last executing test programs: 2.520384792s ago: executing program 1 (id=439): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x18, 0x1414, 0x211, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x18}, 0x1, 0x0, 0xf000000}, 0x0) 2.519971118s ago: executing program 1 (id=440): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) shutdown(r3, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x64) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000100)={0x4, 0x0, 0x0, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000002100004000000000ff"]) ioctl$KVM_RUN(r7, 0xae80, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) socket$inet6(0xa, 0x80002, 0x0) r8 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x200, 0x7c2, 0x41414770, 0x58595556, 0x425, 0x10001, 0x6, 0x2, 0x1, 0x3, 0x0, 0x6}}) 2.187496455s ago: executing program 3 (id=444): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18) ioctl$DRM_IOCTL_GET_UNIQUE(0xffffffffffffffff, 0xc0086401, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socket(0x11, 0x2, 0x8) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000700)='/sys/power/pm_async', 0x169a82, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) capset(&(0x7f00000002c0)={0x20071026}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xffffffff}) ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(r2, 0x4068aea3, &(0x7f0000000200)={0xdc, 0x0, 0x5}) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x3cc, 0xffffffff, 0x0, 0x0, 0xe4, 0xfeffffff, 0xffffffff, 0x390, 0x390, 0x390, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa4, 0xe4}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x4}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xec, 0x12c, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0xd0, 0xf4, 0x0, {}, [@common=@unspec=@realm={{0x2c}, {0x1, 0xdd8}}]}, @REJECT={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x428) r4 = syz_open_dev$vbi(&(0x7f0000000100), 0x0, 0x2) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2400a4c60206050000000000000000000004080780"], 0x24}, 0x1, 0x0, 0x0, 0x20040004}, 0x80) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84) setrlimit(0x2, &(0x7f0000000500)={0x10001, 0x6}) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x3) r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r6, 0xc0b45545, 0x0) 1.875349904s ago: executing program 2 (id=445): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 64) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (rerun: 64) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000180)=[0x7ff, 0x7, 0x3, 0xffffffff, 0x2, 0x3, 0x2, 0x3]) (async) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r3, &(0x7f00000070c0)=[{{&(0x7f00000009c0)={0x2, 0x4e22, @multicast2}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000a00)="59aa6fb8ec7b2ea9c0b38df30155cd1a272db2a2b728d636ad0865dce77a4bf99ea402eda935ab2b0d1e281917fe526ee933318cd3236bc64645fef40530371afe8e05601912921392884fdc67352d1a390794f31d03bf3bfe0eff7c8c11a54ae32bb762d7c66bc0d506959f", 0x6c}, {&(0x7f0000000ac0)="9423f4d0fc3a88c115785d78ff57d839e325379851e978", 0x17}, {&(0x7f0000002380)="0a4ef0fcbaeaeacb641de318095a7e46f1d61d282c8d9d74e59384a626c2797343e3c5f5f443db356c1527970c56cbc9290eb1e3bc65aa247c4d27d4cf76d8ba3797c2619baccc6977c62d8ea7bb0ddfc2d3b9cbb481400334997d2860dcac91bb737df7ab64660542f940885f4ca2a97a60c1ea5a4089530268c08e73d1c04dc240ff5fca49b9bc1514b3635ac50061b3710c28544461bd914837c901c8b6c40a0551db5e5bc0f5edd769bc6bf70af464a3507858836b7a6056659b5f3c2bacc8dccdd21f0478f05fbdd456911be7e1a8e129ce4cb9379fda478d92bbaccc9fc1752fc72548973d74d1adc2b7fbff8b2930fb5f598a42246b63ce5a275667528db604cc6445bdc54f29eaaa988f40c0fd5e330e107b8c07a30e2176a462687050d9a3e6ba312518009f33d4c44698c214b95986341539c28435bb1b31ad4e09290addaeec6d8aaa25561399da810b98bf6d1a629a8520ded957663425a723cd7aa337f8a274445a6f80a149ee5f7edb86aa1956c1981e7d9ffd32a55849f7e440a8b1cd2b9fcde730a26bc50e68a79180a0e37d1230ea23709c81e88025a22849895f57ee01c41e18429b2812f46adb7dc6d7b61dfe34fa511052eadbaeb8d4fbe15001fb4e50d16a020491b8dd62e591beb26fd98c5e225f18aa4f853bdb9b6f9be27f9c67e165527cffb568f15ad5049d5caa121fe63b3f617ae26ee2091eb34348fab1c7737555f736f1c5ed9dad5182bc35037f444bcbaf42fc3dab22c90fd9c6693c2ab5939b972b2535df617670cd66b58c051450d06376fa3f841b9f57b47bfd9dc8392d92817044dd4626ac812962b5e8d092c142763f8cf664a715e7af6ad44c845085fbbc6f6f8ea4ee15a497cb63863fe829eef426c80b68d2c2be4c9f0e9a9dcd8b92c6943efb241320f3f28c6d32d5c44a3557773a3be723de2842017e29df9a61e99e2b28a38d0564fb025414d92f04f8b8966afb05be86264ffbbd831b840376f39198b1367d583235bccbaa4185a153392b907763782a2525901e7db992487337127c0414869c8e0d7bc337c4fd2472ae8946017e1eb665da5579ba06d315d312a81ee6da78d76dc203bca07d1d41d3cbbb93962ef099658a1f54db397c6fa4099f06d417258dcaaa39a8132373c98fdb2829e7d1017f22eb9f948cfd234289227d252ef63f1045cf5213d487e0eca59060db979a4499b46286f6c7fba596e2eb2d21d71b3725a4741bbe7a4fd88bf4931d3314d2f6153eee487e8694ab58e9c822c8eb0ea42ae77c18d2d324d35f51c04ee2c6eb4a2d3c2bd0a079dabd7fe9a049f051bc4780e34c43a59b034abd73b84fd351cfc75b800833fbf6881d8a74795adf595b83990cd069517f1b3901a2742536f1fb2e6299dbe68af74a0f6cd1f5a5f09fe00a0aaac5080d30ada3b6b910b8fbfc29b7aee5176cd3b238881c3db449b258f5e8fa342bb20c96b83acd66e46493f995934dd34e1205b7efcdeeacd6cf4d4b7391d62b243c8e2e68989fcebcb3ef8c0ff3c0fc658db8447a04d91c0cdbde91d82cd683bf484aa7abe35e81ea9d609411ff5dc488184cc59cfb55429cc752a08537f1ea371ebbfa463ff161912d2a5e823d00347d3b84faa5046c278bbf4269f4336d850b55fd0a8ba9fb284c3f1d08702a43819bf716709c5d01f1d33192bf0c11f6af668d86884a6d7ec260e0d5e7b6635d6892b617f12053cfb93028bf61f5bddcff17d4968136714778689f22ebc12d4558587077eb1ce8c59469086332160e4e558b6854bccd0e5aa2296ce02c8704e932edc78637104705a0573be09e8a2f1caae76b81ade23d81d5d41f45b7177b0e4a2fe836271abcb0c0f77d16ca77eec582901abd463c91", 0x536}], 0x3, &(0x7f0000007240)=ANY=[@ANYBLOB="1800000000000000070000000194040050000000"], 0x18}}], 0x1, 0x0) (async, rerun: 64) r4 = socket$kcm(0x10, 0x400000002, 0x0) (async, rerun: 64) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) (async) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0xffff, 0x1}, {0xffff, 0xffff}, {0xfff1, 0x1587d8b4787a8898}}, [@qdisc_kind_options=@q_multiq={{0xfffffe9d}, {0x8}}]}, 0x38}}, 0x4000) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084) sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) (async, rerun: 64) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) (async, rerun: 64) r10 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r10]) (async) r11 = socket$unix(0x1, 0x2, 0x0) bind$unix(r11, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async) r12 = openat$tun(0xffffff9c, &(0x7f0000000380), 0x180, 0x0) ioctl$SIOCSIFHWADDR(r12, 0x8924, &(0x7f00000003c0)={'veth0_to_bond\x00', @random="c0a83b701f36"}) (async) r13 = landlock_create_ruleset(&(0x7f0000000040)={0x1000, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r13, 0x0) (async) connect$unix(r11, &(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e) (async) connect$unix(r0, &(0x7f0000000240)=@abs, 0x6e) (async) r14 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r14, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000019100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a4c000000090a010100000000000000000000000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021080003400000014108000f"], 0x74}, 0x1, 0x0, 0x0, 0x4000}, 0x8000000) ioctl$PPPIOCGFLAGS(r10, 0x8004745a, &(0x7f0000000300)) 1.874851312s ago: executing program 3 (id=446): socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x12, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) recvmmsg(r0, 0x0, 0x0, 0x40, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd74) syz_io_uring_setup(0x497, 0x0, &(0x7f0000000340), 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000180), 0x0, 0x20000001) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1e, 0x1, 0x0) connect$tipc(r4, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x3, 0x8, &(0x7f00000034c0)=ANY=[], &(0x7f0000001300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$binfmt_misc(r4, &(0x7f0000000080), 0x2000011a) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000040)=0x7) openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040301, 0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) 1.688776267s ago: executing program 2 (id=447): socket$kcm(0x10, 0x2, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_emit_ethernet(0x82, &(0x7f0000000140)=ANY=[], 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4) sendto$unix(r2, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0) recvfrom(r2, &(0x7f00000030c0)=""/4117, 0xffffffffffffffbf, 0x1, 0x0, 0xffffffffffffffb5) sendto$inet(r2, &(0x7f0000000540)="e8", 0x1, 0x80, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IPT_SO_GET_REVISION_MATCH(r5, 0x0, 0x42, &(0x7f00000000c0)={'IDLETIMER\x00'}, &(0x7f0000000100)=0x1e) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000003c0)={'ip6_vti0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x2f, 0x6, 0xd9, 0x4, 0x30, @mcast2, @dev={0xfe, 0x80, '\x00', 0xc}, 0x8, 0x7800, 0x0, 0x1ff}}) 1.520270055s ago: executing program 1 (id=448): r0 = syz_open_dev$tty1(0xc, 0x4, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0) write$vga_arbiter(r1, &(0x7f00000000c0)=ANY=[], 0xe) socket(0x80000000000000a, 0x2, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) syz_open_dev$vim2m(&(0x7f0000000680), 0x10007ff, 0x2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x5c2a, 0x0, 0x1, 0x4, 0x0, 0x7, 0x0, 0x8}, 0x0, &(0x7f0000000140)={0x1ff, 0xfffffffff, 0x3, 0x4, 0x0, 0xfffffffffffffffd, 0x2, 0xfffffffffffffffe}, 0x0, 0x0) r4 = socket$isdn_base(0x22, 0x3, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$vhost_msg_v2(r6, &(0x7f0000001700)={0x2, 0x0, {&(0x7f0000000500)=""/71, 0xfffffffffffffed0, 0x0, 0x2, 0x2}}, 0x48) getsockopt$inet6_int(r5, 0x29, 0x16, 0x0, &(0x7f00000000c0)) bind$isdn_base(r4, &(0x7f0000002780), 0x6) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) unshare(0x22020400) socket$can_j1939(0x1d, 0x2, 0x7) openat$misdntimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) bind$bt_hci(r7, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r8, 0xc008561c, &(0x7f0000000040)={0xf0f024}) ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000980)={0x2, @pix_mp={0xa, 0x81, 0x50565559, 0x4, 0xb, [{0x8f, 0x1}, {0xfffffff7, 0x9}, {0x5, 0x5}, {0x0, 0x4}, {0x8, 0x9d8}, {0x10, 0x4}, {0x1}, {0xfffff000, 0xffffffff}], 0xcb, 0x9, 0x8, 0x4, 0x6}}) write$bt_hci(r7, &(0x7f0000000180)=ANY=[@ANYBLOB="0e00010002"], 0x8) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000000)) ioctl$TIOCL_SETVESABLANK(r0, 0x541c, &(0x7f0000000140)) 1.210318802s ago: executing program 0 (id=449): r0 = open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x88) r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) gettid() r2 = syz_open_dev$sg(&(0x7f0000000000), 0xffffffff, 0xa0500) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1f00000000000000000000000010"], 0x48) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="04140608c8225fb61f0cf50007b2a9"], 0x9) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, 0x0) ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, 0x0) writev(r2, &(0x7f0000000140), 0x0) r3 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) r4 = socket(0x21, 0x2, 0x2) sendmsg$kcm(r4, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[{0x18, 0x110, 0xa, '{'}], 0x18}, 0x0) vmsplice(r3, &(0x7f00000002c0)=[{&(0x7f00000000c0)="f4b114", 0x3}], 0x1, 0x8) ioctl$BLKTRACESETUP(r2, 0xc0481273, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newlink={0x8c, 0x10, 0x44b, 0x70bd2c, 0x25dfdbfc, {0x7a, 0x0, 0x1200, 0x0, 0x1000, 0x9020}, [@IFLA_LINKINFO={0x6c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x5c, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0x8000000000000001}, @IFLA_BR_MCAST_ROUTER={0x5}, @IFLA_BR_MCAST_HASH_MAX={0x8, 0x1b, 0xf4b}, @IFLA_BR_NF_CALL_IP6TABLES={0x5, 0x25, 0x1}, @IFLA_BR_NF_CALL_IPTABLES={0x5}, @IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0x6}, @IFLA_BR_MCAST_LAST_MEMBER_INTVL={0xc, 0x1e, 0xe4e}, @IFLA_BR_VLAN_STATS_ENABLED={0x5}, @IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x6}, @IFLA_BR_VLAN_STATS_PER_PORT={0x5}]}}}]}, 0x8c}}, 0x0) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, 0x0) openat$sysfs(0xffffff9c, 0x0, 0x3, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @thr={&(0x7f0000000540)="672720ea2bc8b3e596b391734c7ee022248ab4b4b31f9c8f8f9ed7fab5daedf407b46e479642128d156ab1ea7c1f62fb5a46c6b6d3de03b2aedb9362dac51aab3b0521fa01a5ed0b823918e68ffa0a41de9939255af03461387ede120ce0d1953e310bb4e1692e06fcd190582373e6998ced9239669e356e279d634c5910e228e923cd9bbcd6f4427edef854dc1d40cfd4d37c3dc46bd898d871dea7a7071b86b144be7967ca740910ee4551f22e97ad764cce6cde730c13cb1c5da46da84b29733a4b7cb5b65bc70e3d9fde901bb326ae5b2ce7a4fa2032c89ba8a114f4e70edf1f18621e51", &(0x7f0000000100)="b0a0c23b39560fe86b5064b864fa37db16cf7ac5987852fab477d678625631499738cee70f457017fb411852bbba929e5c87596606a915338725146adf1356f91667568602a0ccd454b4a18f79e0206f7ffe2041bd36c1331df6d0f420d279"}}, &(0x7f0000000000)=0x0) timer_settime(r6, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) fcntl$setlease(r1, 0x400, 0x1) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xb, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x20008000}, {0x85, 0x0, 0x0, 0x72}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0x0, 0x38, 0x38, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x1c0) fcntl$setlease(r0, 0x400, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) 1.010372788s ago: executing program 0 (id=450): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0xf0ff, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xfff2}}}, 0x24}}, 0x44080) 1.010166178s ago: executing program 0 (id=451): gettid() r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r0, 0x1000002, 0x30, 0xffffffffffffffff, 0x0) userfaultfd(0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000080)='asymmetric\x00', &(0x7f0000000180)=@keyring={'key_or_keyring:', 0x0, 0x2}) mkdir(0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x4, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3fff, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x8008000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0xfffffffffffffff7) r6 = fsopen(&(0x7f0000000380)='nfsd\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='nfsd\x00', 0xc, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x7fffffffffffef9, 0x40000002, 0x0) socket$unix(0x1, 0x5, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 830.257384ms ago: executing program 3 (id=452): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="580000000206010100000000140000000000000005000100070000000900020073797a30000000000c0007800800124000000000050005000a000000050004000000000012000300686173683a6e65742c706f7274"], 0x58}}, 0x0) 787.570055ms ago: executing program 3 (id=453): socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) r2 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0xdd860600, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0xec, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0xb}, [@IFLA_AF_SPEC={0xcc, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET={0xb0, 0x2, 0x0, 0x1, {0x9, 0x1, 0x0, 0x1, [{0xc}, {0x8}, {0x1b}, {0x8}, {0x8}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x9, 0xd}, {0x8, 0x0, 0x0, 0x0, 0x38}]}}, @AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}]}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_MPLS={0x4}, @AF_INET6={0x0, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE]}, @AF_MPLS={0x4}]}]}, 0xec}}, 0x0) 779.366217ms ago: executing program 2 (id=454): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) pwritev2(r2, &(0x7f0000000440)=[{&(0x7f00000000c0)="3b07e649877172ee6c46f5b05e206a31c0be7a6e28615e3ca2", 0x19}, {&(0x7f0000000300)="459ca3bed2ac047108f6d05083af67fe953b16d2a3702580244adb53c153b86656a0747b52ba127cd952921825b666c207cc3796b3ffd6cb664ec7d747ab70c72a291d3424a39d838a51081734b189ae5183e075caaf5e10273a19869db08959ea", 0x61}, {&(0x7f0000000100)="39eee470b001ea2c1eadd23e12c77e35e7142fa5f4b0df6367afa99275", 0x1d}, {&(0x7f0000000380)="b1fee9e841039e3196178461f1e041e9d3f0932ee3adb449a6fa7d57810a83a229fef8e2aff995cb85aba420045697fbd9ec66df21a195f35358fc89d8bc0b28198acb55c7832a2039b2e498f6", 0x4d}, {&(0x7f0000000400)="67bfdd43d6f73d9b11f4de72ca12fc4ae2ae84eee0ca3479613eef6f7d643ec1b09f757c6d3df3f1924b1e1ed5e5475e1f450455c6703a9fd0b882", 0x3b}], 0x5, 0xfffffff7, 0xd, 0x17) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)={0x78, 0x7, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x58, 0x4, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0xd}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x12}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x23}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x18}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x20}]}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x80}, 0x44000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4) sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2d, 0x101, 0x0, 0x0, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x11, 0x0, 0x0, @u64=0x8000000000000000}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x114}], 0x1}, 0x0) 661.572518ms ago: executing program 1 (id=455): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x11, 0x10, 0x0, &(0x7f0000003c00)) 589.158683ms ago: executing program 1 (id=456): r0 = socket$kcm(0x10, 0x2, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$TOKEN_CREATE(0x24, &(0x7f0000000540)={0x0, r0}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRES64=r0], &(0x7f0000000000)='GPL\x00', 0x2, 0xc8, &(0x7f0000000640)=""/200, 0x41100, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x35, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_emit_ethernet(0x82, &(0x7f0000000140)=ANY=[], 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xb635773f06ebbeef, 0x110, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$media(&(0x7f0000000340), 0xff, 0x102) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) r6 = accept4$alg(r5, 0x0, 0x0, 0x0) sendmmsg$alg(r6, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)='6c', 0x2}, {&(0x7f0000000280)="e02584eeb69ae6b342b68d8be5414b8bad9da292edc320246d439cbe99d5435fcc9f629a115737e05b", 0x29}], 0x2}], 0x1, 0x2004001) io_setup(0xff, &(0x7f0000000380)) 588.983717ms ago: executing program 2 (id=457): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="3400000011000500000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000300000014001a80100005800c000280080001"], 0x34}}, 0x0) 588.349597ms ago: executing program 3 (id=458): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000060090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 587.620971ms ago: executing program 1 (id=459): r0 = socket$kcm(0x10, 0x100000000002, 0x4) sched_setaffinity(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000300)={0x0, 0x3ff, 0xa}) socket$inet_smc(0x2b, 0x1, 0x0) open$dir(0x0, 0x149800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) mknod$loop(0x0, 0x61e88b555c18ed23, 0x1) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r6 = socket$inet6_dccp(0xa, 0x6, 0x0) bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2f}}, 0x40001}, 0x1c) connect$inet6(r6, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r7 = openat$nmem0(0xffffff9c, &(0x7f0000000080), 0x208000, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r7, 0x10f, 0x81, &(0x7f00000000c0)=0xcd951088, 0x4) 587.443994ms ago: executing program 3 (id=460): recvmsg(0xffffffffffffffff, 0x0, 0x100) syz_emit_ethernet(0x69, &(0x7f0000000180)=ANY=[@ANYBLOB="bbbbbbbbbbbbfd137b07daa786dd6002adf700333a0000000000000000000000ffff00000000ff02000000000000e31344ada3d8466f7600157fde3d48840000000000000001030090780000000060fd906300002f00ff01000000000000000000000000000100000000000000000000ffffac1414aa8d0022"], 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xe, &(0x7f0000005640)=0x1, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) lremovexattr(0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) clock_gettime(0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, &(0x7f0000000280)) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r7, 0x0) 530.481054ms ago: executing program 2 (id=461): ioperm(0x0, 0x7, 0x7) r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0) landlock_restrict_self(r0, 0x700) 530.224732ms ago: executing program 2 (id=462): openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x400ad80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000006780)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3ab706204ee39c9dae21a1718ee351ebc92d2f0d482a863ae5c0b4d768ffe745af2c53a083d9b761b", 0xfff7}], 0x1}}], 0x1, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000080)='kfree\x00', r4}, 0x18) r5 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r5, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f0000001440)=ANY=[@ANYBLOB="0017"], 0xc0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) accept4(r6, 0x0, 0x0, 0x800) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x1c}}, 0x0) 80.014784ms ago: executing program 0 (id=463): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat$hpet(0xffffff9c, &(0x7f00000001c0), 0x40, 0x0) bind$bt_l2cap(r2, &(0x7f0000000240)={0x1f, 0x6, @none, 0x6a0, 0x1}, 0xe) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r3, 0xc0844123, &(0x7f0000000000)) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000100)=0x20, 0x4) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$bt_hci(r1, &(0x7f0000000040)={0x1, @write_sc_support={{0xc7a, 0x1}, {0x1}}}, 0x5) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140)) ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000000080)=0x200000000) r5 = dup2(r4, r4) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000400)={0x0, 0x0, 0x0, &(0x7f0000000300)=""/121, 0x0}) ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x5) read$FUSE(r5, &(0x7f0000004d80)={0x2020}, 0x2020) write$vhost_msg_v2(r5, &(0x7f0000000280)={0x2, 0x0, {&(0x7f0000000140)=""/128, 0x80, 0x0, 0x0, 0x2}}, 0x48) setsockopt$sock_int(r1, 0x1, 0x23, &(0x7f0000000200)=0x5, 0x4) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x62, &(0x7f00000000c0)={&(0x7f0000000580)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_MARK_MASK={0x0, 0x15, 0x1, 0x0, 0x4}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0xd, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x6fdb}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x0, 0x2, @multicast2}]}, @CTA_PROTOINFO={0x0, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0x0, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0x0, 0x3, 0x1, 0x0, 0x40}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0x0, 0x3, 0x1, 0x0, 0x7fffffffffffffff}, @CTA_PROTOINFO_DCCP_STATE={0x0, 0x1, 0x8}, @CTA_PROTOINFO_DCCP_STATE={0x0, 0x1, 0x7}, @CTA_PROTOINFO_DCCP_STATE={0x0, 0x1, 0x36}]}}]}, 0xac}}, 0x20000090) 203.681µs ago: executing program 0 (id=464): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x11, 0x10, 0x0, &(0x7f0000003c00)) 0s ago: executing program 0 (id=465): ioperm(0x0, 0x7, 0x7) r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) (fail_nth: 6) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:63937' (ED25519) to the list of known hosts. [ 41.919238][ T5922] cgroup: Unknown subsys name 'net' [ 42.048080][ T5922] cgroup: Unknown subsys name 'cpuset' [ 42.052010][ T5922] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.933807][ T5922] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.939696][ T5308] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.942634][ T5308] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.945797][ T5308] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.948394][ T5308] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.950742][ T5308] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.953375][ T5308] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.956335][ T5308] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.959977][ T5308] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.963399][ T5308] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.965870][ T5308] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.968739][ T5966] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.971537][ T5966] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.973980][ T5966] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.977211][ T5958] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.978157][ T5966] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.982433][ T5966] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.985375][ T5962] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.989456][ T5963] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.993778][ T5957] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.997298][ T5957] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 46.276665][ T5951] chnl_net:caif_netlink_parms(): no params data found [ 46.313914][ T5964] chnl_net:caif_netlink_parms(): no params data found [ 46.420350][ T5959] chnl_net:caif_netlink_parms(): no params data found [ 46.438737][ T5956] chnl_net:caif_netlink_parms(): no params data found [ 46.456604][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.458854][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.461230][ T5951] bridge_slave_0: entered allmulticast mode [ 46.463830][ T5951] bridge_slave_0: entered promiscuous mode [ 46.524401][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.527392][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.530268][ T5951] bridge_slave_1: entered allmulticast mode [ 46.533982][ T5951] bridge_slave_1: entered promiscuous mode [ 46.555466][ T5964] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.557687][ T5964] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.559890][ T5964] bridge_slave_0: entered allmulticast mode [ 46.562670][ T5964] bridge_slave_0: entered promiscuous mode [ 46.607355][ T5964] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.609539][ T5964] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.611788][ T5964] bridge_slave_1: entered allmulticast mode [ 46.614242][ T5964] bridge_slave_1: entered promiscuous mode [ 46.637015][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.686827][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.705976][ T5964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.738897][ T5959] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.741145][ T5959] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.743407][ T5959] bridge_slave_0: entered allmulticast mode [ 46.746116][ T5959] bridge_slave_0: entered promiscuous mode [ 46.750195][ T5964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.792854][ T5951] team0: Port device team_slave_0 added [ 46.795034][ T5959] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.797298][ T5959] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.799494][ T5959] bridge_slave_1: entered allmulticast mode [ 46.802051][ T5959] bridge_slave_1: entered promiscuous mode [ 46.830400][ T5956] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.832638][ T5956] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.835019][ T5956] bridge_slave_0: entered allmulticast mode [ 46.839659][ T5956] bridge_slave_0: entered promiscuous mode [ 46.844856][ T5951] team0: Port device team_slave_1 added [ 46.890208][ T5956] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.892525][ T5956] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.894899][ T5956] bridge_slave_1: entered allmulticast mode [ 46.897828][ T5956] bridge_slave_1: entered promiscuous mode [ 46.932400][ T5959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.937239][ T5959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.941816][ T5964] team0: Port device team_slave_0 added [ 46.959299][ T5956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.963230][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.965983][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.974386][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.993698][ T5964] team0: Port device team_slave_1 added [ 46.996917][ T5956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.000266][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.002533][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.011919][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.077576][ T5959] team0: Port device team_slave_0 added [ 47.094453][ T5964] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.097847][ T5964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.106032][ T5964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.110413][ T5964] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.112680][ T5964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.120817][ T5964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.126011][ T5956] team0: Port device team_slave_0 added [ 47.129263][ T5959] team0: Port device team_slave_1 added [ 47.149551][ T5956] team0: Port device team_slave_1 added [ 47.230617][ T5951] hsr_slave_0: entered promiscuous mode [ 47.232865][ T5951] hsr_slave_1: entered promiscuous mode [ 47.237375][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.239631][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.247482][ T5956] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.251247][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.253480][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.262706][ T5959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.266986][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.269233][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.277259][ T5959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.335355][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.337660][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.346319][ T5956] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.357751][ T5964] hsr_slave_0: entered promiscuous mode [ 47.359896][ T5964] hsr_slave_1: entered promiscuous mode [ 47.361954][ T5964] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.364545][ T5964] Cannot create hsr debugfs directory [ 47.523792][ T5959] hsr_slave_0: entered promiscuous mode [ 47.529407][ T5959] hsr_slave_1: entered promiscuous mode [ 47.532179][ T5959] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.535689][ T5959] Cannot create hsr debugfs directory [ 47.571265][ T5956] hsr_slave_0: entered promiscuous mode [ 47.574343][ T5956] hsr_slave_1: entered promiscuous mode [ 47.577425][ T5956] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.580488][ T5956] Cannot create hsr debugfs directory [ 47.893375][ T5951] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.926445][ T5951] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.944452][ T5951] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 47.949589][ T5951] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.971392][ T5964] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.978679][ T5964] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.982487][ T5964] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.986869][ T5964] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 48.014747][ T5959] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 48.019475][ T5959] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 48.030493][ T5959] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 48.035946][ T5959] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 48.035952][ T5955] Bluetooth: hci2: command tx timeout [ 48.036532][ T5962] Bluetooth: hci1: command tx timeout [ 48.036638][ T5957] Bluetooth: hci3: command tx timeout [ 48.046298][ T5955] Bluetooth: hci0: command tx timeout [ 48.108354][ T5956] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 48.117359][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.124677][ T5956] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 48.134737][ T5956] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 48.141496][ T5956] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 48.172507][ T5951] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.183879][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.186218][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.211601][ T1240] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.214123][ T1240] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.237647][ T5959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.247970][ T5964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.273842][ T5959] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.280429][ T5964] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.290937][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.293668][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.297044][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.299476][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.319804][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.322682][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.329960][ T1240] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.333118][ T1240] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.364505][ T5956] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.412256][ T5956] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.424547][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.427129][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.441193][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.450312][ T5959] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 48.457658][ T1240] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.459980][ T1240] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.526946][ T5964] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.534250][ T5951] veth0_vlan: entered promiscuous mode [ 48.553317][ T5951] veth1_vlan: entered promiscuous mode [ 48.592909][ T5951] veth0_macvtap: entered promiscuous mode [ 48.599557][ T5951] veth1_macvtap: entered promiscuous mode [ 48.611367][ T5964] veth0_vlan: entered promiscuous mode [ 48.616763][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.620894][ T5959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.631745][ T5964] veth1_vlan: entered promiscuous mode [ 48.640383][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.645265][ T5951] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.648115][ T5951] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.650806][ T5951] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.653512][ T5951] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.694842][ T5964] veth0_macvtap: entered promiscuous mode [ 48.710555][ T5959] veth0_vlan: entered promiscuous mode [ 48.715276][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.717141][ T5964] veth1_macvtap: entered promiscuous mode [ 48.717848][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.729835][ T5959] veth1_vlan: entered promiscuous mode [ 48.736279][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.740447][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.744651][ T5964] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.749132][ T5956] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.758688][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.761146][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.766968][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.770205][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.775028][ T5964] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.781645][ T5964] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.788904][ T5964] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.792350][ T5964] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.796360][ T5964] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.828889][ T5951] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.834790][ T5959] veth0_macvtap: entered promiscuous mode [ 48.847944][ T5959] veth1_macvtap: entered promiscuous mode [ 48.861831][ T5956] veth0_vlan: entered promiscuous mode [ 48.881824][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.886808][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.887403][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.890494][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.897809][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.901025][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.905198][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.910891][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.914160][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.919102][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.922371][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.926459][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.932279][ T5959] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.935046][ T5959] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.938425][ T5959] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.941123][ T5959] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.960816][ T5956] veth1_vlan: entered promiscuous mode [ 48.982095][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.987219][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.007743][ T5956] veth0_macvtap: entered promiscuous mode [ 49.013880][ T5956] veth1_macvtap: entered promiscuous mode [ 49.029576][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.032863][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.037121][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.041122][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.045889][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.049977][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.054246][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.066584][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.069975][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.073621][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.078520][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.083327][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.086814][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.090930][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.103346][ T1240] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.107121][ T5956] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.107196][ T1240] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.109895][ T5956] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.114841][ T5956] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.117942][ T5956] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.144726][ T47] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.151180][ T47] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.203909][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.210918][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.225999][ T1240] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.228423][ T1240] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.456640][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 49.593230][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 49.667223][ T6033] can0: slcan on ttyS3. [ 49.900504][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 50.115243][ T5957] Bluetooth: hci1: command tx timeout [ 50.125485][ T5955] Bluetooth: hci2: command tx timeout [ 50.127209][ T5955] Bluetooth: hci3: command tx timeout [ 50.129008][ T5957] Bluetooth: hci0: command tx timeout [ 50.309770][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 50.397085][ T6028] can0 (unregistered): slcan off ttyS3. [ 50.445265][ T6037] syz.0.5 uses obsolete (PF_INET,SOCK_PACKET) [ 50.556851][ T6062] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.861197][ T6065] Cannot find del_set index 3 as target [ 50.870467][ T6065] netlink: 'syz.3.7': attribute type 11 has an invalid length. [ 50.873044][ T6065] netlink: 224 bytes leftover after parsing attributes in process `syz.3.7'. [ 51.295297][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 51.436245][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 51.451514][ T6082] can0: slcan on ttyS3. [ 51.535331][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 51.538055][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 51.538426][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 51.540589][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 52.236474][ T5957] Bluetooth: hci0: command tx timeout [ 52.238275][ T5957] Bluetooth: hci3: command tx timeout [ 52.240495][ T5957] Bluetooth: hci2: command tx timeout [ 52.242431][ T5957] Bluetooth: hci1: command tx timeout [ 52.445520][ T6084] can0 (unregistered): slcan off ttyS3. [ 52.481694][ T6062] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.577460][ T6103] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13'. [ 52.695837][ T6062] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.755389][ T6062] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.769705][ T6107] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 52.826010][ T6062] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.832837][ T6062] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.839609][ T6062] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.845878][ T6062] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.894488][ T6097] can0: slcan on ttyS3. [ 53.093970][ T6114] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 53.357358][ T6090] can0 (unregistered): slcan off ttyS3. [ 53.665203][ T64] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 53.988306][ T64] usb 7-1: config 0 has an invalid interface number: 145 but max is 0 [ 53.990976][ T64] usb 7-1: config 0 has no interface number 0 [ 53.994568][ T64] usb 7-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 54.000659][ T64] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 54.003470][ T64] usb 7-1: Product: syz [ 54.004957][ T64] usb 7-1: Manufacturer: syz [ 54.007550][ T64] usb 7-1: SerialNumber: syz [ 54.017089][ T64] usb 7-1: config 0 descriptor?? [ 54.026372][ T64] hub 7-1:0.145: bad descriptor, ignoring hub [ 54.029301][ T64] hub 7-1:0.145: probe with driver hub failed with error -5 [ 54.034654][ T64] input: bcm5974 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.145/input/input5 [ 54.233437][ T6128] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 54.236497][ T6128] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 54.278076][ T5957] Bluetooth: hci2: command tx timeout [ 54.279904][ T5957] Bluetooth: hci3: command tx timeout [ 54.281748][ T5957] Bluetooth: hci0: command tx timeout [ 54.283498][ T5962] Bluetooth: hci1: command tx timeout [ 54.386801][ T6146] can0: slcan on ttyS3. [ 55.219087][ T24] usb 7-1: USB disconnect, device number 2 [ 55.595265][ T6143] can0 (unregistered): slcan off ttyS3. [ 55.709324][ T6163] Cannot find del_set index 3 as target [ 55.736513][ T6157] netlink: 'syz.3.21': attribute type 11 has an invalid length. [ 55.739201][ T6157] netlink: 224 bytes leftover after parsing attributes in process `syz.3.21'. [ 55.986524][ T6183] Cannot find del_set index 3 as target [ 56.038500][ T6168] netlink: 'syz.1.23': attribute type 11 has an invalid length. [ 56.041771][ T6168] netlink: 224 bytes leftover after parsing attributes in process `syz.1.23'. [ 56.236712][ T6172] can0: slcan on ttyS3. [ 57.345482][ T6191] can0 (unregistered): slcan off ttyS3. [ 58.993277][ T6276] Zero length message leads to an empty skb [ 59.444841][ T6280] netlink: 80 bytes leftover after parsing attributes in process `syz.1.34'. [ 59.847493][ T6285] raw_sendmsg: syz.2.36 forgot to set AF_INET. Fix it! [ 60.032110][ T6299] netlink: 8 bytes leftover after parsing attributes in process `syz.2.39'. [ 60.035038][ T6299] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 60.281183][ T6303] netlink: 12 bytes leftover after parsing attributes in process `syz.2.40'. [ 60.293358][ T6303] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 60.296864][ T6303] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 60.300083][ T6303] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 60.303494][ T6303] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 60.312796][ T6303] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 60.315672][ T6303] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 60.318428][ T6303] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 60.321173][ T6303] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 61.386633][ T6322] Cannot find del_set index 3 as target [ 61.395356][ T6322] netlink: 'syz.0.44': attribute type 11 has an invalid length. [ 61.397831][ T6322] netlink: 224 bytes leftover after parsing attributes in process `syz.0.44'. [ 62.486199][ T6346] Cannot find del_set index 3 as target [ 62.489572][ T6346] netlink: 'syz.1.47': attribute type 11 has an invalid length. [ 62.491905][ T6346] netlink: 224 bytes leftover after parsing attributes in process `syz.1.47'. [ 62.582811][ T6341] veth1_o_team: renamed from bridge_slave_0 (while UP) [ 64.267092][ T6395] Cannot find del_set index 3 as target [ 64.275433][ T6395] netlink: 'syz.3.50': attribute type 11 has an invalid length. [ 64.277936][ T6395] netlink: 224 bytes leftover after parsing attributes in process `syz.3.50'. [ 64.901085][ T5954] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 65.055167][ T5954] usb 5-1: Using ep0 maxpacket: 8 [ 65.062137][ T5954] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 65.066466][ T5954] usb 5-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config [ 65.070784][ T5954] usb 5-1: config 250 has no interfaces? [ 65.075305][ T5954] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 65.078251][ T5954] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 65.081090][ T5954] usb 5-1: Product: syz [ 65.082516][ T5954] usb 5-1: SerialNumber: syz [ 65.614224][ T6439] overlayfs: conflicting options: userxattr,metacopy=on [ 65.974159][ T29] libceph: connect (1)[c::]:6789 error -101 [ 65.976622][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 66.236258][ T29] libceph: connect (1)[c::]:6789 error -101 [ 66.238373][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 66.437205][ T6443] ceph: No mds server is up or the cluster is laggy [ 66.592834][ T6458] Cannot find del_set index 3 as target [ 66.601028][ T6458] netlink: 'syz.2.57': attribute type 11 has an invalid length. [ 66.603528][ T6458] netlink: 224 bytes leftover after parsing attributes in process `syz.2.57'. [ 67.014587][ T6467] can0: slcan on ttyS3. [ 67.105924][ T6466] can0 (unregistered): slcan off ttyS3. [ 67.765380][ T6013] usb 5-1: USB disconnect, device number 2 [ 68.120838][ T6514] Cannot find del_set index 3 as target [ 68.130476][ T6514] netlink: 'syz.0.66': attribute type 11 has an invalid length. [ 68.132852][ T6514] netlink: 224 bytes leftover after parsing attributes in process `syz.0.66'. [ 68.853256][ T6545] netlink: 80 bytes leftover after parsing attributes in process `syz.0.68'. [ 68.856237][ T6543] Cannot find del_set index 3 as target [ 68.864048][ T6545] netlink: 80 bytes leftover after parsing attributes in process `syz.0.68'. [ 69.016157][ T6536] netlink: 'syz.1.67': attribute type 11 has an invalid length. [ 69.018618][ T6536] netlink: 224 bytes leftover after parsing attributes in process `syz.1.67'. [ 69.142290][ T6013] libceph: connect (1)[c::]:6789 error -101 [ 69.144827][ T6013] libceph: mon0 (1)[c::]:6789 connect error [ 69.299732][ T6550] can0: slcan on ttyS3. [ 69.445762][ T29] libceph: connect (1)[c::]:6789 error -101 [ 69.450548][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 69.475485][ T6549] can0 (unregistered): slcan off ttyS3. [ 69.857948][ T6580] Cannot find del_set index 3 as target [ 69.867137][ T6580] netlink: 'syz.1.71': attribute type 11 has an invalid length. [ 69.870127][ T6580] netlink: 224 bytes leftover after parsing attributes in process `syz.1.71'. [ 70.034780][ T6554] ceph: No mds server is up or the cluster is laggy [ 70.039868][ T6013] libceph: connect (1)[c::]:6789 error -101 [ 70.042616][ T6013] libceph: mon0 (1)[c::]:6789 connect error [ 70.477907][ T6601] can0: slcan on ttyS3. [ 70.830279][ T6613] Cannot find del_set index 3 as target [ 70.834818][ T6613] netlink: 'syz.1.76': attribute type 11 has an invalid length. [ 70.837309][ T6613] netlink: 224 bytes leftover after parsing attributes in process `syz.1.76'. [ 71.046135][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.049062][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.644146][ T6594] can0 (unregistered): slcan off ttyS3. [ 72.588083][ T6667] can0: slcan on ttyS3. [ 73.013723][ T6675] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 73.013723][ T6675] program syz.2.82 not setting count and/or reply_len properly [ 73.335788][ T6654] can0 (unregistered): slcan off ttyS3. [ 73.513306][ T6692] Cannot find del_set index 3 as target [ 73.523912][ T6692] netlink: 'syz.2.90': attribute type 11 has an invalid length. [ 73.526462][ T6692] netlink: 224 bytes leftover after parsing attributes in process `syz.2.90'. [ 74.415671][ T6721] Cannot find del_set index 3 as target [ 74.418933][ T6721] netlink: 'syz.1.84': attribute type 11 has an invalid length. [ 74.421138][ T6721] netlink: 224 bytes leftover after parsing attributes in process `syz.1.84'. [ 75.164085][ T6742] Cannot find del_set index 3 as target [ 75.176829][ T6742] netlink: 'syz.3.86': attribute type 11 has an invalid length. [ 75.179188][ T6742] netlink: 224 bytes leftover after parsing attributes in process `syz.3.86'. [ 75.320841][ T6756] Cannot find del_set index 3 as target [ 75.334029][ T6756] netlink: 'syz.2.88': attribute type 11 has an invalid length. [ 75.336466][ T6756] netlink: 224 bytes leftover after parsing attributes in process `syz.2.88'. [ 75.871654][ T6776] Cannot find del_set index 3 as target [ 75.933465][ T6776] netlink: 'syz.0.89': attribute type 11 has an invalid length. [ 75.935838][ T6776] netlink: 224 bytes leftover after parsing attributes in process `syz.0.89'. [ 76.409826][ T6821] Cannot find del_set index 3 as target [ 76.423613][ T6821] netlink: 'syz.1.94': attribute type 11 has an invalid length. [ 76.426080][ T6821] netlink: 224 bytes leftover after parsing attributes in process `syz.1.94'. [ 77.275255][ T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 77.436575][ T24] usb 6-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 77.440407][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 77.444945][ T24] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 77.450293][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.454976][ T24] usb 6-1: config 0 descriptor?? [ 77.460952][ T24] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 77.796029][ T5962] Bluetooth: unknown link type 108 [ 77.797680][ T5962] Bluetooth: hci0: connection err: -111 [ 78.160867][ T6900] can0: slcan on ttyS3. [ 78.708888][ T6906] Cannot find del_set index 3 as target [ 78.718823][ T6906] netlink: 'syz.0.102': attribute type 11 has an invalid length. [ 78.721269][ T6906] netlink: 224 bytes leftover after parsing attributes in process `syz.0.102'. [ 78.895872][ T6893] can0 (unregistered): slcan off ttyS3. [ 79.078610][ T6956] netlink: 52 bytes leftover after parsing attributes in process `syz.0.107'. [ 79.471906][ T6968] pim6reg: entered allmulticast mode [ 79.490973][ T6978] ip6tnl1: entered promiscuous mode [ 79.492728][ T6978] ip6tnl1: entered allmulticast mode [ 79.496119][ T6978] team0: Device ip6tnl1 is of different type [ 79.681563][ T6991] FAULT_INJECTION: forcing a failure. [ 79.681563][ T6991] name failslab, interval 1, probability 0, space 0, times 0 [ 79.703377][ T6991] CPU: 2 UID: 0 PID: 6991 Comm: syz.2.111 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 79.703400][ T6991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.703410][ T6991] Call Trace: [ 79.703415][ T6991] [ 79.703421][ T6991] dump_stack_lvl+0x16c/0x1f0 [ 79.703461][ T6991] should_fail_ex+0x512/0x640 [ 79.703479][ T6991] ? fs_reclaim_acquire+0xae/0x150 [ 79.703504][ T6991] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 79.703525][ T6991] should_failslab+0xc2/0x120 [ 79.703546][ T6991] __kmalloc_noprof+0xd2/0x510 [ 79.703566][ T6991] tomoyo_realpath_from_path+0xc2/0x6e0 [ 79.703587][ T6991] ? tomoyo_profile+0x47/0x60 [ 79.703613][ T6991] tomoyo_path_number_perm+0x245/0x580 [ 79.703630][ T6991] ? tomoyo_path_number_perm+0x237/0x580 [ 79.703648][ T6991] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 79.703688][ T6991] ? find_held_lock+0x2b/0x80 [ 79.703708][ T6991] ? hook_file_ioctl_common+0x145/0x410 [ 79.703725][ T6991] ? __fget_files+0x204/0x3c0 [ 79.703738][ T6991] ? __fget_files+0x20e/0x3c0 [ 79.703750][ T6991] ? __fput_deferred+0x300/0x370 [ 79.703774][ T6991] security_file_ioctl_compat+0x9b/0x240 [ 79.703796][ T6991] __ia32_compat_sys_ioctl+0xc3/0x360 [ 79.703817][ T6991] __do_fast_syscall_32+0x73/0x120 [ 79.703839][ T6991] do_fast_syscall_32+0x32/0x80 [ 79.703861][ T6991] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 79.703878][ T6991] RIP: 0023:0xf7f98579 [ 79.703890][ T6991] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 79.703901][ T6991] RSP: 002b:00000000f507455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 79.703915][ T6991] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000000ab03 [ 79.703925][ T6991] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 79.703933][ T6991] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 79.703942][ T6991] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 79.703950][ T6991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 79.703971][ T6991] [ 79.704518][ T6991] ERROR: Out of memory at tomoyo_realpath_from_path. [ 79.975752][ T6989] block nbd2: shutting down sockets [ 80.151120][ T7021] JFS: discard option not supported on device [ 80.154949][ T7021] Mount JFS Failure: -22 [ 80.157789][ T7021] jfs_mount failed w/return code = -22 [ 80.159996][ T6013] usb 6-1: USB disconnect, device number 2 [ 80.166816][ T7021] openvswitch: netlink: Flow key attr not present in new flow. [ 80.220994][ T7028] netlink: 12 bytes leftover after parsing attributes in process `syz.0.120'. [ 80.436842][ T34] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 80.551272][ T7038] netlink: 4 bytes leftover after parsing attributes in process `syz.0.123'. [ 80.595724][ T34] usb 7-1: Using ep0 maxpacket: 8 [ 80.598584][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.602036][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.604987][ T34] usb 7-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 80.608163][ T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.613184][ T34] usb 7-1: config 0 descriptor?? [ 80.671946][ T7038] netlink: 24 bytes leftover after parsing attributes in process `syz.0.123'. [ 80.808908][ T7050] netlink: 'syz.0.126': attribute type 16 has an invalid length. [ 80.811307][ T7050] netlink: 'syz.0.126': attribute type 17 has an invalid length. [ 80.835704][ T7024] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 80.864348][ T7050] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.869880][ T7050] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.923802][ T7050] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 80.931059][ T7050] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 80.965555][ T7056] overlayfs: missing 'lowerdir' [ 80.982866][ T7050] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.988907][ T7050] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.992427][ T7050] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.996347][ T7050] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.087176][ T58] cfg80211: failed to load regulatory.db [ 81.106222][ T7061] netlink: 40 bytes leftover after parsing attributes in process `syz.1.129'. [ 81.364800][ T7071] FAULT_INJECTION: forcing a failure. [ 81.364800][ T7071] name failslab, interval 1, probability 0, space 0, times 0 [ 81.370571][ T7071] CPU: 0 UID: 0 PID: 7071 Comm: syz.1.132 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 81.370585][ T7071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.370592][ T7071] Call Trace: [ 81.370595][ T7071] [ 81.370599][ T7071] dump_stack_lvl+0x16c/0x1f0 [ 81.370618][ T7071] should_fail_ex+0x512/0x640 [ 81.370630][ T7071] ? __kmalloc_noprof+0xbf/0x510 [ 81.370655][ T7071] ? lsm_blob_alloc+0x68/0x90 [ 81.370671][ T7071] should_failslab+0xc2/0x120 [ 81.370685][ T7071] __kmalloc_noprof+0xd2/0x510 [ 81.370696][ T7071] ? __pfx_perf_event_init_task+0x10/0x10 [ 81.370707][ T7071] ? audit_alloc+0xa2/0x7b0 [ 81.370728][ T7071] lsm_blob_alloc+0x68/0x90 [ 81.370743][ T7071] security_task_alloc+0x2d/0x260 [ 81.370758][ T7071] copy_process+0x24ba/0x91a0 [ 81.370773][ T7071] ? do_raw_spin_lock+0x12c/0x2b0 [ 81.370783][ T7071] ? find_held_lock+0x2b/0x80 [ 81.370800][ T7071] ? __pfx_copy_process+0x10/0x10 [ 81.370815][ T7071] ? kasan_save_stack+0x42/0x60 [ 81.370825][ T7071] ? kasan_save_stack+0x33/0x60 [ 81.370836][ T7071] ? kasan_save_track+0x14/0x30 [ 81.370846][ T7071] ? __kasan_kmalloc+0xaa/0xb0 [ 81.370856][ T7071] ? create_io_worker+0xc9/0x5b0 [ 81.370864][ T7071] ? io_wq_enqueue+0x5c4/0xa10 [ 81.370873][ T7071] ? io_queue_iowq+0x28a/0x5b0 [ 81.370887][ T7071] ? io_queue_sqe_fallback+0xcd/0x9f0 [ 81.370901][ T7071] ? io_submit_sqes+0x157a/0x25d0 [ 81.370910][ T7071] ? __do_sys_io_uring_enter+0xd6a/0x1630 [ 81.370919][ T7071] ? __do_fast_syscall_32+0x73/0x120 [ 81.370933][ T7071] ? do_fast_syscall_32+0x32/0x80 [ 81.370947][ T7071] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 81.370964][ T7071] ? __pfx_io_wq_worker+0x10/0x10 [ 81.370974][ T7071] create_io_thread+0xbe/0x100 [ 81.370988][ T7071] ? __pfx_create_io_thread+0x10/0x10 [ 81.371005][ T7071] ? __pfx_io_wq_worker+0x10/0x10 [ 81.371016][ T7071] ? lockdep_init_map_type+0x5c/0x280 [ 81.371031][ T7071] ? lockdep_init_map_type+0x5c/0x280 [ 81.371045][ T7071] ? __init_swait_queue_head+0xca/0x150 [ 81.371055][ T7071] ? create_io_worker+0x1f/0x5b0 [ 81.371065][ T7071] create_io_worker+0x1d0/0x5b0 [ 81.371075][ T7071] io_wq_enqueue+0x5c4/0xa10 [ 81.371085][ T7071] ? __io_alloc_req_refill+0x188/0x5b0 [ 81.371099][ T7071] ? __pfx_io_wq_enqueue+0x10/0x10 [ 81.371109][ T7071] ? __pfx_io_wq_work_match_item+0x10/0x10 [ 81.371125][ T7071] ? io_prep_async_work+0x3c3/0x770 [ 81.371141][ T7071] io_queue_iowq+0x28a/0x5b0 [ 81.371157][ T7071] io_queue_sqe_fallback+0xcd/0x9f0 [ 81.371174][ T7071] io_submit_sqes+0x157a/0x25d0 [ 81.371191][ T7071] __do_sys_io_uring_enter+0xd6a/0x1630 [ 81.371203][ T7071] ? __fget_files+0x20e/0x3c0 [ 81.371213][ T7071] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 81.371225][ T7071] ? fput+0x70/0xf0 [ 81.371237][ T7071] ? ksys_write+0x1b9/0x240 [ 81.371247][ T7071] ? __pfx_ksys_write+0x10/0x10 [ 81.371259][ T7071] ? rcu_is_watching+0x12/0xc0 [ 81.371271][ T7071] __do_fast_syscall_32+0x73/0x120 [ 81.371287][ T7071] do_fast_syscall_32+0x32/0x80 [ 81.371302][ T7071] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 81.371314][ T7071] RIP: 0023:0xf709e579 [ 81.371322][ T7071] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 81.371332][ T7071] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa [ 81.371341][ T7071] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000003516 [ 81.371347][ T7071] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 81.371353][ T7071] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 81.371358][ T7071] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 81.371364][ T7071] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 81.371376][ T7071] [ 82.036568][ T7081] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 82.325189][ T7087] ceph: No mds server is up or the cluster is laggy [ 82.402562][ T29] libceph: connect (1)[c::]:6789 error -101 [ 82.419101][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 82.545170][ T58] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 82.707963][ T58] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 82.712044][ T58] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 82.716084][ T58] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 82.723190][ T58] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 82.726989][ T58] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.730710][ T58] usb 8-1: Product: syz [ 82.732189][ T58] usb 8-1: Manufacturer: syz [ 82.733673][ T58] usb 8-1: SerialNumber: syz [ 82.835219][ T5962] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 82.835536][ T5955] Bluetooth: hci4: command 0x1003 tx timeout [ 82.954842][ T58] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 83.155730][ T7085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.158613][ T7085] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.164962][ T6116] usb 8-1: USB disconnect, device number 2 [ 83.172908][ T6116] usblp0: removed [ 83.187409][ T34] usbhid 7-1:0.0: can't add hid device: -71 [ 83.190640][ T34] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 83.198278][ T34] usb 7-1: USB disconnect, device number 3 [ 83.225206][ T71] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 83.316986][ T7120] syz.2.142: attempt to access beyond end of device [ 83.316986][ T7120] nbd2: rw=0, sector=0, nr_sectors = 8 limit=0 [ 83.321445][ T7120] hpfs: hpfs_map_sector(): read error [ 83.375179][ T71] usb 5-1: Using ep0 maxpacket: 16 [ 83.379233][ T71] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 83.388433][ T71] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 83.392125][ T71] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.395520][ T71] usb 5-1: Product: syz [ 83.397294][ T71] usb 5-1: Manufacturer: syz [ 83.399312][ T71] usb 5-1: SerialNumber: syz [ 83.404143][ T71] usb 5-1: config 0 descriptor?? [ 83.412552][ T71] appledisplay 5-1:0.0: Could not find int-in endpoint [ 83.417123][ T71] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 83.611633][ T7128] Cannot find del_set index 3 as target [ 83.619367][ T7128] netlink: 'syz.1.143': attribute type 11 has an invalid length. [ 83.621845][ T7128] netlink: 224 bytes leftover after parsing attributes in process `syz.1.143'. [ 84.246934][ T7165] IPv6: NLM_F_CREATE should be specified when creating new route [ 84.595726][ T7177] Cannot find del_set index 3 as target [ 84.604371][ T7177] netlink: 'syz.2.147': attribute type 11 has an invalid length. [ 84.606976][ T7177] netlink: 224 bytes leftover after parsing attributes in process `syz.2.147'. [ 84.787824][ T7186] kAFS: unparsable volume name [ 84.790414][ T6013] usb 5-1: USB disconnect, device number 3 [ 84.792809][ T7186] netlink: 40 bytes leftover after parsing attributes in process `syz.1.148'. [ 84.802788][ T7186] netlink: 40 bytes leftover after parsing attributes in process `syz.1.148'. [ 85.327970][ T7207] netlink: 24 bytes leftover after parsing attributes in process `syz.3.149'. [ 85.346351][ T7205] lo: entered promiscuous mode [ 85.348160][ T7205] lo: entered allmulticast mode [ 85.839140][ T7204] lo: left allmulticast mode [ 85.840776][ T7204] lo: left promiscuous mode [ 86.235758][ T7245] netlink: 132 bytes leftover after parsing attributes in process `syz.1.156'. [ 86.366758][ T7258] netlink: 4 bytes leftover after parsing attributes in process `syz.3.160'. [ 86.375469][ T7258] netlink: 104 bytes leftover after parsing attributes in process `syz.3.160'. [ 86.378484][ T7258] netlink: 104 bytes leftover after parsing attributes in process `syz.3.160'. [ 88.200538][ T7306] netlink: 64 bytes leftover after parsing attributes in process `syz.2.174'. [ 88.365584][ T7313] xt_CT: No such helper "pptp" [ 88.466016][ T7319] FAULT_INJECTION: forcing a failure. [ 88.466016][ T7319] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 88.470012][ T7319] CPU: 0 UID: 0 PID: 7319 Comm: syz.2.176 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 88.470026][ T7319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.470033][ T7319] Call Trace: [ 88.470037][ T7319] [ 88.470041][ T7319] dump_stack_lvl+0x16c/0x1f0 [ 88.470060][ T7319] should_fail_ex+0x512/0x640 [ 88.470075][ T7319] _copy_from_user+0x2e/0xd0 [ 88.470089][ T7319] get_compat_msghdr+0xa7/0x170 [ 88.470102][ T7319] ? __pfx_get_compat_msghdr+0x10/0x10 [ 88.470119][ T7319] ___sys_recvmsg+0x191/0x1a0 [ 88.470134][ T7319] ? __pfx____sys_recvmsg+0x10/0x10 [ 88.470153][ T7319] ? ktime_get_ts64+0x2d2/0x400 [ 88.470166][ T7319] ? __pfx___might_resched+0x10/0x10 [ 88.470178][ T7319] ? read_tsc+0x9/0x20 [ 88.470193][ T7319] ? ktime_get_ts64+0x256/0x400 [ 88.470206][ T7319] do_recvmmsg+0x568/0x740 [ 88.470221][ T7319] ? __pfx_do_recvmmsg+0x10/0x10 [ 88.470233][ T7319] ? find_held_lock+0x2b/0x80 [ 88.470243][ T7319] ? __might_fault+0xe3/0x190 [ 88.470256][ T7319] ? __might_fault+0x13b/0x190 [ 88.470273][ T7319] ? __pfx_get_old_timespec32+0x10/0x10 [ 88.470287][ T7319] ? __fget_files+0x20e/0x3c0 [ 88.470299][ T7319] __sys_recvmmsg+0x110/0x280 [ 88.470313][ T7319] ? __pfx___sys_recvmmsg+0x10/0x10 [ 88.470326][ T7319] ? xfd_validate_state+0x5d/0x180 [ 88.470337][ T7319] ? rcu_is_watching+0x12/0xc0 [ 88.470350][ T7319] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 88.470368][ T7319] ? lockdep_hardirqs_on+0x7c/0x110 [ 88.470382][ T7319] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 88.470397][ T7319] __do_fast_syscall_32+0x73/0x120 [ 88.470412][ T7319] do_fast_syscall_32+0x32/0x80 [ 88.470427][ T7319] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 88.470440][ T7319] RIP: 0023:0xf7f98579 [ 88.470448][ T7319] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 88.470457][ T7319] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 88.470467][ T7319] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000440 [ 88.470473][ T7319] RDX: 00000000000006f5 RSI: 0000000000000022 RDI: 0000000080000480 [ 88.470479][ T7319] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 88.470484][ T7319] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 88.470490][ T7319] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 88.470501][ T7319] [ 89.575159][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 89.915241][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 89.920631][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 89.923012][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 89.931994][ T9] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 89.937847][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 89.942806][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 89.948498][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 89.951446][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 89.960008][ T7385] overlayfs: failed to resolve './file1': -2 [ 89.962355][ T9] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 89.967431][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 89.971810][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 90.075702][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 90.078905][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 90.083531][ T9] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 90.105182][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 90.109441][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 90.127397][ T9] usb 5-1: string descriptor 0 read error: -22 [ 90.129941][ T9] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 90.135146][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.280337][ T9] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 90.442464][ T7400] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 90.446241][ T7400] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 90.643388][ T58] usb 5-1: USB disconnect, device number 4 [ 90.646902][ T7399] usb 5-1: Couldn't submit interrupt_out_urb -19 [ 90.653483][ T7405] xt_CT: You must specify a L4 protocol and not use inversions on it [ 90.929130][ T40] audit: type=1804 audit(1745569223.226:2): pid=7410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.190" name="/newroot/50/file0" dev="tmpfs" ino=289 res=1 errno=0 [ 91.051773][ T7414] FAULT_INJECTION: forcing a failure. [ 91.051773][ T7414] name failslab, interval 1, probability 0, space 0, times 0 [ 91.055782][ T7414] CPU: 3 UID: 0 PID: 7414 Comm: syz.1.192 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 91.055796][ T7414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.055802][ T7414] Call Trace: [ 91.055806][ T7414] [ 91.055810][ T7414] dump_stack_lvl+0x16c/0x1f0 [ 91.055828][ T7414] should_fail_ex+0x512/0x640 [ 91.055841][ T7414] ? fs_reclaim_acquire+0xae/0x150 [ 91.055858][ T7414] ? tomoyo_encode2+0x100/0x3e0 [ 91.055872][ T7414] should_failslab+0xc2/0x120 [ 91.055886][ T7414] __kmalloc_noprof+0xd2/0x510 [ 91.055897][ T7414] ? d_absolute_path+0x136/0x1a0 [ 91.055913][ T7414] tomoyo_encode2+0x100/0x3e0 [ 91.055929][ T7414] tomoyo_encode+0x29/0x50 [ 91.055942][ T7414] tomoyo_realpath_from_path+0x18f/0x6e0 [ 91.055960][ T7414] tomoyo_check_open_permission+0x2ab/0x3c0 [ 91.055973][ T7414] ? init_file+0x93/0x4c0 [ 91.055986][ T7414] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 91.055998][ T7414] ? ovl_open+0x1dd/0x330 [ 91.056007][ T7414] ? path_openat+0x1e5e/0x2d40 [ 91.056017][ T7414] ? do_filp_open+0x20b/0x470 [ 91.056038][ T7414] ? do_raw_spin_lock+0x12c/0x2b0 [ 91.056052][ T7414] tomoyo_file_open+0x6b/0x90 [ 91.056062][ T7414] security_file_open+0x84/0x1e0 [ 91.056076][ T7414] do_dentry_open+0x596/0x1c10 [ 91.056088][ T7414] ? find_held_lock+0x2b/0x80 [ 91.056101][ T7414] vfs_open+0x82/0x3f0 [ 91.056113][ T7414] ? do_raw_spin_unlock+0x172/0x230 [ 91.056124][ T7414] backing_file_open+0xac/0x110 [ 91.056135][ T7414] ovl_open_realfile+0x27e/0x3b0 [ 91.056146][ T7414] ovl_open+0x1dd/0x330 [ 91.056155][ T7414] ? __pfx_ovl_open+0x10/0x10 [ 91.056164][ T7414] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 91.056183][ T7414] do_dentry_open+0x741/0x1c10 [ 91.056194][ T7414] ? __pfx_ovl_open+0x10/0x10 [ 91.056205][ T7414] vfs_open+0x82/0x3f0 [ 91.056220][ T7414] path_openat+0x1e5e/0x2d40 [ 91.056235][ T7414] ? __pfx_path_openat+0x10/0x10 [ 91.056249][ T7414] do_filp_open+0x20b/0x470 [ 91.056260][ T7414] ? __pfx_do_filp_open+0x10/0x10 [ 91.056280][ T7414] ? alloc_fd+0x471/0x7d0 [ 91.056293][ T7414] do_sys_openat2+0x11b/0x1d0 [ 91.056307][ T7414] ? __pfx_do_sys_openat2+0x10/0x10 [ 91.056322][ T7414] ? __fget_files+0x20e/0x3c0 [ 91.056337][ T7414] __ia32_compat_sys_openat+0x16d/0x210 [ 91.056353][ T7414] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 91.056368][ T7414] ? ksys_write+0x1b9/0x240 [ 91.056380][ T7414] ? rcu_is_watching+0x12/0xc0 [ 91.056392][ T7414] __do_fast_syscall_32+0x73/0x120 [ 91.056409][ T7414] do_fast_syscall_32+0x32/0x80 [ 91.056424][ T7414] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 91.056437][ T7414] RIP: 0023:0xf709e579 [ 91.056444][ T7414] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 91.056454][ T7414] RSP: 002b:00000000f508e100 EFLAGS: 00000293 ORIG_RAX: 0000000000000127 [ 91.056464][ T7414] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f508e150 [ 91.056470][ T7414] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000f7402ff4 [ 91.056475][ T7414] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 91.056481][ T7414] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 91.056486][ T7414] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 91.056499][ T7414] [ 91.056510][ T7414] ERROR: Out of memory at tomoyo_realpath_from_path. [ 91.169693][ T40] audit: type=1804 audit(1745569223.466:3): pid=7414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.192" name="/newroot/44/bus/file0" dev="overlay" ino=273 res=1 errno=0 [ 91.573269][ T7448] netlink: 4 bytes leftover after parsing attributes in process `syz.2.198'. [ 91.606313][ T7448] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.609119][ T7448] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.611778][ T7448] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.614542][ T7448] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.618565][ T7448] vxlan0: entered promiscuous mode [ 92.436051][ T7470] netlink: 64 bytes leftover after parsing attributes in process `syz.1.201'. [ 92.675409][ T7479] netlink: 'syz.3.205': attribute type 10 has an invalid length. [ 92.677853][ T7479] netlink: 152 bytes leftover after parsing attributes in process `syz.3.205'. [ 92.685226][ T7479] mmap: syz.3.205 (7479) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 92.761113][ T7476] kvm: MONITOR instruction emulated as NOP! [ 92.837264][ T7477] netlink: 'syz.0.204': attribute type 39 has an invalid length. [ 93.851570][ T7526] bridge0: port 3(netdevsim0) entered blocking state [ 93.858664][ T7526] bridge0: port 3(netdevsim0) entered disabled state [ 93.862375][ T7526] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 93.884283][ T7526] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 93.889525][ T7526] bridge0: port 3(netdevsim0) entered blocking state [ 93.892672][ T7526] bridge0: port 3(netdevsim0) entered forwarding state [ 93.907375][ T7526] netlink: 8 bytes leftover after parsing attributes in process `syz.2.214'. [ 94.012709][ T7535] input: syz0 as /devices/virtual/input/input6 [ 94.063048][ T7537] netlink: 80 bytes leftover after parsing attributes in process `syz.3.219'. [ 94.503322][ T7548] netlink: 12 bytes leftover after parsing attributes in process `syz.0.223'. [ 94.683718][ T7556] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 95.488164][ T7574] Driver unsupported XDP return value 0 on prog (id 40) dev N/A, expect packet loss! [ 96.108630][ T7597] loop8: detected capacity change from 0 to 8 [ 96.113638][ T5953] Dev loop8: unable to read RDB block 8 [ 96.116535][ T5953] loop8: unable to read partition table [ 96.118413][ T5953] loop8: partition table beyond EOD, truncated [ 96.159214][ T7597] Dev loop8: unable to read RDB block 8 [ 96.161016][ T7597] loop8: unable to read partition table [ 96.162893][ T7597] loop8: partition table beyond EOD, truncated [ 96.164873][ T7597] loop_reread_partitions: partition scan of loop8 (被x^>& 2t) failed (rc=-5) [ 96.871133][ T7618] netlink: 'syz.2.235': attribute type 1 has an invalid length. [ 96.915251][ T7618] veth3: entered promiscuous mode [ 96.919265][ T7618] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 97.016056][ T7626] netlink: 256 bytes leftover after parsing attributes in process `syz.0.237'. [ 97.080508][ T7629] Bluetooth: MGMT ver 1.23 [ 97.083492][ T7629] FAULT_INJECTION: forcing a failure. [ 97.083492][ T7629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 97.089255][ T7629] CPU: 0 UID: 0 PID: 7629 Comm: syz.0.238 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 97.089270][ T7629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.089277][ T7629] Call Trace: [ 97.089280][ T7629] [ 97.089284][ T7629] dump_stack_lvl+0x16c/0x1f0 [ 97.089315][ T7629] should_fail_ex+0x512/0x640 [ 97.089334][ T7629] _copy_to_user+0x32/0xd0 [ 97.089353][ T7629] simple_read_from_buffer+0xcb/0x170 [ 97.089370][ T7629] proc_fail_nth_read+0x197/0x270 [ 97.089385][ T7629] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 97.089401][ T7629] ? rw_verify_area+0xcf/0x680 [ 97.089417][ T7629] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 97.089431][ T7629] vfs_read+0x1de/0xc70 [ 97.089443][ T7629] ? __pfx___mutex_lock+0x10/0x10 [ 97.089458][ T7629] ? __pfx_vfs_read+0x10/0x10 [ 97.089471][ T7629] ? __fget_files+0x20e/0x3c0 [ 97.089485][ T7629] ksys_read+0x12a/0x240 [ 97.089495][ T7629] ? __pfx_ksys_read+0x10/0x10 [ 97.089506][ T7629] ? rcu_is_watching+0x12/0xc0 [ 97.089519][ T7629] __do_fast_syscall_32+0x73/0x120 [ 97.089535][ T7629] do_fast_syscall_32+0x32/0x80 [ 97.089550][ T7629] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 97.089563][ T7629] RIP: 0023:0xf7f56579 [ 97.089571][ T7629] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 97.089580][ T7629] RSP: 002b:00000000f5076590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 97.089590][ T7629] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f5076620 [ 97.089596][ T7629] RDX: 000000000000000f RSI: 00000000f73e2ff4 RDI: 0000000000000000 [ 97.089602][ T7629] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 97.089607][ T7629] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 97.089613][ T7629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.089625][ T7629] [ 97.096295][ T7631] netlink: 'syz.1.239': attribute type 1 has an invalid length. [ 97.194966][ T7631] 8021q: adding VLAN 0 to HW filter on device bond1 [ 97.219920][ T7631] 8021q: adding VLAN 0 to HW filter on device bond1 [ 97.222282][ T7631] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 97.227413][ T7631] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 97.239742][ T7636] netlink: 'syz.0.240': attribute type 1 has an invalid length. [ 97.252476][ T7636] 8021q: adding VLAN 0 to HW filter on device bond1 [ 97.255177][ T7636] FAULT_INJECTION: forcing a failure. [ 97.255177][ T7636] name failslab, interval 1, probability 0, space 0, times 0 [ 97.259059][ T7636] CPU: 3 UID: 0 PID: 7636 Comm: syz.0.240 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 97.259073][ T7636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 97.259073][ T7638] ip6erspan0: entered promiscuous mode [ 97.259080][ T7636] Call Trace: [ 97.259084][ T7636] [ 97.259088][ T7636] dump_stack_lvl+0x16c/0x1f0 [ 97.259106][ T7636] should_fail_ex+0x512/0x640 [ 97.259119][ T7636] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 97.259134][ T7636] should_failslab+0xc2/0x120 [ 97.259148][ T7636] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 97.259160][ T7636] ? __alloc_skb+0x2b2/0x380 [ 97.259175][ T7636] __alloc_skb+0x2b2/0x380 [ 97.259187][ T7636] ? __pfx___alloc_skb+0x10/0x10 [ 97.259204][ T7636] netlink_alloc_large_skb+0x69/0x130 [ 97.259220][ T7636] netlink_sendmsg+0x6a1/0xdd0 [ 97.259237][ T7636] ? __pfx_netlink_sendmsg+0x10/0x10 [ 97.259253][ T7636] ? __import_iovec+0x1c8/0x660 [ 97.259269][ T7636] ____sys_sendmsg+0xa95/0xc70 [ 97.259280][ T7636] ? __pfx_____sys_sendmsg+0x10/0x10 [ 97.259290][ T7636] ? get_compat_msghdr+0x11a/0x170 [ 97.259318][ T7636] ___sys_sendmsg+0x134/0x1d0 [ 97.259339][ T7636] ? __pfx____sys_sendmsg+0x10/0x10 [ 97.259376][ T7636] __sys_sendmsg+0x16d/0x220 [ 97.259389][ T7636] ? __pfx___sys_sendmsg+0x10/0x10 [ 97.259409][ T7636] ? rcu_is_watching+0x12/0xc0 [ 97.259424][ T7636] __do_fast_syscall_32+0x73/0x120 [ 97.259440][ T7636] do_fast_syscall_32+0x32/0x80 [ 97.259455][ T7636] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 97.259468][ T7636] RIP: 0023:0xf7f56579 [ 97.259476][ T7636] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 97.259485][ T7636] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 97.259496][ T7636] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800000c0 [ 97.259502][ T7636] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 97.259507][ T7636] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 97.259513][ T7636] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 97.259518][ T7636] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.259530][ T7636] [ 97.283030][ T7639] Cannot find del_set index 3 as target [ 97.287166][ T7638] bond1: (slave ip6erspan0): making interface the new active one [ 97.304693][ T7639] netlink: 'syz.2.236': attribute type 11 has an invalid length. [ 97.307647][ T7638] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 97.308882][ T7639] netlink: 224 bytes leftover after parsing attributes in process `syz.2.236'. [ 97.320483][ T7636] ip6erspan0: entered promiscuous mode [ 97.353357][ T7636] bond1: (slave ip6erspan0): making interface the new active one [ 97.356790][ T7636] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 97.490002][ T7645] netlink: 4 bytes leftover after parsing attributes in process `syz.1.242'. [ 97.493144][ T7645] netlink: 12 bytes leftover after parsing attributes in process `syz.1.242'. [ 97.529243][ T7642] block device autoloading is deprecated and will be removed. [ 97.950652][ T7660] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 98.024383][ T7672] lo: entered promiscuous mode [ 98.027184][ T7672] tunl0: entered promiscuous mode [ 98.029563][ T7672] gre0: entered promiscuous mode [ 98.032709][ T7672] gretap0: entered promiscuous mode [ 98.034615][ T7672] erspan0: entered promiscuous mode [ 98.038803][ T7672] ip_vti0: entered promiscuous mode [ 98.040744][ T7672] ip6_vti0: entered promiscuous mode [ 98.042741][ T7672] sit0: entered promiscuous mode [ 98.044583][ T7672] ip6tnl0: entered promiscuous mode [ 98.054277][ T7672] ip6gre0: entered promiscuous mode [ 98.057339][ T7672] syz_tun: entered promiscuous mode [ 98.059717][ T7672] ip6gretap0: entered promiscuous mode [ 98.062143][ T7672] bridge0: entered promiscuous mode [ 98.064175][ T7672] vcan0: entered promiscuous mode [ 98.068003][ T7672] bond0: entered promiscuous mode [ 98.069947][ T7672] bond_slave_0: entered promiscuous mode [ 98.072332][ T7672] bond_slave_1: entered promiscuous mode [ 98.077646][ T7672] team0: entered promiscuous mode [ 98.083351][ T7672] team_slave_0: entered promiscuous mode [ 98.086956][ T7672] team_slave_1: entered promiscuous mode [ 98.089629][ T7672] dummy0: entered promiscuous mode [ 98.093137][ T7672] nlmon0: entered promiscuous mode [ 98.097156][ T7672] caif0: entered promiscuous mode [ 98.098844][ T7672] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 98.115327][ T5955] Bluetooth: hci4: command 0x1003 tx timeout [ 98.131962][ T5962] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 98.346643][ T7693] FAULT_INJECTION: forcing a failure. [ 98.346643][ T7693] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 98.384676][ T7693] CPU: 0 UID: 0 PID: 7693 Comm: syz.2.246 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 98.384693][ T7693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 98.384700][ T7693] Call Trace: [ 98.384704][ T7693] [ 98.384721][ T7693] dump_stack_lvl+0x16c/0x1f0 [ 98.384741][ T7693] should_fail_ex+0x512/0x640 [ 98.384756][ T7693] _copy_from_user+0x2e/0xd0 [ 98.384769][ T7693] cmsghdr_from_user_compat_to_kern+0x355/0x7d0 [ 98.384801][ T7693] ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10 [ 98.384816][ T7693] ? __lock_acquire+0x5ca/0x1ba0 [ 98.384833][ T7693] ____sys_sendmsg+0x488/0xc70 [ 98.384845][ T7693] ? __pfx_____sys_sendmsg+0x10/0x10 [ 98.384857][ T7693] ? __fget_files+0x204/0x3c0 [ 98.384870][ T7693] __sys_sendmsg_sock+0x29/0x40 [ 98.384884][ T7693] io_sendmsg+0x1c8/0x730 [ 98.384897][ T7693] io_issue_sqe+0x4f2/0x1350 [ 98.384909][ T7693] io_submit_sqes+0x921/0x25d0 [ 98.384943][ T7693] __do_sys_io_uring_enter+0xd6a/0x1630 [ 98.384958][ T7693] ? __fget_files+0x20e/0x3c0 [ 98.384967][ T7693] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 98.384979][ T7693] ? fput+0x70/0xf0 [ 98.384992][ T7693] ? ksys_write+0x1b9/0x240 [ 98.385002][ T7693] ? __pfx_ksys_write+0x10/0x10 [ 98.385014][ T7693] ? rcu_is_watching+0x12/0xc0 [ 98.385026][ T7693] __do_fast_syscall_32+0x73/0x120 [ 98.385042][ T7693] do_fast_syscall_32+0x32/0x80 [ 98.385069][ T7693] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 98.385083][ T7693] RIP: 0023:0xf7f98579 [ 98.385091][ T7693] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 98.385101][ T7693] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa [ 98.385111][ T7693] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000db4 [ 98.385117][ T7693] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 98.385122][ T7693] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 98.385128][ T7693] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 98.385133][ T7693] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 98.385146][ T7693] [ 98.714960][ T7710] netlink: 4 bytes leftover after parsing attributes in process `syz.1.248'. [ 98.768633][ T7715] process 'syz.0.250' launched './file1' with NULL argv: empty string added [ 98.772960][ T7715] ======================================================= [ 98.772960][ T7715] WARNING: The mand mount option has been deprecated and [ 98.772960][ T7715] and is ignored by this kernel. Remove the mand [ 98.772960][ T7715] option from the mount to silence this warning. [ 98.772960][ T7715] ======================================================= [ 98.999491][ T7734] FAULT_INJECTION: forcing a failure. [ 98.999491][ T7734] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.005015][ T7734] CPU: 3 UID: 0 PID: 7734 Comm: syz.0.253 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 99.005035][ T7734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.005042][ T7734] Call Trace: [ 99.005046][ T7734] [ 99.005050][ T7734] dump_stack_lvl+0x16c/0x1f0 [ 99.005081][ T7734] should_fail_ex+0x512/0x640 [ 99.005097][ T7734] _copy_from_user+0x2e/0xd0 [ 99.005111][ T7734] input_event_from_user+0x137/0x290 [ 99.005123][ T7734] ? __pfx_input_event_from_user+0x10/0x10 [ 99.005134][ T7734] ? input_inject_event+0x51/0x390 [ 99.005145][ T7734] evdev_write+0x26b/0x440 [ 99.005162][ T7734] ? __pfx_evdev_write+0x10/0x10 [ 99.005179][ T7734] ? bpf_lsm_file_permission+0x9/0x10 [ 99.005189][ T7734] ? security_file_permission+0x71/0x210 [ 99.005204][ T7734] ? rw_verify_area+0xcf/0x680 [ 99.005234][ T7734] vfs_write+0x25c/0x1180 [ 99.005244][ T7734] ? __pfx_evdev_write+0x10/0x10 [ 99.005262][ T7734] ? __pfx_vfs_write+0x10/0x10 [ 99.005271][ T7734] ? find_held_lock+0x2b/0x80 [ 99.005283][ T7734] ? __fget_files+0x204/0x3c0 [ 99.005294][ T7734] ? __fget_files+0x20e/0x3c0 [ 99.005307][ T7734] ksys_write+0x205/0x240 [ 99.005317][ T7734] ? __pfx_ksys_write+0x10/0x10 [ 99.005329][ T7734] ? rcu_is_watching+0x12/0xc0 [ 99.005345][ T7734] __do_fast_syscall_32+0x73/0x120 [ 99.005362][ T7734] do_fast_syscall_32+0x32/0x80 [ 99.005377][ T7734] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 99.005390][ T7734] RIP: 0023:0xf7f56579 [ 99.005399][ T7734] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 99.005408][ T7734] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 99.005418][ T7734] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000040 [ 99.005424][ T7734] RDX: 0000000000000918 RSI: 0000000000000000 RDI: 0000000000000000 [ 99.005430][ T7734] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 99.005435][ T7734] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 99.005440][ T7734] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 99.005453][ T7734] [ 99.244492][ T40] audit: type=1326 audit(1745569231.536:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7746 comm="syz.0.254" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7fc00000 [ 99.555124][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 99.715172][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 99.726869][ T9] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 99.729550][ T9] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 99.732985][ T9] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 99.737152][ T9] usb 5-1: config 250 has no interface number 0 [ 99.739775][ T9] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 99.744577][ T9] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 99.750492][ T9] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 99.754469][ T9] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 99.758614][ T9] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 99.764679][ T9] usb 5-1: config 250 interface 228 has no altsetting 0 [ 99.770956][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 99.773901][ T9] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 99.777675][ T9] usb 5-1: Product: syz [ 99.779111][ T9] usb 5-1: SerialNumber: syz [ 99.785476][ T9] hub 5-1:250.228: bad descriptor, ignoring hub [ 99.787785][ T9] hub 5-1:250.228: probe with driver hub failed with error -5 [ 99.992346][ T9] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 5 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 101.246967][ T7774] evm: overlay not supported [ 101.250292][ T7774] FAULT_INJECTION: forcing a failure. [ 101.250292][ T7774] name failslab, interval 1, probability 0, space 0, times 0 [ 101.255440][ T7774] CPU: 3 UID: 0 PID: 7774 Comm: syz.1.261 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 101.255461][ T7774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 101.255476][ T7774] Call Trace: [ 101.255483][ T7774] [ 101.255490][ T7774] dump_stack_lvl+0x16c/0x1f0 [ 101.255518][ T7774] should_fail_ex+0x512/0x640 [ 101.255536][ T7774] ? fs_reclaim_acquire+0xae/0x150 [ 101.255564][ T7774] should_failslab+0xc2/0x120 [ 101.255587][ T7774] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 101.255608][ T7774] ? ovl_other_xattr_get+0x100/0x160 [ 101.255634][ T7774] ? vfs_getxattr_alloc+0x23b/0x340 [ 101.255654][ T7774] krealloc_noprof+0x1fb/0x380 [ 101.255676][ T7774] vfs_getxattr_alloc+0x23b/0x340 [ 101.255696][ T7774] ? __pfx_vfs_getxattr_alloc+0x10/0x10 [ 101.255713][ T7774] ? lockdep_init_map_type+0x5c/0x280 [ 101.255743][ T7774] ima_read_xattr+0x38/0x60 [ 101.255767][ T7774] process_measurement+0x1180/0x23e0 [ 101.255801][ T7774] ? __pfx_process_measurement+0x10/0x10 [ 101.255862][ T7774] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 101.255887][ T7774] ? inode_to_bdi+0x9e/0x160 [ 101.255914][ T7774] ima_file_check+0xc5/0x110 [ 101.255939][ T7774] ? __pfx_ima_file_check+0x10/0x10 [ 101.255970][ T7774] security_file_post_open+0x8e/0x210 [ 101.255994][ T7774] path_openat+0x147d/0x2d40 [ 101.256021][ T7774] ? __pfx_path_openat+0x10/0x10 [ 101.256040][ T7774] ? __lock_acquire+0xaa4/0x1ba0 [ 101.256065][ T7774] do_filp_open+0x20b/0x470 [ 101.256083][ T7774] ? __pfx_do_filp_open+0x10/0x10 [ 101.256119][ T7774] ? _raw_spin_unlock+0x28/0x50 [ 101.256139][ T7774] ? alloc_fd+0x471/0x7d0 [ 101.256162][ T7774] do_sys_openat2+0x11b/0x1d0 [ 101.256184][ T7774] ? __pfx_do_sys_openat2+0x10/0x10 [ 101.256208][ T7774] ? __fget_files+0x20e/0x3c0 [ 101.256228][ T7774] __ia32_compat_sys_open+0x146/0x1e0 [ 101.256251][ T7774] ? __pfx___ia32_compat_sys_open+0x10/0x10 [ 101.256278][ T7774] ? rcu_is_watching+0x12/0xc0 [ 101.256294][ T7774] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 101.256320][ T7774] __do_fast_syscall_32+0x73/0x120 [ 101.256344][ T7774] do_fast_syscall_32+0x32/0x80 [ 101.256367][ T7774] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 101.256386][ T7774] RIP: 0023:0xf709e579 [ 101.256399][ T7774] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 101.256413][ T7774] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000005 [ 101.256427][ T7774] RAX: ffffffffffffffda RBX: 0000000080000080 RCX: 0000000000141042 [ 101.256437][ T7774] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 101.256445][ T7774] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 101.256453][ T7774] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 101.256461][ T7774] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 101.256486][ T7774] [ 101.731114][ T7783] nfs: Deprecated parameter 'nointr' [ 102.063392][ T7789] Cannot find del_set index 3 as target [ 102.075267][ T7789] netlink: 'syz.2.266': attribute type 11 has an invalid length. [ 102.077849][ T7789] netlink: 224 bytes leftover after parsing attributes in process `syz.2.266'. [ 102.138977][ T40] audit: type=1326 audit(1745569234.436:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7746 comm="syz.0.254" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7fc00000 [ 102.285669][ T1334] usb 5-1: USB disconnect, device number 5 [ 102.297522][ T1334] usblp0: removed [ 102.317772][ T7801] netlink: 'syz.0.268': attribute type 1 has an invalid length. [ 102.384019][ T7804] FAULT_INJECTION: forcing a failure. [ 102.384019][ T7804] name failslab, interval 1, probability 0, space 0, times 0 [ 102.388360][ T7804] CPU: 0 UID: 0 PID: 7804 Comm: syz.0.268 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 102.388374][ T7804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 102.388380][ T7804] Call Trace: [ 102.388384][ T7804] [ 102.388388][ T7804] dump_stack_lvl+0x16c/0x1f0 [ 102.388419][ T7804] should_fail_ex+0x512/0x640 [ 102.388443][ T7804] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 102.388456][ T7804] should_failslab+0xc2/0x120 [ 102.388470][ T7804] __kmalloc_cache_noprof+0x6a/0x3e0 [ 102.388481][ T7804] ? irqentry_exit+0x3b/0x90 [ 102.388495][ T7804] ? lockdep_hardirqs_on+0x7c/0x110 [ 102.388508][ T7804] ? resv_map_alloc+0x46/0x400 [ 102.388524][ T7804] resv_map_alloc+0x46/0x400 [ 102.388538][ T7804] hugetlbfs_get_inode+0x33f/0x730 [ 102.388551][ T7804] ? hugetlb_file_setup+0x2c1/0x620 [ 102.388566][ T7804] hugetlb_file_setup+0x15b/0x620 [ 102.388581][ T7804] ksys_mmap_pgoff+0x189/0x5c0 [ 102.388597][ T7804] ? __ia32_sys_mmap_pgoff+0x11/0x1b0 [ 102.388614][ T7804] __do_fast_syscall_32+0x73/0x120 [ 102.388630][ T7804] do_fast_syscall_32+0x32/0x80 [ 102.388645][ T7804] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 102.388658][ T7804] RIP: 0023:0xf7f56579 [ 102.388666][ T7804] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 102.388675][ T7804] RSP: 002b:00000000f505555c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 102.388685][ T7804] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000ff5000 [ 102.388691][ T7804] RDX: 0000000000000004 RSI: 000000000005c831 RDI: 00000000ffffffff [ 102.388697][ T7804] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 102.388702][ T7804] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 102.388708][ T7804] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 102.388720][ T7804] [ 102.957059][ T7818] netlink: 8 bytes leftover after parsing attributes in process `syz.2.270'. [ 103.686310][ T7831] input: syz0 as /devices/virtual/input/input7 [ 104.115424][ T24] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 104.275865][ T7840] Cannot find del_set index 3 as target [ 104.283523][ T7840] netlink: 'syz.0.275': attribute type 11 has an invalid length. [ 104.286144][ T7840] netlink: 224 bytes leftover after parsing attributes in process `syz.0.275'. [ 104.292114][ T24] usb 7-1: unable to get BOS descriptor or descriptor too short [ 104.297345][ T24] usb 7-1: config 1 interface 0 altsetting 170 bulk endpoint 0x82 has invalid maxpacket 16 [ 104.302102][ T24] usb 7-1: config 1 interface 0 has no altsetting 0 [ 104.307327][ T24] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 104.311346][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.314722][ T24] usb 7-1: Product: syz [ 104.317437][ T24] usb 7-1: Manufacturer: syz [ 104.319585][ T24] usb 7-1: SerialNumber: syz [ 104.324635][ T7834] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 104.634460][ T7833] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2 [ 104.637800][ T7833] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0 [ 104.800184][ T7852] netlink: 'syz.3.276': attribute type 10 has an invalid length. [ 104.813077][ T7852] batman_adv: batadv0: Adding interface: team0 [ 104.818571][ T7852] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.829629][ T7852] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 104.834836][ T7852] netlink: 'syz.3.276': attribute type 10 has an invalid length. [ 104.838008][ T7852] netlink: 2 bytes leftover after parsing attributes in process `syz.3.276'. [ 104.841356][ T7852] team0: entered promiscuous mode [ 104.843497][ T7852] team_slave_0: entered promiscuous mode [ 104.846242][ T7852] team_slave_1: entered promiscuous mode [ 104.849446][ T7852] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.851877][ T7852] batman_adv: batadv0: Interface activated: team0 [ 104.854051][ T7852] batman_adv: batadv0: Interface deactivated: team0 [ 104.856727][ T7852] batman_adv: batadv0: Removing interface: team0 [ 104.859624][ T7852] bridge0: port 3(team0) entered blocking state [ 104.861893][ T7852] bridge0: port 3(team0) entered disabled state [ 104.864076][ T7852] team0: entered allmulticast mode [ 104.866022][ T7852] team_slave_0: entered allmulticast mode [ 104.867944][ T7852] team_slave_1: entered allmulticast mode [ 104.871732][ T7852] bridge0: port 3(team0) entered blocking state [ 104.873835][ T7852] bridge0: port 3(team0) entered forwarding state [ 105.422634][ T7883] fuse: Unknown parameter '00000000000000000004' [ 106.015237][ T58] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 106.185231][ T58] usb 8-1: Using ep0 maxpacket: 8 [ 106.189338][ T58] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.193082][ T58] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.196253][ T58] usb 8-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 106.199148][ T58] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.213795][ T58] usb 8-1: config 0 descriptor?? [ 106.435211][ T7889] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 106.438965][ T46] Bluetooth: hci4: Frame reassembly failed (-84) [ 106.776916][ T24] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -71 [ 106.792149][ T24] usb 7-1: USB disconnect, device number 4 [ 106.834656][ T40] audit: type=1800 audit(1745569239.126:6): pid=7910 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.290" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 106.848237][ T7910] netlink: 28 bytes leftover after parsing attributes in process `syz.2.290'. [ 108.000598][ T7928] netlink: 4 bytes leftover after parsing attributes in process `syz.0.296'. [ 108.126130][ T7938] netlink: 'syz.0.297': attribute type 9 has an invalid length. [ 108.435189][ T5957] Bluetooth: hci4: command 0x1003 tx timeout [ 108.438718][ T5962] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 108.536532][ T40] audit: type=1804 audit(1745569240.836:7): pid=7957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.301" name="/newroot/91/file0" dev="tmpfs" ino=510 res=1 errno=0 [ 108.817414][ T58] usbhid 8-1:0.0: can't add hid device: -71 [ 108.820456][ T58] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 108.828117][ T58] usb 8-1: USB disconnect, device number 3 [ 108.915198][ T5962] Bluetooth: hci5: command 0xfc11 tx timeout [ 108.915212][ T5955] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 108.936315][ T7910] sp0: Synchronizing with TNC [ 109.037728][ T7965] program syz.2.304 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 109.078603][ T7968] netlink: 80 bytes leftover after parsing attributes in process `syz.2.305'. [ 109.081491][ T7968] ip6tnl0: left promiscuous mode [ 109.083417][ T7968] netlink: 80 bytes leftover after parsing attributes in process `syz.2.305'. [ 109.118729][ T7970] capability: warning: `syz.2.306' uses deprecated v2 capabilities in a way that may be insecure [ 109.375256][ T71] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 109.505136][ T71] usb 7-1: device descriptor read/64, error -71 [ 109.755153][ T71] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 109.858570][ T7986] FAULT_INJECTION: forcing a failure. [ 109.858570][ T7986] name failslab, interval 1, probability 0, space 0, times 0 [ 109.863963][ T7986] CPU: 0 UID: 0 PID: 7986 Comm: syz.3.309 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 109.863984][ T7986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 109.863993][ T7986] Call Trace: [ 109.863999][ T7986] [ 109.864005][ T7986] dump_stack_lvl+0x16c/0x1f0 [ 109.864032][ T7986] should_fail_ex+0x512/0x640 [ 109.864055][ T7986] should_failslab+0xc2/0x120 [ 109.864077][ T7986] __kmalloc_cache_noprof+0x6a/0x3e0 [ 109.864096][ T7986] ? sctp_add_bind_addr+0xae/0x3f0 [ 109.864121][ T7986] sctp_add_bind_addr+0xae/0x3f0 [ 109.864162][ T7986] sctp_copy_local_addr_list+0x39d/0x5a0 [ 109.864192][ T7986] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 109.864220][ T7986] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 109.864249][ T7986] ? sctp_bind_addr_copy+0xe0/0x530 [ 109.864270][ T7986] sctp_bind_addr_copy+0xe0/0x530 [ 109.864295][ T7986] sctp_connect_new_asoc+0x1d7/0x790 [ 109.864316][ T7986] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 109.864340][ T7986] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 109.864360][ T7986] sctp_sendmsg+0x15f9/0x1ee0 [ 109.864385][ T7986] ? __pfx_sctp_sendmsg+0x10/0x10 [ 109.864404][ T7986] ? __pfx___might_resched+0x10/0x10 [ 109.864432][ T7986] ? find_held_lock+0x2b/0x80 [ 109.864450][ T7986] ? __pfx_aa_sk_perm+0x10/0x10 [ 109.864472][ T7986] ? __import_iovec+0x1c8/0x660 [ 109.864492][ T7986] ? __pfx_sctp_sendmsg+0x10/0x10 [ 109.864509][ T7986] inet_sendmsg+0x119/0x140 [ 109.864527][ T7986] ____sys_sendmsg+0x973/0xc70 [ 109.864546][ T7986] ? __pfx_____sys_sendmsg+0x10/0x10 [ 109.864560][ T7986] ? get_compat_msghdr+0x11a/0x170 [ 109.864593][ T7986] ___sys_sendmsg+0x134/0x1d0 [ 109.864614][ T7986] ? __pfx____sys_sendmsg+0x10/0x10 [ 109.864665][ T7986] __sys_sendmsg+0x16d/0x220 [ 109.864687][ T7986] ? __pfx___sys_sendmsg+0x10/0x10 [ 109.864719][ T7986] ? rcu_is_watching+0x12/0xc0 [ 109.864740][ T7986] __do_fast_syscall_32+0x73/0x120 [ 109.864765][ T7986] do_fast_syscall_32+0x32/0x80 [ 109.864789][ T7986] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 109.864808][ T7986] RIP: 0023:0xf70be579 [ 109.864841][ T7986] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 109.864855][ T7986] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 109.864871][ T7986] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 109.864881][ T7986] RDX: 00000000000040f0 RSI: 0000000000000000 RDI: 0000000000000000 [ 109.864891][ T7986] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 109.864900][ T7986] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 109.864908][ T7986] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 109.864930][ T7986] [ 109.916131][ T71] usb 7-1: device descriptor read/64, error -71 [ 110.075394][ T71] usb usb7-port1: attempt power cycle [ 110.255279][ T6116] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 110.405158][ T6116] usb 8-1: Using ep0 maxpacket: 8 [ 110.408001][ T6116] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 110.411401][ T6116] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 110.414464][ T6116] usb 8-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 110.417687][ T71] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 110.420209][ T6116] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.425615][ T6116] usb 8-1: config 0 descriptor?? [ 110.445629][ T71] usb 7-1: device descriptor read/8, error -71 [ 110.461543][ T8003] MTD: Attempt to mount non-MTD device "/dev/sr0" [ 110.516555][ T8002] o2cb: This node has not been configured. [ 110.518811][ T8002] o2cb: Cluster check failed. Fix errors before retrying. [ 110.521337][ T8002] (syz.0.312,8002,3):user_dlm_register:674 ERROR: status = -22 [ 110.523804][ T8002] (syz.0.312,8002,3):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file1" [ 110.596724][ T8003] /dev/sr0: Can't open blockdev [ 110.637026][ T13] Bluetooth: hci4: Frame reassembly failed (-84) [ 110.639448][ T7992] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 110.696896][ T71] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 110.726433][ T71] usb 7-1: device descriptor read/8, error -71 [ 110.835701][ T71] usb usb7-port1: unable to enumerate USB device [ 110.998613][ T8013] netlink: 36 bytes leftover after parsing attributes in process `syz.1.316'. [ 111.048929][ T8015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.317'. [ 111.051723][ T8015] netlink: 'syz.1.317': attribute type 30 has an invalid length. [ 111.057202][ T8015] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 111.059773][ T8015] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 111.062446][ T8015] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 111.064981][ T8015] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 111.112502][ T8016] Cannot find del_set index 3 as target [ 111.123274][ T8016] netlink: 'syz.0.315': attribute type 11 has an invalid length. [ 111.125794][ T8016] netlink: 224 bytes leftover after parsing attributes in process `syz.0.315'. [ 111.368843][ T71] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 111.515221][ T71] usb 6-1: Using ep0 maxpacket: 8 [ 111.518523][ T71] usb 6-1: config 1 interface 0 altsetting 6 endpoint 0x2 has an invalid bInterval 129, changing to 11 [ 111.521990][ T71] usb 6-1: config 1 interface 0 has no altsetting 0 [ 112.675239][ T5962] Bluetooth: hci4: command 0x1003 tx timeout [ 112.675298][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 112.905319][ T8065] netlink: 56 bytes leftover after parsing attributes in process `syz.0.323'. [ 113.013247][ T6116] usbhid 8-1:0.0: can't add hid device: -71 [ 113.015376][ T6116] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 113.039735][ T6116] usb 8-1: USB disconnect, device number 4 [ 113.226215][ T8063] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 113.905566][ T8097] netlink: 28 bytes leftover after parsing attributes in process `syz.3.336'. [ 113.910958][ T8097] netlink: 28 bytes leftover after parsing attributes in process `syz.3.336'. [ 114.062278][ T8111] syzkaller0: entered promiscuous mode [ 114.064027][ T8111] syzkaller0: entered allmulticast mode [ 114.143228][ T71] usb 6-1: string descriptor 0 read error: -71 [ 114.145884][ T71] usb 6-1: New USB device found, idVendor=0eef, idProduct=722a, bcdDevice= 0.40 [ 114.149321][ T71] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.154688][ T71] usb 6-1: can't set config #1, error -71 [ 114.158094][ T71] usb 6-1: USB disconnect, device number 3 [ 114.188603][ T8113] FAULT_INJECTION: forcing a failure. [ 114.188603][ T8113] name failslab, interval 1, probability 0, space 0, times 0 [ 114.196974][ T8113] CPU: 0 UID: 0 PID: 8113 Comm: syz.1.340 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 114.196990][ T8113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.196996][ T8113] Call Trace: [ 114.197000][ T8113] [ 114.197004][ T8113] dump_stack_lvl+0x16c/0x1f0 [ 114.197022][ T8113] should_fail_ex+0x512/0x640 [ 114.197035][ T8113] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 114.197049][ T8113] should_failslab+0xc2/0x120 [ 114.197064][ T8113] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 114.197076][ T8113] ? __alloc_skb+0x2b2/0x380 [ 114.197091][ T8113] __alloc_skb+0x2b2/0x380 [ 114.197104][ T8113] ? __pfx___alloc_skb+0x10/0x10 [ 114.197140][ T8113] netlink_alloc_large_skb+0x69/0x130 [ 114.197156][ T8113] netlink_sendmsg+0x6a1/0xdd0 [ 114.197173][ T8113] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.197188][ T8113] ? __import_iovec+0x1c8/0x660 [ 114.197205][ T8113] ____sys_sendmsg+0xa95/0xc70 [ 114.197216][ T8113] ? __pfx_____sys_sendmsg+0x10/0x10 [ 114.197225][ T8113] ? get_compat_msghdr+0x11a/0x170 [ 114.197243][ T8113] ___sys_sendmsg+0x134/0x1d0 [ 114.197258][ T8113] ? __pfx____sys_sendmsg+0x10/0x10 [ 114.197287][ T8113] __sys_sendmsg+0x16d/0x220 [ 114.197301][ T8113] ? __pfx___sys_sendmsg+0x10/0x10 [ 114.197320][ T8113] ? rcu_is_watching+0x12/0xc0 [ 114.197333][ T8113] __do_fast_syscall_32+0x73/0x120 [ 114.197349][ T8113] do_fast_syscall_32+0x32/0x80 [ 114.197364][ T8113] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 114.197377][ T8113] RIP: 0023:0xf709e579 [ 114.197385][ T8113] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 114.197395][ T8113] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 114.197405][ T8113] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000f40 [ 114.197412][ T8113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 114.197417][ T8113] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 114.197423][ T8113] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 114.197428][ T8113] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 114.197440][ T8113] [ 115.206577][ T8115] netlink: 'syz.1.341': attribute type 3 has an invalid length. [ 117.105675][ T8196] FAULT_INJECTION: forcing a failure. [ 117.105675][ T8196] name failslab, interval 1, probability 0, space 0, times 0 [ 117.112588][ T8196] CPU: 0 UID: 0 PID: 8196 Comm: syz.2.362 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 117.112610][ T8196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 117.112619][ T8196] Call Trace: [ 117.112625][ T8196] [ 117.112631][ T8196] dump_stack_lvl+0x16c/0x1f0 [ 117.112672][ T8196] should_fail_ex+0x512/0x640 [ 117.112695][ T8196] ? fs_reclaim_acquire+0xae/0x150 [ 117.112721][ T8196] ? kobject_get_path+0xd2/0x2a0 [ 117.112741][ T8196] should_failslab+0xc2/0x120 [ 117.112784][ T8196] __kmalloc_noprof+0xd2/0x510 [ 117.112808][ T8196] kobject_get_path+0xd2/0x2a0 [ 117.112834][ T8196] kobject_uevent_env+0x289/0x1870 [ 117.112849][ T8196] ? __pfx_dev_uevent_name+0x10/0x10 [ 117.112874][ T8196] ? bus_to_subsys+0x12d/0x160 [ 117.112896][ T8196] device_del+0x623/0x9f0 [ 117.112921][ T8196] ? __pfx_device_del+0x10/0x10 [ 117.112950][ T8196] device_unregister+0x1d/0xc0 [ 117.112972][ T8196] device_destroy+0x99/0xe0 [ 117.112994][ T8196] ? __pfx_device_destroy+0x10/0x10 [ 117.113018][ T8196] ? kobject_put+0x210/0x5a0 [ 117.113042][ T8196] tty_unregister_device+0x82/0x1c0 [ 117.113066][ T8196] gsm_cleanup_mux+0x619/0x8b0 [ 117.113086][ T8196] ? __pfx_gsm_cleanup_mux+0x10/0x10 [ 117.113111][ T8196] ? __pfx___might_resched+0x10/0x10 [ 117.113132][ T8196] gsmld_close+0x45/0x200 [ 117.113148][ T8196] ? __pfx_gsmld_close+0x10/0x10 [ 117.113165][ T8196] tty_ldisc_close+0x111/0x1a0 [ 117.113188][ T8196] tty_set_ldisc+0x24e/0x780 [ 117.113212][ T8196] tty_ioctl+0xc42/0x1610 [ 117.113227][ T8196] ? __pfx_tty_ioctl+0x10/0x10 [ 117.113253][ T8196] ? find_held_lock+0x2b/0x80 [ 117.113268][ T8196] ? hook_file_ioctl_common+0x145/0x410 [ 117.113292][ T8196] ? __fget_files+0x20e/0x3c0 [ 117.113306][ T8196] ? __fput_deferred+0x300/0x370 [ 117.113328][ T8196] tty_compat_ioctl+0x24a/0x4d0 [ 117.113342][ T8196] ? __pfx_tty_compat_ioctl+0x10/0x10 [ 117.113357][ T8196] __ia32_compat_sys_ioctl+0x24c/0x360 [ 117.113382][ T8196] __do_fast_syscall_32+0x73/0x120 [ 117.113411][ T8196] do_fast_syscall_32+0x32/0x80 [ 117.113433][ T8196] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.113452][ T8196] RIP: 0023:0xf7f98579 [ 117.113464][ T8196] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 117.113477][ T8196] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 117.113492][ T8196] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005423 [ 117.113502][ T8196] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 117.113511][ T8196] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 117.113519][ T8196] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 117.113527][ T8196] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 117.113548][ T8196] [ 117.958109][ T5995] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 118.186955][ T5995] usb 6-1: Using ep0 maxpacket: 16 [ 118.196298][ T5995] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.199606][ T5995] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.202769][ T5995] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 118.214894][ T5995] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 118.219134][ T5995] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.223255][ T5995] usb 6-1: config 0 descriptor?? [ 118.359621][ T8236] overlay: Unknown parameter 'subj_type' [ 118.635063][ T5995] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 118.636234][ T8246] netlink: 8 bytes leftover after parsing attributes in process `syz.3.372'. [ 118.637583][ T5995] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 118.637600][ T5995] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 118.642708][ T8246] gtp0: entered promiscuous mode [ 118.644914][ T5995] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 118.646164][ T8246] gtp0: entered allmulticast mode [ 118.649960][ T5995] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 118.654752][ T5995] input: HID 0955:7214 Haptics as /devices/virtual/input/input9 [ 118.674965][ T5995] shield 0003:0955:7214.0002: Registered Thunderstrike controller [ 118.677881][ T5995] shield 0003:0955:7214.0002: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 118.819425][ T8250] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.417062][ T8265] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 119.697099][ T24] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ESHUTDOWN [ 119.702386][ T24] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 119.706702][ T24] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 119.710989][ T24] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 119.809580][ T8288] FAULT_INJECTION: forcing a failure. [ 119.809580][ T8288] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 119.814622][ T8288] CPU: 1 UID: 0 PID: 8288 Comm: syz.3.385 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 119.814639][ T8288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 119.814648][ T8288] Call Trace: [ 119.814654][ T8288] [ 119.814660][ T8288] dump_stack_lvl+0x16c/0x1f0 [ 119.814685][ T8288] should_fail_ex+0x512/0x640 [ 119.814707][ T8288] _copy_from_iter+0x2a4/0x15b0 [ 119.814726][ T8288] ? __lock_acquire+0xaa4/0x1ba0 [ 119.814747][ T8288] ? __pfx__copy_from_iter+0x10/0x10 [ 119.814771][ T8288] ? find_held_lock+0x2b/0x80 [ 119.814790][ T8288] tun_get_user+0x240/0x3b10 [ 119.814815][ T8288] ? __lock_acquire+0x5ca/0x1ba0 [ 119.814836][ T8288] ? __pfx_tun_get_user+0x10/0x10 [ 119.814856][ T8288] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 119.814882][ T8288] ? find_held_lock+0x2b/0x80 [ 119.814896][ T8288] ? tun_get+0x191/0x370 [ 119.814917][ T8288] tun_chr_write_iter+0xdc/0x210 [ 119.814941][ T8288] vfs_write+0x5ba/0x1180 [ 119.814958][ T8288] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 119.814981][ T8288] ? __pfx_vfs_write+0x10/0x10 [ 119.814992][ T8288] ? find_held_lock+0x2b/0x80 [ 119.815020][ T8288] ksys_write+0x12a/0x240 [ 119.815035][ T8288] ? __pfx_ksys_write+0x10/0x10 [ 119.815066][ T8288] ? rcu_is_watching+0x12/0xc0 [ 119.815082][ T8288] __do_fast_syscall_32+0x73/0x120 [ 119.815106][ T8288] do_fast_syscall_32+0x32/0x80 [ 119.815128][ T8288] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 119.815146][ T8288] RIP: 0023:0xf70be579 [ 119.815158][ T8288] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 119.815172][ T8288] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 119.815181][ T8288] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800008c0 [ 119.815191][ T8288] RDX: 0000000000000022 RSI: 0000000000000000 RDI: 0000000000000000 [ 119.815200][ T8288] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 119.815208][ T8288] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 119.815216][ T8288] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 119.815236][ T8288] [ 119.835640][ T58] usb 6-1: reset high-speed USB device number 4 using dummy_hcd [ 120.026029][ T58] usb 6-1: device descriptor read/64, error -32 [ 120.105020][ T8293] ip6t_srh: unknown srh invflags 85DA [ 120.275320][ T58] usb 6-1: reset high-speed USB device number 4 using dummy_hcd [ 120.415137][ T58] usb 6-1: device descriptor read/64, error -32 [ 120.648432][ T8301] overlayfs: failed to resolve './file1': -2 [ 120.655808][ T58] usb 6-1: reset high-speed USB device number 4 using dummy_hcd [ 120.676366][ T58] usb 6-1: device descriptor read/8, error -32 [ 120.688557][ T8303] netlink: 20 bytes leftover after parsing attributes in process `syz.0.390'. [ 120.717693][ T8306] ufs: You didn't specify the type of your ufs filesystem [ 120.717693][ T8306] [ 120.717693][ T8306] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 120.717693][ T8306] [ 120.717693][ T8306] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 120.727786][ T8306] ufs: ufstype=old is supported read-only [ 120.730031][ T8306] syz.0.391: attempt to access beyond end of device [ 120.730031][ T8306] loop1: rw=0, sector=16, nr_sectors = 2 limit=0 [ 120.737059][ T8306] 9pnet_fd: Insufficient options for proto=fd [ 120.739725][ T8306] overlay: ./file0 is not a directory [ 121.441420][ T8333] team0: Device gtp0 is of different type [ 121.464821][ T8334] team0: Device gtp0 is of different type [ 121.500414][ T8337] tipc: Started in network mode [ 121.502079][ T8337] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 121.504318][ T8337] tipc: Enabled bearer , priority 27 [ 121.567726][ T24] usb 6-1: USB disconnect, device number 4 [ 121.582907][ T8339] netlink: 4 bytes leftover after parsing attributes in process `syz.0.402'. [ 121.774244][ T8345] FAULT_INJECTION: forcing a failure. [ 121.774244][ T8345] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 121.780032][ T8345] CPU: 0 UID: 0 PID: 8345 Comm: syz.0.404 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 121.780057][ T8345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 121.780063][ T8345] Call Trace: [ 121.780067][ T8345] [ 121.780071][ T8345] dump_stack_lvl+0x16c/0x1f0 [ 121.780089][ T8345] should_fail_ex+0x512/0x640 [ 121.780104][ T8345] _copy_to_user+0x32/0xd0 [ 121.780118][ T8345] simple_read_from_buffer+0xcb/0x170 [ 121.780136][ T8345] proc_fail_nth_read+0x197/0x270 [ 121.780151][ T8345] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 121.780167][ T8345] ? rw_verify_area+0xcf/0x680 [ 121.780182][ T8345] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 121.780197][ T8345] vfs_read+0x1de/0xc70 [ 121.780209][ T8345] ? __pfx___mutex_lock+0x10/0x10 [ 121.780223][ T8345] ? __pfx_vfs_read+0x10/0x10 [ 121.780237][ T8345] ? __fget_files+0x20e/0x3c0 [ 121.780251][ T8345] ksys_read+0x12a/0x240 [ 121.780260][ T8345] ? __pfx_ksys_read+0x10/0x10 [ 121.780272][ T8345] ? rcu_is_watching+0x12/0xc0 [ 121.780284][ T8345] __do_fast_syscall_32+0x73/0x120 [ 121.780300][ T8345] do_fast_syscall_32+0x32/0x80 [ 121.780315][ T8345] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 121.780327][ T8345] RIP: 0023:0xf7f56579 [ 121.780335][ T8345] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 121.780345][ T8345] RSP: 002b:00000000f5076590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 121.780354][ T8345] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5076620 [ 121.780361][ T8345] RDX: 000000000000000f RSI: 00000000f73e2ff4 RDI: 0000000000000000 [ 121.780370][ T8345] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 121.780376][ T8345] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 121.780382][ T8345] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 121.780395][ T8345] [ 122.033681][ T8358] netlink: 80 bytes leftover after parsing attributes in process `syz.1.406'. [ 122.038024][ T8351] "syz.2.403" (8351) uses obsolete ecb(arc4) skcipher [ 122.041042][ T8358] netlink: 80 bytes leftover after parsing attributes in process `syz.1.406'. [ 122.636486][ T6116] tipc: Node number set to 8432298 [ 122.799111][ T8388] FAULT_INJECTION: forcing a failure. [ 122.799111][ T8388] name failslab, interval 1, probability 0, space 0, times 0 [ 122.803144][ T8388] CPU: 0 UID: 0 PID: 8388 Comm: syz.3.415 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 122.803159][ T8388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 122.803165][ T8388] Call Trace: [ 122.803169][ T8388] [ 122.803174][ T8388] dump_stack_lvl+0x16c/0x1f0 [ 122.803205][ T8388] should_fail_ex+0x512/0x640 [ 122.803218][ T8388] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 122.803233][ T8388] should_failslab+0xc2/0x120 [ 122.803247][ T8388] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 122.803260][ T8388] ? __alloc_skb+0x2b2/0x380 [ 122.803275][ T8388] __alloc_skb+0x2b2/0x380 [ 122.803288][ T8388] ? __pfx___alloc_skb+0x10/0x10 [ 122.803305][ T8388] netlink_alloc_large_skb+0x69/0x130 [ 122.803322][ T8388] netlink_sendmsg+0x6a1/0xdd0 [ 122.803338][ T8388] ? __pfx_netlink_sendmsg+0x10/0x10 [ 122.803354][ T8388] ? __import_iovec+0x1c8/0x660 [ 122.803370][ T8388] ____sys_sendmsg+0xa95/0xc70 [ 122.803382][ T8388] ? __pfx_____sys_sendmsg+0x10/0x10 [ 122.803391][ T8388] ? get_compat_msghdr+0x11a/0x170 [ 122.803410][ T8388] ___sys_sendmsg+0x134/0x1d0 [ 122.803424][ T8388] ? __pfx____sys_sendmsg+0x10/0x10 [ 122.803453][ T8388] __sys_sendmsg+0x16d/0x220 [ 122.803467][ T8388] ? __pfx___sys_sendmsg+0x10/0x10 [ 122.803486][ T8388] ? rcu_is_watching+0x12/0xc0 [ 122.803498][ T8388] __do_fast_syscall_32+0x73/0x120 [ 122.803514][ T8388] do_fast_syscall_32+0x32/0x80 [ 122.803529][ T8388] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 122.803542][ T8388] RIP: 0023:0xf70be579 [ 122.803550][ T8388] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 122.803561][ T8388] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 122.803570][ T8388] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000f40 [ 122.803576][ T8388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 122.803582][ T8388] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 122.803588][ T8388] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 122.803594][ T8388] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 122.803606][ T8388] [ 123.755158][ T6116] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 123.895902][ T8413] netlink: 176 bytes leftover after parsing attributes in process `syz.3.425'. [ 123.958088][ T6116] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.962339][ T6116] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 123.966274][ T6116] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 123.971104][ T6116] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 123.973894][ T6116] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.977973][ T6116] usb 6-1: config 0 descriptor?? [ 124.396396][ T6116] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 124.407421][ T6116] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 124.446846][ T8431] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 124.519233][ T8434] netlink: 4 bytes leftover after parsing attributes in process `syz.3.430'. [ 124.559037][ T8434] bridge_slave_1 (unregistering): left allmulticast mode [ 124.561377][ T8434] bridge_slave_1 (unregistering): left promiscuous mode [ 124.563869][ T8434] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.680767][ T8403] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 124.686076][ T8403] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 124.760715][ T7106] usb 6-1: USB disconnect, device number 5 [ 125.097506][ T40] audit: type=1326 audit(1745569257.396:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8451 comm="syz.2.437" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000 [ 125.104342][ T40] audit: type=1326 audit(1745569257.396:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8451 comm="syz.2.437" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000 [ 125.109186][ T8452] loop6: detected capacity change from 0 to 524287999 [ 125.111839][ T40] audit: type=1326 audit(1745569257.396:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8451 comm="syz.2.437" exe="/syz-executor" sig=0 arch=40000003 syscall=282 compat=1 ip=0xf7f98579 code=0x7ffc0000 [ 125.120558][ T40] audit: type=1326 audit(1745569257.396:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8451 comm="syz.2.437" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000 [ 125.130179][ T40] audit: type=1326 audit(1745569257.396:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8451 comm="syz.2.437" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000 [ 125.138917][ T40] audit: type=1326 audit(1745569257.396:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8451 comm="syz.2.437" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f98579 code=0x7ffc0000 [ 125.148094][ T40] audit: type=1326 audit(1745569257.396:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8451 comm="syz.2.437" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000 [ 125.156586][ T40] audit: type=1326 audit(1745569257.396:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8451 comm="syz.2.437" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000 [ 125.165671][ T40] audit: type=1326 audit(1745569257.396:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8451 comm="syz.2.437" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7f98579 code=0x7ffc0000 [ 125.174145][ T40] audit: type=1326 audit(1745569257.396:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8451 comm="syz.2.437" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000 [ 125.266099][ T8454] block nbd2: shutting down sockets [ 125.851997][ T8471] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 126.536527][ T8491] Bluetooth: MGMT ver 1.23 [ 127.099985][ T8512] netlink: 80 bytes leftover after parsing attributes in process `syz.3.453'. [ 127.103838][ T8512] netlink: 80 bytes leftover after parsing attributes in process `syz.3.453'. [ 127.200605][ T8514] netlink: 'syz.2.454': attribute type 11 has an invalid length. [ 127.203045][ T8514] netlink: 224 bytes leftover after parsing attributes in process `syz.2.454'. [ 127.206484][ T8513] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 127.808176][ T8548] netlink: 152 bytes leftover after parsing attributes in process `syz.0.463'. [ 127.860021][ T8553] FAULT_INJECTION: forcing a failure. [ 127.860021][ T8553] name failslab, interval 1, probability 0, space 0, times 0 [ 127.864059][ T8553] CPU: 3 UID: 0 PID: 8553 Comm: syz.0.465 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 127.864074][ T8553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 127.864081][ T8553] Call Trace: [ 127.864085][ T8553] [ 127.864089][ T8553] dump_stack_lvl+0x16c/0x1f0 [ 127.864121][ T8553] should_fail_ex+0x512/0x640 [ 127.864139][ T8553] ? __kmalloc_noprof+0xbf/0x510 [ 127.864153][ T8553] ? landlock_init_hierarchy_log+0x17f/0x870 [ 127.864167][ T8553] should_failslab+0xc2/0x120 [ 127.864181][ T8553] __kmalloc_noprof+0xd2/0x510 [ 127.864196][ T8553] landlock_init_hierarchy_log+0x17f/0x870 [ 127.864211][ T8553] landlock_merge_ruleset+0x6e1/0x870 [ 127.864222][ T8553] ? prepare_creds+0x583/0x7d0 [ 127.864239][ T8553] __do_sys_landlock_restrict_self+0x2a2/0x910 [ 127.864258][ T8553] __do_fast_syscall_32+0x73/0x120 [ 127.864274][ T8553] do_fast_syscall_32+0x32/0x80 [ 127.864293][ T8553] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 127.864306][ T8553] RIP: 0023:0xf7f56579 [ 127.864314][ T8553] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 127.864324][ T8553] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 00000000000001be [ 127.864334][ T8553] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 127.864340][ T8553] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 127.864346][ T8553] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 127.864351][ T8553] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 127.864357][ T8553] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 127.864369][ T8553] [ 127.864597][ T8553] ------------[ cut here ]------------ [ 127.923398][ T8553] WARNING: CPU: 3 PID: 8553 at security/landlock/domain.h:133 free_ruleset+0x226/0x270 [ 127.926665][ T8553] Modules linked in: [ 127.927963][ T8553] CPU: 3 UID: 0 PID: 8553 Comm: syz.0.465 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 127.933470][ T8553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 127.937175][ T8553] RIP: 0010:free_ruleset+0x226/0x270 [ 127.938878][ T8553] Code: 84 61 ff ff ff 48 89 eb e9 12 ff ff ff e8 62 15 2d fd be 03 00 00 00 4c 89 f7 e8 e5 f3 3e 00 e9 42 ff ff ff e8 4b 15 2d fd 90 <0f> 0b 90 eb af e8 50 98 91 fd e9 4a fe ff ff 48 89 df e8 43 98 91 [ 127.944974][ T8553] RSP: 0018:ffffc9000342fe28 EFLAGS: 00010293 [ 127.946983][ T8553] RAX: 0000000000000000 RBX: ffff88806cc22a80 RCX: ffffffff848e8bbf [ 127.949503][ T8553] RDX: ffff8880257fc880 RSI: ffffffff848d94a5 RDI: 0000000000000005 [ 127.952014][ T8553] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 127.954571][ T8553] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88806be81700 [ 127.957300][ T8553] R13: dffffc0000000000 R14: ffff88806cc22aa0 R15: fffffffffffffff4 [ 127.959791][ T8553] FS: 0000000000000000(0000) GS:ffff888097abf000(0063) knlGS:00000000f5076b40 [ 127.962623][ T8553] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 127.964723][ T8553] CR2: 00000000f5075fac CR3: 000000001fd66000 CR4: 0000000000352ef0 [ 127.967344][ T8553] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 127.969879][ T8553] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 127.972433][ T8553] Call Trace: [ 127.973523][ T8553] [ 127.974489][ T8553] landlock_put_ruleset+0xa5/0xb0 [ 127.976173][ T8553] landlock_merge_ruleset+0x218/0x870 [ 127.977906][ T8553] ? prepare_creds+0x583/0x7d0 [ 127.979442][ T8553] __do_sys_landlock_restrict_self+0x2a2/0x910 [ 127.981404][ T8553] __do_fast_syscall_32+0x73/0x120 [ 127.982966][ T8553] do_fast_syscall_32+0x32/0x80 [ 127.984485][ T8553] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 127.986553][ T8553] RIP: 0023:0xf7f56579 [ 127.987886][ T8553] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 127.994000][ T8553] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 00000000000001be [ 127.996698][ T8553] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 127.999216][ T8553] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 128.001728][ T8553] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 128.004273][ T8553] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 128.006898][ T8553] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 128.009448][ T8553] [ 128.010464][ T8553] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 128.012796][ T8553] CPU: 3 UID: 0 PID: 8553 Comm: syz.0.465 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 128.016531][ T8553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 128.019907][ T8553] Call Trace: [ 128.021006][ T8553] [ 128.021969][ T8553] dump_stack_lvl+0x3d/0x1f0 [ 128.023486][ T8553] panic+0x71c/0x800 [ 128.024759][ T8553] ? __pfx_panic+0x10/0x10 [ 128.026215][ T8553] ? show_trace_log_lvl+0x29b/0x3e0 [ 128.027885][ T8553] ? check_panic_on_warn+0x1f/0xb0 [ 128.029536][ T8553] ? free_ruleset+0x226/0x270 [ 128.031047][ T8553] check_panic_on_warn+0xab/0xb0 [ 128.032698][ T8553] __warn+0xf6/0x3c0 [ 128.034012][ T8553] ? free_ruleset+0x226/0x270 [ 128.035534][ T8553] report_bug+0x3c3/0x580 [ 128.036966][ T8553] ? free_ruleset+0x226/0x270 [ 128.038479][ T8553] handle_bug+0x184/0x210 [ 128.039878][ T8553] exc_invalid_op+0x17/0x50 [ 128.041349][ T8553] asm_exc_invalid_op+0x1a/0x20 [ 128.042935][ T8553] RIP: 0010:free_ruleset+0x226/0x270 [ 128.044625][ T8553] Code: 84 61 ff ff ff 48 89 eb e9 12 ff ff ff e8 62 15 2d fd be 03 00 00 00 4c 89 f7 e8 e5 f3 3e 00 e9 42 ff ff ff e8 4b 15 2d fd 90 <0f> 0b 90 eb af e8 50 98 91 fd e9 4a fe ff ff 48 89 df e8 43 98 91 [ 128.050748][ T8553] RSP: 0018:ffffc9000342fe28 EFLAGS: 00010293 [ 128.052703][ T8553] RAX: 0000000000000000 RBX: ffff88806cc22a80 RCX: ffffffff848e8bbf [ 128.055202][ T8553] RDX: ffff8880257fc880 RSI: ffffffff848d94a5 RDI: 0000000000000005 [ 128.057729][ T8553] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 128.060206][ T8553] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88806be81700 [ 128.062720][ T8553] R13: dffffc0000000000 R14: ffff88806cc22aa0 R15: fffffffffffffff4 [ 128.065276][ T8553] ? landlock_log_drop_domain+0x5f/0x1e0 [ 128.067101][ T8553] ? free_ruleset+0x225/0x270 [ 128.068620][ T8553] ? free_ruleset+0x225/0x270 [ 128.070074][ T8553] landlock_put_ruleset+0xa5/0xb0 [ 128.071649][ T8553] landlock_merge_ruleset+0x218/0x870 [ 128.073383][ T8553] ? prepare_creds+0x583/0x7d0 [ 128.074927][ T8553] __do_sys_landlock_restrict_self+0x2a2/0x910 [ 128.076917][ T8553] __do_fast_syscall_32+0x73/0x120 [ 128.078566][ T8553] do_fast_syscall_32+0x32/0x80 [ 128.080131][ T8553] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 128.082182][ T8553] RIP: 0023:0xf7f56579 [ 128.083513][ T8553] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 128.089651][ T8553] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 00000000000001be [ 128.092291][ T8553] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 128.094848][ T8553] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 128.097401][ T8553] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 128.099900][ T8553] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 128.102417][ T8553] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 128.104919][ T8553] [ 128.106605][ T8553] Kernel Offset: disabled [ 128.107987][ T8553] Rebooting in 86400 seconds.. VM DIAGNOSIS: 08:21:00 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000001 RBX=ffffc90003216d68 RCX=ffffc90003216cbc RDX=1ffff92000642de0 RSI=ffffffff8adcb415 RDI=ffffc90003216d68 RBP=ffffc90003216df8 RSP=ffffc90003216d60 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000002 R11=000000000009ec37 R12=ffffffff81a689a0 R13=ffffc90003216e28 R14=0000000000000000 R15=ffff8880225f2440 RIP=ffffffff81699920 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977bf000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000081000000 CR3=00000000242aa000 CR4=00352ef0 DR0=0000000000000000 DR1=000000000000040c DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000003d845b RBX=0000000000000001 RCX=ffffffff8b6f13e9 RDX=0000000000000000 RSI=ffffffff8dbe98c0 RDI=ffffffff8bf44f80 RBP=ffffed1003b55488 RSP=ffffc9000046fdf8 R8 =0000000000000001 R9 =ffffed10056665bd R10=ffff88802b332deb R11=0000000000000000 R12=0000000000000001 R13=ffff88801daaa440 R14=ffffffff90866910 R15=0000000000000000 RIP=ffffffff8b6efc7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978bf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3ea644 CR3=000000006e0f2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffffff93ac6d80 RBX=ffff888021af2e68 RCX=0000000000000000 RDX=0000000000000000 RSI=0000000000000000 RDI=ffff888021af2e68 RBP=0000000000000000 RSP=ffffc90000538c10 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000001 R11=0000000000000000 R12=0000000000000001 R13=0000000000000000 R14=ffff88801daac880 R15=0000000000000000 RIP=ffffffff81978514 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979bf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7183820 CR3=0000000020f12000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7492ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff854afc80 RDI=ffffffff9ae0cb80 RBP=ffffffff9ae0cb40 RSP=ffffc9000342f738 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff35c19c2 R15=dffffc0000000000 RIP=ffffffff854afca7 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097abf000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f5075fac CR3=000000001fd66000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000