0 [ 88.818382][ T6559] should_fail_ex+0x512/0x640 [ 88.818398][ T6559] ? __kvmalloc_node_noprof+0x122/0x600 [ 88.818413][ T6559] should_failslab+0xc2/0x120 [ 88.818428][ T6559] __kvmalloc_node_noprof+0x135/0x600 [ 88.818440][ T6559] ? alloc_fdtable+0xee/0x2b0 [ 88.818460][ T6559] ? alloc_fdtable+0xee/0x2b0 [ 88.818476][ T6559] alloc_fdtable+0xee/0x2b0 [ 88.818493][ T6559] dup_fd+0x83b/0xb90 [ 88.818511][ T6559] ? __pfx_audit_alloc+0x10/0x10 [ 88.818530][ T6559] ? apparmor_task_alloc+0x2c2/0x3b0 [ 88.818543][ T6559] copy_process+0x25c1/0x91a0 [ 88.818559][ T6559] ? _kstrtoull+0x145/0x200 [ 88.818571][ T6559] ? __pfx__kstrtoull+0x10/0x10 [ 88.818591][ T6559] ? __pfx_copy_process+0x10/0x10 [ 88.818611][ T6559] ? find_held_lock+0x2b/0x80 [ 88.818629][ T6559] kernel_clone+0xfc/0x960 [ 88.818644][ T6559] ? __pfx_kernel_clone+0x10/0x10 [ 88.818664][ T6559] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 88.818681][ T6559] __do_compat_sys_ia32_clone+0xcb/0x110 [ 88.818701][ T6559] ? __pfx___do_compat_sys_ia32_clone+0x10/0x10 [ 88.818727][ T6559] ? ksys_write+0x1b9/0x240 [ 88.818738][ T6559] ? __pfx_ksys_write+0x10/0x10 [ 88.818751][ T6559] ? rcu_is_watching+0x12/0xc0 [ 88.818765][ T6559] __do_fast_syscall_32+0x73/0x120 [ 88.818783][ T6559] do_fast_syscall_32+0x32/0x80 [ 88.818799][ T6559] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 88.818814][ T6559] RIP: 0023:0xf7f78579 [ 88.818824][ T6559] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 88.818836][ T6559] RSP: 002b:00000000f507550c EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 88.818848][ T6559] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 88.818856][ T6559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 88.818863][ T6559] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 88.818870][ T6559] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 88.818877][ T6559] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 88.818891][ T6559] [ 88.904252][ C0] vkms_vblank_simulate: vblank timer overrun [ 89.407203][ T1018] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 89.447263][ T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 89.561639][ T1018] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 89.565657][ T1018] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 89.574562][ T1018] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.580838][ T1018] usb 6-1: config 0 descriptor?? [ 89.608870][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 89.613462][ T10] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 89.616782][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.622332][ T10] usb 5-1: config 0 descriptor?? [ 89.793053][ T1018] usbhid 6-1:0.0: can't add hid device: -71 [ 89.795133][ T1018] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 89.799080][ T1018] usb 6-1: USB disconnect, device number 2 [ 89.831978][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 89.834107][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 89.838135][ T10] usb 5-1: USB disconnect, device number 4 [ 90.237207][ T5980] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 90.253323][ T6580] netlink: 4 bytes leftover after parsing attributes in process `syz.3.142'. [ 90.267104][ T1018] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 90.389110][ T5980] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.393518][ T5980] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 90.399535][ T5980] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.409355][ T5980] usb 6-1: config 0 descriptor?? [ 90.417275][ T1018] usb 5-1: Using ep0 maxpacket: 32 [ 90.424461][ T1018] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.436675][ T1018] usb 5-1: New USB device found, idVendor=0911, idProduct=3333, bcdDevice= 0.40 [ 90.447164][ T1018] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.453293][ T1018] usb 5-1: config 0 descriptor?? [ 90.689826][ T6585] netlink: 24 bytes leftover after parsing attributes in process `syz.1.139'. [ 90.712985][ T6586] netlink: 24 bytes leftover after parsing attributes in process `syz.0.140'. [ 90.780485][ T5980] usbhid 6-1:0.0: can't add hid device: -71 [ 90.783150][ T5980] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 90.802471][ T1018] usbhid 5-1:0.0: can't add hid device: -71 [ 90.804833][ T1018] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 90.809022][ T5980] usb 6-1: USB disconnect, device number 3 [ 90.818740][ T1018] usb 5-1: USB disconnect, device number 5 [ 91.254759][ T6592] ip6tnl1: entered promiscuous mode [ 91.256497][ T6592] ip6tnl1: entered allmulticast mode [ 91.260156][ T6592] team0: Device ip6tnl1 is of different type [ 92.780277][ T6615] netlink: 36 bytes leftover after parsing attributes in process `syz.2.150'. [ 92.783000][ T6615] netlink: 16 bytes leftover after parsing attributes in process `syz.2.150'. [ 92.785647][ T6615] netlink: 36 bytes leftover after parsing attributes in process `syz.2.150'. [ 92.789502][ T6615] netlink: 36 bytes leftover after parsing attributes in process `syz.2.150'. [ 93.381489][ T6631] netlink: 36 bytes leftover after parsing attributes in process `syz.0.156'. [ 93.385174][ T6631] netlink: 16 bytes leftover after parsing attributes in process `syz.0.156'. [ 93.397139][ T6631] netlink: 36 bytes leftover after parsing attributes in process `syz.0.156'. [ 94.156914][ T6637] ip6tnl1: entered promiscuous mode [ 94.158654][ T6637] ip6tnl1: entered allmulticast mode [ 94.162650][ T6637] team0: Device ip6tnl1 is of different type [ 95.627057][ T60] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 95.779793][ T60] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.783149][ T60] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 95.785943][ T60] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.839815][ T60] usb 8-1: config 0 descriptor?? [ 96.052762][ T60] usbhid 8-1:0.0: can't add hid device: -71 [ 96.055284][ T60] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 96.060199][ T60] usb 8-1: USB disconnect, device number 2 [ 96.497065][ T835] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 96.667151][ T835] usb 8-1: Using ep0 maxpacket: 32 [ 96.674514][ T835] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.686511][ T835] usb 8-1: New USB device found, idVendor=0911, idProduct=3333, bcdDevice= 0.40 [ 96.690909][ T835] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.699548][ T835] usb 8-1: config 0 descriptor?? [ 96.963873][ T6685] __nla_validate_parse: 1 callbacks suppressed [ 96.963884][ T6685] netlink: 24 bytes leftover after parsing attributes in process `syz.3.162'. [ 97.070098][ T835] usbhid 8-1:0.0: can't add hid device: -71 [ 97.072688][ T835] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 97.096760][ T835] usb 8-1: USB disconnect, device number 3 [ 97.651476][ T6691] netlink: 36 bytes leftover after parsing attributes in process `syz.1.169'. [ 97.655370][ T6691] netlink: 16 bytes leftover after parsing attributes in process `syz.1.169'. [ 97.658655][ T6691] netlink: 36 bytes leftover after parsing attributes in process `syz.1.169'. [ 97.661429][ T6691] netlink: 36 bytes leftover after parsing attributes in process `syz.1.169'. [ 99.322279][ T6735] netlink: 36 bytes leftover after parsing attributes in process `syz.0.180'. [ 99.325613][ T6735] netlink: 16 bytes leftover after parsing attributes in process `syz.0.180'. [ 99.331071][ T6735] netlink: 36 bytes leftover after parsing attributes in process `syz.0.180'. [ 99.333887][ T6735] netlink: 36 bytes leftover after parsing attributes in process `syz.0.180'. [ 100.321222][ T6751] ip6tnl1: entered promiscuous mode [ 100.322971][ T6751] ip6tnl1: entered allmulticast mode [ 100.326490][ T6751] team0: Device ip6tnl1 is of different type [ 100.957818][ T10] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 101.057832][ T6758] netlink: 36 bytes leftover after parsing attributes in process `syz.1.186'. [ 101.218935][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.222399][ T10] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 101.225628][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.238767][ T10] usb 8-1: config 0 descriptor?? [ 101.451124][ T10] usbhid 8-1:0.0: can't add hid device: -71 [ 101.453920][ T10] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 101.463274][ T10] usb 8-1: USB disconnect, device number 4 [ 101.887832][ T1018] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 102.057061][ T1018] usb 8-1: Using ep0 maxpacket: 32 [ 102.060189][ T1018] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.063677][ T1018] usb 8-1: New USB device found, idVendor=0911, idProduct=3333, bcdDevice= 0.40 [ 102.067139][ T1018] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.073336][ T1018] usb 8-1: config 0 descriptor?? [ 102.397513][ T6775] __nla_validate_parse: 3 callbacks suppressed [ 102.397531][ T6775] netlink: 24 bytes leftover after parsing attributes in process `syz.3.185'. [ 102.423142][ T6779] capability: warning: `syz.2.190' uses deprecated v2 capabilities in a way that may be insecure [ 102.475371][ T1018] usbhid 8-1:0.0: can't add hid device: -71 [ 102.479583][ T1018] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 102.486824][ T1018] usb 8-1: USB disconnect, device number 5 [ 104.030895][ T6802] netlink: 36 bytes leftover after parsing attributes in process `syz.1.196'. [ 104.034308][ T6802] netlink: 16 bytes leftover after parsing attributes in process `syz.1.196'. [ 104.038360][ T6802] netlink: 36 bytes leftover after parsing attributes in process `syz.1.196'. [ 104.042017][ T6802] netlink: 36 bytes leftover after parsing attributes in process `syz.1.196'. [ 104.546912][ T6813] netlink: 36 bytes leftover after parsing attributes in process `syz.3.199'. [ 104.551640][ T6813] netlink: 16 bytes leftover after parsing attributes in process `syz.3.199'. [ 104.556485][ T6813] netlink: 36 bytes leftover after parsing attributes in process `syz.3.199'. [ 104.560738][ T6813] netlink: 36 bytes leftover after parsing attributes in process `syz.3.199'. [ 106.447084][ T1018] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 106.629238][ T1018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.632832][ T1018] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 106.635978][ T1018] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.640422][ T1018] usb 7-1: config 0 descriptor?? [ 106.853539][ T1018] usbhid 7-1:0.0: can't add hid device: -71 [ 106.856915][ T1018] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 106.866658][ T1018] usb 7-1: USB disconnect, device number 2 [ 107.317141][ T1018] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 107.477154][ T1018] usb 7-1: Using ep0 maxpacket: 32 [ 107.488426][ T1018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.492968][ T1018] usb 7-1: New USB device found, idVendor=0f11, idProduct=3321, bcdDevice= 0.40 [ 107.496533][ T1018] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.506089][ T1018] usb 7-1: config 0 descriptor?? [ 107.791122][ T6864] netlink: 24 bytes leftover after parsing attributes in process `syz.2.207'. [ 107.866530][ T1018] usbhid 7-1:0.0: can't add hid device: -71 [ 107.871254][ T1018] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 107.882104][ T1018] usb 7-1: USB disconnect, device number 3 [ 109.382029][ T6881] netlink: 36 bytes leftover after parsing attributes in process `syz.0.216'. [ 109.385247][ T6881] netlink: 16 bytes leftover after parsing attributes in process `syz.0.216'. [ 109.388256][ T6881] netlink: 36 bytes leftover after parsing attributes in process `syz.0.216'. [ 109.391097][ T6881] netlink: 36 bytes leftover after parsing attributes in process `syz.0.216'. [ 110.364888][ T6893] ip6tnl1: entered promiscuous mode [ 110.366793][ T6893] ip6tnl1: entered allmulticast mode [ 110.374850][ T6893] team0: Device ip6tnl1 is of different type [ 111.370532][ T6913] ip6tnl1: entered promiscuous mode [ 111.372331][ T6913] ip6tnl1: entered allmulticast mode [ 111.376067][ T6913] team0: Device ip6tnl1 is of different type [ 111.721920][ T6916] netlink: 36 bytes leftover after parsing attributes in process `syz.3.225'. [ 111.725860][ T6916] netlink: 16 bytes leftover after parsing attributes in process `syz.3.225'. [ 111.730120][ T6916] netlink: 36 bytes leftover after parsing attributes in process `syz.3.225'. [ 111.733829][ T6916] netlink: 36 bytes leftover after parsing attributes in process `syz.3.225'. [ 111.977102][ T58] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 112.111814][ T6924] ip6tnl1: entered promiscuous mode [ 112.113989][ T6924] ip6tnl1: entered allmulticast mode [ 112.117968][ T6924] team0: Device ip6tnl1 is up. Set it down before adding it as a team port [ 112.329397][ T58] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.333647][ T58] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 112.338024][ T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.342005][ T58] usb 5-1: config 0 descriptor?? [ 112.351981][ T6925] netlink: 36 bytes leftover after parsing attributes in process `syz.1.228'. [ 112.556809][ T58] usbhid 5-1:0.0: can't add hid device: -71 [ 112.559223][ T58] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 112.566842][ T58] usb 5-1: USB disconnect, device number 6 [ 112.997082][ T59] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 113.167121][ T59] usb 5-1: Using ep0 maxpacket: 32 [ 113.173790][ T59] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 113.178169][ T59] usb 5-1: New USB device found, idVendor=0f11, idProduct=3321, bcdDevice= 0.40 [ 113.182965][ T59] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.205712][ T59] usb 5-1: config 0 descriptor?? [ 113.472857][ T6935] __nla_validate_parse: 3 callbacks suppressed [ 113.472873][ T6935] netlink: 24 bytes leftover after parsing attributes in process `syz.0.226'. [ 113.570756][ T67] Bluetooth: hci2: unexpected subevent 0x05 length: 68 > 12 [ 113.604734][ T59] usbhid 5-1:0.0: can't add hid device: -71 [ 113.606802][ T59] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 113.615639][ T59] usb 5-1: USB disconnect, device number 7 [ 114.279841][ T6959] netlink: 36 bytes leftover after parsing attributes in process `syz.3.234'. [ 114.284267][ T6959] netlink: 16 bytes leftover after parsing attributes in process `syz.3.234'. [ 114.288424][ T6959] netlink: 36 bytes leftover after parsing attributes in process `syz.3.234'. [ 114.292388][ T6959] netlink: 36 bytes leftover after parsing attributes in process `syz.3.234'. [ 115.657285][ T67] Bluetooth: hci2: command tx timeout [ 117.147178][ T58] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 117.311177][ T58] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.315498][ T58] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 117.330453][ T7009] netlink: 36 bytes leftover after parsing attributes in process `syz.2.248'. [ 117.333843][ T7009] netlink: 16 bytes leftover after parsing attributes in process `syz.2.248'. [ 117.337789][ T7009] netlink: 36 bytes leftover after parsing attributes in process `syz.2.248'. [ 117.342688][ T7009] netlink: 36 bytes leftover after parsing attributes in process `syz.2.248'. [ 117.353969][ T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.363180][ T58] usb 6-1: config 0 descriptor?? [ 117.585350][ T58] usbhid 6-1:0.0: can't add hid device: -71 [ 117.595035][ T58] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 117.603336][ T58] usb 6-1: USB disconnect, device number 4 [ 118.087801][ T58] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 118.257219][ T58] usb 6-1: Using ep0 maxpacket: 32 [ 118.264274][ T58] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.268675][ T58] usb 6-1: New USB device found, idVendor=0f11, idProduct=3321, bcdDevice= 0.40 [ 118.271647][ T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.284706][ T58] usb 6-1: config 0 descriptor?? [ 118.958815][ T7024] netlink: 24 bytes leftover after parsing attributes in process `syz.1.245'. [ 119.074999][ T58] usbhid 6-1:0.0: can't add hid device: -71 [ 119.078643][ T58] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 119.099847][ T58] usb 6-1: USB disconnect, device number 5 [ 121.176462][ T7062] netlink: 36 bytes leftover after parsing attributes in process `syz.0.262'. [ 121.179325][ T7062] netlink: 16 bytes leftover after parsing attributes in process `syz.0.262'. [ 121.182182][ T7062] netlink: 36 bytes leftover after parsing attributes in process `syz.0.262'. [ 121.185171][ T7062] netlink: 36 bytes leftover after parsing attributes in process `syz.0.262'. [ 122.265039][ T7082] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 122.271921][ T7081] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 122.767772][ T58] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 122.939652][ T58] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 122.944843][ T58] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 122.949891][ T58] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 122.953796][ T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.960237][ T7089] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 122.968005][ T58] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 123.177552][ T58] usb 6-1: USB disconnect, device number 6 [ 123.187211][ T836] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 123.360342][ T836] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.367108][ T836] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 123.371736][ T836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.379596][ T836] usb 5-1: config 0 descriptor?? [ 123.586027][ T836] usbhid 5-1:0.0: can't add hid device: -71 [ 123.588738][ T836] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 123.594883][ T836] usb 5-1: USB disconnect, device number 8 [ 124.037444][ T58] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 124.050663][ T7119] netlink: 36 bytes leftover after parsing attributes in process `syz.2.280'. [ 124.054266][ T7119] netlink: 16 bytes leftover after parsing attributes in process `syz.2.280'. [ 124.057260][ T7119] netlink: 36 bytes leftover after parsing attributes in process `syz.2.280'. [ 124.060193][ T7119] netlink: 36 bytes leftover after parsing attributes in process `syz.2.280'. [ 124.187157][ T58] usb 5-1: Using ep0 maxpacket: 32 [ 124.190265][ T58] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.193735][ T58] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 124.199813][ T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.211039][ T58] usb 5-1: config 0 descriptor?? [ 124.232475][ T58] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 124.246878][ T58] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 124.475019][ T7130] netlink: 24 bytes leftover after parsing attributes in process `syz.0.274'. [ 124.542928][ T6001] usb 5-1: USB disconnect, device number 9 [ 124.544835][ C3] ldusb 5-1:0.0: usb_submit_urb failed (-19) [ 124.549923][ T6001] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 124.766100][ T7099] ldusb: No device or device unplugged -19 [ 124.987282][ T7140] ip6tnl1: entered promiscuous mode [ 124.988981][ T7140] ip6tnl1: entered allmulticast mode [ 124.992494][ T7140] team0: Device ip6tnl1 is of different type [ 127.379838][ T7186] ip6tnl1: entered promiscuous mode [ 127.381418][ T7186] ip6tnl1: entered allmulticast mode [ 127.384786][ T7186] team0: Device ip6tnl1 is of different type [ 127.814748][ T7191] FAULT_INJECTION: forcing a failure. [ 127.814748][ T7191] name failslab, interval 1, probability 0, space 0, times 0 [ 127.818896][ T7191] CPU: 1 UID: 0 PID: 7191 Comm: syz.3.297 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 127.818910][ T7191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 127.818917][ T7191] Call Trace: [ 127.818921][ T7191] [ 127.818925][ T7191] dump_stack_lvl+0x16c/0x1f0 [ 127.818942][ T7191] should_fail_ex+0x512/0x640 [ 127.818959][ T7191] ? hash_ipmark4_del+0xb92/0x1880 [ 127.818975][ T7191] should_failslab+0xc2/0x120 [ 127.818988][ T7191] __kmalloc_noprof+0xd2/0x510 [ 127.819003][ T7191] hash_ipmark4_del+0xb92/0x1880 [ 127.819024][ T7191] ? __pfx_hash_ipmark4_del+0x10/0x10 [ 127.819040][ T7191] ? __lock_acquire+0xaa4/0x1ba0 [ 127.819059][ T7191] hash_ipmark4_uadt+0x6d7/0x910 [ 127.819074][ T7191] ? __pfx_hash_ipmark4_del+0x10/0x10 [ 127.819090][ T7191] ? __pfx_hash_ipmark4_uadt+0x10/0x10 [ 127.819104][ T7191] ? lock_acquire+0x179/0x350 [ 127.819117][ T7191] ? find_held_lock+0x2b/0x80 [ 127.819128][ T7191] ? mark_held_locks+0x49/0x80 [ 127.819140][ T7191] ? finish_task_switch.isra.0+0x221/0xc10 [ 127.819154][ T7191] call_ad.constprop.0+0x16b/0x940 [ 127.819169][ T7191] ? __pfx_call_ad.constprop.0+0x10/0x10 [ 127.819182][ T7191] ? __pfx___nla_validate_parse+0x10/0x10 [ 127.819198][ T7191] ? __nla_parse+0x40/0x60 [ 127.819208][ T7191] ip_set_ad.constprop.0.isra.0+0x3ce/0x870 [ 127.819225][ T7191] ? __pfx_ip_set_ad.constprop.0.isra.0+0x10/0x10 [ 127.819239][ T7191] ? mark_held_locks+0x49/0x80 [ 127.819251][ T7191] ? task_blocks_on_rt_mutex.constprop.0.isra.0+0x230/0x1cc0 [ 127.819279][ T7191] ? find_held_lock+0x2b/0x80 [ 127.819292][ T7191] nfnetlink_rcv_msg+0x9f9/0x1200 [ 127.819308][ T7191] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 127.819320][ T7191] ? kmem_cache_free+0x2d4/0x4d0 [ 127.819347][ T7191] netlink_rcv_skb+0x16a/0x440 [ 127.819359][ T7191] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 127.819372][ T7191] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 127.819382][ T7191] ? __pfx_aa_get_newest_label+0x10/0x10 [ 127.819398][ T7191] ? bpf_lsm_capable+0x9/0x10 [ 127.819409][ T7191] ? security_capable+0x7e/0x260 [ 127.819426][ T7191] ? ns_capable+0xd7/0x110 [ 127.819439][ T7191] nfnetlink_rcv+0x1b3/0x430 [ 127.819451][ T7191] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 127.819463][ T7191] ? netlink_deliver_tap+0x1ae/0xd30 [ 127.819475][ T7191] netlink_unicast+0x53a/0x7f0 [ 127.819487][ T7191] ? __pfx_netlink_unicast+0x10/0x10 [ 127.819502][ T7191] netlink_sendmsg+0x8d1/0xdd0 [ 127.819515][ T7191] ? __pfx_netlink_sendmsg+0x10/0x10 [ 127.819526][ T7191] ? __import_iovec+0x1c8/0x660 [ 127.819545][ T7191] ____sys_sendmsg+0xa95/0xc70 [ 127.819558][ T7191] ? __bpf_trace_f2fs_lookup_start+0x140/0x140 [ 127.819573][ T7191] ? __pfx_____sys_sendmsg+0x10/0x10 [ 127.819585][ T7191] ? get_compat_msghdr+0x11a/0x170 [ 127.819607][ T7191] ___sys_sendmsg+0x134/0x1d0 [ 127.819618][ T7191] ? __pfx____sys_sendmsg+0x10/0x10 [ 127.819650][ T7191] __sys_sendmsg+0x16d/0x220 [ 127.819660][ T7191] ? __pfx___sys_sendmsg+0x10/0x10 [ 127.819675][ T7191] ? rcu_is_watching+0x12/0xc0 [ 127.819687][ T7191] __do_fast_syscall_32+0x73/0x120 [ 127.819702][ T7191] do_fast_syscall_32+0x32/0x80 [ 127.819715][ T7191] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 127.819728][ T7191] RIP: 0023:0xf7f08579 [ 127.819737][ T7191] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 127.819747][ T7191] RSP: 002b:00000000f500555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 127.819757][ T7191] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800002c0 [ 127.819763][ T7191] RDX: 00000000040c0080 RSI: 0000000000000000 RDI: 0000000000000000 [ 127.819769][ T7191] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 127.819775][ T7191] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 127.819780][ T7191] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 127.819793][ T7191] [ 128.032608][ T59] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 128.200089][ T59] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.203319][ T59] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 128.206136][ T59] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.210358][ T59] usb 7-1: config 0 descriptor?? [ 128.417338][ T59] usbhid 7-1:0.0: can't add hid device: -71 [ 128.419350][ T59] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 128.426101][ T59] usb 7-1: USB disconnect, device number 4 [ 128.857076][ T5975] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 128.995110][ T7188] Set syz1 is full, maxelem 65536 reached [ 129.017081][ T5975] usb 7-1: Using ep0 maxpacket: 32 [ 129.019983][ T5975] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.023368][ T5975] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 129.026187][ T5975] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.108090][ T5975] usb 7-1: config 0 descriptor?? [ 129.116609][ T5975] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 129.126579][ T5975] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 129.178673][ T7215] FAULT_INJECTION: forcing a failure. [ 129.178673][ T7215] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 129.182773][ T7215] CPU: 1 UID: 0 PID: 7215 Comm: syz.0.306 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 129.182789][ T7215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 129.182795][ T7215] Call Trace: [ 129.182800][ T7215] [ 129.182805][ T7215] dump_stack_lvl+0x16c/0x1f0 [ 129.182823][ T7215] should_fail_ex+0x512/0x640 [ 129.182840][ T7215] _copy_from_user+0x2e/0xd0 [ 129.182856][ T7215] cmsghdr_from_user_compat_to_kern+0x355/0x7d0 [ 129.182878][ T7215] ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10 [ 129.182897][ T7215] ? __might_fault+0xe3/0x190 [ 129.182908][ T7215] ? __might_fault+0x13b/0x190 [ 129.182921][ T7215] ____sys_sendmsg+0x488/0xc70 [ 129.182936][ T7215] ? __pfx_____sys_sendmsg+0x10/0x10 [ 129.182948][ T7215] ? get_compat_msghdr+0x11a/0x170 [ 129.182965][ T7215] ? __pfx__kstrtoull+0x10/0x10 [ 129.182979][ T7215] ___sys_sendmsg+0x134/0x1d0 [ 129.182990][ T7215] ? __pfx____sys_sendmsg+0x10/0x10 [ 129.183012][ T7215] ? find_held_lock+0x2b/0x80 [ 129.183035][ T7215] __sys_sendmmsg+0x2f9/0x420 [ 129.183046][ T7215] ? __pfx___sys_sendmmsg+0x10/0x10 [ 129.183060][ T7215] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 129.183079][ T7215] ? fput+0x70/0xf0 [ 129.183091][ T7215] ? ksys_write+0x1b9/0x240 [ 129.183101][ T7215] ? __pfx_ksys_write+0x10/0x10 [ 129.183112][ T7215] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 129.183129][ T7215] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 129.183143][ T7215] __do_fast_syscall_32+0x73/0x120 [ 129.183157][ T7215] do_fast_syscall_32+0x32/0x80 [ 129.183170][ T7215] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 129.183183][ T7215] RIP: 0023:0xf7fd5579 [ 129.183191][ T7215] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 129.183201][ T7215] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 129.183211][ T7215] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080005c00 [ 129.183217][ T7215] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 129.183223][ T7215] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 129.183228][ T7215] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 129.183234][ T7215] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 129.183246][ T7215] [ 129.213162][ T7216] netlink: 36 bytes leftover after parsing attributes in process `syz.1.305'. [ 129.274423][ T7216] netlink: 16 bytes leftover after parsing attributes in process `syz.1.305'. [ 129.277327][ T7216] netlink: 36 bytes leftover after parsing attributes in process `syz.1.305'. [ 129.280135][ T7216] netlink: 36 bytes leftover after parsing attributes in process `syz.1.305'. [ 129.372174][ T7223] netlink: 24 bytes leftover after parsing attributes in process `syz.2.298'. [ 129.432146][ T7224] netlink: 36 bytes leftover after parsing attributes in process `syz.0.307'. [ 129.432984][ T1018] usb 7-1: USB disconnect, device number 5 [ 129.434957][ C2] ldusb 7-1:0.0: usb_submit_urb failed (-19) [ 129.434974][ T7224] netlink: 16 bytes leftover after parsing attributes in process `syz.0.307'. [ 129.445314][ T7224] netlink: 36 bytes leftover after parsing attributes in process `syz.0.307'. [ 129.448945][ T7224] netlink: 36 bytes leftover after parsing attributes in process `syz.0.307'. [ 129.453584][ T1018] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 129.639978][ T7225] ldusb: No device or device unplugged -19 [ 130.165075][ T7228] netlink: 36 bytes leftover after parsing attributes in process `syz.3.308'. [ 130.718210][ T60] IPVS: starting estimator thread 0... [ 130.808131][ T7238] IPVS: using max 44 ests per chain, 105600 per kthread [ 131.987505][ T58] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 132.148222][ T58] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.151616][ T58] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 132.154449][ T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.159308][ T58] usb 5-1: config 0 descriptor?? [ 132.377415][ T58] usbhid 5-1:0.0: can't add hid device: -71 [ 132.379869][ T58] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 132.384536][ T58] usb 5-1: USB disconnect, device number 10 [ 132.807295][ T5975] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 132.958490][ T5975] usb 5-1: Using ep0 maxpacket: 32 [ 132.963665][ T5975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.967527][ T5975] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 132.970461][ T5975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.975448][ T5975] usb 5-1: config 0 descriptor?? [ 132.980966][ T5975] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 132.990438][ T5975] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 133.347295][ T59] usb 5-1: USB disconnect, device number 11 [ 133.349233][ C1] ldusb 5-1:0.0: usb_submit_urb failed (-19) [ 133.355235][ T59] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 133.517800][ T1117] sr 2:0:0:0: [sr0] tag#16 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 133.523383][ T7271] ldusb: No device or device unplugged -19 [ 133.525455][ T1117] sr 2:0:0:0: [sr0] tag#16 Sense Key : Illegal Request [current] [ 133.530250][ T1117] sr 2:0:0:0: [sr0] tag#16 Add. Sense: Invalid command operation code [ 133.533992][ T1117] sr 2:0:0:0: [sr0] tag#16 CDB: Write(10) 2a 00 00 00 00 00 00 00 02 00 [ 133.536819][ T1117] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 133.542703][ T1117] Buffer I/O error on dev sr0, logical block 0, lost async page write [ 134.878672][ T7323] ip6tnl1: entered promiscuous mode [ 134.880401][ T7323] ip6tnl1: entered allmulticast mode [ 134.883822][ T7323] team0: Device ip6tnl1 is of different type [ 135.409060][ T7339] __nla_validate_parse: 6 callbacks suppressed [ 135.409071][ T7339] netlink: 36 bytes leftover after parsing attributes in process `syz.2.340'. [ 135.414271][ T7339] netlink: 16 bytes leftover after parsing attributes in process `syz.2.340'. [ 135.418208][ T7339] netlink: 36 bytes leftover after parsing attributes in process `syz.2.340'. [ 135.421230][ T7339] netlink: 36 bytes leftover after parsing attributes in process `syz.2.340'. [ 135.539070][ T7341] netlink: 'syz.3.341': attribute type 1 has an invalid length. [ 135.568288][ T7341] 8021q: adding VLAN 0 to HW filter on device bond1 [ 135.592898][ T7341] ip6erspan0: entered promiscuous mode [ 135.596860][ T7341] bond1: (slave ip6erspan0): making interface the new active one [ 135.602183][ T7341] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 135.793042][ T7348] IPVS: sync thread started: state = MASTER, mcast_ifn = macvlan1, syncid = -1, id = 0 [ 136.047321][ T836] usb 8-1: new full-speed USB device number 6 using dummy_hcd [ 136.198747][ T836] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 136.202373][ T836] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 136.209782][ T836] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 136.213127][ T836] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 136.223165][ T836] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 136.233312][ T836] usb 8-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 136.236160][ T836] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.241326][ T836] usb 8-1: Product: syz [ 136.243736][ T836] usb 8-1: Manufacturer: syz [ 136.246463][ T836] usb 8-1: SerialNumber: syz [ 136.252234][ T836] usb 8-1: config 0 descriptor?? [ 136.264029][ T836] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input5 [ 136.541505][ T836] usb 8-1: USB disconnect, device number 6 [ 137.134768][ T7370] kvm: pic: non byte read [ 137.138340][ T7370] kvm: pic: non byte read [ 137.140919][ T7370] kvm: pic: non byte read [ 137.143513][ T7370] kvm: pic: non byte read [ 137.146174][ T7370] kvm: pic: non byte read [ 137.148810][ T7370] kvm: pic: non byte read [ 137.151444][ T7370] kvm: pic: non byte read [ 137.154032][ T7370] kvm: pic: non byte read [ 137.158483][ T7370] kvm: pic: non byte read [ 137.163148][ T7370] kvm: pic: non byte read [ 137.424362][ T7379] netlink: 36 bytes leftover after parsing attributes in process `syz.3.352'. [ 137.431541][ T7379] netlink: 16 bytes leftover after parsing attributes in process `syz.3.352'. [ 137.435536][ T7379] netlink: 36 bytes leftover after parsing attributes in process `syz.3.352'. [ 137.438727][ T7379] netlink: 36 bytes leftover after parsing attributes in process `syz.3.352'. [ 137.497146][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.499468][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.885244][ T7430] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 139.892064][ T7430] File: /dev/nullb0 PID: 7430 Comm: syz.2.366 [ 140.205213][ T7449] netlink: 28 bytes leftover after parsing attributes in process `syz.3.371'. [ 140.453777][ T7454] FAULT_INJECTION: forcing a failure. [ 140.453777][ T7454] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 140.467102][ T7454] CPU: 2 UID: 0 PID: 7454 Comm: syz.3.373 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 140.467119][ T7454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 140.467125][ T7454] Call Trace: [ 140.467128][ T7454] [ 140.467132][ T7454] dump_stack_lvl+0x16c/0x1f0 [ 140.467150][ T7454] should_fail_ex+0x512/0x640 [ 140.467167][ T7454] _copy_from_user+0x2e/0xd0 [ 140.467184][ T7454] get_old_itimerspec32+0x82/0x1d0 [ 140.467197][ T7454] ? __pfx_get_old_itimerspec32+0x10/0x10 [ 140.467210][ T7454] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 140.467226][ T7454] __ia32_sys_timer_settime32+0x1a5/0x2c0 [ 140.467243][ T7454] ? __pfx___ia32_sys_timer_settime32+0x10/0x10 [ 140.467260][ T7454] ? ksys_write+0x1b9/0x240 [ 140.467272][ T7454] ? rcu_is_watching+0x12/0xc0 [ 140.467284][ T7454] __do_fast_syscall_32+0x73/0x120 [ 140.467298][ T7454] do_fast_syscall_32+0x32/0x80 [ 140.467311][ T7454] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 140.467324][ T7454] RIP: 0023:0xf7f08579 [ 140.467333][ T7454] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 140.467343][ T7454] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000104 [ 140.467353][ T7454] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000001 [ 140.467359][ T7454] RDX: 0000000080000000 RSI: 0000000080000040 RDI: 0000000000000000 [ 140.467365][ T7454] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 140.467371][ T7454] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 140.467377][ T7454] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 140.467389][ T7454] [ 140.670234][ T7456] netlink: 24 bytes leftover after parsing attributes in process `syz.3.374'. [ 141.968243][ T836] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 142.126621][ T836] usb 8-1: Using ep0 maxpacket: 32 [ 142.152678][ T836] usb 8-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 142.168180][ T836] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.177648][ T836] usb 8-1: config 0 descriptor?? [ 142.205090][ T836] as10x_usb: device has been detected [ 142.210635][ T836] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 142.238380][ T836] usb 8-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 142.262071][ T836] as10x_usb: error during firmware upload part1 [ 142.264687][ T836] Registered device nBox DVB-T Dongle [ 142.321937][ T7499] picdev_read: 46 callbacks suppressed [ 142.321948][ T7499] kvm: pic: non byte read [ 142.328521][ T7499] kvm: pic: non byte read [ 142.331150][ T7499] kvm: pic: non byte read [ 142.333724][ T7499] kvm: pic: non byte read [ 142.337848][ T7499] kvm: pic: non byte read [ 142.340506][ T7499] kvm: pic: non byte read [ 142.343121][ T7499] kvm: pic: non byte read [ 142.345689][ T7499] kvm: pic: non byte read [ 142.348799][ T7499] kvm: pic: non byte read [ 142.351368][ T7499] kvm: pic: non byte read [ 142.403213][ T5980] usb 8-1: USB disconnect, device number 7 [ 142.416938][ T5980] Unregistered device nBox DVB-T Dongle [ 142.420021][ T5980] as10x_usb: device has been disconnected [ 142.867047][ T5998] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 143.027057][ T5998] usb 8-1: Using ep0 maxpacket: 32 [ 143.034360][ T5998] usb 8-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 143.037294][ T5998] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.046872][ T5998] usb 8-1: config 0 descriptor?? [ 143.055275][ T5998] as10x_usb: device has been detected [ 143.057445][ T5998] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 143.067953][ T5998] usb 8-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 143.072758][ T5998] as10x_usb: error during firmware upload part1 [ 143.075004][ T5998] Registered device nBox DVB-T Dongle [ 143.252030][ T5980] usb 8-1: USB disconnect, device number 8 [ 143.260824][ T7514] netlink: 4 bytes leftover after parsing attributes in process `syz.0.393'. [ 143.261652][ T5980] Unregistered device nBox DVB-T Dongle [ 143.264493][ T5980] as10x_usb: device has been disconnected [ 144.322600][ T7530] process 'syz.3.396' launched '/dev/fd/9' with NULL argv: empty string added [ 146.787224][ T6001] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 146.947274][ T6001] usb 5-1: Using ep0 maxpacket: 8 [ 146.951250][ T6001] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 146.955937][ T6001] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 146.960624][ T6001] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 146.964890][ T6001] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 146.972231][ T6001] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 146.975779][ T6001] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.028123][ T7592] ip6tnl1: entered promiscuous mode [ 147.030197][ T7592] ip6tnl1: entered allmulticast mode [ 147.037180][ T7592] team0: Device ip6tnl1 is up. Set it down before adding it as a team port [ 147.187186][ T6001] usb 5-1: GET_CAPABILITIES returned 0 [ 147.189462][ T6001] usbtmc 5-1:16.0: can't read capabilities [ 147.518753][ T7587] orangefs_mount: mount request failed with -4 [ 148.146518][ T7608] netlink: 12 bytes leftover after parsing attributes in process `syz.1.417'. [ 148.161827][ T7608] netlink: 36 bytes leftover after parsing attributes in process `syz.1.417'. [ 148.272685][ T7584] syz.0.411 (7584): drop_caches: 2 [ 148.282803][ T5961] usb 5-1: USB disconnect, device number 12 [ 148.329076][ T7610] netlink: 36 bytes leftover after parsing attributes in process `syz.1.418'. [ 148.332744][ T7610] netlink: 16 bytes leftover after parsing attributes in process `syz.1.418'. [ 148.336524][ T7610] netlink: 36 bytes leftover after parsing attributes in process `syz.1.418'. [ 148.361151][ T7610] netlink: 36 bytes leftover after parsing attributes in process `syz.1.418'. [ 148.509164][ T7615] picdev_read: 30 callbacks suppressed [ 148.509181][ T7615] kvm: pic: non byte read [ 148.516200][ T7615] kvm: pic: non byte read [ 148.520246][ T7615] kvm: pic: non byte read [ 148.523824][ T7615] kvm: pic: non byte read [ 148.528333][ T7615] kvm: pic: non byte read [ 148.532116][ T7615] kvm: pic: non byte read [ 148.535607][ T7615] kvm: pic: non byte read [ 148.539242][ T7615] kvm: pic: non byte read [ 148.543734][ T7615] kvm: pic: non byte read [ 148.548324][ T7615] kvm: pic: non byte read [ 148.958426][ T7631] netlink: 36 bytes leftover after parsing attributes in process `syz.1.423'. [ 148.962001][ T7631] netlink: 16 bytes leftover after parsing attributes in process `syz.1.423'. [ 148.965030][ T7631] netlink: 36 bytes leftover after parsing attributes in process `syz.1.423'. [ 148.969679][ T7631] netlink: 36 bytes leftover after parsing attributes in process `syz.1.423'. [ 151.049648][ T7671] cdrom: dropping to single frame dma [ 151.411887][ T7683] overlayfs: conflicting lowerdir path [ 153.034833][ T7719] ip6tnl1: entered promiscuous mode [ 153.037980][ T7719] ip6tnl1: entered allmulticast mode [ 153.044312][ T7719] team0: Device ip6tnl1 is up. Set it down before adding it as a team port [ 153.538327][ T7725] __nla_validate_parse: 10 callbacks suppressed [ 153.538345][ T7725] netlink: 36 bytes leftover after parsing attributes in process `syz.1.451'. [ 153.545501][ T7725] netlink: 16 bytes leftover after parsing attributes in process `syz.1.451'. [ 153.550326][ T7725] netlink: 36 bytes leftover after parsing attributes in process `syz.1.451'. [ 153.554093][ T7725] netlink: 36 bytes leftover after parsing attributes in process `syz.1.451'. [ 154.366872][ T7735] netlink: 204 bytes leftover after parsing attributes in process `syz.2.452'. [ 154.384370][ T7733] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 154.395719][ T67] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 155.560687][ T7763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.459'. [ 155.752510][ T7765] netlink: 36 bytes leftover after parsing attributes in process `syz.3.460'. [ 155.756441][ T7765] netlink: 16 bytes leftover after parsing attributes in process `syz.3.460'. [ 155.761328][ T7765] netlink: 36 bytes leftover after parsing attributes in process `syz.3.460'. [ 155.765856][ T7765] netlink: 36 bytes leftover after parsing attributes in process `syz.3.460'. [ 156.009568][ T7774] ip6tnl1: entered promiscuous mode [ 156.011417][ T7774] ip6tnl1: entered allmulticast mode [ 156.015088][ T7774] team0: Device ip6tnl1 is of different type [ 156.690948][ T7780] FAULT_INJECTION: forcing a failure. [ 156.690948][ T7780] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 156.700343][ T7780] CPU: 0 UID: 0 PID: 7780 Comm: syz.0.465 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 156.700363][ T7780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 156.700371][ T7780] Call Trace: [ 156.700375][ T7780] [ 156.700381][ T7780] dump_stack_lvl+0x16c/0x1f0 [ 156.700402][ T7780] should_fail_ex+0x512/0x640 [ 156.700423][ T7780] _copy_to_user+0x32/0xd0 [ 156.700444][ T7780] simple_read_from_buffer+0xcb/0x170 [ 156.700473][ T7780] proc_fail_nth_read+0x197/0x270 [ 156.700492][ T7780] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 156.700511][ T7780] ? rw_verify_area+0xcf/0x680 [ 156.700529][ T7780] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 156.700547][ T7780] vfs_read+0x1de/0xc70 [ 156.700561][ T7780] ? __pfx___mutex_lock+0x10/0x10 [ 156.700578][ T7780] ? __pfx_vfs_read+0x10/0x10 [ 156.700594][ T7780] ? __fget_files+0x20e/0x3c0 [ 156.700619][ T7780] ksys_read+0x12a/0x240 [ 156.700630][ T7780] ? __pfx_ksys_read+0x10/0x10 [ 156.700643][ T7780] ? rcu_is_watching+0x12/0xc0 [ 156.700658][ T7780] __do_fast_syscall_32+0x73/0x120 [ 156.700676][ T7780] do_fast_syscall_32+0x32/0x80 [ 156.700694][ T7780] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 156.700712][ T7780] RIP: 0023:0xf7fd5579 [ 156.700723][ T7780] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 156.700736][ T7780] RSP: 002b:00000000f50f6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 156.700750][ T7780] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50f6620 [ 156.700759][ T7780] RDX: 000000000000000f RSI: 00000000f7462ff4 RDI: 0000000000000000 [ 156.700767][ T7780] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 156.700774][ T7780] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 156.700782][ T7780] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 156.700799][ T7780] [ 157.740574][ T7806] picdev_read: 2 callbacks suppressed [ 157.740586][ T7806] kvm: pic: non byte read [ 157.746644][ T7806] kvm: pic: non byte read [ 157.750563][ T7806] kvm: pic: non byte read [ 157.753693][ T7806] kvm: pic: non byte read [ 157.756406][ T7806] kvm: pic: non byte read [ 157.778485][ T7806] kvm: pic: non byte read [ 157.781082][ T7806] kvm: pic: non byte read [ 157.783806][ T7806] kvm: pic: non byte read [ 157.786495][ T7806] kvm: pic: non byte read [ 157.828666][ T7806] kvm: pic: non byte read [ 157.880733][ T7810] ip6tnl1: entered promiscuous mode [ 157.882307][ T7810] ip6tnl1: entered allmulticast mode [ 157.884829][ T7810] team0: Device ip6tnl1 is of different type [ 158.126040][ T7815] random: crng reseeded on system resumption [ 158.231613][ T7816] ip6tnl1: entered promiscuous mode [ 158.233422][ T7816] ip6tnl1: entered allmulticast mode [ 158.236590][ T7816] team0: Device ip6tnl1 is up. Set it down before adding it as a team port [ 158.319096][ T7821] ======================================================= [ 158.319096][ T7821] WARNING: The mand mount option has been deprecated and [ 158.319096][ T7821] and is ignored by this kernel. Remove the mand [ 158.319096][ T7821] option from the mount to silence this warning. [ 158.319096][ T7821] ======================================================= [ 158.613502][ T7829] netlink: 'syz.3.480': attribute type 1 has an invalid length. [ 158.969924][ T7845] FAULT_INJECTION: forcing a failure. [ 158.969924][ T7845] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.974140][ T7845] CPU: 1 UID: 0 PID: 7845 Comm: syz.0.481 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 158.974154][ T7845] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 158.974160][ T7845] Call Trace: [ 158.974165][ T7845] [ 158.974169][ T7845] dump_stack_lvl+0x16c/0x1f0 [ 158.974185][ T7845] should_fail_ex+0x512/0x640 [ 158.974202][ T7845] _copy_from_user+0x2e/0xd0 [ 158.974218][ T7845] generic_map_update_batch+0x3e9/0x610 [ 158.974237][ T7845] ? __pfx_generic_map_update_batch+0x10/0x10 [ 158.974254][ T7845] ? __pfx_generic_map_update_batch+0x10/0x10 [ 158.974270][ T7845] bpf_map_do_batch+0x5a8/0x670 [ 158.974282][ T7845] __sys_bpf+0x15f3/0x4d80 [ 158.974315][ T7845] ? __pfx___sys_bpf+0x10/0x10 [ 158.974330][ T7845] ? ksys_write+0x190/0x240 [ 158.974342][ T7845] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 158.974363][ T7845] ? fput+0x70/0xf0 [ 158.974375][ T7845] ? ksys_write+0x1b9/0x240 [ 158.974384][ T7845] ? __pfx_ksys_write+0x10/0x10 [ 158.974396][ T7845] __ia32_sys_bpf+0x76/0xe0 [ 158.974411][ T7845] __do_fast_syscall_32+0x73/0x120 [ 158.974426][ T7845] do_fast_syscall_32+0x32/0x80 [ 158.974439][ T7845] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 158.974452][ T7845] RIP: 0023:0xf7fd5579 [ 158.974464][ T7845] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 158.974477][ T7845] RSP: 002b:00000000f50b455c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 158.974486][ T7845] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000080000200 [ 158.974493][ T7845] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 158.974499][ T7845] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 158.974504][ T7845] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 158.974510][ T7845] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 158.974522][ T7845] [ 159.515858][ T7835] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI [ 159.521813][ T7835] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 159.527483][ T7835] CPU: 0 UID: 0 PID: 7835 Comm: syz.3.483 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 159.532478][ T7835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 159.537938][ T7835] RIP: 0010:iter_file_splice_write+0xa4e/0x1150 [ 159.540709][ T7835] Code: 00 48 89 fa 48 c1 ea 03 80 3c 1a 00 0f 85 1a 05 00 00 4d 8b 65 10 49 c7 45 10 00 00 00 00 49 8d 7c 24 08 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 ee 04 00 00 49 8b 54 24 08 4c 89 ee 4c 89 f7 83 [ 159.549142][ T7835] RSP: 0018:ffffc900067d7908 EFLAGS: 00010202 [ 159.552191][ T7835] RAX: 0000000000080000 RBX: dffffc0000000000 RCX: ffffc90007b51000 [ 159.555629][ T7835] RDX: 0000000000000001 RSI: ffffffff824170c6 RDI: 0000000000000008 [ 159.558996][ T7835] RBP: 0000000000000087 R08: 0000000000000006 R09: 0000000000000000 [ 159.562822][ T7835] R10: 7fffffffffffefff R11: 0000000000000000 R12: 0000000000000000 [ 159.566712][ T7835] R13: ffff88802328b918 R14: ffff8880446b5800 R15: 7fffffffffffefff [ 159.570077][ T7835] FS: 0000000000000000(0000) GS:ffff8880977ef000(0063) knlGS:00000000f5026b40 [ 159.574049][ T7835] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 159.576780][ T7835] CR2: 000000000c2489c3 CR3: 0000000022606000 CR4: 0000000000352ef0 [ 159.579668][ T7835] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 159.582468][ T7835] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 159.586275][ T7835] Call Trace: [ 159.587852][ T7835] [ 159.589179][ T7835] ? __pfx_iter_file_splice_write+0x10/0x10 [ 159.591109][ T7835] ? __pfx_iter_file_splice_write+0x10/0x10 [ 159.593167][ T7835] direct_splice_actor+0x18f/0x6c0 [ 159.595324][ T7835] splice_direct_to_actor+0x342/0xa30 [ 159.597626][ T7835] ? __pfx_direct_splice_actor+0x10/0x10 [ 159.599883][ T7835] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 159.601997][ T7835] do_splice_direct+0x174/0x240 [ 159.603797][ T7835] ? __pfx_do_splice_direct+0x10/0x10 [ 159.605487][ T7835] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 159.607473][ T7835] ? rw_verify_area+0xcf/0x680 [ 159.609742][ T7835] do_sendfile+0xafd/0xe50 [ 159.612224][ T7835] ? __pfx_do_sendfile+0x10/0x10 [ 159.614432][ T7835] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 159.616522][ T7835] ? __ia32_sys_futex_time32+0x2fc/0x460 [ 159.618787][ T7835] __ia32_compat_sys_sendfile+0x1e5/0x220 [ 159.621013][ T7835] ? __pfx___ia32_compat_sys_sendfile+0x10/0x10 [ 159.623498][ T7835] ? rcu_is_watching+0x12/0xc0 [ 159.625399][ T7835] ? rcu_is_watching+0x12/0xc0 [ 159.627458][ T7835] __do_fast_syscall_32+0x73/0x120 [ 159.629946][ T7835] do_fast_syscall_32+0x32/0x80 [ 159.632035][ T7835] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 159.634401][ T7835] RIP: 0023:0xf7f08579 [ 159.635925][ T7835] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 159.642943][ T7835] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 159.646573][ T7835] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000008 [ 159.649453][ T7835] RDX: 0000000000000000 RSI: 0000000000201005 RDI: 0000000000000000 [ 159.652304][ T7835] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 159.655386][ T7835] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 159.658749][ T7835] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 159.661923][ T7835] [ 159.663045][ T7835] Modules linked in: [ 159.664961][ T7835] ---[ end trace 0000000000000000 ]--- [ 159.680602][ T7835] RIP: 0010:iter_file_splice_write+0xa4e/0x1150 [ 159.687110][ T7835] Code: 00 48 89 fa 48 c1 ea 03 80 3c 1a 00 0f 85 1a 05 00 00 4d 8b 65 10 49 c7 45 10 00 00 00 00 49 8d 7c 24 08 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 ee 04 00 00 49 8b 54 24 08 4c 89 ee 4c 89 f7 83 [ 159.727118][ T7835] RSP: 0018:ffffc900067d7908 EFLAGS: 00010202 [ 159.729648][ T7835] RAX: 0000000000080000 RBX: dffffc0000000000 RCX: ffffc90007b51000 [ 159.739509][ T7835] RDX: 0000000000000001 RSI: ffffffff824170c6 RDI: 0000000000000008 [ 159.747287][ T7835] RBP: 0000000000000087 R08: 0000000000000006 R09: 0000000000000000 [ 159.751581][ T7835] R10: 7fffffffffffefff R11: 0000000000000000 R12: 0000000000000000 [ 159.759379][ T7835] R13: ffff88802328b918 R14: ffff8880446b5800 R15: 7fffffffffffefff [ 159.764271][ T7835] FS: 0000000000000000(0000) GS:ffff888097aef000(0063) knlGS:00000000f5026b40 [ 159.770127][ T7835] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 159.773761][ T7835] CR2: 000000000c30c51e CR3: 0000000022606000 CR4: 0000000000352ef0 [ 159.779504][ T7835] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 159.785966][ T7835] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 159.791812][ T7835] Kernel panic - not syncing: Fatal exception [ 159.795832][ T7835] Kernel Offset: disabled [ 159.797907][ T7835] Rebooting in 86400 seconds.. VM DIAGNOSIS: 08:51:44 Registers: info registers vcpu 0 CPU#0 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854bf175 RDI=ffffffff9addcb80 RBP=ffffffff9addcb40 RSP=ffffc900067d7300 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=000000004153414b R12=0000000000000000 R13=000000000000002d R14=ffffffff9addcb40 R15=ffffffff854bf110 RIP=ffffffff854bf19f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977ef000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c2489c3 CR3=0000000022606000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000045953c RBX=0000000000000001 RCX=ffffffff8b68c3e9 RDX=ffffed10056665be RSI=ffffffff8bf46720 RDI=ffffffff819130b1 RBP=ffffed1003b55488 RSP=ffffc9000046fdf8 R8 =0000000000000000 R9 =ffffed10056665bd R10=ffff88802b332deb R11=0000000000005bc9 R12=0000000000000001 R13=ffff88801daaa440 R14=ffffffff90850d10 R15=0000000000000000 RIP=ffffffff8b68ac7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978ef000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000ffa64b40 CR3=00000000495d0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffffff91b22ff2 RBX=ffffffff90fc3d90 RCX=dffffc0000000000 RDX=0000000000000003 RSI=0000000000000000 RDI=ffffffff90fc3d90 RBP=ffffffff90fc3d90 RSP=ffffc90000537b98 R8 =ffffffff91b22ff8 R9 =0000000000000000 R10=ffffc90000537c48 R11=000000000008dff0 R12=ffffffff90fc3d90 R13=ffffffff89dff000 R14=ffffffff90fc3d90 R15=ffffffff90fc3d90 RIP=ffffffff81698f9e RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880979ef000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080000000 CR3=0000000025d68000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7432ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffff888046460f00 RCX=ffffc90026191000 RDX=0000000000000007 RSI=ffffffff81cd4b6c RDI=ffff888046460f7f RBP=0000000000000000 RSP=ffffc900068c71e0 R8 =0000000000000005 R9 =0000000000000007 R10=0000000000000008 R11=000000000000001e R12=ffff88801fe29000 R13=ffff888021c79f00 R14=ffff88801fe29550 R15=dffffc0000000000 RIP=ffffffff81cd4b9f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097aef000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f71a3820 CR3=000000006aa5e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000